Operation/Reference Guide NetLinx Controllers X100-Series Integrated Controllers NI-2100, NI-3100, and NI-4100 (Firmware build 330 or higher) NetLinx Controllers Document ID: 060-004-2949 Initial Release: 06/01/2006
AMX Limited Warranty and Disclaimer AMX warrants its products to be free of defects in material and workmanship under normal use for three (3) years from the date of purchase from AMX, with the following exceptions: • Electroluminescent and LCD Control Panels are warranted for three (3) years, except for the display and touch overlay components that are warranted for a period of one (1) year.
Table of Contents Table of Contents Introduction ...............................................................................................................1 NI-2100 Specifications ...................................................................................................... 2 NI-3100 Specifications ...................................................................................................... 6 NI-4100 Specifications ......................................................................
Table of Contents DB9 Device Port: Connections and Wiring ..................................................................... 35 ICSNet Port: Connections and Wiring............................................................................. 36 ICSHub OUT Port: Connections and Wiring ................................................................... 37 Relay Port: Connections and Wiring ............................................................................... 37 Relay connections..................
Table of Contents Security Features ............................................................................................................ 70 Security - System Level Security page .................................................................................. 71 Setting the system security options for a NetLinx Master ...................................................... 74 ICSP Authentication ........................................................................................................
Table of Contents System Settings - Manage License............................................................................... 110 Adding a new license ........................................................................................................... 111 Removing a license.............................................................................................................. 111 System Settings - Manage NetLinx Devices .................................................................
Table of Contents Main Security Menu....................................................................................................... 150 Default Security Configuration....................................................................................... 151 Help menu............................................................................................................................ 152 Logging Into a Session....................................................................................
Table of Contents vi NetLinx Integrated Controllers
Introduction Introduction NetLinx Integrated Master Controllers (X000 and X100-Series) can both be programmed to control RS-232/422/485, Relay, IR/Serial, and Input/Output devices through the use of both the NetLinx programming language and the NetLinx Studio application (version 2.x or higher). Another key feature of this products is the ability to easily access the configuration switches without having to remove a cover plate.
Introduction Pages section on page 116 for more detailed information on the use of Dynamic Device Discovery (DDD). These NI Controllers use a combination lithium battery and clock crystal package called a Timekeeper. Only one Timekeeper unit is installed within a given NI controller. The battery can be expected to have up to 3 years of usable life under very adverse conditions. Actual life is appreciably longer under normal operating conditions.
Introduction NI-2100 Specifications Dimensions (HWD): • 3.47" x 17.00" x 3.47" (8.81 cm x 43.18 cm x 8.82 cm) • 2 RU (rack unit) high Power Requirement: • 700 mA @ 12 VDC Memory: • 64 MB SDRAM • 1 MB Non-volatile (NV) SRAM Compact Flash: • 128 MB Card (upgradeable) (refer to the Other AMX Equipment section for more information) Weight: • 4.50 lbs (2.
Introduction NI-2100 Specifications (Cont.) Rear Panel Connectors: RS-232/422/485 (Ports 1 - 3) • Three RS-232/422/485 control ports using DB9 (male) connectors with XON/XOFF (transmit On/transmit Off), CTS/RTS (clear to send/ready to send), and 300-115,200 baud.
Introduction NI-2100 Specifications (Cont.) Rear Panel Connectors (Cont.): Program port • RS-232 DB9 connector (male) can be connected to a DB9 port on a computer; used with serial commands, NetLinx programming commands, other DB9 capable devices, and to upload/download information from the NetLinx Studio 2.4 program. Configuration DIP switch • Sets the communication parameters for the Program port. ID pushbutton • Provides the NetLinx ID (Device only) assignment for the device.
Introduction NI-3100 Specifications The NI-3100 (FIG. 3) provides support for 7 RS-232/RS-422/RS-485 Ports, 8 IR/Serial Output ports, 8 Digital Input/Output ports, and 8 Relays. The NI-3100 can be upgraded to provide 1 ICSHub and 2 ICSNet ports by either installing the optional ICSNet daughter card (FG2105-10) or purchasing this upgrade as an included feature of the NI-3100 Kit (FG2105-15). FIG.
Introduction NI-3100 Specifications (Cont.) Dimensions (HWD): • 3.47" x 17.00" x 3.47" (8.81 cm x 43.18 cm x 8.82 cm) • 2 RU (rack unit) high Power Requirement: • 900 mA @ 12 VDC Memory: • 64 MB SDRAM • 1 MB Non-volatile (NV) SRAM Compact Flash: • 128 MB Card (upgradeable) (refer to the Other AMX Equipment section for more information) Weight: • 4.55 lbs (2.
Introduction NI-3100 Specifications (Cont.) Rear Panel Connectors: RS-232/422/485 (Ports 1 - 7) • Seven RS-232/422/485 control ports using DB9 (male) connectors with XON/XOFF (transmit on/transmit off), CTS/RTS (clear to send/ready to send), and 300-115,200 baud.
Introduction NI-3100 Specifications (Cont.) Rear Panel Connectors (Cont.): IR/Serial (Ports 9 - 16) • Eight IR/Serial control ports support high-frequency carriers up to 1.142 MHz • Each output is capable of three electrical formats: IR, Serial, and Data • Eight IR/Serial data signals can be generated simultaneously.
Introduction NI-3100 Specifications (Cont.) Included Accessories: • 2-pin 3.5 mm mini-Phoenix (female) PWR connector (41-5025) • 4-pin 3.5 mm mini-Phoenix (female) AXlink connector (41-5047) • 10-pin 3.5 mm mini-Phoenix (female) I/O connector (41-5107) • Installation Kit (KA2105-01): 8-pin Relay Common Strip Four rack mount screws Four washers • NI-3100 Quick Start Guide • Two 8-pin 3.
Introduction RS-232/422/485 TX/RX LEDs (red/yellow) Relay LEDs (red) Link/Active-Status-Output-Input IR/Serial LEDs (red) LINK/ACT INPUT OUTPUT STATUS 1 2 3 4 5 6 7 1 2 TX RX TX RX TX RX TX RX TX RX TX RX TX RX RS - 232 / 422 / 485 3 4 5 6 7 8 1 2 RELAYS 3 4 5 6 7 8 1 2 IR / SERIAL 3 4 5 6 7 8 I/O I/O LEDs (yellow) Front NetLinx Card slots (1 - 4) ICSNet (2) RS-232/422/485 (Ports 1-7) ICSHub Out AXlink LED (green) AXlink port Rear Relays (Port 8) IR/Serial I
Introduction NI-4100 Specifications (Cont.) Front Panel Components: LINK/ACT • Green LED blinks when the Ethernet cable is connected and an active link is established. This LED also blinks when receiving Ethernet data packets. Status • Green LED blinks to indicate that the system is programmed and communicating properly. Output • Red LED blinks when the Controller transmits data, sets channels On/Off, sends data strings, etc.
Introduction NI-4100 Specifications (Cont.) Rear Panel Connectors: RS-232/422/485 (Ports 1 - 7) • Seven RS-232/422/485 control ports using DB9 (male) connectors with XON/XOFF (transmit on/transmit off), CTS/RTS (clear to send/ready to send), and 300-115,200 baud.
Introduction NI-4100 Specifications (Cont.) Rear Panel Connectors (Cont.): IR/Serial (Ports 9 - 16) • Eight IR/Serial control ports support high-frequency carriers of up to 1.142 MHz. • Each output is capable of three electrical formats: IR, Serial, and Data • Eight IR/Serial data signals can be generated simultaneously.
Introduction NI-4100 Specifications (Cont.) Included Accessories: • 2-pin 3.5 mm mini-Phoenix (female) PWR connector (41-5025) • 4-pin 3.5 mm mini-Phoenix (female) AXlink connector (41-5047) • 10-pin 3.5 mm mini-Phoenix (female) I/O connector (41-5107) • Installation Kit (KA2105-01): 8-pin Relay Common Strip Four rack mount screws Four washers • NI-4100 Quick Start Guide • Two 8-pin 3.
Introduction 16 NetLinx Integrated Controllers
Installation and Upgrading Installation and Upgrading Installing NetLinx Control Cards (NI-4100 Only) NetLinx Cards can be installed into the front card slots. The cards mount horizontally through the card slot openings on the front of the enclosure. To install a NetLinx Card: 1. Discharge the static electricity from your body, by touching a grounded object. 2. Remove the three screws by turning them in a counter-clockwise direction and then remove the faceplate (FIG. 7).
Installation and Upgrading If the cards do not appear in the Workspace window for the selected Master System number: give the system time to detect the inserted cards (and refresh the system) and/or cycle power to the NI-4100 unit. Setting the NetLinx Control Card Addresses (NI-4100 Only) The 8-position CardFrame Number DIP switch, located on the rear of the Integrated Controller, sets the starting address (the device number in the D:P:S specification) for the Control Cards installed in the CardFrame.
Installation and Upgrading Here's the syntax: NUMBER:PORT:SYSTEM where: NUMBER: 16-bit integer represents the device number PORT: 16-bit integer represents the port number (in the range 1 through the number of ports on the Controller or device) SYSTEM: 16-bit integer represents the system number (0 = this system) Removing NetLinx Control Cards (NI-4100 Only) To install NetLinx Control Card: 1.
Installation and Upgrading The NI-3100 (FG2105-05) can also be upgraded to provide 1 ICSHub and 2 ICSNet ports through either a field installation of the optional ICSNet Daughter Card or by purchasing this upgrade as a pre-installed component within the NI-3100 Kit (FG2105-15). For the purposes of the installation procedures, the NI-2100 and NI-3100 upgrade procedures are identical. B C A ICSNet cover plate ICSNet card install location FIG.
Installation and Upgrading You can choose to also remove the factory-installed mounting brackets by using a grounded screwdriver to remove the two sets of screws securing these brackets (B in FIG. 10). 3. Carefully pull-up and remove the housing from the Controller to expose the internal circuit board (B and C in FIG. 10). 4.
Installation and Upgrading Push out Removable ICSNet cover plate FIG. 13 ICSNet cover plate location 6. On the main board, locate both the ICSNet card’s counterpart connector and standoff installation holes. These standoffs are located just under the main board cutout used for the card’s RJ-45 connectors (FIG. 14). Standoff installation openings (3) Main board connector for the card FIG. 14 Main board ICSNet card connection locations 7.
Installation and Upgrading ICSNet card connector These contain pre-installed plastic standoffs used to secure the card to the main board FIG. 15 ICSNet Daughter Card components 8. Carefully secure the card to the main board by pressing the top of each standoff (on the card) toward the main board until each standoff snaps into place. 9. Verify the ICSNet card connector was properly inserted into its main board counterpart by applying gentle force to the base of the card (FIG. 16).
Installation and Upgrading Compact Flash Upgrades The NetLinx Integrated Controllers are shipped with a default 128 MB Compact Flash module. It is recommended that ANY MEMORY UPGRADE should be done prior to any installation. Refer to the following accessing and installation sections for more information. The Compact Flash card is factory programmed with specific Controller firmware.
Installation and Upgrading Chassis housing screws (top) - 6 on top - sides vary per model Mounting Brackets Compact Flash Compact Flash insert location Chassis housing screws (side) - 4 on each side of the NI-4100 - 3 on each side of the NI-3100/2100 NXC Card Slot faceplate NXC Card Slots FIG. 17 Location of the Compact Flash within a sample Integrated Controller 6.
Installation and Upgrading 7. To complete the upgrade process, close and re-secure the Integrated Controller enclosure by using the procedures outlined in the following section. Any new internal card upgrade is detected by the Controller only after power is cycled. Closing and Securing the Integrated Controller Once the card has been replaced, close and re-secure the outer housing: 1.
Installation and Upgrading Install screws Bracket Rack Mounting Holes FIG. 19 Mounting Integrated Controller into an equipment rack To prevent repetition of the installation, test the incoming wiring by connecting the Controller’s connectors to their terminal locations and applying power. Verify that the unit is receiving power and functioning properly. Disconnect the terminal end of the power cable from the connected 12 VDC-compliant power supply. 5.
Installation and Upgrading 28 NetLinx Integrated Controllers
Connections and Wiring Connections and Wiring Setting the Configuration DIP Switch (for the Program Port) Prior to installing the Controller, use the Configuration DIP switch to set the baud rate used by the Program port for communication. The Configuration DIP switch is located on the rear of the NI Integrated Controllers.
Connections and Wiring Think of the PRD Mode (On) equating to a PC’s SAFE Mode setting. This mode allows a user to continue powering a unit, update the firmware, and download a new program while circumventing any problems with a currently downloaded program. Power must be cycled to the unit after activating/deactivating this mode on the Program Port DIP switch #1. Working with the Configuration DIP switch 1.
Connections and Wiring Modes and Front Panel LED Blink Patterns The following table lists the modes and blink patterns for the front panel LEDs associated with each mode. These patterns are not evident until after the unit is powered. Modes and LED Blink Patterns LEDs and Blink Patterns STATUS (green) OUTPUT (red) INPUT (yellow) On Mode Description OS Start Starting the operating system (OS). On On Boot On-board Master is booting.
Connections and Wiring AXlink Port and LED All NI units have an AXlink port and adjacent status LED (FIG. 20). This port allows the NI to support AMX Legacy AXlink devices such as G3 touch panels (ex: CP4/A) and PosiTrack Pilot devices. A green LED shows AXlink data activity. When the AXlink port is operating normally, blink patterns include: Off - No power, or the controller is not functioning properly 1 blink per second - Normal operation. 3 blinks per second - AXlink bus error.
Connections and Wiring Wiring Guidelines - NI-3100 & NI-4100@ 900 mA Wire size Maximum wiring length 18 AWG 120.41 feet (39.70 meters) 20 AWG 76.45 feet (23.30 meters) 22 AWG 49.36 feet (15.04meters) 24 AWG 30.08 feet (9.17 meters) Wiring Guidelines - NI-2000 @ 700 mA Wire size Maximum wiring length 18 AWG 154.83 feet (47.19 meters) 20 AWG 98.30 feet (29.96 meters) 22 AWG 63.40 feet (19.32 meters) 24 AWG 38.68 feet (11.
Connections and Wiring PWR + Power Supply GND To the Integrated Controller FIG. 21 2-pin mini-Phoenix connector wiring diagram (direct power) Using the 4-pin mini-Phoenix connector for data and power Connect the 4-pin 3.5 mm mini-Phoenix (female) captive-wire connector to an external NetLinx device as shown in FIG. 22. To the Integrated Controller’s AXlink/PWR connector To the external AXlink device Top view PWR + AXM/RX GND - AXP/TX PWR + AXM/RX GND - AXP/TX Top view FIG.
Connections and Wiring When you connect an external power supply, do not connect the wire from the PWR terminal (coming from the external device) to the PWR terminal on the Phoenix connector attached to the Controller unit. Make sure to connect only the AXM, AXP, and GND wires to the Controller’s Phoenix connector when using an external power supply. Make sure to connect only the GND wire on the AXlink/PWR connector when using a separate 12 VDC power supply.
Connections and Wiring ICSNet Port: Connections and Wiring The NI Controller must be equipped with the available ICSNet connectors for this functionality to be active.
Connections and Wiring ICSHub OUT Port: Connections and Wiring The NI Controller must be equipped with the available ICSNet connectors for this functionality to be active. The following table describes the pinout/signal information for the ICSHub OUT port located on the rear panel of the Integrated Controller (as shown in FIG. 25).
Connections and Wiring Input/Output (I/O) Port: Connections and Wiring The I/O port responds to either switch closures, voltage level (high/low) changes, or it can be used for logic-level outputs. NI-4x00/NI-3x00 I/O connector configuration (Port 17) 4 3 2 1 GND +12V 8 7 6 5 4 3 2 1 I / O (Port 9) GND +12V I / O (Port 17) NI-2x00 I/O connector configuration (Port 9) FIG.
Connections and Wiring IR/Serial Port: Connections and Wiring You can connect up to eight IR- or Serial-controllable devices to the IR/Serial connectors on the rear of the NI-4x00 and NI-3x00 and up to four on the NI-2x00 (FIG. 28). These connectors accept an IR Emitter (CC-NIRC) that mounts onto the device's IR window, or a mini-plug (CC-NSER) that connects to the device's control jack. You can also connect a data 0 - 5 VDC device. These units come with two CC-NIRC IR Emitters (FG10-000-11).
Connections and Wiring Ethernet/RJ-45 Port: Connections and Wiring The following table lists the pinouts, signals, and pairing for the Ethernet connector.
Connections and Wiring Ethernet ports used by the Integrated Controllers Ethernet Ports Used by the NetLinx Integrated Controllers Port type Description Standard Port # FTP The on-board Master has a built-in FTP server. 21/20 (TCP) SSH 22 (TCP) The SSH port functions using the same interface as Telnet but over a secure shell where it uses SSL as a mechanism to configure and diagnose a NetLinx system. This port value is used for secure Telnet communication. Note: SSH version 2 is only supported.
Connections and Wiring 42 NetLinx Integrated Controllers
Configuration and Firmware Update Configuration and Firmware Update This section refers to steps necessary to both communicate and upgrade the various NI Controller components. Before commencing, verify you are using the latest firmware Kit file (this file contains both the NI Integrated Controller and on-board Master firmware. The NI-4000/3000/2000 Kit file begins with 2105_X000. The NI-4100/3100/2100 Kit file begins with 2105_04_X100.
Configuration and Firmware Update The default setting for most Masters is 38400 FIG. 32 Assigning Master Communication Serial Settings and Baud Rates 5. Click the Serial radio button (from the Transport Connection Option section) to indicate you are connecting to the on-board Master via a (Serial) COM port. 6. Click the Edit Settings button to open the Serial Settings dialog (FIG. 32). No authentication username or password information is required with a direct connection such as: USB or Serial. 7.
Configuration and Firmware Update System Address (default for initial system is 1) Check-Off to verify change FIG. 33 Device Addressing tab (changing the system value) This tab represents the only way to change the System Number associated to the active on-board NI Master. The Master must have it’s power cycled to incorporate the new System number (often a simple reboot via Studio will not be enough to incorporate this new number). 2.
Configuration and Firmware Update The system value on a Modero touch panel can NOT be changed from the Device Addressing dialog and MUST be altered through the panel Protected Setup page. Using multiple NetLinx Masters When using more than one Master, each unit must be assigned to a separate System value. A Master’s System value can be changed but it’s device Address must always be set to zero (00000). The Device Addressing dialog will not allow you to alter the NetLinx Master address value.
Configuration and Firmware Update 6. Click Reboot (from the Tools > Reboot the Master Controller dialog) and wait for the System Master to reboot. The STATUS and OUTPUT LEDs should begin to alternately blink during the incorporation. Wait until the STATUS LED is the only LED to blink. 7. Press Done once until the Master Reboot Status field reads *Reboot of System Complete*. 8. Click the OnLine Tree tab in the Workspace window to view the devices on the System. The default System value is one (1). 9.
Configuration and Firmware Update This dialog represents the another way to change the Device value of the NI Controller. This ID mode section of the Device Addressing dialog can be used only by Masters with an ID button (which apply to all NI-Series Masters). 2. Locate the Device field (A in FIG. 35) and enter the new value for the NI Controller. This value must fall within a range of 0 - 32767. 3. Press the on-screen Start Identify Mode button.
Configuration and Firmware Update 6. Click the OnLine Tree tab in the Workspace window to view the devices on the System. The default System value is one (1). 7. Right-click the associated System number (or anywhere within the tab itself) and select Refresh System. This establishes a new connection to the specified System and populates the list with devices on that system. 8. Use Ctrl+S to save your existing NetLinx Project with the new changes.
Configuration and Firmware Update If the IP Address field is empty, give the Master a few minutes to negotiate a DHCP Address with the DHCP Server, and try again. The DHCP Server can take anywhere from a few seconds to a few minutes to provide the Master with an IP Address. 5. Verify that NetLinx appears in the Host Name field (if not, then enter it in at this time). 6. Click the Use DHCP radio button from the IP Address section (if not greyed-out). 7.
Configuration and Firmware Update 2. Verify that both the System number corresponds to the System value previously assigned within the Device Addressing tab and that zero (0) is entered into the Device field. The system value must correspond to the Device Address previously entered in the Device Addressing tab. Refer to the Setting the System Value section on page 44 for more detailed instructions on setting a system value. 3.
Configuration and Firmware Update FIG. 38 Assigning Master Communication Settings and TCP/IP Settings 5. Click on the NetLinx Master radio button (from the Platform Selection section) to indicate you are working with a NetLinx Master (such as the NXC-ME260/64 or NI-Series of Integrated Controllers). 6. Click on the TCP/IP radio button (from the Transport Connection Option section) to indicate you are connecting to the Master via an IP Address. 7.
Configuration and Firmware Update 15. Click OK to save your newly entered information and return to the previous Communication Settings dialog where you must click OK again to begin the communication process to your Master. If you are currently connected to the assigned Master, a popup asks whether you would want to temporarily stop communication to the Master and apply the new settings. 16. Click Yes to interrupt the current communication from the Master and apply the new settings. 17.
Configuration and Firmware Update 3. After the Communication Verification dialog window indicates active communication between the PC and the Master, verify the NetLinx Master (00000 NI Master) appears within the OnLine Tree tab of the Workspace window (FIG. 39). The default NI Master value is zero (00000) and cannot be changed. On-board NI Master Control cards (NI-4x00 ONLY) NetLinx Integrated Controller NetLinx Studio app.
Configuration and Firmware Update Only Master firmware Kit files use the word _Master in the Kit file name. 1. Follow the procedures outlined within the Communicating with the NI Device via an IP section on page 51 to connect to the target NI device via the web. 2. After Studio has established a connection to the target Master, click the OnLine Tree tab of the Workspace window to view the devices on the System. The default System value is one (1). 3.
Configuration and Firmware Update Selected on-board Master firmware file Description field for selected Kit file Firmware download status Device and System Number must match the Device and System values listed in the Workspace window FIG. 40 Send to NetLinx Device dialog (showing on-board NI_Master firmware update via IP) The Kit file for the NI-2000/3000/4000 Series of NI Masters begins with 2105_NI-X000_Master.
Configuration and Firmware Update 13. Click Reboot (from the Tools > Reboot the Master Controller dialog) and wait for the System Master to reboot. The STATUS and OUTPUT LEDs should begin to alternately blink during the incorporation. Wait until the STATUS LED is the only LED to blink. 14. Press Done once until the Master Reboot Status field reads *Reboot of System Complete*. 15. Repeat steps 5 - 9 again (the last component will now successfully be installed). 16.
Configuration and Firmware Update 5. If the NI Controller firmware being used is not current, download the latest Kit file by first logging in to www.amx.com and then navigating to Tech Center > Firmware Files, where you can locate the desired file from within the NI Series Device (Integrated Controller) section of the web page. 6.
Configuration and Firmware Update 11. Click Send to begin the transfer. The file transfer progress is indicated on the bottom-right of the dialog (FIG. 42). 12. Click Close once the download process is complete. The OUTPUT and INPUT LEDs alternately blink to indicate the unit is incorporating the new firmware. Allow the unit 20 - 30 seconds to reboot and fully restart. 13. Right-click the System number and select Refresh System.
Configuration and Firmware Update If the control card firmware is not up to date; download the latest firmware file from www.amx.com > Tech Center > Downloadable Files > Firmware Files > NXC-XXX. In this example, the NXC-VOL card contains out-of-date firmware and requires build 1.00.09. 5. If the NXC card firmware being used is not current, download the firmware file by first logging in to www.amx.
Configuration and Firmware Update 13. Click Close once the download process is complete. 14. Click Reboot (from the Tools > Reboot the Master Controller dialog) and wait for the System Master to reboot. The STATUS and OUTPUT LEDs should begin to alternately blink during the incorporation. Wait until the STATUS LED is the only LED to blink. 15. Press Done once until the Master Reboot Status field reads *Reboot of System Complete*. 16.
Configuration and Firmware Update 62 NI Connection and Firmware Updating
NetLinx Security within the Web Server NetLinx Security within the Web Server NetLinx Masters (installed with firmware build 300 or higher) incorporate new built-in security for: HTTPS and Terminal sessions (enhanced with SSL and SSH respectively), ICSP data verification/encryption, and Server Port configuration.
NetLinx Security within the Web Server To ensure this higher degree of security on the Master, an administrator can disable the HTTP Port access, enable HTTPS Port access (both from within the same Manage System > Server page), and then alter the level of encryption on the current SSL Certificate to meet their security needs. SSL (Secure Sockets Layer) is a protocol that works by encrypting data being transferred over an HTTPS connection.
NetLinx Security within the Web Server The maximum length of a username or password is 20 characters. The minimum length of a username or password is four characters. Characters such as # (pound) & (ampersand) and ’ " (single and double quotes) are invalid and should not be used in usernames, group names, or passwords.
NetLinx Security within the Web Server Navigation frame Active frame FIG. 45 Browser Application frames The first Active frame displayed within the Browser is the Manage WebControl Connections page. Default Security Configuration Security for web pages is separated into two access groups: HTTP and Configuration: HTTP Access allows an authorized user to view these web pages by first requiring the entry of a username and password at the beginning of every connection session with the target Master.
NetLinx Security within the Web Server Username field Password field Log In/Log Out button FIG. 46 Log In/Log Out fields Authentication is based upon matching the user’s data to pre-configured username and password information, and then assigning the rights assigned to that user. The maximum length of a username or password is 20 characters. The minimum length of a username or password is four characters.
NetLinx Security within the Web Server The NetLinx user account was created to be compatible with previous NetLinx Master firmware versions. This account is initially created by default and can later be deleted or modified. The administrator group account cannot be deleted or modified.
NetLinx Security within the Web Server Compatible devices field (showing G4 WebControl links) G4 panels Compression Options FIG. 47 Manage WebControl Connections page (populated with compatible panels) Clicking on a G4 WebControl link opens a separate browser window which is configured to display the current information from the panel using the native resolution of the target panel. An example is a CA15 panel link opening a new window using an 800 x 600 resolution.
NetLinx Security within the Web Server Security Features This section of the Navigation frame (FIG. 48) contains the NetLinx system security parameter links which allow an authorized user to define access rights at the system level and those for the various groups or users. Security features FIG.
NetLinx Security within the Web Server Security - System Level Security page To access this page, click the Security Level link from within the Security section of the Navigation frame. This page is strictly used to require a valid username and password be entered prior to gaining access to the listed features and options. If the Master Security option is not selected, the Master is completely open and can be modified by anyone accessing the target Master via the web server’s UI.
NetLinx Security within the Web Server System Level Security Page (Cont.) Feature Description Terminal (RS232) Access: This selection determines if a username and password is required for Terminal communication (through the RS232 Program port). • If Terminal Security is enabled, a user must have sufficient access rights to login to a Terminal session and communicate with the Master.
NetLinx Security within the Web Server System Level Security Page (Cont.) Feature Description ICSP Connectivity: This selection determines if a username and password is required prior to communication with a target NetLinx Master via an ICSP connection using any transport method (TCP/IP, UDP/IP, and RS-232) (see FIG. 50). • If this access is enabled and the user is not logged-in, when the user attempts to connect, the authentication fails and displays an “Access not allowed” message.
NetLinx Security within the Web Server Setting the system security options for a NetLinx Master This page simply toggles the requirement of a user to enter a valid username and password before gaining access to a particular feature. For every action, the Master validates whether a username and password are required and whether the user has sufficient rights. Refer to the Security - Group Level Security page section on page 76 for more information on the assignment of the Group/User rights.
NetLinx Security within the Web Server Enabling the Terminal, HTTP, and Telnet Access options require that a valid username and password be entered prior to gaining access to the desired action. If the HTTP Access option is enabled, upon the initial connection to the Master (via the web browser) the Login page appears and requires a valid username and password be entered before allowing access to the web server pages.
NetLinx Security within the Web Server Security - Group Level Security page To access this page, click the Group Level link (from within the Security section of the Navigation frame). This page (FIG. 52) allows an authorized user to both select and modify an existing group, delete an existing group, or add a new group. Unless you are logged in with administrator privileges, you will not be allowed to modify the default administrator profile.
NetLinx Security within the Web Server Configure Group Properties Page Feature Description Configure Group Properties: This page allows an authorized user to configure the options for either a pre-existing or new group. Configuration on this page consists of both the options and directories the group is granted access to. Update • This button submits the modified page (form) information back to the server.
NetLinx Security within the Web Server Adding a new Group 1. Click the Group Level link (from within the Security section of the Navigation frame) to open the Manage Groups page. 2. Click the New button to be transferred to the Configure Group Properties page (FIG. 52). 3. From within the Group Security Details section, enter a unique name for the new group. The name must be a valid character string consisting of 4 - 20 alpha-numeric characters.
NetLinx Security within the Web Server Deleting an existing Group 1. Click the Group Level link (from within the Security section of the Navigation frame) to open the Manage Groups page. 2. Press the Select button (next to the selected Group name) to open the Configure Group Properties page (FIG. 52) for the particular group. 3. Click the Delete button to remove the selected group and return to the Manage Groups page.
NetLinx Security within the Web Server Manage Users Page Feature Description Manage Users page: This page allows a user to either modify the rights for an existing user (available from the displayed list) or use the New button to access a secondary window where they can create a new user. New • Clicking this button allows an authorized user to add a new user and configure their settings through the Configure User Properties page.
NetLinx Security within the Web Server Configure Users Properties Page (Cont.) Feature Description User Security Details (Cont.): Admin Change Password Access • This selection enables or disables the user’s right to change the administrator’s user passwords. Note: Once the Administrator’s password has been changed, the default password can no longer be used to gain access. FTP Access • This selection enables or disables FTP Access for the target user.
NetLinx Security within the Web Server Any properties possessed by groups (ex: access rights, update rights, directory associations, etc.) are inherited by users assigned to that particular group. Unchecking a security option (which is available within the associated group) does not remove that right from the user. The only way to remove a group’s available security right from a target user is to either NOT associate a group to a user or to alter the security rights of the group being associated. 5.
NetLinx Security within the Web Server 3. From within the User Security Details section, modify any previously configured access rights by either placing or removing a checkmark from within any of the available checkboxes (FIG. 54). Group Rights are read-only and display the previously configured rights assigned to the associated group FIG. 54 User Level Security - Modifying a User’s Security rights 4.
NetLinx Security within the Web Server The NetLinx account can be deleted from Manage User page.The administrator account can not be deleted nor can it have it’s directory associations modified. System Settings This section of the Navigation frame (FIG. 55) provides the ability to both manage existing and pending license keys, manage the active NetLinx system communication parameters, and configure/modify the SSL certificates on the target Master. System and Licensing management features FIG.
NetLinx Security within the Web Server Manage System Page Components Feature Description Online Tree menu: The Online Tree menu contains button options relating to the entries within the Online Tree. • Expand - Expands the selected level to expose any subfolders. • Refresh - Refreshes the contents of the Online Tree frame. • Collapse - Collapses the selected level to hide any subfolders.
NetLinx Security within the Web Server Manage System Page Components (Cont.) Feature Description Management menu options: These management buttons change depending on the source chosen from the Online Tree. • There are three menu groupings available: - System Menu (to configure Master properties). - Device Menu (to configure device specific properties). - Port Menu (to configure specific Port settings). System menu buttons: The selected system number is displayed below these menu buttons.
NetLinx Security within the Web Server Manage System - System Menu Buttons These buttons appear (on the right) when a user clicks on the purple System icon from within the Online Tree. The selected system number is displayed below these System menu buttons. System Menu - Modifying the Date/Time 1. Click the Manage System link (from within the System Settings section of the Navigation frame). 2.
NetLinx Security within the Web Server Current System Number FIG. 59 Change System Number dialog The current system number is also shown just below the System menu buttons. 4. Enter a new numeric value into the New System Number field. 5. Click the Update button to save this new value to the system on the target Master. The following message; "System number changed to X. Master must be rebooted for the change to take effect.
NetLinx Security within the Web Server 2. Clicking on any of the Online Tree items opens menu items with the Control/Emulate button option available. 3. Click the Control/Emulate button to open the Control/Emulate dialog (FIG. 60). 4. Click the Update Status button to query the Master for the status of the currently entered level and channel. The System Number, Device Number, and Port Number value fields are read-only (disabled) if you are brought to this window from a selection of an Online Tree item.
NetLinx Security within the Web Server 6. Enter a System Number, Device Number, and Port Number into the appropriate fields. These values correspond to the device you wish to control (real or fictitious). The Device, Port, and System value ranges are 1 - 65535. 7. Within the Channel Code section, enter a valid Channel number to emulate Channel messages (i.e., Push/Release, CHON, and CHOFF) for the specified . The Channel number range is 1 - 65535. 8.
NetLinx Security within the Web Server Manage System - Diagnostics This page allows an authorized user to setup and monitor diagnostic messages coming from and going to devices available on the Online Tree. This dialog also allows the user to watch the ICSP commands being sent to/from a device. There are several different types of asynchronous notifications that can be selected for a device:port:system (D:P:S) combination. Each notification type is represented by a column in the table.
NetLinx Security within the Web Server Setting up and removing a Diagnostic Filter 1. Setup a diagnostic filter by scrolling down the page and clicking the Modify button below the first empty column. This action opens the Device Configuration dialog as a secondary popup window. Up to 8 concurrent diagnostic filter slots can be simultaneously active using any eight of the 10 available user-configurable Presets available through the Device Configuration dialog. 2.
NetLinx Security within the Web Server Diagnostic Configuration Dialog (Cont.) Feature Description Presets: This list of up to 10 presets comes defaulted with Preset 0: All Devices, All Notifications • Store: Save the current notification selections to a Preset profile. Pressing this button opens a popup field labeled Explorer User Prompt - Preset Name? where you enter the name associated with this new Preset.
NetLinx Security within the Web Server 5. Remove a diagnostic filter by clicking the Modify button below it (from the Diagnostics dialog), then pressing the Remove button to delete this filter from the Diagnostics dialog. Once a Preset is assigned to a specific Diagnostic filter "slot" (up to 8), its System:Device:Port fields are greyed-out, and can’t be modified unless the Preset in that slot is removed and replicated with new information within these fields.
NetLinx Security within the Web Server 1. Click on the Manage System link (from within the System Settings section of the Navigation frame). 2. Click on the purple System icon from within the Online Tree to open the System menu buttons within the right frame. 3. Click the Server button to open the Server dialog and its associated submenu options (FIG. 62). Disabling the HTTP Port requires that an authorized user access the Master ONLY via a secure HTTPS connection. SSH version 2 is only supported. FIG.
NetLinx Security within the Web Server Modifying the Server Port Settings 1. From within the Server submenu, press the Port Settings button to open the Server Port Settings dialog seen above in FIG. 62. 2. Uncheck any services (and corresponding ports) to disable their functionality. 3. Modify any preset service port value by first enabling that service with a checkmark within the Enabled checkbox and then entering a value within the Port Number field.
NetLinx Security within the Web Server Server Port Settings (Cont.) Feature Description HTTPS/SSL Port: The port value used by web browser to securely communicate between the web server UI and the target Master. This port is also used to simultaneously encrypt this data using the SSL certificate information on the Master as a key. • The default port value is 443.
NetLinx Security within the Web Server SSL Server Certificate Creation Procedures Initially, a NetLinx Master is not equipped with any installed certificates. In order to prepare a Master for later use with CA (officially issued) server certificates, it is necessary to: First create a self-generated certificate which is automatically installed onto the Master. Secondly, enable the SSL feature from the Enable Security page.
NetLinx Security within the Web Server This page allows an authorized user to display an installed certificate, create a certificate request, self-generate, and regenerate SSL Server Certificates. Server Certificate Entries Feature Description Server Certificate Field Information: Update Updates the target Master with the information entered on this page. • This process can take a few minutes. Bit Length Provides a drop-down selection with three available public key lengths: 512, 1024, and 2048.
NetLinx Security within the Web Server Server - Display SSL Server Certificate Information 1. Navigate to the Server Certificate page by clicking System Settings > Manage System > Server > Create SSL Certificate to open the Server Certificate page. By default, the Display Certificate Action is selected and these fields are populated with information from an installed certificate. If the Master does not have a previously installed certificate, these fields are blank. 2.
NetLinx Security within the Web Server 10. Choose Self Generate Certificate from the drop-down list. When this request is submitted, the certificate is generated and installed into the Master in one step. 11. Click Update to save the new encrypted certificate information to the Master. ONLY use the Regenerate certificate option when you have Self Generated your own certificate. DO NOT regenerate an external CA-generated certificate. Server - Regenerating an SSL Server Certificate Request 1.
NetLinx Security within the Web Server 3. Enter the used Domain Name into the Common Name field. Example: If the address being used is www.amxuser.com, that must be the Common name and format used in the Common Name field. This string provides a unique name for the desired user. This domain name must be associated to a resolvable URL Address when creating a request for a purchased certificate. The address does not need to be resolvable when obtaining a free certificate. 4.
NetLinx Security within the Web Server 1. Navigate to the Web Server Certificate HTML page on your CA’s web site. A Web Server certificate allows you to authenticate through a Web browser via SSL. In order to successfully verify other certificates it is also necessary to import the CA key into the Web Server. Refer to the Server - Creating a Request for an SSL Certificate section on page 101. This is done as part of the process of receiving your Web Server certificate.
NetLinx Security within the Web Server Certificate text field FIG. 65 Export SSL Certificate dialog YOU MUST COPY ALL OF THE TEXT within this field, including the -----BEGIN CERTIFICATE REQUEST----- and the -----END CERTIFICATE REQUEST-----. Without this text included in the CA submission, you will not receive a CA-approved certificate. 5. Press the Ctrl + C keys simultaneously on your keyboard (this takes the blue selected text within the field and copies it to your temporary memory/clipboard). 6.
NetLinx Security within the Web Server Server - Importing a CA created SSL Certificate Before importing a CA server certificate, you must: First, have a self-generated certificate installed onto your target Master. Secondly, enable the SSL security feature from the Enable Security page, to establish a secure connection to the Master prior to importing the encrypted CA certificate. Refer to the Security - System Level Security page section on page 71 for more information about enabling SSL security. 1.
NetLinx Security within the Web Server A certificate consists of two different Keys: Master Key is generated by the Master and is incorporated into the text string sent to the CA during a certificate request. It is specific to a particular request made on a specific Master. Public Key is part of the text string that is returned from the CA as part of an approved SSL Server Certificate. This public key is based off the submitted Master key from the original request.
NetLinx Security within the Web Server Network Settings Dialog Feature Description IP Address: Host Name Use this field to view/edit the target Master's current Host Name. DHCP/Specify IP Address Use these radio buttons to specify an address for the target Master: • DHCP - obtained from a DHCP Server. • Specify an IP Address - typically obtained from a System Administrator. IP Address Use this field to view/edit the target Master's current IP Address.
NetLinx Security within the Web Server URL List dialog Add New URL dialog FIG. 68 URL List dialog 7. If a Username and/or Password is required for successful communication with the target URL, place a checkmark in the Secure Connection checkbox and enter the necessary information within the Username, Password, and Confirm (password) fields. If this box is unchecked, the fields are greyed-out and the user is prevented from entering any text into any of the remaining fields.
NetLinx Security within the Web Server 11. URL entries can be removed either individually or as a whole: Remove an individual URL entry by pressing the Remove button on that URLs row listing within the URL List dialog (FIG. 69). Remove all previously entered URLs by pressing the Remove All button. To confirm the removal of all items, press the Refresh button. Device Menu - Changing the Device Number 1.
NetLinx Security within the Web Server 3. Click the Log button (FIG. 71). This dialog allows the user to view the log for the selected device (currently only the Master supports this feature). FIG. 71 Log dialog 4. Click the Refresh button to update the information on-screen. Device Menu - Running a Diagnostic Filter Refer to the procedures outlined within the Manage System - Diagnostics section on page 91 for more information. System Settings - Manage License This page (FIG.
NetLinx Security within the Web Server An example of this type of product is i!-Voting. The Master confirms this registration information before running the module. Adding a new license 1. Click on the System Settings > Manage License link from within the System Settings section of the Navigation frame. 2. Click the New button to be transferred to the Add new License Key page (FIG. 73). FIG. 73 System Settings - Add New License Key page 3.
NetLinx Security within the Web Server System Settings - Manage NetLinx Devices To access this page, click on the Manage NetLinx Devices link (from within the System Settings section of the Navigation frame). These pages (FIG. 74) have some additions that have been incorporated as part of build 323 (or higher). These features include the display the device status as well as some background color changes which indicate system groupings.
NetLinx Security within the Web Server Manage NetLinx Devices Page (Cont.) Feature Description Device Listings: • This page (in addition to the target Master which is typically the first entry) lists those NetLinx Masters which have sent out NetLinx Discovery Master Announce packets (NDPs). • Each entry contains the data necessary to describe the devices detected by the system.
NetLinx Security within the Web Server Manage NetLinx Devices - Displaying NDP-capable devices You’ll note in the previous example (FIG. 74), the first NetLinx Master has a "+" icon next to it, which shows that this Master is indicating the presence of NDP-capable devices currently connected to it. 1. Click the "+" icon to expand the particular Master’s listing and reveal those NDP-capable devices connected to it, as shown below in FIG. 75.
NetLinx Security within the Web Server - Once this button is pressed, the device then shows up as Bound (within the Status column). Manage NetLinx Devices - Obtaining NetLinx Device information To obtain more description than is provided by the listing: 1. Use your mouse to hover the cursor over a particular device within the listing and display a mouse-over popup dialog (FIG. 76). This field illustrates the MAC Address of the Master.
NetLinx Security within the Web Server System Settings - Manage Other Devices - Dynamic Device Discovery Pages Before you begin to manage any other devices, the target Master must be loaded with the program which defines the new devices and modules. In addition to this code, all IP/Serial devices must be pre-configured and connected to the system. To access this page, click on the Manage Other Devices link (from within the System Settings section of the Navigation frame). This page (FIG.
NetLinx Security within the Web Server Manage Other Devices Page Feature Description Dynamic Device Discovery links: These links direct the user to additional Dynamic Device Discovery (DDD) configuration pages which include: • Manage Device Bindings page is used for configuring application-defined Duet virtual devices by using discovered physical devices.
NetLinx Security within the Web Server Manage Other Devices Page (Cont.) Feature Description Configure Binding Options (Cont.): Enable Subnet Match This selection allows an end-user to toggle whether or not IP devices should only be detected/discovered if they are on the same IP Subnet as the Master. Purge Bound Modules on Reset • This selection indicates that all modules should be deleted from the /bound directory upon the next reboot.
NetLinx Security within the Web Server Manage Other Devices Page (Cont.) Feature Description Manage Device Modules: This section displays a list of all currently loaded Duet Modules/ .JAR files on the Master (resident within the /unbound directory); as well as providing those interfaces necessary to delete, add, and retrieve these modules. Select File to Delete • This field provides the listing of loaded Modules/.JAR files. • These entries can be selected for deletion or archiving.
NetLinx Security within the Web Server Dynamic Device Discovery was created to take advantage of Java's Dynamic Class Loading and the Duet Standard NetLinx API (SNAPI). Java loads classes as they are needed. Therefore it is feasible to load a Duet control/protocol module on the fly as each new device is discovered. SNAPI provides a fixed interface for communicating with a certain type of device. The "glue code" refers to the developer defined NetLinx program that runs on a Master and controls a system.
NetLinx Security within the Web Server With program defined/static binding, the developer specifies a permanent binding between an application device and a physical port, such as a particular serial or IR port. At run-time, any device detected on that port is automatically associated with the designated application device. This binding type would be used when the developer wants to hard code what port is used for a device, but does not know what manufacturer's device will actually be connected.
NetLinx Security within the Web Server DEFINE_START STATIC_PORT_BINDING(dvDiscDevice, COM1, DUET_DEV_TYPE_DISC_DEVICE, 'My DVD', DUET_DEV_POLLED) DYNAMIC_POLLED_PORT(COM2) DYNAMIC_APPLICATION_DEVICE(dvRECEIVER1, DUET_DEV_TYPE_RECEIVER, 'My Receiver') (***********************************************************) (* THE EVENTS GO BELOW *) (***********************************************************) DEFINE_EVENT DATA_EVENT [dvRECEIVER1] { // Duet Virtual device data events go here } FIG.
NetLinx Security within the Web Server Dynamic application devices (Bind/Unbind) Static bound application devices (blank/Release) Device’s associated property information (displayed via a mouse-over popup dialog) FIG. 81 Manage Device Bindings page What are Application Devices and their association status? There are two types of application devices: Static Bound application devices and Dynamic application devices.
NetLinx Security within the Web Server - Dynamic application devices that have not been bound to a physical device display a Bind button. When this button is selected, a secondary display appears with a listing of all available unbound physical devices that match the application device's Device SDK class type (FIG. 82). - If a currently bound device needs to be replaced or a Duet Module needs to be swapped out, the device should be unbound and the new module/driver should then be bound.
NetLinx Security within the Web Server Manage Other Devices Menu - Viewing Discovered Devices This page (FIG. 83) provides a listing with all of the dynamic devices that have been discovered in the system. Listing of the discovered Dynamic Devices Properties of the discovered physical device (displayed via a mouse-over popup dialog) FIG. 83 View Discovered Devices page Mousing-over a listed entry presents a popup which displays all of the properties associated with the physical device.
NetLinx Security within the Web Server Module Properties (displayed via a mouse-over popup dialog) FIG. 84 Select Device Module page Mousing-over a listed module entry presents a popup which displays the properties associated with the selected module. By selecting the module and clicking the Save button, the administrator can assign a Duet module to be associated with the physical device. This action will NOT affect any currently running Duet module associated with the physical device.
NetLinx Security within the Web Server List of discovered physical devices (manually entered info) FIG.
NetLinx Security within the Web Server 9. Once you are done creating the profile for the new device, click the New button to assign additional Name and Value property information for association with the new User Defined Device. When the Add button is selected, the user-defined device is then inserted into the list of discovered physical devices which appears within the lower section of the display (FIG. 85).
NetLinx Security within the Web Server 3. To configure a Dynamic application interface: Add the DYNAMIC_APPLICATION_DEVICE API call to the section of the NetLinx program (FIG. 80 on page 122) containing the Duet Virtual Device D:P:S, the Duet Device type constant, and the associated friendly name string. - DYNAMIC_APPLICATION_DEVICE specifies a Duet device that is completely dynamic.
NetLinx Security within the Web Server Any available modules on either the amx.com, AMX's partner website, or within the physical device itself are downloaded to the Master and then displayed back within the Select Device Module page (FIG. 84 on page 126). The discovered device is then shown with an adjacent listing of available modules ranked with associated "match" score. - The location of these modules can be either indeterminate (in which case they will reside on the amx.
NetLinx Security within the Web Server 4. The user is then presented with a Security Alert popup window and Certificate information (FIG. 86). FIG. 86 Security Alert and Certificate popups The above alert only appears if an SSL Server Certificate has been installed on the target Master, the SSL Enable options has been enabled, from within the Enable Security window of the Security tab, and there is a problem with the site’s certificate.
NetLinx Security within the Web Server 7. The user is then presented with a Certificate Import Wizard that begins the process of adding the certificate (FIG. 87). FIG. 87 Certificate Import Wizard 8. Click Next to proceed with the certificate store process. FIG. 88 Certificate Import Wizard- storing the certificate 9. Click Next to automatically use the default certificate store settings and locations (FIG. 88). 10. Click Finish button to finalize the certificate installation process. 11.
NetLinx Security within the Web Server 19. The first page displayed within your open browser window is Manage WebControl Connections page. Using your NetLinx Master to control the G4 panel Refer to the specific panel instruction manual for detailed information on configuring and enabling WebControl. This firmware build enables SSL certificate identification and encryption, HTTPS communication, ICSP data encryption, and disables the ability to alter the Master security properties via a TELNET session.
NetLinx Security within the Web Server Compatible devices field (showing G4 WebControl links) G4 panels Compression Options FIG. 89 Manage WebControl Connections page (populated with compatible panels) 8. Click on the G4 panel name link associated with the target panel. A secondary web browser window appears on the screen (FIG. 90). FIG. 90 WebControl VNC installation and Password entry screens 9.
NetLinx Security within the Web Server If you do not get this field continue to step 11. IP Address of touch panel - obtained from IP Settings section of the panel’s System Connection page FIG. 91 Connection Details dialog 11. If a WebControl password was setup on the G4 WebControl page, a G4 Authentication Session password dialog box appears on the screen within the secondary browser window. 12. Enter the WebControl session password into the Session Password field (FIG. 90).
NetLinx Security within the Web Server 136 NetLinx Security - Web Server
NetLinx Security with a Terminal Connection NetLinx Security with a Terminal Connection NetLinx Masters currently have built-in security capabilities. They require a user enter a valid username and password to access the NetLinx System’s Telnet, HTTP, ICSP, and FTP services. The security capabilities are configured and applied via a Telnet connection or the NetLinx Master’s RS-232 terminal interface (the RS232 Program port).
NetLinx Security with a Terminal Connection Initial Setup via a Terminal Connection Security administration and configuration is done via a Terminal communication through the RS232 Program port on the NetLinx Master. If you connect to the target Master via the TCP/IP (Winsock) option, you will find that some command sets (such as the security setup) will not be available.
NetLinx Security with a Terminal Connection 2.
NetLinx Security with a Terminal Connection If NetLinx Master security is not enabled, you will see the following: NetLinx Master security is Disabled Do you want to enable security for the NetLinx Master? (y or n): If you answer y for yes, security will be enabled and you will be taken to the Security Options Menu. If you answer n for no, all security settings (except FTP security) will remain disabled and you will be taken back to the Main Security Menu.
NetLinx Security with a Terminal Connection The items in the Security Options Menu are described below: Security Options Menu Command Description 1) Terminal (RS232) Security (Enabled/Disabled) This selection enables/disables Terminal (RS232 Program port) Security. If Terminal Security is enabled, a user must have sufficient access rights to login to a Terminal session. 2) HTTP Security (Enabled/Disabled) This selection enables/disables HTTP (Web Server) Security.
NetLinx Security with a Terminal Connection 2. At the Enter username prompt, enter a new username (for example "techpubs"). A username is a valid character string (4 - 20 alpha-numeric characters) defining the user. This string is case sensitive. Each username must be unique. 3. Press to enter the new username. The session then prompts you for a password for the new user. 4. Enter a password for the new user.
NetLinx Security with a Terminal Connection The Edit User Menu options are described in the following table: Edit User Menu Command Description 1) Change User Password This selection prompts you to enter the new password (twice) for the user. Once the new password is entered, the user must use the new password from that point forward. 2) Change Inherits From Group This selection will display the current group the user is assigned to (if any).
NetLinx Security with a Terminal Connection Press to exit the menu and return to the previous menu. The Access Rights Menu is described in the following table: Access Rights Menu Command Description 1) Terminal (RS232) Access (Enable/Disable) Enables/disables Terminal (RS232 Program port) Access. The account has sufficient access rights to login to a Terminal session if this option is enabled.
NetLinx Security with a Terminal Connection Option 6 - Show the list of authorized users 1. Type 6 and at the Security Setup prompt (at the bottom of the Main Security Menu) to view a list of currently enrolled users. 2. Press to return to the Security Setup menu. Option 7 - Add Group 1. Type 7 and at the Security Setup prompt (at the bottom of the Main Security Menu) to add a group account.
NetLinx Security with a Terminal Connection A single '/' is sufficient to grant access to all files and directories in the user directory and it's sub-directory. The '*' wildcard can also be added to enable access to all files. All entries should start with a '/'. Here are some examples of valid entries: Path Notes / Enables access to the user directory and all files and subdirectories in the user directory.
NetLinx Security with a Terminal Connection Edit Group menu: Change Access Rights 1. At the Edit Group prompt, type 4 to change the current access rights for the selected group account. A sample session response is: Select to change current access right 1) Terminal (RS232) Access................. Disabled 2) Admin Change Password Access............ Disabled 3) FTP Access.............................. Disabled 4) HTTP Access............................. Enabled 5) Telnet Access...........................
NetLinx Security with a Terminal Connection 2. Select a group from the list of currently enrolled groups and press to open the Edit Group Menu. This is the same Edit Group Menu that was access via the Add Group option: 1) Add Directory Association 2) Delete Directory Association 3) List Directory Associations 4) Change Access Rights 5) Display Access Rights Or to return to previous menu Edit group -> This menu is described on the previous pages (see Edit Group Menu on page 145).
NetLinx Security with a Terminal Connection Option 12 - Display Telnet Timeout in seconds This feature is disabled after the installation of firmware build 130 or higher onto your target Master. 1. Type 12 and at the Security Setup prompt (at the bottom of the Main Security Menu) to view the current Telnet Timeout value (in seconds). A sample session response is: Telnet Timeout is 10 seconds. 2. Press to return to the Security Setup Menu.
NetLinx Security with a Terminal Connection Main Security Menu The Main Security menu is described below: Main Security Menu Command 1) Set system security options for NetLinx Master Description This selection will bring up the Security Options Menu that allows you to change the security options for the NetLinx Master (refer to the Security Options Menu section on page 141 for details). These are "global" options that enable rights given to users and groups.
NetLinx Security with a Terminal Connection Main Security Menu (Cont.) Command Description 13) Make changes permanent by saving to When changes are made to the security settings of the flash Master, they are initially only changed in RAM and are not automatically saved permanently into flash. This selection saved the current security settings into flash.
NetLinx Security with a Terminal Connection The administrator group account cannot be deleted or modified. The FTP Security and Admin Change Password Security are always enabled and cannot be disabled. Help menu Type help at the prompt in the Telnet session to display the following help topics: Help Menu Options Command ----- Help ----- Description (Extended diag messages are OFF) : Device:Port:System. If omitted, assumes Master. ? or Help Displays this list.
NetLinx Security with a Terminal Connection Help Menu Options (Cont.) Command SEND_COMMAND D:P:S or NAME,COMMAND Description Sends the specified command to the device. The Command uses NetLinx string syntax. • Ex: send_command 1:1:1,"'This is a test',13,10" • Ex: send_command RS232_1,"'This is a test',13,10" SEND_STRING D:P:S or NAME,STRING Sends the specified string to the device. SET DATE Sets the current date. SET DNS Sets up the DNS configuration of a device.
NetLinx Security with a Terminal Connection Logging Into a Session Until Telnet security is enabled, a session will begin with a welcome banner. Welcome to NetLinx v3.01.320 Copyright AMX Corp. 1999-2005 > The welcome banner is not displayed for Terminal sessions. It is very important for a user properly execute the 'logout' command prior to disconnecting from a Master.
NetLinx Security with a Terminal Connection Logout The logout command will log the user out of the current secure telnet session. For a Terminal session, the user will be logged out and to access Terminal commands again the user will first have to login. It is very important for a user properly execute the 'logout' command prior to disconnecting from a Master.
NetLinx Security with a Terminal Connection 156 NetLinx Security - Terminal
Programming Programming This section describes the Send_Commands, Send_Strings, and Channel commands you can use to program the Integrated Controller. The examples in this section require a declaration in the DEFINE_DEVICE section of your program to work correctly. Refer to the NetLinx Programming Language instruction manual for specifics about declarations and DEFINE_DEVICE information.
Programming Master Send_Commands (Cont.) Command Description G4WC The internal G4WC Send command (to Master 0:1:0) has been revised to add G4 WebControl devices to Web control list displayed in the browser. Add G4 Web Control devices to Web control list displayed by the Web server in a browser.
Programming Master IP Local Port Send_Commands These commands are specific to the Master and not the Controller. These commands are sent to the DPS 0:1:0 (the Master). A device must first be defined in the NetLinx programming language with values for the Device: Port: System. In these programming examples, = Device. The term = Device:Port:System. Master IP Local Port Send_Commands Command Description This is only available for Type 2 and Type 3 Local Ports.
Programming Only the Device number can be changed on the Controllers using the ID button. Port and System can not be defined. Device:Port:System (D:P:S) A device is any hardware component that can be connected to an AXlink or ICSNet bus. Each device must be assigned a unique number to locate that device on the bus. The NetLinx programming language allows numbers in the range 1-32,767 for ICSNet (255 for AXlink). NetLinx requires a Device:Port:System (D:P:S) specification.
Programming Each of the NetLinx Integrated Controllers has specific port assignments: Port Assignments (NI-4x00 & NI-3x00) Serial Ports 1 - 7 Relays Port 8 IR Ports 9 -16 I/Os Port 17 Count 8 relays and 8 I/O's Port Assignments (NI-2x00) Serial Ports 1 - 3 Relays Port 4 IR Ports 5 -8 I/Os Port 9 Count 4 relays and 4 I/O's In your terminal program, type "Help" or a question mark ("?") and to display the Program port commands listed in the following table.
Programming Program Port Commands (Cont.) Command DISK FREE Description Displays the total bytes of free space available on the Master. Example: >DISK FREE The disk has 2441216 bytes of free space. DNS LIST Displays: • Domain suffix· • Configured DNS IP Information Example: >DNS LIST [0:1:0] Domain suffix:amx.com The following DNS IPs are configured Entry 1-192.168.20.5 Entry 2-12.18.110.8 Entry 3-12.18.110.7 ECHO OFF Disables terminal character's echo (display) function.
Programming Program Port Commands (Cont.) Command OFF Description Turns off a channel on a device. The device can be on any system the Master you are connected to can reach. You can specify the device number, port, and system, or the name of the device that is defined in the DEFINE_DEVICE section of the program. Syntax: OFF[name,channel] -orOFF[D:P:S,channel] Example: >OFF[5001:7:4] Sending Off[5001:7:4] ON Turns on a channel on a device.
Programming Program Port Commands (Cont.) Command PULSE Description Pulses a channel on a device on and off. The device can be on any system the Master you are connected to can reach. You can specify the device number, port, and system; or the name of the device that is defined in the DEFINE_DEVICE section of the program. Example: >PULSE[50001:8:50,1] Sending Pulse[50001:8:50,1] REBOOT Reboots the Master or specified device. Example: >REBOOT [0:1:0] Rebooting...
Programming Program Port Commands (Cont.) Command SET DNS Description Prompts you to enter a Domain Name, DNS IP #1, DNS IP #2, and DNS IP #3. Then, enter Y (yes) to approve/store the information in the Master. Entering N (no) cancels the operation. Example: >SET DNS [0:1:0] -- Enter New Values or just hit Enter to keep current settings -Enter Enter Enter Enter Domain Suffix: DNS Entry 1 : DNS Entry 2 : DNS Entry 3 : amx.com 192.168.20.5 12.18.110.8 12.18.110.
Programming Program Port Commands (Cont.) Command SET ICSP TCP TIMEOUT Description Sets the timeout period for ICSP and i!-WebControl TCP connections. Example: >SET ICSP TCP TIMEOUT This will set the timeout for TCP connections for both ICSP and i!-WebControl.When no communication has been detected for the specified number of seconds, the socket connection is closed.ICSP and i!-WebControl have built-in timeouts and reducing the TCP timeout below these will cause undesirable results.
Programming Program Port Commands (Cont.) Command SET TELNET PORT Description Sets the IP port listened to for Telnet connections. Example: >SET TELNET PORT Current telnet port number = 23 Enter new telnet port number (Usually 23) (0=disable Telnet) : Once you enter a value and press the ENTER key, you get the following message: Setting telnet port number to 23 New telnet port number set, reboot the Master for the change to take affect. SET THRESHOLD Sets the Master's internal message thresholds.
Programming Program Port Commands (Cont.) Command SET URL Description Prompts you to enter the URL address and port number of another Master or device (that will be added to the URL list). Then, enter Y (yes) to approve/store the new addresses in the Master. Entering N (no) cancels the operation. Example: >SET URL [0:1:0] No URLs in the URL connection list Type A and Enter to Add a URL or Enter to exit. -> a Enter URL -> 192.168.21.
Programming Program Port Commands (Cont.) Command SHOW LOG Description Displays the log of messages stored in the Master's memory. The Master logs all internal messages and keeps the most recent messages. The log contains:· • Entries starting with first specified or most recent • Date, Day, and Time message was logged • Which object originated the message • The text of the message SHOW LOG [start] [end] SHOW LOG ALL If start is not entered, the most recent message will be first.
Programming Program Port Commands (Cont.) Command SHOW REMOTE Description Displays a list of the devices this system requires input from and the types of information needed. If when a NetLinx Master connects to another NetLinx Master, the newly connecting system has a device that the local system desires input from; the new system is told what information is desired from what device. Note the local system number is 1062.
Programming Program Port Commands (Cont.) Command TCP LIST Description Lists all active TCP/IP connections. Example: >TCP LIST The following TCP connections exist(ed): 1: IP=192.168.21.56:1042 Socket=0 (Dead) 2: IP=192.168.21.56:1420 Socket=0 (Dead) TIME Displays the current time on the Master. Example: >TIME 13:42:04 URL LIST Displays the list of URL addresses programmed in the Master (or another system). Example: >URL LIST The following URLs exist in the URL connection list ->Entry 0-192.
Programming Notes on Specific Telnet/Terminal Clients Telnet and terminal clients will have different behaviors in some situations. This section states some of the known anomalies. WindowsTM client programs Anomalies occur when using a Windows client if you are not typing standard ASCII characters (i.e. using the keypad and the ALT key to enter decimal codes). Most programs will allow you to enter specific decimal codes by holding ALT and using keypad numbers.
Programming LED Send_Commands (Cont.) Command Description LED-EN When the port is active, the LED is lit. When the port is not active, the LED is not lit. Issue the command to port 1 to enable the LEDs on the Controller (default setting). When activity occurs on a port(s) or Controller, the LEDs illuminate. Enable the LED (on 32 LED hardware) for a port (by default). Syntax: SEND_COMMAND ,'LED-EN' Example: SEND_COMMAND System_1,'LED-EN' Enables the System_1 Controller's LEDs.
Programming RS-232/422/485 Send_Commands (Cont.) Command Description CHARDM Syntax: Set the delay time between SEND_COMMAND ,"'CHARDM-
Programming RS-232/422/485 Send_Commands (Cont.) Command Description RXOFF Syntax: Disable the transmission of incoming received characters to the Master (default). SEND_COMMAND ,"'RXOFF'" Example: SEND_COMMAND RS232_1,"'RXOFF'" Stops the RS232_1 device from transmitting received characters to the Master. RXON Start transmitting received characters to the Master (default). Enables sending incoming received characters to the Master.
Programming RS-232/422/485 Send_Commands (Cont.) Command Description TSET BAUD TSET BAUD works the same as SET BAUD, except that the changes are not permanent, and the previous values will be restored if the power is cycled on the device. Temporarily set the RS-232/ 422/485 port's communication parameters for a device.
Programming RS-232/422/485 Send_String Escape Sequences This device also has some special SEND_STRING escape sequences: If any of the 3 character combinations below are found anywhere within a SEND_STRING program instruction, they will be treated as a command and not the literal characters. In these examples: = device. RS-232/422/485 Send_String Escape Sequences Command Description 27,17,
Programming IR / Serial Ports Channels IR / Serial Ports Channels 00001 - 00229 IR commands. 00229 - 00253 May be used for system call feedback. 00254 Power Fail. (Used w/ 'PON' and 'POF' commands). 00255 Power status. (Shadows I/O Link channel status). IR ports - Ports 9 - 16 (NI-4X000/3X00) and Ports 5 - 8 (NI-2X00). The NI series of NetLinx Masters support Serial control via the IR port when using firmware version 300 or greater.
Programming IR/Serial Send_Commands (Cont.) Command Description CH All channels below 100 are transmitted as two digits. If the IR code for ENTER (function #21) is loaded, an Enter will follow the number. If the channel is greater than or equal to (>=) 100, then IR function 127 or 20 (whichever exists) is generated for the one hundred digit. Uses 'CTON' and 'CTOF' times for pulse times. Send IR pulses for the selected channel.
Programming IR/Serial Send_Commands (Cont.) Command Description GET BAUD The port sends the parameters to the device that requested the information. Only valid if the port is in Data Mode (see SET MODE command). Get the IR port’s current DATA mode communication parameters.
Programming IR/Serial Send_Commands (Cont.) Command Description PON If at any time the IR sensor input reads that the device is OFF (such as if one turned it off manually at the front panel), IR function 27 (if available) or IR function 9 is automatically generated in an attempt to turn the device back ON. If three attempts fail, the IR port will continue executing commands in the buffer and trying to turn the device On.
Programming IR/Serial Send_Commands (Cont.) SET BAUD Only valid if the port is in Data Mode (see SET MODE command). Set the IR port's DATA mode communication parameters. Syntax: SEND_COMMAND ,"'SET BAUD ,,,'" Variables: baud = baud rates are: 19200, 9600, 4800, 2400, and 1200. parity = N (none), O (odd), E (even), M (mark), S (space). data = 7 or 8 data bits. stop = 1 and 2 stop bits. Note: AMX does not recommend using a cable longer than 10 feet (3.
Programming IR/Serial Send_Commands (Cont.) Command Description XCH Syntax: SEND_COMMAND ,"'XCH '" Transmit the selected channel IR codes in the format/pattern Variable: set by the 'XCHM' send channel = 0 - 999. command. Example: For detailed usage examples, refer to the 'XCHM' command. XCHM Changes the IR output pattern for the 'XCH' send command. Syntax: SEND_COMMAND ,"'XCHM '" Variable: extended channel mode = 0 - 4.
Programming Input/Output Send_Commands The following Send_Commands program the I/O ports on the Integrated Controller. In these examples: = device. I/O ports: Port 17 (NI-4X00/3X00) and Port 9 (NI-2X00). Channels: 1 - 8 I/O channels. I/O Send_Commands GET INPUT Get the active state for the selected channels. An active state can be high (logic high) or low (logic low or contact closure). Channel changes, Pushes, and Releases generate reports based on their active state.
Troubleshooting Troubleshooting This section describes the solutions to possible hardware/firmware issues that could arise during the common operation of a NetLinx device. Troubleshooting Information Symptom Solution My NI Controller can’t obtain a DHCP Address. In requesting a DHCP Address, the DHCP Server can take up to a few minutes to provide the address to the on-board Master.
Troubleshooting Troubleshooting Information (Cont.) Symptom Solution I can’t connect to my NI Controller via the rear Program Port using a DB9 cable. A DB9 cable is used for Serial communication between the PC and the Master. • Verify the DB9 connectors are securely inserted into their respective ports on both the rear Program Port (on the NI) and the COM Port (on the PC). • The NI-series of Integrated Controllers comes factory defaulted to a communication Baud Rate of 38400.
Troubleshooting Troubleshooting Information (Cont.) Symptom Solution During the firmware upgrade process, NetLinx Studio failed to install the last component. This occurs when initially upgrading the on-board Master from a previous firmware (build 117 or lower), to the new Web Security firmware (build 300 or higher). • Only upon the initial installation of the new build there will be a failure of the last component to successfully download.
It’s Your World - Take Control™ 3000 RESEARCH DRIVE, RICHARDSON, TX 75082 USA • 800.222.0193 • 469.624.8000 • 469-624-7153 fax • 800.932.6993 technical support • www.amx.com 060-004-2949 6/06 ©2006 AMX. All rights reserved. AMX and the AMX logo are registered trademarks of AMX. AMX reserves the right to alter specifications without notice at any time.
