Eaton is a registered trademark of Eaton Corporation or its subsidiaries and affiliates.
Phillips and Pozidriv are a registered trademarks of Phillips Screw Company.
National Electrical Code and NEC are registered trademarks of National Fire Protection Association, Inc.
Microsoft®, Windows®, and Windows Server® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
UNIX® is a registered trademark of The Open Group.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions.
Google™ is a trademark of Google Inc.
All other trademarks are properties of their respective companies.
©Copyright 2019 Eaton Corporation. All rights reserved.
No part of this document may be reproduced in any way without the express written approval of Eaton Corporation.
1 Table of Contents
1TABLE OF CONTENTS.........................................................................................................................................4
2INSTALLING THE NETWORK MANAGEMENT MODULE...................................................................................9
2.1Unpacking the Network module..............................................................................................................................................9
2.2Mounting the Network Module...............................................................................................................................................9
2.3Accessing the Network Module............................................................................................................................................10
2.3.1Accessing the web interface through Network...............................................................................................................10
2.3.2Finding and setting the IP address..................................................................................................................................10
2.3.3Accessing the web interface through RNDIS..................................................................................................................11
2.3.4Accessing the card through serial terminal emulation.....................................................................................................14
2.3.5Modifying the Proxy exception list..................................................................................................................................16
2.4Configuring the Network Module settings............................................................................................................................18
2.4.1Menu structure................................................................................................................................................................18
3CONTEXTUAL HELP OF THE WEB INTERFACE...............................................................................................20
3.1Login page............................................................................................................................................................................. 20
3.1.1Logging in for the first time.............................................................................................................................................20
3.1.2Troubleshooting...............................................................................................................................................................20
3.2Home.....................................................................................................................................................................................21
3.2.1Menu structure................................................................................................................................................................22
3.2.2Energy flow diagram examples.......................................................................................................................................24
3.2.3Access rights per profiles................................................................................................................................................31
3.3Meters................................................................................................................................................................................... 31
3.3.1Main utility input..............................................................................................................................................................32
3.3.2Second utility input (if available)...................................................................................................................................... 32
3.3.3Output.............................................................................................................................................................................33
3.3.4Battery status..................................................................................................................................................................33
3.3.5Battery health..................................................................................................................................................................34
3.3.6Logs.................................................................................................................................................................................35
3.3.7Default settings and possible parameters - Meters........................................................................................................ 35
3.3.8Access rights per profiles................................................................................................................................................36
3.4Controls.................................................................................................................................................................................36
3.4.1Entire UPS.......................................................................................................................................................................36
3.4.2Outlets - Group 1/ Group 2..............................................................................................................................................37
3.4.3Scheduled shutdown.......................................................................................................................................................38
3.5Protection..............................................................................................................................................................................39
3.5.1Agents list........................................................................................................................................................................39
3.5.2Agent shutdown sequencing...........................................................................................................................................44
3.5.3Shutdown on power outage............................................................................................................................................47
3.6Environment..........................................................................................................................................................................54
3.6.1Commissioning/Status.....................................................................................................................................................54
3.6.2Alarm configuration.........................................................................................................................................................58
3.6.3Information......................................................................................................................................................................62
3.7Settings.................................................................................................................................................................................63
3.7.1General............................................................................................................................................................................63
3.7.2Local users......................................................................................................................................................................70
3.7.3Remote users.................................................................................................................................................................. 74
3.7.4Network & Protocol.........................................................................................................................................................84
3.7.5SNMP..............................................................................................................................................................................91
3.7.6Certificate........................................................................................................................................................................98
3.8Maintenance........................................................................................................................................................................107
3.8.1Firmware.......................................................................................................................................................................107
3.8.2Services......................................................................................................................................................................... 110
3.8.3Resources......................................................................................................................................................................116
3.8.4System logs...................................................................................................................................................................118
3.8.5System information.......................................................................................................................................................119
3.9Legal information.................................................................................................................................................................120
3.9.1Component....................................................................................................................................................................120
3.9.2Availability of source code.............................................................................................................................................120
3.9.3Notice for proprietary elements.....................................................................................................................................120
3.9.4Access rights per profiles..............................................................................................................................................121
3.10Alarms.................................................................................................................................................................................121
3.10.1Alarm sorting.................................................................................................................................................................121
3.10.2Active alarm counter......................................................................................................................................................122
3.10.3Alarm details..................................................................................................................................................................122
3.10.4Alarm paging..................................................................................................................................................................122
3.10.5Export............................................................................................................................................................................122
3.10.6Clear..............................................................................................................................................................................122
3.10.7Alarms list with codes...................................................................................................................................................122
3.10.8Access rights per profiles..............................................................................................................................................123
3.11User profile.......................................................................................................................................................................... 123
3.11.1Access to the user profile..............................................................................................................................................123
3.11.2User profile.................................................................................................................................................................... 123
3.11.3Default settings and possible parameters - User profile............................................................................................... 125
3.11.4Access rights per profiles..............................................................................................................................................126
3.11.5CLI commands..............................................................................................................................................................126
3.11.6Troubleshooting.............................................................................................................................................................127
3.12Documentation....................................................................................................................................................................128
3.12.1Access to the embedded documentation.....................................................................................................................128
3.12.2Access rights per profiles..............................................................................................................................................128
4SERVICING THE NETWORK MANAGEMENT MODULE.................................................................................129
4.1Configuring/Commissioning/Testing LDAP.........................................................................................................................129
4.1.1Commissioning..............................................................................................................................................................129
4.1.2Testing LDAP authentication.........................................................................................................................................130
4.1.3Limitations..................................................................................................................................................................... 130
4.2Pairing agent to the Network Module................................................................................................................................. 130
4.2.1Pairing with credentials on the agent............................................................................................................................131
4.2.2Pairing with automatic acceptance (recommended if done in a secure and trusted network)...................................... 131
4.2.3Pairing with manual acceptance....................................................................................................................................131
4.3Powering down/up applications (examples)........................................................................................................................132
4.3.1Powering down IT system in a specific order............................................................................................................... 132
4.3.2Powering down non-priority equipment first.................................................................................................................135
4.3.3Restart sequentially the IT equipment on utility recovery.............................................................................................138
4.4Checking the current firmware version of the Network Module.........................................................................................139
4.5Accessing to the latest Network Module firmware/driver/script.........................................................................................139
4.6Upgrading the card firmware (Web interface / shell script).................................................................................................140
4.6.1Web interface................................................................................................................................................................ 140
4.6.2Shell script..................................................................................................................................................................... 140
4.6.3Example:........................................................................................................................................................................140
4.7Changing the RTC battery cell.............................................................................................................................................141
4.8Updating the time of the Network Module precisely and permanently (ntp server)...........................................................143
4.9Synchronizing the time of the Network Module and the UPS.............................................................................................143
4.9.1Automatic time synchronization....................................................................................................................................143
4.9.2Manual time synchronization.........................................................................................................................................143
4.10Changing the language of the web pages...........................................................................................................................143
4.11Resetting username and password.....................................................................................................................................144
4.11.1As an admin for other users..........................................................................................................................................144
4.11.2Resetting its own password..........................................................................................................................................144
4.12Recovering main administrator password...........................................................................................................................144
4.13Switching to static IP (Manual) / Changing IP address of the Network Module..................................................................145
4.14Reading device information in a simple way.......................................................................................................................145
4.14.1Web page......................................................................................................................................................................145
4.15Subscribing to a set of alarms for email notification............................................................................................................146
4.15.1Example #1: subscribing only to one alarm (load unprotected).....................................................................................146
4.15.2Example #2: subscribing to all Critical alarms and some specific Warnings.................................................................147
4.16Saving/Restoring/Duplicating Network module configuration settings............................................................................... 148
4.16.1Modifying the JSON configuration settings file.............................................................................................................148
4.16.2Saving/Restoring/Duplicating settings through the CLI.................................................................................................155
4.16.3Saving/Restoring/Duplicating settings through the Web interface................................................................................155
5SECURING THE NETWORK MANAGEMENT MODULE..................................................................................156
5.1Cybersecurity considerations for electrical distribution systems........................................................................................156
5.1.1Purpose.........................................................................................................................................................................156
5.1.2Introduction...................................................................................................................................................................156
5.1.3Connectivity—why do we need to address cybersecurity for industrial control systems (ICS)?..................................156
5.1.4Cybersecurity threat vectors......................................................................................................................................... 156
5.1.5Defense in depth........................................................................................................................................................... 157
5.1.6Designing for the threat vectors....................................................................................................................................158
5.1.7Policies, procedures, standards, and guidelines............................................................................................................160
5.1.8Conclusion..................................................................................................................................................................... 162
5.1.9Terms and definitions....................................................................................................................................................162
5.1.10Acronyms......................................................................................................................................................................162
5.1.11References....................................................................................................................................................................163
5.2Cybersecurity recommended secure hardening guidelines................................................................................................ 164
5.2.1Introduction...................................................................................................................................................................164
5.2.2Secure configuration guidelines....................................................................................................................................164
5.2.3References....................................................................................................................................................................167
5.3Configuring user permissions through profiles....................................................................................................................168
5.4Decommissioning the Network Management module....................................................................................................... 168
6SERVICING THE EMP......................................................................................................................................169
6.1Installing the EMP...............................................................................................................................................................169
6.1.1Mounting the EMP........................................................................................................................................................169
6.2Using the EMP for temperature compensated battery charging.........................................................................................171
6.2.1Addressing the EMP......................................................................................................................................................171
6.2.2Commissioning the EMP...............................................................................................................................................171
6.2.3Enabling temperature compensated battery charging in the UPS.................................................................................171
7INFORMATION.................................................................................................................................................172
7.1Front panel connectors and LED indicators.........................................................................................................................172
7.2Specifications/Technical characteristics.............................................................................................................................. 173
7.3Default settings and possible parameters...........................................................................................................................174
7.3.1Settings.........................................................................................................................................................................174
7.3.2Meters........................................................................................................................................................................... 180
7.3.3Sensors alarm configuration..........................................................................................................................................180
7.3.4User profile.................................................................................................................................................................... 181
7.4Access rights per profiles....................................................................................................................................................182
7.4.1Home.............................................................................................................................................................................182
7.4.2Meters........................................................................................................................................................................... 182
7.4.3Controls.........................................................................................................................................................................182
7.4.4Protection......................................................................................................................................................................182
7.4.5Environment..................................................................................................................................................................183
7.4.6Settings.........................................................................................................................................................................183
7.4.7Maintenance..................................................................................................................................................................184
7.4.8Legal information...........................................................................................................................................................184
7.4.9Alarms...........................................................................................................................................................................184
7.4.10User profile.................................................................................................................................................................... 185
7.4.11Contextual help..............................................................................................................................................................185
7.4.12CLI commands..............................................................................................................................................................185
7.5List of event codes.............................................................................................................................................................. 187
7.5.1System log codes.......................................................................................................................................................... 187
7.5.2UPS(HID) alarm log codes.............................................................................................................................................191
7.5.39130 UPS(XCP) alarm log codes....................................................................................................................................196
7.5.4ATS alarm log codes......................................................................................................................................................200
7.5.5EMP alarm log codes.....................................................................................................................................................202
7.5.6Network module alarm log codes..................................................................................................................................203
7.6SNMP traps.........................................................................................................................................................................204
7.6.1UPS Mib........................................................................................................................................................................204
7.6.2ATS Mib.........................................................................................................................................................................206
7.6.3Sensor Mib....................................................................................................................................................................207
7.7CLI.......................................................................................................................................................................................207
7.7.1Commands available......................................................................................................................................................208
7.7.2Contextual help..............................................................................................................................................................208
7.7.3get release info..............................................................................................................................................................209
7.7.4history............................................................................................................................................................................209
7.7.5logout.............................................................................................................................................................................210
7.7.6maintenance.................................................................................................................................................................. 210
7.7.7netconf..........................................................................................................................................................................210
7.7.8ping and ping6...............................................................................................................................................................212
7.7.9reboot............................................................................................................................................................................213
7.7.10save_configuration | restore_configuration....................................................................................................................214
7.7.11sanitize...........................................................................................................................................................................214
7.7.12ssh-keygen....................................................................................................................................................................215
7.7.13time...............................................................................................................................................................................215
7.7.14traceroute and traceroute6............................................................................................................................................216
7.7.15whoami..........................................................................................................................................................................217
7.7.16email-test.......................................................................................................................................................................217
7.7.17systeminfo_statistics.....................................................................................................................................................218
7.7.18certificates.....................................................................................................................................................................219
7.8Legal information.................................................................................................................................................................220
7.8.1Availability of Source Code............................................................................................................................................220
7.8.2Notice for Open Source Elements.................................................................................................................................220
7.8.3Notice for our proprietary (i.e. non-Open source) elements..........................................................................................221
7.9Acronyms and abbreviations...............................................................................................................................................222
8TROUBLESHOOTING.......................................................................................................................................225
8.1Action not allowed in Control/Schedule/Power outage policy.............................................................................................225
8.1.1Symptom....................................................................................................................................................................... 225
8.1.2Possible Cause..............................................................................................................................................................225
8.1.3Action............................................................................................................................................................................225
8.2Card wrong timestamp leads to "Full acquisition has failed" error message on Software................................................... 225
8.2.1Symptoms:....................................................................................................................................................................225
8.2.2Possible cause:..............................................................................................................................................................225
8.2.3Action:...........................................................................................................................................................................225
8.3Client server is not restarting..............................................................................................................................................225
8.3.1Symptom....................................................................................................................................................................... 225
8.3.2Possible Cause..............................................................................................................................................................225
8.3.3Action............................................................................................................................................................................226
8.4EMP detection fails at discovery stage............................................................................................................................... 226
8.4.1Symptom #1.................................................................................................................................................................. 226
8.4.2Symptom #2.................................................................................................................................................................. 226
8.5How do I log in if I forgot my password?............................................................................................................................ 227
8.5.1Action............................................................................................................................................................................227
8.6Software is not able to communicate with the Network module........................................................................................227
8.6.1Symptoms.....................................................................................................................................................................227
8.6.2Possible cause...............................................................................................................................................................227
8.6.3Setup.............................................................................................................................................................................227
8.6.4Action #1.......................................................................................................................................................................227
8.6.5Action #2.......................................................................................................................................................................228
8.7LDAP configuration/commissioning is not working.............................................................................................................228
8.8Password change in My profile is not working....................................................................................................................228
8.8.1Symptoms.....................................................................................................................................................................228
8.8.2Possible cause...............................................................................................................................................................228
8.8.3Action............................................................................................................................................................................228
8.9SNMPv3 password management issue with Save and Restore.........................................................................................228
8.9.1Affected FW versions....................................................................................................................................................228
8.9.2Symptom....................................................................................................................................................................... 229
8.9.3Cause.............................................................................................................................................................................229
8.9.4Action............................................................................................................................................................................229
8.10The alarm list has been cleared after an upgrade................................................................................................................229
8.10.1Symptom....................................................................................................................................................................... 229
8.10.2Action............................................................................................................................................................................229
8.11The Network Module fails to boot after upgrading the firmware........................................................................................229
8.11.1Possible Cause..............................................................................................................................................................229
8.11.2Action............................................................................................................................................................................230
8.12Web user interface is not up to date after a FW upgrade...................................................................................................230
8.12.1Symptom....................................................................................................................................................................... 230
Unpacking the Network module
Installing the Network Management Module – 9
•
•
•
•
2 Installing the Network Management Module
2.1 Unpacking the Network module
The
Unable to render include or excerpt-include. Could not retrieve page.
will include the following accessories:
QuickStart
USB AM to Micro USB/M/5P 5ft Cable
2.2 Mounting the Network Module
The Network Module is hot-swappable. Inserting and/or extracting the Network Module from the communication slot of theproduct
has no effect on the output.
Remove the two screws securing the option slot cover plate and store the plate for possible future use.
Install theNetwork Module along the alignment channels in the option slot.
Secure the Network Module using the two screws.
Packing materials must be disposed of in compliance with all local regulations concerning waste.
Recycling symbols are printed on the packing materials to facilitate sorting.
It is not necessary to power down theDevice before installing the Network Module. Required tools: No. 2 Phillips
screwdriver.
If theproduct is powered up, you can verify that the Network
Module is seated properly and communicating with theproduct by
checking that the Status ON LEDflashes green after 2 minutes.
Accessing the Network Module
Installing the Network Management Module – 10
•
•
2.3 Accessing the Network Module
2.3.1 Accessing the web interface through Network
2.3.1.1 Connecting the network cable
Connect a standard
gigabit compatible shielded ethernetcable (F/UTP or F/FTP)
between the network connector on theNetwork Module and a
network jack.
2.3.1.2 Accessing the web interface
STEP 1 –On a network computer, launch a supported web browser. The browser window appears.
STEP 2 –In the Address/Location field, enterhttps://
[IPaddress]
with the static IP address of the Network Module.
STEP 3 –The login screen appears.
STEP 4 –Enter the user name in the User Name field. The default user name is admin.
STEP 5 –Enter the password in the Password field. The default password is admin.
STEP 6 –The password must be changed at first login.
STEP 7 –Click Login. The Network Module web interface appears.
2.3.2 Finding and setting the IP address
2.3.2.1 Your network is equipped with a BOOTP/DHCP server (default)
2.3.2.1.1 Read from the device LCD
If your device has an LCD, from the LCD’s menu, navigate to Identification>>>"COM card IPv4".
Note the IP address of the card.
Go to the section: Accessing the web interface through Network.
Security settings in the Network Module may be in their default states.
For maximum security, configure through a USB connection before connecting the network cable.
It is highly recommended that browser access to the Network Module is isolated from outside access using a
firewall or isolated network.
Note: some older Devices may not be able to display the IP address even if they have an LCD. Please consult the
Device manual.
Accessing the Network Module
Installing the Network Management Module – 11
•
•
•
•
•
•
2.3.2.1.2 With web browser throughthe configuration port
For example, if your device does not have an LCD, the IP address can be discovered by accessing the web interface through RNDIS
andbrowsing to Settings>Network.
To access the web interface through RNDIS, see the
Accessing the web interface through RNDISsection.
Navigate toContextual help>>>Settings>>>Network & Protocol>>>IPV4.
Read the IPv4 settings.
2.3.2.2 Your network is not equipped with a BOOTP/DHCP server
2.3.2.2.1 Define from the configuration port
The IP address can be defined by accessing the web interface through RNDIS.
To access web interface through RNDIS, see the
Accessing the web interface through RNDISsection.
Define the IP settings:
Navigate toContextual help>>>Settings>>>Network & Protocol>>>IPV4.
Select Manual (Static IP).
Input the following information: Address, Subnet Mask, Default Gateway
Save the changes.
2.3.3 Accessing the web interface through RNDIS
This connection is used to access and configure the Network Module network settings locally through a RNDIS(Ethernet over USB
interface).
2.3.3.1 Connecting the configuration cable
1. Connect the Micro-B to USB cable to a USB connector on the host computer.
2. Connect the cable to the Settings connector on theNetwork Module.
2.3.3.2 Web interface access through RNDIS
2.3.3.2.1 Configuring the RNDIS
a Automatic configuration
RNDIS driver is used to emulate a network connection from USB.
After the card is connected to the PC, Windows® OS will automatically search for the RNDIS driver.
On some computers, the OS can find the RNDIS driver then configuration is completed, and you can go to
Accessing the web interface.
On some others it may fail then proceed to manual configuration.
Accessing the Network Module
Installing the Network Management Module – 12
b Manual configuration
STEP 1 –In case Windows® OS fails to find driver automatically, go to theWindows control panel>Network and sharing
center>Local area connection
STEP 2 –Right click on the RNDIS local area connection and select Properties.
STEP 3 –Select Internet Protocol Version 4 (TCP/IPv4)” and press the Properties button
Accessing the Network Module
Installing the Network Management Module – 14
2.3.3.2.2 Accessing the web interface
STEP 1 –Be sure that the Deviceis powered on.
STEP 2 – On the host computer, download the rndis.7z file from the website www.eaton.com/downloads and extract it. For more
information, navigate toServicing the Network Management Module>>>Accessing to the latest Network Module firmware/
driversection.
STEP 3 – Launch setProxy.bat to add 169.254.* in proxy’s exceptions list, if needed. For manual configuration, navigate to Installing
the Network Management Module>>>Accessing the Network Module>>>Modifying the Proxy exception list
section in the full
documentation.
STEP 4 –Launch a supported browser, the browser window appears.
STEP 5 –In the Address/Location field, enter: https://169.254.0.1, the static IP address of the Network Module for RNDIS. The log
in screen appears.
STEP 6 –Enter the user name in the User Name field. The default user name isadmin.
STEP 7 –Enter the password in the Password field. The default password isadmin.
STEP 8 –ClickLogin. The Network Module local web interface appears.
2.3.4 Accessing the card through serial terminal emulation
This connection is used to access and configure the Network Module network settings locally through Serial (Serial over USB
interface).
Accessing the Network Module
Installing the Network Management Module – 15
2.3.4.1 Connecting the configuration cable
STEP 1 – Connect the Micro-B to USB cable to a USB connector on the host computer.
STEP 2 – Connect the cable to the Settings connector on theNetwork Module.
2.3.4.2 Manual configuration of the serial connection
STEP 1 –On the host computer,download therndis.7z file from the website www.eaton.com/downloads and extract it.
STEP 2 – Plug the USB cable and go toWindows® Device Manager.
STEP 3 – Check the CDC Serial in the list, if it is with a yellow exclamation mark implying that driver has not been installed follow
the steps 4-5-6-7 otherwise configuration is OK.
STEP 4 – Right click on it and select Update Driver Software. When prompted to choose how to search for device driver software,
choose Browse my computer for driver software. Select Let me pick from a list of device drivers on my computer.
STEP 5 – Select the folder where you have previously downloaded the driver file Click on Next.
Serial driver is used to emulate a serial connection from USB.
After the card is connected to the PC, manual configuration of the driver is needed for
Windows® OS to discover
the serial connection.
Accessing the Network Module
Installing the Network Management Module – 16
•
•
•
•
STEP 6 – A warning window will come up because the driver is not signed. Select Install this driver software anyway
STEP 7 – The installation is successful when the COM port number is displayed for the Gadget Serial device in theWindows®
Device Manager.
2.3.4.3 Accessing the card through Serial
It is intended mainly for automated configuration of the network and time settings of the network card. It can also be used for
troubleshooting and remote reboot/reset of the network interface in case the web user interface is not accessible.
CLI can be accessed through:
SSH
Serial terminal emulation.
For more details, refer to
Information>>>CLIsection
2.3.5 Modifying the Proxy exception list
To connect to the Network Module via a USB cable and your system uses a Proxy server to connect to the internet, the proxy
settings can reject the IP address 169.254.0.1.
The 169.254. * Sequence is used to set up communication with devices via a physical connection.
To activate this connection, exceptions will have to be made in the proxy settings.
Open Internet Explorer
Navigate to settings, Internet options;
Changing network parameters may cause the card to become unavailable remotely. If this happens it can only be
reconfigured locally through USB.
You can see this list of available commands by typing in the CLI:
?
You can see the help by typing in the CLI:
help
Configuring the Network Module settings
Installing the Network Management Module – 18
•
•
•
Press OK.
Close Internet Explorer and re-open it.
Now you can access the address 169.254.0.1 with Internet Explorer and any other browser.
2.4 Configuring the Network Module settings
Use the web interface to configure the Network Module. The main web interface menus are described below:
2.4.1 Menu structure
Home:Overview and status oftheDevice(Active alarms, Outlet status, ...).
Meters:Power quality meters and logs.
Controls:Device and outlets control.
Protection:Agents list, Agents shutdown sequencing, Shutdown on power outage.
Configuring the Network Module settings
Installing the Network Management Module – 19
Unable to
render
include or
excerpt-
include.
Could not
retrieve
page.
Environment: Commissioning/Status, Alarm configuration, Information.
Settings:Network Module settings.
Maintenance:Firmware, Services, Resources, System logs.
Legal:Legal information, Availability of source code, Notice for proprietary elements.
Profile:Displays user profile, password change, account information and logout.
Help:Opens full documentation in a separate browser page.
Alarms:Open alarm page and displays the number of active alarms.
Login page
Contextual help of the web interface – 20
•
•
3 Contextual help of the web interface
3.1 Login page
The page language is set toEnglish
by default but can be switched tobrowser language when it is managed.
After navigating to theassigned IP address, accept the untrusted certificate on the browser.
3.1.1 Logging in for the first time
3.1.1.1 1.Enter default password
As you are logging into the Network Module for the first time you must enter the factory set default username and password.
Username = admin
Password = admin
3.1.1.2 2. Change default password
Changing the default password is mandatory and requested in a dedicated window.
Enter your current password first, and then enter the new password twice.
Follow the password format recommendations on the tooltip in order to define a secure password.
3.1.1.3 3. Accept license agreement
On the next step, License Agreement is displayed.
Read and accept the agreement to continue.
3.1.2 Troubleshooting
How do I log in if I forgot my password?
Home
Contextual help of the web interface – 21
•
•
•
•
Action
Askyour administrator for password initialization.
If you are the mainadministrator, yourpasswordcan be reset manually by following steps described in the
Servicing
the Network Management Module>>>Recovering main administrator password .
Web user interface is not up to date after a FW upgrade
Symptom
After an upgrade:
The Web interface is not up to date
New features of the new FW are not displayed
Possible causes
The browser is displaying the Web interface through the cache that contains previous FW data.
Action
Empty the cache of your browser using F5 or CTRL+F5.
3.1.2.1 For other issues
3.2 Home
The Home screen providesstatus informationfor the deviceincluding key measures andactive alarms.
For details on other issues, see the Troubleshooting section.
Home
Contextual help of the web interface – 22
The included page could not be found.
3.2.1 Menu structure
Home:Overview and status oftheDevice(Active alarms, Outlet status, ...).
Meters:Power quality meters and logs.
Controls:Device and outlets control.
Protection:Agents list, Agents shutdown sequencing, Shutdown on power outage.
Unable to render {include}
Home
Contextual help of the web interface – 23
Unable to
render
include or
excerpt-
include.
Could not
retrieve
page.
Environment: Commissioning/Status, Alarm configuration, Information.
Settings:Network Module settings.
Maintenance:Firmware, Services, Resources, System logs.
Legal:Legal information, Availability of source code, Notice for proprietary elements.
Profile:Displays user profile, password change, account information and logout.
Help:Opens full documentation in a separate browser page.
Alarms:Open alarm page and displays the number of active alarms.
The included page could not be found.
The included page could not be found.
The included page could not be found.
Error rendering macro 'include'
com.atlassian.renderer.v2.macro.MacroException: No page title provided.
Unable to render {include}
Unable to render {include}
Unable to render {include}
Meters
Contextual help of the web interface – 31
3.2.2.4 ATS
3.2.2.4.1 Normal mode
3.2.2.4.2 Prefered source missing
3.2.3 Access rights per profiles
AdministratorOperatorViewer
Home
3.2.3.1 For other access rights
3.3 Meters
For other access rights, see the Information>>>Access rights per profiles section.
Gauge color code:
Meters
Contextual help of the web interface – 32
•
•
•
•
3.3.1 Main utility input
Displays the product main utility measures.
Current (A)
Voltage (V)
3.3.2 Second utility input (if available)
If presents, displays the product second utility measures.
Current (A)
Voltage (V)
•
•
•
Green: Value inside thresholds.
Orange/Red: Value outside thresholds.
Grey: No thresholds provided by the device.
Meters
Contextual help of the web interface – 33
•
•
•
•
•
•
•
3.3.3 Output
Voltage (V)
Power (W)
Current (A)
3.3.4 Battery status
Battery status section is an overviewof the battery information.
3.3.4.1 Overview/Environment
Type
Nominal capacity
Nominal voltage
Capacity remaining
The information displayed depends on the device.
Meters
Contextual help of the web interface – 34
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Runtime
State
Recommended replacement date
State of health
Voltage
Current
Temperature
Min cell voltage
Max cell voltage
Number of cycles
Min temperature
Max temperature
BMS state
3.3.5 Battery health
Battery health section provides status of the battery andallow to launch a battery test.
The status reflects thelast completed battery test result,as well as itscritical status (color) and completion time.
Pass
Warning
Fail
Unknown
3.3.5.1 Commands
Launch test
button is disabled if a battery test is already in progress or scheduled.
TheAbort test
button is enabled only when a test is in progress or scheduled.
3.3.5.2 Pending action
The pending action reflects thebattery test status
.
None
Scheduled
In progress
Aborted
Done
Meters
Contextual help of the web interface – 35
•
•
•
•
•
•
•
•
•
•
•
•
•
•
3.3.6 Logs
This log configuration allows to define the log acquisition frequency of the Device measures only.
3.3.6.1 Download
Press the
icon on the top right to download the Device log file.
If available, possible measures are listed below:
Input Voltage (V)
Input Frequency (Hz)
Bypass Voltage (V)
Bypass Frequency (Hz)
Output Voltage (V)
Output Frequency (Hz)
Output Current (A)
Output Apparent Power (VA)
Output Active Power (W)
Output Power Factor
Output Percent Load (%)
Battery Voltage (V)
Battery Capacity (%)
Battery Remaining Time (s)
3.3.7 Default settings and possible parameters - Meters
Default settingPossible parameters
Meters/LogsLog measures every—60sLog measures every — 3600s maximum
3.3.7.1 For other settings
The sensors measures logs acquisition is not settable and done every minutes. Sensors measures logs are
accessible in Environment menu.
For other settings, see the Information>>>Default settings parameters section.
Controls
Contextual help of the web interface – 36
•
•
•
3.3.8 Access rights per profiles
AdministratorOperatorViewer
Meters
Battery health: Launch test/Abort
Logs configuration
3.3.8.1 For other access rights
3.4 Controls
3.4.1 Entire UPS
Controls are displayed for the entire UPS, and not for specific outlet options.
The table in this section displays UPS status, the associated commands (on/off), and the pending action.
3.4.1.1 Status
Reflects the current mode of the UPS.The following is a list of potential table values that are displayed based on the UPS topology.
On— Protected/Not protected
Off— Not powered/Not protected
3.4.1.2 Commands
A setof commands are available and activated when one of the followingbuttons is pressed.A confirmation window appears.
Safe OFF
This will shut off the load. Protected applications will be safely powered down.
This control is available only if the status is not OFF and if there are no active commands running.
For other access rights, see the Information>>>Access rights per profiles section.
Controls
Contextual help of the web interface – 37
•
•
•
•
•
•
•
Safe reboot
This will shut off and then switch ON the load. Protected applications will be safely powered down.
This control is available only if the status is not OFF and if there are no active commands running.
Switch ON
This will switch ON the load or turn ON the online UPS.
This control is available when the status is OFF, if there are no active commands running and if the Online UPS is on bypass.
3.4.1.3 Pending action
Displays the delay before shutdown and delays before startup.
3.4.2 Outlets - Group 1/ Group 2
Load segmentations allow, battery runtime to remain on essential equipment and automatically power down non-priority equipment
during an extended power outage.
This feature is also used for remote reboot and the sequential start of servers to restrict inrush currents.
3.4.2.1 Status
It reflects the current outlet status.
On — Protected/Not protected
Off — Not powered
3.4.2.2 Commands
A setof commands are available and activated when one of the following buttons is pressed.A confirmation window appears.
Safe OFF
This will shut off the load connected to the associated load segment. Protected applications are safely powered down.
This control is available only if the status is not OFF and if there are no active commands running.
Safe reboot
This will power down and then switch ON the load connected to the associatedload segment. Protected applications are
safely powered down.
This control is available only if the status is not OFF and if there are no active commands running.
Switch ON
This will switch ON the load connected to the associatedload segment.
This control is available when status is OFFand if there are no active commands running.
Controls
Contextual help of the web interface – 38
•
•
•
•
•
3.4.2.3 Pending action
Displays the delay before shutdown and delay before startup.
3.4.3 Scheduled shutdown
Use Scheduled shutdowns to turn off either the UPS or individual load segments at a specific day and time.
This feature is used for saving energy by turning off equipment outside of office hours or to enhance cybersecurity by powering
down network equipment.
If server shutdown scenarios are defined for any of the connected servers or appliances, they will be triggered before the
corresponding outlets are turned off as configured in shutdown settings.
3.4.3.1 Scheduled shutdown table
The table displays the scheduled shutdowns and includes the following details:
Recurrence–Once/Every day/Every week
Load segment –Primary/Group 1/Group 2
Shutdown time –Date/Time
Restart time –Date/Time
Active –Yes/No
3.4.3.2 Actions
3.4.3.2.1 New
Press the
New button to create a scheduled shutdown.
3.4.3.2.2 Delete
Select a schedule shutdown and press the
Delete
button to delete the scheduled shutdown.
3.4.3.2.3 Edit
Press the pen iconto editschedule shutdown and to access the settings:
3.4.3.3 Access rights per profiles
AdministratorOperatorViewer
Protection/Scheduled
shutdowns
Protection
Contextual help of the web interface – 39
3.4.3.3.1 For other access rights
3.4.3.4 Troubleshooting
Action not allowed in Control/Schedule/Power outage policy
Symptom
Below message is displayed when you access the Control, Schedule or Power outage policy page.
This action is not allowed by the UPS.
To enable it, please refer to the user manual of the UPS and its instructions on how to configure the UPS settings and allow
remote commands.
Possible Cause
1- Remote commands are not allowed due to the UPS configuration (see the action below)
2- The UPS does not support remote commands.
Action
Refer to the UPS user manual and its instruction on how to configure the UPS settings and allow remote commands.
Example: UPS menu Settings>>>ON/OFF settings>>>Remote command>>>Enable.
3.4.3.4.1 For other issues
3.5 Protection
3.5.1 Agents list
3.5.1.1 Pairing with shutdown agents
For other access rights, see the Information>>>Access rights per profiles section.
For details on other issues, see the Troubleshooting section.
For details on pairing instructions, follow the link pairing instructions in the tile or see the Servicing the Network
Management Module
>>>Pairing agent to the Network Module
section.
Protection
Contextual help of the web interface – 40
•
•
•
•
•
Authentication and encryption of connections between the UPS network module and shutdown agents is based on matching
certificates. Automated pairing of shutdown agents and UPS network modules is recommended in case the installation is done
manually in a secure and trusted network, and when certificates cannot be created in other ways.
During the selected timeframe, new agent connections to the Network Module are automatically trusted and accepted.
After automatic acceptance, make sure that all listed agents belong to your infrastructure. If not, access may be revoked using the
Delete button.
For maximum security,Eaton recommend followingone of the two methodson the
certificate settings page:
Import client certificates manually.
Generate trusted certificate for both clients and Network Module using your own PKI.
3.5.1.1.1 Actions
a Start
Starts the pairing window for the selected timeframe or until it is stopped.
Time countdown is displayed.
b Stop
Stops
the pairing window.
3.5.1.2 Agents list table
The table displays theIPPagent list that is connected to the Network Moduleand includes the following details:
Name
Address
Version of the Agent
Protection
Contextual help of the web interface – 41
•
•
•
•
•
•
•
•
•
•
•
Power source (Policy)
Delay (in seconds)
OS shutdown duration (in seconds)
Status
In service | Protected
In service | Not protected
Stopping | Protected
Stopped | Protected
Communication
Connected | yyyy/mm/dd hh:mm:ss
Lost|yyyy/mm/dd hh:mm:ss
3.5.1.3 Actions
3.5.1.3.1 Delete
When communication with the agent is lost, agent can be deleted by using the
Delete button.
Select an agent and press the Deletebutton to delete the agent.
3.5.1.4 Access rights per profiles
AdministratorOperatorViewer
Protection/Agent list
3.5.1.4.1 For other access rights
3.5.1.5 Troubleshooting
Card wrong timestamp leads to "Full acquisition has failed" error message on Software
Symptoms:
IPP/IPM shows the error message"The full data acquisition has failed" even if the credentials are correct.
Possible cause:
The Network module timestamp is not correct.
Probably the MQTT certificate is not valid at Network module date.
Action:
Set the right date, time and timezone. If possible, use a NTP server, refer to
Contextual
help>>>Settings>>>General>>>System details>>>Time & date settings section.
When the agent is connected, the Delete function will not work correctly because the agent will keep on trying to
re-connect.
So connect to the software, remove the Network module from the Software nodes list (in the nodes list, right click
on the Network module and click remove nodes).
For other access rights, see the Information>>>Access rights per profiles section.
Protection
Contextual help of the web interface – 42
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Software is not able to communicate with the Network module
Symptoms
In the Network Module,in
Contextual help>>>Protection>>>Agent list>>>Agent list table , agent is showing "Lost" as
a status.
In the Network Module,in Contextual help>>>Settings>>>Certificate>>>Trusted remote certificates , the status of
theProtected applications (MQTT) is showing"Not valid yet".
IPP/IPM shows "The authentication has failed", "The notifications reception encountered error".
Possible cause
The IPP/IPM certificate is not yet valid for the Network Module.
Certificates of IPP/IPM and the Network Module are not matching so that authentication and encryption of connections
between the Network Module and the shutdown agents is not working.
Setup
IPP/IPM is started.
Network module is connected to the UPS and to the network.
Action #1
Check if the IPP/IPM certificate validity for the Network Module.
STEP 1:Connect to the Network Module
On a network computer, launch a supported web browser. The browser window appears.
In the Address/Location field, enter:https://xxx.xxx.xxx.xxx/where xxx.xxx.xxx.xxx is the static IP address of the
Network Module.
The log in screen appears.
Enter the user name in the User Name field.
Enter the password in the Password field.
ClickLogin. The Network Module web interface appears.
STEP 2:Navigate toSettings/Certificatespage
STEP 3:In theTrusted remote certificatessection, check the status of theProtected applications (MQTT).
If it is "Valid"go to Action#2 STEP 2, if it is "Not yet valid", time of the need to be synchronized with IPP/IPM .
STEP 4:Synchronize the time of the Network Module with IPP/IPM and check that the status of theProtected applications
(MQTT)is now valid.
Communication will then recover, if notgo to Action#2 STEP 2.
Action #2
Pair agent to the Network Module with automatic acceptance (recommended in case the installation is done in a secure and
trusted network).
STEP 1:Connect to the Network Module.
On a network computer, launch a supported web browser. The browser window appears.
In the Address/Location field, enter:https://xxx.xxx.xxx.xxx/where xxx.xxx.xxx.xxx is the static IP address of the
Network Module.
The log in screen appears.
Enter the user name in the User Name field.
Enter the password in the Password field.
Click
Login. The Network Module web interface appears.
For manual pairing (maximum security), go to Servicing the Network Management Module
>>>Pairing agent
to the Network Module
section and then go to STEP 2, item 1.
Protection
Contextual help of the web interface – 43
STEP 2:Navigate toProtection/Agents listpage.
STEP 3:In thePairing with shutdown agentssection, select the time to accept new agents and press theStartbutton
andContinue. During the selected timeframe, new agent connections to the Network Module are automatically trusted and
accepted.
STEP 4:Action on the agent( IPP/IPM )while the time to accepts new agents is running on the Network Module
Remove theNetwork module certificate file(s) *.0that is (are) located in the folder
Eaton\IntelligentPowerProtector\configs\tls.
Client server is not restarting
Symptom
Utility power has been restored, the UPS and its load segments are powered on, but the Client server does not restart.
Possible Cause
The “Automatic Power ON” server setup setting might be disabled.
Action
In the server system BIOS, change the setting for Automatic Power ON to "Enabled".
3.5.1.5.1 For other issues
For details on other issues, see the Troubleshooting section.
Protection
Contextual help of the web interface – 44
•
•
•
3.5.2 Agent shutdown sequencing
3.5.2.1 Agent shutdown sequence timing
All agents that are connected to the Network Module are displayed in tables by power sources.
Primary
Group 1
Group 2
The 'local agent' settingis used for settingfor example a minimum shutdown duration, or a power down delay for a load segment
that has no registered shutdown agents.
One use case would be a load segment that powers network equipment that needs to stay on while servers and storage perform
their orderly shutdown.
The tables include the following details:
Protection
Contextual help of the web interface – 45
•
•
•
Name
Delay (in seconds)
OS shutdown duration (in seconds)
3.5.2.2 Actions
3.5.2.2.1 Set Delay
Select and directly change the setting in the table and then
Save.
3.5.2.2.2 Set OS shutdown duration
Select and directly change the setting in the tableand then
Save.
3.5.2.3 Examples
Examples below show the impact of agent settings on the shutdown sequence for a shutdown or an immediate shutdown.
3.5.2.3.1 Example #1
→ Shutdown time: 210s
→ Immediate shutdown time: 120s
Protection
Contextual help of the web interface – 47
3.5.2.4 Access rights per profiles
AdministratorOperatorViewer
Protection/Agent settings
3.5.2.4.1 For other access rights
3.5.3 Shutdown on power outage
These setting are in conjunction with the shutdown agents andcontrol how the network module directs the shutdown of protected
servers and appliances. It gives the possibility to prioritize and schedule shutdown actions so that the IT system is powered down
in the correct order. For example, applications first, database servers next, and storage last. It is also possible to turn off some
outlets to reduce power consumption and get longer battery runtime for the most important devices.
The trigger in the diagram isthe moment whenthe shutdown sequence starts, and it is defined in theContextual
help>>>Protection>>>Scheduled shutdownor theContextual help>>>Protection>>>Shutdown on power
outagesections for each power source.
For other access rights, see the Information>>>Access rights per profiles section.
For examples on Powering down applications see theServicing the Network Management Module>>>Powering
down/up applications examples section.
Protection
Contextual help of the web interface – 48
•
•
•
3.5.3.1 Shutdown on power outage criteria
Shutdown criteria are set per power source (outlet groups) if they are present in the UPS.
3.5.3.1.1 Shutdown criteria selection
The available criteria for shutdown are listed below:
a Maximize availability (default)
To end the shutdown sequence 30s before the end of backup time.
b Immediate OFF
To initiate the shutdown sequence when on battery for 10 seconds.
c Custom
Several conditions can be set to define shutdown criteria:
To initiate the shutdown sequence when on battery for 10 seconds.
To initiate the sequence when the battery reaches the set capacity in (%)
To initiate or end the shutdown sequence after the set time in (s) before the end of backup time.
When there are several conditions to start the shutdown sequence, the shutdown sequence will start as soon as one of the
condition is reached.
By default, shutdown criterias are set to Maximize availability.
Protection
Contextual help of the web interface – 49
d Settings examples
All the following examples are using below agent's settings.
→
Shutdown time: 210s
Example 1: Maximize availability
When primary shuts OFF, both group1 and group 2 shut OFF immediately.
So if Primary is set to Immediate OFF, groups policies should be restricted toImmediate OFF.
Protection
Contextual help of the web interface – 52
•
•
3.5.3.1.2 On low battery warning
In some cases, like a renewed power failure or failed battery, the capacity is much lower than anticipated. The UPS gives a Low
battery warning when there is 2 - 3 minutes of estimated runtime left, depending on the UPS and its settings. This time is typically
enough for shutting down a server but does not allow sophisticated sequential shutdown schemes.
The Low battery policy is intended for these cases.
3.5.3.1.3 When utility comes back
Note: When utility comes back settings cannot be altered for three phase UPS units and will remain at their defaults.
These settings define the restart sequence when utility comes back. For example, thisallows sequential startup of the IT system
so that network and storage devices are connected to 'Primary' and start up immediately. After a delay database servers in Group1
are powered up, and then application and web servers in Group 2 are powered up. This startup would ensure that necessary
services would be available for each layer when needed. A sequential startup will also help avoid a peak power draw in the
beginning.
a Options
Keep shutdown sequence running until the end, and then restart (forced reboot).
Wait until UPS battery capacity exceeds a set percentage value in (%), and then automatically restart the UPS.
Then restartGroup 1 after a set time in (s).
Then restart Group 2 after a set time in (s).
b Enable/Disable
Each option listed above can be enabled or disabled with check-boxes.
When disabled, the option will be greyed out.
3.5.3.2 Access rights per profiles
AdministratorOperatorViewer
Protection
Contextual help of the web interface – 53
Protection/Sequence
3.5.3.2.1 For other access rights
3.5.3.3 Troubleshooting
Action not allowed in Control/Schedule/Power outage policy
Symptom
Below message is displayed when you access the Control, Schedule or Power outage policy page.
This action is not allowed by the UPS.
To enable it, please refer to the user manual of the UPS and its instructions on how to configure the UPS settings and allow
remote commands.
Possible Cause
1- Remote commands are not allowed due to the UPS configuration (see the action below)
2- The UPS does not support remote commands.
Action
Refer to the UPS user manual and its instruction on how to configure the UPS settings and allow remote commands.
Example: UPS menu Settings>>>ON/OFF settings>>>Remote command>>>Enable.
Client server is not restarting
Symptom
Utility power has been restored, the UPS and its load segments are powered on, but the Client server does not restart.
Possible Cause
The “Automatic Power ON” server setup setting might be disabled.
Action
In the server system BIOS, change the setting for Automatic Power ON to "Enabled".
For other access rights, see the Information>>>Access rights per profiles section.
Environment
Contextual help of the web interface – 54
•
•
•
•
•
•
•
•
•
•
•
•
•
3.5.3.3.1 For other issues
3.6 Environment
3.6.1 Commissioning/Status
3.6.1.1 Sensors commissioning/Status table
The table displays the sensors commissioning information and includes the following details.
Name
Location –location-position-elevation
Temperature
Humidity
Dry contact #1 –Status and name
Dry contact #2 –Status and name
Communication –Connected/Lost with dates
3.6.1.2 Actions
3.6.1.2.1 Download sensors measures
Press the
Download sensors measuresbuttonto download the sensors log file:
If available, possible measures are listed below:
Temperature of <sensor_1> (in K, 1 decimal digit)
Humidity of <sensor_1> (in %, 1 decimal digit)
Temperature of <sensor_2>> (in K, 1 decimal digit)
Humidity of <sensor_2>(in %, 1 decimal digit)
Temperature of <sensor_3>(in K, 1 decimal digit)
Humidity of <sensor_3>(in %RH, 1 decimal digit)
3.6.1.2.2 Discover
At first the table is empty, press the
Discoverbutton to launch the sensor discovery process.
If sensors are discovered, the table is populated accordingly
3.6.1.2.3 Delete
Select a sensor and press the
Deletebutton to delete the sensor.
For details on other issues, see the Troubleshooting section.
°C = K - 273.15
°F = K x 9/5 -459.67
When a sensor is deleted, all the commissioning information are deleted.
Environment
Contextual help of the web interface – 55
3.6.1.2.4 Define offsets
1. Select the sensors.
2. Press theDefine offsetbutton to adjust the temperature and humidity offsets of the selected sensors.
3. Extend the temperature or humidity section.
4. Set the offsets in the cell, temperatures and humidity will be updated accordingly.
5. Press theSavebutton when done.
Deactivated humidity or temperatures are not displayed and replaced by this icon:
Environment
Contextual help of the web interface – 56
•
•
•
•
•
•
•
3.6.1.2.5 Edit
Press the pen logoto edit sensor communication information:
You will get access to the following information and settings:
Product reference
Part number
Serial number
Name
Location
Temperature and humidity – Active (Yes, No)
Dry contacts –Active (Yes, No)/Name/Polarity (Normally open, Normally closed)
The dry contact is close and this is normal because it is configured as normally close.
The dry contact is open and this is normal because it is configured as normally open.
The dry contact is open and this is not normal because it is configured as normally close.
The dry contact is close and this is not normal because it is configured as normally open.
Environment
Contextual help of the web interface – 57
PressSaveafter modifications.
3.6.1.3 Note:
3.6.1.4 Access rights per profiles
AdministratorOperatorViewer
Environment/Commissioning
Environment/Status
3.6.1.4.1 For other access rights
3.6.1.5 Troubleshooting
EMP detection fails at discovery stage
In the Network Module,in
Contextual help>>>Environment>>>Commissioning/Status , EMPs are missing in the Sensor
commissioning table.
Symptom #1
The EMPs green RJ45 LED (FROM DEVICE) is not ON.
Possible causes
The EMPs are not powered by the Network module.
Action #1-1
Launch again the discovery, if it is still not ok, go to Action #1-2.
Action #1-2
1- Check the EMPs connection and cables.
Refer to the sections Servicing the EMP>>>Installing the EMP>>>Cabling the first EMP to the device and Servicing the
EMP>>>Installing the EMP>>>Daisy chaining 3 EMPs .
2- Disconnect and reconnect the USB to RS485 cable.
3- Launch the discovery, if it is still not ok, go to Action #1-3.
Deactivated dry contacts are not displayed and replaced by this icon:
If the UPS provides temperature compensated battery charging option, see theServicing the EMP>>>Using the
EMP for temperature compensated battery charging
section.
For other access rights, see the Information>>>Access rights per profiles section.
Environment
Contextual help of the web interface – 58
Action #1-3
1- Reboot the Network module.
2- Launch the discovery.
Symptom #2
The EMPs orange RJ45 LEDs are not blinking.
Possible causes
C#1: the EMP address switches are all set to 0.
C#2: the EMPs are daisy chained, the Modbus address is the same on the missing EMPs.
Action #2-1
1- Change the address of the EMPs to have different address and avoid all switches to 0.
Refer to the section Servicing the EMP>>>Defining EMPs address and termination>>>Manual addressing .
2- Disconnect and reconnect the USB to RS485 cable. The address change is only taken into account after an EMP power-up.
3- Launch the discovery,if it is still not ok, go to Action #2-2.
Action #2-2
1- Reboot the Network module.
Refer to the section
Contextual help>>>Maintenance>>>Services>>>Reboot .
2- Launch the discovery.
3.6.1.5.1 For other issues
3.6.2 Alarm configuration
For details on other issues, see the Troubleshooting section.
•
•
•
Humidity, temperatures or dry contacts deactivated during commissioning are not displayed.
Gauge color code:
Green: Value inside thresholds.
Orange/Red: Value outside thresholds.
Grey: No thresholds provided by the device.
Environment
Contextual help of the web interface – 59
•
•
•
•
•
•
•
•
•
•
3.6.2.1 Temperature
The table shows the following information and settings for each sensor:
Name
Location
Enabled
– yes/no
Low critical threshold– xx°C or xx°F
Low warning threshold– xx°C or xx°F
High warning threshold– xx°C or xx°F
High critical threshold– xx°C or xx°F
Hysteresis– x°C or x°F
Visual update
Live reading (MIN-MAX shows the minimal and maximal temperature measured by the sensor)
3.6.2.1.1 Actions
a Set Enabled
Select and directly change the setting in the tableand then
Save.
When disabled, no alarm will be sent.
b Set alarm threshold
Enable the alarm first and then change the setting in the tableand then
Save.
When a warning threshold is reached, an alarm will be sent with a warning level.
When a critical threshold is reached, an alarm will be sent with a critical level.
c Set Hysteresis
Enable the alarm first and change the setting in the tableand then
Save.
The hysteresis is the difference between the value where the alarm turns ON from turning OFF and the value where it turns OFF
from turning ON.
3.6.2.2 Humidity
Environment
Contextual help of the web interface – 60
•
•
•
•
•
•
•
•
•
•
•
•
•
•
The table shows the following information and settings for each sensor:
Name
Location
Enabled–yes/no
Low critical threshold– xx%
Low warning threshold– xx%
High warning threshold– xx%
High critical threshold– xx%
Hysteresis– x%
Visual update
Live reading (MIN-MAX shows the minimal and maximal humidity measured by the sensor)
3.6.2.2.1 Actions
a Set Enabled
Select and directly change the setting in the tableand then
Save.
When disabled, no alarm will be sent.
b Set alarm threshold
Enable the alarm first and then change the setting in the tableand then
Save.
When a warning threshold is reached, an alarm will be sent with a warning level.
When a critical threshold is reached, an alarm will be sent with a critical level.
c Set Hysteresis
Enable the alarm first and then change the setting in the tableand then
Save.
The hysteresis is the difference between the value where the alarm turns ON from turning OFF and the value where it turns OFF
from turning ON.
3.6.2.3 Dry contacts
The table shows the following settings for each dry contact:
Name
Location
Enabled–yes/no
Alarm severity – Info/Warning/Critical
Environment
Contextual help of the web interface – 61
3.6.2.3.1 Actions
a Set Enabled
Enable the alarm first and thenchangethe setting in the tableand then
Save.
When disabled, no alarm will be sent.
b Set alarm severity
Enable the alarm first and thenchangethe setting in the tableand then
Save.
When the dry contacts is not in a normal position, an alarm will be sent at the selected level.
The dry contact is open and this is not normal because it is configured as normally close.
The dry contact is close and this is not normal because it is configured as normally open.
3.6.2.4 Default settings and possible parameters - Environment Alarm configuration
Default settingPossible parameters
TemperatureEnabled—No
Low critical – 0°C/32°F
Low warning – 10°C/50°F
High warning – 70°C/158°F
High critical – 80°C/176°F
Enabled—No/Yes
low critical<low warning<high warning<high critical
HumidityEnabled—No
Low critical – 10%
Low warning – 20%
High warning – 80%
High critical – 90%
Enabled—No/Yes
0%<low critical<low warning<high warning<high
critical<100%
Dry contactsEnabled—No
Alarm severity – Warning
Enabled—No/Yes
Alarm severity – Info/Warning/Critical
3.6.2.4.1 For other settings
3.6.2.5 Access rights per profiles
AdministratorOperatorViewer
Environment/Alarm
configuration
For other settings, see the Information>>>Default settings parameters section.
Environment
Contextual help of the web interface – 62
•
•
•
•
•
•
•
3.6.2.5.1 For other access rights
3.6.3 Information
Sensor information is an overviewof all the sensors information connected to the Network Module.
Physical name
Vendor
Part number
Firmware version
UUID
Serial number
Location
3.6.3.1 Access rights per profiles
AdministratorOperatorViewer
Environment/Information
3.6.3.1.1 For other access rights
For other access rights, see the Information>>>Access rights per profiles section.
For other access rights, see the Information>>>Access rights per profiles section.
Settings
Contextual help of the web interface – 63
3.7 Settings
3.7.1 General
3.7.1.1 System details
3.7.1.1.1 Location
Text field that is used to provide the card location information.
Card system information is updated to show the defined location.
3.7.1.1.2 Contact
Text field that is used to provide the contact name information.
Card system information is updated to show the contact name.
3.7.1.1.3 System name
Text field that is used to provide the system name information.
Card system information is updated to show the system name.
3.7.1.1.4 Time & date settings
The current date and time appearsin the footer at the bottom of the screen.
You can set the time either manually or automatically.
a Manual:Manually entering the date and time
1. Select the time zone for your geographic area from the time zone pull-down menu orwiththe map.
2. Select the date and time.
3. Save the changes.
b Dynamic (NTP):Synchronizing the date and time with an NTP server
1. Enter the IP address or host name of the NTP server in theNTP server field.
Settings
Contextual help of the web interface – 64
•
•
•
•
2. Select the time zone for your geographic area from the time zone pull-down menu orwiththe map.
3. Save the changes.
3.7.1.2 Email notification settings
3.7.1.2.1 Email sending configuration table
The table shows all the email sending configuration and includes the following details:
Configuration name
Email address
Notification updates –Displays Events notification/Periodic report icons when active.
Status– Active/Inactive/In delegation
3.7.1.2.2 Actions
a Add
Press the
Newbutton to create a new email sending configuration.
b Remove
Select an email sending configuration and press the
Deletebutton to remove it.
DST is managed based on the time zone.
For examples on email sending configuration see theServicing the Network Management Module>>>Subscribing
to a set of alarms for email notification section.
Settings
Contextual help of the web interface – 65
•
•
•
•
•
•
c Edit
Press the pen iconto edit email sending configuration:
You will get access to the following settings:
Custom name
Email address
Status– Active/Inactive
Hide the IP address from the email body– Disabled/Enabled
This setting will be forced to Enabled if Enabled in the SMTP settings.
Schedule report–Active/Recurrence/Starting/Topic selection– Card/Devices
Alarm notifications– Severity level/Attach logs/Exceptions on events notification
Settings
Contextual help of the web interface – 67
•
•
•
•
•
•
•
•
•
Server IP/Hostname – Enter the host name or IP address of the SMTP server used to transfer email messages in the SMTP
Server field.
Port
Default sender address
Hide the IP address from the email body–Disabled/Enabled
If Enabled, it will force this setting to Enabled in the Email notification settings.
Secure SMTP connection–Verify certificate authority
SMTP server authentication– Username/Password
Select the SMTP server authentication checkbox to require a user name and a password for SNMP authentication, enter the
Username and the Password.
Save and test server configuration
3.7.1.4 Default settings and possible parameters - General
Default settingPossible parameters
System detailsLocation—empty
Contact—empty
System name—empty
Time & date settings—Manual (Time zone: Europe/
Paris)
Location — 31 characters maximum
Contact— 255 characters maximum
System name— 255 characters maximum
Time & date settings—Manual (Time zone: selection on
map/Date) / Dynamic (NTP)
Email notification settingsNo email5 configurations maximum
Custom name — 128 characters maximum
Email address — 128 characters maximum
Hide IP address from the email body — enable/disabled
Status — Active/Inactive
Alarm notifications
Active — No/Yes
All card events – Subscribe/Attach logs
Critical alarm – Subscribe/Attach logs
Warning alarm – Subscribe/Attach logs
Info alarm – Subscribe/Attach logs
All device events – Subscribe/Attach
measures/Attach logs
Critical alarm – Subscribe/Attach measures/
Attach logs
Warning alarm – Subscribe/Attach measures/
Attach logs
Info alarm – Subscribe/Attach measures/
Attach logs
Always notify events with code
Never notify events with code
Schedule report
Active — No/Yes
Recurrence – Every day/Every week/Every
month
Starting – Date and time
Card events – Subscribe/Attach logs
Device events – Subscribe/Attach measures/
Attach logs
Settings
Contextual help of the web interface – 68
SMTP settingsServer IP/Hostname — blank
SMTP server authentication — disabled
Port — 25
Default sender address —
device
@networkcard.com
Hide IP address from the email body — disabled
Secure SMTP connection — enabled
Verify certificate authority — disabled
SMTP server authentication — disabled
Server IP/Hostname — 128 characters maximum
SMTP server authentication — disable/enable
(Username/Password — 128 characters maximum)
Port — x-xxx
Sender address — 128 characters maximum
Hide IP address from the email body — enable/disabled
Secure SMTP connection — enable/disable
Verify certificate authority — disable/enable
3.7.1.4.1 For other settings
3.7.1.5 Access rights per profiles
AdministratorOperatorViewer
General
3.7.1.5.1 For other access rights
3.7.1.6 CLI commands
email-test
Description
mail-test sends test email to troubleshoot SMTP issues.
Help
Usage: email-test <command> ...
Test SMTP configuration.
Commands:
email-test -h, --help, Display help page
email-test -r, --recipient <recipient_address>
Send test email to the
<recipient_address> Email address of the recipient
For other settings, see the Information>>>Default settings parameters section.
For other access rights, see the Information>>>Access rights per profiles section.
Settings
Contextual help of the web interface – 69
time
Description
Command used to displayor changetime and date.
Help
For Viewer and Operator profiles:
time -h
Usage: time [OPTION]...
Display time and date.
-h, --help display help page
-p, --print display date and time in YYYYMMDDhhmmss format
For Administrator profile:
time -h
Usage:time[OPTION]...
Display time and date, change time and date.
-h,--helpdisplayhelppage
-p,--printdisplaydateandtimeinYYYYMMDDhhmmssformat
-s,--set<mode>
Modevalues:
-setdateandtime(formatYYYYMMDDhhmmss)
manual<dateandtime>
-setpreferredandalternateNTPservers
ntpmanual<preferredserver><alternateserver>
- automaticallysetdateandtime
ntpauto
Examples of usage:
-> Set date 2017-11-08 and time 22:00
time--setmanual201711082200
-> Set preferred and alternate NTP servers
time--setntpmanualfr.pool.ntp.orgde.pool.ntp.org
Examples of usage
-> Set date 2017-11-08 and time 22:00
time --set manual 201711082200
-> Set preferred and alternate NTP servers
time --set ntpmanual fr.pool.ntp.org de.pool.ntp.org
Settings
Contextual help of the web interface – 70
•
•
•
•
•
•
•
•
•
•
•
•
•
3.7.1.6.1 For other CLI commands
3.7.2 Local users
3.7.2.1 Local users table
The table shows all the supported local user accounts and includes the following details:
Username
Email
Profile
Status –Status could take following values– Inactive/Locked/Password expired/Active
3.7.2.1.1 Actions
a Add
Press the
Newbutton to create up to ten new users.
b Remove
Select a user and press the
Deletebutton to remove it.
c Edit
Press the pen logoto edit user information:
You will get access to the following settings:
Active
Profile
Username
Full name
Email
Phone
Organization– Notify by email about account modification/Password
Reset password
Generate randomly
See the CLI commands in the Information>>>CLI section.
For the list of access rights per profile refer to the section Full documentation>>>Information>>>Access rights per
profiles.
Settings
Contextual help of the web interface – 71
•
•
•
•
•
•
•
Enter manually
Force password to be changed on next login
d Global settings
PressSaveafter modifications.
Password settings
To set the password strength rules, apply the following restrictions:
Minimum length
Minimum upper case
Minimum lower case
Minimum digit
Special character
Password expiration
Settings
Contextual help of the web interface – 72
•
•
•
•
•
•
To set the password expiration rules, apply the following restrictions:
Number of days until password expires
Main administrator password never expire
Lock account
Lock account after a number of invalid tries
Main administrator account will never block
Account timeout
To set the session expiration rules,apply the following restrictions:
No activity timeout (in minutes).
If there is no activity, session expires after the specified amount of time.
Session lease time (in minutes).
If there is activity, session still expires afterthe specified amount of time.
3.7.2.2 Default settings and possible parameters - Global user settings and Local
users
Default settingPossible parameters
Password settingsMinimum length — enabled (8)
Minimum upper case — enabled (1)
Minimum lower case — enabled (1)
Minimum digit — enabled (1)
Special character — enabled (1)
Minimum length — enable (6-32)/disable
Minimum upper case — enable (0-32)/disable
Minimum lower case — enable (0-32)/disable
Minimum digit — enable (0-32)/disable
Special character — enable (0-32)/disable
Password expirationNumber of days until password expires — disabled
Main administrator password never expires — disabled
Number of days until password expires — disable/
enable (1-99999)
Main administrator password never expires — disable/
enable
Lock accountLock account after xx invalid tries — disabled
Main administrator account never blocks — disabled
Lock account after xx invalid tries — disable/enable
(1-99)
Main administrator account never blocks — disable/
enable
Account timeoutNo activity timeout — 60 minutes
Session lease time — 120 minutes
No activity timeout — 1-60 minutes
Session lease time — 60-720 minutes
1.
2.
Main administrator password never expires
If this feature is disabled, the administrator account can be locked after the password expiration.
If Enabled, the administrator password never expires, make sure it is changed regularly.
1.
2.
Main administrator account will never block
If this feature is disabled, the administrator account can be locked after the number of failed connections
defined.
If Enabled, the security level of the administrator account is reduced because unlimited password entry
attempts are allowed.
Settings
Contextual help of the web interface – 73
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Local users1 user only:
Active—Yes
Profile—Administrator
Username—admin
Full Name—blank
Email—blank
Phone—blank
Organization—blank
10 users maximum:
Active—Yes/No
Profile—Administrator/Operator/Viewer
Username—255 characters maximum
Full Name—128 characters maximum
Email—128 characters maximum
Phone—64 characters maximum
Organization—128 characters maximum
3.7.2.2.1 For other settings
3.7.2.3 Access rights per profiles
AdministratorOperatorViewer
Local users
3.7.2.3.1 For other access rights
3.7.2.4 CLI commands
whoami
Description
whoami displays current user information:
Username
Profile
Realm
logout
Description
Logout the current user.
For other settings, see the Information>>>Default settings parameters section.
For other access rights, see the Information>>>Access rights per profiles section.
Settings
Contextual help of the web interface – 74
•
•
•
•
•
•
Help
logout
<cr> logout the user
3.7.2.4.1 For other CLI commands
3.7.2.5 Troubleshooting
How do I log in if I forgot my password?
Action
Askyour administrator for password initialization.
If you are the mainadministrator, yourpasswordcan be reset manually by following steps described in the
Servicing
the Network Management Module>>>Recovering main administrator password .
3.7.2.5.1 For other issues
3.7.3 Remote users
3.7.3.1 LDAP
The table shows all the supported severs and includes the following details:
Name
Address
Port
Security
See the CLI commands in the Information>>>CLI section.
For details on other issues, see the Troubleshooting section.
Settings
Contextual help of the web interface – 76
•
•
•
•
•
•
•
•
•
Connectivity
Security
SSL – None/Start TLS/SSL
Verify server certificate
Primary server–Name/Hostname/Port
Secondary server–Name/Hostname/Port
Credentials– Anonymous search bind/Search user DN/Password
User base DN
User name attribute
Group base DN
Group name attribute
2. ClickSave.
b Profile mapping
1. PressProfile mappingto map remote groups to local profiles.
2. ClickSave.
c Users preferences
For the list of access rights per profile refer to the section Full documentation>>>Information>>>Access rights per
profiles.
All users preferences will apply to all remote users (LDAP, RADIUS).
Settings
Contextual help of the web interface – 77
•
•
•
•
•
•
•
1. PressUsers preferencesto define preferences that will apply to all newly logged in LDAP users
Language
Temperature
Date format
Time format
2. ClickSave.
3.7.3.2 RADIUS
The table shows all the supported severs and includes the following details:
Name - descriptive name for the RADIUS server
Address - hostname or IP address for the RADIUS server
Port - connection port of the RADIUS Server
Radius is not a secured protocol, for a maximum security, it is recomended to use LDAP over TLS.
Settings
Contextual help of the web interface – 78
1.
2.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
3.7.3.2.1 Actions
a Configure
Enable Radius to be able to configure settings
Press Configureto access the following RADIUS settings:
Primary server
Name -descriptive name for the RADIUS server
Secret - a shared secret between the client and the RADIUS server
Address - hostname or IP address for the RADIUS server
UDP port - the UDP port for the RADIUS server (1812 by default)
Time out (s) - length of time the client waits for a response from the RADIUS server
Retry count - the number of time a connection is retried
Secondary server
Name -descriptive name for the RADIUS server
Secret - a shared secret between the client and the RADIUS server
Address - hostname or IP address for the RADIUS server
UDP port - the UDP port for the RADIUS server (1812 by default)
Time out (s) - length of time the client waits for a response from the RADIUS server
Retry count - the number of time a connection is retried
2. ClickSave.
Settings
Contextual help of the web interface – 79
•
•
•
•
b Profile mapping
1. PressProfile mappingto map RADIUS profile to local profiles.
Attribute - The attribute value
Vendor - The vendor value associated to the attribute
Value - The value of the attribute needed for this mapping
Profile - the local profile you want users to be mapped
Note: The default mapping is used for eaton-specific value : Attribute 28, Vendor 534, Value 1 and Profile administrator. See your
RADIUS protocol provider documentation for further information.
2. ClickSave.
c Users preferences
For the list of access rights per profile refer to the section Full documentation>>>Information>>>Access rights per
profiles.
Settings
Contextual help of the web interface – 80
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
1. PressUsers preferencesto define preferences that will apply to all RADIUS users
Language
Temperature
Date format
Time format
2. ClickSave.
3.7.3.3 Default settings and possible parameters - Remote users
Default settingPossible parameters
LDAPConfigure
Active – No
Security
SSL – SSL
Verify server certificate – enabled
Primary server
Name – Primary
Hostname – blank
Port – 636
Secondary server
Name – blank
Hostname – blank
Port – blank
Credentials
Anonymous search bind – disabled
Search user DN – blank
Password – blank
Search base
Search base DN – dc=example,dc=com
Request parameters
User base DN –
ou=people,dc=example,dc=com
User name attribute – uid
UID attribute – uidNumber
Group base DN –
ou=group,dc=example,dc=com
Group name attribute – gid
GID attribute – gidNumber
Profile mapping – no mapping
Users preferences
Language – English
Temperature unit – °C (Celsius)
Date format – MM-DD-YYYY
Time format – hh:mm:ss (24h)
Configure
Active – No/yes
Security
SSL – None/Start TLS/SSL
Verify server certificate – disabled/enabled
Primary server
Name – 128 characters maximum
Hostname – 128 characters maximum
Port – x-xxx
Secondary server
Name – 128 characters maximum
Hostname – 128 characters maximum
Port – x-xxx
Credentials
Anonymous search bind – disabled/enabled
Search user DN – 1024 characters
maximum
Password – 128 characters maximum
Search base
Search base DN – 1024 characters
maximum
Request parameters
User base DN – 1024 characters maximum
User name attribute – 1024 characters
maximum
UID attribute – 1024 characters maximum
Group base DN – 1024 characters maximum
Group name attribute – 1024 characters
maximum
GID attribute – 1024 characters maximum
Profile mapping – up to 5 remote groups mapped to
local profiles
Users preferences
Language – English, French, German, Italian,
Japanese, Russian, Simplified Chinese,
Spanish, Traditional Chinese
Temperature unit – °C (Celsius)/°F
(Fahrenheit)
Date format – MM-DD-YYYY / YYY-MM-
DD / DD-MM-YYY / DD.MM.YYY / DD/MM/
YYY / DD MM YYYY
Time format – hh:mm:ss (24h) / hh:mm:ss
(12h)
Settings
Contextual help of the web interface – 81
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
RADIUSConfigure
Active – No
Retry number – 0
Primary server
Name – blank
Secret – blank
Address – blank
UDP port – 1812
Time out – 3
Secondary server
Name – blank
Secret – blank
Address – blank
UDP port – 1812
Time out – 3
Users preferences
Language – English
Temperature unit – °C (Celsius)
Date format – MM-DD-YYYY
Time format – hh:mm:ss (24h)
Configure
Active – Yes/No
Retry number – 0 to 128
Primary server
Name – 128 characters maximum
Address – 128 characters maximum
Secret – 128 characters maximum
UDP port – 1 to 65535
Time out – 3 to 60
Secondary server
Name – 128 characters maximum
Address – 128 characters maximum
Secret – 128 characters maximum
UDP port – 1 to 65535
Time out – 3 to 60
Users preferences
Language – English, French, German, Italian,
Japanese, Russian, Simplified Chinese,
Spanish, Traditional Chinese
Temperature unit – °C (Celsius)
Date format – MM-DD-YYYY
Time format – hh:mm:ss (24h)
3.7.3.3.1 For other settings
3.7.3.4 Access rights per profiles
AdministratorOperatorViewer
Remote users
3.7.3.4.1 For other access rights
3.7.3.5 CLI commands
ldap-test
Description
Ldap-test help to troubleshoot LDAP configuration issues or working issues.
For other settings, see the Information>>>Default settings parameters section.
For other access rights, see the Information>>>Access rights per profiles section.
Settings
Contextual help of the web interface – 82
Help
Usage:ldap-test<command>[OPTION]...
Test LDAP configuration.
Commands:
ldap-test -h, --help, Display help page
ldap-test --checkusername <username> [--primary|--secondary] [-v]
Check if the user can be retrieve from the LDAP server
<username> Remote username to test
--primary Force the test to use primary server (optional)
--secondary Force the test to use secondary server (optional)
-v,--verbose Print the exchanges with LDAP server (optional)
ldap-test --checkauth <username> [--primary|--secondary] [-v]
Check if remote user can login to the card
<username> Remote username to test
-p,--primary Force the test to use primary server (optional)
-s,--secondary Force the test to use secondary server (optional)
-v,--verbose Print the exchanges with LDAP server (optional)
ldap-test --checkmappedgroups [--primary|--secondary] [-v]
Check LDAP mapping
-p,--primary Force the test to use primary server (optional)
-s,--secondary Force the test to use secondary server (optional)
-v,--verbose Print the exchanges with LDAP server (optional)
Quick guide for testing:
In case of issue with LDAP configuration, we recommend to verify the
configuration using the commands in the following order:
1. Check user can be retrieve on the LDAP server
ldap-test --checkusername <username>
2. Check that your remote group are mapped to the good profile
ldap-test --checkmappedgroups
3. Check that the user can connect to the card
ldap-test --checkauth <username>
logout
Description
Logout the current user.
Settings
Contextual help of the web interface – 83
•
•
•
•
•
Help
logout
<cr> logout the user
whoami
Description
whoami displays current user information:
Username
Profile
Realm
3.7.3.5.1 For other CLI commands
3.7.3.6 Troubleshooting
How do I log in if I forgot my password?
Action
Askyour administrator for password initialization.
If you are the mainadministrator, yourpasswordcan be reset manually by following steps described in the
Servicing
the Network Management Module>>>Recovering main administrator password .
LDAP configuration/commissioning is not working
Refer to the section Servicing the Network Management Module>>>Commissioning/Testing LDAP .
3.7.3.6.1 For other issues
See the CLI commands in the Information>>>CLI section.
For details on other issues, see the Troubleshooting section.
Settings
Contextual help of the web interface – 85
•
•
•
a Manual
Select Manual, and then enter the network settings if the network is not configured with a BootP or DHCP server.
Enter the IP Address.
The Network Modulemust have a unique IP address for use on a TCP/IP network.
Enter the netmask.
The netmask identifies the class of the sub-network the Network Module is connected to.
Enter the gateway address.
The gateway address allows connections to devices or hosts attached to different network segments.
b DHCP
Select dynamic DHCP to configure network parameters by a BootP or DHCP server.
If a response is not received from the server, the Network Module boots with the last saved parameters from the most recent
power up. After each power up, the Network Module makes five attempts to recover the network parameters.
3.7.4.1.2 IPv6
IPV6 status and the first three addresses are displayed.
Press theEditbutton toconfigure the network settings and get more information and access to the following IPV6 details.
Settings
Contextual help of the web interface – 87
•
•
•
3.7.4.1.3 DNS/DHCP
The DNS is a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a
private network.
Press the
Editbutton toconfigure the network settings, select either the Static or Dynamic settings.
a Manual
Enter the Network Module Hostname.
Enter the Network Module Domain name.
Primary DNS server.
Enter the IP address of the DNS server that provides the translation of the domain name to the IP address.
Settings
Contextual help of the web interface – 88
•
•
•
•
•
•
•
•
Secondary DNS server.
Enter the IP address of the secondary DNS server that provides the translation of the domain name to the IP address when
the primary DNS server is not available.
b DHCP
Enter the Network Module Hostname.
3.7.4.1.4 Ethernet
A LAN is a computer network that interconnects computers within a limited area.
The available values for LAN configuration are listed below:
Auto negotiation
10Mbps -Half duplex
10Mbps -Full duplex
100Mbps - Half duplex
100Mbps -Full duplex
1.0 Gbps - Full duplex
Any modifications are applied after the nextNetwork Modulereboot.
3.7.4.2 Protocol
This tab contains settings for communication protocols used to get information from the devicethrough the network, such as https
for web browser.
Settings
Contextual help of the web interface – 89
3.7.4.2.1 HTTPS
Only https is available.
The default network port for https is 443. For additional security, the ports can be changed on this page.
PressSaveafter modifications.
3.7.4.2.2 Syslog
a Settings
This screen allows an administrator to configure up to two syslog servers.
To configure the syslog server settings:
1-
Enablesyslog.
Since only https is available, port 80 is not supported.
Settings
Contextual help of the web interface – 90
•
•
•
•
•
•
•
•
PressSaveafter modifications.
2- Configurethe syslog server:
Click the edit iconto access settings.
Enter or change the server name.
SelectYesin the Active drop-down list to activate the server.
Enter the Hostname and Port.
Select the Protocol – UDP/TCP.
In TCP, select the message transfer method – Octet counting/Non-transparent framing.
Select the option Using Unicode BOM if needed.
Press
Saveafter modifications.
3.7.4.3 Default settings and possible parameters - Network & Protocol
Default settingPossible parameters
IPV4Mode — DHCPMode — DHCP/Manual (Address/Netmask/Gateway)
IPV6Enable — checked
Mode — DHCP
Enabled — Active/Inactive
Mode — DHCP/Manual (Address/Prefix/Gateway)
DNS/DHCPHostname —
device
-[MAC address]
Mode — DHCP
Hostname — 128 characters maximum
Mode :DHCP/Manual (Domain name/Primary DNS/
Secondary DNS)
EthernetConfiguration — Auto negotiationConfiguration — Auto negotiation - 10Mbps -Half
duplex - 10Mbps -Full duplex - 100Mbps - Half duplex -
100Mbps -Full duplex - 1.0 Gbps - Full duplex
HTTPSPort — 443Port — x-xxx
Settings
Contextual help of the web interface – 91
•
•
•
•
SyslogInactive
Server#1
Name – Primary
Status – Disabled
Hostname – empty
Port – 514
Protocol – UDP
Message transfer method – Non transparent
framing
Using unicode byte order mask (BOM)–
disabled
Server#2
Name – empty
Status – Disabled
Hostname – empty
Port – 514
Protocol – UDP
Message transfer method – DIsabled in UDP
Using unicode byte order mask (BOM)–
disabled
Inactive/Active
Server#1
Name – 128 characters maximum
Status – Disabled/Enabled
Hostname – 128 characters maximum
Port – x-xxx
Protocol – UDP/TCP
Message transfer method – Non transparent
framing
Using unicode byte order mask (BOM)–
disable/enable
Server#2
Name – 128 characters maximum
Status – Disabled/Enabled
Hostname – 128 characters maximum
Port – x-xxx
Protocol – UDP/TCP
Message transfer method (in TCP)– Octet
counting/Non transparent framing
Using unicode byte order mask (BOM)–
disable/enable
3.7.4.3.1 For other settings
3.7.5 SNMP
This tab contains settings for SNMP protocols used for network management systems.
3.7.5.1 SNMP tables
For other settings, see the Information>>>Default settings parameters section.
Changes to authentication settings need to be confirmed by entering a valid password for the active user account.
The default port for SNMP is 161 and normally this should not be changed. Some organizations prefer to use non-
standard ports due to cybersecurity, and this field allows that.
Settings
Contextual help of the web interface – 92
•
•
•
SNMP monitoring Battery status, power status, events, and traps are monitored using third-party SNMP managers.
To query SNMP data, you do not need to add SNMP Managers to the Notified Application page.
To set-up SNMP managers:
Configure the IP address.
Select SNMP v1 or v1 and v3.
Compile the MIB you selected to be monitored by the SNMP manager.
List of supported MIBs:
xUPS MIB | Standard IETF UPS MIB (RFC 1628) | Sensor MIB
Press theSupported MIBsbutton to download the MIBs.
3.7.5.1.1 Settings
This screen allows an administrator to configure SNMP settings for computers that use the MIB to request information from the
Network Module.
Default ports for SNMP are 161 (SNMP v1 and v3, set/get) and 162 (traps). These ports can be changed on the settings screenfor
additional security.
To configure the SNMP settings:
a Enable theSNMP agent
In addition to this also v1 and/or v3 must be enabled, along with appropriate communities and activated user accounts to allow
SNMP communication.
Press
Saveafter modifications.
Settings
Contextual help of the web interface – 93
b Configure the SNMP V1 settings:
1. Click the edit icon on either Read Only or Read/Write account to access settings:
2.Enter the SNMP Community Read-Only string. The Network Module and the clients must share the same community name to
communicate.
3. SelectActivein the Enabled drop-down list to activate the account.
4. Access level is set to display information only.
Settings
Contextual help of the web interface – 94
•
•
•
•
•
c Configure the SNMP V3 settings:
1. Click the edit icon on either Read Only or Read/Write account to access settings:
2. Edit the user name.
3. Select Activein the Enabled drop-down list to activate the account.
4. Select access level.
Read only—The user does not use authentication and privacy to access SNMP variables.
Read/Write—The user must use authentication, but not privacy, to access SNMP variables.
5. Select the communication security mechanism.
Auth, Priv—Communication with authentication and privacy.
Auth, No Priv—Communication with authentication and without privacy.
No Auth, No Priv—Communication without authentication and privacy.
Settings
Contextual help of the web interface – 95
•
•
•
•
•
•
•
•
•
•
•
•
•
6. If Auth is selected on the communication security mechanism, select the Authentication algorithms.
SHA— SHA1 is not recommended as it is not secured.
SHA256—fill in password and privacy keys. The password can be between 8 and 24 characters and use a combination of
alphanumeric and the following special characters<>&@#%_=:;,./?|$*.
SHA384—fill in password and privacy keys. The password can be between 8 and 24 characters and use a combination of
alphanumeric and the following special characters<>&@#%_=:;,./?|$*.
SHA512—fill in password and privacy keys. The password can be between 8 and 24 characters and use a combination of
alphanumeric and the following special characters<>&@#%_=:;,./?|$*.
AES / AES192 / AES256
7. If Priv is selected on the communication security mechanism, select the Privacy algorithms.
AES— fill in password and privacy keys. The password can be between 8 and 24 characters and use a combination of
alphanumeric and the following special characters<>&@#%_=:;,./?|$*.
AES192—fill in password and privacy keys. The password can be between 8 and 24 characters and use a combination of
alphanumeric and the following special characters<>&@#%_=:;,./?|$*.
AES256—fill in password and privacy keys. The password can be between 8 and 24 characters and use a combination of
alphanumeric and the following special characters<>&@#%_=:;,./?|$*.
8. Enter your own login password and clickSave.
3.7.5.2 Trap receivers
The table shows all the trap receivers and includes the following details:
Application name
Host
Protocol
Port
Status:Active/Inactive/Error(configuration error)
It is recommended to set SHA256/SHA384/SHA512 with the AES192/AES256 Privacy algorithms.
It is recommended to set AES192/AES256 with the SHA256/SHA384/SHA512 Authentication algorithms.
Settings
Contextual help of the web interface – 96
•
•
•
•
•
•
•
•
•
3.7.5.2.1 Actions
a Add
1. Press theNewbutton to create new trap receivers.
2. Set following settings:
Enabled – Yes/No
Application name
Hostname or IP address
Port
Protocol– V1/V3
Trap community (V1) / User (V3)
3. Press theSAVEbutton.
b Remove
Select a trap receiver and press the
Deletebutton to remove it.
c Edit
Press the pen iconto edit trap receiver information and access to its settings:
d Test trap
Press the
Test trapbutton to send the trap test to all trap receivers.
Separate window provides the test status with following values:
In progress
Request successfully sent
invalid type
For details on SNMP trap codes, see the Information>>>SNMP traps
section.
Settings
Contextual help of the web interface – 97
•
•
•
•
•
•
•
•
•
•
•
3.7.5.3 Link to SNMP traps
UPS Mib
ATS Mib
Sensor Mib
3.7.5.4 Default settings and possible parameters - SNMP
Default settingPossible parameters
SNMPActivate SNMP — disabled
Port — 161
SNMP V1 — disabled
Community #1 — public
Enabled — Inactive
Access — Read only
Community #2 — private
Enabled — Inactive
Access — Read/Write
SNMP V3 — enabled
User #1 — readonly
Enabled — Inactive
Access — Read only
Authentication — Auth (SHA-1)
Password — empty
Confirm password — empty
Privacy — Secured - AES
Key — empty
Confirm key — empty
User#2 — readwrite
Enabled — Inactive
Access — Read/Write
Authentication — Auth (SHA-1)
Password — empty
Confirmpassword — empty
Privacy — Secured - AES
Key — empty
Confirm key — empty
Activate SNMP — disable/enable
Port — x-xxx
SNMP V1 — disable/enable
Community #1 — 128 characters maximum
Enabled — Inactive/Active
Access — Read only
Community #2 — 128 characters
maximum
Enabled — Inactive/Active
Access — Read/Write
SNMP V3 — disable/enable
User #1 — 32 characters maximum
Enabled — Inactive/Active
Access — Read only/Read-Write
Authentication — Auth (SHA-1)/None
Password — 128 characters maximum
Confirm password — 128 characters
maximum
Privacy — Secured - AES/None
Key — 128 characters maximum
Confirm key — 128 characters maximum
User#2 — 32 characters maximum
Enabled — Inactive/Active
Access — Read only/Read-Write
Authentication — Auth (SHA-1)/None
Password — 128 characters maximum
Confirmpassword — 128 characters
maximum
Privacy — Secured - AES/None
Key — 128 characters maximum
Confirm key — 128 characters maximum
Trap receiversNo trapEnabled — No/Yes
Application name — 128 characters maximum
Hostname or IP address — 128 characters maximum
Port — x-xxx
Protocol — V1
Trap community — 128 characters maximum
3.7.5.4.1 For other settings
For other settings, see the Information>>>Default settings parameters section.
Settings
Contextual help of the web interface – 98
3.7.5.5 Access rights per profiles
AdministratorOperatorViewer
SNMP
3.7.5.5.1 For other access rights
3.7.5.6 Troubleshooting
SNMPv3 password management issue with Save and Restore
Affected FW versions
This issue affects SNMP
configurationdone on versions prior to 1.7.0 when applied to versions 1.7.0 or above.
Symptom
SNMPv3 connectivity is not properly working after a restore settings on a 1.7.0 version or above.
Cause
The SNMPv3 wasconfiguredprior to 1.7.0.
In that case, SNMPv3 configuration is not well managed by the Save and by the Restore settings.
Action
Reconfigureyour SNMPv3 users and passwords on versions 1.7.0 or above and Save the settings.
The SNMPv3 configuration can then be Restored.
3.7.5.6.1 For other issues
3.7.6 Certificate
3.7.6.1 Pairing with clients
For other access rights, see the Information>>>Access rights per profiles section.
For details on other issues, see the Troubleshooting section.
For details on pairing instructions, follow the linkpairing instructionsin the tile or see theServicing the Network
Management Module
>>>Pairing agent to the Network Module
section.
Settings
Contextual help of the web interface – 99
•
•
•
•
During the selected timeframe, new connections to the Network Module are automatically trusted and accepted.
After automatic acceptance, make sure that all listed clients belong to your infrastructure. If not, access may be revoked using the
Delete button.
The use of this automatic acceptance should be restricted to a secured and trusted network.
For maximum security, we recommend followingone of the two methodson the certificate settings page:
Import agent's certificates manually.
Generate trusted certificate for both agents and Network Module using your own PKI.
3.7.6.1.1 Actions
a Start
Starts the pairing window during the selected timeframe or until it is stopped.
Time countdown is displayed.
b Stop
Stops
the pairing window.
3.7.6.2 Local certificates
Manage local certificates by :
Generating CSR and import certificates signed by the CA.
Generating new self-signed certificates.
Settings
Contextual help of the web interface – 100
•
•
•
•
•
3.7.6.2.1 Local certificates table
The table shows the following information for each local certificate.
Used for
Issued by
Valid from
Expiration
Status — valid, expires soon, or expired
3.7.6.2.2 Actions
a Revoke
This action will take the selected certificate out of use.
Select the certificate to revoke, and then press the
Revokebutton.
A confirmation window appears, pressContinueto proceed, this operation cannot be recovered.
b Export
Exports the selected certificate on your OS browser window.
c Configure issuer
Press the
Configure issuerbutton.
A configuration window appears to edit issuer data.
Revoke will replace current certificate by a new self-signed certificate.
This may disconnect connected applications:
- Web browsers
- Shutdown application
- Monitoring application
The certificate that is taken out of use with the revoke action cannot be recovered.
Settings
Contextual help of the web interface – 101
•
•
•
•
•
•
•
•
•
•
Common name (CN)
Country (C)
State or Province (ST)
City or Locality (L)
Organization name (O)
Organization unit (OU)
Contact email address
PressSave button.
d Edit
Press the pen logo:
You will get access to the following:
Certificate summary
Actions
Generate a new self-signed certificate.
Generate CSR.
Import certificate (only available when CSR is generated).
Details
e Generate a new self-signed certificate
To replace a selected certificate with a new self-signed certificate.
This may disconnect applications such as a Web browser, shutdown application, or monitoring application.
Issuer configuration will be applied only after the revoke of the certificate.
Settings
Contextual help of the web interface – 102
•
•
•
•
•
•
This operation cannot be recovered.
f Create new certificates:
g CSR
Press
Generate Signing Request button in the in the certificate edition.
The CSR is automatically downloaded.
CSR must be signed with the CA, which is managed outside the card.
h Import certificate
When the CSR is signed by the CA, it can be imported into the Network Module.
When the import is complete, the new local certificate information is displayed in the table.
3.7.6.3 Certificate authorities (CA)
Manages CAs.
3.7.6.3.1 CA table
The table displays certificate authorities with the following details:
Used for
Issued by
Issued to
Valid from
Expiration
Status— valid, expires soon, or expired
3.7.6.3.2 Actions
a Import
When importing the CA, you must select the associated service, and then upload process can begin through the OS browser
window.
Settings
Contextual help of the web interface – 103
•
•
•
•
•
•
b Revoke
Select the certificate to revoke, and then press the
Revoke button.
A confirmation window appears, press Continue to proceed, this operation cannot be recovered.
Export
Exports the selected certificate on yourOS browser window.
c Edit
Press the pen logoto access to the certificate summary:
3.7.6.4 Trusted remote certificates
The table shows the following information for each trusted remote certificate.
Used for
Issued by
Issued to
Valid from
Expiration
In case a certificate expires, the connection with the client will be lost. If this happens, the user will have to recreate the
connection and associated certificates.
Status— valid, expires soon, or expired
3.7.6.4.1 Actions
a Import
When importing the client certificate, you must select the associated service, and then upload process can begin through the OS
browser window.
b Revoke
Select the certificate to revoke, and then press the
Revokebutton.
A confirmation window appears, pressContinueto proceed, this operation cannot be recovered.
c Edit
Press the pen logoto the certificate summary:
Settings
Contextual help of the web interface – 104
3.7.6.5 Default settings and possible parameters - Certificate
Default settingPossible parameters
Local certificatesCommon name — Service + Hostname + selfsigned
Country — FR
State or Province — 38
City or Locality — Grenoble
Organization name — Eaton
Organization unit — Power quality
Contact email address — blank
Common name — 64 characters maximum
Country — Country code
State or Province —64 characters maximum
City or Locality —64 characters maximum
Organization name —64 characters maximum
Organization unit —64 characters maximum
Contact email address —64 characters maximum
3.7.6.5.1 For other settings
3.7.6.6 Access rights per profiles
AdministratorOperatorViewer
Certificate
3.7.6.6.1 For other access rights
3.7.6.7 CLI commands
certificates
Description
Allows to manage certificates through the CLI.
Help
certificates <target> <action> <service_name>
<target> :
- local
<action> :
- print: provides a given certificate detailed information.
- revoke: revokes a given certificate.
- export: returns a given certificate contents.
- import: upload a given certificate for the server CSR. This will replace the
CSR with the certificate given.
- csr: get the server CSR contents. This will create the CSR if not already
For other settings, see the Information>>>Default settings parameters section.
For other access rights, see the Information>>>Access rights per profiles section.
Settings
Contextual help of the web interface – 105
•
•
•
•
•
•
•
•
•
existing.
<service_name>: mqtt/syslog/webserver
Examples of usage
From a linux host:
printover SSH:sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS certificates local print $SERVICE_NAME
revoke over SSH:sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS certificates localrevoke $SERVICE_NAME
exportover SSH:sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS certificates localexport $SERVICE_NAME
importover SSH:cat$FILE | sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS certificates localimport
$SERVICE_NAME
csr over SSH:sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS certificates localcsr mqtt
From a Windows host:(plink tools from putty is required)
print over SSH:plink $USER@$CARD_ADDRESS -pw$PASSWORD -batch certificates local print $SERVICE_NAME
revoke over SSH:plink $USER@$CARD_ADDRESS -pw $PASSWORD -batch certificates localrevoke $SERVICE_NAME
export over SSH:plink $USER@$CARD_ADDRESS -pw$PASSWORD -batch certificates localexport $SERVICE_NAME
import over SSH:type $FILE | plink $USER@$CARD_ADDRESS -pw $PASSWORD -batch certificates localimport
$SERVICE_NAME
csrover SSH:plink $USER@$CARD_ADDRESS -pw $PASSWORD -batch certificates localcsr mqtt
Where:
$USER is user name (the user shall have administrator profile)
$PASSWORD is the user password
$PASSPHRASE is any passphrase to encrypt/decrypt sensible data.
$CARD_ADDRESS is IP or hostname of the card
$FILE is a certificate file
$SERVICE_NAME is the name one of the following services : mqtt/ syslog / webserver.
3.7.6.7.1 For other CLI commands
3.7.6.8 Troubleshooting
Software is not able to communicate with the Network module
Symptoms
In the Network Module,in
Contextual help>>>Protection>>>Agent list>>>Agent list table , agent is showing "Lost" as
a status.
In the Network Module,in Contextual help>>>Settings>>>Certificate>>>Trusted remote certificates , the status of
theProtected applications (MQTT) is showing"Not valid yet".
IPP/IPM shows "The authentication has failed", "The notifications reception encountered error".
See the CLI commands in the Information>>>CLI section.
Settings
Contextual help of the web interface – 106
•
•
•
•
•
•
•
•
•
•
•
•
Possible cause
The IPP/IPM certificate is not yet valid for the Network Module.
Certificates of IPP/IPM and the Network Module are not matching so that authentication and encryption of connections
between the Network Module and the shutdown agents is not working.
Setup
IPP/IPM is started.
Network module is connected to the UPS and to the network.
Action #1
Check if the IPP/IPM certificate validity for the Network Module.
STEP 1:Connect to the Network Module
On a network computer, launch a supported web browser. The browser window appears.
In the Address/Location field, enter:https://xxx.xxx.xxx.xxx/where xxx.xxx.xxx.xxx is the static IP address of the
Network Module.
The log in screen appears.
Enter the user name in the User Name field.
Enter the password in the Password field.
ClickLogin. The Network Module web interface appears.
STEP 2:Navigate toSettings/Certificatespage
STEP 3:In theTrusted remote certificatessection, check the status of theProtected applications (MQTT).
If it is "Valid"go to Action#2 STEP 2, if it is "Not yet valid", time of the need to be synchronized with IPP/IPM .
STEP 4:Synchronize the time of the Network Module with IPP/IPM and check that the status of theProtected applications
(MQTT)is now valid.
Communication will then recover, if notgo to Action#2 STEP 2.
Action #2
Pair agent to the Network Module with automatic acceptance (recommended in case the installation is done in a secure and
trusted network).
STEP 1:Connect to the Network Module.
On a network computer, launch a supported web browser. The browser window appears.
In the Address/Location field, enter:https://xxx.xxx.xxx.xxx/where xxx.xxx.xxx.xxx is the static IP address of the
Network Module.
The log in screen appears.
Enter the user name in the User Name field.
Enter the password in the Password field.
ClickLogin. The Network Module web interface appears.
STEP 2:Navigate toProtection/Agents listpage.
STEP 3:In thePairing with shutdown agentssection, select the time to accept new agents and press theStartbutton
andContinue. During the selected timeframe, new agent connections to the Network Module are automatically trusted and
accepted.
STEP 4:Action on the agent( IPP/IPM )while the time to accepts new agents is running on the Network Module
Remove theNetwork module certificate file(s) *.0that is (are) located in the folder
Eaton\IntelligentPowerProtector\configs\tls.
For manual pairing (maximum security), go to Servicing the Network Management Module
>>>Pairing agent
to the Network Module
section and then go to STEP 2, item 1.
Maintenance
Contextual help of the web interface – 107
•
•
•
•
•
•
•
Card wrong timestamp leads to "Full acquisition has failed" error message on Software
Symptoms:
IPP/IPM shows the error message"The full data acquisition has failed" even if the credentials are correct.
Possible cause:
The Network module timestamp is not correct.
Probably the MQTT certificate is not valid at Network module date.
Action:
Set the right date, time and timezone. If possible, use a NTP server, refer to
Contextual
help>>>Settings>>>General>>>System details>>>Time & date settings section.
3.7.6.8.1 For other issues
3.8 Maintenance
3.8.1 Firmware
3.8.1.1 Update firmware
Monitors the information for the two-embedded firmware.
Upgrade the Network Module firmware.
3.8.1.1.1 Firmware information
a Status
Uploading
Invalid
Valid
Pending reboot
Active
For details on other issues, see the Troubleshooting section.
Maintenance
Contextual help of the web interface – 108
b Version/Sha
Displays the associated firmware version and associated Sha.
c Generated on
Displays the release date of the firmware.
For better performance, security, and optimized features,Eatonrecommends to upgrade the Network Module regularly.
d Installation on
Displays when the firmware was installed in the Network Module.
e Activated on
Displays when the firmware was activated in the Network Module.
3.8.1.2 Upgrade the Network Module firmware
During the upgrade process, the Network Module does not monitor theDevice status.
To upgrade the firmware:
1. Download the latest firmware version from the website.For more information, see the
Servicing the Network Management
Module>>>Accessing to the latest Network Module firmware/driver
section.
2. Click+Upload.
3. Click Choose fileand select the firmware package by navigating to the folder where you saved the downloaded firmware.
4. ClickUpload. The upload can take up to 5 minutes.
The firmware that was inactive will be erased by this operation.
When an upgrade is in progress, the upload button is disabled, and the progress elements appear below the table with the
following steps:
Transferring > Verifying package > Flashing > Configuring system > Rebooting
A confirmation message displays when the firmware upload is successful, and the Network Module automatically restarts.
Do not close the web browser or interrupt the operation.
Depending on your network configuration, the Network Module may restart with a different IP address.
Refresh the browser after the Network module reboot time to get access to the login page.
Press F5 or CTRL+F5 to empty the browser to get all the new features displayed on the Web user interface.
Communication Lost and Communication recovered may appear in the Contextual help>>>Alarms section.
Maintenance
Contextual help of the web interface – 109
3.8.1.3 Access rights per profiles
AdministratorOperatorViewer
Firmware
3.8.1.3.1 For other access rights
3.8.1.4 CLI commands
get release info
Description
Displayscertain basic information related to the firmware release.
Help
get_release_info
-d Get current release date
-s Get current release sha1
-t Get current release time
-v Get current release version number
3.8.1.4.1 For other CLI commands
3.8.1.5 Troubleshooting
The Network Module fails to boot after upgrading the firmware
Possible Cause
The IP address has changed.
Note:If theapplication is corrupt, due to an interruptionwhile flashing the firmware for example, the boot will be done on
previous firmware.
Action
Recover the IP address and connect to the card.
For other access rights, see the Information>>>Access rights per profiles section.
See the CLI commands in the Information>>>CLI section.
Maintenance
Contextual help of the web interface – 110
•
•
Refer to Installing the Network Management Module>>>Accessing the Network Module>>>Finding and setting the IP
address section.
Web user interface is not up to date after a FW upgrade
Symptom
After an upgrade:
The Web interface is not up to date
New features of the new FW are not displayed
Possible causes
The browser is displaying the Web interface through the cache that contains previous FW data.
Action
Empty the cache of your browser using F5 or CTRL+F5.
3.8.1.5.1 For other issues
3.8.2 Services
3.8.2.1 Service options
3.8.2.1.1 Sanitization
Sanitization removes all the data; the Network Module will come back to factory default settings.
To sanitize the Network Module:
1. Click
Sanitize.
A confirmation message displays, click Sanitize to confirm.
For details on other issues, see the Troubleshooting section.
For details on default settings, see theInformation>>>Default settings parameterssection.
Maintenance
Contextual help of the web interface – 111
3.8.2.1.2 Reboot
Reboot means restarting the network module operating system.
To reboot the Network Module:
Click
Reboot.
A confirmation message displays, click
Rebootto confirm, the reboot time will take approximately less than 2min.
Depending on your network configuration, the Network Module may restart with a different IP address.
Only main administrator user will remain with default login and password.
Refresh the browser after the Network module reboot time to get access to the login page.
Maintenance
Contextual help of the web interface – 112
3.8.2.1.3 Settings
Allow to save and restore the Network module settings.
3.8.2.1.4 Save
To save the Network module settings:
1. Click on
Save
2. Select to include the Network settings if needed.
A passphrase need to be entered twice to cypherthe sensitive data.
3. Click onSave
Depending on your network configuration, the Network Module may restart with a different IP address.
Refresh the browser after the Network module reboot time to get access to the login page.
Communication Lost and Communication recovered may appear in the Alarm section.
For more details, navigate to Servicing the Network Management Module>>>Saving/Restoring/Duplicating section.
Below settings are not saved:
Local users other than the main administratorSensor settings (commissioning, alarm configuration)
Maintenance
Contextual help of the web interface – 113
3.8.2.1.5 Restore
To restore the Network module settings:
1. Click onRestore
2. Select to include the Network settings if needed.
3. Enter the passphrase used when the file was saved.
4. Click on Choose file andselect the JSON file
5. Click onRestoreto confirm
3.8.2.1.6 Maintenance
The maintenance report is for the service representative use to diagnose problems with the network module. It is not intended for
the user, which is why the file is protected by a password.
To download the maintenance report file:
Click
Download report.
A confirmation message displays,Maintenance report file successfully downloaded.
Restoring settings may result in the Network module reboot.
Maintenance
Contextual help of the web interface – 114
3.8.2.2 Access rights per profiles
AdministratorOperatorViewer
Services
3.8.2.2.1 For other access rights
3.8.2.3 CLI commands
maintenance
Description
Creates a maintenance report file whichmaybehandedto the technical support.
Help
maintenance
<cr> Create maintenance report file.
-h, --help Display help page
reboot
Description
Tool to Reboot the card.
Help
Usage: reboot [OPTION]
<cr> Reboot the card
--help Display help
--withoutconfirmation Reboot the card without confirmation
save_configuration | restore_configuration
For other access rights, see the Information>>>Access rights per profiles section.
Maintenance
Contextual help of the web interface – 115
•
•
•
•
•
•
Description
Save_configuration and restore_configuration are using JSON format to save and restorecertain part of the configuration of
the card.
Help
save_configuration -h
save_configuration: print the card configuration in JSON format to standard output.
restore_configuration -h
restore_configuration: restore the card configuration from a JSON-formatted standard
input.
Examples of usage
From a linux host:
Save over SSH:sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS save_configuration -p $PASSPHRASE> $FILE
Restore over SSH:cat $FILE | sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS restore_configuration -p
$PASSPHRASE
From a Windows host:
Save over SSH:plink $USER@$CARD_ADDRESS -pw$PASSWORD -batch save_configuration -p $PASSPHRASE > $FILE
Restore over SSH:type $FILE | plink $USER@$CARD_ADDRESS -pw $PASSWORD -batch restore_configuration -p
$PASSPHRASE
(Require plink tools from putty)
Where:
$USER is user name (the user shall have administrator profile)
$PASSWORD is the user password
$PASSPHRASE is any passphrase to encrypt/decrypt sensible data.
$CARD_ADDRESS is IP or hostname of the card
$FILE is a path to the JSON file (on your host computer) where the configuration is saved or restored.
sanitize
Description
Sanitize command to return card to factory reset configuration.
Access
Administrator
Maintenance
Contextual help of the web interface – 116
•
•
Help
sanitize
-h, --help Display help page
--withoutconfirmation Do factory reset of the card without confirmation
<cr> Do factory reset of the card
3.8.2.3.1 For other CLI commands
3.8.3 Resources
Card resources is an overviewof the Network Module processor, memory and storage information.
The
COPY TO CLIPBOARDbutton will copy the information toyour clipboard so that it can be past.
For example, you can copy and paste information into an email.
3.8.3.1 Processor
Used in %
Up since date
See the CLI commands in the Information>>>CLI section.
Maintenance
Contextual help of the web interface – 118
1.
a.
b.
2.
a.
b.
c.
d.
3.
a.
i.
ii.
iii.
•
•
•
•
3.8.3.4.1 For other access rights
3.8.3.5 CLI commands
systeminfo_statistics
Description
Displays the following system information usage:
CPU
usage : %
upSince: date since the system started
Ram
total: MB
free: MB
used: MB
tmpfs: temporary files usage (MB)
Flash
user data
total: MB
free: MB
used: MB
Help
systeminfo_statistics
Display systeminfo statistics
-h, --help Display the help page.
3.8.3.5.1 For other CLI commands
3.8.4 System logs
3.8.4.1 System logs
There are 4 types of logs available:
Update
Account
Session
System
Select the log files to download and press the download icon:
For other access rights, see the Information>>>Access rights per profiles section.
See the CLI commands in the Information>>>CLI section.
Maintenance
Contextual help of the web interface – 119
•
•
•
•
•
•
•
•
•
•
•
•
•
•
3.8.4.2 Access rights per profiles
AdministratorOperatorViewer
System logs
3.8.4.2.1 For other access rights
3.8.5 System information
System information is an overviewof the main Network Module information.
The
COPY TO CLIPBOARD button will copy the information to the clipboard.
3.8.5.1 Identification
System name– if filled, it replaces the Device model name in the top bar
Product
Physical name
Vendor
UUID
Part number
Serial number
Hardware version
Location
Contact
MAC address
3.8.5.2 Firmware information
Version
SHA
Build date
For the list of system logs, see the Information>>>System Logs codes section.
For other access rights, see the Information>>>Access rights per profiles section.
Legal information
Contextual help of the web interface – 120
•
•
•
Installation date
Activation date
Bootloader version
3.8.5.3 Access rights per profiles
AdministratorOperatorViewer
System information
3.8.5.3.1 For other access rights
3.9 Legal information
This Network Module includes software components that are either licensed under various open source license, or under a
proprietary license.
3.9.1 Component
All the open source components included in the Network Module are listed with their licenses.
3.9.2 Availability of source code
Provides the way to obtain the source code of open source components that are made available by their licensors.
3.9.3 Notice for proprietary elements
Provides notice for our proprietary (i.e. non-Open source) elements.
For other access rights, see the Information>>>Access rights per profiles section.
Alarms
Contextual help of the web interface – 121
•
•
3.9.4 Access rights per profiles
AdministratorOperatorViewer
Legal information
3.9.4.1 For other access rights
3.10 Alarms
3.10.1 Alarm sorting
Alarms can be sorted by selecting:
All
Active only
For other access rights, see the Information>>>Access rights per profiles section.
Alarms
Contextual help of the web interface – 122
•
•
•
•
3.10.2 Active alarm counter
3.10.3 Alarm details
Allalarms are displayed andsorted by date, with alert level, time, description, and status.
Info/Warning/Critical logoAlarm description text
ActiveIn colorIn bold with "Active" label
OpenedIn color
ClosedGreyed
3.10.4 Alarm paging
The number of alarms per page can be changed (10-15-25-50-100).
When the number of alarms is above the number of alarms per page,the buttons
First, Previous andNextappears to allow
navigation in the Alarm list.
3.10.5 Export
Press the
Exportbutton to download the file.
3.10.6 Clear
Press theClearbutton to clear alarms that are older than a specified date and up to a defined severity.
3.10.7 Alarms list with codes
To get access to the Alarm log codes or the System log codes for email subscription, seesections below:
System log codes
UPS(HID) alarm log codes
9130 UPS(XCP) alarm log codes
ATS alarm log codes
Alarms with a severity set as Good are not taken into account into the counter of active alarms.
User profile
Contextual help of the web interface – 123
•
•
EMP alarm log codes
Network module alarm log codes
3.10.8 Access rights per profiles
AdministratorOperatorViewer
Alarm list
Export
Clear
3.10.8.1 For other access rights
3.11 User profile
3.11.1 Access to the user profile
Press theicon on the top right side of the page to access the user profile window:
3.11.2 User profile
This page displays the current username with its realm (local, remote) and allows to Change passwords, Edit account and Log out.
For other access rights, see the Information>>>Access rights per profiles section.
This page is in read-only mode when connected through LDAP and it displays the preferences applied to all LDAP
users as configured in the Contextual help>>>Settings>>>Remote users>>>LDAP section.
User profile
Contextual help of the web interface – 125
•
•
•
•
•
•
•
•
3.11.2.2 Edit account
If you have the administrator's rights, you can click on
Edit accounttoedit user profile and update the following information:
Account details
Full name
Email
Phone
Organization
Preferences
Language
Date format
Time format
Temperature
3.11.2.3 Edit account
Click
Log outto close the session.
3.11.3 Default settings and possible parameters - User profile
Default settingPossible parameters
User profile
Contextual help of the web interface – 126
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
ProfileAccount details:
Full name — Administrator
Email — blank
Phone — blank
Organization — blank
Preferences:
Language — English
Date format — MM-DD-YYYY
Time format — hh:mm:ss (24h)
Temperature — °C (Celsius)
Account details:
Full name — 128 characters maximum
Email — 128 characters maximum
Phone — 64 characters maximum
Organization — 128 characters maximum
Preferences:
Language — English, French, German,
Italian, Japanese, Russian, Simplified
Chinese, Spanish, Traditional Chinese
Date format — MM-DD-YYYY / YYY-MM-
DD / DD-MM-YYY / DD.MM.YYY / DD/MM/
YYY / DD MM YYYY
Time format — hh:mm:ss (24h) / hh:mm:ss
(12h)
Temperature — °C (Celsius)/°F (Fahrenheit)
3.11.3.1 For other settings
3.11.4 Access rights per profiles
AdministratorOperatorViewer
User profile
3.11.4.1 For other access rights
3.11.5 CLI commands
logout
Description
Logout the current user.
Help
logout
<cr> logout the user
For other settings, see the Information>>>Default settings parameters section.
For other access rights, see the Information>>>Access rights per profiles section.
User profile
Contextual help of the web interface – 127
•
•
•
whoami
Description
whoami displays current user information:
Username
Profile
Realm
3.11.5.1 For other CLI commands
3.11.6 Troubleshooting
Password change in My profile is not working
Symptoms
The password change shows "
Invalid credentials
" when I try to change my password in My profile menu:
Possible cause
The password has already been changed once within a day period.
Action
Let one day between your last password change and retry.
3.11.6.1 For other issues
See the CLI commands in the Information>>>CLI section.
For details on other issues, see the Troubleshooting section.
Documentation
Contextual help of the web interface – 128
3.12 Documentation
3.12.1 Access to the embedded documentation
Press the ?
icon on the top right side of the page to access the documentationin a new window:
The focus will be made on the contextual page.
You can then navigate into below sections:
Contextual helpHelp for each webpage.
Extracts from the sections below when they are related to the web page.
Servicing the Network Management ModuleHow to install and use the Network module.
Securing the Network Management ModuleHow to secure the Network module.
InformationGeneral information of the Network Module and Devices.
TroubleshootingHow to troubleshoot the Network Module.
3.12.2 Access rights per profiles
AdministratorOperatorViewer
Contextual help
Full documentation
3.12.2.1 For other access rights
Search feature is indexed.
For other access rights, see the Information>>>Access rights per profiles section.
Configuring/Commissioning/Testing LDAP
Servicing the Network Management Module – 129
1.
2.
3.
4.
a.
b.
5.
6.
7.
1.
2.
3.
4 Servicing the Network Management Module
4.1 Configuring/Commissioning/Testing LDAP
4.1.1 Commissioning
Refer to the section
Contextual help>>>Settings>>>Local users to get help on the configuration.
4.1.1.1 Configuring connection to LDAP database
This step configures the LDAP client of the network module to request data from an LDAP base.
Activate LDAP.
Define security parameters according to LDAP servers' requirements.
Configure primary server (and optionally a secondary one).
If security configuration needs server certificate verification, import your LDAP server certificate.
Refer to the section to get help on certificate import.
In case LDAP server certificate is self-signed, import the self-signed certificate in the
Trusted remote certificate
list
for
LDAP
service.
in case LDAP server certificate has been signed by a CA, import the corresponding CA in the
Certificate authorities
(CA)
list for
LDAP
service.
Configure credentials to bind with the LDAP server or select
anonymous
if no credentials are required.
Configure the
Search base DN
.
Configure the request parameters (see examples below).
4.1.1.1.1 Typical request parameters
ParameterOpenLDAPActive Directory™ with POSIX
account activated
Active Directory™
User base DNou=users, dc=example, dc=comou=users, dc=example, dc=comou=users, dc=example, dc=com
User name attributeuiduidsAMAccountName
UID attributeuidNumberuidNumberobjectSid:S-1-5-xx-yy-zz (domain SID)
Group base DNou=groups, dc=example, dc=comou=groups, dc=example, dc=comou=groups, dc=example, dc=com
Group name attributegidgidsAMAccountName
GID attributegidNumbergidNumberobjectSid:S-1-5-xx-yy-zz (domain SID)
4.1.1.2 Testing connection to LDAP database
Refer to the sectionInformation>>>CLI>>>ldap-testto get help on the CLI command.
To test connection to the LDAP database:
Connect to the CLI.
Launch
ldap-test --checkusername
command.
In case of error, use the
verbose
option ofthe command to investigate the reason.
Pairing agent to the Network Module
Servicing the Network Management Module – 130
1.
2.
1.
2.
3.
4.
1.
2.
3.
4.
•
•
•
•
•
•
•
4.1.1.3 Map remote users to profile
Configure the rules to mapped LDAP users to profile:
Enter LDAP group name.
Select the profile to assigned.
You can define up to 5 mapping rules.
All LDAP users belonging to the configured LDAP group will have permissions granted by the associated profile.
4.1.1.4 Testing profile mapping
Refer to the sectionInformation>>>CLI>>>ldap-testto get help on the CLI command.
To test LDAP users profile mapping:
Connect to the CLI.
Launch
ldap-test --checkmappedgroups
command.
This command will verify each mapped group exists in the LDAP base and will display the associated local profile.
In case of error, use the
verbose
option ofthe command to investigate the reason.
4.1.1.5 Define LDAP user's preferences
This step configures the user's preferences to apply to
all LDAP users.
4.1.2 Testing LDAP authentication
Refer to the sectionInformation>>>CLI>>>ldap-testto get help on the CLI command.
Connect to the CLI.
Launch
ldap-test --checkauth
command.
This command will verify an LDAP user can authenticate using his username and password and will display its local profile.
In case of error, use the
verbose
option ofthe command to investigate the reason
4.1.3 Limitations
If the same username exists in both local and LDAP databases, the behavior is undefined.
If a user belongs to multiple LDAP groups mapped to different profiles, the behavior is undefined.
No client certificate provided. It is not possible for the server to verify the client authenticity.
It is not possible to configure LDAP to work with 2 different search bases.
LDAP user's preferences are common to all LDAP users.
LDAP users cannot change their password through the Network Module.
The remote groupname entered in profile mapping settings must be composed only of alphanumerics, underscore and
hyphen characters (but this last one can't be at the beginning).
4.2 Pairing agent to the Network Module
Authentication and encryption of connections between the UPS network module and shutdown agents is based on matching
certificates.
This step is mandatory and configures the Network module to give permissions to the LDAP users.
Users not belonging to a group mapped on a profile will be rejected.
If a user belongs to multiple LDAP groups mapped to different profiles, the behavior is undefined.
Pairing agent to the Network Module
Servicing the Network Management Module – 131
•
•
•
•
•
•
4.2.1 Pairing with credentials on the agent
STEP 1: Action on the agent (IPP/IPM).
1.Connect to the web interface of the agent.
2. Detect the UPS Network Module with an Address(es) scan, select Override global authentication settings and type the UPS
Network Module credentials.
4.2.2 Pairing with automatic acceptance (recommended if done in a
secure and trusted network)
Pairing with automatic acceptance of shutdown agents and UPS network modules is recommended in case the installation is done
in a secure and trusted network, and when certificates cannot be created in other ways.
STEP 1: Action on the Network Module
1. Connect to the Network Module
On a network computer, launch a supported web browser. The browser window appears.
In the Address/Location field, enter: https://xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the static IP address of the Network
Module.
The log in screen appears.
Enter the user name in the User Name field.
Enter the password in the Password field.
Click Login. The Network Module web interface appears.
2. Navigate to Contextual help>>>Protection>>>Agents list page
3.In the
Pairing with shutdown agentssection, select the time to accept new agents and press the Start button and the
pressContinue. During the selected timeframe, new agent connections to the Network Module are automatically trusted and
accepted.
STEP 2: Action on the agent (IPP) while the time to accepts new agents is running on the Network Module
1. Connect to the web interface of the agent.
2. Detect the UPS Network Module with a Quick scan, Range scan or an Address(es) scan.
3. Right-click on the UPS Network Module when discovered and then Set aspower source,Configure it, andSave it.
STEP 3: Action on the Network Module
1.Make sure all listed agents in the card (Contextual help>>>Protection>>>Agents list) belong to your infrastructure, if not,
access may be revoked using theDeletebutton.
2. If the time for pairing still runs, you can stop it. Press Stop in thePairing with shutdown agentssection.
4.2.3 Pairing with manual acceptance
Manual pairing provides the maximum security.
STEP 1: Action on the agent (IPP)
1. Connect to the web interface of the agent
2. Detect the UPS Network Module with a Quick scan, Range scan or an Address(es) scan.
3. Define the power source
Note: After that stage, the agent creates a client certificate. The power source could show a communication loss since the
current client certificate is not trusted by the Network Module.
4. Copy the agent certificate file
client.pemthat is located in the folderEaton\IntelligentPowerProtector\configs\tls..
STEP 1 and STEP2 can be done either ways.
Powering down/up applications (examples)
Servicing the Network Management Module – 132
•
•
•
•
•
•
STEP 2: Action on the Network Module
1. Connect to the Network Module
On a network computer, launch a supported web browser. The browser window appears.
In the Address/Location field, enter: https://xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the static IP address of the Network
Module.
The log in screen appears.
Enter the user name in the User Name field.
Enter the password in the Password field.
Click Login. The Network Module web interface appears.
2. Navigate to Contextual help>>>Settings>>>Certificatepage
3. In theTrusted remote certificates section, click Import, selectProtected applications (MQTT) and thenclick on CONTINUE
4. Select the client.pem file previously saved, click Open. Communication with the agent is restored.
4.3 Powering down/up applications (examples)
4.3.1 Powering down IT system in a specific order
4.3.1.1 Target
Powering down applications first (when on battery for 30s), database servers next (3min after the applications), and storage last (as
late as possible).
4.3.1.2 Step 1: Installation setup
4.3.1.2.1 Objective
Use load segmentation provided by the UPS to independently control the power supply of each IT equipment categories
(Applications, Database servers, Storage).
It also allows IT equipment to sequentially restart on utility recovery (
Restart sequentially the IT equipment on utility recovery).
4.3.1.2.2 Resulting setup
UPS provides outlets (Group 1 and Group 2) and a primary output.
When primary shuts OFF, both group 1 and group 2 shut OFF immediately.
Powering down/up applications (examples)
Servicing the Network Management Module – 133
•
•
•
•
•
•
Connections to UPS are done as described below:
Group 1: Applications
Group 2: Database servers
Primary: Storage
4.3.1.3 Step 2: Agent settings
4.3.1.3.1 Objective
Ensure IT solution is shutdown gracefully.
4.3.1.3.2 Resulting setup
1. InstallIPPSoftware on each server (Application, Database servers, Storage) and register the UPS load segment as power source:
Applications:Group 1
Database servers:Group 2
Storage: Entire UPS
2. Pair agent to the Network Module (
Pairing agent to the Network Module).
When done, each server appears in the Agent list.
3.Navigate toContextual help>>>Protection>>>Agent shutdown sequencingpage.
4. Set the OS shutdown duration to the time needed for your server to shutdown gracefully.
This will make sureIPPshutdowns your servers before the load segment is powered down.
As a result, it will define the overall shutdown sequence duration for each load segments.
4.3.1.4 Step 3: Power outage policy settings
4.3.1.4.1 Objective
Use load segment policies to define shutdown sequencing.
4.3.1.4.2 Resulting setup
1. Navigate to
Contextual help>>>Protection>>>Shutdown on power outagepage of the Network Module
2. Make sure Primary is set to: Maximize availability.
For examples of Agent settings, see the Agent shutdown sequencing examples section.
•
•
•
•
For examples of Power outage policy, see the following sections:
Maximize availability policy example
Immediate graceful shutdown policy example
Load shedding policy examples
Custom policy examples
Powering down/up applications (examples)
Servicing the Network Management Module – 134
Storage is the last one to power down, its availability is maximized, and its shutdown will end 30s before the end of backup
time.
3. Set Group 1 and Group 2 to:
Custom.
Applications must shutdown first so Group 1 has been set to start shutdown when on battery for 30s.
Servers must shutdown second, so Group 2has been set to start shutdown when on battery for 210s, so 3min after the
applications.
Powering down/up applications (examples)
Servicing the Network Management Module – 135
4.3.2 Powering down non-priority equipment first
4.3.2.1 Target
Powering down non-priority equipment first (immediately) and keep battery power for critical equipment.
Powering down critical equipment 3min before the end of backup time.
4.3.2.2 Step 1: Installation setup
4.3.2.2.1 Objective
Use load segmentation provided by the UPS to independently control the power supply of each IT equipment categories
(Applications, Database servers, Storage).
Load segmentation also allows IT equipment to restart sequentially on utility recovery(
Restart sequentially the IT equipment on
utility recovery).
Powering down/up applications (examples)
Servicing the Network Management Module – 136
•
•
•
•
•
•
4.3.2.2.2 Resulting setup
UPS provides outlets (Group 1 and Group 2) and a primary output.
Connections can be done as described below:
Group 2: non-priority equipment
Group 1: critical equipment
Primary:criticalequipment
4.3.2.3 Step 2: Agent settings
4.3.2.3.1 Objective
Ensure IT solution is shutdown gracefully.
4.3.2.3.2 Resulting setup
1. InstallIPPSoftware on each server (Application, Database servers, Storage) and register the UPS load segment as power source:
Critical equipment:Group 1
Non-priority equipment:Group 2
Critical equipment: Entire UPS
2. Pair agent to the Network Module (
Pairing agent to the Network Module).
When done, each server appears in the Agent list.
3.Navigate toContextual help>>>Protection>>>Agent shutdown sequencingpage
4. Set the OS shutdown duration to the time needed for your server to shutdown gracefully.
This will make sureIPPshutdowns your servers before the load segment is powered down.
As a result, it will define the overall shutdown sequence duration for each load segments.
4.3.2.4 Step 3: Power outage policy settings
4.3.2.4.1 Objective
Use load segment policies to define shutdown sequencing.
4.3.2.4.2 Resulting setup
1. Navigate to
Contextual help>>>Protection>>>Shutdown on power outagepage on the Network Module
2. Set Primary and Group 1 to:
Customand set it to end shutdown sequence 180s before the end of backup time.
When primary shuts OFF, both group 1 and group 2 shut OFF immediately.
For examples of Agent settings, see the Agents shutdown sequencing sections.
•
•
•
•
For examples of Power outage policy, see the following sections:
Maximize availability policy example
Immediate graceful shutdown policy example
Load shedding policy examples
Custom policy examples
Powering down/up applications (examples)
Servicing the Network Management Module – 138
Non-priority equipmentimmediately shuts down when on battery for 10s to keep battery power for critical equipment.
4.3.3 Restart sequentially the IT equipment on utility recovery
4.3.3.1 Target
Restart the storage first (right after utility recovery), database servers next(2min after utility recovery) and applications last (3min
after utility recovery).
4.3.3.2 Step 1: Installation setup
4.3.3.2.1 Objective
Use load segmentation provided by the UPS to independently control the power supply of each IT equipment categories
(Applications, Database servers, Storage).
Checking the current firmware version of the Network Module
Servicing the Network Management Module – 139
•
•
•
•
•
This will allow to restart sequentially the IT equipment on utility recovery.
4.3.3.2.2 Resulting setup
UPS provides outlets (Group 1 and Group 2) and a primary output.
Connections to UPS can be done as described below:
Group 1: Applications
Group 2: Database servers
Primary: Storage
4.3.3.3 Step 2: Power outage policy settings
4.3.3.3.1 Objective
Use load segment restart settings to define restart sequencing.
4.3.3.3.2 Resulting setup
1. Navigate to
Contextual help>>>Protection>>>Shutdown on power outagepage and to the When utility comes backsection.
2. Enable the "Keep shutdown sequence running until the end and then restart (forced reboot)".
3. Enable the "Automatically restart the UPS when battery capacity exceeds" and set it to 0%.
The storage will restart first, right after utility recovery without waiting the battery capacity to exceed a % limit.
4. Set Then Group 1 after to 120s.
The database servers will restart 120s after the utility recovery.
5. Set Then Group 2 after to 60s.
The database servers will restart 180s after the utility recovery.
4.4 Checking the current firmware version of the Network Module
Currentfirmware of the Network Module can be accessed in :
The Card menu :
Contextual help>>>Maintenance>>>System information>>>Firmware information: Firmware version x.xx.x
The Card menu : Contextual help>>>Maintenance>>>Firmware: Active FW version x.xx.x
4.5 Accessing to the latest Network Module firmware/driver/script
Download the latest Eaton Network Module firmware, driver or script from theEatonwebsitewww.eaton.com/downloads
When utility recovers, primary starts immediately.
Upgrading the card firmware (Web interface / shell script)
Servicing the Network Management Module – 140
1.
2.
4.6 Upgrading the card firmware (Web interface / shell script)
4.6.1 Web interface
To upgrade the Network module through the Web interface, refer to the section:
Firmware upgrade through the Web interface.
4.6.2 Shell script
4.6.2.1 Prerequisite
Shell script uses the following tools: sshpass, scp.
To get it installed on your Linux host, use the following commands.
Debian/Ubuntu
$ sudo apt-get install sshpass scp
RedHat/Fedora/CentOS
$ sudo dnf install sshpass scp
Make shell script executable:
$ chmod 700 install_updatePackage.sh
4.6.2.2 Procedure
To upgrade the Network module using:
Open a shell terminal on your computer (Linux or cygwin; meaning real or emulated Linux operating system).
Use the shell script
install_updatePackage.sh
Usage: 'install_updatePackage.sh' [options]
Upgrade tool
Mandatory arguments are -f, -i, -u and -p
-h : show help
-f <path> : path of the upgrade file
-u <username> : username of a card user allowed to start upgrade
-p <password> : user password
-i <ipaddress> : ip address of the card to upgrade
-r : reboot the card after upgrade
4.6.3 Example:
$ ./install_updatePackage.sh -u admin -p <mypassword> -f FW_Update.tar -i <cardIpAddress> -r
For instructions on accessing to the latest firmware and script, refer to: Accessing to the latest firmware and script
Changing the RTC battery cell
Servicing the Network Management Module – 141
STARTING UPDATE FROM: [FW_Update.tar] to [X.X.X.X]
Transfer by scp (FW_Update.tar) to [X.X.X.X]
Warning: Permanently added 'X.X.X.X' (ECDSA) to the list of known hosts.
Transfer done.
Check running upgrade status ...
Check firmware binary signature
Uncompress and flash upgrade - inProgress(%):11
Uncompress and flash upgrade - inProgress(%):28
Uncompress and flash upgrade - inProgress(%):44
Uncompress and flash upgrade - inProgress(%):61
Uncompress and flash upgrade - inProgress(%):78
Uncompress and flash upgrade - inProgress(%):92
Uncompress and flash upgrade - inProgress(%):100
Uncompress and flash upgrade - inProgress(%):100
Uncompress and flash upgrade
Executing post post_upgrade.sh script upgrade
Upgrade done
Warning: Permanently added 'X.X.X.X' (ECDSA) to the list of known hosts.
Rebooting...
res: Y
Update: OK
4.7 Changing the RTC battery cell
1. Access the Network Module, and then disconnect the Network cable, if needed.
2. Unscrew the Network Module and remove it from the slot.
3. Locate the RTC battery cell located on the back of the Network Module.
4. Get a new battery cell (CR1220 type).
5. Replace the battery cell, the positive mark (+) should be visible when inserting it.
Changing the RTC battery cell
Servicing the Network Management Module – 142
6. Replace the Network Module and secure the screw, reconnect the Network cableif it was unplugged during the operation.
7. Connect the Network Module and set the date and time. For more information, see the Date & Timesection.
Updating the time of the Network Module precisely and permanently (ntp server)
Servicing the Network Management Module – 143
1.
2.
4.8 Updating the time of the Network Module precisely and
permanently (ntp server)
For an accurate and quick update of the RTC for the Network Module, we recommend implementing a NTP server as time source
for the Network Module.
LANs have aninternal NTP server (Domain Controller, mail servers, Outlook servers are generally time servers too) but you can use
a public ntp server like pool.ntp.org (after addition of the related rules to your firewall system).
For more information, see the
Contextual help>>>Settings>>>General>>>System details>>>Time & date settingssection.
4.9 Synchronizing the time of the Network Module and the UPS
4.9.1 Automatic time synchronization
4.9.1.1 Every day at 5 a.m.
The UPS time (local time) is synchronized with the Network Module.
4.9.1.2 If the Network Module time is lost
The Network Module and the UPS time is synchronized with the oldest time between the last know Network Module time and the
UPS time.
4.9.2 Manual time synchronization
4.9.2.1 From the Network Module
On the Network Module, navigate to
Contextual help>>>Settings>>>General>>>System details>>>Time & date settings section
and update the time.
The UPS time (local time) is directly synchronized with the Network Module.
4.9.2.2 From the UPS
4.10 Changing the language of the web pages
Update thelanguage of the web page in the Settings menu.
Navigate to
Contextual help>>>User profile>>>Edit account.
Select the language, and then press the Save button.
This section is valid only when the UPS can manage date and time (refer to the UPS user manual for confirmation).
The Network Module use UTC time and manage the time zone and the DST.
The UPS manage only the local time.
When the time is updated on the UPS, it is not synchronized on the Network Module.
The language of the login page is English
by default or browser language when it is supported.
Resetting username and password
Servicing the Network Management Module – 144
•
•
•
1.
2.
3.
4.11 Resetting username and password
4.11.1 As an admin for other users
1. Navigate to
Contextual help>>>Settings>>>Local users.
2. Press the pen iconto edit user information:
3. Change username and
save the changes.
4. Select Reset password and choosefrom the following options :
Generate randomly
Enter manually
Force password to be changed on next login
5. Enter your own password to confirm the changes.
6. Save the changes.
4.11.2 Resetting its own password
1. Navigate to
Contextual help>>>User profile.
2. Press Change password
3. Enter your current password, the new password twice.
4. Press Submit to save the changes.
4.12 Recovering main administrator password
To recover the mainadministrator password,ask another administrator to initialize the password.
If it is not possible, proceed to the card sanitization:
Access the Network Module, disconnect the Network cable, if needed.
Unscrew the Network Module and remove it from the slot.
Locate the SANITIZATION switch that is located on the back of the Network Module.
Below instruction will sanitize the card and blank all the data.
Depending on your network configuration, the Network Module may restart with a different IP address.
Only main administrator user will remain with default login and password.
Refresh the browser after the Network module reboot time to get access to the login page.
Switching to static IP (Manual) / Changing IP address of the Network Module
Servicing the Network Management Module – 145
4.
5.
6.
7.
8.
1.
2.
3.
•
•
•
4.
Peel off the protection :
Change the position of switch number 3, this change is detected during next power ON and the sanitization will be applied :
Case 1 :
Case 2 :
Replace the Network Module and secure the screw, connect the Network cable, if needed.
Connect the Network Module byusing the default credentials of the main administrator : admin/admin.
You will beforced tochange the password accordingly to the current password strength rules.
4.13 Switching to static IP (Manual) / Changing IP address of the
Network Module
Administrators can switch to static IPin the Settings menu and change the IP address of the Network Module.
Navigate to
Contextual help>>>Settings>>>Network & Protocol>>>IPV4.
Select Manual (Static IP).
Input the following information:
IPv4 Address
Subnet Mask
Default Gateway
Save the changes.
4.14 Reading device information in a simple way
4.14.1 Web page
The product information is located in the
Contextual help>>>Home>>>Energy flow diagram>>>Details,specifically with the button
on the top of the diagram:
Changes of the switches 1, 2 or 4 has no effect.
Subscribing to a set of alarms for email notification
Servicing the Network Management Module – 146
•
•
•
•
•
4.15 Subscribing to a set of alarms for email notification
4.15.1 Example #1: subscribing only to one alarm (load unprotected)
Follow the steps below:
1. Navigate to
Contextual help>>>Settings>>>General>>>Email notification settings.
2. Press the button New to create a new configuration.
3. Select:
Active: Yes
Configuration name: Load unprotected notification
Email address:[email protected]
Notify on events: Active
Always notify events with code: 81E (Load unprotected)
4. Press Save, the table will show the new configuration.
Logs will be attached by default in that example even if there is no subscription on card or device events.
Subscribing to a set of alarms for email notification
Servicing the Network Management Module – 147
•
•
•
•
•
•
4.15.2 Example #2: subscribing to all Critical alarms and some specific
Warnings
Follow the steps below:
1. Navigate to
Contextual help>>>Settings>>>General>>>Email notification settings.
2. Press the buttonNewto create a new configuration.
3. Select:
Active: Yes
Configuration name: ALL Critical and User account Warning notification
Email address: [email protected]
Notify on events: Active
Subscribe to Critical card events and Critical device events
Always notify events with code:0800700,0800900 (User account - password expired,User account- locked)
Saving/Restoring/Duplicating Network module configuration settings
Servicing the Network Management Module – 148
4. PressSave, the table will show the new configuration.
4.16 Saving/Restoring/Duplicating Network module configuration
settings
4.16.1 Modifying the JSON configuration settings file
4.16.1.1 JSON file structure
The JSON file is structured into 3 blocks:
Saving/Restoring/Duplicating Network module configuration settings
Servicing the Network Management Module – 149
4.16.1.1.1 File block
File block cannot be modified, this is the mandatory structure of the JSON file.
4.16.1.1.2 Feature block
Feature block contains the full definition of a feature.
If it is removed from the JSON file, this feature settings will not be updated/restored in the card.
4.16.1.1.3 Data block
Data block contains all the feature settings values.
a Data block
Data block cannot be modified, this is the mandatory structure of the JSON file.
b Value block
If some values inside the Value block need to be kept, Value block structure cannot be modified, this is the mandatory structure of
the JSON file.
If it is removed from the JSON file, these values will not be updated/restored.
c Values
Values can be kept as is, modified or removed.
Removed values will not be updated/restored.
4.16.1.2 Sensitive data (like passwords)
JSON file structure will slightly varies if sensitive data are exported with passphrase or not.
4.16.1.2.1 The JSON file is saved using passphrase (preferred)
All sensitive data will have below structure:
Saving/Restoring/Duplicating Network module configuration settings
Servicing the Network Management Module – 150
4.16.1.2.2 The JSON file is saved without passphrase
All sensitive data will have below structure:
4.16.1.3 Modifying JSON file examples
4.16.1.3.1 Modifying sensitive data
To change sensitive data, plain text must be filled with the new value
and the Cyphered entry (if existing) must be removed:
4.16.1.3.2 Adding local users
Adding or modifying local users is not yet available, only the predefined account (main administrator) can be modified.
4.16.1.3.3 Modifying SNMP settings
Original file:Modified file:
SNMP disabledSNMP enabled on port 161
SNMPv1 disabled
SNMPv3 enabled
2 x accounts
1 x read only user (enabled) with Auth-Priv security level and passwords
1x read write user (enabled) with Auth-Priv security level and passwords
1 x active trap
When restoring the file, the corresponding setting will be updated based on the cyphered value.
When restoring the file, the corresponding setting will not be set.
This may lead to restoration failure if corresponding setting was not previously set with a valid value.
Saving/Restoring/Duplicating Network module configuration settings
Servicing the Network Management Module – 151
Original file:Modified file:
4.16.1.3.4 Making a partial update/restoration
a Example: Updating/Restoring onlyLDAP settings
If you restore below JSON content, only LDAP settings will be updated/restored, everything else will remain unchanged.
{
"version": "x.x",
"features": {
Saving/Restoring/Duplicating Network module configuration settings
Servicing the Network Management Module – 152
"ldap": {
"data": {
"version": "x.x",
"certificateData": [],
"dmeData": {
"enabled": true,
"baseAccess": {
"security": {"ssl": 1,"verifyTlsCert": false},
"primary": {"name": "Primary","hostname": "xxxxxxxxx","port": xxxx},
"secondary": {"name": "xxxxxx","hostname": "xxxxxx","port": xxxx},
"credentials": {
"anonymousSearchBind": false,
"searchUserDN":
"CN=xxxx,OU=xxxx,OU=xxxx,OU=xxxx,DC=xxxx,DC=xxxx",
"password": {"plaintext": null}},
"searchBase": {"searchBaseDN": "DC=xxx,DC=xxx,DC=xxx"}
},
"requestParameters": {
"userBaseDN": "OU=xxxx,DC=xxxx",
"userNameAttribute": "xxxx",
"uidAttribute":"objectSid:x-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx",
"groupBaseDN": "OU=xxxx,DC=xxxx",
"groupNameAttribute": "xx",
"gidAttribute":"objectSid:x-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx"
},
"profileMapping": [
{ "remoteGroup": "xxxxxxxxxxxxxx","profile": 1},
{ "remoteGroup": "xxxxxxxxxxxxxx","profile": 2},
{ "remoteGroup": "","profile": 0},
{ "remoteGroup": "","profile": 0},
{ "remoteGroup": "","profile": 0}
]
}
}
},
},
"firmwareVersion": "x.x.x"
}
4.16.1.4 Non-intuitive data values in the JSON file
DataValues example
Account servicepreferences>>>languagede: Deutsch
en: English
es: Español
fr: Français
it: Italiano
ja: 日本語
ru: русский
zh_Hans: 简体中文
zh_Hant:繁體中文
Saving/Restoring/Duplicating Network module configuration settings
Servicing the Network Management Module – 153
preferences>>>dateFormatY-m-d: YYYY-MM-DD
d-m-Y: DD-MM-YYYY
d.m.Y: DD.MM.YYYY
d/m/Y: DD/MM/YYYY
m/d/Y: MM/DD/YYYY
d m Y: DD MM YYYY
preferences>>>timeFormat1: 24h
0: 12h
preferences>>>temperatureUnit1: °C
2: °F
DataValues example
Card--
DataValues example
DatetimeZone"Europe/Paris","Africa/Johannesburg","America/
New_York","Asia/Shanghai"
Refer to the Web interface for the full list.
DataValues example
emailperiodicReport>>>periodicityEvery day
Every week
Every month
periodicReport>>>startTimetimestamp (unix)
DataValues example
LDAPbaseAccess>>>security>>>ssl1: None
2: Start TLS
3: SSL
baseAccess>>>profileMapping>>>profileadministrators
viewers
operators
DataValues example
Measure--
DataValues example
MQTT--
DataValues example
Saving/Restoring/Duplicating Network module configuration settings
Servicing the Network Management Module – 154
Power outage policyid1: Primary
2: Group 1
3: Group 2
DataValues example
Remote userpreferences>>>languagede: Deutsch
en: English
es: Español
fr: Français
it: Italiano
ja: 日本語
ru: русский
zh_Hans: 简体中文
zh_Hant:繁體中文
preferences>>>dateFormatY-m-d: YYYY-MM-DD
d-m-Y: DD-MM-YYYY
d.m.Y: DD.MM.YYYY
d/m/Y: DD/MM/YYYY
m/d/Y: MM/DD/YYYY
d m Y: DD MM YYYY
preferences>>>timeFormat1: 24h
0: 12h
preferences>>>temperatureUnit1: °C
2: °F
DataValues example
Schedulescheduler1: Primary
2: Group 1
3: Group 2
recurrence0: once
1: every day
2: every week
shutdownTimeStamptimestamp (unix)
restartTimeStamptimestamp (unix)
DataValues example
SMTP--
Saving/Restoring/Duplicating Network module configuration settings
Servicing the Network Management Module – 155
DataValues example
SNMPtraps>>>receivers>>>protocol1: SNMP v1
3: SNMP v2
traps>>>receivers>>>userUser configuration cannot be duplicated without manual
configuration through the Web interface.
DataValues example
Syslogservers>>>protocol1: UDP
2: TCP
servers>>>tcpframing1: TRADITIONAL
2: OCTET_COUNTING
DataValues example
Web server--
4.16.2 Saving/Restoring/Duplicating settings through the CLI
Navigate to
Information>>>CLI>>>save_configuration | restore_configurationsection to get example on how to save and restore
settings through the CLI.
4.16.3 Saving/Restoring/Duplicating settings through the Web interface
Navigate to
Contextual help>>>Maintenance>>>Services section to getinformation on how to save and restore settings through
the Web interface.
Cybersecurity considerations for electrical distribution systems
Securing the Network Management Module – 156
•
•
•
•
5 Securing the Network Management Module
5.1 Cybersecurity considerations for electrical distribution systems
5.1.1 Purpose
The purpose of this section is to provide high-level guidance to help customers across industries and applications apply Eaton
solutions for power management of electrical systems in accordance with current cybersecurity standards.
This document is intended to provide an overview of key security features and practices to consider in order to meet industry
recommended standards and best practices.
5.1.2 Introduction
Every day, cyber-attacks against government and commercial computer networks number in the millions. According to U.S. Cyber
Command, Pentagon systems are probed 250,000 times per hour. Similar attacks are becoming more prevalent on other kinds of
information-based smart networks as well, such as those that operate buildings and utility systems. Whether the objective is to
steal intellectual property or halt operations, the tools and the techniques used for unauthorized network access are increasingly
sophisticated.
5.1.3 Connectivity—why do we need to address cybersecurity for
industrial control systems (ICS)?
There is increasing concern regarding cybersecurity across industries where companies are steadily integrating field devices into
enterprise-wide information systems. This occurs in discrete manufacturing and process industrial environments, a wide range of
general and specific purpose commercial buildings, and even utility networks. Traditionally, electrical systems were controlled
through serial devices connected to computers via dedicated transceivers with proprietary protocols. In contrast, today’s control
systems are increasingly connected to larger enterprise networks, which can expose these systems to similar vulnerabilities that
are typically found in computer systems. The differences between information technology (IT) and ICS networks can be
summarized as follows:
The main focus of the IT network is to ensure the
confidentiality and the integrity of the data using rigorous access control
and data encryption
The main focus of the ICS network is safety, availability, and integrity of data
Enterprise security protects the servers’ data from attack
Control system security protects the facility’s ability to safely and securely operate, regardless of what may befall the rest of
the network
5.1.4 Cybersecurity threat vectors
Cybersecurity threat vectors are paths or tools that an entity can use to gain access to a device or a control network in order to
deliver a malicious attack. Figure below shows examples of attack vectors on a network that might otherwise seem secure.
Cybersecurity considerations for electrical distribution systems
Securing the Network Management Module – 157
•
•
•
•
•
•
•
•
•
•
5.1.4.1 Paths to the control network
The paths in above figure include:
External users accessing the network through the Internet
Misconfigured firewalls
Unsecure wireless routers and wired modems
Infected laptops located elsewhere that can access the network behind the firewall
Infected USB keys and PLC logic programs
Unsecure RS-232 serial links
The most common malicious attacks come in the following forms:
Virus—a software program that spreads from one device to another, affecting operation
Trojan horse—a malicious device program that hides inside other programs and provides access to that device
Worm—a device program that spreads without user interaction and affects the stability and performance of the ICS network
Spyware—a device program that changes the configuration of a device
5.1.5 Defense in depth
While there are differences between traditional IT systems and ICS, the fundamental concept of “defense in depth” is applicable to
both. Defense in depth is a strategy of integrating technology, people, and operations capabilities to establish variable barriers
across multiple layers of an organization. These barriers include electronic countermeasures such as firewalls, intrusion detection
software/components, and antivirus software, coupled with physical protection policies and training. Fundamentally, the barriers are
intended to reduce the probability of attacks on the network and provide mechanisms to detect “intruders.”
Cybersecurity considerations for electrical distribution systems
Securing the Network Management Module – 158
•
•
•
•
•
5.1.6 Designing for the threat vectors
5.1.6.1 Firewalls
Firewalls provide the capability to add stringent and multifaceted rules for communication between various network segments and
zones in an ICS network. They can be configured to block data from certain segments, while allowing the relevant and necessary
data through. A thorough understanding of the devices, applications, and services that are in a network will guide the appropriate
deployment and configuration of firewalls in a network. Typical types of firewalls that can be deployed in a network include:
Packet filter or boundary firewalls that work on the network layer
These firewalls mainly operate at the network layer, using pre-established rules based on port numbers and protocols to
analyze the packets going into or out of a separated network.
These firewalls either permit or deny passage based on these rules.
Host firewalls
These firewalls are software firewall solutions that protect ports and services on devices. Host firewalls can apply rules that
track, allow, or deny incoming and outgoing traffic on the device and are mainly found on mobile devices, laptops, and
desktops that can be easily connected to an ICS.
Application-level proxy firewalls
These firewalls are highly secure firewall protection methods that hide and protect individual devices and computers in a
control network. These firewalls communicate at the application layer and can provide better inspection capabilities. Because
they collect extensive log data, application-level proxy firewalls can negatively impact the performance of an ICS network.
Stateful inspection firewalls
These firewalls work at the network, session, and application layers of the open system interconnection (OSI). Stateful
inspection firewalls are more secure than packet filter firewalls because they only allow packets belonging to allowed
sessions.
These firewalls can authenticate users when a session is established and analyze a packet to determine whether they contain
the expected payload type or enforce constraints at the application layer.
SCADA hardware firewalls
These are hardware-based firewalls that provide defense for an ICS based on observing abnormal behavior on a device within
the control network. For example, if an operator station computer suddenly attempts to program a PLC, this activity could be
blocked and an alarm could be raised to prevent serious risk to the system.
5.1.6.2 Demilitarized zones (DMZ)
Network segmentation is a key consideration in establishing secure control networks. Firewalls should be used to create DMZ by
grouping critical components and isolating them from the traditional business IT network. A three-tier architecture should be
employed at a minimum, with a DMZ between the organization’s core network and an isolated control system’s network as shown
in below figure.
Cybersecurity considerations for electrical distribution systems
Securing the Network Management Module – 159
•
•
•
•
5.1.6.2.1 Three-tier architecture for a secure control network
Above figure shows that the control networks are divided into layers or zones based on control functions, which are then
connected by conduits (connections between the zones) that provide security controls to:
Control access to zones
Resist denial of services (DOS) attacks or the transfer of malware
Shield other network systems
Protect the integrity and the confidentiality of network traffic
Beyond network segmentation, access control (both physical and logical) should be defined and implemented.
The key consideration when designing access control is defining the required interactions both within a given zone and between
zones. These interactions should be mapped out clearly and prioritized based on need. It is important to realize that every hole
poked in a firewall and each non-essential functionality that provides access or creates additional connectivity increases potential
exposure to attacks. A system then becomes only as secure as the devices connecting to it.
If mapped correctly, the potential adverse impact to control system reliability and functionality should be negligible. However, this
element introduces additional costs (in terms of firewall and other network infrastructure) and complexity to the environment.
Cybersecurity considerations for electrical distribution systems
Securing the Network Management Module – 160
•
•
•
•
•
•
•
•
5.1.6.3 Intrusion detection and prevention systems (IDPS)
These are systems that are primarily focused on identifying possible incidents in an ICS network, logging the information about
them, attempting to stop them, and reporting them to ICS security administrators.
Because these systems are critical in an ICS network, they are regular targets for attacks and securing them is extremely important.
The type of IDPS technology deployed will vary with the type of events that need to be monitored.
There are four classes of IDPS technology:
Network-based IDPS monitors network traffic for particular ICS network segments or devices and analyzes the network and
application protocol activity to identify suspicious activity
Wireless IDPS monitors and analyzes wireless network traffic to identify suspicious activity involving the ICS wireless
network protocol
Network behavior analysis IDPS examines ICS network traffic to identify threats that generate unusual traffic flows such as
DOS attacks
Host-based IDPS monitors the characteristics and the events occurring within a single ICS network host for suspicious
activity
5.1.7 Policies, procedures, standards, and guidelines
For the defense in depth strategy to succeed, there must be well-documented and continuously reviewed policies, procedures,
standards, and guidelines.
Policies provide procedures or actions that must be carried out to meet objectives and to address the who, what, and why
Procedures provide detailed steps to follow for operations and to address the how, where, and when
Standards typically refer to specific hardware and software, and specify uniform use and implementation of specific
technologies or parameters
Guidelines provide recommendations on a method to implement the policies, procedures, and standards
5.1.7.1 Understanding an ICS network
Creating an inventory of all the devices, applications, and services that are hosted in a network can establish an initial baseline for
what to monitor. Once those components are identified and understood, control, ownership, and operational consideration can be
developed.
5.1.7.2 Log and event management
It is important to understand what is happening within the network from both a performance and security perspective. This is
especially true in a control systems environment.
Log and event management entails monitoring infrastructure components such as routers, firewalls, and IDS/IPS, as well as
host assets. Security Information and Event Management (SIEM) systems can collect events from various sources and provide
correlation and alerts.
Generating and collecting events, or even implementing a SIEM is not sufficient by itself. Many organizations have SIEM solutions,
but alerts go unwatched or unnoticed.
Monitoring includes both the capability to monitor environments and the capacity to perform the monitoring. Capability relates to
the
design and the architecture of the environment. Has it been built in a manner that takes into consideration the ability to monitor?
Capacity speaks to the resources (personnel, tools, expertise) needed to perform meaningful interpretation of the information and
initiate timely and appropriate action.
Through monitoring, the organization can identify issues such as suspicious or malicious activities. Awareness can be raised when
new (potentially unauthorized) devices appear in the environment. Careful consideration should be taken into account to ensure that
log and event management does not adversely impact the functionality or the reliability of the control system devices.
5.1.7.3 Security policy and procedures
It is important to identify “asset owners,” and to develop policies and procedures for a cybersecurity program. These policies need
to be practical and enforceable in order to be effective. Policies should also address access related issues, such as physical access,
contractors, and vendors.
Cybersecurity considerations for electrical distribution systems
Securing the Network Management Module – 161
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Existing (traditional) IT standards and policies may not apply (or have not been considered) for control systems. A gap analysis
should be performed to determine which components are not covered (or not adequately covered) by existing policies.
Relationships with existing policies and standards should be explicitly identified and new or supporting policies should be
developed. It is important that industrial control system administrators have proper authorizations and full support of their
management to implement policies that will help secure the ICS network.
5.1.7.4 ICS hardening
The goal for system hardening is to reduce as many security risks as possible by securely configuring ICS networks. The idea is to
establish configurations based on what is required and eliminate unnecessary services and applications that could potentially
provide another possible entry point to an intruder.
Minimum security baselines should be established for the various platforms and products deployed (operating system, application,
and infrastructure elements such as drives, meters, HMI devices). The following actions should be implemented where applicable:
Disable unnecessary services
Disable anonymous FTP
Do not use clear text protocols (e.g., use SSH v2 instead of Telnet)
Install only required packages/applications/features
Deploy antivirus solutions (where possible)
Disable or otherwise control use of USB devices
Establish a warning banner
Change default passwords (e.g., SNMP)
It may be easier to implement these actions on devices for which you control the base operating system platform. However,
several
of the items listed above can be configured from the product specific configuration options.
Changes such as these could potentially impact the functionality of a control system device. Extensive testing needs to be
conducted before deployment to minimize this impact.
5.1.7.5 Continuous assessment and security training
It is critical that ICS network administrators and regular users be properly trained to ensure the security of the ICS and the safety of
the people who operate and depend on it.
Ongoing vulnerability assessments are critical to identify issues and understand the effectiveness of other defensible network
elements.
Assessments should include testing and validating the following:
Monitoring capabilities and alerts are triggered and responded to as expected
Device configuration of services and applications
Expected connectivity within and between zones
Existence of previously unknown vulnerabilities in the environment
Effectiveness of patching
A program should be established for performing assessments.
The actual assessment should be performed by a qualified resource, which can be an in-house or third-party organization.
Regardless of who performs the assessments, in-house resources need to be involved in the planning, scoping, and supporting of
assessment activities and must be appropriately trained to do so.
Assessments should be conducted according to a methodology that is clearly defined to address:
Physical security
People and processes
Network security
Host security
Applications security (both internally developed and commercially off-the-shelf (COTS))
5.1.7.6 Patch management planning and procedures
A patching and vulnerability management process should be established based on the timely awareness of issues and appropriate
action. This process should take all of the elements that make up the control system environment into consideration.
Information resources should be identified for vulnerability and advisory information for the various components in the environment.
These should include vendor-specific sources as well as other public or commercial services that provide vulnerability advisory
information. For example, the National Vulnerability Database (NVD) provides information related to vulnerabilities identified in
Cybersecurity considerations for electrical distribution systems
Securing the Network Management Module – 162
general IT components, while the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) publishes advisories
specific to control systems.
A regular patch deployment schedule should be established for each component in the environment. Depending on the component,
this could range from a monthly schedule to an as-needed deployment, depending on the historical frequency of patch or
vulnerability related issues for the component or the vendor. Additionally, out-of-band or emergency patch management needs to
be
considered and qualifications need to be defined.
Vulnerability information and advisories should be reviewed regularly and assessments should be performed to determine the
relative severity and urgency of issues.
Elements of the process should also include the preparation, scheduling, and change controls; testing and rollback procedures;
and pre-deployment notification to stakeholders that includes scope, expectations, and reporting. Testing is a significant element,
as
the effect of the patch application needs to be clearly understood; unintended or unexpected impacts to a control system
component influence the decision to deploy a patch. In the event that it isdetermined that a patch cannot be safely deployed but
the severity of the issue represents a significant concern, compensating controls should be investigated.
5.1.8 Conclusion
To protect important assets, all organizations must take cybersecurity threats seriously and meet them proactively with a system-
wide defensive approach specific to organizational needs.
There is no protection method that is completely secure. A defense mechanism that is effective today may not be effective
tomorrow– the ways and means of cyber-attacks constantly change. It is critical ICS administrators remain aware of changes in
cybersecurity and continue to work to prevent any potential vulnerabilities in the systems they manage.
5.1.9 Terms and definitions
DMZA demilitarized zone is a logical or physical sub network that interfaces an organization’s external
services to a larger, untrusted network and providing an additional layer of security.
EncryptionThe process of transforming plain or clear text using analgorithm to make it unreadable to anyone
except those possessing special knowledge.
ICSA device or set of device that manage, command, direct, or regulate the behavior of other devices
or systems.
ProtocolA set of standard rules for data representation, signaling, authentication, and error detection
required to send information over a communications channel
5.1.10 Acronyms
COTSCommercially Off-the-Shelf
DMZDemilitarized Zone
DOSDenial of Service
FTPFile Transfer Protocol
HMIHuman Machine Interface
ICSIndustrial Control Systems
ICS-CERTIndustrial Control Systems - Cyber Emergency Response Team
IDPSIntrusion Detection and Prevention Systems
IDSIntrusion Detection Systems
Cybersecurity considerations for electrical distribution systems
Securing the Network Management Module – 163
IPSIntrusion Prevention Systems
ITInformation Technology
NVDNational Vulnerability Database
OSIOpen System Interconnection
PLCProgrammable Logic Controller
SCADASupervisory Control and Data Acquisition
SNMPSimple Network Management Protocol
SSHSecure Shell
SIEMSecurity Information and Event Management
USBUniversal Serial Bus
5.1.11 References
[1] Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies, October 2009
https://ics-cert.us-cert.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf
[2] NIST.SP.800-82 Guide to Industrial Control Systems (ICS) Security, June 2011
http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf
[3] NIST.SP.800-94 Guide to Intrusion Detection and Prevention Systems (IDPS), Feb 2007
http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
[4] Common Cybersecurity Vulnerabilities in Industrial Control Systems, May 2011
http://ics-cert.uscert.gov/sites/default/files/recommended_practices/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf
[5] The Tao of Network Security Monitoring, 2005 Richard Bejtlich
Cybersecurity recommended secure hardening guidelines
Securing the Network Management Module – 164
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
5.2 Cybersecurity recommended secure hardening guidelines
5.2.1 Introduction
This Network module has been designed with Cybersecurity as an important consideration. Number of Cybersecurity features are
now offered in the product which if implemented as per the recommendations in this section would minimize Cybersecurity risk to
the Network module. This section “secure configuration” or “hardening” guidelines provide information to the users to securely
deploy and maintain their product to adequately minimize the cybersecurity risks to their system.
Eaton is committed to minimizing the Cybersecurity risk in its products and deploys cybersecurity best practices and latest
cybersecurity technologies in its products and solutions; making them more secure, reliable and competitive for our customers.
Eaton also offers Cybersecurity Best Practices whitepapers to its customers that can be referenced at
www.eaton.com/
cybersecurity
5.2.2 Secure configuration guidelines
5.2.2.1 Asset identification and Inventory
Keeping track of all the devices in the system is a prerequisite for effective management of Cybersecurity of a system. Ensure you
maintain an inventory of all the components in your system in a manner in which you uniquely identify each component. To
facilitate this Network module supports the following identifying information - manufacturer, type, serial number, f/w version
number, and location.
5.2.2.1.1 Network Module identification and its firmware information
It can be retrieved by navigating to
Contextual help>>>Maintenance>>>System information.
Identification
System name
Product
Physical name
Vendor
UUID
Part number
Serial number
Hardware version
Location
Contact
Firmware information
Firmware version
Firmware SHA
Firmware date
Firmware installation date
Firmware activation date
Bootloader version
5.2.2.1.2 Communication settings
It can be retrieved by navigating to
Contextual help>>>Settings>>>Network & Protocol.
LAN
Link status
MAC address
Configuration
TheCOPY TO CLIPBOARDbutton will copy the information to the clipboard.
Cybersecurity recommended secure hardening guidelines
Securing the Network Management Module – 165
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
IPV4
Status
Mode
Address
Netmask
Gateway
Domain
Mode
FQDN
Primary DNS
Secondary DNS
IPV6
Status
Mode
Addresses
5.2.2.1.3 Device details
It can be retrieved by navigating to
Contextual help>>>Home>>>Energy flow diagram>>>Details.
Details
Name
Model
P/N
S/N
Location
FW version
5.2.2.2 Physical Protection
Industrial Control Protocols don’t offer cryptographic protections at protocol level, at physical ports and at controller mode switches
leaving them exposed to Cybersecurity risk. Physical security is an important layer of defense in such cases. Network module is
designed with the consideration that it would be deployed and operated in a physically secure location.
Physical access to cabinets and/or enclosures containing Network module and the associated system should be restricted,
monitored and logged at all times.
Physical access to the communication lines should be restricted to prevent any attempts of wiretapping, sabotage. It’s a best
practice to use metal conduits for the communication lines running between one cabinet to another cabinet.
Attacker with unauthorized physical access to the device could cause serious disruption of the device functionality. A
combination of physical access controls to the location should be used, such as locks, card readers, and/or guards etc.
Network module supports the following physical access ports, controller mode switches and USB ports: RJ45, USB A, USB
Micro-B.Access to them need to be restricted.
Do not connect unauthorized USB device or SD card for any operation (e.g. Firmware upgrade, Configuration change and
Boot application change).
Before connecting any portable device through USB or SD card slot, scan the device for malwares and virus.
5.2.2.3
Authorization and Access Control
It is extremely important to securely configure the logical access mechanisms provided in Network module to safeguard the device
from unauthorized access. Eaton recommends that the available access control mechanisms be used properly to ensure that
access to the system is restricted to legitimate users only. And, such users are restricted to only the privilege levels necessary to
complete their job roles/functions.
Ensure default credentials are changed upon first login. Network module should not be commissioned for production with
Default credentials; it’s a serious Cybersecurity flaw as the default credentials are published in the manuals.
No password sharing – Make sure each user gets his/her own password for that desired functionality vs. sharing the
passwords. Security monitoring features of Network module are created with the view of each user having his/her own
unique password. Security controls will be weakened as soon as the users start sharing the password.
TheCOPY TO CLIPBOARDbutton will copy the information to the clipboard.
Cybersecurity recommended secure hardening guidelines
Securing the Network Management Module – 166
•
•
•
•
•
•
•
•
•
•
Restrict administrative privileges - Threat actors are increasingly focused on gaining control of legitimate credentials,
especially those associated with highly privileged accounts. Limit privileges to only those needed for a user’s duties.
Perform periodic account maintenance (remove unused accounts).
Change passwords and other system access credentials whenever there is a personnel change.
Use client certificates along with username and password as additional security measure.
Description of the User management in the Network Module:
User and profiles management: (Navigate to Contextual help>>>Settings>>>Local users)
Add users
Remove users
Edit users
Password/Account/Session management: (Navigate to
Contextual help>>>Settings>>>Local users)
Password strength rules –Minimum length/Minimum upper case/Minimum lower case/Minimum digit/Special character
Account expiration–Number of days before the account expiration/Number of tries before blocking the account
Session expiration– No activity timeout/Session lease time
See "Default settings parameters" in the embedded help for (recommended) default values.
Additionally, it is possible to enable account expiration to force users renew their password periodically.
Default credentials: admin/admin
Thechangeof the default "admin" password is enforced at first connection.
It is also recommended to change the default "admin" user namethroughtheContextual help>>>Settings>>>Local
userspage.
Follow embedded help for instructions on how to edit a user account.
Server and client certificate configuration: (Navigate to Contextual help>>>Settings>>>Certificate)
Follow embedded help for instructions on how to configure it.
5.2.2.4
Deactivate unused features
Network module provides multiple options to upgrade firmware, change configurations, set power schedules, etc. The device also
provide multiple options to connect with the device i.e. SSH, SNMP,SMTP,HTTPS etc. Services like SNMPv1 are considered
insecure and Eaton recommends disabling all such insecure services.
It is recommended to disable unused physical ports like USB and SD card.
Disable insecure services like SNMP v1
Network Security
Network module provides network access to facilitate communication with other devices in the systems and configuration. But this
capability could open up a big security hole if it’s not configured securely.
Eaton recommends segmentation of networks into logical enclaves and restrict the communication to host-to-host paths. This helps
protect sensitive information and critical services and limits damage from network perimeter breaches. At a minimum, a utility
Industrial Control Systems network should be segmented into a three-tiered architecture (as recommended by NIST SP800-82[R3])
for better security control.
•
•
•
•
•
•
•
•
•
•
•
Avoid using ‘umac’ based MAC algorithms, use only secure algorithms while connecting to SSH interface of the
card
Eaton Recommends using following secure algorithms:
Key Exchange algorithms
diffie-hellman-group14-sha256
diffie-hellman-group18-sha512
Encryption algorithms
aes256-ctr
Message Authentication Code (MAC) algorithms
Cybersecurity recommended secure hardening guidelines
Securing the Network Management Module – 167
•
•
•
•
•
•
•
•
•
•
•
•
Deploy adequate network protection devices like Firewalls, Intrusion Detection / Protection devices,
Please find detailed information about various Network level protection strategies in Eaton Cybersecurity Considerations for
Electrical Distribution Systems [R1]. Use the below information for configuring the firewalls to allow needed access for Network
module to operate smoothly.
Navigate toInformation>>>Specifications/Technical characteristicsto get the list of all ports and services running on the
device.
SNMP V1/SNMP V3 can be disabled or configured by navigating to Contextual help>>>Settings>>>SNMP.
Instructions are available in the Contextual help>>>Settings>>>SNMP.
5.2.2.5
Logging and Event Management
Best Practices
Eaton recommends that all remote interactive sessions are encrypted, logged, and monitored including all administrative and
maintenance activities.
Ensure that logs are backed up, retain the backups for a minimum of 3 months or as per organization’s security policy.
Perform log review at a minimum every 15 days.
Navigate to Information>>>List of events codes to get log information and how to export it.
5.2.2.6
Secure Maintenance
Best Practices
5.2.2.6.1 Apply Firmware updates and patches regularly
Due to increasing Cyber Attacks on Industrial Control Systems, Eaton implements a comprehensive patch and update process for
its products. Users are encouraged to maintain a consistent process to promptly monitor for fresh firmware updates, implement
patching and updates as and when required or released.
Navigate in the help to
Contextual help>>>Maintenance>>>Servicesto get information on how to upgrade the Network
Module.
Eaton also has a robust vulnerability response process. In the event of any security vulnerability getting discovered in its
products, Eaton patches the vulnerability and releases information bulletin through its cybersecurity web site - http://
eaton.com/cybersecurity and patch through www.eaton.com/downloads.
Conduct regular Cybersecurity risk analyses of the organization /system.
Eaton has worked with third-party security firms to perform system audits, both as part of a specific customer’s deployment and
within Eaton’s own development cycle process. Eaton can provide guidance and support to your organization’s effort to perform
regular cybersecurity audits or assessments.
5.2.2.6.2 Plan for Business Continuity / Cybersecurity Disaster Recovery
It’s a Cybersecurity best practice for organizations to plan for Business continuity. Establish an OT Business Continuity plan,
periodically review and, where possible, exercise the established continuity plans. Make sure offsite backups include
Backup of the latest f/w copy of Network module. Make it a part of SOP to update the backup copy as soon as the latest f/w
is updated on Network module.
Backup of the most current configurations.
Documentation of the most current User List.
Save and store securely the current configurations of the device.
5.2.3 References
[R1]
Cybersecurity Considerations for Electrical Distribution Systems (WP152002EN):
http://www.eaton.com/ecm/groups/public/@pub/@eaton/@corp/documents/content/pct_1603172.pdf
[R2]
Cybersecurity Best Practices Checklist Reminder (WP910003EN):
http://www.cooperindustries.com/content/dam/public/powersystems/resources/library/1100_EAS/WP910003EN.pdf
[R3]
NIST SP 800-82 Rev 2, Guide to Industrial Control Systems (ICS) Security, May 2015:
https://ics-cert.us-cert.gov/Standards-and-References
Configuring user permissions through profiles
Securing the Network Management Module – 168
[R4] National Institute of Technology (NIST) Interagency “Guidelines on Firewalls and Firewall Policy, NIST Special Publication
800-41”, October 2009:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-41r1.pdf
5.3 Configuring user permissions through profiles
The user profile can be defined when creating a new users or changed when modifying an existing one.
Refer to the section
Contextual help>>>Settings>>>Local usersin the settings.
5.4 Decommissioning the Network Management module
With the increased frequency of reported data breaches, it’s becoming more and more necessary for companies to implement
effective and reliable decommissioning policies and procedures.
In order to protect the data stored on retired IT equipment from falling into the wrong hands, or a data breach, we recommend to
follow below decommissioning steps:
1- Sanitize the Network Module
Sanitizationerases all the data (user name and password, certificates, keys, settings, logs...).
To sanitize the Network Module refer to the
Contextual help>>>Maintenance>>>Services>>>Sanitization section.
2- Unmount the Network Module from the device.
Unscrew the Network Module and remove it from the slot.
Installing the EMP
Servicing the EMP – 169
•
•
•
•
•
•
6 Servicing the EMP
6.1 Installing the EMP
6.1.1 Mounting the EMP
The EMP includes magnets, cable ties slots and keyholes to enable multiple ways of mounting it on your installation.
Bottom mounting capabilities:
magnets
keyholes
tie wraps
nylon fastener
Side
mounting:
magnets
tie wraps
6.1.1.1 Rack mounting with keyhole example
To mount the EMP on the rack, use the supplied screw, washer and nut. Then, mount the EMP on the
screw and tighten it.
6.1.1.2 Rack mounting with tie wraps example
To mount the EMP on the door of the rack, use the supplied cable ties.
Installing the EMP
Servicing the EMP – 170
Bottom mountingSide mounting
6.1.1.3 Wall mounting with screws example
To mount the EMP on the wall close to the rack, use the supplied screw and screw anchor. Then, mount
the EMP on the screw and tighten it.
6.1.1.4 Wall mounting with nylon fastener example
To mount the EMP within the enclosure environment, attach one nylon fastener to the EMP and the other nylon fastener to an
enclosure rail post. Then, press the two nylon strips together to secure the EMP to the rail post.
Cut nylon fastener and stick it on the EMP bottom on the location highlighted below,this will prevent to interfere
with the EMP data acquisition parts.
Using the EMP for temperature compensated battery charging
Servicing the EMP – 171
•
6.2 Using the EMP for temperature compensated battery charging
This section applies only to UPS that provides temperature compensated battery charging option.
6.2.1 Addressing the EMP
Set the address 31 to the sensor dedicated to the battery room temperature:
Set all the Modbus address switches to 1 to set the EMP to the address 31 as indicated on the picture below:
6.2.2 Commissioning the EMP
Refer to thesection
Contextual help>>>Environment>>>Commissioning/Status.
6.2.3 Enabling temperature compensated battery charging in the UPS
To enablethe temperature compensated battery charging, refer to the UPS user manual.
Address must be defined before EMP power-up; otherwise, the changes will not be applied.
Do not set Modbus address to 0;otherwise, the EMP will not be detected.
Definea unique addressfor all the EMPs in the daisy-chain.
Set the RS485 termination (TER) to 1 on the last EMP of the daisy chain. On other EMPs this should be set to 0.
The temperature compensated battery charging feature needs to be enabled in the UPS.
Front panel connectors and LED indicators
Information – 172
•
•
•
•
•
•
•
•
7 Information
7.1 Front panel connectors and LED indicators
NbrNameDescription
Network connectorEthernet port
Network speed LEDFlashing green sequences:
1 flash
— Port operating at 10Mbps
2 flashes — Port operating at 100Mbps
3 flashes — Port operating at 1Gbps
Network link/activity LED
Off
— UPS Network Module is not connected to the network.
Solid yellow— UPS Network Module is connected to the network, but no activity
detected.
Flashing yellow— UPS Network Module is connected to the network and sending
or receiving data.
AUX connectorFor Network Module accessories only.
Restart buttonBall point pen or equivalent will be needed to restart:
Short press (<6s)
— Safe software restart (firmware safely shutdown before
restart).
Long press (>9s)— Forced hardware restart.
ON LEDFlashing green
— Network Module is operating normally.
Warning LEDSolid red
— Network Module is in error state.
Boot LEDsSolid green and flashing red
— Network Module is starting boot sequence.
Do not use for general power supply or USB charger.
Specifications/Technical characteristics
Information – 173
Settings/UPS data
connector
Configuration port.
Access to Network Module’s web interface through RNDIS (Emulated Network port).
Access to the Network Module console through Serial (Emulated Serial port).
7.2 Specifications/Technical characteristics
Physical characteristics
Dimensions (wxdxh)132 x 66 x 42 mm | 5.2 x 2.6 x 1.65 in
Weight70 g | 0.15 lb
RoHS100% compatible
Storage
Storage temperature-25°C to 70°C (14°F to 158°F)
Ambient conditions
Operating temperature0°C to 70°C (32°F to 158°F)
Relative humidity5%-95%, noncondensing
Module performance
Module input power5V-12V ±5% | 1A
AUX output power5V ±5% | 200mA
Date/Time backupCR1220 battery coin cell | The RTC is able to keep the date and the
time when Network Module is OFF
Functions
LanguagesEnglish, French, German, Italian, Japanese, Russian, Simplified
Chinese, Spanish, Traditional Chinese
Alarms/LogEmail, SNMP trap, web interface / Log on events
NetworkGigabit ETHERNET, 10/100/1000Mb/s, auto negotiation, HTTP 1.1,
SNMP V1, SNMP V3, NTP, SMTP, DHCP
SecurityRestricted to TLS 1.2
Supported MIBs
xUPS MIB | Standard IETF UPS MIB (RFC 1628) | Sensor MIB
BrowsersInternet Explorer, Google Chrome, Firefox, Safari
Settings (default values)
IP networkDHCP enabled | NTP server: pool.ntp.org
Port443 (https), 22 (ssh), 161 (snmp), 162 (snmp trap), 25 (smtp), 8883
(mqtts), 123 (ntp), 5353 (mdns-sd), 80 (http), 514 (syslog),636 (LDAP),
1812 (RADIUS)
Web interface access
control
User name: admin | Password: admin
Default settings and possible parameters
Information – 174
•
•
Settings/Device data
connector
USB RNDIS Apipa compatible | IP address: 169.254.0.1 | Subnet mask:
255.255.0.0
7.3 Default settings and possible parameters
7.3.1 Settings
Default settings and possible parameters - General
Default settingPossible parameters
System detailsLocation—empty
Contact—empty
System name—empty
Time & date settings—Manual (Time zone:
Europe/Paris)
Location — 31 characters maximum
Contact— 255 characters maximum
System name— 255 characters maximum
Time & date settings—Manual (Time zone: selection
on map/Date) / Dynamic (NTP)
Email notification settingsNo email5 configurations maximum
Custom name — 128 characters maximum
Email address — 128 characters maximum
Hide IP address from the email body — enable/
disabled
Status — Active/Inactive
Alarm notifications
Active — No/Yes
All card events – Subscribe/Attach logs
Critical alarm – Subscribe/Attach logs
Warning alarm – Subscribe/Attach logs
Info alarm – Subscribe/Attach logs
All device events – Subscribe/Attach
measures/Attach logs
Critical alarm – Subscribe/Attach measures
/Attach logs
Warning alarm – Subscribe/Attach
measures/Attach logs
Info alarm – Subscribe/Attach measures/
Attach logs
Always notify events with code
Never notify events with code
Schedule report
Active — No/Yes
Recurrence – Every day/Every week/Every
month
Starting – Date and time
Card events – Subscribe/Attach logs
Device events – Subscribe/Attach
measures/Attach logs
Default settings and possible parameters
Information – 175
•
•
•
•
•
•
•
•
•
•
•
•
•
•
SMTP settingsServer IP/Hostname — blank
SMTP server authentication — disabled
Port — 25
Default sender address —
device
@networkcard.com
Hide IP address from the email body — disabled
Secure SMTP connection — enabled
Verify certificate authority — disabled
SMTP server authentication — disabled
Server IP/Hostname — 128 characters maximum
SMTP server authentication — disable/enable
(Username/Password — 128 characters maximum)
Port — x-xxx
Sender address — 128 characters maximum
Hide IP address from the email body — enable/
disabled
Secure SMTP connection — enable/disable
Verify certificate authority — disable/enable
Default settings and possible parameters - Global user settings and Local users
Default settingPossible parameters
Password settingsMinimum length — enabled (8)
Minimum upper case — enabled (1)
Minimum lower case — enabled (1)
Minimum digit — enabled (1)
Special character — enabled (1)
Minimum length — enable (6-32)/disable
Minimum upper case — enable (0-32)/disable
Minimum lower case — enable (0-32)/disable
Minimum digit — enable (0-32)/disable
Special character — enable (0-32)/disable
Password expirationNumber of days until password expires — disabled
Main administrator password never expires —
disabled
Number of days until password expires — disable/
enable (1-99999)
Main administrator password never expires —
disable/enable
Lock accountLock account after xx invalid tries — disabled
Main administrator account never blocks — disabled
Lock account after xx invalid tries — disable/enable
(1-99)
Main administrator account never blocks — disable/
enable
Account timeoutNo activity timeout — 60 minutes
Session lease time — 120 minutes
No activity timeout — 1-60 minutes
Session lease time — 60-720 minutes
Local users1 user only:
Active—Yes
Profile—Administrator
Username—admin
Full Name—blank
Email—blank
Phone—blank
Organization—blank
10 users maximum:
Active—Yes/No
Profile—Administrator/Operator/Viewer
Username—255 characters maximum
Full Name—128 characters maximum
Email—128 characters maximum
Phone—64 characters maximum
Organization—128 characters maximum
Default settings and possible parameters - Remote users
Default settingPossible parameters
Default settings and possible parameters
Information – 176
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
LDAPConfigure
Active – No
Security
SSL – SSL
Verify server certificate – enabled
Primary server
Name – Primary
Hostname – blank
Port – 636
Secondary server
Name – blank
Hostname – blank
Port – blank
Credentials
Anonymous search bind – disabled
Search user DN – blank
Password – blank
Search base
Search base DN – dc=example,dc=com
Request parameters
User base DN –
ou=people,dc=example,dc=com
User name attribute – uid
UID attribute – uidNumber
Group base DN –
ou=group,dc=example,dc=com
Group name attribute – gid
GID attribute – gidNumber
Profile mapping – no mapping
Users preferences
Language –
English
Temperature unit – °C (Celsius)
Date format – MM-DD-YYYY
Time format – hh:mm:ss (24h)
Configure
Active – No/yes
Security
SSL – None/Start TLS/SSL
Verify server certificate – disabled/enabled
Primary server
Name – 128 characters maximum
Hostname – 128 characters maximum
Port – x-xxx
Secondary server
Name – 128 characters maximum
Hostname – 128 characters maximum
Port – x-xxx
Credentials
Anonymous search bind – disabled/
enabled
Search user DN – 1024 characters
maximum
Password – 128 characters maximum
Search base
Search base DN – 1024 characters
maximum
Request parameters
User base DN – 1024 characters
maximum
User name attribute – 1024 characters
maximum
UID attribute – 1024 characters maximum
Group base DN – 1024 characters
maximum
Group name attribute – 1024 characters
maximum
GID attribute – 1024 characters maximum
Profile mapping – up to 5 remote groups mapped to
local profiles
Users preferences
Language – English, French, German,
Italian, Japanese, Russian, Simplified
Chinese, Spanish, Traditional Chinese
Temperature unit – °C (Celsius)/°F
(Fahrenheit)
Date format – MM-DD-YYYY / YYY-MM-
DD / DD-MM-YYY / DD.MM.YYY / DD/
MM/YYY / DD MM YYYY
Time format – hh:mm:ss (24h) / hh:mm:ss
(12h)
Default settings and possible parameters
Information – 177
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
RADIUSConfigure
Active – No
Retry number – 0
Primary server
Name – blank
Secret – blank
Address – blank
UDP port – 1812
Time out – 3
Secondary server
Name – blank
Secret – blank
Address – blank
UDP port – 1812
Time out – 3
Users preferences
Language –
English
Temperature unit – °C (Celsius)
Date format – MM-DD-YYYY
Time format – hh:mm:ss (24h)
Configure
Active – Yes/No
Retry number – 0 to 128
Primary server
Name – 128 characters maximum
Address – 128 characters maximum
Secret – 128 characters maximum
UDP port – 1 to 65535
Time out – 3 to 60
Secondary server
Name – 128 characters maximum
Address – 128 characters maximum
Secret – 128 characters maximum
UDP port – 1 to 65535
Time out – 3 to 60
Users preferences
Language – English, French, German,
Italian, Japanese, Russian, Simplified
Chinese, Spanish, Traditional Chinese
Temperature unit – °C (Celsius)
Date format – MM-DD-YYYY
Time format – hh:mm:ss (24h)
Default settings and possible parameters - Network & Protocol
Default settingPossible parameters
IPV4Mode — DHCPMode — DHCP/Manual (Address/Netmask/Gateway)
IPV6Enable — checked
Mode — DHCP
Enabled — Active/Inactive
Mode — DHCP/Manual (Address/Prefix/Gateway)
DNS/DHCPHostname —
device
-[MAC address]
Mode — DHCP
Hostname — 128 characters maximum
Mode :DHCP/Manual (Domain name/Primary DNS/
Secondary DNS)
EthernetConfiguration — Auto negotiationConfiguration — Auto negotiation - 10Mbps -Half
duplex - 10Mbps -Full duplex - 100Mbps - Half
duplex - 100Mbps -Full duplex - 1.0 Gbps - Full
duplex
HTTPSPort — 443Port — x-xxx
Default settings and possible parameters
Information – 178
•
•
•
•
SyslogInactive
Server#1
Name – Primary
Status – Disabled
Hostname – empty
Port – 514
Protocol – UDP
Message transfer method – Non transparent
framing
Using unicode byte order mask (BOM)–
disabled
Server#2
Name – empty
Status – Disabled
Hostname – empty
Port – 514
Protocol – UDP
Message transfer method – DIsabled in UDP
Using unicode byte order mask (BOM)–
disabled
Inactive/Active
Server#1
Name – 128 characters maximum
Status – Disabled/Enabled
Hostname – 128 characters maximum
Port – x-xxx
Protocol – UDP/TCP
Message transfer method – Non transparent
framing
Using unicode byte order mask (BOM)–
disable/enable
Server#2
Name – 128 characters maximum
Status – Disabled/Enabled
Hostname – 128 characters maximum
Port – x-xxx
Protocol – UDP/TCP
Message transfer method (in TCP)– Octet
counting/Non transparent framing
Using unicode byte order mask (BOM)–
disable/enable
Default settings and possible parameters - SNMP
Default settingPossible parameters
Default settings and possible parameters
Information – 179
•
•
•
•
•
•
•
•
SNMPActivate SNMP — disabled
Port — 161
SNMP V1 — disabled
Community #1 — public
Enabled — Inactive
Access — Read only
Community #2 — private
Enabled — Inactive
Access — Read/Write
SNMP V3 — enabled
User #1 — readonly
Enabled — Inactive
Access — Read only
Authentication — Auth (SHA-1)
Password — empty
Confirm password — empty
Privacy — Secured - AES
Key — empty
Confirm key — empty
User#2 — readwrite
Enabled — Inactive
Access — Read/Write
Authentication — Auth (SHA-1)
Password — empty
Confirmpassword — empty
Privacy — Secured - AES
Key — empty
Confirm key — empty
Activate SNMP — disable/enable
Port — x-xxx
SNMP V1 — disable/enable
Community #1 — 128 characters
maximum
Enabled — Inactive/Active
Access — Read only
Community #2 — 128 characters
maximum
Enabled — Inactive/Active
Access — Read/Write
SNMP V3 — disable/enable
User #1 — 32 characters maximum
Enabled — Inactive/Active
Access — Read only/Read-Write
Authentication — Auth (SHA-1)/None
Password — 128 characters maximum
Confirm password — 128 characters
maximum
Privacy — Secured - AES/None
Key — 128 characters maximum
Confirm key — 128 characters maximum
User#2 — 32 characters maximum
Enabled — Inactive/Active
Access — Read only/Read-Write
Authentication — Auth (SHA-1)/None
Password — 128 characters maximum
Confirmpassword — 128 characters
maximum
Privacy — Secured - AES/None
Key — 128 characters maximum
Confirm key — 128 characters maximum
Trap receiversNo trapEnabled — No/Yes
Application name — 128 characters maximum
Hostname or IP address — 128 characters maximum
Port — x-xxx
Protocol — V1
Trap community — 128 characters maximum
Default settings and possible parameters - Certificate
Default settingPossible parameters
Default settings and possible parameters
Information – 180
Local certificates
Common name — Service + Hostname + selfsigned
Country — FR
State or Province — 38
City or Locality — Grenoble
Organization name — Eaton
Organization unit — Power quality
Contact email address — blank
Common name — 64 characters maximum
Country — Country code
State or Province —64 characters maximum
City or Locality —64 characters maximum
Organization name —64 characters maximum
Organization unit —64 characters maximum
Contact email address —64 characters maximum
7.3.2 Meters
Default settings and possible parameters - Meters
Default settingPossible parameters
Meters/LogsLog measures every—60sLog measures every — 3600s maximum
7.3.3 Sensors alarm configuration
Default settings and possible parameters - Environment Alarm configuration
Default settingPossible parameters
TemperatureEnabled—No
Low critical – 0°C/32°F
Low warning – 10°C/50°F
High warning – 70°C/158°F
High critical – 80°C/176°F
Enabled—No/Yes
low critical<low warning<high warning<high critical
HumidityEnabled—No
Low critical – 10%
Low warning – 20%
High warning – 80%
High critical – 90%
Enabled—No/Yes
0%<low critical<low warning<high warning<high
critical<100%
Dry contactsEnabled—No
Alarm severity – Warning
Enabled—No/Yes
Alarm severity – Info/Warning/Critical
Default settings and possible parameters
Information – 181
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
7.3.4 User profile
Default settings and possible parameters - User profile
Default settingPossible parameters
ProfileAccount details:
Full name — Administrator
Email — blank
Phone — blank
Organization — blank
Preferences:
Language —
English
Date format — MM-DD-YYYY
Time format — hh:mm:ss (24h)
Temperature — °C (Celsius)
Account details:
Full name — 128 characters maximum
Email — 128 characters maximum
Phone — 64 characters maximum
Organization — 128 characters maximum
Preferences:
Language — English, French, German,
Italian, Japanese, Russian, Simplified
Chinese, Spanish, Traditional Chinese
Date format — MM-DD-YYYY / YYY-MM-
DD / DD-MM-YYY / DD.MM.YYY / DD/
MM/YYY / DD MM YYYY
Time format — hh:mm:ss (24h) /
hh:mm:ss (12h)
Temperature — °C (Celsius)/°F
(Fahrenheit)
Access rights per profiles
Information – 182
7.4 Access rights per profiles
7.4.1 Home
AdministratorOperatorViewer
Home
7.4.2 Meters
AdministratorOperatorViewer
Meters
Battery health: Launch test/Abort
Logs configuration
7.4.3 Controls
AdministratorOperatorViewer
Control
7.4.4 Protection
AdministratorOperatorViewer
Protection/Scheduled
shutdowns
AdministratorOperatorViewer
Protection/Agent list
AdministratorOperatorViewer
Protection/Agent settings
AdministratorOperatorViewer
Protection/Sequence
Access rights per profiles
Information – 183
7.4.5 Environment
AdministratorOperatorViewer
Environment/Commissioning
Environment/Status
AdministratorOperatorViewer
Environment/Alarm
configuration
AdministratorOperatorViewer
Environment/Information
7.4.6 Settings
AdministratorOperatorViewer
General
AdministratorOperatorViewer
Local users
AdministratorOperatorViewer
Remote users
AdministratorOperatorViewer
Network & Protocols
AdministratorOperatorViewer
SNMP
AdministratorOperatorViewer
Access rights per profiles
Information – 184
Certificate
AdministratorOperatorViewer
ATS
7.4.7 Maintenance
AdministratorOperatorViewer
System information
AdministratorOperatorViewer
Firmware
AdministratorOperatorViewer
Services
AdministratorOperatorViewer
Resources
AdministratorOperatorViewer
System logs
7.4.8 Legal information
AdministratorOperatorViewer
Legal information
7.4.9 Alarms
AdministratorOperatorViewer
Alarm list
Access rights per profiles
Information – 185
Export
Clear
7.4.10 User profile
AdministratorOperatorViewer
User profile
7.4.11 Contextual help
AdministratorOperatorViewer
Contextual help
Full documentation
7.4.12 CLI commands
AdministratorOperatorViewer
get release info
AdministratorOperatorViewer
history
AdministratorOperatorViewer
ldap-test
AdministratorOperatorViewer
logout
AdministratorOperatorViewer
maintenance
AdministratorOperatorViewer
Access rights per profiles
Information – 186
netconf
(read-only) (read-only)
AdministratorOperatorViewer
ping
ping6
AdministratorOperatorViewer
reboot
AdministratorOperatorViewer
save_configuration
restore_configuration
AdministratorOperatorViewer
sanitize
AdministratorOperatorViewer
ssh-keygen
AdministratorOperatorViewer
time
(read-only) (read-only)
AdministratorOperatorViewer
traceroute
traceroute6
AdministratorOperatorViewer
whoami
AdministratorOperatorViewer
List of event codes
Information – 187
email-test
AdministratorOperatorViewer
systeminfo_statistics
AdministratorOperatorViewer
certificates
7.5 List of event codes
To get access to the Alarm log codes or the System log codes for email subscription, seesections below:
7.5.1 System log codes
7.5.1.1 Critical
CodeSeverityLog messageFile
0801000AlertUser account - admin password reset to defaultlogAccount.csv
0E00400CriticalThe [selfsign/PKI] signed certificate of the <service> server is not validlogSystem.csv
0A00700ErrorNetwork module file system integrity corrupted <f/w: xx.yy.zzzz>logUpdate.csv
0000D00ErrorCard reboot due to database errorlogSystem.csv
0700200ErrorFailed to start execution of script "<script description>". Client not registered. (<script
uuid>)
logSystem.csv
0700400ErrorExecution of script "<script description>" failed with return code: <script return code>.
(<script uuid>)
logSystem.csv
0700500ErrorExecution of script "<script description>" timeout! (<script uuid>)logSystem.csv
0700700AlertFailed to prepare isolated environment for script execution. Protection service startup is
aborted.
logSystem.csv
To retrieve System logs, navigate to Contextual help>>>Maintenance>>>System logs section and press
theDownload System logsbutton.
Below codes are the one to be used to add "Exceptions on events notification" on email sending configurations.
Some zeros maybe added in front of the code when displayed in emails or logs.
List of event codes
Information – 188
7.5.1.2 Warning
CodeSeverityLog messageFile
0A00200WarningNetwork module upgrade failed <f/w: xx.yy.zzzz>logUpdate.csv
0A00A00WarningNetwork module bootloader upgrade failed <f/w: xx.yy.zzzz>logUpdate.csv
0B00500WarningRTC battery cell lowlogSystem.csv
0E00200WarningNew [self/PKI] signed certificate [generated/imported] for <service> serverlogSystem.csv
0E00300WarningThe [self/PKI] signed certificate of the <service> server will expires in <X> dayslogSystem.csv
0800700WarningUser account - password expiredlogAccount.csv
0800900WarningUser account- lockedlogAccount.csv
0C00100WarningUnable to send email: Smtp server is unknownlogSystem.csv
0C00200WarningUnable to send email: Authentication method is not supportedlogSystem.csv
0C00300WarningUnable to send email: Authentication errorlogSystem.csv
0C00500WarningUnable to send email: Certificate Authority not recognizedlogSystem.csv
0C00600WarningUnable to send email: Secure connection requiredlogSystem.csv
0C00800WarningUnable to send email: Unknown errorlogSystem.csv
0C00B00WarningUnable to send email: Recipient not specifiedlogSystem.csv
0F01300WarningCard reboot due to Device FW upgradelogSystem.csv
1000F00Warning<
feature
> settings partial restorationlogSystem.csv
1001000Warning<
feature
> settings restoration errorlogSystem.csv
1000C00WarningSettings partial restorationlogSystem.csv
1000D00WarningSettings restoration errorlogSystem.csv
7.5.1.3 Info
CodeSeverityLog messageFile
0300D00NoticeUser action - sanitization launchedlogSystem.csv
0A00500NoticeNetwork module sanitizedlogUpdate.csv
0A00900NoticeNetwork module bootloader upgrade success <f/w: xx.yy.zzzz>logUpdate.csv
0A00B00NoticeNetwork module bootloader upgrade started <f/w: xx.yy.zzzz>logUpdate.csv
0A00C00NoticePeriodic system integrity check startedlogUpdate.csv
List of event codes
Information – 189
0B00100NoticeTime manually changedlogSystem.csv
0B00700NoticeNTP sever not available <NTP server address>logSystem.csv
0900100NoticeSession - openedlogSession.csv
0900200NoticeSession - closedlogSession.csv
0900300NoticeSession - invalid tokenlogSession.csv
0900400NoticeSession - authentication failedlogSession.csv
0300F00NoticeUser action - network module admin password reset switch activatedlogSystem.csv
0E00500Notice[Certificate authority/ Client certificate] <id> is added for <service>logSystem.csv
0E00600Notice[Certificate authority/ Client certificate] <id> is revoked for <service>logSystem.csv
0700100InfoStart execution of script "<script description>". (<script uuid>)logSystem.csv
0700300InfoExecution of script "<script description>" succeeded. (<script uuid>)logSystem.csv
0700600Info/Notice/
Error/Debug
<Script execution log message>logSystem.csv
0800100NoticeUser account - created <user account id>logAccount.csv
0800200NoticeUser account - deleted <user account id>logAccount.csv
0800400NoticeUser account - name changed <user account id>logAccount.csv
0800600NoticeUser account - password changedlogAccount.csv
0800800NoticeUser account- password reset <user account id>logAccount.csv
0800A00NoticeUser account- unlockedlogAccount.csv
0800B00NoticeUser account - activated <user account id>logAccount.csv
0800C00NoticeUser account - deactivated <user account id>logAccount.csv
0900D00Notice<user> connected into interactive CLI with session id XXXXXXlogSession.csv
0900E00Notice<user> disconnected from interactive CLI with session id XXXXXXlogSession.csv
0900F00Notice<user> doesn't have access to CLI - CLI session id XXXXXXlogSession.csv
0901000Notice<user> connected and executes remote command <command> into the CLI - CLI
session id XXXXXX
logSession.csv
0901100Notice<user> finished executing remote command <command> into the CLI - CLI session
id XXXXXX
logSession.csv
0901200Notice<user> connection rejected - CLI session id XXXXXXlogSession.csv
0901300Notice<user> disconnected from interactive CLI with session id XXXXXX due to session
timeout
logSession.csv
0901400Notice<user> disconnected from interactive CLI with session id XXXXXX due to concurrent
connection with session id XXXXXX
logSession.csv
0100C00NoticeSyslog is startedlogSystem.csv
List of event codes
Information – 190
0100B00NoticeSyslog is stoppinglogSystem.csv
0100D00NoticeNetwork module is bootinglogSystem.csv
0100E00NoticeNetwork module is operatinglogSystem.csv
0100F00NoticeNetwork module is starting shutdown sequencelogSystem.csv
0101000NoticeNetwork module is ending shutdown sequencelogSystem.csv
0101400NoticeNetwork module shutdown requestedlogSystem.csv
0101500NoticeNetwork module reboot requestedlogSystem.csv
0100200Notice<nb alarms> alarms exported and flushedlogSystem.csv
0A00100InfoNetwork module upgrade success <f/w: xx.yy.zzzz>logUpdate.csv
0A00300InfoNetwork module upgrade startedlogUpdate.csv
0A00600InfoNetwork module file system integrity OK <f/w: xx.yy.zzzz>logUpdate.csv
0B00300InfoTime with NTP synchronizedlogSystem.csv
0B00600InfoTime settings changedlogSystem.csv
0B01100InfoTime reset to last known date: "date"logSystem.csv
0C00F00InfoTest email
1000100InfoSettings saving requestedlogSystem.csv
1000200Info<
feature
> settings savedlogSystem.csv
1000A00InfoSettings restoration requestedlogSystem.csv
1000E00Info<
feature
> settings restoration successlogSystem.csv
1000B00InfoSettings restoration successlogSystem.csv
0301500NoticeSanitization switch changedlogSystem.csv
0A01600NoticeMajor version downgradelogUpdate.csv
0D00800NoticeDHCP client script called with <script parameters>logSystem.csv
0D00900NoticeIPv4 configuration changed to <ipsv4_address>logSystem.csv
0D01000NoticeIPv6 configuration changed to <ipsv6_address>logSystem.csv
Event with code0700600 is used within shutdown script. The severity may vary according to the event context.
List of event codes
Information – 191
7.5.2 UPS(HID) alarm log codes
7.5.2.1 Critical
CodeSeverityActive messageNon-active messageAdvice
002CriticalInternal failureEnd of internal failureService required
004CriticalTemperature alarmTemperature OKCheck air conditioner
100CriticalRectifier fuse faultRectifier fuse OKService required
105CriticalInput AC module failureInput AC module OKService required
207CriticalBypass AC module failureBypass AC module OK-
208CriticalBypass overloadNo bypass overload-
305CriticalRectifier failureRectifier OKService required
306CriticalRectifier overloadRectifier OKReduce output load
308CriticalRectifier short circuitRectifier OKReduce output load
400CriticalDCDC converter failureDCDC converter OKService required
500CriticalBattery charger faultBattery charger OKService required
607CriticalBattery test failedBattery test OKCheck battery
60DCriticalNo batteryBattery presentCheck battery
61BCriticalBattery BMS faultBattery BMS OKCheck battery
629CriticalBattery voltage low criticalBatteryvoltage OKCheck battery
62BCriticalBattery voltage high criticalBatteryvoltage OKCheck battery
62DCriticalBattery charge current low criticalBatterycharge current OKCheck battery
62FCriticalBatterycharge current high criticalBatterycharge current OKCheck battery
631CriticalBattery discharge current low
critical
Batterydischarge current OKCheck battery
633CriticalBatterydischarge current high
critical
Batterydischarge current OKCheck battery
This table applies to all UPS except to the 9130 UPS.
To retrieve Alarm logs, navigate to Contextual help>>>Alarms section and press the Download alarms button.
Below codes are the one to be used to add "Exceptions on events notification" on email sending configurations.
Some zeros maybe added in front of the code when displayed in emails or logs.
List of event codes
Information – 192
635CriticalBattery temperature low criticalBatterytemperature OKCheck battery
637CriticalBatterytemperature high criticalBattery temperature OKCheck battery
63ECriticalBattery faultBattery OKCheck battery
704CriticalInverter internal failureUPS OKService required
705CriticalInverter overloadNo power overloadReduce output load
706CriticalTemperature alarmTemperature OKCheck air conditioner
70BCriticalInverter short circuitEnd of inverter short circuitService required
805CriticalOutput short circuitOutput OKReduce output load
811CriticalParallel negative powerParallel power OKReduce output load
815CriticalCalibration faultCalibration OKService required
81ECriticalLoad unprotectedLoad protected-
7.5.2.2 Warning
CodeSeverityActive messageNon-active messageAdvice
001WarningOn batteryNo more on battery-
007WarningFan faultFan OKService required
00BWarningParallel UPS redundancy lostParallel UPS redundancy OKReduce output load
00EWarningParallel UPS communication lostParallel UPS communication OKService required
00FWarningParallel UPS not compatibleParallel UPS compatibility OKService required
010WarningUPS power supply faultUPS power supply OKService required
011WarningParallel UPS protection lostParallel UPS protection OKReduce output load
012WarningParallel UPS measure inconsistentParallel UPS measure OKService required
103WarningUtility breaker openUtility breaker closed-
104WarningInput AC frequency out of rangeInput AC frequency in range-
106WarningInput AC not presentInput AC present-
107WarningInput bad wiringInput wiring OKCheck input wiring
108WarningInput AC voltage out of range (-)Input AC voltage in range-
109WarningInput AC voltage out of range (+)Input AC voltage in range-
110WarningBuilding alarm (through dry
contact)
Building alarm OK-
11FWarningBuilding alarm (through Network
module)
Building alarm OK-
List of event codes
Information – 193
10AWarningInput AC unbalancedEnd of input AC unbalanced-
200WarningBypass phase out rangeBypass phase in range-
201WarningBypass not availableBypass availableService required
202WarningBypass thermal overloadBypass thermal OKReduce output load
203WarningBypass temperature alarmBypass temperature OKCheck air conditioner
204WarningBypass breaker openBypass breaker closed-
205WarningBypass modeNo more on bypass-
206WarningBypass frequency out of rangeBypass frequency in range-
209WarningBypass voltage out of rangeBypass voltage in range-
20AWarningBypass AC over voltageEnd of bypass AC over voltage-
20BWarningBypass AC under voltageEnd of bypass AC under voltage-
20CWarningBypass bad wiringBypass wiring OKCheck bypass wiring
300WarningDC bus + too highDC bus + voltage OKService required
301WarningDC bus - too highDC bus - voltage OKService required
302WarningDC bus + too lowDC bus + voltage OKService required
303WarningDC bus - too lowDC bus - voltage OKService required
304WarningDC bus unbalancedDC bus OKService required
501WarningCharger temperature alarmCharger temperature OKService required
502WarningMax charger voltageCharger voltage OKService required
503WarningMin charger voltageCharger voltage OKService required
600WarningBattery fuse faultBattery fuse OKService required
602WarningBattery fuse faultBattery fuse OKService required
604WarningBattery low state of chargeBattery state of charge OK-
605WarningBattery temperature alarmBattery temperature OKService required
606WarningBattery breaker openBattery breaker closedService required
610WarningBattery low voltageBattery voltage OKCheck battery
613WarningBattery voltage too highBattery voltage OKCheck battery
616WarningBattery voltage unbalancedBattery voltage OKCheck battery
61CWarningCommunication with battery lostCommunication with battery
recovered
Check battery
61EWarningAt least one breaker in battery is
open
All battery breakers are closedCheck battery
List of event codes
Information – 194
61FWarningBattery State Of Charge below
limit
Battery State Of Charge OK-
620WarningBattery State Of Health below limitBattery State Of Health OKCheck battery
628WarningBattery voltage low warningBattery voltage OKCheck battery
62AWarningBattery voltage high warningBattery voltage OKCheck battery
62CWarningBatterycharge current low
warning
Batterycharge current OKCheck battery
62EWarningBatterycharge current high
warning
Batterycharge current OKCheck battery
630WarningBattery discharge current low
warning
Battery discharge current OKCheck battery
632WarningBattery discharge current high
warning
Battery discharge current OKCheck battery
634WarningBattery temperature low warningBattery temperature OKCheck battery
636WarningBatterytemperature high warningBatterytemperature OKCheck battery
638WarningBattery BMS failureBattery BMS OKCheck battery
639WarningBattery temperature unbalancedBatterytemperature OKCheck battery
63DWarningBattery warningBattery OKCheck battery
700WarningInverter limitationNo current limitationReduce output load
701WarningInverter fuse faultInverter fuse OKService required
70AWarningInverter thermal overloadNo power overloadReduce output load
70CWarningInverter voltage too lowInverter voltage OKService required
70DWarningInverter voltage too highInverter voltage OKService required
801WarningLoad not poweredLoad powered-
803WarningOutput breaker openOutput breaker closed-
806WarningEmergency power OFFNo emergency OFF-
808WarningPower overloadNo power overloadReduce output load
80DWarningInternal configuration failureInternal configuration OKService required
80EWarningOverload pre-alarmNo overload pre-alarmReduce output load
810WarningOverload alarmNo overloadReduce output load
814WarningFirmware watchdog resetFirmware watchdog OKService required
816WarningCompatibility failureCompatibility OKService required
817WarningOutput over currentNo output over currentReduce output load
818WarningOutput frequency out of rangeOutput frequency in rangeService required
List of event codes
Information – 195
819WarningOutput voltage too highOutput voltage OKService required
81AWarningOutput voltage too lowOutput voltage OKService required
81BWarningUPS Shutoff requestedEnd of UPS shutoff requestedService required
81DWarningLoad not poweredLoad protected-
900WarningMaintenance bypassNot on maintenance bypass-
901WarningMaintenance bypass breaker
closed
Maintenance bypass breaker open-
B01WarningBatteries are aging. Consider
replacement
Batteries aging condition cleared-
7.5.2.3 Info
CodeSeverityActive messageNon-active messageAdvice
005InfoCommunication lost (with UPS)Communication recovered (with
UPS)
Service required
009InfoOn high efficiency / On ESS modeHigh efficiency disabled / ESS
disabled
-
013InfoUpgrading: limited communicationEnd of upgrade mode-
101InfoOn AVR (Boost)End of AVR (Boost)-
102InfoOn AVR (Buck)End of AVR (Buck)-
603InfoBattery dischargingEnd of UPS battery discharge-
63CInfoBattery informationBattery OK-
A00InfoGroup 1 is OFFGroup 1 is ON-
A01InfoGroup 2 is OFFGroup 2 is ON-
A0FInfoGroup is OFFGroup is ON-
7.5.2.4 Good
CodeSeverityActive message
60EGoodUPS external battery set as “No battery”
826GoodLoad powered
Alarms with a severity set as Good are not taken into account into the counter of active alarms.
List of event codes
Information – 196
7.5.3 9130 UPS(XCP) alarm log codes
7.5.3.1 Critical
CodeSeverityActive messageNon-active messageAdvice
2012CriticalEmergency power OFFNo emergency OFF-
2019CriticalBuilding alarmNo building alarm-
2020CriticalBypass temperature alarmBypass temperature OK-
2024CriticalTemperature alarmTemperature OK-
2026CriticalRectifier overloadRectifier OK-
2030CriticalRectifier failureRectifier OK-
2031CriticalInverter internal failureUPS OK-
2034CriticalBattery charger faultBattery charger OK-
2056CriticalBattery low state of chargeBattery state of charge OK-
2058CriticalOutput short circuitOutput OK-
2070CriticalUPS power supply faultUPS power supply OK-
2075CriticalRectifier overloadRectifier OK-
2077CriticalInput AC module failureInput AC module OK-
2102CriticalInverter limitationNo current limitation-
2111CriticalInverter thermal overloadNo power overload-
2112CriticalDCDC converter failureDCDC converter OK-
2132CriticalParallel UPS protection lostParallel UPS protection OK-
2143CriticalMaintenance bypassNot on maintenance bypass-
2188CriticalBypass AC module failureBypass AC module OK-
2191CriticalBattery faultBattery OKCheck battery
2192CriticalFuse faultFuse OK-
Use this table for 9130 UPS.
To retrieve Alarm logs, navigate to Contextual help>>>Alarms section and press the Download alarms button.
Below codes are the one to be used to add "Exceptions on events notification" on email sending configurations.
Some zeros maybe added in front of the code when displayed in emails or logs.
List of event codes
Information – 197
2193CriticalFan faultFan OK-
2199CriticalNo batteryBattery presentCheck battery
2200CriticalTemperature out of rangeTemperature in range-
2259CriticalRectifier short circuitRectifier OK-
2260CriticalRectifier short circuitRectifier OK-
2261CriticalRectifier short circuitRectifier OK-
2323CriticalInverter overloadNo power overload-
2324CriticalInverter short circuitEnd of inverter short circuit-
2325CriticalBypass overloadNo bypass overload-
2328CriticalBypass thermal overloadBypass thermal OK-
2364CriticalInternal failureEnd of internal failure-
2402CriticalParallel UPS not compatibleParallel UPS compatibility OK-
281ECriticalLoad unprotected--
7.5.3.2 Warning
CodeSeverityActive messageNon-active messageAdvice
2000WarningInverter voltage too highInverter voltage OK-
2001WarningInverter voltage too lowInverter voltage OK-
2003WarningBypass AC over voltageEnd of bypass AC over voltage-
2004WarningBypass AC under voltageNo Bypass AC under voltage-
2005WarningBypass frequency out of rangeBypass frequency in range-
2006WarningInput AC voltage out of range (+)Input AC voltage in range-
2007WarningInput AC voltage out of range (-)Input AC voltage in range-
2008WarningInput AC frequency out of rangeInput AC frequency in range-
2009WarningOutput voltage too highOutput voltage OK-
2010WarningOutput voltage too lowOutput voltage OK-
2011WarningOutput frequency out of rangeOutput frequency in range-
2021WarningCharger temperature alarmCharger temperature OK-
2023WarningMax charger voltageCharger voltage OK-
2025WarningPower overloadNo power overload-
2027WarningOutput over currentNo output over current-
List of event codes
Information – 198
2028WarningDC bus + too highDC bus + voltage OK-
2029WarningDC bus + too lowDC bus + voltage OK-
2032WarningBattery breaker closedBattery breaker open-
2057WarningOn batteryNo more on battery-
2063WarningParallel UPS communication lostParallel UPS communication OK-
2067WarningInput AC not presentInput AC present-
2105WarningBypass availableBypass not available-
2106WarningUtility breaker closedUtility breaker open-
2159WarningOverload pre-alarmNo overload pre-alarm-
2162WarningOverload alarmNo overload-
2168WarningBattery dischargingEnd of UPS battery discharge-
2169WarningBypass modeNo more on bypass-
2170WarningLoad not powered--
2176WarningCompatibility failureCompatibility OK-
2189WarningLoad not powered--
2194WarningInput bad wiringInput wiring OK-
2206WarningUPS Shutdown requestedEnd of UPS shutdown requested-
2224WarningInternal configuration failureInternal configuration OK-
2225WarningParallel UPS redundancy lostParallel UPS redundancy OK-
2231WarningDC bus unbalancedDC bus OK-
2240WarningParallel UPS communication lostParallel UPS communication OK-
2306WarningBypass breaker openBypass breaker closed-
2326WarningBypass phase out rangeBypass phase in range-
2327WarningBypass voltage out of rangeBypass voltage in range-
2366WarningBypass bad wiringBypass wiring OK-
7.5.3.3 Info
CodeSeverityActive messageNon-active messageAdvice
2063InfoCommunication lostCommunication recovered-
2196InfoOn AVR (Buck)End of AVR (Buck)-
2197InfoOn AVR (Boost)End of AVR (Boost)-
List of event codes
Information – 200
7.5.4 ATS alarm log codes
7.5.4.1 Critical
CodeSeverityActive messageNon-active messageAdvice
F03CriticalInternal failureEnd of internal failure-
F08CriticalInternal failureEnd of internal failure-
F0BCriticalInternal failureEnd of internal failure-
F0DCriticalIn short circuitNot in short circuit-
F10CriticalLoad not poweredLoad powered with no continuity-
F11CriticalInternal failureEnd of internal failure-
F13CriticalTemperature out of rangeTemperature in range-
F1BCriticalOffOn preferred source-
7.5.4.2 Warning
CodeSeverityActive messageNon-active messageAdvice
F00WarningUnsynchronized sourcesSynchronized sources-
F01WarningFrequency out of rangeFrequency in range-
F02WarningOut of rangeIn range-
F04WarningVoltage in derated rangeVoltage in normal range-
F06WarningFrequency out of rangeFrequency in range-
F07WarningNot in rangeIn range-
F09WarningVoltage in derated rangeVoltage in normal range-
F0CWarningIn overloadNot in overload-
F0FWarningInternal configuration failureInternal configuration OK-
F12WarningOverload FaultNo overload fault-
F15WarningInput waveform is not OKInput waveform is OK-
To retrieve Alarm logs, navigate to Contextual help>>>Alarms section and press the Download alarms button.
Below codes are the one to be used to add "Exceptions on events notification" on email sending configurations.
Some zeros maybe added in front of the code when displayed in emails or logs.
List of event codes
Information – 201
F16WarningVoltage out of rangeVoltage in range-
F17WarningInput waveform is not OKInput waveform is OK-
F18WarningVoltage out of rangeVoltage in range-
F1AWarningOn alternate source--
7.5.4.3 Good
CodeSeverityActive messageNon-active messageAdvice
F05GoodSource 1 used to power the loadSource 1 not used to power the load-
F0AGoodSource 2 used to power the loadSource 2 not used to power the load-
F19GoodOn preferred source--
Alarms with a severity set as Good are not taken into account into the counter of active alarms.
List of event codes
Information – 202
7.5.5 EMP alarm log codes
7.5.5.1 Critical
CodeSeverityActive messageNon-active messageAdvice
1201CriticalTemperature is critically lowTemperature is back to low-
1204CriticalTemperature is critically highTemperature is back to high-
1211CriticalHumidity is critically lowHumidity is back to low-
1214CriticalHumidity is critically highHumidity is back to high-
7.5.5.2 Warning
CodeSeverityActive messageNon-active messageAdvice
1200WarningCommunication lostCommunication recovered-
1202WarningTemperature is lowTemperature is back to normal-
1203WarningTemperature is highTemperature is back to normal-
1212WarningHumidity is lowHumidity is back to normal-
1213WarningHumidity is highHumidity is back to normal-
7.5.5.3 With settable severity
CodeSeverityActive messageNon-active messageAdvice
1221SettableContact is activeContact is back to normal-
To retrieve Alarm logs, navigate to Contextual help>>>Alarms section and press the Download alarms button.
Below codes are the one to be used to add "Exceptions on events notification" on email sending configurations.
Some zeros maybe added in front of the code when displayed in emails or logs.
List of event codes
Information – 203
7.5.6 Network module alarm log codes
7.5.6.1 Warning
7.5.6.1.1 Protection
CodeSeverityActive messageNon-active messageAdvice
1032WarningProtection: immediate shutdown in progressProtection: immediate shutdown completed-
1053WarningProtection: communication lost with agentProtection: communication recovered with agent-
7.5.6.1.2 Alarms
CodeSeverityActive messageNon-active messageAdvice
1303WarningAlarms: the number of alarms is too
high and above 6 000
Alarms: the number of alarms is
back to normal
2 000 alarms have been
erased and saved in a
backup file.
7.5.6.2 Info
7.5.6.2.1 Protection
CodeSeverityActive messageNon-active messageAdvice
1016InfoProtection: sequential shutdown scheduledProtection: sequential shutdown canceled-
1017InfoProtection: sequential shutdown in progressProtection: sequential shutdown completed-
1054InfoProtection: agent is in unknown stateProtection: agent is in service-
1055InfoProtection: agent is startingProtection: agent is in service-
1056InfoProtection: agent is stoppingProtection: agent is in service-
1057InfoProtection: agent is stoppedProtection: agent is in service-
1100InfoSchedule: shutdown date reachedSchedule: shutdown initiated-
To retrieve Alarm logs, navigate to Contextual help>>>Alarms section and press the Download alarms button.
Below codes are the one to be used to add "Exceptions on events notification" on email sending configurations.
Some zeros maybe added in front of the code when displayed in emails or logs.
SNMP traps
Information – 204
7.5.6.2.2 Communication
CodeSeverityActive messageNon-active messageAdvice
1300InfoCommunication: No device connectedCommunication: Communication with the device is back-
1301InfoCommunication: Device not supportedCommunication: Communication with the device is back-
7.5.6.2.3 Alarms
CodeSeverityActive messageNon-active messageAdvice
1302InfoAlarms: the number of alarms is
high and above 5 000
Alarms: the number of alarms is
back to normal
It is recommended to
Export and Clear the alarm
log.
7.6 SNMP traps
7.6.1 UPS Mib
7.6.1.1 IETF Mib-2 Ups traps
This information is for reference only.
Trap oid :
.1.3.6.1.2.1.33.2.0.x
Description :
.1.3.6.1.2.1.33.2.0.1Sent whenever the UPS transfers on battery,
then sent every minutes until the UPS Comes back to AC Input.
.1.3.6.1.2.1.33.2.0.3Sent whenever an alarm appears.
The matching alarm oid is added as bound variables in the table below.
.1.3.6.1.2.1.33.2.0.4Sent whenever an alarm disappears.
The matching alarm oid is added as bound variables in the table below.
Alarm oid at :
.1.3.6.1.2.1.33.1.6.3.x
Description when trap 3Description when trap 4
.1.3.6.1.2.1.33.1.6.3.1Battery test failedBattery test OK
.1.3.6.1.2.1.33.1.6.3.2Battery dischargingEnd of UPS battery discharge
.1.3.6.1.2.1.33.1.6.3.3Low batteryBattery OK
.1.3.6.1.2.1.33.1.6.3.5Temperature alarmTemperature OK
.1.3.6.1.2.1.33.1.6.3.6Input AC not presentInput AC present
SNMP traps
Information – 205
Alarm oid at :
.1.3.6.1.2.1.33.1.6.3.x
Description when trap 3Description when trap 4
.1.3.6.1.2.1.33.1.6.3.8Power overloadNo power overload
.1.3.6.1.2.1.33.1.6.3.9Bypass modeNo more on bypass
.1.3.6.1.2.1.33.1.6.3.10Bypass not availableBypass available
.1.3.6.1.2.1.33.1.6.3.13Battery charger faultBattery charger OK
.1.3.6.1.2.1.33.1.6.3.14Not poweredPowered (Protected or Not protected)
.1.3.6.1.2.1.33.1.6.3.16Fan faultFan OK
.1.3.6.1.2.1.33.1.6.3.17Battery fuse fault
Rectifier fuse fault
Inverter fuse fault
Battery fuse OK
Rectifier fuse OK
Inverter fuse OK
.1.3.6.1.2.1.33.1.6.3.
18Internal failureEnd of internal failure
.1.3.6.1.2.1.33.1.6.3.20Communication lostCommunication recovered
.1.3.6.1.2.1.33.1.6.3.23Shutdown imminentShutdown canceled
7.6.1.2 Xups Mib traps
This information is for reference only.
Trap oid :
.1.3.6.1.4.1.534.1.11.4.1.0.x
Trap message at oid :
.1.3.6.1.4.1.534.1.11.3.0
.1.3.6.1.4.1.534.1.11.4.1.0.3Battery discharging
.1.3.6.1.4.1.534.1.11.4.1.0.4Battery low
.1.3.6.1.4.1.534.1.11.4.1.0.5No more on battery
.1.3.6.1.4.1.534.1.11.4.1.0.6Battery OK
.1.3.6.1.4.1.534.1.11.4.1.0.7Power overload
.1.3.6.1.4.1.534.1.11.4.1.0.8Internal failure
.1.3.6.1.4.1.534.1.11.4.1.0.10Inverter internal failure
.1.3.6.1.4.1.534.1.11.4.1.0.11Bypass mode
.1.3.6.1.4.1.534.1.11.4.1.0.12Bypass not available
.1.3.6.1.4.1.534.1.11.4.1.0.13Load not powered
.1.3.6.1.4.1.534.1.11.4.1.0.14On battery
.1.3.6.1.4.1.534.1.11.4.1.0.15Building alarm through input dry contact
.1.3.6.1.4.1.534.1.11.4.1.0.16Shutdown imminent
.1.3.6.1.4.1.534.1.11.4.1.0.17No more on bypass
.1.3.6.1.4.1.534.1.11.4.1.0.20Breaker open
SNMP traps
Information – 206
Trap oid :
.1.3.6.1.4.1.534.1.11.4.1.0.x
Trap message at oid :
.1.3.6.1.4.1.534.1.11.3.0
.1.3.6.1.4.1.534.1.11.4.1.0.23Battery test failed
.1.3.6.1.4.1.534.1.11.4.1.0.26Communication lost
.1.3.6.1.4.1.534.1.11.4.1.0.30Sensor contact is active
.1.3.6.1.4.1.534.1.11.4.1.0.31Sensor contact back to normal
.1.3.6.1.4.1.534.1.11.4.1.0.32Parallel UPS redundancy lost
.1.3.6.1.4.1.534.1.11.4.1.0.33Temperature alarm
.1.3.6.1.4.1.534.1.11.4.1.0.34Battery charger fault
.1.3.6.1.4.1.534.1.11.4.1.0.35Fan fault
.1.3.6.1.4.1.534.1.11.4.1.0.36Fuse fault
.1.3.6.1.4.1.534.1.11.4.1.0.42Sensor temperature is below/above critical threshold
.1.3.6.1.4.1.534.1.11.4.1.0.43Sensor humidity is below/above critical threshold
.1.3.6.1.4.1.534.1.11.4.1.0.48Maintenance bypass
7.6.2 ATS Mib
This information is for reference only.
Trap oid :
.1.3.6.1.4.1.534.10.2.10.x
Trap description
.1.3.6.1.4.1.534.10.2.10.1Communication lost
.1.3.6.1.4.1.534.10.2.10.2Communication recovered
.1.3.6.1.4.1.534.10.2.10.3Output powered
.1.3.6.1.4.1.534.10.2.10.4Output not powered
.1.3.6.1.4.1.534.10.2.10.5Overload
.1.3.6.1.4.1.534.10.2.10.6No overload
.1.3.6.1.4.1.534.10.2.10.7Internal failure
.1.3.6.1.4.1.534.10.2.10.8No internal failure
.1.3.6.1.4.1.534.10.2.10.9Source 1 normal
.1.3.6.1.4.1.534.10.2.10.10Source 1 out of range
.1.3.6.1.4.1.534.10.2.10.11Source 2 normal
.1.3.6.1.4.1.534.10.2.10.12Source 2 out of range
.1.3.6.1.4.1.534.10.2.10.13Sources desynchronized
CLI
Information – 207
•
•
Trap oid :
.1.3.6.1.4.1.534.10.2.10.x
Trap description
.1.3.6.1.4.1.534.10.2.10.14Sources synchronized
.1.3.6.1.4.1.534.10.2.10.15Output powered by source 1
.1.3.6.1.4.1.534.10.2.10.16Output powered by source 2
.1.3.6.1.4.1.534.10.2.10.20Remote temperature low
.1.3.6.1.4.1.534.10.2.10.21Remote temperature high
.1.3.6.1.4.1.534.10.2.10.22Remote temperature normal
.1.3.6.1.4.1.534.10.2.10.23Remote humidity low
.1.3.6.1.4.1.534.10.2.10.24Remote humidity high
.1.3.6.1.4.1.534.10.2.10.25Remote humidity normal
.1.3.6.1.4.1.534.10.2.10.26Contact 1 active
.1.3.6.1.4.1.534.10.2.10.27Contact 1 inactive
.1.3.6.1.4.1.534.10.2.10.28Contact 2 active
.1.3.6.1.4.1.534.10.2.10.29Contact 2 inactive
7.6.3 Sensor Mib
7.6.3.1 Sensor Mib traps
This information is for reference only.
Trap oid :
.1.3.6.1.4.1.534.6.8.1.x.x.x
Trap description
.1.3.6.1.4.1.534.6.8.1.1.0.1Sent whenever the sensor count changes after a discovery or removing from the UI.
.1.3.6.1.4.1.534.6.8.1.1.0.2Sent whenever one status of each sensor connected changes.
.1.3.6.1.4.1.534.6.8.1.2.0.1Sent whenever one status of each temperature changes.
.1.3.6.1.4.1.534.6.8.1.3.0.1Sent whenever one status of each humidity changes.
.1.3.6.1.4.1.534.6.8.1.4.0.1Sent whenever one status of each digital input alarm changes.
7.7 CLI
CLI can be accessed through:
SSH
Serial terminal emulation (refer to section
Servicing the Network Management Module>>>Installing the Network
Module>>>Accessing the card through serial terminal emulation).
It is intended mainly for automated configuration of the network and time settings of the network card. It can also be used for
troubleshooting and remote reboot/reset of the network interface in case the web user interface is not accessible.
CLI
Information – 208
Warning: Changing network parameters may cause the card to become unavailable remotely. If this happens it can only be
reconfigured locally through USB.
7.7.1 Commands available
You can see this list anytime by typing in the CLI:
?
7.7.2 Contextual help
You can see this help anytime by typing in the CLI:
help
CONTEXT SENSITIVE HELP
[?] - Display context sensitive help. This is either a list of possible
command completions with summaries, or the full syntax of the
current command. A subsequent repeat of this key, when a command
has been resolved, will display a detailed reference.
AUTO-COMPLETION
The following keys both perform auto-completion for the current command line.
If the command prefix is not unique then the bell will ring and a subsequent
repeat of the key will display possible completions.
[enter] - Auto-completes, syntax-checks then executes a command. If there is
a syntax error then offending part of the command line will be
highlighted and explained.
[space] - Auto-completes, or if the command is already resolved inserts a space.
MOVEMENT KEYS
[CTRL-A] - Move to the start of the line
[CTRL-E] - Move to the end of the line.
[up] - Move to the previous command line held in history.
[down] - Move to the next command line held in history.
[left] - Move the insertion point left one character.
[right] - Move the insertion point right one character.
DELETION KEYS
[CTRL-C] - Delete and abort the current line
[CTRL-D] - Delete the character to the right on the insertion point.
[CTRL-K] - Delete all the characters to the right of the insertion point.
[CTRL-U] - Delete the whole line.
[backspace] - Delete the character to the left of the insertion point.
ESCAPE SEQUENCES
!! - Substitute the last command line.
!N - Substitute the Nth command line (absolute as per 'history' command)
!-N - Substitute the command line entered N lines before (relative)
CLI
Information – 209
7.7.3 get release info
7.7.3.1 Description
Displayscertain basic information related to the firmware release.
7.7.3.2 Help
get_release_info
-d Get current release date
-s Get current release sha1
-t Get current release time
-v Get current release version number
7.7.3.3 Specifics
7.7.3.4 Access rights per profiles
AdministratorOperatorViewer
get release info
7.7.4 history
7.7.4.1 Description
Displaysrecentcommands executed on the card.
7.7.4.2 Help
history
<cr> Display the current session's command line history(by default display
last 10 commands)
<Unsigned integer> Set the size of history list (zero means unbounded). Example 'history
6' display the 6 last command
7.7.4.3 Specifics
7.7.4.4 Access rights per profiles
AdministratorOperatorViewer
history
CLI
Information – 210
7.7.5 logout
7.7.5.1 Description
Logout the current user.
7.7.5.2 Help
logout
<cr> logout the user
7.7.5.3 Specifics
7.7.5.4 Access rights per profiles
AdministratorOperatorViewer
logout
7.7.6 maintenance
7.7.6.1 Description
Creates a maintenance report file whichmaybehandedto the technical support.
7.7.6.2 Help
maintenance
<cr> Create maintenance report file.
-h, --help Display help page
7.7.6.3 Specifics
7.7.6.4 Access rights per profiles
AdministratorOperatorViewer
maintenance
7.7.7 netconf
7.7.7.1 Description
Tools to display or change the network configuration of the card.
CLI
Information – 211
7.7.7.2 Help
For Viewer and Operator profiles:
netconf -h
Usage: netconf [OPTION]...
Display network information and change configuration.
-h, --help display help page
-l, --lan display Link status and MAC address
-4, --ipv4 display IPv4 Mode, Address, Netmask and Gateway
-6, --ipv6 display IPv6 Mode, Addresses and Gateway
-d, --domain display Domain mode, FQDN, Primary and Secondary DNS
For Administrator profile:
netconf -h
Usage: netconf [OPTION]...
Display network information and change configuration.
-h, --help display help page
-l, --lan display Link status and MAC address
-d, --domain display Domain mode, FQDN, Primary and Secondary DNS
-4, --ipv4 display IPv4 Mode, Address, Netmask and Gateway
-6, --ipv6 display IPv6 Mode, Addresses and Gateway
Set commands are used to modify the settings.
-s, --set-lan <link speed>
Link speed values:
auto Auto negotiation
10hf 10 Mbps - Half duplex
10ff 10 Mbps - Full duplex
100hf 100 Mbps - Half duplex
100ff 100 Mbps - Full duplex
1000ff 1.0 Gbps - Full duplex
-f, --set-domain hostname <hostname> set custom hostname
-f, --set-domain <mode>
Mode values:
- set custom Network address, Netmask and Gateway:
manual <domain name> <primary DNS> <secondary DNS>
- automatically set Domain name, Primary and Secondary DNS
dhcp
-i, --set-ipv4 <mode>
Mode values:
- set custom Network address, Netmask and Gateway
manual <network> <mask> <gateway>
- automatically set Network address, Netmask and Gateway
dhcp
-x, --set-ipv6 <status>
Status values:
- enable IPv6
enable
- disable IPv6
disable
-x, --set-ipv6 <mode>
Mode values:
CLI
Information – 212
- set custom Network address, Prefix and Gateway
manual <network> <prefix> <gateway>
- automatically set Network address, Prefix and Gateway
router
Examples of usage:
-> Display Link status and MAC address
netconf -l
-> Set Auto negotiation to Link
netconf --set-lan auto
-> Set custom hostname
netconf --set-domain hostname ups-00-00-00-00-00-00
-> Set Adress, Netmask and Gateway
netconf --set-ipv4 manual 192.168.0.1 255.255.255.0 192.168.0.2
-> Disable IPv6
7.7.7.3 Examples of usage
-> Display Link status and MAC address
netconf -l
-> Set Auto negotiation to Link
netconf -s auto
-> Set custom hostname
netconf -f hostname ups-00-00-00-00-00-00
-> Set Adress, Netmask and Gateway
netconf -i manual 192.168.0.1 255.255.255.0 192.168.0.2
-> Disable IPv6
netconf -6 disable
7.7.7.4 Specifics
7.7.7.5 Access rights per profiles
AdministratorOperatorViewer
netconf
(read-only) (read-only)
7.7.8 ping and ping6
7.7.8.1 Description
Ping and ping6 utilities are used to test network connection.
7.7.8.2 Help
ping
The ping utility uses the ICMP protocol's mandatory ECHO_REQUEST datagram
to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST
datagrams (``pings'') have an IP and ICMP header, followed by a ``struct
timeval'' and then an arbitrary number of ``pad'' bytes used to fill out
the packet.
CLI
Information – 213
-c Specify the number of echo requests to be sent
-h Specify maximum number of hops
<Hostname or IP> Host name or IP address
ping6
The ping6 utility uses the ICMP protocol's mandatory ECHO_REQUEST datagram
to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST
datagrams (``pings'') have an IP and ICMP header, followed by a ``struct
timeval'' and then an arbitrary number of ``pad'' bytes used to fill out
the packet.
-c Specify the number of echo requests to be sent
<IPv6 address> IPv6 address
7.7.8.3 Specifics
7.7.8.4 Access rights per profiles
AdministratorOperatorViewer
ping
ping6
7.7.9 reboot
7.7.9.1 Description
Tool to Reboot the card.
7.7.9.2 Help
Usage: reboot [OPTION]
<cr> Reboot the card
--help Display help
--withoutconfirmation Reboot the card without confirmation
7.7.9.3 Specifics
7.7.9.4 Access rights per profiles
AdministratorOperatorViewer
reboot
CLI
Information – 214
•
•
•
•
•
7.7.10 save_configuration | restore_configuration
7.7.10.1 Description
Save_configuration and restore_configuration are using JSON format to save and restorecertain part of the configuration of the
card.
7.7.10.2 Help
save_configuration -h
save_configuration: print the card configuration in JSON format to standard output.
restore_configuration -h
restore_configuration: restore the card configuration from a JSON-formatted standard input.
7.7.10.3 Examples of usage
7.7.10.3.1 From a linux host:
Save over SSH:sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS save_configuration -p $PASSPHRASE> $FILE
Restore over SSH:cat $FILE | sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS restore_configuration -p $PASSPHRASE
7.7.10.3.2 From a Windows host:
Save over SSH:plink $USER@$CARD_ADDRESS -pw$PASSWORD -batch save_configuration -p $PASSPHRASE > $FILE
Restore over SSH:type $FILE | plink $USER@$CARD_ADDRESS -pw $PASSWORD -batch restore_configuration -p $PASSPHRASE
(Require plink tools from putty)
Where:
$USER is user name (the user shall have administrator profile)
$PASSWORD is the user password
$PASSPHRASE is any passphrase to encrypt/decrypt sensible data.
$CARD_ADDRESS is IP or hostname of the card
$FILE is a path to the JSON file (on your host computer) where the configuration is saved or restored.
7.7.10.4 Specifics
7.7.10.5 Access rights per profiles
AdministratorOperatorViewer
save_configuration
restore_configuration
7.7.11 sanitize
7.7.11.1 Description
Sanitize command to return card to factory reset configuration.
CLI
Information – 215
•
7.7.11.2 Access
Administrator
7.7.11.3 Help
sanitize
-h, --help Display help page
--withoutconfirmation Do factory reset of the card without confirmation
<cr> Do factory reset of the card
7.7.11.4 Access rights per profiles
AdministratorOperatorViewer
sanitize
7.7.12 ssh-keygen
7.7.12.1 Description
Command usedfor generating the ssh keys.
7.7.12.2 Help
ssh-keygen
-h, --help Display help
<cr> Renew SSH keys
7.7.12.3 Specifics
7.7.12.4 Access rights per profiles
AdministratorOperatorViewer
ssh-keygen
7.7.13 time
7.7.13.1 Description
Command used to displayor changetime and date.
7.7.13.2 Help
For Viewer and Operator profiles:
CLI
Information – 216
time -h
Usage: time [OPTION]...
Display time and date.
-h, --help display help page
-p, --print display date and time in YYYYMMDDhhmmss format
For Administrator profile:
time -h
Usage: time [OPTION]...
Display time and date, change time and date.
-h, --help display help page
-p, --print display date and time in YYYYMMDDhhmmss format
-s, --set <mode>
Mode values:
- set date and time (format YYYYMMDDhhmmss)
manual <date and time>
- set preferred and alternate NTP servers
ntpmanual <preferred server> <alternate server>
- automatically set date and time
ntpauto
Examples of usage:
-> Set date 2017-11-08 and time 22:00
time --set manual 201711082200
-> Set preferred and alternate NTP servers
time --set ntpmanual fr.pool.ntp.org de.pool.ntp.org
7.7.13.3 Examples of usage
-> Set date 2017-11-08 and time 22:00
time --set manual 201711082200
-> Set preferred and alternate NTP servers
time --set ntpmanual fr.pool.ntp.org de.pool.ntp.org
7.7.13.4 Specifics
7.7.13.5 Access rights per profiles
AdministratorOperatorViewer
time
(read-only) (read-only)
7.7.14 traceroute and traceroute6
7.7.14.1 Description
Traceroute and traceroute6 utilities are for checking the configuration of the network.
CLI
Information – 217
•
•
•
7.7.14.2 Help
traceroute
-h Specify maximum number of hops
<Hostname or IP> Remote system to trace
traceroute6
-h Specify maximum number of hops
<IPv6 address> IPv6 address
7.7.14.3 Specifics
7.7.14.4 Access rights per profiles
AdministratorOperatorViewer
traceroute
traceroute6
7.7.15 whoami
7.7.15.1 Description
whoami displays current user information:
Username
Profile
Realm
7.7.15.2 Specifics
7.7.15.3 Access rights per profiles
AdministratorOperatorViewer
whoami
7.7.16 email-test
7.7.16.1 Description
mail-test sends test email to troubleshoot SMTP issues.
CLI
Information – 218
1.
a.
b.
2.
a.
b.
c.
d.
3.
a.
i.
ii.
iii.
7.7.16.2 Help
Usage: email-test <command> ...
Test SMTP configuration.
Commands:
email-test -h, --help, Display help page
email-test -r, --recipient <recipient_address>
Send test email to the
<recipient_address> Email address of the recipient
7.7.16.3 Specifics
7.7.16.4 Access rights per profiles
AdministratorOperatorViewer
email-test
7.7.17 systeminfo_statistics
7.7.17.1 Description
Displays the following system information usage:
CPU
usage : %
upSince: date since the system started
Ram
total: MB
free: MB
used: MB
tmpfs: temporary files usage (MB)
Flash
user data
total: MB
free: MB
used: MB
7.7.17.2 Help
systeminfo_statistics
Display systeminfo statistics
-h, --help Display the help page.
CLI
Information – 219
•
•
7.7.17.3 Specifics
7.7.17.4 Access rights per profiles
AdministratorOperatorViewer
systeminfo_statistics
7.7.18 certificates
7.7.18.1 Description
Allows to manage certificates through the CLI.
7.7.18.2 Help
certificates <target> <action> <service_name>
<target> :
- local
<action> :
- print: provides a given certificate detailed information.
- revoke: revokes a given certificate.
- export: returns a given certificate contents.
- import: upload a given certificate for the server CSR. This will replace the CSR
with the certificate given.
- csr: get the server CSR contents. This will create the CSR if not already existing.
<service_name>: mqtt/syslog/webserver
7.7.18.3 Examples of usage
7.7.18.3.1 From a linux host:
printover SSH:sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS certificates local print $SERVICE_NAME
revoke over SSH:sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS certificates localrevoke $SERVICE_NAME
exportover SSH:sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS certificates localexport $SERVICE_NAME
importover SSH:cat$FILE | sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS certificates localimport $SERVICE_NAME
csr over SSH:sshpass -p $PASSWORD ssh $USER@$CARD_ADDRESS certificates localcsr mqtt
7.7.18.3.2 From a Windows host:(plink tools from putty is required)
print over SSH:plink $USER@$CARD_ADDRESS -pw$PASSWORD -batch certificates local print $SERVICE_NAME
revoke over SSH:plink $USER@$CARD_ADDRESS -pw $PASSWORD -batch certificates localrevoke $SERVICE_NAME
export over SSH:plink $USER@$CARD_ADDRESS -pw$PASSWORD -batch certificates localexport $SERVICE_NAME
import over SSH:type $FILE | plink $USER@$CARD_ADDRESS -pw $PASSWORD -batch certificates localimport
$SERVICE_NAME
csrover SSH:plink $USER@$CARD_ADDRESS -pw $PASSWORD -batch certificates localcsr mqtt
7.7.18.3.3 Where:
$USER is user name (the user shall have administrator profile)
$PASSWORD is the user password
Legal information
Information – 220
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
$PASSPHRASE is any passphrase to encrypt/decrypt sensible data.
$CARD_ADDRESS is IP or hostname of the card
$FILE is a certificate file
$SERVICE_NAME is the name one of the following services : mqtt/ syslog / webserver.
7.7.18.4 Specifics
7.7.18.5 Access rights per profiles
AdministratorOperatorViewer
certificates
7.8 Legal information
This Network Module includes software components that are either licensed under various open source license, or under a
proprietary license.
For more information, see to the legal Information link from the main user interface in the footer.
7.8.1 Availability of Source Code
The source code of open source components that are made available by their licensors may be obtained upon written express
request by contacting
[email protected].Eatonreserves the right to charge minimal administrative costs, in
compliance with the terms of the underlying open source licenses, when the situation requires.
7.8.2 Notice for Open Source Elements
This product includes software released under BSD or Apache v2 licenses, and developed by various projects, peoples and entities,
such as, but not limited to:
* the Regents of the University of California, Berkeley and its contributors,
* the OpenEvidence Project,
* Oracle and/or its affiliates,
* Mike Bostock,
* JS Foundation and other contributors,
* 2011-2014 Novus Partners, Inc.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (
www.openssl.org/).
This product includes cryptographic software written by Eric Young ([email protected]).
This product includes software released under MIT license, and developed by various projects, peoples and entities, such as, but
not limited to:
* Google, Inc.,
* the AngularUI Team
* Lucas Galfasó
* nerv
* Angular
* Konstantin Skipor
* Filippo Oretti, Dario Andrei
* The angular-translate team and Pascal Precht,
* Twitter, Inc.
* Zeno Rocha
* Kristopher Michael Kowal and contributors
* JS Foundation and other contributors
* Jonathan Hieb
* Mike Grabski
* Sachin N.
Legal information
Information – 221
•
•
•
This product includes contents released under Creative Commons Attribution 4.0, Creative Commons Attribution-ShareAlike 3.0
Unported and SIL Open Font License licenses, and created by:
* IcoMoon
* Dave Gandy
* Stephen Hutchings and the Typicons team.
In order to access the complete and up to date copyright information, licenses, and legal disclaimers, see the Legal Information
pages, available from the HTML user interface of the present product.
7.8.3 Notice for our proprietary (i.e. non-Open source) elements
Copyright © 2020 Eaton. This firmware is confidential and licensed under Eaton Proprietary License (EPL or EULA).
This firmware is not authorized to be used, duplicated, or disclosed to anyone without the prior written permission of Eaton.
Limitations, restrictions and exclusions of the Eaton applicable standard terms and conditions, such as its EPL and EULA, apply.
Acronyms and abbreviations
Information – 222
7.9 Acronyms and abbreviations
AC:Alternating current.
ATS: Automatic transfer switch is an electricalswitchthat switches a load between two sources.
AVR:Automatic Voltage Regulation provides stable voltage to keep equipment running in the optimal range.
BMS: A Battery Management System is any electronic system that manages li-ion battery.
bps: bit per second
BOM:In Syslog,placing an encoded Byte Order Markat the start of a text stream can indicates that the text is Unicode and identify
the encoding scheme used.
CA: Certificate Authority
CLI: Command Line Interface.
Aim is to interact with the Network Module by using commandsin the form of successive lines of text (command lines).
CSR: Certificate Signing Request
DC:Direct current.
DN:Distinguished Name (LDAP).
DHCPv6: The Dynamic Host Configuration Protocol version 6 is a network protocol for configuring Internet Protocol version 6 (IPv6)
hosts with IP addresses, IP prefixes and other configuration data required to operate in an IPv6 network.
It is the IPv6 equivalent of the Dynamic Host Configuration Protocol for IPv4.
DNS: The Domain Name System is a hierarchical decentralized naming system for computers, services, or other resources
connected to the Internet or a private network.
DST: The daylight saving time.
EMP: Environmental monitoring probe
GID: Group Identifier is a numeric value used to represent a specific group (LDAP).
HTTPS:HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport
Layer Security (TLS).
IPP:Intelligent Power Protector is a web-based application that enables administrators to manage an Devices from a browser-based
management console. Administrators can monitor, manage, and control a single Device (UPS, ATS, ePDU) locally and remotely. A
familiar browser interface provides secure access to the Device Administrator Software and Device Client Software from anywhere
on the network. Administrators may configure power failure settings and define UPS load segments for maximum uptime of critical
servers.The UPS can also be configured to extend runtimes for critical devices during utility power failures. For most UPSs, the
receptacles on the rear panel are divided into one or more groups, called load segments, which can be controlled independently. By
shutting down a load segment that is connected to less critical equipment, the runtime for more critical equipment is extended,
providing additional protection.
IPv4:Internet Protocol version 4 is the fourth version of the Internet Protocol (IP).
IPv6:Internet Protocol version 6 is the most recent version of the Internet Protocol (IP).
JSON:JavaScript Object Notation is an open-standard file format that uses human-readable text to transmit data objects consisting
of attribute–value pairs and array data types.
kVA:kilovolt-ampere.
LAN:A LAN is a local area network, a computer network covering a small local area, such as a home or office.
LDAP:The Lightweight Directory Access Protocol is an industry standard application protocol for accessing and maintaining
distributed directory information services over an Internet Protocol.
Acronyms and abbreviations
Information – 223
MAC:A media access control address of a computer is a unique identifier assigned to network interfaces for communications at
the data link layer of a network segment.
MIB:A management information base is a database used for managing the entities in a communication network. Most often
associated with the Simple Network Management Protocol (SNMP).
NTP:Network Time Protocol is a networking protocol for clock synchronization between computer systems.
PDU/ePDU: A power distribution unit (PDU) is a device fitted with multiple outputs designed to distribute electric power, especially
to racks of computers and networking equipment located within a data center.
P/N:Part number.
RTC:Real time clock.S/N:Serial number.
SMTP:Simple Mail Transfer Protocol is an Internet standard for electronic mail (email) transmission.
SNMP:Simple Network Management Protocol is an Internet-standard protocol for collecting and organizing information about
managed devices on IP networks and for modifying that information to change device behavior.
SSH:Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network.
SSL:Secure Sockets Layer, is a cryptographic protocol used for network traffic.TLS:Transport Layer Security is cryptographic
protocol that provide communications security over a computer network.
TFTP:Trivial File Transfer Protocol is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto
a remote host.
UID:User identifier (LDAP).
UTC:Coordinated Universal Time is the primary time standard by which the world regulates clocks and time.
UPS:An uninterruptible power supply is an electrical apparatus that provides emergency power to a load when the input power
source or mains power fails.
A UPS is typically used to protect hardware such as computers, data centers, telecommunication equipment or other electrical
equipment where an unexpected power disruption could cause injuries, fatalities, serious business disruption or data loss.
Action not allowed in Control/Schedule/Power outage policy
Troubleshooting – 225
8 Troubleshooting
8.1 Action not allowed in Control/Schedule/Power outage policy
8.1.1 Symptom
Below message is displayed when you access the Control, Schedule or Power outage policy page.
This action is not allowed by the UPS.
To enable it, please refer to the user manual of the UPS and its instructions on how to configure the UPS settings and allow remote
commands.
8.1.2 Possible Cause
1- Remote commands are not allowed due to the UPS configuration (see the action below)
2- The UPS does not support remote commands.
8.1.3 Action
Refer to the UPS user manual and its instruction on how to configure the UPS settings and allow remote commands.
Example: UPS menu Settings>>>ON/OFF settings>>>Remote command>>>Enable.
8.2 Card wrong timestamp leads to "Full acquisition has failed"
error message on Software
8.2.1 Symptoms:
IPP/IPMshows the error message"The full data acquisition has failed" even if the credentials are correct.
8.2.2 Possible cause:
The Network module timestamp is not correct.
Probably the MQTT certificate is not valid at Network module date.
8.2.3 Action:
Set the right date, time and timezone. If possible, use a NTP server, refer to
Contextual help>>>Settings>>>General>>>System
details>>>Time & date settings section.
8.3 Client server is not restarting
8.3.1 Symptom
Utility power has been restored, the UPS and its load segments are powered on, but the Client server does not restart.
8.3.2 Possible Cause
The “Automatic Power ON” server setup setting might be disabled.
EMP detection fails at discovery stage
Troubleshooting – 226
8.3.3 Action
In the server system BIOS, change the setting for Automatic Power ON to "Enabled".
8.4 EMP detection fails at discovery stage
In the Network Module,in
Contextual help>>>Environment>>>Commissioning/Status, EMPs are missing in the Sensor
commissioning table.
8.4.1 Symptom #1
The EMPs green RJ45 LED (FROM DEVICE) is not ON.
8.4.1.1 Possible causes
The EMPs are not powered by the Network module.
8.4.1.2 Action #1-1
Launch again the discovery, if it is still not ok, go to Action #1-2.
8.4.1.3 Action #1-2
1- Check the EMPs connection and cables.
Refer to the sectionsServicing the EMP>>>Installing the EMP>>>Cabling the first EMP to the deviceandServicing the
EMP>>>Installing the EMP>>>Daisy chaining 3 EMPs.
2- Disconnect and reconnect the USB to RS485 cable.
3- Launch the discovery, if it is still not ok, go to Action #1-3.
8.4.1.4 Action #1-3
1- Reboot the Network module.
2- Launch the discovery.
8.4.2 Symptom #2
The EMPs orange RJ45 LEDs are not blinking.
8.4.2.1 Possible causes
C#1: the EMP address switches are all set to 0.
C#2: the EMPs are daisy chained, the Modbus address is the same on the missing EMPs.
8.4.2.2 Action #2-1
1- Change the address of the EMPs to have different address and avoid all switches to 0.
Refer to the sectionServicing the EMP>>>Defining EMPs address and termination>>>Manual addressing.
2- Disconnect and reconnect the USB to RS485 cable. The address change is only taken into account after an EMP power-up.
3- Launch the discovery,if it is still not ok, go to Action #2-2.
8.4.2.3 Action #2-2
1- Reboot the Network module.
How do I log in if I forgot my password?
Troubleshooting – 227
•
•
•
•
•
•
•
•
•
•
•
Refer to the sectionContextual help>>>Maintenance>>>Services>>>Reboot.
2- Launch the discovery.
8.5 How do I log in if I forgot my password?
8.5.1 Action
Askyour administrator for password initialization.
If you are the mainadministrator, yourpasswordcan be reset manually by following steps described in the
Servicing the
Network Management Module>>>Recovering main administrator password.
8.6 Software is not able to communicate with the Network
module
8.6.1 Symptoms
In the Network Module,in
Contextual help>>>Protection>>>Agent list>>>Agent list table, agent is showing "Lost" as a
status.
In the Network Module,inContextual help>>>Settings>>>Certificate>>>Trusted remote certificates, the status of
theProtected applications (MQTT) is showing"Not valid yet".
IPP/IPMshows "The authentication has failed", "The notifications reception encountered error".
8.6.2 Possible cause
TheIPP/IPMcertificate is not yet valid for the Network Module.
Certificates ofIPP/IPMand the Network Module are not matching so that authentication and encryption of connections between
the Network Module and the shutdown agents is not working.
8.6.3 Setup
IPP/IPMis started.
Network module is connected to the UPS and to the network.
8.6.4 Action #1
Check if theIPP/IPMcertificate validity for the Network Module.
STEP 1:Connect to the Network Module
On a network computer, launch a supported web browser. The browser window appears.
In the Address/Location field, enter:https://xxx.xxx.xxx.xxx/where xxx.xxx.xxx.xxx is the static IP address of the Network
Module.
The log in screen appears.
Enter the user name in the User Name field.
Enter the password in the Password field.
Click
Login. The Network Module web interface appears.
STEP 2:Navigate toSettings/Certificatespage
STEP 3:In theTrusted remote certificatessection, check the status of theProtected applications (MQTT).
If it is "Valid"go to Action#2 STEP 2, if it is "Not yet valid", time of the need to be synchronized withIPP/IPM.
STEP 4:Synchronize the time of the Network Module withIPP/IPMand check that the status of theProtected applications
(MQTT)is now valid.
LDAP configuration/commissioning is not working
Troubleshooting – 228
•
•
•
•
•
•
Communication will then recover, if notgo to Action#2 STEP 2.
8.6.5 Action #2
Pair agent to the Network Module with automatic acceptance (recommended in case the installation is done in a secure and trusted
network).
STEP 1:Connect to the Network Module.
On a network computer, launch a supported web browser. The browser window appears.
In the Address/Location field, enter:https://xxx.xxx.xxx.xxx/where xxx.xxx.xxx.xxx is the static IP address of the Network
Module.
The log in screen appears.
Enter the user name in the User Name field.
Enter the password in the Password field.
ClickLogin. The Network Module web interface appears.
STEP 2:Navigate toProtection/Agents listpage.
STEP 3:In thePairing with shutdown agentssection, select the time to accept new agents and press theStartbutton
andContinue. During the selected timeframe, new agent connections to the Network Module are automatically trusted and
accepted.
STEP 4:Action on the agent(IPP/IPM)while the time to accepts new agents is running on the Network Module
Remove theNetwork module certificate file(s) *.0that is (are) located in the folderEaton\IntelligentPowerProtector\configs\tls.
8.7 LDAP configuration/commissioning is not working
Refer to the section
Servicing the Network Management Module>>>Commissioning/Testing LDAP.
8.8 Password change in My profile is not working
8.8.1 Symptoms
The password change shows "
Invalid credentials
" when I try to change my password in My profile menu:
8.8.2 Possible cause
The password has already been changed once within a day period.
8.8.3 Action
Let one day between your last password change and retry.
8.9 SNMPv3 password management issue with Save and Restore
8.9.1 Affected FW versions
This issue affects SNMP
configurationdone on versions prior to 1.7.0 when applied to versions 1.7.0 or above.
For manual pairing (maximum security), go toServicing the Network Management Module
>>>Pairing agent to the
Network Module
section and then go to STEP 2, item 1.
The alarm list has been cleared after an upgrade
Troubleshooting – 229
8.9.2 Symptom
SNMPv3 connectivity is not properly working after a restore settings on a 1.7.0 version or above.
8.9.3 Cause
The SNMPv3 was
configuredprior to 1.7.0.
In that case, SNMPv3 configuration is not well managed by the Save and by the Restore settings.
8.9.4 Action
Reconfigureyour SNMPv3 users and passwords on versions 1.7.0 or above and Save the settings.
The SNMPv3 configuration can then be Restored.
8.10 The alarm list has been cleared after an upgrade
8.10.1 Symptom
After a FW upgrade, the alarm list has been cleared and is now empty.
8.10.2 Action
The alarm list has been saved on a csv file and can be retrieved using Rest API calls.
8.10.2.1 Authenticate:
curl --location --request POST 'https://{{domain}}/rest/mbdetnrs/1.0/oauth2/token' \
--header 'Content-Type: application/json' \
--data-raw '{ "username":"admin", "password":"supersecretpassword", "grant_type":"password",
"scope":"GUIAccess" }'
8.10.2.2 Get Alarm Log Backup:
curl --location --request GET 'https://{{domain}}/rest/mbdetnrs/1.0/alarmService/actions/
downloadBackup' \
--header 'Authorization: Bearer {{access_token}}'
8.11 The Network Module fails to boot after upgrading the
firmware
8.11.1 Possible Cause
The IP address has changed.
Note:If theapplication is corrupt, due to an interruptionwhile flashing the firmware for example, the boot will be done on previous
firmware.
Web user interface is not up to date after a FW upgrade
Troubleshooting – 230
•
•
8.11.2 Action
Recover the IP address and connect to the card.
Refer to
Installing the Network Management Module>>>Accessing the Network Module>>>Finding and setting the IP address
section.
8.12 Web user interface is not up to date after a FW upgrade
8.12.1 Symptom
After an upgrade:
The Web interface is not up to date
New features of the new FW are not displayed
8.12.1.1 Possible causes
The browser is displaying the Web interface through the cache that contains previous FW data.
8.12.1.2 Action
Empty the cache of your browser using F5 or CTRL+F5.
