Masterswitch Plus
USER’S GUIDE MasterSwitch Plus Contents Web Interface Console Control Introduction Managing theExpansionUnit MasterSwitch PlusMenus Navigation Menu Summary Page How toLogOn Control ConsoleMenus Main Screen How toLogOn MasterSwitch PlusProperties Features Watchdog Upgrading Firmware How toRecoverFromaLostPassword Access Procedures Description Product Outlet Properties Menu Unit Properties Menu Main Menu Introduction Environment Menu Menu MasterSwitch + Outlets Menu -- 1 -- . . 36 . . -- 28 ...... -- 48 . . -- . . . 58 I . . . . . 3 . 1 . 15 . 62 . 56 . 53 . 8 . 63 . 33 . 16 . 60 . 58 . 48 . 30 . 43 . 36 . 28 . 41 . 6 . USER’S GUIDE MasterSwitch Plus Security System Menu Network Menu Data Menu(WebInterfaceOnly) Event-Related Menus Using theAPCSecurityWizard Security Features Option Settings Introduction Option Settings Introduction Configuration Option Log Option How to ConfigureIndividualEvents E-mail Feature Event Recipients Event Actions InterfaceOnly) (Web Event Log Introduction Create an SSH Host Key Host Create an SSH Create a Server Certif Create a Root Certificat Overview Firewalls Creating andInstallingDigitalCertificates Encryption Authentication -- 126 . . . -- . . 111 -- . . . 84 ...... -- icate and Signing Request icate andSigning 66 . e & Server e &Server Certificates ...... -- II 143 . . . -- . . . 82 126 . 135 . 146 . 83 . 155 ...... 151 . 68 . 131 . 111 . 143 . 142 . 66 . 77 . 113 . 84 . 82 . 130 . 73 . 85 . 76 . 81 . USER’S GUIDE MasterSwitch Plus APC WorldwideCustomerSupport 199 Product Information File Transfers Boot Mode How toExportConfigurationSettings APC Device Life-Support Policy Life-Support Warranty andService Verifying Upgrades andUpdates Upgrading Firmware Introduction DHCP ConfigurationSettings Introduction Using theDevice IP ConfigurationWizard The Upload Event anditsErrorMessages Retrieving andExportingthe.iniFil Use theWizard Install theWizard Purpose andRequirements --
IP ConfigurationWizad 170 -- 177 . .
. . . -- 188 . .
. . . . I . . . 162 -- 157 -- ...... 167 . 169 . 162 . 190 . 188 . 178 . . 177 . 170 . 172 . . 187 . 157 158 159 USER’S GUIDE MasterSwitch Plus Features ofMasterSwitchPlus Product Description Introduction system effectively andefficiently, Ma servers runningdifferent operating sy equipment andtogracefully MasterSwitch Plusallowsyoutoin features: Four password-protected accounts that • Automatic shut-down • Connects seriallytoupthree • Configure thesequenceinwhichout • Web, controlconsole,or • Control ofeightpoweroutlets (per • Shuts downserversbeforecyclin • Provides aselectionofsecurity • Event log accessiblebyFTP, SCP, • system-, device-,read-only- management ofco (Graceful Reboot). connected equipment when theUPSenters providing controlof32connec browser. encryption. nnected equipment. of connectedserversatt an on-batterystate an after the serverconfirmsshutdown. shut downorrestart uptoeightconnected SNMP managementinterfaces. and outlet-levelservices. dividually control ted deviceswithon expansion units (AP9225EXP), protocolsforauthentication and sterSwitch Plushas 1 stems. Inordertomanageyour g powertotheco unit)forcompl Telnet, serialconnection,ora Web lets receivepoweruponstart-up. ensure restrictedaccessto d removespowerfrom ached toanAPCUPS power toconnected ete andflexible e IPaddress. nnected equipment theseadditional USER’S GUIDE MasterSwitch Plus can operateonthenetwork. You mustdefinethreeTCP/IPsettings Initial setup IP addressofthe • Subnet mask • IP addressoftheunit • MasterSwitch (www.apc.com). Installation and To configure theTCP into anyunprotected Therefore, APCdoesnotrecommen The MasterSwitchPlusdoes default gateway Utility Quick Start Manual CD andontheAPCWeb site powersource,such /IP settings,seeth 2 for theMasterSwitch not providepo , providedontheAPC d pluggingaunitdirectly e MasterSwitchPlus asawalloutlet. wer protection. Plus beforeit
USER’S GUIDE MasterSwitch Plus Access priority for logging on Access priorityforlogging Overview Access Procedures interface features.Thepriority Only oneuseratatimecanlogon t Web interface)thatprovi The MasterSwitchPlushastwointern the PowerNet the unit.TheSNMPinterfacealsoallo Web access, eitherdirectlyorthr • Telnet orSecureSHe • Local accesstothecontrolconsole • computer haspriority the lowestpriority. connection totheunitalways Reference Guide PowerNet® SNMPManagement To usethePowerNetMIBwith Control Console For moreinformation CD andontheAPCWe ® ManagementInforma de menuswithoptionstha overWeb access. and ll accesstothecontrol , providedontheAPC foraccessisasfollows: abouttheinternaluserinterfaces,see Web Interface b site(www.apc.com). hasthehighestpriority. to theunituse 3 tion Base(MIB)to ough theInfraStr ws youtouseanSNMPbrowserwith al interfaces(controlconsoleand from acomputerwithdirectserial an SNMPbrowser, seethe Information Base(MIB) Information . MasterSwitch console fromaremote t allowyoutomanage its internaluser uXure Manager, has managetheunit. Utility
USER’S GUIDE MasterSwitch Plus Types ofuseraccounts name requirements. Manager, andOutletUser), The MasterSwitchPlushasthreeleve An Administrator canuseallof • An Outlet Usercanaccess • A Read-OnlyUserhasthe • A DeviceManagercanuseonlyt • Password user nameandpassword areboth the controlconsoleand The Read-Only User’s default The Read-OnlyUser’s name is theDevice Mana – the – theLogoptionin – theDevice Managermenuandit – Access tothesamemenusas – Access throughthe – control console pressing Manager canalsoacce interface (MasterS and allmenusinthetopsection but disabled,andt use FTP-relatedoptions.Link capability tochangeconfigurations, Contro device is Ctrl-L apc l optionofthe andthepassword is . ger menuandthe .) witch Plusand he eventanddata logsdisplayno Web interfaceonly. all ofwhichareprotectedbypassword anduser Events the Web interface.The ss theeventlogin following restrictedaccess: only thefo Outlets User Name menuintheWeb in the managementmenu s toconfigurationoptionsarevisible 4 he followingmenus(thedefaultuser ls ofaccess(Admin a DeviceManager s sub-menusinthe apc of thenavigationpanel oftheWeb menuonthewebinterface Outlets apc Outlet Control llowing menus: controldevices, . ): is ) readonly Administrator’s default Administrator’s controlconsoleby terface (aDevice , butwithoutthe sub-menusinthe istrator, Device , andthedefault control console, s availablein delete data, or Delete button. USER’S GUIDE MasterSwitch Plus Outlet UsrMgt user nameandpassword settings,see To settheAdministrator, Devi . 5 ce Manager, orOutletUser User Manager or USER’S GUIDE MasterSwitch Plus How toRecoverFrom aLostPassword Management Cardorother control console. You canusealocalcomputer, a .Selectaserial port atthelocal 1. .Connecttheserialcable(940-00 2. .PressENTER,repeatedlyif 4. Runaterminal program(suchas 3. .Pressthe 5. .Press ENTERasmanytimes as 6. uses thatport. following: prompt. Ifyouareunab selected portasfollows: Card. on thecomputeran Name defaults temporarily. the LEDisflashingto resetthe and green.Pressthe The serialportisnotin – no flowcontrol. – 1 stopbit – –no parity 8 data bits – 9600 bps – The terminalsetti – The correctcableisbeingus – prompt,then Reset button.TheStatus LEDw d totheconfigurationpo ngs arecorrectas use thedefault, Reset device throughtheserial le todisplaythe use byanotherapplication. necessary, todisplaythe buttonasecondtime computer thatc computer, anddisabl user nameandpassword totheir ed asspecifiedinstep2. necessarytoredisplay the 6 24 or940-1524)to HyperTerminal®) andconfigurethe apc specified instep3. User Name , fortheuser nameand ill flashalternatelyorange onnects tothe rt attheManagement porttoaccessthe immediatelywhile prompt,verifythe e anyservicethat the selectedport User Name User
USER’S GUIDE MasterSwitch Plus .Select 8. .Fromthe 7. .PressCTRL-C, logoff, reconnect 9. settings, bothofwhicharenowdefinedas Manager password. (Ifyoutake longerthan Name and restart anyserviceyou disabled. promptisredisplayed,youmust Administrator . Control Console , andchangethe menu,select 7 any serialcableyoudisconnected, 30 secondsto repeatstep5andlogonagain.) User Name System apc . log onafter the , then and User Password User
USER’S GUIDE MasterSwitch Plus Upgrading Firmware port onthefront You canusealocal comput .Attheprompt 7. .Intheterminalprogram, 9. .Fromthe 6. Enteryouruserna 5. .Thesystemwillthenprom 8. .Runaterminal program(suchas 3. .Press 4. Usethesuppliedsmart-signaling 2. Selectaserialportattheloca 1. File Transfer, then the baudratetonormal. Upon completionofthe transfer, t to settheMasterSwitch Pl and presstheEnterkey. prompt. and press change yourterminal control. Savethechanges. selected portfor9600bps, selected porttotheserial which usesthatport. upgrade foryourMasterSwitchPlus,see For acompletedescriptionof E NTER Control Console E panel oftheunit. NTER , repeatedlyifnecessary, todisplaythe Perform transferwithXMODEM-CRC? . me andpassword (both XMODEM settings tomatchthe er thatconnects totheun send thefileusing us toacceptthedownload. pt youtochooseatransferrateand 8data bits, noparity, 1stopbit,andnoflow menu,select . onthefrontpanel oftheunit. l computer, anddi 8 he consolewillprompt youtorestore cable (940-0024) HyperTerminal) andconfigurethe howtodownloadafirmware System apc transfer rate.Press the XMODEMprotocol. , foradministratorsonly) File Transfers sable anyservice it throughtheserial , then toconnectthe User Name Tools type . , then E
NTER yes ,
USER’S GUIDE MasterSwitch Plus The MasterSwitchPluswillrestar the outlets. Upgrading thefirmware Do notinterru pt theupgrade. willnotinterferewi t whenthedownload 9 th theoperationof is complete. USER’S GUIDE MasterSwitch Plus Front Panel Reset Port Label Corresponds to the ou the to Corresponds Label Port ai otLDSee Basic Port LED Status Connects MasterSwitch the MasterSwitch Plus To Port UPS UPS a with communicate to server connected the Allows Port Advanced Issues aBattery Capacity Override command or cancels a MasterSw the Connects Manual Button Ports Basic ttsLDSee See Link RX/TX LED Status LED Management Card Network ee utnResets Plus theMasterSwitch Button Reset ® Smart Slot AP9617 Network Management Card Management Network AP9617 ik-R/XStatus RX/TX - Link tmFunction Item 10/100 10/100Base-T See See 940-1000). partnumber (APC cable supplied the port. a management as used be also can and Mode Signaling Advanced in operating button Manual Master Power OnDelay, depending on thesituation. See software.PowerChute UPSmonitoring orbuilt-in (AP9225 only). MasterSwit the manage remotely Web usea browser, to you Allows Telnet, to interface serial a or Basic Port LED MasterSwitch PlusStatus LED Link-RX/TX (10/100) LED (10/100) Link-RX/TX Status LED 4 8 3 7 10
for details. . tlet numberthe on rear panel. itch Plus to servers running running servers to Plus itch Plusato UPS oranother unit with 2 6 without affecting the outlet status. . ch Plusand connected devices 1 5 . MasterSwitch plus Manual Status Advanced Port To UPS To USER’S GUIDE MasterSwitch Plus Rear Panel 120 VAC 60 HZ ult Eight controllable outlets that provide power to toitsbasic port. eachoutlet corresponding Relates Outlets circuit breaker.button toresetthe Pressthe Function Outlet Label Providesinput power Breaker Circuit Power Cord Item ET ES R
O
T
S
P S R E 87 connected equipment. HZ). 60 VAC 6 11 5 to the MasterSwitch Plus (120 4 3 2 1 USER’S GUIDE MasterSwitch Plus Link-RX/TX (10/100)LED This LEDindicatesthenetworkstatus. Flashing Orange The MasterSwitch Plus is receiving or transmitting data packets ortransmitting isreceiving Plus MasterSwitch The The MasterSwitch Plusisreceiving or transmitting data packets Orange Flashing The MasterSwitch Plusis connected network toa operating at Green Flashing The MasterSwitch Plusis connected network toa operating at Solid Orange Solid Green f One ormore ofthe following situations exist: Description Off Condition from the network at 100 Mbps. 100 at network the from at10Mbps. network the from 100 Mbps. 10 Mbps. • • • The Management Cardis not receiving input power. • Customer Support Customer need torepaired be or replaced. Contact The Management Carditself is not operating properly. Itmay The device that connects theManagement Cardtothe network disconnected ordefective. The cable thatconnects theManagement tothe Card networkis is turned off or not operating correctly. 12 . APC Worldwide
USER’S GUIDE MasterSwitch Plus Basic PortLED Status LED This LEDindicatesthenetworkst Flashing Orange The MasterSwitch Plus is making BOOTP ismaking Plus MasterSwitch The Plus. MasterSwitch the in detected been has failure hardware A Orange Flashing power. no has Plus MasterSwitch The settings. TCP/IP valid have not does Plus MasterSwitch The settings. TCP/IP valid has Plus MasterSwitch The Orange Solid Green Flashing Description Green Solid Off Condition Off The outlet is off. is outlet The on. is outlet The off Mostly Definition Off On State LED Flashing green The outlet cannot turn on due to an environmental alarm. environmental an to due on turn cannot outlet The green Flashing on Mostly 1 If you do not use a BOOTP or DHCP server, see the MasterSwitch Plus MasterSwitch the see server, or DHCP BOOTP a use not do If you 1 2 To use a DHCP server, see see server, DHCP a use To 2 The LED flashes off and on, with the onstate lasting longer. 2 The LED flashes onand off, with the off state lasting longer. 1 Start Manual, (www.apc.com) to configure the TCP/IP settings. settings. TCP/IP the (www.apc.com) configure to 1 2 provided onthe APC MasterSwitch The outlet is on with a pending action to turn off. turn to action pending a with on is outlet The offThe outletis toturn on. action apending with Contact Boot Mode APC Worldwide Customer Support Customer Worldwide APC atus oftheMasterSwitchPlus. . 13 Utility CD and on the APC Web site Web APC site the on CD and 2 requests. . Installation and Quick Quick and Installation 1 USER’S GUIDE MasterSwitch Plus Manual button MasterSwitch PlusStatusLED If neitheroftheabove conditionsis results willoccur: effect. is pressedforatleast The manualbuttonisusedto Solid red MasterSwitch Plus has detected ahardwarefailure. hasdetected Plus MasterSwitch red Solid power. no has Plus MasterSwitch slowly red Flashing the See settings. network valid have not does Plus MasterSwitch settings. network valid has Plus MasterSwitch green Flashing Definition green Solid Off LED State IftheMasterSwitch Plusiswaiti • Iftheconfigurationcontains aU • issued. outlet’s behaviorwhent command. Thediagramin power, MasterSwitchPlusissu Master PowerOnDelayiscancelled. expire, MasterSwitchPlusissues Unit/Outlet start-up sequence MasterSwitch Plus is making a BOOTP request. BOOTP a making is Plus MasterSwitch information. Installation more for Manual 1/2 second andthenrelease he BatteryCapacity Overridecommand is canceltwodifferent Unit/Outlet start-up sequence illustratestheoutlet’ true, pressingthema es aBatteryCapacity Override ng fortheMasterPowerOnDelayto PS andtheUPSisoperatingonAC 14 a cancelcommand.Thediagramin commands. Ifthisbutton d, oneofthefollowing s behaviorwhenthe nual buttonhasno illustratesthe USER’S GUIDE MasterSwitch Plus Resetting thenetworktimer Network interfacewatchdogmechanism Overview Features Watchdog gateway, specifytheIPaddressof restarts the9.5-minutetimer. Ifyourap the unitfromrebooting. minutes. Ifthegatewa minutes, theunitattempts tocont To ensurethattheunitdoes reboots itself. request), itassume SNMP, orbroadcasttraffic, receive anynetworktraffic for9.5minu becoming inaccessibleoverthenetwor The unitimplements internalwatchdog recover fromaninternalproblem,aS uses internal,system-widewatchdogmech To detectinternalproblemsandrecover that computerwillrestart th network mostofthetimeandison the eventlog. s thatthereisaproblemwit y ispresent,itrespondsto suchasanAddressRe e 9.5-minutetimerfreque not rebootifthene act theDefaultGatewayevery4.5 a computerthatis the samesubnet.T 15 ystem: Warmstart event mechanismstoprotectitself from plication doesnotrequireorhavea tes (eitherdirecttraffic, suchas k. Forexample,iftheunitdoesnot from unanticipated inputs, theunit anisms. Whenitr h its network interfaceand twork isquietfor9.5 the unit,andthatresponse solution Protocol[ARP] ntly enoughtoprevent runningonthe he networktraffic of eboots itself to isrecordedin USER’S GUIDE MasterSwitch Plus Outlet properties MasterSwitch PlusProperties lr cinDly(eod)Bt 15 Off Environment (foreach Disabled Off Remain No Both 8 Shutdown Graceful 1 Annunciator Alarm Masks Environment 7 Both 6 (seconds) Delay Action Alarm 5 Graceful Shutdown StateInitial (non-alarm) 4 Reboot Duration (secon 3 Delay Restart 0% 2 Shutdown Graceful Will Device Confirm Mode Shutdown Graceful 1 Multiplier Battery Low UPS (seconds) OffPower Time Delay (minutes) Shutdown Graceful WarningLow Battery Control Both Capacity Threshold Battery N/A (seconds) Time On Power Delay Name: Outlet #___ Mode Control Outlet Graceful Shutdown. Someoutletprop Outlet propertiesaregovernedbytw modes, whileotherpropertiesare Property Control Mode Control Property s rcflSudw 5 Graceful Shutdown ds) rcflSudw 120 4.5 14 12 10 8 Shutdown Graceful 6 4 Graceful Shutdown 2 0 Shutdown Graceful specific toanoperatingmode. 16 o operatingmodes: erties arecommon 12345678 Default Setting for Outlet Modes Outlet for Setting Default Annunciator and to bothcontrol alarm) USER’S GUIDE MasterSwitch Plus Configuring anoutletfor on-demandoperation MasterSwitch Plusbehaviors MasterSwitch Plusconfiguration Reboot), oryoucancoupleon-dem You canuseonly“on-demand”o the followingproperties: Configuring anoutletforon-demandop The diagrams,starting with shutdown features. Configuration ofMasterSwitchPlus customize theunit‘sbehav behaviors foreveryevent outlet properties.All unit propertiesaredefinedin highlighted hotlinksthat ultCnrlMd No diagram available Outlet ControlMode Diagram in Sequence Used Outlet Properties Power OnTime Delay Unit Properties Property shutdown operations, see features ofMasterSwitchPlus for on-demandoperation To useonlyon-dem . outlet andunitpropertie Unit/Outlet start-upUnit/Outlet sequence leadyoutothe Configuring anout recognized bytheMaster ior bychoosingspecific Unit/Outlet star and operations,see MasterSwitch PlusMenus perations (On,Off, Shutdown, and . To usethe“unattended”shutdown and operationswith“unattended” is dependentuponyo 17 eration requiressele inadditiontotheon-demand property’s definiti t-up sequence let forunattended s onthediagramsare Configuring anoutlet values fortheunitand Switch Plusunit.You . on. Alloutletand , definethe ur application. cting valuesfor USER’S GUIDE MasterSwitch Plus Configuring anoutlet the followingproperties: Configuring anoutletfor Property Used in Sequence Diagram Diagram in Sequence Used Shutdown Graceful Outlet Properties Power OnTime Delay Unit Properties Property Confirm Device Duration Reboot Power Off Delay Power On Delay On Power Restart Delay Property Used in Sequence Diagram Diagram in Sequence Used Property UPS Low Battery Multiplier UPS LowBattery Control WarningLow Battery environment alarms eventsOn-battery sequence shutdown Graceful sequence Reboot environment alarms eventsOn-battery sequence shutdown Graceful shutdown sequence for environment alarms environment for sequence shutdown Graceful shutdown sequence for On-battery events On-battery for sequence shutdown Graceful start-upUnit/Outlet sequence shutdown sequence Graceful sequence unattended shutdown requires for unattendedshutdown Unit/Outlet start-upUnit/Outlet sequence Graceful shutdown sequence for On-battery events On-battery for sequence shutdown Graceful events On-battery for sequence shutdown Graceful 18 and , , Graceful shutdown sequence for Graceful shutdown sequence for , and , and Graceful reboot sequence Graceful reboot sequence reboot Graceful Graceful reboot sequence reboot Graceful , , , Graceful shutdown sequence for sequence shutdown Graceful Graceful shutdown sequence for sequence shutdown Graceful Graceful shutdown sequence shutdown Graceful selectingvaluesfor , and , and Delayed On Delayed , Graceful Graceful , USER’S GUIDE MasterSwitch Plus Annunciator Property Used in Sequence Diagram Diagram in Sequence Used Property AlarmDelay Action Confirm Device Power Off Delay and alarms environment for sequence shutdown Graceful sequence forenvironment alarms events On-battery for sequence sequence shutdown Graceful and alarms environment for sequence shutdown Graceful events On-battery for sequence shutdown Graceful sequence Annunciator sequencefor environment alarms Graceful reboot sequence reboot Graceful 19 , Graceful shutdown Graceful , Graceful shutdown , and Graceful reboot reboot Graceful ,
, USER’S GUIDE MasterSwitch Plus Unit/Outlet start-upsequence following properties: following the for values choose to you requires that operation isanunattended Sequence Startup Unit/Outlet The behaviors. of sequence this follows unit Plus, the to MasterSwitch is applied When power • Power On Delay Power • Capacity Threshold Battery • Initial State • Mode Outlet Control • On Time Power (unitproperty) Delay • turned on turned Outlet is On Initial State† nucao Graceful Shutdown Annunciator turned off turned Outlet is Power Delay‡ Time On Off Issue a Cancel Command Issue aCancel Outlet Control Mode† Power to isapplied MasterSwitch Plus Does the configuration contain a UPS? contain configuration the Does or 20 No Expires UPS exceeds Battery Capacity Threshold Capacity UPS exceeds Battery Remain Off remains off Issue a Battery Capacity Threshold Threshold Capacity aBattery Issue Outlet Outlet UPS is operating on UPS is on operating PowerDelay† On Override command AC power AC es Ye or Power OnDelay Outlet Property† Unit Property‡ turned on turned Delay expires Outlet is † USER’S GUIDE MasterSwitch Plus Graceful shutdownsequence properties: following for the values choose to you that requires operation demand on- an is Sequence Shutdown Graceful manner. anorderly device in The the down to shut device connected the Plusand effort MasterSwitch between is acoordinated Graceful Shutdown • Power OnDelay Power • Restart Delay • Off Power Delay • Confirm Device • † Outlet Property Shutdown Restart Is there acableIs there BasicPort? to the connected Issue aGracefulShutdown command oYes No Server confirms 21 shutdown Remain Off Remain Outlet is on is Outlet es Ye Device Confirm† Power Delay† Off Restart Delay† Restart turned off turned Outlet is remains off command No Issue a Issue Cancel Cancel Outlet Outlet Expires MasterSwitch Plus asserts AC MasterSwitch Plusasserts Fail signals Low and Battery Delay turned on turned Power On On Power Outlet is Restart Restart expires Delay† expires Delay
USER’S GUIDE MasterSwitch Plus Graceful shutdownsequen properties: values for the following to choose you requires that operation unattended battery. an is The sequence on UPS goes your when follow will Graceful setto Shutdown outlet an that events the This sequences diagram UPS power restored or or power restored Cancel command command Cancel • Power On Delay Power • Threshold Capacity Battery • Off Power Delay • Confirm Device • Multiplier Battery UPSLow • Warning Battery Low Control • indicates issued † Outlet Property AC
UPS exhausted turned off turned Outlet is is Outlet ee On Runtime Remaining Never battery is battery Programmed Delay Shutdown Restart UPS Delay expires Programmed Low Battery Warning Control† indicates Is therecable a connected to the Basic Port? Outlet is on is Outlet ce for On-battery events ce for On-battery oYes No AC powerfailure 22 Battery Capacity ThresholdOverrideBattery commandissued is MasterSwitch Plus asserts MasterSwitch Plus asserts UPS runtime fallsremaining runtime UPS below UPS Low Battery Server confirms shutdown Server confirms Warning Threshold UPS exceeds eanOfDelay Remain Off UPS isoperatingACon power remains off command Power On Delay On Power esNo N s Ye Issue a Cancel Cancel Outlet Outlet Device Confirm† Outlet is turned off turned is Outlet Power OnDelay† Battery Capacity Threshold† Battery x Low Battery Multiplier Battery Low x or AC Power On On Power † turned on turned Outlet is Delay† expires FailSignal expires MasterSwitch Plus
Battery Signal Battery asserts Low asserts †
USER’S GUIDE MasterSwitch Plus Graceful shutdownsequen † Outlet Property Shutdown Restart Is therecablea connected toBasic the Port? Server confirms shutdown confirms Server No oYes No Doesthe configuration contain aUPS? Environmental alarm Monitorasserts Environmental Monitor clears alarm ce for environment alarms Alarm ActionDelay esNo N s Ye PowerDelay Off Is the alarm still active? still alarm Is the Issue Battery Capacity Issue Threshold Battery Overridecommand 23 esNo N s Ye Outlet is off turned Device Confirm Outlet is turned onOutlet isturned UPS exceeds eanOfDelay Remain Off UPS isoperating onAC power command Issue a † Cancel † expires † es Ye Power OnDelay
Battery Capacity Threshold expires Outlet remains off remains Outlet or AC Fail signals Low and Battery MasterSwitch Plus asserts Delay expires † Power On On Power † USER’S GUIDE MasterSwitch Plus Annunciator sequencefo Delay property.Delay Action fortheAlarm value a choose to you requires that operation unattended an is sequence analarm. TheMonitor issues Environmental your when follow will Annunciator to set outlet that an the events sequences This diagram † Outlet Property r environment alarms Outlet state is toggled to initial/alarm state. toinitial/alarm Outlet state istoggled Outlet state is toggled to alarm state. to istoggled alarm Outlet state 24 Environment alarm is cleared is Environmentalarm Outlet in initial (non-alarm) state (non-alarm) ininitial Outlet Environmentasserted is alarm Alarm Action Delay Action Alarm Is the alarm still active? still Is thealarm esNo N s Ye †
expires USER’S GUIDE MasterSwitch Plus Delayed Onsequence Power On Delay property.Delay On Power for the value a tochoose you requires that operation is an on-demand command.TheOn sequence Delayed a issue you when follow will outlet that an events the sequences This diagram eanOfDelay Off Remain Issue aDelayedOn Power Delay On Outlet is off is Outlet command 25 Outlet remains remains Outlet command Issue a Issue Cancel Cancel off † Time Delay Power On On Power turned on turned Outlet is Outlet expires † Outlet Property USER’S GUIDE MasterSwitch Plus Reboot sequence Duration property.Duration for to avalue theReboot choose you that requires operation demand command. The ison- sequence an Reboot Immediate an issue you when follow outletwill that an events the sequences This diagram Outlet remains off Issue a Cancel aCancel Issue command Issue an Immediate anImmediate Issue Reboot command Reboot Outlet off isturned Outlet ison 26 Reboot Duration Outlet is turned on isturned Outlet † expires Outlet Property †
USER’S GUIDE MasterSwitch Plus Graceful reboot sequence properties: following for the values choose to you thatrequires operation on-demand The is an Gracefulsequence Reboot command. Reboot Graceful a issue you when follow will that anoutlet the events This sequences diagram • Reboot Duration Reboot • OffDelay Power • Confirm? WillDevice • † ‡ Outlet Property Unit Property Shutdown Restart Is there a cableIs there Port? tothe Basic connected Issue a Graceful Reboot command Issue aGracefulReboot oYes No Outlet ison Cancel command is is command Cancel Server confirms confirms Server remains off shutdown 27 issued Outlet Outlet esNo N s Ye * Device Confirm All rebooted outlets are shut down shut are outlets rebooted All Power OffDelay Outlet is turned off isturned Outlet AC Fail signals andLow Battery MasterSwitch Plus asserts MasterSwitch * If this command is applied Ifto all thiscommand isapplied outlets shut down. have the all until begin not will outlet an for outlets, delay Duration theReboot † Reboot Duration Reboot † expires turned on turned Outlet is expires †
USER’S GUIDE MasterSwitch Plus Remote accessto Overview How toLogOn Control Console computer onthe benefits ofencryption.To useTelnet authentication byusernameand Telnet forbasicaccess. Telnet isenabled.E methods throughtheTelnet depending onwhichisena You canaccessthecontro A read-onlyuserhas apc Use case-sensitiveusernameandpa connection toaccessthecontrolconsole. You canuseeitheralocal(serial)co .Atacommand prompt,typetelnet 1. and Management Card(when telnet 139.225.6.133 Telnet portof23),andpr apc How toRecoverFromaLostPassword If youcannotrememberyour foranAdministrator, or samesubnet: the control console nabling SSHautomatical noaccesstothecontrolconsole.) Telnet providesthebasicsecurityof l consolethroughTelnet or bled. (AnAdministrator /SSH optionoftheNetw ess ENTER.Forexample: theManagementCa password, butnotthe high-security nnection, oraremote(Telnet orSSH) to accessthecontrolconsolefromany device 28 ssword entriestologon(bydefault, and theSystemIP user nameorpassword, s
and ly disablesTelnet. apc . can enabletheseaccess rd usesthedefault ork menu.)Bydefault, foraDeviceManager. SecureSHell(SSH), addressforthe ee USER’S GUIDE MasterSwitch Plus Local accesstothecontrol console port onthefront You canusealocal comput SSH forhigh-securityaccess. must firstconfigureSSHandhavean you accessthecontrolconsolethrough The interface,useraccounts, anduser SSH encrypts usernames,pa Web interface,useSecure computer. .Entertheusernameandpasswor 2. .Runaterminalprogram(suchas 3. .Press 4. Usethesuppliedserialcable(940- 2. Selectaserial portattheloca 1. prompt. control. Savethechanges. selected portfor9600 bps, to theserialportonfr which usesthatport. Administrator, ordevicea address andtheportnumber. space (dependingonyourTel (between 5000and32768),you If theManagementCard E NTER panel oftheunit. , repeatedlyifnecessary, todisplaythe SHell (SSH)foraccessto er thatconnects totheun ont panel oftheunit. sswords andtransmitteddata. nd apcforaDeviceManager). 8data bits, noparity, 1stopbit,andnoflow If youusethehighsecu usesanon-defa l computer, anddi 29 SSH clientprogramin HyperTerminal) andconfigurethe accessrights arethesamewhether d (bydefault,apcandforan net client)betweentheIP 0024) toconnecttheselectedport SSH orTelnet, buttouseSSH,you need toincludeacolonor ult portnumber sable anyservice thecontrolconsole. it throughtheserial rity ofSSLforthe User Name stalled onyour
USER’S GUIDE MasterSwitch Plus Information and Example mainscreen Main Screen Main screen informationfields. a unit. The mainscreenthatisdi Two fieldsidentifyth • (APP) firmwareversions.Theapp displayed. Example mainscreen identifies thetypeofdevicethat S P v2.6.2 v2.6.4 MSP APP Network Management CardAOS User:Administrator
Customer Support If theAOSstatus isnotP+,contact fieldreports theunitstatus. model andnamefieldreports the connect tothe network. , evenifyoucanstillaccesstheunit. mpatible theAOS. with 32 status oftheunit.For APC Worldwide USER’S GUIDE MasterSwitch Plus Menu structure Control ConsoleMenus While inamenu,youca Changes For menusthatallowyoutochan any on-screeninstructions. an option,typethe The menusinthecontrolconsolelist Press • •Type Press • Press • Press • current menu Manager only) the menuhashelpavailable) optiontosavethe ? C C E E andpress SC NTER TRL TRL Menus For informationabout togobackthemenufrom -L -C torefreshthemenu toaccesstheeventlog(A toreturnthemain(c correspondingnumberandpress . E NTER n alsodothefollowing: changesyoumade. toaccessbriefmenu ge asetting,you theeventlog,see 33 options bynumberandname.To use ontrol console)menu whichyouaccessedthe dministrator andDevice must usethe option descriptions(if E Event-Related NTER , thenfollow Accept USER’S GUIDE MasterSwitch Plus Network option Device Manageroption Main menu Use thisoptiontodothefollowingtasks: to managefromthis This optionaccessesthe s management featuresof The maincontrolconsolemenuha from thismenu.: Define settingsthataf • Use thePingutility • Configure theTCP/IP • SNMP, e-mail,DNS,a 2- MasterSwitchplus2 1- MasterSwitchplus1 4- Logout 3- System 2- Network 1- DeviceManager you willnothaveaccesstothe When youlogonasDeviceM menu. Eachconnecte the controlconsole: Device Manager settingsfortheunit fect theFTP, Telnet, nd Syslogfeaturesof s optionsthatprovideaccesstothe 34 d MasterSwitchPlusisavailable menu.Selectt anager orasanOutletUser, System Web interfaceandSSL, the MasterSwitchPlus or Network he units youwant menus. USER’S GUIDE MasterSwitch Plus System option Use thisoptiontodothefollowingtasks: Control • Define thesystem • Access systeminfo • Reset controlcons • Restart theunit • Set thedate andti • Administrator me usedbytheunit Name ole settingstothe rmation abouttheunit and , Contact Device Manager 35 , and ir defaultvalues Location access values USER’S GUIDE MasterSwitch Plus Overview How toLogOn Interface Web user.) must definethepassword andother There isnodefaultpasswo The defaultpassword is password address oftheWeb interface. You canusetheDNSnameorSystem • • • readonly device apc foranAdministrator See settingstologon. foraDeviceManager foraRead-OnlyUser Outlet UsrMgt apc rd forOutletusera forallthreeaccounttypes. . The defaultusernamedi Useyourcase-sensitive 36 account characteristi IPaddressoft ccounts. (Anadministrator he unitfortheURL ffers byaccounttype: user name cs foranOutlet and USER’S GUIDE MasterSwitch Plus Supported Web browsers unit throughits Web inte As yourbrowser, youcanusetheMicrosoft (5.0 andhigher) may workbuthavenot following foryourWeb browser: Data verification, theeventlog,and Cookies • •Java JavaScript • log ontotheWeb For informationabout use aDNSnametologon. specified asthecommonnameon to logontheManagement common nameinthecertificate,yo Security Wizard,andanIPad server certificate.If your logincredentialsareco If youareusingHTTPS(SSL/T or theNetscape been fullytestedbyAPC. rface. Othercommonlyav interface, see the certificatewas the Web page that ® browser(7.0andhigher)toaccessthe the data logrequire 37 mpared withinformationina Card.IfaDNSnamewas dress wasspcifiedasthe SL) asyouraccessprotocol, Summary Page ® thecertificate,youmust InternetExplorer(IE)browser u mustuseanIPaddress created withtheAPC ailable browsersalso appears whenyou that youenablethe . USER’S GUIDE MasterSwitch Plus following: can useaWeb browsertoaccessits We In addition,theunit do oneofthefollowing: before youcanuseaWeb browsertoac In addition,theRackPD Configure theproxyserv • Configure theWeb browsertodisa • Configure theproxyserv • Configure theWeb browsertodisa • unit. Rack PDU. address oftheunit. address oftheRackPDU. cannot workwithaproxyse U cannotworkwithapr er sothatitdoesnot er sothatitdoesnot 38 ble theuseofaproxyserverfor ble theuseofaproxyserverfor b interface,youmu cess its Web interface,youmust rver. Therefore,beforeyou oxy server. Therefore, proxy thespecificIP proxy thespecificIP st dooneofthe USER’S GUIDE MasterSwitch Plus URL address formats automatically addedbythebrowser. non-default Web serverpor URLaddressfieldandpress browser’s Type theManagementCard For aSystemIPaddressof 1 • For aSystem IPaddressof1 • For aDNSnameofWeb1, theen • Card usesanon-default one ofthefollowing: Card usesthedefaultport(80)at the entrywouldbe – – – – – http://139.225.6.133 https://139.2 http://139.225.6.133:5000 https://Web1 http://Web1 (Internet Exploreronly), If theerror“You arenotauthoriz https:// aspart oft Web access maybedisabled,or or “Thispage cannotbedispla interface orcontrolc the address.(ForInternetExplor a non-defaultWeb-server For moreinformation,see used.). if HTTPisyouraccessmode one ofthefollowing: 25.6.133 if HTTPS(SSL/TLS)is he addresswhenanypo t inInternetExplorer ’s DNSnameorIP onsole. Iftheerror“No port (5000,inthisexam someone islo portthatyoudidnot 39.225.6.133, when 39.225.6.133, when FTPserver
if HTTPS(SSL/TLS)is if HTTPisyouraccessmode 39 theWeb server, try wouldbeone yed” (InternetEx ENTER. Exceptwhenyouspecifya ed toviewthispage” occurs er, you mustty theManagementCardmayuse if HTTPisyo , gged ontotheWeb Telnet/SSH address intheWeb youraccessmode , http://orhttps:// is rt otherthan80is Response” (Netscape) ple) attheWeb server, the Management the Management ofthefollowing: the entrywouldbe specify correctlyin plorer) occurs, ur accessmode pe http://or youraccessmode , and Web/SSL . USER’S GUIDE MasterSwitch Plus – https://139.225.6.133:5000 access mode 40 if HTTPS(SSL/T LS) isyour USER’S GUIDE MasterSwitch Plus Status Page Summary displayed attheupper view isdisplayedattherightsideof The When youlogontotheWeb interface left. MasterSwitch Plus • • • • Status 10/100 ManagementCardStatus alarms. Environment Outlet Status Environmental Monitoring Unit. MasterSwitch Plus,MasterSwit – – Date andtimethescreenwaslastrefreshed. – How long( – Name User Plus. User it waslaststarted orreset. viewhasthesesections: ( ) type. , Administrator Contact, Up Time showsthresholdviolationsandthestate ofcontact showsoutlet,outlet right, andthenavigation Status and ) theMasterSwitchPlus , Location DeviceManager showsthestatus ofeachconnected ch Plusexpansion unit,and the screen,quickstatus tab is 41 informationfor at theMasterSwitch showsthefollowing: name, andoutletstate. , Read Only User ReadOnly menu isdisplayedatthe hasbeenrunningsince the MasterSwitch Plus,thestatus , or Outlet USER’S GUIDE MasterSwitch Plus Quick statustab Web interface.Thetab displaysawarn to theonlinehelp. The quickstatus tab isdisplayedin where active warnings and alarms are displayed. are alarms and warnings active where Click the required”“attention icon status screen wherethe status for attached devices isdisplayed. Clickthe green “device operatingicon normally” toreturn to the page.help forthe displayed Access theonline the upperrightofev 42 ing ofanyalarmsan to return tothestatusto screen ery screeninthe d providesalink USER’S GUIDE MasterSwitch Plus Overview Navigation Menu includes thefollowingelements: When youlogontotheWeb interfac • • • Menus tomanagetheev • MasterSwitch Plusmenustomana • IP addressoftheunit • Links Help Logout system parameters – – – – MasterSwitch Plus – – System Network Data Events Outlets
option
System When youlogonasa
menusdonotappear
menu (foreachattached unit) ent log,data log,ne 43 e, thenavigationmenu(left frame) Device Manager, the ge theunitand in thenavigationmenu. twork connection,and its components Network and USER’S GUIDE MasterSwitch Plus Select amenutoperformtask To dothefollowing,see To dothefollowing,see To dothefollowing,see To dothefollowing,see Schedule • Control powertoall • Control powertoany • Test e-mailsettings. • Define whowillreceivee-mail • Configure SNMPTrap Receiver • Configure theactions • Access theeventlog. • Enable ordisablethemanualbutton • Set thedevicename. • Configure externalsensorparame • Displaythesensorstatus, input • Enable anddisableenvir • Set outletnames, • Set the • the unit. traps. Plus. Power OnTime Delay daily , weekly modes,andlinks. Event-Related Menus Environment Menu of theACoutlets ont of theindividualACoutlets to betaken basedonan MasterSwitch PlusMenus Outlets Menu , or onmental alarmactions. one-time notifications ofevents. . 44 contact, andoutputrelaystatus. settings forsendingevent-based ters andinputco onthefrontof : outletevents. : he rearpanel oftheunit. : event’s severity level. on therearpanel of : ntact settings. the MasterSwitch USER’S GUIDE MasterSwitch Plus To dothefollowing,see To dothefollowing,see To dothefollowing,see Configure new • Define theloginterval • Access thedata log. • Control • IdentifytheDomain • Define thesystem • Configure • Define settingsthataffect FTP, Tel • Control • Through the • Set thedateandti • Select • Define theURLaddressesof • for thedata log. SSL, SNMP, Syslog,ande-mail. each event). Logging (whichlogsthedomainna connection, andenabl access. Web interface,asdescribed in Upload auserconfigurationfile. – Delete SSHhostkeysandSSLcertificates – Reset parameters to – Restart theMasterSwitchPlus. – Fahrenheit Administrator Outlet User RADIUS Tools TCP/IP menu: me usedbytheunit. or Name parameters. NameSystem( Network Menu Data Menu(Web InterfaceOnly) System Menu access. Celsius e ordisableDNSReverseLookupEvent (how often data willbe settingsfortheunit. , their defaultvalues. Device Manager , Contact theuserlinksand fortemperaturedisplays. Links menu 45 : net andSSH,theW : , and me ofthedevicea DNS Location ) Server, test its network , and . sampled andrecorded) Read Only User Read Only APC logolinksinthe values. : ssociated with eb interfaceand
USER’S GUIDE MasterSwitch Plus Help menu information abouttheunit’s The help forthatpage. question mark( displayed. However, fromanyWeb modules werecreated. Revision When youclick APC OS(AOS)Module Help System In thecontrolconsole, menualsohasan , Manufacture Date ? Help menu,identifiesthe ) inthequickstatus bartolin , the , includingthedateand Contents Model Number About System , MAC Address About System page foralloftheonlinehelpis interface pages, 46 Flash Type , optionyouusetoview Serial Number k tothesection , ApplicationModule time eachofthetwo used. option,inthe you canusethe , Hardware of theonline , and USER’S GUIDE MasterSwitch Plus Links menu To redefinetheselinksso links accessthefollowingAPCWeb pages: This menuprovidesthreeuser-definab .Defineanynew namesfor 2. .Click 4. DefineanynewURLadd 3. Clickon 1. • • • page aboutpay-for-monitoring se APC Monitoring samples ofAPCweb-enabledproducts. Testdrive Demo APC’s Web Site The linkassociatedwiththeAP Apply Links . inthe accessestheAP accessesademonstration accessesthe“APCRe System that theypointtootherURLs: resses thatyouwant User Links menu. 47 rvices availablefromAPC. le URLlinkoptions. C homepage. C logoisalsodefinable. . mote MonitoringService” page whereyoucanuse User Links Bydefault,these toaccess. MasterSwitch Plus Menus
Outlets Menu Control Web interface. To control all of the outlets at once, select a Control Action under the Master heading and click Apply.
To control individual outlets, select a Control Action for each outlet under the individual outlet’s heading, and click Apply.
Control console. To control all outlets at once, select the MasterSwitch Plus unit you want to control from the Device Manager menu, and select option 9 — ALL Outlets. Select Outlet Control and a control action. Type YES and press ENTER to execute the change.
To control outlets individually, select the MasterSwitch Plus unit you want to control from the Device Manager menu, and select the outlet you want to control. Select Outlet Control and choose a control action from the list. Type YES and press ENTER to execute the change.
Available Action Name Description Modes
Immediate On Immediately turns an outlet on. This command is Annunciator available anytime after the unit’s Power On Time Delay Graceful has expired and the outlet is off. (Available in both Shutdown Annunciator and Graceful Shutdown modes.) Sequenced On Apply power to the outlet according to its Power On Graceful Delay Time. Only available for master control of outlets Shutdown in graceful shutdown mode. Only USER’S GUIDE MasterSwitch Plus
® 48 Available Action Name Description Modes
Delayed On Apply power to the outlet after its Power On Delay Graceful expires. Only available in graceful shutdown mode. Shutdown Only Immediate Off Immediately removes power from an outlet. Annunciator Graceful Shutdown Graceful Removes and then reapplies power to an outlet. Graceful Reboot Shutdown If the connected server is running shutdown software, Only such as PowerChute Network Shutdown, and is connected to MasterSwitch Plus with the appropriate signaling cable, this operation will ensure that your server’s operating system is shut down before power is removed from the outlet. If the server is not connected to the MasterSwitch Plus, then MasterSwitch Plus will remove power from the outlet after the Power Off Time Delay expires. Power is reapplied after the Reboot duration expires. If this command is applied to all outlets, the Reboot Duration delay for an outlet will not begin until all the outlets have shut down. Immediate Immediately removes power from an outlet and Graceful Reboot reapplies power after the outlet’s Reboot Duration Shutdown expires. Only USER’S GUIDE MasterSwitch Plus
® 49 Available Action Name Description Modes
Shutdown Removes power and then optionally reapplies power to Graceful an outlet. Shutdown Only If the connected server is running shutdown software, such as PowerChute Network Shutdown, and is connected to MasterSwitch Plus with the appropriate signaling cable, this operation will ensure that your server’s operating system is shut down before power is removed from the outlet. If the server is not connected to the MasterSwitch Plus, MasterSwitch Plus will remove power from the outlet after the Power Off Time Delay expires. Specify a Restart delay to reapply power automatically. Override If the UPS battery charge has not exceeded the Battery Graceful Capacity Threshold, selecting the override action will Shutdown allow power to be applied to an outlet. Only Cancel Cancel a delayed startup or shutdown. Graceful Shutdown Only USER’S GUIDE MasterSwitch Plus
® 50 Configure Outlets Web interface. Click the outlet number link (for example 1:3) and make changes to Outlet Name, Outlet Mode, and Outlet Links. Click Apply to accept the changes.
Control console. To configure outlets individually, select the MasterSwitch Plus unit you want to control from the Device Manager menu, and select the outlet you want to configure. Select Outlet Configuration and choose a configuration setting from the list. Select Accept Changes to apply the new settings.
Setting Description
Outlet Name Identifies each outlet. Outlet Control Establishes mode for associated outlet. All on-demand operations are Mode available when the Outlet Control mode is set to Graceful Shutdown. When set to Annunciator, only Immediate On and Immediate Off operations are available. Outlet Link The outlet’s HTTP or HTTPS link in URL form. (Web only) Will Device Indicates whether the device connected to the outlet can assert a Confirm shutdown signal. Low Battery Selects the method MasterSwitch Plus uses for determining when to Warning assert the outlet’s Low Battery signal after the UPS has switched to Control battery operation. UPS Low A low battery signal is generated when the UPS's remaining battery Battery runtime falls below this value multiplied by the UPS Low Battery Multiplier Warning. Restart Delay The delay between removing power from an outlet due to a Graceful Shutdown and reapplying power to that outlet.
USER’S GUIDE MasterSwitch Plus Power Off The time from the triggering event (such as a server confirming a Delay shutdown) until power is removed from the outlet.
® 51 Setting Description
Power On Determines the time interval between the triggering event and power Delay being applied to the outlet. Reboot The delay between removing power from an outlet because of a Duration reboot and reapplying power to an outlet. Alarm Action The amount of time that an Environment alarm must be asserted Delay before the unit reacts to the alarm. Battery Sets the minimum percentage of Battery Capacity required of the UPS Capacity before power can be applied to an outlet. Threshold
Scheduling To schedule an outlet event, select Scheduling. Select daily, weekly, or one-time under the Summary heading. Enter your information and click Apply. USER’S GUIDE MasterSwitch Plus
® 52 MasterSwitch + Menu Device Config (Outlet Config in Control Console) Web interface. To set the name of the device, to set the Power On Delay for the outlets for this device, and to disable or enable the Manual button on the front of the MasterSwitch Plus, select the MasterSwitch + menu, change the setting you wish to modify, and click Apply.
Control console. To set the name of the device, to set the Power On Delay for the outlets for this device, and to disable or enable the Manual button on the front of the MasterSwitch Plus, select the Device Manager menu. Select the MasterSwitch Plus or expansion unit you want to modify and then select ALL Outlets. Select Outlet Configuration. Change the Name/Location, Manual Button, and Power On Time Delay fields, and then select Accept Changes to apply the new settings.
Setting Description
Name Set the name for this MasterSwitch Plus unit. Manual Button Activate or deactivate the Manual button on the front panel of the unit. Power On Time Delay Set how long the MasterSwitch Plus will delay after AC power is applied, before starting the outlet’s power-on sequence. Restore Factory Resets the original settings for the MasterSwitch Plus unit. Defaults (control All unit and outlet properties are set to their defaults. console only) View Manufacturing Displays the following information: Model Number, Data Manufacture Date, Hardware Rev, Firmware Rev, and Serial Number. The Web interface displays this data under the Help menu. USER’S GUIDE MasterSwitch Plus
® 53 Setting Description
View Self Test Results Allows you to display the results of the unit’s last power-on (control console only) self-test. The tests performed are: Program Memory: Confirms that the EPROM chip is working properly. Non-Volatile Memory: Confirms that the EEPROM chip is working properly.
Configure Environmental Alarms Web interface. Click the Outlet Config menu under the MasterSwitch Plus unit you want to configure. Select the Environmental alarms to enable or disable by selecting the check-boxes under each Enable/Disable Environment Alarm Actions heading: • Zones 1–4 • Probe 1 • Probe 2
Click the Apply button under each heading to accept the changes.
The Environmental alarms apply only if you have an Environmental Monitoring Card installed in an expansion unit, or if the MasterSwitch Plus is connected to an Environmental Monitoring Unit. Control console. Select the MasterSwitch Plus unit you want to configure from the Device Manager menu, and select the outlet you want to configure. Select Environmental Alarms Configuration and choose a configuration setting from the list. Select Accept Changes to apply the new settings. USER’S GUIDE MasterSwitch Plus
® 54 Setting Definition
Zone 1 Controls the Zone 1 environmental alarm. Zone 2 Controls the Zone 2 environmental alarm. Zone 3 Controls the Zone 3 environmental alarm. Zone 4 Controls the Zone 4 environmental alarm. Probe 1 Controls the humidity low limit alarm for the first temperature and Humidity Low humidity sensor. Limit Probe 1 Controls the humidity high limit alarm for the first temperature and Humidity High humidity sensor. Limit Probe 1 Temp Controls the temperature low limit alarm for the first temperature Low Limit and humidity sensor. Probe 1 Temp Controls the temperature high limit alarm for the first temperature High Limit and humidity sensor. Probe 2 Controls the humidity low limit alarm for the second temperature Humidity Low and humidity sensor. Limit Probe 2 Controls the humidity high limit alarm for the second temperature Humidity High and humidity sensor. Limit Probe 2 Temp Controls the temperature low limit alarm for the second Low Limit temperature and humidity sensor. Probe 2 Temp Controls the temperature high limit alarm for the second High Limit temperature and humidity sensor. USER’S GUIDE MasterSwitch Plus
® 55 Environment Menu Status Web interface. To view the sensor status for external Environmental Monitor (EM) sensors 1 and 2, input contact and output relay status, and information about the Environmental Monitor, select Status from the Environment menu.
Control console. • To view the sensor status for external EM sensors 1 and 2, select Environment from the Device Manager menu, and select External Environmental Monitor Settings. • To view the input contact and output relay status, select Contact Settings from the External Environmental Monitor Settings menu. • To view information about the Environmental Monitor, select About Environmental Monitor from the External Environmental Monitor Settings menu.
Probes Web interface. To configure the settings for external EM sensors 1 and 2, select Probes from the Environment menu, enter your settings and click Apply.
Control console. Select: Device Manager > Environment > External Environmental Monitor Settings > Probe Settings Select the sensor you want to configure. Choose a configuration setting from the list. Select Accept Changes to apply the new settings. USER’S GUIDE MasterSwitch Plus
® 56 Input Contacts Web interface. To configure the settings for external EM input contacts, select Input Contacts from the Environment menu, enter your settings and click Apply.
Control console. Select: Device Manager > Environment > External Environmental Monitor Settings > Contact Settings Select the contact you want to configure. Select Accept Changes to apply the new settings. USER’S GUIDE MasterSwitch Plus
® 57 USER’S GUIDE MasterSwitch Plus Local accesstothecontrol console Overview Introduction Managing theExpansionUnit port onthefront You canusealocal comput control consolemenus. the Expansion Unitthroughthe serial withoutpurchasingaMasterSwit EXP) If youhavepurchasedonly .Runaterminalprogram(suchas 3. .Press 4. Usethesuppliedserialcable(940- 2. Selectaserialportattheloca 1. control. Savethechanges. selected portfor9600bps, to theserialportonfr which usesthatport. When loggingon,youwill E NTER panel oftheunit.
to accesstheinternalmenus. the MasterSwitchPlus er thatconnects totheun ont panel oftheunit. 8data bits, noparity, 1stopbit,and noflow l computer, anddi notneedausername. 58 port usingMasterSwitchPluslocal ch Plus(AP9225), HyperTerminal) andconfigurethe 0024) toconnecttheselectedport Expansion Unit(AP9225 sable anyservice it throughtheserial you canconfigure USER’S GUIDE MasterSwitch Plus Navigating theinternalinterface by numberandname. expansion unitandanEnvi The MasterSwitchPlusmenusallow To exittheMasterSwitchPl • To seetheresults of • To enteraselectiononanyofthem • To returntothepr • at themainmenu. necessary topress character commandandpress evious screen,press E the lastchangesyou NTER ronmental MonitoringCard . us internalmenus,type E 59 you tomanagethe NTER enus, typeits relatedone-ortwo- . E SC have made,itmaybe . . Allmenuslistitems Q MasterSwitch Plus (case-sensitive) USER’S GUIDE MasterSwitch Plus Main Menu Unit Name Identifies theMasterSwitch Identifies theversion th of Displays Description Name Unit Version Item Properties Outlet To Change states are: possible The outlet. the state of current the Displays State Outlet outlet. each Identifies Name Outlet states are: possible The UPS. the status of the Displays State UPS Properties Unit To Change N outlet properties. associated the enter Instructs to you alarms. Environment an of thebehavior controls menus • properties N • • • • • • Instructsyou to enter aU to access the • N On Unknown AC Fail On Line Inactive Off elapses. period On in hh:mm:ss period elapses. period Off in hh:mm:ss Off in OTE OTE OTE — Outlet is turned— Outletis on. —Outlet is turnedoff. : : : The The associated the at changeable is name outlet’s Each the in changed be can Name Unit The —UPS isoperating on battery. — UPS is operating normally.operating is UPS — insleepmode. — UPSis menu. — Communication withUPShasfailed. Communication — Enable/Disable Alarms Enable/Disable — Outlet will be turned on after beturned the specified time will Outlet — — Outlet will be turned of turned be will Outlet — e MasterSwitch Plus firmware. e MasterSwitchPlus 60 Plusunit that has been accessed. individual outlet with regard to outlet withregard individual setting on the on setting outlet number (1– 8) to access its number(1–8)to outlet Unit Properties f afterf time the specified Unit Properties Outlet Properties menu. outlet menu.
USER’S GUIDE MasterSwitch Plus tmDescription Item Outlet StatesOutlet To Change Units To Change Properties Card Monitoring Environmental To Change • • • • • • • are: enter may you commands performth enter anAto to be asked will or you outlet associated the on action the perform 8) to (1– number actions. After enteringa command, yo comman various enter to Instructsyou cascading setup. Instructs the unit in to enteraIaccessthe Plus you next MasterSwitch present). properties menu(available toaccess M enter to Instructsyou • has not exceeded Capacity the Battery Threshold. O Y expires. Duration outlet’s Reboot the F expires. D C outlet. TS N R — Off: Immediately turns an outlet off. turnsanoutlet — Off: Immediately — On: Immediately turns an outlet on. on. outlet an turns On: Immediately — — Reboot: Immediately turns anoutl Reboot: Immediately — — Override: Allows an outlet to restartchargeoutlet to an Allows UPSbattery when the — Override: — Graceful Reboot: Gracefully shuts down and restarts shuts and down outlet. an Gracefully Reboot: Graceful — — Delayed On: Turns an outlet on after the outlet’s Turn outlet’s the after Turns on On: Delay outlet On an Delayed — — Cancel: Cancels a delayed startup or shutdown. a delayed Cancels — Cancel: —
Shutdown: Gracefullyshuts down and optionallyrestarts an only if anEnvironmen if only 61 the Environmental Environmental the e action on all of the outlets. The The outlets. the of all on action e u will be asked to enter an outlet outlet an enter to asked be u will ds to initiate on-demandoutlet initiate ds to et offet backonafter andturnsit tal Cardis Monitoring Monitoring Card Monitoring USER’S GUIDE MasterSwitch Plus Unit Properties Menu Time Delay Power On Period Menu Timeout drs Specify the unit’s address(1–4) in acascading setup. Enter 1forthe printable 23 of maximum A unit. Plus MasterSwitch this of name the Set Description Address Name Item Results View Self-Test Data Manufacturing View Defaults Factory Restore the Set unit’s password.The password iscase-sensitive and canup be Password Button Manual applied before starting the outlet’s power-on sequence. outlet’s power-on starting the before applied is afterpower AC delay will Plus MasterSwitch the that time The off logsyou afterAutomatically th properly. Non-Volatile Memory Memory Program are: testsThe performed so onfor up tofour units. See the 1,and unit to adjacent unit the 2for UPS, the to closest connected unit ASCII characters is allowed. N upExpansionsetting addresses. on Unit for instructions Allows you to display the results display to of Allowsyou be configured. Rev,Hardware Rev, Firmware and Displays the following information: defaults. their to set are properties outlet Resets Ma for the settings the original characters. 9 printable to the unit. panel of front the on located button unit’sManual the Enable/disable not operate properly. OTE : If the addresses for all units are not set up properly, setup units not are for all addresses the If units will the : Confirms that the EPROMchipisworkingproperly.: Confirmsthat the : Confirms that the EEPROMchip isworking 62 e specified period of inactivity.of period e specified Installation and Quick-Start Model Number, Model Manufacture Date, Serial Number. Serial cannot items These the unit’s lastpo sterSwitch Plus unit. All unit and and unit All unit. Plus sterSwitch wer-on self-test. manual USER’S GUIDE MasterSwitch Plus Graceful Shutdownmenuitems Overview Outlet Properties Menu menu mode settingofthe outlet. To accessthesemenus,enter MasterSwitch Plushaseight Duration Reboot Delay Power On Delay Power Off Graceful a to due outlet an from power removing between delay The Restart Delay Multiplier Battery UPS Low Control Warning Low Battery Confirm Device Will Mode outlet. each Identifies Control Outlet Name Outlet Item Definition . The Outlet Properties and reapplying power to an outlet. an to power reapplying and reboot a of because outlet an from power removing between delay The outlet. the to applied being in Determines the time shutdown)outlet. removed the poweris from until server a confirming triggeringevent(such asa fromthe The time Shutdown and reapplyingpower tothat outlet. Warning. runtime falls below thisvalue multipliedthe UPS by Low Battery wh is generated signal battery A low operation. battery sig assert theoutlet’sLow Battery Selects Pl the methodMasterSwitch shutdown signal. Indicateswhether device the connected tothe outlet can assert a Establishes modeforassociated outlet. chosenoutlet. Outlet Properties menuvariesaccordingtothe terval between thetriggering event and power 63 an outletnumber(1–8)fromthe nal afterUPS the menus—one foreach menus—one us uses whento fordetermining en the UPS's remaining battery the UPS'sremainingbattery en Outlet Control has switched to to switched has Main
USER’S GUIDE MasterSwitch Plus Annunciator menuitems Delay Action Alarm Outlet Select Another UPS Alarms Enable/Disable Threshold Capacity Battery Item Definition Alarms Disable UPS Enable/ Delay Action Alarm Definesthe initialstate of the outlet. InitialState Mode Control Definition Outlet outlet. each Identifies Name Outlet Item Outlet Another Select specific Environment alarm. Settings are Settings alarm. Environment specific a to react will outlet an whether Indicates Masks: Alarm Environment reacts unit alarm. tothe the The amount oftime that an Environment alarmbe asserted must before Annunciator. Set the modefor the associated outlet: Graceful Shutdown or Choose another outletconfigure. to alarms. Card Monitoring Environmental 12 the of each before the unit reacts unit alarm. tothe the before anEn that The amountoftime configure. to outlet another choose you Allows specific Environment alarm. wh AlarmMasks:Indicates Environment before an outlet can be turned on. Sets the minimum percentage ofBattery Capacity required ofthe UPS 64 vironment alarm must be asserted alarm be must vironment Enabled ether an outlet will reacttoa will ether anoutlet and and Disabled for USER’S GUIDE MasterSwitch Plus Environmental MonitoringCard menu Alarms All Disable and temperature for threshold alarm high the orset disable to you Allows Limit High and temperature for threshold alarm low orsetthe disable to you Allows Limit Low Displays thecurrent relativereading humidity of each attached probe. Humidity Description (Celsius) Temp Item • are: options The operation. Card Monitoring Environmental control to you Allows forthat alarmaresettoEnabled. settings Alarm Enable/Disable whose outlets toall asserted be will alarm an exceeded, inpercentage is humidity. relative of and humidity If alarm limits are forhumidity each probe. Temperature threshold isin degrees Celsius forthat alarmaresettoEnabled. settings Alarm Enable/Disable whose outlets toall asserted be will alarm an exceeded, inpercentage is humidity. relative of and humidity If alarm limits are forhumidity each probe. Temperature threshold isin degrees Celsius Humidityis displayed in Temperature probe. in isdisplayed Displays thecurrent ambient temperature reading of each attached • Yes No alarms. Environment all ignore —Allalarm limits are reset to previous configuration. — All alarm limits are set to Di to set limits are alarm All — nnn.n 65 % relativehumidity. nn.nn sabled. MasterSwitch Plus will MasterSwitchPlussabled. will degrees Celsius. Event-Related Menus
Introduction
Overview The Events menu provides access to the options that you use to do the following: • Access the event log • Define the actions to be taken when an event occurs, based on the severity level of that event: – Event logging – Syslog message notification – SNMP trap notification – E-mail notification
You can use only the Web interface to define which events will use which actions, as described in Event Log and How to Configure Individual Events.
• Define up to four Network Management Stations (NMSs) as trap receivers by their NMS-specific IP address or domain name. • Define up to four recipients for event notifications by e-mail.
Menu options In the Web interface, all of the events options are accessed through the Events menu. USER’S GUIDE MasterSwitch Plus
® 66 In the control console, access the available events-related options as follows: • Use the Email option in the Network menu to define the SMTP server and e-mail recipients. • Use the SNMP option in the Network menu to define the SNMP trap receivers. • Use CTRL-L to access the event log from any menu.
For information on the following topics, use these links: • Event Log • Event Actions (Web Interface Only) • Event Recipients • E-mail Feature • How to Configure Individual Events USER’S GUIDE MasterSwitch Plus
® 67 Event Log
Overview The unit supports event-logging for all Network Management Card application firmware modules. To record and display Network Management Card and unit events, use any of the following to view the event log: • Web interface • Control console • FTP •SCP USER’S GUIDE MasterSwitch Plus
® 68 Logged events By default, any event which causes an SNMP trap will be logged, except for SNMP authentication failures. Additionally, the unit will log its abnormal internal system events. However, you can use the Actions option in the Web interface’s Events menu to disable the logging of events based on their assigned severity level, as described in Event Actions (Web Interface Only).
Some System (Network Management Card) events do not have a severity level. Even if you disable the event log for all severity levels, events with no severity level will still be logged.
To access a list of the System (Network Management Card) and MasterSwitch Plus (Device) events, see Event List page.
Web interface The Log option in the Events menu accesses the event log. This log displays all of the events that have been recorded since the log was last deleted, in reverse chronological order. The Delete Log button clears all events from the log. USER’S GUIDE MasterSwitch Plus
® 69 Control console Press CTRL-L to display all the events that have been recorded since the log was last deleted, in reverse chronological order. Use the SPACE BAR to scroll through the recorded events. While viewing the log, type d and press ENTER to clear all events from the log.
.
After events are deleted, they cannot be retrieved.
How to use FTP or SCP to retrieve log files If you are an Administrator or Device Manager, you can use FTP or SCP to retrieve a tab-delineated event log file (event.txt) or data log file (data.txt) that you can import into a spreadsheet application. • The file reports all of the events or data recorded since the log was last deleted. • The file includes information that the event log or data log does not display. – The version of the file format (first field) – The date and time the file was retrieved –The Name, Contact, and Location values and IP address of the unit – The unique Event Code for each recorded event (event.txt file only)
The unit uses a four-digit year for log entries. You may need to select a four-digit date format in your spreadsheet application to display all four digits of the year. USER’S GUIDE MasterSwitch Plus
® 70 If you are using the encryption-based security protocols for your system, use Secure CoPy (SCP) to retrieve the log file. (You should have FTP disabled.)
If you are using unencrypted authentication methods for the security of your system, use FTP to retrieve the log file.
See Security for information on the available protocols and methods for setting up the type of security appropriate for your needs.
To use SCP to retrieve the files. To use SCP to retrieve the event.txt file, use the following command: scp username@hostname_or_ip_address:event.txt ./event.txt
To use SCP to retrieve the data.txt file, use the following command: scp username@hostname_or_ip_address:data.txt ./data.txt
To use FTP to retrieve the files. To use FTP to retrieve the event.txt or data.txt file: 1. At a command prompt, type ftp and the unit’s IP address, and press ENTER. If the Port setting for FTP Server in the Network menu has changed from its default value (21), you must use the non-default value in the FTP command. For Windows FTP clients, use the following command, including spaces. (For some FTP clients, you must use a colon instead of a space between the IP address and the port number.) ftp>open ip_address port_number To use non-default port values to enhance security, see Port assignments. USER’S GUIDE MasterSwitch Plus
® 71 2. Use the case-sensitive User Name and Password for either an Administrator or a Device Manager user to log on. – For Administrator, apc is the default for User Name and Password. – For Device Manager, device is the default for User Name, and apc is the default for Password. 3. Use the get command to transmit the text-version of the event log or data log to your local drive. ftp>get event.txt or ftp>get data.txt 4. You can use the del command to clear the contents of the event log or data log. ftp>del event.txt or ftp>del data.txt You will not be asked to confirm the deletion. – If you clear the data log, the event log records a deleted-log event. – If you clear the event log, a new event.txt file is created to record the deleted-log event. 5. Type quit at the ftp> prompt to exit from FTP. USER’S GUIDE MasterSwitch Plus
® 72 Event Actions (Web Interface Only) Overview The Actions option is available only on the Web interface’s Events menu. This option allows you to select which actions will occur for events that have a specified severity level: • Event Log selects which severity levels cause an event to be recorded in the event log. See Event log action. • Syslog selects which severity levels cause a Syslog message notification. • SNMP Traps selects which severity levels cause SNMP traps to be generated. See SNMP traps action. • Email selects which severity levels cause e-mail notifications to be sent. See Email action.
Click Details to access a complete list of the System (Network Management Card) and Device (MasterSwitch Plus) events that can occur, and then edit the actions that will occur for an individual event, as described in How to Configure Individual Events. Click Hide Details to return to the Actions option.
Modifying events on the Configure Event Action by Severity Level page will override any changes you have made to individual events on the Details page. USER’S GUIDE MasterSwitch Plus
® 73 Severity levels Except for some System (Network Management Card) events that do not have a severity level, events are assigned a default severity level based on their seriousness: • Informational: Indicates an event that requires no action, such as a notification of a return from an abnormal condition. • Warning: Indicates an event that may need to be addressed if the condition continues, but does not require immediate attention. • Severe: Indicates an event that requires immediate attention. Unless resolved, severe Device and System events can cause incorrect operation of the unit or its Network Management Card.
Event log action You can disable the recording of events in the event log. By default, all events are recorded, even events that have no severity level assigned.
Even if you disable the event log action for all severity levels, System (Network Management Card) events that have no severity level assigned will still be logged.
For more information about this log, see Event Log.
Syslog action Syslog selects which severity levels cause messages to be sent to Syslog servers to log events.
By default, the Syslog action is enabled for all events that have a severity
USER’S GUIDE MasterSwitch Plus level. However, before you can use this feature to send Syslog messages when events occur, you must configure it.
® 74 See Syslog.
SNMP traps action By default, the SNMP Traps action is enabled for all events that have a severity level assigned. However, before you can use SNMP traps for event notifications, you must identify the network management stations (NMSs) that will receive the traps by their IP addresses.
To define up to four NMSs as trap receivers, see Event Recipients.
Email action By default, the Email action is enabled for all events that have a severity level assigned. However, before you can use e-mail for event notifications, you must define the e-mail recipients.
\
See E-mail Feature. USER’S GUIDE MasterSwitch Plus
® 75 Event Recipients Overview The Web interface and control console both have options that allow you to define up to four trap receivers and up to four e-mail addresses to be used when an event occurs that has the SNMP traps or e-mail enabled.
See Event Actions (Web Interface Only)
Trap receiver settings To define which NMSs will receive traps: • In the Web interface, use the Recipients option of the Events menu. • In the control console, use the SNMP option in the Network menu. Choose one of the trap receivers to modify, or select Settings and enable SNMP access for all trap receivers.
Item Definition
Community Name This setting defines the password (maximum of 15 characters) used when traps are sent to the NMS identified by the Receiver NMS IP/Domain Name setting. Receiver NMS IP/Domain Identifies by IP address or Domain Name the NMS that Name will receive traps. If this setting is 0.0.0.0 (the default value), traps will not be sent to any NMS. Generation (Web interface) Enables (by default) or disables the sending of any traps to the NMS identified by the Receiver NMS IP/Domain Trap Generation (control Name setting. console)
USER’S GUIDE MasterSwitch Plus Authentication Traps Enables or disables the sending of authentication traps to the NMS identified by the Receiver NMS IP/Domain Name setting.
® 76 E-mail Feature Overview You can use the Simple Mail Transfer Protocol (SMTP) to send e-mail to up to four recipients when an event occurs.
To use the e-mail feature, you must define the following settings: • The IP addresses of the primary and secondary Domain Name System (DNS) servers, as described in DNS servers • The DNS name of the SMTP server and the From Address setting for SMTP, as described in SMTP settings • The e-mail addresses for a maximum of four recipients, as described in Email recipients
7 USER’S GUIDE MasterSwitch Plus
® 77 DNS servers The unit cannot send any e-mail messages unless the IP address of the primary DNS server is defined.
The unit will wait a maximum of 15 seconds for a response from the primary or (if specified) the secondary DNS server. If the unit does not receive a response within that time, e-mail cannot be sent. Therefore, use DNS servers that are on the same segment as the unit or on a nearby segment (but not across a WAN).
Once you define the IP addresses of the DNS servers, verify that DNS is working correctly. Enter the DNS name of a computer on your network to test whether you can look up the IP address for that DNS name.
SMTP settings The Email option in the Network menu accesses the following settings:
Setting Description
SMTP Server Defines the SMTP server by its DNS name. NOTE: This definition is required only when the SMTP Server option (see Email recipients) is set to Local. From Address Defines the contents of the From field in the e-mail messages sent by the unit. NOTE: The SMTP server’s configuration may require that you use a valid user account on the server for this setting. See the server’s documentation for more information. USER’S GUIDE MasterSwitch Plus
® 78 Email recipients In the Web interface, use the Recipients option in the Events menu or the Configure the Email recipients link in the “Email Configuration” page to identify up to four e-mail recipients. Use the Email Test option to send a test message to a configured recipient.
In the control console, use the Email option in the Network menu to access the e-mail recipient settings.
Setting Description
To Address Defines the user and domain names of the recipient. • To bypass the DNS lookup of the mail server’s IP address, use the IP address in brackets instead of the e-mail domain name. For example, use jsmith@[xxx.xxx.xxx.xxx] instead of [email protected]. This is useful when DNS lookups are not working correctly. • To use e-mail for paging, use the e-mail address for that recipient’s pager gateway account (for example, [email protected]). The pager gateway pages the recipient. The recipient’s pager must be able to use text-based messaging. USER’S GUIDE MasterSwitch Plus
® 79 Setting Description
SMTP Selects one of the following methods for routing e-mail: Server • Through the SMTP server provided with the unit (the recommended option, Local). This option ensures that the e-mail is sent before the 20- second time-out for the unit, and, if necessary, is retried several times. Also do one of the following: • Enable forwarding at the SMTP server provided with the unit so that it can route e-mail to external SMTP servers. Typically, SMTP servers are not configured to forward e-mail. Always check with the administrator of your SMTP server before changing its configuration to allow forwarding. • Set up a special e-mail account for the unit to forward e-mail to an external mail account. • Directly to the recipient’s SMTP server (the Recipient’s option). On a busy remote SMTP server, the time-out may prevent some e-mail from being sent, and with this option the unit tries to send the e-mail only once. When the recipient uses the SMTP server provided with the unit, the Recipient’s setting has no effect. Generation Enables (by default) or disables sending e-mail to the recipient. Format Selects the format used for e-mail messages: Short: Identifies only the event that occurred. For example: MasterSwitch Plus: Outlet 01 on device turned on Long: Includes information about the unit and the event. For example: Name: TestLab Location: Building 3 Contact: DonAdams http://139.225.6.133 MasterSwitch Plus Ser #: WS0131005294 Date: 03/24/2005 Time: 16:09:48 Code: 0x0703 USER’S GUIDE MasterSwitch Plus Warning - MasterSwitch Plus: Outlet 01 on device turned on
® 80 How to Configure Individual Events Event List page The Actions option in the Events menu opens the Event Action Configuration page on the Web interface. Use the Details button in this page to access a complete list of the events that can be reported by your MasterSwitch Plus.
Modifying events on the Configure Event Action by Severity Level page, will override any changes you have made to individual events on the Details page.
Each event is identified by its unique code, its description, and its assigned severity level. For example:
Code Description Severity
0x0008 System: Warmstart Severe 0x707 MasterSwitch: Device configuration changed on device Informational Critical Rack
For information about severity levels and how they define the actions associated with events, see Event Actions (Web Interface Only). Detailed Event Action Configuration page The event codes provide a link to a page that allows you to do the following: • Change the selected event’s severity level • Enable or disable whether the event uses the event log, Syslog
USER’S GUIDE MasterSwitch Plus messages, SNMP traps, or e-mail notifications
® 81 Data Menu (Web Interface Only)
Log Option
Use this option to access a log that stores information about the external Environmental Monitoring Unit, and the ambient temperature and relative humidity measured by the Environmental Monitor’s sensors.
Use the Data menu’s Configuration option to define how frequently data is sampled and stored in the data log. Each entry is listed by the date and time the data was recorded, and provides the data in a column format.
See Configuration Option.
To retrieve the data log as a text file, see How to use FTP or SCP to retrieve log files. USER’S GUIDE MasterSwitch Plus
® 82 Configuration Option
Use this option to access the “Data Log Configuration” page, which reports how much data can be stored in the data log. If you change the Log Interval setting, which defines how often data will be sampled and recorded in the data log, the report updates based on the new setting.
The minimum interval is 60 seconds; the maximum interval is 8 hours, 10 minutes, 15 seconds. USER’S GUIDE MasterSwitch Plus
® 83 Network Menu
Introduction Overview Use the Network menu to do the following tasks: • Define TCP/IP settings, including DHCP and BOOTP server settings, when a DHCP or BOOTP server is used to provide the needed TCP/IP values • Use the Ping utility • Define and display settings that affect the unit’s settings for DNS, FTP, Telnet, SSH, SNMP, e-mail, Syslog, and the Web interface (SSL/TLS).
.
Only an Administrator has access to the Network menu.
Menu options Unless noted, the following menu options are available in the control console and Web interface: • TCP/IP • DNS • FTP server • Telnet/SSH • SNMP • Email
USER’S GUIDE MasterSwitch Plus • Syslog • Web/SSL ® 84 Option Settings TCP/IP Use this option to enable or disable BOOTP, and when BOOTP is disabled, to define the TCP/IP values that a unit needs to operate on the network: – System IP: The IP address of the unit – Subnet Mask: The subnet mask value – Default Gateway: The IP address of the default gateway
For information about the watchdog role of the default gateway, see Resetting the network timer.
When BOOTP is enabled (the default setting), you can affect only the BOOTP setting. A BOOTP server will provide the MasterSwitch Plus with its TCP/IP settings whenever the unit is started, reset, or re-started. Current TCP/IP settings fields. The current values for System IP, Subnet Mask, Default Gateway, the MAC Address, Host Name, and the Domain Name for the MasterSwitch Plus are displayed with the TCP/IP settings in the control console and Web interface. The Ethernet Port Speed is displayed on the Web interface only. For more information on using BOOTP and DHCP, see Boot Mode. USER’S GUIDE MasterSwitch Plus
® 85 Boot mode setting. This setting selects which method will be used to define the unit’s TCP/IP settings whenever the unit turns on, resets, or restarts: • Manual: Three settings (System IP, Subnet Mask, and Default Gateway) which are available only when Manual is used to define the needed TCP/IP settings. • BOOTP only: A BOOTP server provides the TCP/IP settings. • DHCP only: A DHCP server provides the TCP/IP settings. • DHCP & BOOTP: The unit will attempt to get its TCP/IP settings from a BOOTP server first, and then, if it cannot discover a BOOTP server, from a DHCP server.
For more information about how to use DHCP, see Boot Mode.
An After IP Assignment setting, by default, will switch Boot mode from its default DHCP & BOOTP setting to BOOTP only or DHCP only, depending on the type of server that supplied the TCP/IP settings to the unit.
For information about the After IP Assignment setting, and other settings that affect how the unit uses BOOTP and DHCP, see Advanced settings; For more information about how to use DHCP, see Boot Mode. USER’S GUIDE MasterSwitch Plus
® 86 Advanced settings. The boot mode affects which settings are available: • Two settings are available for all Boot mode selections to define the unit’s Host Name and Domain Name values. – Host Name: When an Administrator configures a host name here and a domain name in the Domain Name field, users can then enter a host name in any field in the MasterSwitch Plus interface (except e-mail addresses) that accepts a domain name as input. – Domain Name: An Administrator needs to configure the domain name here only. In all other fields in the MasterSwitch Plus interface (except e-mail addresses) that accept domain names, the unit will add this domain name when only a host name is entered. To override the expansion of a specified host name by the addition of the domain name, do one of the following: • To override the behavior in all instances, set the domain name field in Configure General Settings to its default somedomain.com or to 0.0.0.0. • To override the behavior for a particular host name entry — for example when defining a trap receiver — include a trailing period. The MasterSwitch Plus recognizes a host name with a trailing period (such as mySnmpServer.) as if it were a fully qualified domain name and therefore does not append the domain name. •A Port Speed setting is available for all Boot mode selections to define the TCP/IP port’s communication speed (Auto-negotiate, by default). • Three settings are available for all Boot mode selections, except Manual, to identify the unit in BOOTP or DHCP communication: USER’S GUIDE MasterSwitch Plus – Vendor Class: Uses APC, by default.
® 87 – Client ID: Uses the unit’s MAC address, by default.
If the Client ID is changed from the unit’s MAC address, the new value must be unique on the LAN. Otherwise, the Caution DHCP or BOOTP server may act incorrectly.
– User Class: Uses the unit’s application firmware module type, by default. For example, a Symmetra module sets the User Class to SY, and a Smart-UPS/Matrix-UPS module sets it to SUMX. • Two settings are available if BOOTP only is the Boot mode selection: – Retry Then Fail: Defines how many times the unit will attempt to discover a BOOTP server before it stops (4, by default). – On Retry Failure: Defines what TCP/IP settings will be used by the unit when it fails to discover a BOOTP server (Use Prior Settings, by default). For information about the Advanced settings (DHCP Cookie Is and Retry Then Stop) that directly affect how DHCP is used, see Boot Mode. USER’S GUIDE MasterSwitch Plus
® 88 DNS Configure Domain Name Service Settings fields. Use these fields to define the IP addresses of the primary and secondary Domain Name System (DNS) used by the MasterSwitch Plus e-mail feature.
See E-mail Feature and DNS servers.
Send DNS Query (Web interface). Use this option, available only through the DNS menu in the Web interface, to send a DNS query that tests the setup of your DNS servers.
Use the following settings to define the parameters for the test DNS request; view the result of the test DNS request in the Last Query Response field (which displays No last query or text describing the query result of the last test). • Use the Query Type setting to select the method to use for the DNS query: – The URL name of the server (Host) – The IP address of the server (IP) – The fully qualified domain name (FQDN) – The Mail Exchange used by the server (MX) • Use the Query Question text field to identify the value to be used for the selected Query Type: –For Host, identify the URL –For IP, identify the IP address –For FQDN, identify the fully qualified domain name, formatted as myserver.mydomain.com. –For MX, identify the Mail Exchange address USER’S GUIDE MasterSwitch Plus
® 89 • Enable or disable Reverse DNS Lookup, which is disabled by default. Enable this feature unless you have no DNS server configured or have poor network performance because of heavy network traffic. With Reverse DNS Lookup enabled, when a network-related event occurs, reverse DNS lookup logs in the event log both the IP address and the domain name for the networked device associated with the event. If no domain name entry exists for the device, only its IP address is logged with the event. Since domain names generally change much less frequently than IP addresses, enabling reverse DNS lookup can improve the ability to identify addresses of networked devices that are causing events to occur.
Ping utility (control console) Select this option, available only in the control console, to check the network connection by testing whether a defined IP address or domain name responds to the Ping network utility.
By default, the IP address of the default gateway is used. However, you can use the IP address or domain name of any device known to be running on the network. USER’S GUIDE MasterSwitch Plus
® 90 FTP server Use the Access setting to enable or disable the FTP server. The server is enabled by default.
FTP transfers files without using encryption. For higher security, use Secure CoPy (SCP) for file transfers. When you select and configure Secure SHell (SSH), SCP is enabled automatically. If you decide to use SCP for file transfer, be sure to disable the FTP server.
To configure SSH, see Telnet/SSH
Use the Port setting to identify the TCP/IP port that the FTP server uses to communicate with the unit. The default Port setting is 21.
You can change the Port setting to any unused port from 5001 to 32768 to enhance the protection provided by User Name and Password settings. You must then use a colon (:) in the command line to specify the non-default port. For example, for a port number of 5000 and a unit IP address of 152.214.12.114, you would use this command: ftp 152.214.12.114:5000
To access a text version of the unit’s event or data log, see How to use FTP or SCP to retrieve log files.
To use FTP to download configuration files: • See File Transfer (control console only) if the files are on an FTP server of your company or agency. • See Firmware file transfer methods if you are downloading USER’S GUIDE MasterSwitch Plus files from the APC Web site.
® 91 Telnet/SSH Use the Telnet/SSH option to perform the following tasks: • Enable or disable Telnet or the Secure SHell (SSH) protocol for remote control console access. – While SSH is enabled, you cannot use Telnet to access the control console. – Enabling SSH automatically enables SCP.
When SSH is enabled and its port and encryption ciphers are configured, no further configuration is required to use SCP. (SCP uses the same configuration as SSH.)
– Do not enable both versions of SSH unless you require that both be activated at the same time. (Security protocols use extensive processing power.) To use SSH, you must have an SSH client installed. Most ® Linux and other UNIX platforms include an SSH client as part
of their installation, but Microsoft Windows operating systems do not. SSH clients are available from various vendors. • Configure the port settings for Telnet and SSH. • Select one or more data encryption algorithms for SSH version 1, SSH version 2, or both. • In the Web interface, specify a host key file previously created with the APC Security Wizard and load it to the unit. USER’S GUIDE MasterSwitch Plus
® 92 From a command line interface, such as the command prompt on Windows operating systems, you can use FTP or Secure CoPy (SCP) to transfer the host key file. You must transfer the file to location /sec on the unit.
If you do not specify a host key file, the MasterSwitch Plus generates an RSA host key of 768 bits, instead of the 1024-bit RSA host key that the APC Security Wizard creates. The Management Card can take up to 5 minutes to create this host key, and SSH is not accessible during that time. • Display the fingerprint of the SSH host key for SSH versions 1 and 2. Most SSH clients display the fingerprint at the start of a session. Compare the fingerprint displayed by the client to the fingerprint that you recorded from the Web interface or control console of the unit. If you are using SSH version 2, expect a noticeable delay when logging on to the control console of the unit. Although the delay is not long, it can be mistaken for a problem because there is no explanatory message. USER’S GUIDE MasterSwitch Plus
® 93 Option Description
Telnet/SSH Network Configuration
Access Enables or disables the access method selected in Protocol Mode. NOTE: Enabling SSH automatically disables Telnet. To enable SSH, change the setting and then click Next>> in the Web interface or choose Accept Changes in the control console. You must then agree to the license agreement that is displayed Protocol Choose one of the following: Mode • Telnet: User names, passwords, and data are transmitted without encryption. • Secure SHell (SSH) version 1: User names, passwords, and data are transmitted in encrypted form. There is little or no delay when you are logging on. • Secure SHell (SSH) version 2: User names, passwords, and data are transmitted in encrypted form, but with somewhat more protection than version 1 from attempts to intercept, forge, or alter data during data transmission. There is a noticeable delay when you are logging on to the unit. • Secure SHell (SSH) versions 1 and 2: Do not enable both versions of SSH unless you require that both be activated at the same time. (Security protocols use extensive processing power.) USER’S GUIDE MasterSwitch Plus
® 94 Option Description
Telnet/SSH Port Configuration
Telnet Port Identifies the TCP/IP port used for communications by Telnet with the unit. The default is 23. You can change the Port setting to the number of any unused port between 5000 and 32768 to enhance the protection provided by User Name and Password settings. Then, according to the requirements of your Telnet client program, you must use either a colon (:) or a space in the command line to specify the non-default port number. For example, for a port number of 5000 and a unit IP address of 152.214.12.114, your Telnet client would require one or the other of the following commands: telnet 152.214.12.114:5000 telnet 152.214.12.114 5000 SSH Port Identifies the TCP/IP port used for communications by the Secure SHell (SSH) protocol with the unit. The default is 22. You can change the Port setting to the number of any unused port between 5000 and 32768 to enhance the protection provided by User Name and Password settings. See the documentation for your SSH client for information on the command line format required to specify a non-default port number when starting SSH. USER’S GUIDE MasterSwitch Plus
® 95 Option Description
SSH Server Configuration
SSHv1 Enables or disables DES, and displays the status (always enabled) of Encryption Blowfish, two encryption algorithms (block ciphers) compatible with SSH Algorithms version 1 clients. • DES: The key length is 56 bits. • Blowfish: The key length is 128 bits. You cannot disable this algorithm. NOTE: Not all SSH clients can use every algorithm. If your SSH client cannot use Blowfish, you must also enable DES. SSHv2 Enables or disables the following encryption algorithms (Block Ciphers) Encryption that are compatible with SSH version 2 clients. Algorithms • 3DES (enabled by default): The key length is 168 bits. • Blowfish (enabled by default): The key length is 128 bits. • AES 128: The key length is 128 bits. • AES 256: The key length is 256 bits. NOTE: Not all SSH clients can use every algorithm. Your SSH client selects the algorithm that provides the highest security from among the enabled algorithms that it is able to use. (If your SSH client cannot use either of the default algorithms, you must enable an AES algorithm that it can use.) USER’S GUIDE MasterSwitch Plus
® 96 Option Description
SSH User Host Key File
Status The Status field indicates the status of the host key (private key). In the control console, you display host key status by selecting Advanced SSH Configuration. • SSH Disabled: No host key in use: SSH is currently disabled and is not using a host key. A host key may or may not be loaded. NOTE: A host key must be installed to the /sec directory of the unit. • Generating: The unit is generating a host key because no valid host key was installed in its /sec directory. • Loading: A host key is being loaded (i.e., being activated on the unit). • Valid: The host key is valid. (If you install an invalid host key, the unit discards it and generates a valid one. However, a host key that the unit generates is only 768 bits in length. A valid host key created by the APC Security Wizard is 1024 bits.) Filename You can create a host key file with the APC Security Wizard and then upload it to the unit by using the Web interface. Use the Browse button for the Filename field to locate the file, then click Apply. Alternatively, you can use FTP or Secure CoPy (SCP) to transfer the host key file to the unit. NOTE: Creating and uploading a host key in advance reduces the time required to enable SSH. If no host key is loaded when you enable SSH, the unit creates one when it reboots. The Management Card takes up to 5 minutes to create this key, and the SSH server is not accessible during that time. USER’S GUIDE MasterSwitch Plus
® 97 Option Description
SSH Host Key Fingerprint
SSH v1 Displays the SSH version 1 fingerprint for the host key. The fingerprint is a unique identifier to further authenticate the host key. In the control console, choose Advanced SSH Configuration and then Host Key Information to display the fingerprint. SSH v2 Displays the SSH version 2 fingerprint for the host key. The fingerprint is a unique identifier to further authenticate the host key. In the control console, choose Advanced SSH Configuration and then Host Key Information to display the fingerprint. USER’S GUIDE MasterSwitch Plus
® 98 SNMP
An Access option (Settings in the control console) enables (by default) or disables SNMP. When SNMP is enabled, the Access Control settings allow you to control how each of the four available SNMP channels is used.
To define up to four NMSs as trap receivers, see Trap receiver settings.
To use SNMP to manage a UPS or an Environmental Monitor, ® see the PowerNet SNMP Management Information Base
See also (MIB) Reference Guide, provided on the APC MasterSwitch Utility CD and on the APC Web site (www.apc.com).
Setting Definition
Community This setting defines the password (maximum of 15 characters) that an Name NMS defined by the NMS IP/Domain Name setting uses to access the channel. NMS IP/ Limits access to the NMS specified by a domain name or to the NMSs Domain specified by the format used for the IP address: Name • A domain name allows only the NMS at that location to have access. • 159.215.12.1 allows only the NMS with that IP address to have access. • 159.215.12.255 allows access for any NMS on the 159.215.12 segment. • 159.215.255.255 allows access for any NMS on the 159.215 segment. • 159.255.255.255 allows access for any NMS on the 159 segment. • 0.0.0.0 or 255.255.255.255 allows access for any NMS. USER’S GUIDE MasterSwitch Plus
® 99 Setting Definition
Access Selects how the NMS defined by the NMS IP/Domain Name setting can Type use the channel, when that NMS uses the correct Community Name. Read The NMS can use GETs at any time, but it can never use SETs. Write The NMS can use GETs at any time, and can use SETs when no one is logged on to the control console or Web interface. Disabled The NMS cannot use GETs or SETs. Write+ The NMS can use GETs and SETs at any time, even when someone is logged on to the control console or Web interface.
Email Use this option to define two SMTP settings (SMTP Server and From Address) used by the e-mail feature of the MasterSwitch Plus. For more information about these settings, see SMTP settings; for more information about the e-mail capability of the MasterSwitch Plus, see E-mail Feature. USER’S GUIDE MasterSwitch Plus
® 100 Syslog By default, the unit can send messages to up to four Syslog servers whenever unit, Environmental Monitor, or UPS events occur. The Syslog servers, which must be specifically identified by their IP addresses or domain names, record the events that occur at network devices in a log that provides a centralized record of events.
This user’s guide does not describe Syslog or its configuration values in detail. For more information about Syslog, see See also RFC3164, at www.ietf.org/rfc/rfc3164.txt?number=3164. Syslog settings. Leave the Syslog settings, except the Server IP settings, set to their defaults unless otherwise specified by the Syslog network or system administrator.
Setting Definition
General Settings
Syslog Enables (by default) or disables the Syslog feature. Facility Selects the facility code assigned to the unit’s Syslog messages (User, by default). NOTE: Although several daemon-specific and process-specific selections are available, along with eight generic selections, User is the selection that best defines the Syslog messages sent by a unit.
Syslog Server Settings
Server IP/ Uses specific IP addresses or domain names to identify which of up to four Domain servers will receive Syslog messages sent by the unit. Name NOTE: To use the Syslog feature, at least Server IP/Domain Name must be defined for at least one server. Port Identifies the user datagram protocol (UDP) port that the unit will use to USER’S GUIDE MasterSwitch Plus send Syslog messages. The default is 514, the number of the UDP port assigned to Syslog.
® 101 Setting Definition
Local Priority (Severity Mapping)
Map to Maps each of the severity levels (Local Priority settings) that can be Syslog’s assigned to UPS, environmental monitor, and unit events to the available Priorities Syslog priorities. The following definitions are from RFC3164: • Emergency: The system is unusable • Alert: Action must be taken immediately • Critical: Critical conditions • Error: Error conditions • Warning: Warning conditions • Notice: Normal but significant conditions • Informational: Informational messages • Debug: Debug-level messages Following are the default settings for the four Local Priority settings: • Severe is mapped to Critical • Warning is mapped to Warning • Informational is mapped to Info • None (for events that have no severity level assigned) is mapped to Info NOTE: To disable sending Syslog messages for Severe, Warning, or Informational events, see Event Actions (Web Interface Only). USER’S GUIDE MasterSwitch Plus
® 102 Syslog test (Web interface). This option allows you to send a test message to the Syslog servers configured in the Syslog Server section. 1. Select the priority you want to assign to the test message. 2. Define the test message, using any text that is formatted as described in Syslog message format below. For example: APC: Test message meets the required message format. 3. Click Apply to have the unit send a Syslog message that uses the defined Priority and Test Message settings.
Syslog message format. A Syslog message has three parts: • The priority (PRI) identifies the Syslog priority assigned to the message’s event and the facility code assigned to messages sent by the unit. • The Header includes a time stamp and the IP address of the unit. • The message (MSG) part has two fields: – The Tag field, which is followed by a colon and a space, identifies the event type (APC, System, or UPS, for example) – The Content field provides the event text, followed by a space and the event code USER’S GUIDE MasterSwitch Plus
® 103 Web/SSL Use the Web/SSL menu to perform the following tasks. • Enable or disable the two protocols that provide access to the Web interface of the MasterSwitch Plus: – Hypertext Transfer Protocol (HTTP): provides access by user name and password, but does not encrypt user names, passwords, and data during transmission. – Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS): Secure Sockets Layer (SSL) encrypts user names, passwords, and data during transmission, and provides authentication of the MasterSwitch Plus by means of digital certificates. • Configure the ports that each of the two protocols will use. • Select the encryption ciphers that SSL will use. • Identify whether a server certificate is installed on the unit. If a certificate has been created with the APC Security Wizard but is not installed: – In the Web interface, browse to the certificate file and upload it to the unit. – Alternatively, use the Secure CoPy (SCP) protocol or FTP to upload it to the location \sec on the unit Creating and uploading a server certificate in advance reduces the time required to enable HTTPS (SSL/TLS). If no server certificate is loaded when you enable HTTPS (SSL/ TLS), the unit creates one when it reboots. The Management Card can take up to 5 minutes to create this certificate, and the SSL/TLS server is not available during that time. USER’S GUIDE MasterSwitch Plus • Display the configured parameters of a digital server certificate, if one is installed. ® 104 Option Description
Web/SSL Network Configuration
Access Enables or disables the access method selected in Protocol Mode. Protocol Mode Choose one of the following: • HTTP: User names, passwords, and data are transmitted without encryption. • HTTPS (SSL/TLS): User names, passwords, and data are transmitted in encrypted form, and digital certificates are used for authentication. NOTE: To enable HTTPS (SSL/TLS), change the setting and then click Next>> in the Web interface, or choose Accept Changes in the control console. You must then agree to the license agreement that is displayed. To activate the changes you must log off and log back on to the interface. When SSL is activated, your browser displays a lock icon, usually at the bottom of the screen. USER’S GUIDE MasterSwitch Plus
® 105 Option Description
HTTP/HTTPS Port Configuration
HTTP Port Identifies the TCP/IP port used for communication by HTTP with the unit. The default is 80. You can change the Port setting to the number of any unused port between 5000 and 32768 to enhance the protection provided by User Name and Password settings. You must then use a colon (:) in the command line to specify the non- default port number. For example, for a port number of 5000 and a unit IP address of 152.214.12.114, you would use this command: http://152.214.12.114:5000 HTTPS Port Identifies the TCP/IP port used for communications by HTTPS with the unit. The default is 443. You can change the Port setting to the number of any unused port between 5000 and 32768 to enhance the protection provided by User Name and Password settings. You must then use a colon (:) in the command line to specify the non- default port number. For example, for a port number of 6502 and a unit IP address of 152.214.12.114, you would use this command: https://152.214.12.114:6502 USER’S GUIDE MasterSwitch Plus
® 106 Option Description
SSL Server Configuration
CipherSuite Enables or disables the following SSL encryption ciphers and hash algorithms. (To access these options in the control console, choose Web/SSL, then Advanced SSL/TLS Configuration.) NOTE: All of these encryption ciphers and hash algorithms use the RSA public key algorithm. • DES (SSL_RSA_WITH_DES_CBC_SHA): a block cipher with a key length of 56 bits. The Secure Hash Algorithm (SHA) is used for authentication. • 3DES (SSL_RSA_WITH_3DES_EDE_CBC_SHA): a block cipher with a key length of 168 bits. A Secure Hash Algorithm (SHA) is used for authentication. • RC4 (SSL_RSA_WITH_RC4_128_MD5): a stream cipher with a key length of 128 bits, with an RSA key exchange algorithm, and with a Message Digest 5 (MD5) hash algorithm used for authentication. This selection is enabled by default. • RC4 (SSL_RSA_WITH_RC4_128_SHA): a stream cipher with a key length of 128 bits. A Secure Hash Algorithm (SHA) is used for authentication. This selection is enabled by default. USER’S GUIDE MasterSwitch Plus
® 107 Option Description
SSL/TLS Server Certificate
Status The Status field indicates whether a server certificate is installed. (To display the status in the control console, choose Web/SSL, then Advanced SSL/TLS Configuration.) • Not installed: No certificate is installed on the unit. NOTE: If you install a certificate by using FTP or SCP, you must specify the correct location (/sec) on the unit. • Generating: The unit is generating a certificate because no valid certificate was installed. • Loading: A certificate is being loaded (activated on the unit). • Valid: A valid certificate was installed to or generated by the unit. (If you install an invalid certificate, the unit discards it and generates a valid one. However, a certificate that the unit generates has some limitations.) Filename You can create a server certificate with the APC Security Wizard and then upload it to the unit by using the Web interface. Use the Browse button for the Filename field to locate the file, then click Apply. By default, the certificate is installed to the correct location. Alternatively, you can use FTP or Secure CoPy (SCP) to transfer the server certificate to the unit. However, you must specify the correct location (/sec) on the unit. NOTE: Creating and uploading a server certificate in advance reduces the time required to enable HTTPS (SSL/TLS). If no server certificate is loaded when you enable HTTPS (SSL/TLS), the unit creates one when it reboots. The Management Card can take up to 5 minutes to create this certificate, and the SSL/TLS server is not available during that time. USER’S GUIDE MasterSwitch Plus
® 108 Parameter Description
Current Certificate Details
Issued To Common Name (CN): The IP Address or DNS name of the unit, except if the server certificate was generated by default by the unit. For a default server certificate, the Common Name (CN) field displays the unit’s serial number. NOTE: If an IP address was specified as the Common Name when the certificate was created, use an IP address to log on to the Web interface of the unit; if the DNS name was specified as the Common Name, use the DNS name to log on. When you log on, if you do not use the IP address or DNS name that was specified for the certificate, authentication fails, and you receive an error message asking if you want to continue. Organization (O), Organizational Unit (OU), and Locality, Country: The name, organizational unit, and location of the organization that is using the server certificate. If the server certificate was generated by default by the unit, the Organizational Unit (OU) field displays “Internally Generated Certificate.” Serial Number: The serial number of the server certificate. Issued By Common Name (CN): The Common Name as specified in the CA root certificate, except if the server certificate was generated by default by the unit. For a default server certificate, the Common Name (CN) field displays the unit’s serial number. Organization (O) and Organizational Unit (OU): The name and organizational unit of the organization that issued the server certificate. If the server certificate was generated by default by the unit, the Organizational Unit (OU) field displays “Internally Generated Certificate.” Validity Issued on: The date and time at which the certificate was issued. Expires on: The date and time at which the certificate expires. USER’S GUIDE MasterSwitch Plus
® 109 Parameter Description
Fingerprints Each of the two fingerprints is a long string of alphanumeric characters punctuated by colons. A fingerprint is a unique identifier that you can use to further authenticate the server. Record the fingerprints to compare them with the fingerprints contained in the certificate, as displayed in the browser. SHA1 Fingerprint: This fingerprint is created by a Secure Hash Algorithm (SHA). MD5 Fingerprint: This fingerprint is created by a Message Digest 5 (MD5) algorithm. USER’S GUIDE MasterSwitch Plus
® 110 USER’S GUIDE MasterSwitch Plus Overview Introduction System Menu Use the Configure systemide • Synchronize theunit’s • Centrally administer • Set theunits (Fahrenhe • Access hardwareandfirmware • Define theURLlinksavail • Reset orrestart theunit. • (Remote AuthenticationDia User accounts. parameters fortheAdministrator, (NTP) server. System Only anAdm menutodothefollowingtasks: inistrator hasaccesst remote accessforeach ntification, dateandtime real-timeclockwitha it orCelsius)usedfor able intheWeb interface. l-in UserService) informationabouttheunit. 111 Device Manager, andReadOnly o the Network Time Protocol unit byusingRADIUS temperaturedisplays. System settings,andaccess menu. USER’S GUIDE MasterSwitch Plus Menu options console andWeb interface: Unless noted,thefollowing • • • • • • • • • About System Links (Web interface) Preferences (Web interface) Tools Date &Time Identification RADIUS Outlet UsrMgt User Manager The Web interface. About System menu optionsareava optionsisa 112 Help menuoptioninthe ilable inthecontrol USER’S GUIDE MasterSwitch Plus User Manager Option Settings interface. and theWeb interface, Use thisoptiontodefinethe Password The case-sensitive password (maximum of 10 characters) always always characters) 10 of password (maximum case-sensitive The Password Thecase-sensitive name(max User Name automatically is user a before default) by (3, minutes of number The Definition Administrator,Separate for values Manager, User Device Only Read and Logout Auto Setting setting ( setting readonly Administrator on atthe controlconsole or Web interface( interface only when only interface usedlogto on atthe control console,used butthe tologinto Web logged off because ofinactivity. and theauthenticationus apc , by for default, , by accessvaluesshared is the default password default three accountfor the is the types). , device 113 Basic , by default, for default, , by Read Only User Only Read is selected for the for selected is imum of 10characters) log of usedto imum ed toaccesstheWeb by thecontrolconsole Device Manager User Manager Device ). apc Authentication , by default, for default, by ,
,
and and USER’S GUIDE MasterSwitch Plus Outlet UsrMgt select accounts. Control console. interface. Web Use the only tocertain outlets User Account Outlet Disable User Name The name of this user account user this of name The Definition User Name Setting User Account Delete Outlet Account OutletUserEdit Definition Account User Outlet Add Setting Deletes access have users to which outlets Selects the User Delete Enables, disables, ordeletes this user Access Outlet useraccount this password for Case-sensitive Account Status user ordescription theoutlet Identification of User Description Password Manage OutletUsers Outlet UsrMgt Choose ausername,orchoose Select Enter the name of the outlet ofthe Enter thename N Enter the name of the outlet us outlet ofthe Enter thename Description: Password: User Name: User disabled.been OTE : option tosetupusera A user name in orange indicates that the useraccount has System this user account this Case-sensitive password for this user account fromthe The name of this account user ofthis name The Identificationor description ofthe outlet user fromthecontrolconsolemenu.Then 114 User Manager user account todisable. er account you want to delete. to want you er account ccounts thathaveaccess Add New User menu. toedit USER’S GUIDE MasterSwitch Plus Access UsersOutlet Edit User Account Outlet Enable Accounts Users Outlet List Definition Setting Select the outlets to which usershave access: outlet ofthe Enter thename each outlet user account. user outlet each access for outlet and status, description, name, user outlet Displays 2. Select the numbers of the outlet the of numbers the Select 2. modify. wantto username you Entertheoutlet 1. have access: have -- Remove outlet access by entering each number preceded by by preceded number each entering accessby outlet -- Remove -- Add outlet access by enteri -- accessby Addoutlet E space when finished. a minus sign (–) and pressing NTER
after each one. Enter a blank when finished. when blank a Enter one. each after 115 useraccount toenable. ng eachnumberand pressing s to which the outlet user will userwill s towhichtheoutlet E NTER after eachone.Entera USER’S GUIDE MasterSwitch Plus RADIUS sent totheRADIUSserverdet When auseraccessestheMasterSwit remote accessforeachunit. authorization andaccounti authorization functionsofRADIUS.Use RADIUS (RemoteAut user accounts For moreinformationonus IP address. new portnumbertot users. To useadifferent port, RADIUS serversuseport1812 will operateproperly. configured beforeRADIUSau The RADIUSserverandthe RADIUS usernamesare hentication Dial-InUserServic . ng service.APCsuppor he endoftheRADIUS ermine the user’s permissionlevel. ermine theuser’s limited to32characters. 116 er permissionlevels,see ch Plus,anauthenti MasterSwitch Plusmustbe addacolonfo thentication and this optiontocentr bydefaulttoauthenticate ts theauthenticationand e) isanauthentication, server nameor llowed bythe authorization cation requestis ally administer Types of USER’S GUIDE MasterSwitch Plus Configuring the MasterSwitch Plus. theMasterSwitch Configuring Access Local Only Local Definition Access RADIUS Setting Timeout Secret Server Secondary Server Secondary Secret Server Primary Server Primary N is disabled. Only RADIUS fails. RADIUSauthentication if only isused authentication theRADIUSserverfirst;local from enabled. is authentication Local then RADIUS enabled. from the RADIUS server.RADIUS the from seconds thatth in The time server and the unit. RADIUS secondary the between secret shared The server.RADIUS secondary the of address or IP name server The the unit. and The shared secretbetween the primary RADIUS server server. RADIUS or IPaddressthe main The servername of Access serial connection to the control console and changing the recover ifthe RADIUS server is unavailable using isby a OTE : If RADIUS only is selected, the only way to way only the selected, is only RADIUS If setting to setting 117 : RADIUS is disabled. Local authentication is Localauthentication disabled. RADIUS is : : RADIUS is enabled. Local authentication authentication Local isenabled. : RADIUS Local Only Local : RADIUS is enabled, and local local and enabled, is : RADIUS Authentication is requested e unit waitse unit for aresponse or RADIUS then Local then RADIUS .. USER’S GUIDE MasterSwitch Plus Example: (RADIUSusersfile) a RADIUSserverforusewithRack server toworkwiththeunit.Thefo Configuring theRADIUS server.Configuring recommend aspecificRADIUSserver. and authorizationofusersbyvari .Vendor specificattributes(VSA) can 3. .Theusersmustbeconfigured 2. .AddtheIPaddressof 1. UPSReadOnly Auth-Type = Local, Password ="readonly" UPSDevice Auth-Type = Local, Password ="device" UPSAdmin Auth-Type = Local, Password ="admin" # attributes. dictionary entries. VSAstake content orformatofyour The followingexamplesmaydiffer Device permissions. Administrator permissions,orLogin- for Service-Type: Admi access (ontheWeb interface only). Service-Type attribute (file). Service-Type = Login-User Service-Type = Administrative-User about theRADIUSusersfile. SeeyourRADIUSserverdo the RackPDUtoRADIU is configured,theus nistrative-User (6), specific RADIUSserver. ous RADIUSserver precedence over llowing exampleshow with aService-Type attribute.Ifno You mustconfigureyourRADIUS 118 PDU.APCsuppor somewhatfromtherequired There aretwoacceptable values User (1),whichgivestheuser also beused.Thisrequires some cumentation forinformation which givestheuser er willhaveread-only standard RADIUS s anddoesnot S serverclientlist ts authentication s howtoconfigure USER’S GUIDE MasterSwitch Plus Example: (RADIUSusersfilewithVSAs) Example: (RADIUS,dictionary.apc) APC-Outlets ="1,2,3" APC-Service-Type =Outlet, VSAOutlet Auth-Type = Local, Password ="outlet" # Give user access toMasterSwitch outlets 1,2 and 3. APC-Service-Type =ReadOnly VSAReadOnly Auth-Type = Local, Password ="readonly" APC-Service-Type =Device VSADevice Auth-Type = Local, Password ="device" APC-Service-Type =Admin VSAAdmin Auth-Type = Local, Password ="admin" ATTRIBUTE APC-Outlets 2string APC ATTRIBUTE APC-Service-Type 1integer APC # # Attributes # VALUE APC-Service-Type Outlet 4 VALUE APC-Service-Type ReadOnly 3 VALUE APC-Service-Type Device 2 VALUE APC-Service-Type Admin 1 VENDOR APC 318 # # # dictionary.apc # user accounts For moreinformation onus . 119 er permissionlevels, see Types of USER’S GUIDE MasterSwitch Plus Date &Time Identification Identifications (OIDs). used bytheSNMPagent control console,toset values usedfortheMIB-II Set Manually. option displaysthecurrentsettingsand Use thisoptiontoset . Use thisoptionto manually orthrougha access theWeb interface. match thedateandtime which isavailableintheWeb inter An For moreinformationaboutthe provided ontheAPCMasterSwitch Infor SNMP Management Apply LocalComputerTimeApply Use thisoptionintheWeb interface,or define theSystem the dateandtime Network Time Protocol(NTP)Server. Date for theunit.Theoption sysName and Time settings ofthecomputer mation Base(MIB)ReferenceGuide mation , 120 Name sysContact fortheMaster allowsyoutoch used bytheMasterS MIB-IIOIDs,seethePowerNet to Switched RackPDU face only, sets thesevaluesto , Contact Utility ’s settingsprovidethe , and CD. Switch Plus. , and sysLocation Manual ange thosesettings youareusingto Location witch Plus.The inthe option, values Object
®
USER’S GUIDE MasterSwitch Plus Time Time Synchronize withNetworkTime Protocol (NTP)Server. control console,tohaveanNTP option ontheWeb interface,or paeItra Defines how often, in Definesoffset the tobe used fromGreenwich Mean Time Update Interval Definition TimeZone secondary the of name domain or address IP the Identifies Identifies the IPaddressor domain name ofthe primary Server NTP Secondary PrimaryNTP Server Setting settings fortheMa Set Manually disable theNTPServerupdates. In thecontrolconsole,use option.Theupdatesar sterSwitch Plus. immediate update as well. as update immediate maximum). Use Server foranup (GMT) based islocated. zoneinwhich time theunit on the NTP server when asecondaryserver isavailable. server.NTP Network Time Protocol(NTP) Server automatica 121 NTP Client date (1 week minimum, 52 weeks 52weeks minimum, (1 week date Update NowNTP Using In theWeb interface,usethe weeks, the unit will access the NTP e disabledbydefault. lly updatethe optiontoenableor Use this onthe to initiate an Date and USER’S GUIDE MasterSwitch Plus Tools equivalent menuoptionsin file fromtheconfigu configuration settingsfromaconfiguredun Uploading an initialization file (WebUploading aninitialization interfaceonly). Initiating anaction. or todeleteSSHHost unit, toresetsomeorallofits config its ownconfiguration. The to thefile,andclick Defaults to TCP/IP Reset Only TCP/IP Reset Defaults to Except Reset to Defaults Resets all configuration settings. Resetsconfiguration all Definition Defaults Reset to Interface Management Reboot Action and SSLCertificates HostKeys SSH Delete red unit,selectthe Upload Keys andSSLCe Use thisdrop-downlistin N only.settings TCP/IP Resets the settings. TCP/IP the except settings configuration Resets all toDefaultsTCP/IP mode N Restartsunit. interface ofthe the security system. system. security canunitthat reconfigure so you these components ofyour Removes SSHand any host key DHCP or BOOTP server.BOOTP or DHCP See a by defined be must settings unit’s TCP/IP the setting, Status the controlconsoletorest OTE OTE . Thecurrentunitimports the : : setting, see thistable’sdescription of With about For information fieldreports the progressoftheupload. 122 uration settingstotheirdefaultvalues, Boot mode Tools rtificates. it tothecurrentunit,export.ini . menuonthecurr setto the Web interfaceorthe how this affects the TCP/IP art theinterfaceof DHCP &BOOTP DHCP server certificate on the server certificate onthe fileandusesittoset To transfer . ent unit,browse Reset Only Only Reset , its default Boot Boot USER’S GUIDE MasterSwitch Plus one forfiletransferthrougha Tools File Transfer (control only). console Client TFTP Client FTP totransfer Allows you either an .ini Description XMODEM Option menuprovidestwom file. transfer. supply After you either option,you are then promptedforserver the address and the file to For For units. organizationhasa centralized forconfiguring system or upgrading APC your that assume options agency, These unit. current the to ordepartment) (company, organization your of server or TFTP FTP an from file upgrade totransfer these twooptions of Use one console control See console. control the to connection local a use you when only available is option This program. terminal-emulation a using FTP Client , you are, you prompteduser fora nameand password. For . ethods forfiletransfer serial connectiontotheunit. thatrequired information, the unit transfersthe 123 The file or a firmware upgrade file to a unit a unit to upgradefile firmware ora file File Transfer either an .ini file or a firmware orafirmware file an .ini either over thenetworkand Local access tothe Local optionofthe USER’S GUIDE MasterSwitch Plus About System Links (Web interface) Preferences (Web interface) Number This optionidentifies . Use thisoptiontomodifythe Fahrenheit orCelsiusintheWeb Use thisoptiontodefine This screenalsodisplays the MAC Address This informationisset atthe Application Moduleand AOS. P oePg Definesthe URL addressused the APC by logo atthe topWeb of all Page Home APC Links Access Definesthe link names that appearin the Definition Name Links User Setting R Definesthe URL addresses used the default, links.By by the URL , Serial Number . interface pages (by default, pagesinterface default, (by APC’s Web Site • used: are addresses URL following • • http://www.apc.com http://rms.apc.com http://testdrive.apc.com thefollowinghardware , whether temperaturevaluesaredisplayedas Hardware Revision linkstoAPCWeb pages. factory andcannotbe changed. Name , interface andthecontrolconsole. Testdrive Demo , 124 Version (Remote Monitoring) (APCWebSite) (TestdriveDemo) http://www.apc.com information fortheunit: , , Date Manufacture Date , and , and , and Remote Monitoring Remote Links Time menu (by default, default, menu (by ). forthe , and Model ). USER’S GUIDE MasterSwitch Plus The controlconsolealsoin Sector , and Help information isreportedbythe In theWeb interface,exceptfor CRC16 menu. foreachmodule. cludes fieldsforsystem 125 About System Flash Type Flash Type , thishardware optioninthe , and Type , USER’S GUIDE MasterSwitch Plus Summary ofaccessmethods Summary Planning andimplementingsecurityfeatures Security Features Security Remote control console. Serial control console. features appropriate Use theinformationinthissection network. MasterSwitch Plusissubjecttothe As anetworkdevicethatpasses i Secure SHell (SSH) • Enable/Disable Server • Selectable server port • and name User • Available methods: and password. username Access isby password euiyAcs Description Access Security euiyAcs Description Access Security for yourenvironment. SSH disablesTelnet and provides encrypted access to the • With Telnet, the user name and password are transmitted • security,high For SSH. use Always enabled. Always transmission. from attempts forge, intercept, to protection additional provide to interface console control text. plain as nformation across to planandimplementthesecurity same exposureasotherdevicesonthe 126 the network, or alter data during data during data alter or USER’S GUIDE MasterSwitch Plus File transfer protocols. SNMP. Secure (SCP) CoPy • Enable/Disable Server • Selectable server port • password and name User • Available methods: • 4 access communities with with access communities 4 • Enable/Disable Agent • IP NMS filters • Domain Name • Community Name • methods: Available read/write/disable capability euiyAcs Description Access Security euiyAcs Description Access Security 0.0.0.0 or 255.255.255.255 allows access for any • the on NMS any accessfor allows 162.255.255.255 • the on NMS any accessfor allows 162.245.255.255 • 162.245.12.255 allows accessfor NMS any on the • address IP that with NMS the only allows 162.245.12.1 • addresses. IP designated from IP location, andtheNMS that restricts name The domain totheNMSas access only protocol, enable SSH and disable FTP. disable and SSH enable protocol, transfer file choose SCPasyour you If (SSH) hostkeys. Sockets (SSL)certif Layer Secure files, log files, configuration updates, firmware password transferred,suchas being andthefiles and name user the encrypts FTP of instead SCP Using protection ofencryption. files and text, plain as FTP,With user the name and password are transmitted NMS. segment. 162 segment. 162.245 segment. 162.245.12 to haveaccess. 127 are the transferredwithout icates, and Secure SHell and Secure SHell icates, filters allow access only accessonly allow filters USER’S GUIDE MasterSwitch Plus immediately Changing defaultusernamesand passwords for yoursystem. unique usernamesand pa immediately change the defa As soonasyoucompletetheinstalla RADIUS. Server. Web Secure Sockets Layer (SSL) • Enable/Disable Server • Selectable server port • password and name User • Available methods: • A server secret shared server secret A • authentication Centralized • methods: Available Security (TLS) Security Transport and Layer server and the unit between the RADIUS accessrightsof euiyAcs Description Access Security euiyAcs Description Access Security sswords isessential to es used to centrally administer remote access for each unit. accessfor each remote administer usedto centrally service accounting and authorization authentication, an Authenticati (Remote RADIUS ult usernamesandpa the Web server to the user. Web the to the server page pages requestsby Web tothe and returned server decrypts and encrypts (HTTPS) Sockets Layer Secure Transfer over Protocol Hypertext Web protocol The Plus for theMasterSwitch supported Web on browsers available are TLS and SSL encryption). no (with encoded base-64 password transmitted are In basicHTTPauthen 128 tion andinitialconfi tication mode, th tication mode, sswords. Configuring tablish basic security and onWeb most servers. on Dial-In UserService) is on Dial-In guration oftheunit, e usernameand USER’S GUIDE MasterSwitch Plus User names,passwords, communitynames(SNMP) Port assignments to useSNMPtraps.) read-only. (Read-only access allows and Web interface,besuretodisable security oftheencryption-basedoption interface oftheMaster passwords requiredtologonthe monitoring thenetworktraffic ca transferred overthenetworkasplai All usernames,passwo port, ausermustspecif If aTelnet, FTP, SSH/SCP, orWeb/SS TCP ports forwhichthesese “password,” hidingtheservertoprovid Web browser. Thenon-standard known ports” fortheprotocols. To hi from 5000to32768. Switch Plus.Ifyournetw y theportwhenusingcl rds, andcommunity rvers listenareinitiallyse n determinetheusernamesand port addressbecomesanextra de theinterfaces,us n text.Auserwhoiscapable of accounts ofthecontrolconsoleorWeb 129 you toreceivestatus informationand SNMP accessorsetits accessto L/TLS serverusesanon-standard e anadditionallevelofsecurity. The s availablefort names forSNMPare ork requiresthehigher ient interface, t atthestandard “well he controlconsole e anyportnumbers such asa USER’S GUIDE MasterSwitch Plus Authentication versusEncryption Authentication passwords, andIPaddr control accessbyprovidingbasica You canselecttousesecurityfeatu To ensurethatdata andcommunication data arenotbe security featuresaresufficient formo and theclientinterface cannot beintercepted,youca one ormoreofthefollowi For the Web interface,usethe • To encryptusernames,passwords, a • To encryptusernamesandpasswords • the SecureSHell(SSH)protocol. Transport LayerSecurity(TLS) protocols. files, usetheSecure Secure Sockets Layer (SSL)/Tr security, see For moreinformation ing transferred. Secure SHell(SSH)a s, suchasthecontrolcons esses, withoutusingen CoPy(SCP)protocol. ng encryption-basedmethods: n provideagreaterlevel ontheseprotocolsfor uthentication throughusernames, res fortheMasterSwitchPlusthat Secure Sockets 130 st environments inwhichsensitive ansport LayerSecurity(TLS) between theMas nd data forthese forcontrolconsoleaccess,use nd SecureCoPy(SCP) cryption. Thesebasic ole andtheWeb interface, Layer (SSL)and encryption-based of securitybyusing terSwitch Plus cure transferof and . USER’S GUIDE MasterSwitch Plus Secure SHell(SSH)an Encryption between theSSHcli (in thiscase,theMaster computer consolesor The SecureSHell(SSH)protocolprov The interface,useraccounts, and • When youenableSSH,Teln • The MasterSwitch Pl • To authenticatethe • SSH protects theusernamea • SSH isanalternativetoTelne • whether youaccess the controlc change data thataretransmitted. provides improvedprotectionfrom advantages. Version 1providesfaste encryption mechanismsoftheversi user bypresentingitself asavalidserver. server onthenetworkcannotobtain provides anidentificati client, SSHusesahostkeythatis authentication, frombeing Telnet/SSH For informationons To createa hostkey, see . ent andtheserver. shells SSHserver(theMaster Switch Plus)andencryp d Secure CoPy(SCP) us supports versions on thatcannotbefalsifie remotely. Theprotocol upported SSHclient usedbyanyoneinterceptingnetworktraffic. et isautomaticallydisabled. nd password, the t, whichdoesnotprovideencryption. 131 onsole throughSSH orTelnet. ides asecuremechanismtoaccess user accessrigh attempts tointercept,forgeor uniquetotheSSH Create anSSHHostKey ons differ, and a usernameandpassword froma r logintotheunit,andversion2 1 and2ofSSH.The Switch Plus)totheSSH ts alltransmissions applications, see authenticatestheserver d. Therefore,aninvalid credentials for each versionhas ts arethesame server andthat . USER’S GUIDE MasterSwitch Plus protocol forencryptionofuser instead ofFTP. SCPusestheSSH Secure CoPy(SCP)isa You mustexplicitlydisableFTP. Itis • When youenableand • configure SCP. Nofurtherco secure filetransferapp configure SSH,youa names,passwords, andfiles. nfiguration ofSCPisneeded. protocol astheun 132 not disabledbyenablingSSH. lication thatyoucanuse utomatically enableand derlying transport USER’S GUIDE MasterSwitch Plus Secure SocketsLayer(SSL)/Transport LayerSecurity(TLS) following: server (inthiscase,theMasterSwitch signature onaCA browser sothatitcan co commercial CertificateAuthoritiesin Each majorbrowsermanufac SSL usesadigital certificatetoe Most browsersletyouselect The MasterSwitchPlussupports SSL browsers. by Netscape, ithasbecomeaninter pages thatarereturnedby Web protocolthat encrypts Plus. HypertextTransfer Protocolover protocol modetouseforaccessth and Transport LayerSecurity(TLS)by For secureWeb communic The DNSnameorIPaddress spec • The servercertificate’s expirati • The formatoftheserver • The servercertificate • the commonnamein usually atthebo When SSLisenabled, rootcertificate. mpare thesignatureon ttom ofthescreen. the servercertificate. is signedbyatrusted ation, youenableSecure the webserverto and decrypts page reques theversionof turer distributesCAroot certificate iscorrect. your browserdispla nable thebrowser on dateandtimehasnotpassed. 133 net standard supportedbymostWeb thecertificatestore(cache)ofits e Web interfaceoftheMasterSwitch Plus).Thebrowserverifiesthe version 3.0andTLS1.0. SecureSockets La selectingHTTPS ified whenauserlogsonmatches SSLtoenable. the user. Originallydeveloped certifyingauthority. to authenticatethe server certificatetothe Sockets Layer(SSL) ys thelockicon, certificatesofthe ts fromtheuser and (SSL/TLS) asthe yer (HTTPS)isa USER’S GUIDE MasterSwitch Plus Authority, youcancreatean not beeninterceptedands the server, encryptdata, and SSL alsousesvariousalgorithmsand certificate touploadtheunit. certificate store(cache).You canal Certificate Authority, or (www.apc.com), tocreate You canusetheAPCSecurityWiza algorithms touse. See Certificate &Serv To createcertific how thesecertificatesareused. See and SigningRequest allow youtoreturnthosepages wit Web browserscache(save)Web page your computerunattended. and password. Always CipherSuite Creating andInstalling Digital Certificates if youdonotwanttousean ates andcertific toselectwhichauthenti a certificatesigningre er Certificates ent byanotherserver). APCrootcertificateto ensure theintegrityoft . close yourbrowserse so usetheWizardto rd, providedontheAPCWeb site 134 encryptionciphers and ate requests, see Create aServerCertificate hout re-entering s thatyourecentlyaccessedand quest toanexternal cation andencryption upload to a browser’s uploadtoabrowser’s existingCertificate he data (i.e.thatithas ssion beforeyouleave forasummaryof createaserver toauthenticate Create aRoot your username USER’S GUIDE MasterSwitch Plus Purpose Creating andInstallingDigitalCertificates . determine themostappropria implementing, andusingdigital cert The sectionsthatfollowsummarize the Web browser( Digital certificatescanaut the useofdigital certif password encryption,theWeb interface For networkcommunication • • • Authority andtocreate request tobesignedbythe Method 3:UsetheAPCSecurityWizard a servercertificate Method 2:UsetheAPC Method 1:Usetheauto-gener Authority inplaceofacomme Wizard inthesameway, b operates its own CertificateAu You canalsouseMethod3if the SSLclient). icates withtheSecu . henticate theMasterSwitchPlus(theserver)to thatrequiresahigher a servercertificate Security Wizardtocrea te methodforyo rootcertificateofan ated defaultcertificate ificates. Readthesesectionsto the threemethodsofcreating, 135 ut useyourownCertificate of theMasterSwit re Sockets Layer(SSL)protocol. yourcompany oragency rcial CertificateAuthority. thority. UsetheAPCSecurity to createacertificate-signing ur system. . level ofsecuritythan te aCAcertificateand externalCertificate . ch Plussupports USER’S GUIDE MasterSwitch Plus Choosing amethodforyoursystem This methodhasthefollowing that isself-signedbut Method 1:Usetheauto-gener following methodsforusing Using theSecureSockets certificate exists ontheunit,unit enable SSL,youmustreboo • • Disadvantages: Advantages: The default servercertificateonthe – This methoddoesn – The unittakes upto5minutes – You canuse thisdefaultserver – Before theyaretransmitted,theus – to proceed. signed byatrustedauthority isnot the browsergeneratesasecurityal cached inthebrowser. Therefore, Authority) asMethods2 time youlogonafter youenableSSL.) access andalldata toand interface isnotavailabl of theunit). Therefore,al in placeof avalid provided byaCAcertificate(ace encryption thatSSLprovides. certificate options,oryoucanconti based securitywhileyouaresetting
that youcannotconfigure. common name Layer (SSL)protocol,you ot includethebrowse digital certificates. t theunit.Duringreb e duringthattime.(Thi advantages anddisadvantages: and 3provide.Thereis though the unitcanco ated defaultcertificate. from theunitareencrypted. 136 generates adefaultse certificate toprovideencryption- create thiscertific (theDNS name or rtificate signed wheneveryoulog er nameandpassword forunit nue touseitfo available andasking ifyouwant unithastheunit’s serialnumber ert, indicatingthatacertificate up eitheroftheothertwodigital r-based authentication ooting, ifnoserver s delayoccursthefirst can chooseanyofthe ntrol access toits noCACertificate by aCertificate r thebenefits of ate, andtheWeb rver certificate theIPaddress When you on totheunit, USER’S GUIDE MasterSwitch Plus The lengthofthe – Administrator Web interfacebyusername,pa encryption andconsequentlya used inMethods2and when settingupanSS cannot authenticatewhatunit , Device Manager public key L sessionisonly7 3is1024bits, prov (RSAkey)thatis 137 is sendingorreceivingdata. higher levelofsecurity.) ssword, andacco , or Read Only User Read Only 68 bits. (Thepublickey iding morecomplex used forencryption unt type(e.g., ), thebrowser USER’S GUIDE MasterSwitch Plus This methodhasthefollowing certificates: Method 2:UsetheAPCSecurityWizard server certificate. server The Web browserauthenticatestheun • •A •A To confirmthattheservercertificat • To identifytheunit,browseruses • Advantages: expiration dateconfirmswhethert with thesignatureinrootcert sign theservercertificate. Wizard createsaservercertificate,it needs accessto install intothecertifica Security Wizardusestosignallserv distinguished name authority, thebrowserco DNS nameoftheunit) The servercertificate thatyouup – The lengthofthe – Before theyaretransmitted,theus – server certificate CA rootcertificate complex encryptionand consequently used inMethod3.) the publickeyusedin Method1.(Th when settingupanSS authenticate thatdata arebeing access andalldata toand
You usetheAPCSecurityWiz theunit. that youuploadtotheuni whenthecertificatewascreated. public key (Certificate Authorit te store(cache)ofthebr that wasspecifiedinth mpares thesignatureofth L sessionis1024bi advantages anddisadvantages. from theunitareencrypted. (RSAkey)thatis 138 ificate cachedinthebrowser. An he servercertificateiscurrent. it sendingorrequestingdata: e issignedbya“trusted”signing received from andsenttothe load totheunit er certificatesand uses theCArootcertificateto er nameandpassword forunit is longerencryption key isalso tocreate aCA y rootcertificate) common name common a higherlevelof t. WhentheAPCSecurity ts, providingmore ard tocreatetwodigital e servercertificate’s owser ofeachuserwho used forencryption enablesSSLto e servercertificate whichyouthen (IPaddressor certificate anda
securitythan that theAPC USER’S GUIDE MasterSwitch Plus • Disadvantage: The root certificatethatyou – encryption oftheusername, correct unit.Thisprovidesan additional protectionfr browser toauthenticatetheunit’s se the browser. SeeMethod3.) for commercialCertificateAuthorit browser. (Browsermanufacturers individually intothecertificate commercial CertificateAuthority, Because thecertific
ates donothavethedi om unauthorizedaccess. install tothebrow 139 password, andtransmitteddata. extra levelofsecuritybeyondthe store (cache) of each user’s store (cache)ofeachuser’s you mustloadarootcertificate already providerootcertificates ies inthecertif rver certificatetoprovide gital signatureofa ser enablesthe icate storewithin USER’S GUIDE MasterSwitch Plus Authority and tocreate and Authority request tobesignedbytheroot ce Method 3:UsetheAPCSecurityWiza This methodhasthefollowing server certificatetotheunit. from therootcertificate Wizard tocreateaservercertificate(a. information yousubmitted Certificate Authorityreturns Wizard tocreatearequest(a • Advantages: The lengthofthe – You havethebenefit – Before theyaretransmitted,theus – Method 1.(Thislonger consequently ahigher le SSL sessionis1024 bits, provid the browserofeachuserwh browser.) Therefore,youdo nothave loaded its CAcertificatetoth Authority ofyourowncompany are distributedaspart ofthebr browser. (TheCAcertificatesof already hasasignedrootcertifica access andalldata toand commercial CertificateAuthority. same way, butuseyourownCert its ownCertificateAuthority, Use You canalsouse Method3ifyo
returned bytheCe public key in yourrequest.You a server certificate. a server asignedcertificate(a of authenticationbyaCe .csr advantages anddisadvantages. encryption keyisal vel ofsecuritythanthe file)tosendaCert from theunitareencrypted. (RSAkey)thatisused forsettingupan o needsaccesstotheunit. 140 e browser store of each user’s e browserstoreofeachuser’s owser software, andaCertificate or agencyhasprobablyalready rtificate ofanexternalCertificate ing morecomplexencryption and p15 commercial Certific ur company oragencyoperates te inthecertific rd tocreate acertificate-signing er nameandpassword forunit rtificate Authority. You uploadthe the APCSecurity ificate Authorityinplaceofa file)thatincludesthesignature touploadarootcertificate then usetheAPCSecurity You usethe APCSecurity so usedinMethod2.) .crt rtificate Authoritythat file)basedon ificate Authority. The public keyusedin ate cacheofthe ate Authorities Wizardinthe USER’S GUIDE MasterSwitch Plus • Disadvantages: The server certificatethatyouup – The browsermatchesthedigital – An externalCertificateAuthority – Setup requirestheextrastepofr – encryption oftheusername, correct unit.Thisprovidesan authenticate thatdata arebeing that youuploadedto from aCertificateAuthority. signed certificates. additional protectionfr certificate thatisalreadyinthebr
the unitwithsi om unauthorizedaccess. 141 password, andtransmitteddata. extra levelofsecuritybeyondthe maychargeafeeforproviding received fromandsenttothe owser’s certificate cachetoprovide owser’s signature ontheserv load totheunit equesting asignedr gnature ontheCAroot enablesSSLto oot certificate er certificate USER’S GUIDE MasterSwitch Plus Firewalls an overallsecurityscheme. impossible toachieve.Well-configured fi than others,completeprotec Although somemethodsof authentication provideahigherlevelofsecurity tion fromsecuritybreachesisalmost 142 rewalls areanesse ntial elementin USER’S GUIDE MasterSwitch Plus Authentication Overview Using theAPCSecurityWizard secure methods security methodsontheInte However, fortransactions orcommu Authentication APC MasterSwitchPlus). Secure Sockets Layer(S • Secure SHell(SSH),usedforre • digital certificate. control console,usesapublic on theunit. digital signaturemustmatchthedigita Certificate Authority(CA)aspart of certificates forauthen verifiestheidentityofauser of authentication. Passwordstypicallyi tication. Adigital rnet, theMasterSwitch SL), usedforsecureWeb access,usesdigital host key 143 nications requiringmorestringent mote terminalaccess apublickeyinfrastructure,andits l signatureonase CA root or anetworkdevice(suchasan forauthenticati dentify computerusers. certificateis Plussupports more totheunit’s on ratherthana rver certificate issuedbya USER’S GUIDE MasterSwitch Plus be surethattheserver’s known tothebrowser. For the defaultcertif despite thefactthatitc If authenticationfails,th connection ismadefrom recognized bybrowsers,bu automatically. Thedefaultcertifica certificates, youcanusethedefault If yournetworkdoes access beforeitlogsyouonto the encryptionoftransmitted key ontheunititself. How SSHhostkeysare used. How certificates are used. Authentication ofthe from allofthecommercia supported bytheMasterSwitchPlus, unit. EachMasterSwitch of theserver(theMasterSwitchPlus)ea Any browserthatisusedtoacce • Each MasterSwitchPluswith SS • contain theCArootcertificate certificate ontheunititself. icate, thebrowserprompts yo notrequiretheauthenticati server (inthiscase,theuni annot authenticatetheserver. e browserprompts youonwhethertocontinue certificateissignedby Plus withSSHenabledmu the browsertoserver l CertificateAuthorities. this authentica t adefaultcertificatee usernames,passwords Most Web browsers,includingallbrowsers the Web interfaceoftheunit.) An SSH te’s digital signat that signedtheservercertificate. 144 certificate thatth contain asetofCArootcertificates L enabledmusthaveaserver ss theunit’s Web interfacemust ch timeanSSHclientcontacts the tion tooccur: host key u toagreeunauthenticated aCertificateAuthority on providedbydigital t) occurseachtimea nables youtouseSSLfor authenticatestheidentity . Thebrowserchecksto ure willnotbe st haveanSSHhost e unitgenerates , anddata. (If youuse USER’S GUIDE MasterSwitch Plus Files youcreate forSSLandSSHsecurity and Microsoft IIS. and SSHsecuritysystem: Use theAPCSecurityWiz Security Wizard.Th server certificates,host Only APCserverman A certificatesigningr • The servercertificatefortheMast • An SSHhostkeythatyourcli • A CAroot certificate. • create eitherofthefollowingty benefits ofauthentication a servercertificateexceptthedigita you areusinganexterna the unitwhenyoulo A servercertificatesig – A servercertificatesignedbyan – CA rootcertificatesar or agencycanbeoneofthecommer agency doesnothaveits ownCertif with theAPCSecurityWizard.Use Certificate Authorityc to useanexternalCertif Wizard, theunitgenerates 768-bitRSAkeys. certificates andSSHhostke RSA keys.Ifyoudonotcreat that arecreatedwiththeAPC All publickeysforSSLcertific ese fileswillnotwork withpr agement andke keys, andCAroot g ontothecontrolconsoleinterface. equest containing allthe ard tocreatethefollowing an beonethatismanaged e distributedaspart of ned byacustomCAroot l CertificateAuthority. that suchacertific icate Authoritytosign pes ofservercertificate: 145 ys withtheAPCSecurity y managementproducts canuse e anduseSSLserver erSwitch Plus,ifyouwantthe ates andallhostkeysforSSH Security Wizardare1024-bit ent programusestoauthenticate l signature.You needthisrequestif external CertificateAuthority. This certificates createdby theAPC this methodifyourcompany or icate Authorityand cial CertificateAuthoritieswhose oducts suchasOpenSSL ate provides.You can information requiredfor a browser’s software. abrowser’s components ofanSSL the servercertificate. certificate alsocreated by yourowncompany you donotwant ®
USER’S GUIDE MasterSwitch Plus Summary Create Certificates aRootCertificate&Server Certificate Authority tosign Certificate Authority do andyou Certificate Authority doesnothaveits companyUse thisprocedureifyour oragency own Create aservercertificate,whic • Create aCArootcertificate thatw • For eachMasterSwitch Plusthatre • Load theservercertificate • the tasks thatcreateandlo that signstheservercertificate. extension. Duringthistask, youarepr two filesarecreated. certificates tobeusedwithMasterS The filewiththe – The filewiththe – the browsercanvalidatese browser thatwillbeusedtoaccess file signsthese Authority’s publicroot the CertificateAuthority’s privateke APC SecurityWizardis The publicRSAkeythatispart of the unit,ifyoudonotus rver certificates. .crt .p15 extension,whichcontai extensionisanencrypte certificate. You loadthi your servercertificates. your onto theMasterSwitchPlus. ad theservercertificate. 1024bits. (T e theWizard,is768bits.) notwant touseacommercial 146 h isstoredinafilewith rver certificateoftheunit. ill beusedtosignallserver quires aservercertificate,repeat witch Plusunits. Duringthistask, ompted fortheCA y andpublicroot the MasterSwitchPlussothat a certificateg he defaultkey ns onlytheCertificate s fileintoeachWeb d filewhichcontains enerated bythe certificate. This generated by root certificate . p15
USER’S GUIDE MasterSwitch Plus The procedure from screentoscreen.) Create theCAroot certificate. .Onthenextscreen,re 6. .Onthescreenlabeled“Step 2,”prov 5. .Onthescreenlabel 3. .Enteranameforthe 4. IftheAPCSecurityWizardisnot 1. .OntheWindows 2. required; theotherfields click fingerprints. To makeanychange downward toviewthe certific alphanumeric charac enter anidentifyingnameofyour CA rootcertificate.The Wizard C:\Program Files\AmericanPo extension. Bydefault,t public rootcertificateandprivate of filetocreate. install itbyrunningth Wizard from theAPCMasterSwitch Back . , tostart theWizardprogram. Start current dateandtime, By default,aCAroot , andrevisetheinformation. and Start Validity PeriodEnd ed “Step 1,”select ters, withnospaces. e installation program file thatwillcontain the menu,select view thesummaryof he filewillbecreatedin Country areoptional.Forthe Utility Perform thesesteps. (Click ate’s uniqueserialnumberand certificate isvalidfor10yearsfromthe 147 but youcaneditthe and wer Conversion\APC Security wer Conversion\APCSecurity company oragency;useonly key. Thefilenamemust havea s totheinformati already installed onyourcomputer, CD. ide theinformationtoconfigure Programs Common Name CA RootCertificate fields. APC Security Wizard.exeAPC Security the certificate.Scroll Certificate Authority’s Common Name , then the installation folder on youprovided, Validity Period APC Security APC Security fieldsare Next asthetype tomove field, .p15
USER’S GUIDE MasterSwitch Plus Load theCAroot certificate toyourbrowser. browser ofeachuserwhoneedstoaccesstheunit. .TheCertificate ImportWizardwill 3. Onthe 2. .Select 1. .Thelastscreenverifiesthatt 7. Certificate &ServerCertificates Certificate isthe procedure. Thefiletypetoselectis Certificates 7 instructs youonthenexttasks. This screendisplaysthe – This screenalsodisplays – which istheCArootce will usetosigntheservercertificates. each userwhoneeds Tools Content issuer informationshouldbeidentical. The certificate’s subjectinfo a summaryofthepr the See thehelpsystemofbrowse andthen .crt , then tab inthe fileintothebrowse .crt Internet Options
file createdintheprocedure Import toaccesstheunit. rtificate thatyouwillload Internet Options location andnameofthe the locationandnameof he certificatehas ocedure forMicrosof . 148 . guide youthrou X.509, andtheCA X.509, r’s certificatestore(cache).Followingis r’s fromthemenubar. rmation andthe r forinformationonhowtoload dialogbox,click Load the been createdand gh therestof Create aRoot t InternetExplorer. intothebrowserof .p15 certificate’s PublicRoot .crt filethatyou .crt
file tothe file, USER’S GUIDE MasterSwitch Plus Create UserCertificate. anSSLServer to movefromscr .Onthenextscreen, re 6. Clickthe 4. .OnthescreenlabeledStep 2,pr 5. .Onthescreen labe 2. .Enteranameforthef 3. .OntheWindows 1. click fingerprints. To makeanychange downward toviewthe certific must bedifferent. required; theotherfields server certificate.The generated. Root Certificateisusedtosign CA rootcertificate;the be exactlythesameasth Because theconfiguration enter theIPaddressor the procedure Files\American Power Conver file willbecreatedin private key. Thefile type offiletocreate. Wizard Back , tostart theWizardprogram. Start current dateandtime, By default,aservercertificateis Browse , andrevise theinformation. een toscreen.) and Create aRootCertificate&ServerCertificates Start button,andselecttheCA Validity PeriodEnd led Step 1,select name musthavea the installation folder ile thatwillcontain theserv menu,select view thesummaryof Country information youprovide DNSnameoftheserver areoptional.Forthe e informationyouprovid informationispart oft ate’s uniqueserialnumberand and 149 the ServerUser but youcaneditthe sion\APC Security Wizard sion\APC Security ovide theinformationtoconfigure s totheinformati Common Name Programs Perform thesesteps. (Click SSL ServerCertificate .p15 fields. validfor10yearsfromthe C:\Program rootcertificatecreatedin the certificate.Scroll extension.Bydefault,the Common Name , then in someofthefields Certificate being (MasterSwitchPlus). he signature,itcannot er certificateandthe ed whencreatingthe on youprovided, Validity Period fieldsare APC Security APC Security . . TheCA as the field, Next
USER’S GUIDE MasterSwitch Plus Load the server certificatetotheunit. Load theserver .Inthe 2. .Thelastscreenverifiesthatt 7. .Onthe 1. Files\American Power Conver Root Certificate& server certificate,the select the Certificate, whichhasa MasterSwitch Plus.It instructs youonthenexttask, to private keyandpublic scp cert.p15apc 156.205.6.185 wouldbe: certificate named \sec SCP forthetransfer, youmust transfer theservercertificateto Alternatively, youcanuseFTP SSL/TLS ServerCertificate Network , ontheunit.ForSCP, other configurationinformationmustalsodiffer.) date isnotconsideredpart oft the configurationofCAro configuration ofaservercert The informationforeverycertif Web/SSL menuoftheWeb interface Server Certificates option. .p15 displays thelocationand rootcertificate. cert.p15 .p15 @156.205.6.185:\sec\cert.p15 file youcreatedintheprocedure fileextensionand he certificatehas toaunitwith 150 the commandtotransfera sion\APC Security Wizard sion\APC Security load theservercertificateto orSecureCoPy(SCP)to sectionofthepage, browsetothe specify thecorrectlocation, theunit.IfyouuseFTPor . (Thedefaultis ificate cannotbethesameas Perform thesesteps: ot certificate.(Theexpiration he uniqueconfiguration;some icate mustbeunique.The of theMasterSwitchPlus, an IPaddressof been createdand name oftheServer contains theunit C:\Program .) Create a
USER’S GUIDE MasterSwitch Plus The procedure Summary Create CertificateandSigningRequest aServer sign your servercertificates. sign your (Click Create theCertificateSigningRequest(CSR). plantousea orifyou Authority companyUse thisprocedureifyour .IftheAPCSecurity Wizardisnot 1. Create aCertificateSi • When youreceivethesig • For eachMasterSwitchPlusthat re • Load theserver certificate • install itbyrunningth information foraservercertifica import thatcertificate.Importin process createstwooutputfiles: the tasks thatcreateand lo encrypted servercertificatefilewitha from theexternalCertificateA containing theprivatekey from theAPCMasterSwitch The filewiththe – The filewiththe – Next request, whichyous unit’s privatekey. tomovefromscreen toscreen.) .csr .p15 e installation program gning Request(CSR).TheCSRcontains allthe
end toanexternalCertificateAuthority. extensioncontains the extension contains ned certificatefromthe and thefilecontaining onto theMasterSwitchPlus. ad theservercertificate. Utility uthority. Theoutputfileisanew commercial Certific g thecertifica 151 te exceptthedigita already installed onyourcomputer, or agency hasitsor agency own Certificate CD. quires aservercertificate,repeat .p15 extension. the certificatesigning APC Security Wizard.exeAPC Security te combinesthe Perform thesesteps. MasterSwitch Plus thesignedcertificate Certificate Authority, l signature.This ate Authority to ate Authority .p15 file USER’S GUIDE MasterSwitch Plus .OnthescreenlabeledStep 2,pr 5. .Onthescreenlabel 3. .Enteranameforthef 4. .Onthenextscreen,re 6. .Thelastscreenverifiesthatthe 7. .OntheWindows 2. signed servercertificatetocontain. The certificate signingrequest(CSR) fields arerequired;theother Name Files\American Power Conver file willbecreatedin private key. Thefile of filetocreate. click fingerprints. To makeanychange downward toviewthecertific Plus. created anddisplays the extension. Wizard Back field,entertheIPAddress , tostart theWizardprogram. issuer informationshouldbeidentical. The certificate’s subjectinfo Start current dateandtime, By default,aservercertificateis , andrevisetheinformation. and Start Validity PeriodEnd ed “Step 1,”select name musthavea the installation folder ile thatwillcontain theMa menu,select view thesummaryof location andnameof ate’s uniqueserialnumberand fields areoptional.Forthe 152 but youcaneditthe sion\APC Security Wizard sion\APC Security certificate signing ovide theinformationtoconfigure with theinformationthatyouwant s totheinformati or DNSnameoftheMasterSwitch Programs rmation andthe Certificate Request .p15 fields. Country validfor10yearsfromthe C:\Program the certificate.Scroll extension. Bydefault,the the file,whichhasa , then sterSwitch Plusunit’s and on youprovided, request hasbeen Validity Period certificate’s APC Security APC Security Common Name Common as thetype . .csr
USER’S GUIDE MasterSwitch Plus Next SSL servercertificatethat Import thesignedcertificate. This procedurecombinesthesigned returns thesignedcertif .Click 6. .Specify anamefortheoutputf 5. .Browsetoandselectthe 4. .Browsetoandselectthesignedse 3. Onthescreen labe 2. .OntheWindows 1. .Sendthecertificatesigni 8. extension. certificate thatyouuploadtothe Certificate Authority Information the MasterSwitchPlusunit Certificate Signi Security Wizard Security installation folder from theexternalCertifica extension. Wizard Authority managedbyyour either acommercialCertificateAuthor tomovefromscreenscreen.) regarding thesigningandissuin See theinstructionsprovided Next , tostart theWizardprogram. togeneratethe onthesummaryscreen co ng Request(CSR) . Start C:\Program Files\America icate, performthesesteps led Step 1,select signed thecertificate. youthenupload menu,select ng requesttoanextern fileyoucreatedin te Authority. Thefilehasa ’s privatekey, and,byde server certificate own company oragency. When theexternalCe ile thatwillbeth 153 unit.Thefilemusthavea certificate andthe by theCertificateAuthority . Thisfilehasa rver certificate g ofservercertificates. Programs Import SignedCertificate ity or, ifapplicable,aCertificate to theMasterSwitchPlus.(Click nfirms thattheexternal . Thecertificate’s step 4 n Power Conversion\APC to importthecertificate. e signedserver , then al CertificateAuthority, .p15 that youreceived ofthetask, rtificate Authority privatekeyintoan fault, islocatedinthe .cer APC Security APC Security extension, contains or .p15 .crt Issuer Create the
.
USER’S GUIDE MasterSwitch Plus Load the server certificatetotheunit. Load theserver .Inthe 2. .Thelastscreenverifiesthatt 7. .Onthe 1. Power Conversion\APC Security WizardPower Conversion\APCSecurity signed certificate server certificate,the select the private keyandthe certificate, whichhasa MasterSwitch Plus.It instructs youonthenexttask, to scp cert.p15apc 156.205.6.185 wouldbe: certificate named \sec SCP forthetransfer, youmust transfer theservercertificateto Alternatively, youcanuseFTP SSL/TLS ServerCertificate Network , ontheunit.ForSCP, Web/SSL menuoftheWeb interface . (Thedefaultlocationis publickeyobtained fromthe option. .p15 displays thelocationand cert.p15 .p15 @156.205.6.185:\sec\cert.p15 fileyoucreatedintheprocedure fileextensionandcontains theunit’s he certificatehas toaunitwith 154 the commandtotransfera load theservercertificateto orSecureCoPy(SCP)to sectionofthepage, browsetothe specify thecorrectlocation, theunit.IfyouuseFTPor Perform thesesteps: C:\Program Fi .) of theMasterSwitchPlus, an IPaddressof been createdand name oftheserver .cer or .crt les\American Import the file.
USER’S GUIDE MasterSwitch Plus The procedure Summary Create anSSHHostKey host key, theMasterSwitchPlusg Create thehostkey. This procedureisoption screen toscreen.) reboots. Hostkeysfor are 1024-bitRSAkeys. .Onthescreenlabe 3. .IftheAPCSecurityWizardisnot 1. .Thesummary screendisplayst 6. Click 5. .Enteranameforthef 4. .OntheWindows 2. Use theAPCSecurityWizardtocre • Load thehostke • install itbyrunningth and storedinafilewith key. After you loadthehostkeyonto fingerprints, which areuniquefor Wizard Conversion\APC Security installation folder type offiletocreate. Wizard must havea from theAPCMasterSwitch Next , tostart theWizardprogram. togeneratetheHost Key .p15 y ontotheunit. Start extension.Bydefault,thefile C:\Program Files\AmericanPower SSH thatarecreatedwithth Perform thesesteps. (Click led Step 1,select al. IfyouselectSSHencr e installation program ile thatwillcontain theho menu,select .p15 Utility extension. enerates a768-bit 155 he SSHversion1and version2 each hostkeyand already installed onyourcomputer, CD. . ate ahostkey, whichis encrypted Programs theunit,you ca SSH Server Host Key SSH ServerHostKey APC Security Wizard.exeAPC Security yption, butdonotcreatea Next e APCSecurityWizard , then willbecreatedinthe st key. Thefilename RSA keywhenit tomovefrom n verifythat the identify thehost APC Security APC Security as the USER’S GUIDE MasterSwitch Plus Load the host key to the unit. Load thehostkeytounit. .Onthe 3. .Inthe 2. .Onthe 1. .Thelastscreenverifiesthatt 7. key, the match thefingerprints that correct hostkeywas on totheunitthrough fingerprint fortheversion(orvers Wizard Conversion\APC Security (The defaultlocationis select the Plus. Itdisplaystheloca your SSHclientprogram. displayed herematchtheSSH correct hostkeywas .p15 instructs youonthenext you mustspecifythecorrectlocation, the hostkeyfiletounit.Ifyou Alternatively, youcanuseFTPor scp cert.p15apc with anIPaddressof the commandtotransferahostkeynamed fileextension. SSH User Host Key File SSH UserHostKey SSH Host Key Fingerprint SSH HostKey Network .p15 Telnet/SSH fileyoucreate menuoftheWeb interface uploaded byverifying uploaded byverifying your SSHclientprogr option. C:\Program Fil tion andnameoftheho task, toloadthehost @156.205.6.185:\sec\hostkey.p15 156.205.6.185 wouldbe: the clientprogramdisplays. d intheprocedure he hostkeyhas Perform thesesteps: fingerprints onthe 156 section ofthepage, br ions) ofSSHyouar sectionofth .) use FTPorSCPforthetransfer, Secure CoPy(SCP)totransfer es\American Power \sec that thesefingerprints that thefingerprints am, andverifythatthe of theMasterSwitchPlus, been createdand key totheMasterSwitch , ontheunit.ForSCP, Create thehostkey hostkey.p15 e page, notethe st key, whichhasa unit, asdisplayedby e using.Thenlog owse tothehost toaunit .
USER’S GUIDE MasterSwitch Plus System requirements Purpose: configure basicTCP/IP settings Purpose andRequirements APC DeviceIPConfigurationWizard Windows XPworkstations. The Wizardrunson Windows NT following: TCP/IP settings(IPaddr You canusetheAPCDeviceIPConfi or embeddedNetworkManagementCa Using theWizard,youcanconfiguret Devices thatcontain emb • Network ManagementCards • Automatically discoverand • Configure orreconfigur • Management Cardsre connection fromtheseri contains thecard. computer thatisr Cards onlyifthey The Wizardcandiscoverandco ess, subnetmask,andde unning theWizard. are onthesamenetw motely overyour e aNetworkManagement al portofyourcom edded NetworkM configure unconfiguredNetwork ® , Windows2000, 2003,and 157 guration Wizardtoconfigurethebasic he basicTCP/IPsettingsofinstalled rds ineitherofthefollowingways: nfigure NetworkManagement TCP/IP network. puter tothedevicethat anagement Cards ork segmentasthe fault gateway)ofthe Card throughadirect USER’S GUIDE MasterSwitch Plus Manual installation Automated installation Install theWizard setup.exe Configuration WizardfromtheAPCwebsite, You canalsodownloadthelate Wizard directoryontheCD,and If autorunisnotenabledon If autorunisenabledonyo automatically when fromthefoldertowh you inserttheCD. ur CD-ROMdrive,theinst yourCD-ROMdrive,run st versionoftheAPCDeviceIP ich youdownloadedit. follow theon-screeninstructions. 158 www.apc.com allation programstarts setup.exe andrun inthe USER’S GUIDE MasterSwitch Plus Configure thebasicTCP/ Launch theWizard Use theWizard launch theWizard. procedure: that youhavetheinform Prepare toconfigure thesettings. The installation creates .Ifyouareconfiguring multiple 2. Contact yournetworkadministrator 1. containing anembeddedNe that camewiththeNetw You canalsoobtain theMACaddre screen onwhichyouthenen Wizard displaystheMACaddressfor Cards, obtain theMACaddressof use. each NetworkManagementCard For embeddedNetwork – For NetworkManagement – the sideofadevicetha a labelonthedevice is onalabelthe a shortcutlinkinthe ation youwillneedduringtheconfiguration bottomofthecard. containing thecard— IP settingsremotely ork ManagementCardor t youmountinarack. Management Cards,the twork ManagementCard. Cardsthatyouinstal ter theTCP/IPsettings.) unconfigured NetworkManagement 159 Before youruntheWizard,besure that theWizarddiscovers.(The each onesothat ss fromtheQualityAssuranceslip to obtain validTCP/IPsettingsto a discoveredcard Start menuthatyoucanuseto for example,usuallyon withthedevice l, theMACaddress MAC addressison you canidentify onthesame USER’S GUIDE MasterSwitch Plus Run theWizard toperformtheconfiguration. configure, overthenetwork,install Cards thatarenotconfigured: .Click 5. .Onthe 4. .EntertheTCP/IPsettings( 3. .TheWizardsearchesforanot 6. Select 2. .Fromthe 1. after youtransmitthecard’s settings. connects tothedevice address thatisnotin entered isinuseonthenetwork, mark by theMACaddress screen withdata entryboxesfort unconfigured NetworkManagementCard Gateway detects thefirstNetw To configuretheTCP/IPsetti – To skipconfiguringthecardw – procedure beginningatstep4. displayed, click Finish Start aWeb browser when finished Remotely (overthenetwork) Remotely Transmit Current ) fortheunconfiguredNetwork Start totransmittheTCP/IPs menu,launchtheWizard. Cancel use.Enteracorrect ork ManagementCardtha at thetopof thatcontains theNetw . Settings Remotely System IP System ed orembeddedNetw her installed orembeddedbut 160 ngs ofthenext hose MACaddress he TCP/IPsettingsofthatcard. Wizardprompts youtoenteranIP ettings. IftheIPaddressyou , andclick , screen. Thenclick Subnet Mask Management Cardidentified . Ifitfindsone, The Wizardau IP address,andclick , thedefaultWeb browser ork ManagementCard screen,ifyoucheck- To discoverand card, repeatthis t isnotconfigured. Next > ork Management is currently , and . itdisplaysthe Next > tomatically Default . Finish . USER’S GUIDE MasterSwitch Plus Configure orreconfigure theTCP/IPsettingslocally connection: To configureasingleNetworkMan .Connecttheserial configuration 2. Contact yournetworkadministrato 1. .Fromthe 3. .Click 7. EntertheTCP/IPsettings( 5. Select 4. .Onthe 6. .Ifyouselected 8. .Connectoneendto a. Network ManagementCard. Management Cardorwiththede .Connecttheothere b. after youtransmitthecard’s settings. connects tothe device address thatisnotin entered isinuseonthenetwork, mark Gateway or device. now configureother para IftheNetworkManagementCard – Ifyou areassigningbasicTCP/IP – computer. Makesure Management Card,click Wizard todetectit. Finish Start aWeb browser when finished Locally (throughth Locally Transmit Current ) fortheNetworkManage Start totransmittheTCP/IPs menu,launchthe Start aWeb browser when finished use.Enteracorrect thatcontains theNetw nd totheserialportof an availablecommunicationsportonyour no otherapplicationisusingtheport. meters throughtheWeb Settings Remotely System IP System e serialport) Next> agement Cardthroughaserial 161 cable thatcamewiththeNetwork vice thatcontains anembedded Wizard application. tomovethenextscreen. r toobtain validTCP/IPsettings. ment Card.Thenclick Wizardprompts youtoenteranIP is notconfigured,waitforthe settings seriallytoaNetwork ettings. IftheIPaddressyou , Subnet Mask , andclick IP address,andclick , thedefaultWeb browser the cardordevice. ork ManagementCard screen,ifyoucheck- interface ofthecard Next > instep6,youcan , and Next > Default . Finish . . USER’S GUIDE MasterSwitch Plus Summary oftheprocedureSummary Retrieving andExportingthe.iniFile How toExportConfigurationSettin MasterSwitch Plusortomultip MasterSwitch Plusunit’s currentconfigu As anAdministrator, youcanretrieve .Eachreceiving MasterSwitchPlusstor 5. .You useanyofthefiletrans 4. You thencustomizethe 3. You retrievethe.ini 2. .You configureaMasterSwitchPlus 1. script thatrepeats thest units. (To transferthefiletomult the file. memory, usesittoreconfigureits MasterSwitch Plustotran and makeacopytoexport. export. filefromthatunit. .ini file(tochangeatle eps fortransferringthefiletoasingleunit.) sfer thecopiedfileto le MasterSwitchPlusunits. fer protocolssu 162 iple unitssimultane a dynamicallygenerate own unitsettings,andthendeletes tohavethesett ration andexportt es thefiletemporarilyinits flash pported bythe ast theTCP/IPsettings) one ormoreadditional ously, writeanFTP ings youwantto hat filetoanother d .inifileofa gs USER’S GUIDE MasterSwitch Plus Contents ofthe.inifile following: The config.inifilethatyou Each keyword isfollowedbyan • • •The You mustedit thesection • that parameter’s setting,eitherth that parameter’s describing specific and undereachse section headings been specificallyconfigured) SystemIP address oftheunit)blocks [NetworkTCP/IP] keywords andtheirdevice-specificva system dateandtimeof NTP Servertosetits dateandtime. Override included. device (inthiscase,theunit)from Only sectionheadingsandkeywor See time settings. , SubnetMask Customizing keyword,withits defaultvalu , whicharecategorynamesencl unitsettings. ction heading, section,thedefaultvaluefor retrieve fromanMasterS areceivingunitorcausethattouse an , [SystemDate/Time] theexportingofva forconfigurationgui DefaultGateway ortheconfiguredvalue. 163 equalssignandthecurrent e defaultvalue(i keywords, lues frombeingexported.Inthe which youretrievethefileare ds supportedfor which arelabels e, prevents oneormore , and witch Pluscontains the delines fordateand ifyouwanttosetthe lues forthekeywords osed inbrackets ([]), Override f thevaluehasnot BootMode (theMAC value the specific . for USER’S GUIDE MasterSwitch Plus Detailed procedures Retrieving. Plus andexportthemtooneor Use thefollowingprocedurestoretrieve .UseFTPtoretrieveth 2. Configurean unitwithth 1. .Logon,usingtheAdministratorus b. .Openaconnectiontotheunit,usin a. .Retrievetheconfig.inifileco c. The fileiswrittentothefol for theunit. units, see configuration settingsfrommultiple To createbatchfilesand the APCMasterSwitch (www.apc.com). ftp> getconfig.ini ftp> open158.165.2.132 To set upandretrievean file risksintroducingerrors. or controlconsolewheneverpo To avoid errors,configuretheuni Release Notes:iniFileUtility, version1.0 e fileconfig.inifrom e settingsyouwanttoexport. more MasterSwitchPlusunits. Utility der fromwhichyoulaunchedFTP. use anAPCutilitytoretrieve ntaining theunit’s currentsettings: 164 .inifiletoexport: CD andontheAPCWeb site thesettingsof er nameandpassword configured g its IPAddress.Forexample: unitsandexportthemtoother ssible. Directlyeditingthe.ini t byusingits Web interface the unityouconfigured. one MasterSwitch , provided
on USER’S GUIDE MasterSwitch Plus settings beforeyouexportit. Customizing. Customizing. .Copythecustomizedf 2. .Useatexteditortocustomizethe file. 1. The copy, whichyouwillex – Add comments aboutch – Use adjacentquotation marksto – Section headings,keywords,and – Retain the originalcustom – To exportaspecificsystemdate – To definevalues,openi – to 64charactersand must character ofacommentlinemustbesemicolon ( To exportaspecificsystemti • you mustconfigurethevalues LinkURL1="" sensitive, butstringvaluesthat For greateraccuracy, • spaces notwithintheopeningandcl which arealreadyenclosedinquot except toenclosevalues automatically fromthe comments.retain recordofyour istheonly value forthe file canaccessaNetworkTime be significantlyinaccurate.) necessary toexportalargefile [SystemDate/Time] You mustcustomizethefile NTPEnable=enabled NTPEnable indicatesthatthe ile toanotherfilename filethatyou export. ng andclosingquotatio if theMasterSwitchPlusunits receivingthe anges thatyoumade. sectionasaseparate .inifile.(Thetime that contain leadingortr ized fileforfutureuse. have the.inisuffix. keywordasfollows: port tootherunits,c 165 me, exportonlytheconfigured directly inthe.inifile. you definearecase-sensitive. URLisintenti would causetheconfiguredtimeto and timeoranyscheduledevents, indicate novalue.Forexample, Protocol (NTP)Server, setthe pre-defined valuesarenotcase- ation marks.(Leadingortrailing to changeatleasttheTCP/IP osing quotation marksareignored.) inthesamefolder: n marksareoptional, an haveanyfilename up The firstprintable onally undefined. They areremoved ailing spaces orvalues The file that you The filethatyou ; ). USER’S GUIDE MasterSwitch Plus MasterSwitch Plusunits: Exporting the file to multiple units. thefiletomultiple Exporting thefiletoasingleunit. Exporting MasterSwitch Plus,useanyofthef following exampleusesFTP: MasterSwitch Plusunits (includingFT .Exportthecopyof 2. .Fromthefoldercontaini 1. Use abatchprocessingfile • Use FTPorSCP, butwriteascript • used forexportingthefileto file namethathasthe.inisuffix, is and isexportedtoits rootdirectory. ftp> put ftp> open158.165.4.135 FTP tologintheunitwhichyo example: ini FileUtilit To createthebatchfile filename y, version1.0 .ini customized .inifile.The ng thecustomized.ini and theAPC.inifileutility. asingleMasterSwitchPlus. ile transferprotoco 166 and usetheutility, see P, FTPClient,SCP, andTFTP).The To exportthe.ini on theAPCMasterSwitch no morethan64c that incorporatesand To exportthe.inifiletomultiple u areexportingthe.inifile.For file andits copy, use receiving unitaccepts any ls supportedby filetoanother haracters inlength, Release Notes: repeats thesteps Utility CD. USER’S GUIDE MasterSwitch Plus The eventanditserror messages The UploadEventanditsError Messages include notificationof If akeyword,sectionname,orvalueis This eventhasnodefaultseveritylevel. completes usingthe.inif The followingsystemevent vn etDescription value on line Configuration file warning: Invalid keyword on line Configuration file warning: Invalid text Event section on line online section Keyword found outside ofa warning: file Configuration online section Configuration file warning: Invalid maximum size. exceeds file Configuration warning: file Configuration Configuration fileuploadcomplete,with unit succeedsevenifthereareerrors. The exporttoandthesubse number number number. number . . thefollowingerrors. . ile toupdateits settings. occurs whenthereceiv in thatin section are ignored. name isinvali asection If A line with an invalid keyword or value is ignored. is or value keyword invalid an with line A uploading again. andtry two files, into it ordivide file, ofthe size the Reduce cannot. it what ignores but can, it what storesthe unit andprocesses is toolarge, file the If before any section headings) is ignored. (i.e., file the of beginning the at entered keyword A 167 quent uploadbythereceiving invalid, theeventte ing MasterSwitchPlus d, all keyword/value pairs keyword/value d, all number xt isextendedto validvalues USER’S GUIDE MasterSwitch Plus Errors generatedby Messages inconfig.ini override. Donotdelete the these errormessagesfrom other units.Therefore, The overriddenvaluesaredevice-spe event logwhenitblocks The configuration file. feature willnotbeconfiguredonanydev the featureisnotsupported contains, underthesect export theconfigurationsettings.Inthi configuration settingsormightnotbe A featuremightnotbesu Override Override overridden. See Contents ofthe.inifile keywordandthelinesthatc keywordandits valuewillgen overriddenvalues you canignoreth or changethelinecontai ion nameforthatfeature, the exportingofvalues. pported forthedevicefrom . Nokeywordsandval occurring, youcandelete 168 forinformationabou supported forthedevi cific andnotappropr s case,theuserconfigurationfile ese errormessages.To prevent ice towhichyouexporttheuser ontain thevaluesthatthey erate errormessagesinthe ning thesectionheading. ues arelisted,andthat a messagestating that whichyouretrievethe thelinesthatcontain t whichvaluesare iate toexport ce towhichyou USER’S GUIDE MasterSwitch Plus Using theDeviceIPConfigurationWizard On Windowsoperatingsys Device IPConfigurationWizard. for exporting.inifiles,youcanch Wizard IP ConfigurationWizard,see settings ofoneormoreMasterSwit For adetailed descriptionof . tems, insteadofusing oose toupdateunitsettingsbyusingthe 169 howtoupdatetheconfiguration APC DeviceIPConfiguration ch Plusunits usingtheDevice the precedingprocedure USER’S GUIDE MasterSwitch Plus Overview Introduction Boot Mode Boot mode The methodusedtoprovidethenetwork provide thesettingsthatitneed Plus canuseadynamichostconfigur In additiontousingaBOOT either to providethenetworka DHCP &BOOTP , a and RFC2132at For moredetails on TCP/IP optioninthe , its defaultsetting,or ssignment fortheunit, P serverormanualsetti http://www.ietf.org/rfc s tooperateona DHCPandopti Network 170 ation protocol(DHCP)serverto settingsforthe menu.To useaDHCPserver DHCP only Boot mode TCP/IP network. ngs, theMasterSwitch . ons, seeRFC2131 unit dependson . mustbesetto USER’S GUIDE MasterSwitch Plus DHCP &BOOTPbootprocess following occurswhenthe When .IftheMasterSwitchPl 2. TheMasterSwitchPlusmakesupto 1. .IftheMasterSwitch Plusfailsto 3. received, theunitstarts t assignment fromanyBOOTPserver. every 32secondsfor12minutes,the receives avalidnetworkassignmen DHCP Only received, theunitstarts t five BOOTPrequests, the BOOTP Only a time-outof64sec five DHCPrequests, it assignment fromany Boot mode See option, whichisdisabledbydefault. in DHCP&BOOTPmodeafte DHCP &BOOTP To configuretheMasterSwitchPlus DHCP response options For moreinformation onwhata invalid offer. server fromreserving theIP immediately releases thatleas from thatserveronthelast the APCCookie),MasterSwit If aDHCPserverresp . MasterSwitch Plussettings . issettoits default onds, andsoforth. MasterSwitchPlusisstarted orreset: DHCP server. Ifavalid us failstoreceiveava repeats BOOTPandDHC he networkservicesandsets he networkservicesandsets unit makesuptofiver setting for 171 receiveavalidDHCPresponseafter onds withaninvalid DHCP &BOOTP . t. FirstitsendsaBOOTPrequest fiverequests for its network n itsendsoneD Boot mode requestof If avalidBOOTPresponseis Addressassociated withits r acceptingTCP/IPsettings . e. Thisprevents theDHCP valid response ch Plusaccepts thelease sothatitalwaysusesthe lid BOOTPresponseafter DHCPresponseis equests forits network the sequenceand , enablethe P requests untilit setting,the offer (e.g.,without HCP requestwith Boot mode Boot mode requires, see Remain to to
USER’S GUIDE MasterSwitch Plus MasterSwitch Plussettings DHCP ConfigurationSettings ( When mode regardless ofthe The Three settings( console accessesthenetworksetti Vendor Class • • TCP/IP in ordertobevalid. this optionrequirest cookie toaccept DHCP CookieIs BOOTP Only reflects theserverthatprov By default,this BOOTP modeafter acc After IPAssignment selectionexcept Boot mode response options For moreinformationa optioninthe , Port Speed Client ID TCP/IP issetto ). option switches inthecontrolconsole(or DHCP Address Manual option’s hat theDHCPresponsesincl Network , and . in thecontrolconsole(or , DHCP &BOOTP Host Name epting TCP/IPsettings User Class . bout theAPCcookie,see ided theTCP/IPsettings( Boot mode menuoftheWeb in ngs fortheMas 172 Boot mode intheWeb interfa , and ) areavailableforany , twooptionsareavailable: selection,and Domain Name Require vendorspecific totheselectionthat terSwitch Plus. Remain inDHCP& intheWeb interface): ude theAPCcookie terface andcontrol ce): Bydefault, DHCP DHCP Only ) areavailable three settings Boot or USER’S GUIDE MasterSwitch Plus When • • indefinitely. MasterSwitch Plustocontinue valid response.By MasterSwitch Pluswillre the Web interface):Thisoption ThenStopRetry in ordertobevalid. this optionrequirest cookie toaccept DHCP CookieIs Boot mode response options For moreinformationabo issetto inthecontrolconsole(or inthecontrolconsole(or DHCP Address default, thenumberofretr hat theDHCPresponsesincl DHCP Only, peat theDHCPrequestif . repeatingthe 173 sets thenumberoftimes intheWeb interfa ut theAPCcookie,see two optionsareavailable: Require vendorspecific Maximum #ofRetries DHCP request ies is0,whichsets the ude theAPCcookie it doesnotreceivea ce): Bydefault, DHCP in USER’S GUIDE MasterSwitch Plus DHCP responseDHCP options other informationthataffects response todetermi The unitusestheVendor Specific Info a TAG/LEN/DATA format: Information optioncontains Option 43notifiestheuni APC Cookie.Tag 1,Len4,Data “1APC” response optionbeforethe APC devices.Bydefault, Information optionthatcont Following, inhexadecima Option 43=0x010x040x310x410x50 0x43 Vendor SpecificInformation(option43). settings thattheMaster Each validDHCPrespons settings Use the todisabletheAPC DHCP CookieIs ne whethertheDHCPresponseisvalid. Switch Plusneedstoope t thataDHCPserverhas l format,isanexampleofaVendor Specific the APCCookiemustbe the APCCookieand e contains optionsthat unitcanacceptthelease. ains theAPCcookie: up totwoAPCspecific the operationofunit. settingdescribedin 174 cookie requirement. rmation option(option43)inaDHCP The Vendor Specific providetheTCP/IP rate onanetwork,and BootModeTransition. been configuredtoservice options encapsulated in present inthisDHCP MasterSwitch Plus USER’S GUIDE MasterSwitch Plus Transition setting: Information optionthatcontains the Following, inhexadecima BOOTP Only reflects theserverthatprov which, bydefault,causesthe Option 43=0x010x040x310x410x50 0x430x020x01 This option43settinge Boot ModeTransition. Tag 2,Len1,Data 1/2 For adata valueof1,the • For adata valueof2,the • only. request its networkassignment(TCP Plus accepts theDHCPresponse.Wh the the server, andthen,ifnecessa restarts, itwillrequestits networ successful networkassignment. Boot mode Boot mode MasterSwitch Plussettings For moreinformationaboutthe See ): DHCP &BOOTPbootprocess optionswitchesto optionremainsinits nables ordisablesthe l format,isanexampleofaVendor Specific ided theTCP/IPsettings( Boot mode After IPAssignment After IPAssignment ry, fromaDHCPserver. APC cookieandthedisableBootMode 175 k assignmentfirst Whenever theMasterSwitchPlus DHCP Only . optiontousethesettingthat DHCP &BOOTP /IP settings)fromaDHCPserver enever theunitrestarts, itwill After IPAssignment After IPAssignment . whentheMa option isdisabled,and option isenabledand DHCP Only fromaBOOTP settingafter sterSwitch or , see option USER’S GUIDE MasterSwitch Plus a validDHCPresponsetode Miscellaneous options. TCP/IP options. domain namesettings: options withinavalidDHCPresponseto • • • • • • • • • • • length of64characters) Domain Name 32 characters)tobe Host Name lease. after anIPaddresslease Rebinding Time, T2 that lease. Subnet Mask DNS serversthatcan after anIPaddressleas Renewal Time, T1 lease associatedwiththeidentified Address LeaseTime needed bytheunitto Default Gateway the unittooper the IPaddressthat DNS Server, andSecondary Primary IP Address subnet fortheunitfromCoor NTP Time Offset NTP serversthatcanbeusedbytheunit. NTP Server, andSecondary Primary (fromthe (option 12):Identifies The MasterSwitchPlususes (option1):Providesthes ate onthenetwork. (option 15):Identifies t (option3):Providest (option 2):Specifies the (option 58):Identifieshow usedbytheunit. (option 59):Identifieshow The MasterSwitchPlus operate onthenetwork. (option51):Identifiest be usedbytheunit. yiaddr DHCPserverisleasingtotheunit. e isassignedbeforeit to beusedbytheunit. fine its TCP/IPsettings: is assignedbeforeit dinated UniversalTime (UTC). fieldoftheDHCP 176 the hostname(maxim IP Address defineNTP, DNS,hostname,and he domainname(maximum he defaultgatewayaddress (option 42):Identifiesuptotwo (option 6):Identi ubnet maskvalu thefollowingoptionswithin offset, inseconds,ofthe usesthefollowing he lengthoftimeforthe can requestarenewalof long theunitmustwait can seektorebindthat . long theunitmustwait response): Provides fies oneortwo um lengthof e neededby USER’S GUIDE MasterSwitch Plus Overview Introduction File Transfers units. This chapterdescribeshow and newfeaturesbecomeavailable. When newfirmwareistran before orduringthe Checks (CRCs)toensuret of thesefilescontains a The MasterSwitchPlusautomaticallyre To verifyafiletransfer, see To transferafirmwarefile to aunit,see transfer operation. header andoneormore smitted totheunit, hat thedata contained in to transferfirmwarefile 177 Verifying Upgrad cognizes binaryfirmwarefiles.Each CyclicalRedundancy Upgrading Firmware program codeisupdated s toMasterSwitchPlus the fileisnotcorrupted es andUpdates . . USER’S GUIDE MasterSwitch Plus Firmware files(M Benefits ofupgradingfirmware Upgrading Firmware the MasterSwitchPlussh The APCOperatingSystem (AOS) moduleandanapplicationmodule. A firmwareversionconsists oftwom benefits: Upgrading thefirmwareonMas • • • • • Keeping thefirmwareversionsc • New featuresbecomeava • New firmwarehasthel • version bin code of264wouldi type binary file. hw0 (AOS) ortheapplicationmodule apc that allMasterSwitchPl manner. apc_hw0 : Indicatesthatthis x : Indicatesthatthis : Identifieswhetherthe : IdentifiestheversionofMast x : Theversionnumberoftheapp _ type_version asterSwitch Plus) ndicate version2.6.4. are thesamebasicformat: atest bugfixesandper isanAPCfile. (AOS)andapplication uss supportthesame is abinaryfile. ilable forimmediateuse. .bin file isfortheAP terSwitch Plushasthefollowing 178 onsistent acrossyournetworkensures odules: AnAPCOperatingSystem (APP) fortheMasterSwitchPlus. erSwitch Plusthatwillrunthis lication file.Forexample,a C OperatingSystem formance improvements. features inthesame module filesusedwith USER’S GUIDE MasterSwitch Plus Obtain thelatestfirmware version operating system executable toolmustperfo that youneedtoa automated self-extractingexecutable Automated upgradetoolfor use aversionofthetoolfromAPC from oneproductCDtoupg Each upgradetoolissp If theAOSfirmwaremodule The toolthereforecontains firmw upgrade toolthatco The versionofthetool • The first upgradeisfromversion1. • The secondupgr • Ifalaterfirmwareupgradeisav • version oftheAOSfirmwaremodule. available whenthe upgrade yourdevice released versionoftheAOSmodule. site version ofthetoolatnocostfrom download theautom firmware releaseforyourAPCproduc www.apc.com/tools/download utomate yourupgradeson rresponds withyour ade isfromthe2.0. ecific toanAPCproduct CD wasreleased. ated tool,nottheindivi tothelatestAOSand rm twoconsecutiveupgrades: on theAPCMasterSwitch rade firmwareofadiffer you alreadyhaveisa1. Microsoft Windowssystems. are modulesfor 179 ailable, youcanobtain anupdated tool combinesthefirmwaremodules Web site,makesure thesupportsectionofAPCweb x APC producttype. . x . AtthisWeb page, findthe latest x versiontothemostrecently tothelatestavailable2.0. t (inthiscase, anysupportedWindows dual firmwaremodules. type.Donotusethetool application modules both upgrades. ent APCproduct.Ifyou x.x Utility version,the your unit)and that youusethe CD will An x
USER’S GUIDE MasterSwitch Plus manually, i.e.,byusingtheseparate www.apcc.com/tools/download firmware upgradefrom You canobtain theindividualfirm and applicationmodule). network arerunningLinux,youmust Manual upgrades, primarilyforLinuxsystems. described in Windows operatingsystemonyour If youhaveanetworke upgrade process,evenifyo automatically overthenetwork.Th systems to thelaterversion. to thelatestavailaible2.0. 2.1.0 orlater. Theupgr device directlyfromfirmwareversion1. tool, youcannotupgradethe When performingamanualupgr toupgradethefirmware Automated upgrad the supportsectionofAPCWeb site d computerrunninga ade attemptwillfail.Yo ware modulesyouneedforamanual . 180 x APC firmwaremodule upgrade thefirmwar ur currentfirmwareisa1. version oftheAO AOS firmwaremoduleofanyAPC e toolforMicrosoft Windows ade, notusingtheautomated of aMasterSwitchPlus is toolautomatestheentire network, youcanusethetool x.x If allcomputersonyour tofirmwareversion supported Microsoft S moduleandthen u mustfirstupgrade e ofyourunits s (AOSmodule x.x version. USER’S GUIDE MasterSwitch Plus Firmware filetransfermethods To upgradethefirmware From a networkedcomp • Fromanetworkedcompu • For aMasterSwitchPlusthatis • or downloadedfrom system, youcanusethe MasterSwitch Plus. and applicationfirmwaremodu firmware modules. can useFTPorSCPtotransferthe XMODEM throughaserial For moreinformati Firmware files(MasterSwitchPlus) application module. System (AOS)moduletotheun firmware foraunit,youmusttransfertheAPCOperating use theautomatedfirmwareu When youtransferindividual theAPCWeb site. of aMasterSwitchPlus: on aboutthefirmwar uter runningaMicrosoft Windowsoperating automated firmwareupgrade ter onanysupported connectiontotransfer les fromyourcomputertothe 181 not onyournetwork,youcanuse firmwaremodulesanddonot pgrade tooltoupgradethe individual AOSandapplication it beforeyoutransferthe . e modules,see operating system,you the individualAOS toolonyourCD USER’S GUIDE MasterSwitch Plus Use FTP orSCPtoupgradeoneunit single MasterSwitchPlusoverthenetwork: Instructions forusingFTP. To useFTPtoupgradetheunit: .Type 3. .OpenanFTPclientsession: 2. .OpenanMS-DOScommandprompt 1. The MasterSwitchPlusmust • The FTPservermustbeenab • The MasterSwitchPlusmust • Files listedforaMasterSw .ForWindowsFTPclients, sepa b. .ForsomeFTPclients, a. firmware upgradefiles,andlis commands wouldbethoseshownin default of the C:\apc> C:\apc> C:\> connected tothenetwor Subnet Mask – – you would usethefollowingco setting hasbeenchanged address byaspace. Forexample,iftheunit’s of theIPaddress. apc_hw02_aos_264.bin apc_hw02_app_262.bin Port cd\apc open settingfor ftp dir 21 andtheMasterSwitchPlus , youmustusethe
, and FTP Server Default Gateway k. Gotothedirec For youtobeableus useacolontoaddthe itch Plus,forexample, beconnectedtothenetwork. from its defaultof have its TCP/IPsettings( t thefiles.For led attheMasterSwitchPlus.
inthe 182 non-default valuein mmand for aWin rate theportnumber fromtheIP
bold window onacomp addresses)configured. Network ’s IPaddress,andpress tory thatcontains the : the directory menuhaschangedfromits 21 port numbertotheend e FTPtoupgradea FTP ServerPort might bethefollowing: , suchasto dows FTP client theFTPcommand. System IP System uter thatis C:\apc 21000 E NTER , , the
, . If USER’S GUIDE MasterSwitch Plus How toupgrademultipleunits firmware foroneunit: Export configurationsettings. Instructions forusingSCP. them tootherunits. APC utilitytoretrieve configurationse .UseanSCPcommandlinetotransfer 2. Identifyandlocatethe 1. .UpgradetheAOS.Forexample: 5. LogonusingtheAdministrator 4. .Useasimilar SCPcommandline, 3. Wait 20seconds 7. WhenFTPconfirms thetransfer, type 6. instructions forFTP. default forboth.) module insteadoftheAO 158.205.6.185, andan unit. Thefollowingexamplea the applicationmodulefilena scp [email protected]:apc_hw02_aos_264.bin ftp> ftp> to theunit. ftp> transferring afiletounit put apc_hw02_aos_264.bin bin open 150.250.6.1021000 , andthenrepeat firmware modulesdescribedinthepreceding AOS moduleof To useSecureCoPy S module,totransferth with anIPaddre You cancreatebatchfilesandusean ssumes aunitIPaddressof me insteadoftheAOSmodule. usernameandpassword. ( 183 ttings frommultipleunits andexport with thenameof step 2
quit the AOSfirmware apc_hw02_aos_264.bin through
toclosethesession. ss of150.250.6.10. (SCP) toupgradethe e applicationmodule step 5 the application , butin module tothe apc isthe step 5 .) , use USER’S GUIDE MasterSwitch Plus FTP orSCPtou Use FTP orSCPtoupgrademultipleunits. which automaticallyperformsthepr MasterSwitch Plusunits usinganFTP APC MasterSwitch (www.apc.com). See Release Notes:iniF pgrade oneunit Utility . ile Utility, version1.0 CD andontheAPCWeb site ocedure. ForFTP, usethesteps in 184 client orusingSCP, writeascript To upgrademultiple , providedonthe Use USER’S GUIDE MasterSwitch Plus Use XMODEMtoupgradeoneunit that isnotonthenetwork: To useXMODEMtoupgra .Runaterminalprogram(suchas 4. .Press 5. .Connectthesmart-sig 3. .Selectaserialportatthelocalco 2. .Enter yourAdministratoruser 6. .Obtain theindividualfirmwaremo 1. selected portandtothe control, andsavethe changes. selected portfor9600 bps, uses thatport. www.apc.com/tools/download application module)fromthesuppor again, thistimefromversion2.0. available version2.0. version 1. To upgradetheAOSfirmwaremodu attempt willfail. directly fromfirmwareversion1. You cannotupgradethe version. already, youcanupgradedirect If yourAPCdeviceisrunninga2.0. E NTER todisplaythe x.x to2.1.0orlater, firstupgrade de thefirmwareforasing naling cablethatcame serial portattheunit. x 8data bits, noparity, 1stopbit,andnoflow AOSfirmwaremodul User Name nameand password. Thedefault for AOS firmwaremodule 185 . mputer anddisable dules (theAOSmoduleandthe HyperTerminal), andconfigurethe t sectionoftheAPCwebsite ly toversion2.1.0oralater x.x x tothe2. prompt. to2.1.0orlate x le ofanAPCdevicefrom oftheAOSfirmwaremodule with theunitto themoduletolatest le MasterSwitchPlus x.x e. Thenupgradeit versionyouwant. of anyAPCdevice any servicewhich r. Theupgrade USER’S GUIDE MasterSwitch Plus 0 Repeat 10. .Fromtheterminalprog 9. .Selecttheappropriate b 8. Start anXMODEMtransfer: 7. 8 name. .Type d. both is set thebaudrateto9600.The transfer viaXMODEM-CRC.After the match theoneyouse firmware upgrades.Also,changethe Selectoption3— a. .Selectoption2— c. Selectoption4— b. , substitutetheapplicationmodule apc step 3 Yes modules, see For informationaboutthefo . attheprompttoco through XMODEM File Transfer System lected, andpress Firmware files(MasterSwitchPlus) ram’s menu,selectthebinaryAOSfileto step 8 aud rate.Ahigherbaud toinstall theapplicationmodule.In unit willautomaticallyrestart. 186 ntinue withthetransfer. file namefortheAOSmodule rmat usedforapplication XMODEMtransferiscomplete, terminal program’s baudrateto E NTER . ratecausesfaster . step USER’S GUIDE MasterSwitch Plus Last Transfer Resultcodes Overview Verifying UpgradesandUpdates mfiletransferStatus menu (inthecontrolconsoleonl Result You canalsoverify the versionsof To verifythatthe interface, orbyusing anSNMPGETtotheMIBII System (AOS) andapplication File corrupt The file was downloaded but at least one CRC was bad. CRC one least at but downloaded was file The not were contents the but downloaded was file The requested the locate not could server FTP or TFTP The corrupt File unknown type File access. denied server FTP or TFTP The found not File the on found be not could server FTP or TFTP The reason. unknown an for failed transfer file last The denied access Server transfer wassuccessful. Thefile There transfers. arenorecorded file inaccessible Server unknown Failure Result not available Successful message,avail menuofthecontrol oeDescription Code firmware upgradewa LastTransferResult able throughthe modules byusingthe recognized. file. network. console orinthe y), oruseanSNMPGETtothe theupgradedAPC 187 s successful,seethe FTPServer OID. About System Help sysDescr menuoftheWeb option ofthe OperatingSystem optioninthe Last Transfer OID Network
USER’S GUIDE MasterSwitch Plus Warranty limitations Limited warranty Service and Warranty Product Information equipment thathas applies onlytotheoriginalpurchaser. misapplication orhasbeenaltered sole option,anysuchd obligation underthiswarranty and workmanshipforape damage. the useofthisproduct, indirect, special,incidental, orc Except asprovidedabo may notapplyto of impliedwarranties;therefor particular purpose. implied, includingwarranties ofme Except asprovidedhere APC warrants theMasterS
thepurchaser. beendamagedbyacci Some jurisdictionsdonotpermitlimitation orexclusion efective products. This ve, innoeventwill APC beliablefordirect, even ifadvisedofthe riod oftwoyearsfrom in, APCmakesnowarra witch Plustobefreefr e, theaforesaidlimitation(s) orexclusion(s) is limitedtorepairing or onsequential damage 188 modified inanyway. Thiswarranty rchantability andfitnessfora dent, negligence,or warranty does the dateofpurchase.Its possibility ofsuch possibility om defects inmaterials nties, expressedor replacing,atits own s arisingoutof not applyto USER’S GUIDE MasterSwitch Plus Obtaining service vary accordingtojurisdiction. To obtain supportforproblems gives youspecificlegal costs ofsubstitutes,claimsbythird loss ofequipment, Specifically, APCisnotliableforanyco .Notetheserialnumber 1. .Ifyoumustreturnth 3. Contact CustomerSupportata 2. .Packtheunitcarefully 4. .Shipbyinsured,prepaid carrier 6. MarktheRMAnumberclearlyon 5. 0 phone. this manual.Atechnicianwilltryto on thebottomofunit. of theMasterSwitch be chargedforrepair orreplacement. material authorization(RMA)number. Customer Supporttechnician. payment, ifapplicable. daytime phonenumber;aco in transit.Enclosealetterwithyo rights andyoumayalso Plus,usethe e product,thetechnician use ofequipment, . Thewarrantydoesnot anddateofpurchase.To with yourMasterSwitchPlus: py ofthesalesrece parties, orotherwise.Thiswarranty 189 totheaddress phone numberloc ur name,address, the outside oftheshippingcarton. About System helpyousolvetheproblemby sts, suchaslostprofits orrevenue, If thewarrantyexpired,youwill loss ofsoftware, lossofdata, have otherrights, which willgiveyouareturn cover damagesustained provided bythe findtheserialnumber ipt; andacheckas menuoption,orlook ated attheendof RMA numberand USER’S GUIDE MasterSwitch Plus Examples oflife-supportdevices General policy Life-Support Policy requirements foruse indirectpatient care. units withthesemodificati devices designatedas APC adults andinfants), anes The term APC American PowerConversion( peritoneal dialysissystem arrhythmia detectorsand other purposes),autotransfusiondevic analyzers, nervestimulators(whether ordered asoptionson many Hospital-grade wiring devicesand its products inth under thecircumstances. and (c)theliabilityofAmer or damagehavebeenminimized,(b)t receives inwritingassu Inlife-supportapplic • Indirectpatient care. • oranyotherorganiz willnotknowinglysellits product canbereasonabl device ortoaffect significant life-support device e followingsituations: “critical”bythe rances satisfactoryto thesia ventilators,infusion ations wherefailureor alarms,pacemakers, ation. Thereforethese ons arecertifiedorlist s, neonatal ventilatorin ican PowerConversion includesbutisnotlim APC UPS products foruseinsuch APC y expectedtocaus ly its safetyoreffectiveness. ) doesnotrecommend leakage currentprotection maybe 190 systems. he customerassumesallsuchrisks, used foranesthesia,pain relief,or U.S. FDA U.S. es, bloodpumps, defibrillators, APC . malfunctionofthe hemodialysis systems, units donotmeet the ed ashospital-grade by APC e failureofthelife-support cubators, ventilators(for that(a)therisksofinjury ited toneonatal oxygen pumps, andanyother is adequatelyprotected doesnotclaimthat applicationsunlessit the useofany APC
Index A Remain in DHCP & BOOTP mode setting 172 About System 46 Status LED indicating BOOTP requests 13 Access BOOTP Only boot mode setting 86 Access Type setting for SNMP 100 Browsers FTP Server 91 CA certificates in browser’s limiting NMS SNMP access by store (cache) 133 IP address 99 supported web 37 security options for each interface 126 Access setting for RADIUS 117 C Actions 73 Advanced settings Certificates Client ID 172 choosing which method to use 135 Domain Name 172 creating and installing for SSL 135 Host Name 172 deleting 122 Port Speed 172 methods User Class 172 APC Security Wizard creates all Vendor Class 172 certificates 138 Advanced settings, TCP/IP 87 Use a Certificate Authority (CA) 140 Use the APC default certificate 136 Annunciator CipherSuite sequence for environment alarms 24 Choosing SSL encryption ciphers and hash APC Cookie 174 algorithms 107 APC OS 46 purpose of the algorithms and ciphers 134 Apply Local Computer Time 120 Client ID setting 88, 172 Authentication Community Name 76 SNMP Traps 76 SNMP 99 with SSL 133 config.ini file, contents 163 Auto Logout 113 Configuring proxy server before using Web interface 38 B SSH 92 SSL/TLS 104 Boot mode 170 Control Actions 49 settings 86 Control console BOOTP Device Manager menu 34 USER’S GUIDE MasterSwitch Plus After IP Assignment setting 172 navigating menus 33 Boot mode settings 86 refreshing menus 33 Communication settings 87 ® DHCP & BOOTP boot process 171 191 Cookie Reverse DNS Lookup 90 APC 174 sending any traps to an NMS 76 Customizing user configuration files 165 sending authentication traps to an NMS 76 use of a proxy server 38 Domain Name setting 87, 172 D Domain names Data log configuring 87 configuration 83 overriding expansion of importing into spreadsheet 70 host name to domain name 87 Log Interval setting 83 using FTP or SCP to retrieve 70 E Date & Time settings 120, 121 Delayed On E-mail sequence 25 configuring 77 Delete SSH Host Keys and SSL enabled by default for severe events 75 Certificates 122 enabling and disabling 80 Device IP configuration wizard Events menu option 75 using to update message format (long or short) 80 configuration settings 159, 169 setting up an account 80 Device Manager menu using for paging 79 control console 34 Email recipients 79 DHCP format 80 After IP Assignment setting 172 Enabling APC cookie 174 e-mail forwarding to external Boot mode settings 86 SMTP servers 80 Communication settings 87 e-mail to a recipient 80 Cookie Is setting 172, 173 Reverse DNS Lookup 90 DHCP & BOOTP boot process 171 sending any traps to an NMS 76 MasterSwitch Plus settings 171 sending authentication traps to an NMS 76 Remain in DHCP & BOOTP SSH 94 mode setting 172 Telnet 94 Require vendor specific cookie to accept Encryption DHCP Address setting 172, 173 with SSH and SCP 131 response options 174 with SSL 104 Retry Then Stop setting 173 Environment Alarms DHCP & BOOTP boot mode setting 86 annunciator sequence for 24 DHCP Only boot mode setting 86 graceful shutdown sequence 23 Error messages 39
USER’S GUIDE MasterSwitch Plus Disabling e-mail to a recipient 80 for firmware file transfer 187 event logging 74 from overridden values during
® .ini file transfer 168 192 Event Log G accessing 33 Event log Generation (e-mail recipients) 80 disabling 74 Graceful Reboot errors from overridden values during sequence 27 .ini file transfer 168 Graceful Shutdown using FTP del command 72 sequence for environment alarms 23 using FTP or SCP to retrieve 70 sequence for on-battery events 22 event.txt file contents 70 H importing into spreadsheet 70 Events menu Help Actions 73 About System option (Web interface) 46 E-mail (Web interface) 75 on control console 33 Event log 74 Host keys SNMP traps 75 creating 155 deleting 122 F file name and status 97 fingerprints Facility (Syslog setting) 101 displaying for versions 1 and 2 98 Fingerprints, displaying and comparing 93 generated by the Management Card 93 Firewall, as essential to security 142 transferring to the Firmware Management Card 93, 97 benefits of upgrading 178 Host Name setting 172 file transfer methods 181 Host Name, configuring 87 FTP or SCP 182 HTTP XMODEM 185 port 106 files for Network Management Card 178 protocol mode 105 obtaining the latest version 179 HTTPS upgrading 178 port 106 verifying upgrades and updates 187 protocol mode 105 versions displayed on main screen 30 Hyperlinks, defining 124 From Address 78 FTP 91 disabling when SCP is used 91 I using to retrieve text version of event or data Identification log 70 fields on main screen 31 ini files, See User configuration files USER’S GUIDE MasterSwitch Plus
® 193 IP addresses Help 46 of DNS server for e-mail 77 Links 124 of trap receivers 76 MasterSwitch Plus 48 to limit access to specified NMSs 99 Network 44 Outlets 48 K System 45, 111 keywords, user configuration file 163 N Network menu L FTP Server 91 Life support policy 190 SNMP 99 Links Syslog 101 redirecting user-definable links 47, 124 TCP/IP 85 Local SMTP server 80 Telnet/SSH 92 Lock icon indicating SSL is enabled 105 Web/SSL 104 Logging on NMS IP/Domain Name setting 99 control console 28 error messages for Web interface 39 O Web interface 36 Login date and time On Retry Failure setting 88 control console 31 On-battery Events Web interface 41 graceful shutdown sequence 22 OS, APC 46 Override keyword, in user configuration M file 163 Main screen displaying identification 31 P firmware values displayed 30 login date and time 31 Paging by using e-mail 79 status 32 Password change for security 128 Up Time 31 Passwords User access identification 31 default 36 Manual boot mode setting 86 for NMS that is a trap receiver 76 Map to Syslog’s Priorities 102 User Manager access 113 Menus using non-standards ports Control Console 34 as extra passwords 129
USER’S GUIDE MasterSwitch Plus Data 82 PDU, port assignment 129 Environment 56 Port (Syslog setting) 101 Events 44, 45 Port Speed setting 87, 172 ® 194 Ports S assigning 129 default SCP for FTP Server 91 enabled and configured for HTTP 106 with SSH 92, 132 for HTTPS 106 using to retrieve text version of event or data for SSH 95 log 70 for Telnet 95 Secondary NTP Server 121 using a non-default port Secondary Server for RADIUS 117 for FTP 91 for HTTP 106 Secondary Server Secret for RADIUS 117 for HTTPS 106 Section headings, user configuration for SSH 95 file 163 for Telnet 95 Secure CoPy. See SCP. Primary NTP Server 121 Secure Hash Algorithm (SHA) 107 Primary Server Secret setting Secure SHell. See SSH. for RADIUS 117 Secure Sockets Layer Primary Server setting for RADIUS 117 See SSL. Protocol Mode Security selecting for control console access 94 authentication selecting for Web access 105 authentication vs. encryption 130 Proxy servers through digital certificates with SSL 133 configuring not to proxy the MasterSwitch certificate-signing requests 134 Plus 38 disabling less secure interfaces 132 disabling use of 38 encryption with SSH and SCP 131 how certificates are used 144 How SSH host keys are used 144 R immediately changing username and Read access by an NMS 100 password 128 Reboot Management Interface 122 options for each interface 126 Receiver NMS IP/Domain Name 76 planning and implementing 130 Recipient’s SMTP server 80 SCP as alternative to FTP 132 SSL Reset Only TCP/IP to Defaults 122 choosing a method to use certificates 135 Reset to Defaults 122 CipherSuite algorithms and ciphers 134 Reset to Defaults Except TCP/IP 122 supported SSH clients 92 Retry Then Fail setting 88 using non-standards ports Retry Then Stop setting (DHCP) 173 as extra passwords 129 Reverse DNS Lookup 90 USER’S GUIDE MasterSwitch Plus Root certificates, creating 146
® 195 Security Wizard 143 SSL creating certificates authentication through digital without a Certificate Authority 146 certificates 133 creating server certificates certificate signing requests 134 to use with a Certificate Authority 151 encryption ciphers and hash algorithms 107 creating signing requests 151 Status creating SSH host keys 155 Environment sensors, Send DNS Query 89 input contacts 56 Server certificates on control console main screen 32 creating to use with a Syslog Certificate Authority 151 enabling and disabling 101 creating without a Certificate Authority 146 mapping event severity to Server IP/Domain Name (Syslog setting) Syslog priorities 102 101 settings 101 Severity levels of events 74 test 103 events with no severity level 74 System Signing requests information, obtaining 46 creating 151 System menu SMTP About System option (control console) 46 From Address 78 RADIUS 116 server 78, 80 settings 117 SNMP Tools 122 Access Type setting 100 User Manager 113 Authentication Traps 76 Community Name setting 99 T enabling and disabling 99 NMS IP/Domain Name setting 99 TCP/IP SNMP traps option 75 Advanced settings 87 SSH Boot mode 86 configuring 92 Client ID setting 88, 172 enabling 92 Current settings fields 85 encryption 131 default gateway 85, 86 fingerprints, displaying and comparing 93 defining settings for the Management host key Card 85 as identifier that cannot be falsified 131 Domain Name setting 87, 172 creating 155 Host Name setting 87, 172 file name and status 97 On Retry Failure setting 88 transferring to the Management Card 93 Port Speed setting 87, 172
USER’S GUIDE MasterSwitch Plus modifying the Port setting 95, 106 restoring default settings 122 obtaining an SSH client 92 Retry Then Fail setting 88 server configuration 96 ® v1 and v2 Encryption Algorithms 96 196 setting port assignments for extra Upgrading firmware security 129 without using a utility 178 subnet mask 85, 86 URL address formats 39 system IP address 85, 86 User access identification, control User Class setting 88, 172 console interface 31 Vendor Class setting 87, 172 User Class setting 88, 172 Telnet/SSH User configuration files Access option 94 contents 163 host key customizing 165 displaying fingerprints 98 exporting system time separately 165 file name and status 97 messages for undiscovered option in Network menu 92 devices 168 selecting the protocol mode 94 overriding device-specific values 163 SSH Port option 95 system event and error messages 167 SSHv1 and v2 Encryption Algorithms 96 using the APC utility to retrieve Telnet Port option 95 and transfer the files 164, 184 Testing the network connection to the DNS User Manager 113 server 89 Auto Logout 113 Time Zone 121 Password 113 Timeout setting for RADIUS 117 User Name 113 To address 79 User Name Tools menu 122 change immediately for security 128 File Transfer 123 defaults 36 Transport Layer Security (TLS) 133 User Manager access 113 Trap Generation 76 Trap Receivers V Authentication Traps 76 Community Name 76 Vendor Class setting 87, 172 Receiver NMS IP/Domain Name 76 Vendor Specific Information Trap Generation 76 Cookies 174 Troubleshooting proxy server problems 38 W U Web interface enable or disable protocols 105 Up Time logging on 36 control console main screen 31 logon error messages 39 Web interface 41 USER’S GUIDE MasterSwitch Plus Update Interval 121
® 197 Modifying the Port setting for FTP 91 for HTTP 106 for HTTPS 106 for SSH 95 for Telnet 95 Up Time 41 URL address formats 39 X XMODEM 123 USER’S GUIDE MasterSwitch Plus
® 198 APC Worldwide Customer Support
Customer support for this or any other APC product is available at no charge in any of the following ways: • Visit the APC Web site to access documents in the APC Knowledge Base and to submit customer support requests. – www.apc.com (Corporate Headquarters) Connect to localized APC Web sites for specific countries, each of which provides customer support information. – www.apc.com/support/ Global support searching APC Knowledge Base and using e-support. • Contact an APC Customer Support center by telephone or e-mail. – Regional centers:
Direct InfraStruXure Customer (1)(877)537-0607 (toll free) Support Line
APC headquarters U.S., Canada (1)(800)800-4272 (toll free)
Latin America (1)(401)789-5735 (USA)
Europe, Middle East, Africa (353)(91)702000 (Ireland)
Japan (0) 35434-2021
Australia, New Zealand, South (61) (2) 9955 9366 Pacific area (Australia)
– Local, country-specific centers: go to www.apc.com/support/ contact for contact information.
Contact the APC representative or other distributor from whom you USER’S GUIDE MasterSwitch Plus purchased your APC product for information on how to obtain local customer support. ® 199 Copyright
Entire contents © 2005 American Power Conversion. All rights reserved. Reproduction in whole or in part without permission is prohibited. APC, the APC logo, InfraStruXure, PowerNet, and MasterSwitch are trademarks of American Power Conversion Corporation and may be registered in some jurisdictions. All other trademarks, product names, and corporate names are the property of their respective owners and are used for informational purposes only.
990-6012D 05/2005 USER’S GUIDE MasterSwitch Plus
® 200