1. Home
  2. Caterpillar
  3. Systems Operation
  4. #i04394851

Network Management Card and Network Management Card with Environmental Monitoring for the UPSB505 Uninterruptible Power Supply Caterpillar


Administration: Network Features

Usage:

UPSB 505 YTM

TCP/IP and Communication Settings

TCP/IP Settings

Path: Administration > Network > TCP/IP > IPv4 settings

The "TCP/IP" option on the left navigation menu, selected by default when you choose "Network" on the top menu bar, displays the current IPv4 address, subnet mask, default gateway, MAC address, and boot mode of the UPS Network Management Card (NMC).

Enable - Enable or disable IPv4 with this check box.

Manual - Configure IPv4 manually by entering the IP address, subnet mask, and default gateway.

BOOTP - A BOOTP server provides the TCP/IP settings. At 32-second intervals, the NMC requests network assignment from any BOOTP server:

  • If the NMC receives a valid response, the NMC starts the network services.

  • If the NMC finds a BOOTP server, but a request to that server fails or times out, the NMC stops requesting network settings until the NMC is restarted.

  • By default, if previously configured network settings exist, and the NMC receives no valid response to five requests (the original and four retries), the NMC uses the previously configured settings so that the NMC remains accessible.

Click "Next>>" to access the BOOTP Configuration page to change the number of retries or the action to take if all retries fail :

  • "Maximum retries": Enter the number of retries that will occur when no valid response is received, or zero (0) for an unlimited number of retries.

  • "If retries fail": Select "Use prior settings" (the default) or "Stop BOOTP request".

The default values for these three settings on the configuration pages generally do not need changed:

  • "Vendor Class" : CAT

  • "Client ID" : The MAC address of the Network Management Card, which uniquely identifies the ID on the local area network (LAN)

  • "User Class" : The name of the application firmware module

DHCP - The default setting. At 32-second intervals, the NMC requests network assignment from any DHCP server.

  • If the NMC receives a valid response, the NMC does not (as previously) require the CAT cookie from the DHCP server in order to accept the lease and start the network services.

  • If the NMC finds a DHCP server, but the request to that server fails or times out, the NMC stops requesting network settings until the NMC is restarted.

  • Require vendor-specific cookie to accept DHCP Address: By selecting this check box, you can require the DHCP server to provide a cookie which supplies information to the NMC.

DHCP Response Options

Each valid DHCP response contains options that provide the TCP/IP settings that the NMC needs to operate on a network. The response also contains other information that affects the operation of the NMC.

Vendor Specific Information (option 43)

The NMC uses this option in a DHCP response to determine whether the DHCP response is valid. This option contains an option in a TAG/LEN/DATA format, called the CAT Cookie. This option is disabled by default.

  • CAT Cookie. Tag 1, Len 4, Data "1CAT"

Option 43 communicates to the NMC that a DHCP server is configured to service devices.

Following, in hexadecimal format, is an example of a Vendor Specific Information option that contains the cookie:

"Option 43 = 0x01 0x04 0x31 0x41 0x50 0x43"

TCP/IP Options

The NMC uses the following options within a valid DHCP response to define the NMCs TCP/ IP settings.

IP Address (from the "yiaddr" field of the DHCP response) - The IP address that the DHCP server is leasing to the NMC.

Subnet Mask (option 1) - The Subnet Mask value that the NMC needs to operate on the network.

Router : Default Gateway (option 3) - The default gateway address that the NMC needs to operate on the network.

IP Address Lease Time (option 51) - The time duration for the lease of the IP Address to the NMC.

Renewal Time, T1 (option 58) - The time that the NMC must wait after an IP address lease is assigned before the NMC can request a renewal of that lease.

Rebinding Time, T2 (option 59) - The time that the NMC must wait after an IP address lease is assigned before the NMC can seek to rebind that lease.

Other Options

The NMC also uses these options within a valid DHCP response.

Network Time Protocol Servers (option 42) - Up to two NTP servers (primary and secondary) that the NMC can use.

Time Offset (option 2) - The offset of the NMCs subnet, in seconds, from Coordinated Universal Time (UTC).

Domain Name Server (option 6) - Up to two Domain Name System (DNS) servers (primary and secondary) that the NMC can use.

Host Name (option 12) - The host name that the NMC will use (32-character maximum length).

Domain Name (option 15) - The domain name that the NMC will use (64-character maximum length).

Boot File Name (from the "file" field of the DHCP response) - The fully qualified directory-path to a user configuration file (.ini file) to download. The "siaddr" field of the DHCP response specifies the IP address of the server from which the NMC will download the .ini file. After the download, the NMC uses the .ini file as a boot file to reconfigure the NMC settings.

Path: Administration > Network > TCP/IP > IPv6 settings

Show/hide table
Table 1
Setting     Description    
Enable     Enable or disable IPv6 with this check box.    
Manual     Configure IPv6 manually by entering the IP address and the default gateway.    
Auto Configuration     When the Auto Configuration check box is selected, the system obtains addressing prefixes from the router (if available). The system uses those prefixes to configure IPv6 addresses automatically.    
DHCPv6 Mode     "Router Controlled" : Selecting this option means that DHCPv6 is controlled by the Managed(M) and Other(O) flags received in IPv6 router advertisements. When a router advertisement is received, the NMC checks whether the M or the O flag is set. The NMC interprets the state of the M (Managed Address Configuration Flag) and O (Other Stateful Configuration Flag) "bits" for the following cases:
- "Neither is set" : Indicates the local network has no DHCPv6 infrastructure. The NMC uses router advertisements and manual configuration to get addresses that are not link-local and other settings.
- "M, or M and O are set" : In this situation, full DHCPv6 address configuration occurs. DHCPv6 is used to obtain addresses AND other configuration settings. This situation is known as DHCPv6 stateful. Once the M flag has been received, the DHCPv6 address configuration stays in effect until the interface in question has been closed. True even if subsequent router advertisement packets are received in which the M flag is not set. If an O flag is received first, then an M flag is received after, the NMC performs full address configuration upon receipt of the M flag
- "Only O is set" : In this situation, the NMC sends a DHCPv6 Info-Request packet. DHCPv6 will be used to configure "other" settings (such as location of DNS servers), but NOT to provide addresses. Referred to as DHCPv6 stateless.
"Address and Other Information" : With this radio box-selected, DHCPv6 is used to obtain addresses AND other configuration settings. Referred to as DHCPv6 stateful.
"Non-Address Information Only" : With this radio box-selected, DHCPv6 will be used to configure "other" settings (such as location of DNS servers), but NOT to provide addresses. Referred to as DHCPv6 stateless.
"Never" : Select "Never" to disable DHCPv6.    

Ping Response

Path: Administration > Network > Ping Response

Select the "Enable" check box for "IPv4 Ping Response" to allow the Network Management Card to respond to network pings. Clear the check box to disable an NMC response. Does not apply to IPv6.

Port Speed

Path: Administration > Network > Port Speed

The "Port Speed" setting defines the communication speed of the TCP/IP port.

  • For "Auto-negotiation" (the default), Ethernet devices negotiate to transmit at the highest possible speed, but if the supported speeds of two devices are unmatched, the slower speed is used.

  • Alternatively, you can choose 10 Mbps or 100 Mbps, each with the option of half-duplex (communication in only one direction at a time) or full-duplex (communication in both directions on the same channel simultaneously).

DNS

Path: Administration > Network > DNS > options

Use the options under DNS on the left navigation menu to configure and test the Domain Name System (DNS):

  • Select "Primary DNS Server" or "Secondary DNS Server" to specify the IPv4 or IPv6 addresses of the primary and optional secondary DNS server. For the NMC to send e-mail, you must at least define the IP address of the primary DNS server.

- The NMC waits up to 15 seconds for a response from the primary DNS server or the secondary DNS server (if a secondary DNS server is specified). If the NMC does not receive a response within that time, e-mail cannot be sent. Therefore, use DNS servers on the same segment as the NMC or on a nearby segment (but not across a wide-area network [WAN]).

- After you define the IP addresses of the DNS servers, verify that DNS is working correctly by entering the DNS name of a computer on your network to look up the IP address for that computer.

  • "Host Name" : After you configure a host name here and a domain name in the Domain Name field, users can enter a host name in any field in the NMC interface (except e-mail addresses) that accepts a domain name.

  • "Domain Name (IPv4)" : Configure the domain name here only. In all other fields in the NMC interface (except e-mail addresses) that accept domain names, the NMC adds this domain name when only a host name is entered.

- To override all instances of the expansion of a specified host name by the addition of the domain name, set the domain name field to the default, somedomain.com, or to 0.0.0.0.

- To override the expansion of a specific host name entry (for example, when defining a trap receiver), include a trailing period. The NMC recognizes a host name with a trailing period (such as mySnmpServer.) as if the entry is a fully qualified domain name and does not append the domain name.

  • "Domain Name (IPv6)" : Specify the IPv6 domain name here.

  • Select "test" to send a DNS query that tests the setup of your DNS servers:

- As "Query Type", select the method to use for the DNS query:

  • "by Host" : the URL name of the server

  • "by FQDN" : the fully qualified domain name

  • "by IP" : the IP address of the server

  • "by MX" : the Mail Exchange used by the server

- As "Query Question", identify the value to be used for the selected query type:

Show/hide table
Table 2
Query Type Selected     Query Question to Use    
by Host     The URL    
by FQDN     The fully qualified domain name, "my_server.my_domain".    
by IP     The IP address    
by MX     The Mail Exchange address    

- View the result of the test DNS request in the "Last Query Response" field.

Web

Path: Administration > Network > Web > options

Access

To activate changes to any of these selections, log off from the NMC:

Disable - Disables access to the "Web interface". (To re-enable access, log in to the "command line interface", then type the command http -S enable. For HTTPS access, type https -S enable.)

Enable HTTP (the default) - Enables Hypertext Transfer Protocol (HTTP), which provides web access by user name and password, but does not encrypt user names, passwords, and data during transmission.

Enable HTTPS - Enables Hypertext Transfer Protocol (HTTPS) over Secure Sockets Layer (SSL). SSL encrypts user names, passwords, and data during transmission, and authenticates the NMC by digital certificate. When HTTPS is enabled, your browser displays a small lock icon.

ReferenceRefer to "Creating and Installing Digital Certificates" in the Security Handbook to choose among the several methods for using digital certificates.

HTTP Port - The TCP/IP port (80 by default) used to communicate by HTTP with the NMC.

HTTPS Port - The TCP/IP port (443 by default) used to communicate by HTTPS with the NMC.

For either of these ports, you can change the port setting to any unused port from 5000 to 32768 for additional security. Users must then use a colon (:) in the address field of the browser to specify the port number. For example, for a port number of 5000 and an IP address of 152.214.12.114:

"http://152.214.12.114:5000"

"https://152.214.12.114:5000"

SSL Certificate

Add, replace, or remove a security certificate.

Status -

Not installed - A certificate is not installed, or was installed by FTP or SCP to an incorrect location. Using "Add or Replace Certificate File" installs the certificate to the correct location, /ssl on the Network Management Card.

Generating - The Network Management Card is generating a certificate because no valid certificate was found.

Loading - A certificate is being activated on the NMC.

Valid certificate - A valid certificate was installed or was generated by the NMC. Click on this link to view the contents of the certificate.

If you install an invalid certificate, or if no certificate is loaded when you enable SSL, the NMC generates a default certificate, a process which delays access to the interface for up to 1 minute. You can use the default certificate for basic encryption-based security, but a security alert message displays whenever you log on.

Add or Replace Certificate File - Enter or browse to the certificate file created with the Security Wizard.

ReferenceSee "Creating and Installing Digital Certificates" in the Security Handbook to choose a method for using digital certificates created by the Security Wizard or generated by the NMC.

Remove - Delete the current certificate.

Console

Path: Administration > Network > Console > options

Access

Choose one of the following for access by Telnet or Secure SHell (SSH):

Disable - Disables all access to the "command line interface".

Enable Telnet (the default) - Telnet transmits user names, passwords, and data without encryption.

Enable SSH - SSH transmits user names, passwords, and data in encrypted form, providing protection from attempts to intercept, forge, or alter data during transmission.

Configure the ports to be used by these protocols:

Telnet Port - The Telnet port used to communicate with the NMC (23 by default). You can change the port setting to any unused port from 5000 to 32768 for additional security. Users must then use a colon (:) or a space, as required by your Telnet client program, to specify the non-default port. For example, for port 5000 and an IP address of 152.214.12.114, your Telnet client requires one of these commands:

"telnet 152.214.12.114:5000"

"telnet 152.214.12.114 5000"

SSH Port - The SSH port used to communicate with the NMC (22 by default). You can change the port setting to any unused port from 5000 to 32768 for additional security. See the documentation for your SSH client for the "command line format" required to specify a nondefault port.

SSH Host Key

Status indicates the status of the host key (private key):

SSH Disabled: No host key in use - When disabled, SSH cannot use a host key.

Generating - The NMC is creating a host key because no valid host key was found.

Loading - A host key is being activated on the NMC.

Valid - One of the following valid host keys is in the /ssh directory (the required location on the Network Management Card):

  • A 1024-bit or 2048-bit host key created by the Security Wizard

  • A 2048-bit RSA host key generated by the Network Management Card

Add or Replace - Browse to and upload a host key file created by the Security Wizard.

ReferenceTo use the Security Wizard, see the Security Handbook.

Note: To reduce the time required to enable SSH, create and upload a host key in advance. If you enable SSH with no host key loaded, the NMC takes up to 1 minute to create a host key, and the SSH server is not accessible during that time.

Remove - Remove the current host key.

Note: To use SSH, you must have an SSH client installed. Most Linux and other UNIX platforms include an SSH client, but Microsoft Windows operating systems do not. Clients are available from various vendors.

SNMP

All user names, passwords, and community names for SNMP are transferred over the network as plain text. If your network requires the high security of encryption, disable SNMP access or set the access for each community to Read. (A community with Read access can receive status information and use SNMP traps.)

When using InfraStruxure Central to manage a UPS on the public network of an InfraStruxure system, you must have SNMP enabled in the NMC interface. Read access will allow the InfraStruxure device to receive traps from the NMC, but Write access is required while you use the interface of the NMC to set the InfraStruxure device as a trap receiver.

ReferenceFor detailed information on enhancing and managing the security of your system, see the Security Handbook.

SNMPv1

Path: Administration > Network > SNMPv1 > options

Show/hide table
Table 3
Option     Description    
access     "Enable SNMPv1 Access" : Enables SNMP version 1 as a method of communication with this device.    
access control     You can configure up to four access control entries to specify which Network Management Systems (NMSs) have access to this device. The opening page for access control, by default, assigns one entry to each of the four available SNMPv1 communities, but you can edit these settings to apply more than one entry to any community to grant access by several specific IPv4 and IPv6 addresses, host names, or IP address masks. To edit the access control settings for a community, click the community name.
- If you leave the default access control entry unchanged for a community, that community has access to this device from any location on the network.
- If you configure multiple access control entries for one community name, the limit of four entries requires that one or more of the other communities must have no access control entry. If no access control entry is listed for a community, that community has no access to this device.
"Community Name" : The name that an NMS must use to access the community. The maximum length is 15 ASCII characters, and the default community names for the four communities are public, private, public2, and private2.
"NMS IP/Host Name" : The IPv4 or IPv6 address, IP address mask, or host name that controls access by NMSs. A host name or a specific IP address (such as 149.225.12.1) allows access only by the NMS at that location. IP addresses that contain 255 restrict access as follows:
- 149.225.12.255: Access only by an NMS on the 149.225.12 segment.
- 149.225.255.255: Access only by an NMS on the 149.225 segment.
- 149.255.255.255: Access only by an NMS on the 149 segment.
- 0.0.0.0 (the default setting) which can also be expressed as 255.255.255.255: Access by any NMS on any segment.
"Access Type" : The actions an NMS can perform through the community.
"Read" : GETS only, at any time
"Write" : GETS at any time, and SETS when no user is logged onto the "Web interface" or "command line" interface.
"Write+" : GETS and SETS at any time.
"Disable" : No GETS or SETS at any time.    

SNMPv3

Path: Administration > Network > SNMPv3 > options

For SNMP GETs, SETs, and trap receivers, SNMPv3 uses a system of user profiles to identify users. An SNMPv3 user must have a user profile assigned in the MIB software program to perform GETs and SETs, browse the MIB, and receive traps.

Note: To use SNMPv3, you must have a MIB program that supports SNMPv3. The NMC supports SHA or MD5 authentication and AES or DES encryption.

Show/hide table
Table 4
Option     Description    
access     "SNMPv3 Access" : Enables SNMPv3 as a method of communication with this device.    
user profiles     By default, lists the settings of four user profiles, configured with the user names " snmp profile1" through " snmp profile4", and no authentication and no privacy (no encryption). To edit the following settings for a user profile, click a user name in the list.
"User Name" : The identifier of the user profile. SNMP version 3 maps GETs, SETs, and traps to a user profile by matching the user name of the profile to the user name in the data packet being transmitted. A user name can have up to 32 ASCII characters.
"Authentication Passphrase" : A phrase of 15 to 32 ASCII characters (" auth passphrase", by default) that verifies that the NMS communicating with this device through SNMPv3 is the NMS the device claims to be, that the message has not been changed during transmission, and that the message was communicated in a timely manner, indicating that the message was not delayed and that the message was not copied and sent again later at an inappropriate time.
"Privacy Passphrase" : A phrase of 15 to 32 ASCII characters ( crypt passphrase, by default) that ensures the privacy of the data (with encryption) that an NMS is sending to this device or receiving from this device through SNMPv3.
"Authentication Protocol" : The implementation of SNMPv3 supports SHA and MD5 authentication. Authentication will not occur unless an authentication protocol is selected.
"Privacy Protocol" : The implementation of SNMPv3 supports AES and DES as the protocols for encrypting and decrypting data. Privacy of transmitted data requires that a privacy protocol is selected and that a privacy passphrase is provided in the request from the NMS. When a privacy protocol is enabled but the NMS does not provide a privacy passphrase, the SNMP request is not encrypted.
NOTE : You cannot select the privacy protocol if no authentication protocol is selected.    
access control     You can configure up to four access control entries to specify which NMSs have access to this device. The opening page for access control, by default, assigns one entry to each of the four user profiles, but you can edit these settings to apply more than one entry to any user profile to grant access by several specific IP addresses, host names, or IP address masks.
- If you leave the default access control entry unchanged for a user profile, all NMSs that use that profile has access to this device.
- If you configure multiple access entries for one user profile, the limit of four entries requires that one or more of the other user profiles must have no access control entry. If no access control entry is listed for a user profile, no NMS that uses that profile has any access to this device.
To edit the access control settings for a user profile, click the profiles user name.
"Access" : Mark the "Enable" checkbox to activate the access control specified by the parameters in this access control entry.
"User Name" : From the drop-down list, select the user profile to which this access control entry will apply. The choices available are the four user names that you configure through the "user profiles" option on the left navigation menu.
"NMS IP/Host Name" : The IP address, IP address mask, or host name that controls access by the NMS. A host name or a specific IP address (such as 149.225.12.1) allows access only by the NMS at that location. An IP address mask that contains 255 restricts access as follows:
- 149.225.12.255: Access only by an NMS on the 149.225.12 segment.
- 149.225.255.255: Access only by an NMS on the 149.225 segment.
- 149.255.255.255: Access only by an NMS on the 149 segment.
- 0.0.0.0 (the default setting) which can also be expressed as 255.255.255.255: Access by any NMS on any segment.    

Modbus

Path: Administration > Network > Modbus > tcp

Enable or disable access to the Modbus TCP by selecting or clearing the "Enable" check box.

Using the "Port" box, you can specify the port on which Modbus TCP provides the service.

FTP Server

Path: Administration > Network > FTP Server

The "FTP Server" settings enable (by default) or disable access to the FTP server and specify the TCP/IP port (21 by default) that the FTP server uses to communicate with the NMC. The FTP server uses both the specified port and the port one number lower than the specified port.

You can change the "Port" setting to the number of any unused port from 5001 to 32768 for added security. Users must then use a colon (:) to specify the non-default port number. For example, for port 5001 and IP address 152.214.12.114, the command would be ftp 152.214.12.114:5001.

Note: FTP transfers files without encryption. For higher security, disable the FTP server, and transfer files with SCP. Selecting and configuring Secure SHell (SSH) enables SCP automatically.

At any time that you want a UPS to be accessible for management by InfraStruxure Central, FTP Server must be enabled in the NMC interface of that UPS.

ReferenceFor detailed information on enhancing and managing the security of your system, see the Security Handbook.

Caterpillar Information System:

Network Management Card and Network Management Card with Environmental Monitoring for the UPSB505 Uninterruptible Power Supply Administration: Security
Network Management Card and Network Management Card with Environmental Monitoring for the UPSB505 Uninterruptible Power Supply Information Logs
2011/05/25 Updated Cat EPD Alternator Failure Report Template Is Now Available for Cat Generator Sets {1404}
C15 and C18 Industrial Engines Engine Oil Pan
3500C Marine Engines Engine Oil Sump Pump
3500 Generator Set Engines Fan Drive
C18 Marine Propulsion Engines Alternator and Regulator
3500 Engines Water Lines - Aftercooler
C32 Marine and Auxiliary Marine Engines Alternator Mounting
3500 Engines Water Lines - Aftercooler
320D and 323D Excavators Machine System Specifications Cab - Protection Visor
C32 Marine and Auxiliary Marine Engines Alternator Mounting
Network Management Card and Network Management Card with Environmental Monitoring for the UPSB505 Uninterruptible Power Supply Administration: Notification
Network Management Card and Network Management Card with Environmental Monitoring for the UPSB505 Uninterruptible Power Supply Administration: General Options
Network Management Card and Network Management Card with Environmental Monitoring for the UPSB505 Uninterruptible Power Supply Device Configuration
Network Management Card and Network Management Card with Environmental Monitoring for the UPSB505 Uninterruptible Power Supply Export Configuration Settings
Network Management Card and Network Management Card with Environmental Monitoring for the UPSB505 Uninterruptible Power Supply File Transfer
Network Management Card and Network Management Card with Environmental Monitoring for the UPSB505 Uninterruptible Power Supply Troubleshooting
Network Management Card and Network Management Card with Environmental Monitoring for the UPSB505 Uninterruptible Power Supply Commands
320D and 323D Excavators Machine System Specifications Vandalism Guard
Network Management Card with Modbus for the UPSB505 Uninterruptible Power Supply Environmental Monitoring
Cat Water Delivery System (WDS) Operator Controls
C15 Petroleum Engines Electrical Connectors
C175-16 Petroleum Engines Flexible Coupling
Back to top
Contacts My AVS
The names Caterpillar, John Deere, JD, JCB, Hyundai or any other original equipment manufacturers are registered trademarks of the respective original equipment manufacturers. All names, descriptions, numbers and symbols are used for reference purposes only.
CH-Part.com is in no way associated with any of the manufacturers we have listed. All manufacturer's names and descriptions are for reference only.