Page 1
3-Series® Control Systems Reference Guide Crestron Electronics, Inc.
Page 2
United States and/or other countries. Other trademarks, registered trademarks, and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Crestron disclaims any proprietary interest in the marks and names of others. Crestron is not responsible for errors in typography or photography.
Contents Introduction Tools and Utilities 3-Series Architecture Memory and Directory Structure ....................3 Console Commands ........................5 Establish Communications USB Connection ..........................6 TCP/IP Connection ........................8 Time and Date Settings Authentication Enable Authentication ....................... 10 User and Group Management ....................10 User Group Rights ........................
Page 4
Configure the Auto Update Mechanism ................46 Manifest File ..........................47 Results File ........................... 55 Error Handling ..........................57 Connect to Crestron XiO Cloud Service Claim a Single Device ....................... 58 Claim Multiple Devices ......................59 Appendix A: Restore to Factory Defaults Appendix B: Port Forwarding ii •...
Crestron XiO Cloud™ service connected • Full network security protocols, including 802.1X, AES, and • Active Directory® service For more information on Crestron control systems, including available products and additional resources, refer to www.crestron.com/Products/Featured- Solutions/Crestron-Control-Systems NOTE: The features and functions described in this document apply to 3-Series control systems with firmware version 1.600 or newer.
Access to software downloads and other files is reserved for Authorized Crestron dealers, Crestron Service Providers (CSPs), and Crestron partners only. New users must register for an account to access certain areas of the Crestron website. For more information on registering, navigate to https://www.crestron.com/register.
(synchronous DRAM) volatile memory. For more information regarding the memory specifications for each 3-Series control system model, refer to the appropriate product page at www.crestron.com. Flash memory contains the file system inside the 3-Series control engine. The 3-Series processor also has 128kB of NVRAM (nonvolatile RAM). NVRAM contains program variables that are retained after the loss of electrical power, while volatile memory is lost.
Page 8
The directory structure of a 3-Series control system can reside on the internal flash memory and on optional external memory (SD/SDHC). Programs, data files, and data can be stored on either internal or external memory. The files that reside in the internal flash conform to a flat directory structure, while the external memory system conforms to a FAT32-compatible file system.
• IP address or hostname of the device is known. Console commands may also be sent to the device using the Text Console tool in Crestron Toolbox via one of the supported communication protocols. Console commands are grouped logically. Issuing the help command •...
USB A to B cable. 2. Open Crestron Toolbox software. 3. Click the pencil icon at the bottom left of any tool in Crestron Toolbox. A dialog box for editing the connection type is displayed. 4. Click the USB radio button.
Page 11
Text Console - Connection Status The USB connection information for the control system may be saved using the Address Book function in Crestron Toolbox. For more information, refer to the Crestron Toolbox help file. Reference Guide – DOC. 7150B...
Once a static or dynamic IP address has been set for the control system, the TCP/IP connection information for the control system may be saved using the Address Book function in Crestron Toolbox. For more information, refer to the Crestron Toolbox help file.
SNTP server. Example: SNTP START SERVER:255.255.255.255 PERIOD:60 • The internal clock can also be set using the System Clock function in Crestron Toolbox. For more information, refer to the Crestron Toolbox help file. Reference Guide – DOC. 7150B...
Authentication settings can also be configured using the Authentication function in Crestron Toolbox. For more information, refer to the Crestron Toolbox help file. NOTE: To manually reset authentication, use a small, pointed object (such as the tip of a pen) to press and hold the recessed SW-R button on the control system for 15 seconds.
Page 15
Add Local User To add a local user to the control system, issue the ADDUSER command. Syntax: ADDUSER -N:username -P:password • -N: Specifies the name of the local user that will be created -L: Specifies a password for the local user Example: ADDUSER -N:jsmith -p:user01 •...
Page 16
Delete Local Group To remove a local group from the control system, issue the DELETEGROUP groupname command. When a local user group is removed, users in the group are not removed from the control system. However, the user will lose the access rights associated with the removed group.
Add User to Group To add a local or an Active Directory user to a local group, issue the ADDUSERTOGROUP command. Syntax: ADDUSERTOGROUP -N:username -G:groupname • -N: Specifies the name of the local or Active Directory user -G: Specifies the name of the local group Example: ADDUSERTOGROUP -N:jsmith1 -G:CresProgs •...
Out of the box, the device ships with the following local user groups with the associated rights: Default Rights of Local Groups GROUP Crestron Admin Crestron Programmer Crestron Operator Crestron User Crestron Connect Password Management The following sections explain how to manage passwords for local users on the control system.
Update Local Password To update the current user's password, issue the UPDATEPASSWORD command. When authentication is enabled, users may update their password. The user is prompted to enter the current password once and the new password twice. If the old password does not match the current password, the operation fails and the password is not changed.
Page 20
Local User Login If authentication is on and a user opens a connection to the console, the console prompts the user for a username and password as shown in the example below. PRO3 Console Login: jsmith1 Password: ****** PRO3> Local users are created with no access rights. Even if a user has an account in the control system, the user cannot connect to the control system console when authentication is on unless the user been added to a group.
Session Timeout Functions By default, a user is never logged off automatically unless the value for the logon session timeout is manually changed. If the value for logon session timeout has been changed, the console starts a timer after a user logs in and monitors the user's activities. If a user is idle for more than a set duration, the console logs the user out automatically.
Blocked User Functions If authentication is enabled, administrators are able to block users from accessing the control system via the console and Crestron Toolbox. Add User to Blocked List To add a user to the blocked list, issue the ADDLOCKEDUser command.
Page 23
Add IP Address to Blocked List To add an IP address to the blocked list manually, issue the ADDBLOCKEDip command. Syntax: ADDBLOCKEDip [ipaddress] • ipaddress: Enter the IP address that will be blocked. No parameter: Lists all blocked IP addresses Example: ADDBLOCKEDip 255.255.255.255 •...
User: The User store holds additional certificates not used in the 802.1X • standard. Certificates can also be managed using the Security Certificates function in Crestron Toolbox. For more information, refer to the Crestron Toolbox help file. Certificate Requirements 3-Series control systems support all standard X.509v3 certificates that use the following: RSA key with length 2048, 3072, or 4096 bits •...
Use an SFTP or SCP client to upload the certificate file (in .cer or .pem format) to the “\User” directory. 2. Use an SSH console or Crestron Toolbox to copy the certificate file to the “\ROMDISK\User\Cert” directory. 3. Issue the CERTIFicate ADD Certificate_Store <Certificate_Name>...
Example: TLSVERSION TLS1.2 • TLS/SSL certificates may also be managed using the SSL Management function in Crestron Toolbox. For more information, refer to the Crestron Toolbox help file. Server Certificates When authentication is enabled, the control system uses a server-side certificate to authenticate various control system components, including the web server.
Page 27
Generate a Certificate Signing Request (CSR) To generate a certificate signing request, issue the CREATECSR "C:ST:L:O:OU:CN:E" command, where the following parameters are replaced with the appropriate data that should appear in the certificate: NOTE: Any parameter that is not required can be left blank as needed. C: The two letter country code (corresponding to ISO 3166) •...
Page 28
2. Use an SCP or SFTP client to copy the two certificate files to the \User directory on the control system. 3. Connect to the control system via SSH or Crestron Toolbox. 4. Issue the delete \Sys\rootCA_cert.cer and delete \Sys\srv_cert.cer, commands to delete any existing certificate files.
Page 29
2. Use an SCP or SFTP client to copy the three certificate files to the \User directory on the control system. 3. Connect to the control system via SSH or Crestron Toolbox. 4. Issue the delete \Sys\rootCA_cert.cer, delete \Sys\srv_cert.cer, and delete \Sys\srv_key.pem commands to delete any existing certificate files.
802.1X 802.1X is an IEEE network standard designed to enhance the security of wireless and Ethernet LANs. It is widely used in corporate networks to provide an authentication mechanism for devices wishing to connect to the network. The standard relies on the exchange of messages between the device and the network's host, or authentication server.
Page 31
8. Issue the reboot command to reboot the control system with the new 802.1X settings. 802.1X configuration can also be performed using the 802.1X function in Crestron Toolbox. For more information, refer to the Crestron Toolbox help file. Reference Guide – DOC. 7150B...
For more information, refer to “Auto Update Mechanism” on page 46. The Package Update Tool in Crestron Toolbox can also be used to send firmware to the control system and to manage the firmware update. For more information, refer to the Crestron Toolbox help file.
PersistentLog: Consecutive quite states detected; logging is resumed message. The PLOG can also be viewed in Crestron Toolbox using the Error Log function. For more information, refer to the Crestron Toolbox help file. Reference Guide – DOC. 7150B...
Page 34
Example: Info: TLDM.exe # 2019-02-07 11:58:45 Router got Connected When reporting an error message to a Crestron customer service representative, report the exact message as it appears in the error log. The Application field indicates the program that produced the error.
Example: REMOTESYSlog -S:ON -E:NOTICE -A -I:255.255.255.255 • -P:12345 -T:SSL -V:OFF Remote system logging can also be configured in Crestron Toolbox using the Syslog function. For more information, refer to the Crestron Toolbox help file. Reference Guide – DOC. 7150B 3-Series Control Systems • 31...
The optional ALL parameter can be appended to print the entire log. NOTE: Use the Audit Logs function in Crestron Toolbox to change the audit log storage location and file name. For more information, refer to the Crestron Toolbox help file.
When using the Control Subnet, observe the following: CAUTION: Do not connect the CONTROL SUBNET port to the LAN. The CONTROL SUBNET port must only be connected to Crestron Ethernet devices. The control system acts as a DHCP server to all devices connected to the •...
Prepare the Control Subnet Before enabling the Control Subnet on the control system, note the following assumptions: The system is not capable of dual authorization. • Physical security is assumed to be provided by the environment. • Administrators are trusted to follow and apply all administrator guidance •...
Optional Expansion cards (PRO and AV3 only) • This design is in place to ensure that the Crestron CPU and optional expansion cards are protected from malicious packets on the LAN. Refer to the diagram below for more information on how these components work together.
Page 40
Inbound from LAN Listen ports To CPU Programmatic listeners used by program To devices Allows Crestron management tools to access Inbound from LAN 64000-64299 on control devices on the Control Subnet; ports are system opened and closed as needed Control Subnet...
3-Series control systems are equipped with program slots that are used to store program files. Programs files can be created using SIMPL Windows, SIMPL Sharp Pro, and Crestron Studio, and allow the control system to be custom programmed to perform certain tasks or enable certain system functionality.
Page 42
-U:AVF469 NOTE: For more information on connecting a device to Crestron Virtual Control, refer to the help file in the Crestron Virtual Control web configuration interface. To access the help file, click the question mark button on the top left of the page.
Page 43
-P:program: The program number on the control system that uses the device (default is 1) -U:RoomId: The room ID used for communication with a Crestron Virutal Control server (max length is 32 characters, valid values are A- Z and 0-9) Example: REMPEER 13 255.255.255.255 -D:134 -C:458 -P:3...
Run Multiple Programs 3-Series processors run multiple programs simultaneously to allow programmers to independently develop and run device specific programs for AV, lighting, HVAC, security, and so forth. As a system grows, processing resources can easily be shifted from one 3-Series processor to another without rewriting any code. Device Registration Considerations To keep the system running seamlessly, consider the following when stopping and starting programs:...
(if installed) before checking in internal flash. To configure running programs from external storage, use the Compact Flash function in Crestron Toolbox. For more information, refer to the Crestron Toolbox help file. Reference Guide – DOC. 7150B...
Master-Slave Mode Master-slave mode is a network configuration that allows a 3-Series processor to access ports on other Crestron control systems over Ethernet. By attaching a slave control system to a master control system, the master control system can use ports that it may not normally have (I/O, IR, RF, and so forth).
Master-Slave Configuration Use the following console commands to configure master-slave mode parameters for the control system. Add Master Entry To add a master entry to the IP table, use the ADDMASTER command. Syntax: ADDMASTER [cipid] -[ip_address/name] • cipid: The ID of the CIP node (in hexadecimal format) ip_address/name: The IP address (in dot decimal notation) or the name of the site for DNS lookup Example: ADDMASTER 1E -PRO3-IH...
Page 48
Response Reject Count for Slave Connection To set the default response reject count for the slave processor connections, issue the ETHSLVCONNFCNT command: Syntax: ETHSLVCONNFCNT [CONNECTFAILEDCOUNT] • CONNECTFAILEDCOUNT: Sets the default slave connect response reject count. The slave stops connecting after this number of connect response rejections.
Functional Behavior Observe the following regarding functional behavior for master-slave mode: When operating in Ethernet slave mode, the control system can address • any installed hardware, but it cannot address Ethernet devices. A 3-Series master and 3-Series slave each have their own independent •...
Auto Update Mechanism 3-Series control systems provide an automatic update mechanism that centralizes updates on a remote server and allows devices to automatically download and update their respective components when updates are available. The centralized location can be a web server, a MyCrestron.com portal, or a private server.
Manifest File The manifest file, which is JSON encoded, contains all the information required for scheduling and performing automatic updates on a 3-Series control system. The control system parses the manifest file, locates any required updates, and performs them in the order listed in the file. The manifest is always downloaded and parsed either at a scheduled time or from a forced action, which can be set from console commands.
Page 52
controlSystemHostname: The hostname or IP address of a control • system that is located in the client's IP table. If this parameter is omitted, the value will default to any. deviceId: The IP ID, Cresnet ID, or RF ID of the device (in hexadecimal •...
Page 53
and then compared to the previous hash that is cached locally on the control system. If the hash in this file has changed, then the file defined in fileUrl will be downloaded and installed. If the has in this file has not changed, then the file defined in ...
Page 54
Refer to the following best practices to manage the system properly: Cresnet and EX devices on the internal gateway can be safely updated • when using "wildcards" for the controller hostname. If updating Ethernet devices, it is recommended to specify device IDs so •...
Page 55
DeviceHostname This parameter is only valid for an Ethernet device and can have multiple meanings: If the "deviceModel" specifies an Ethernet device, then the • "deviceHostname" identifies the device to be updated. If the "deviceHostname" is the wildcard character "*", then it identifies all the Ethernet devices of the type specified by "deviceModel".
Page 58
Manifest File Code Flow The code flow of the auto update mechanism using the manifest file, as performed by the control system, is described below: The control system downloads the manifest file at the predetermined day and time. 2. The control system parses the manifest file for applicable actions. 3.
Results File The result of each action taken by the control system is uploaded to the location specified by the "logFolder" parameter that is associated with the action. Results filenames have the following syntax: [MAC_address_of_CS].[timestamp].[index].log • Example: 00107f44901e.20190321_115636.1.log • When an action is performed, a result file is uploaded for each part of the action: When the action is downloaded, when the action starts, and when the action finishes.
Page 60
The result text returned to the console when executing a console command Sample Results File The following is an example of a results file for a 3-Series Control System (PRO3) .puf file automatic update: "ControllerHostName": "Crestron-PRO3", "deviceModel": "PRO3", "updateAction": "firmware", "updateLog": [ "fileName": "xx.txt", "fileHash": "HASHCODE",...
Error Handling The following errors may be encountered during the auto-update process. If the below solutions do not resolve the error, contact Crestron technical support. File download fails: the client is unable to download the hash file or the •...
The Crestron XiO Cloud service may be used to view the status of a device, to configure various device and network settings, to manage licenses, and to update device firmware.
Claim Device Dialog Box 4. Enter the MAC address and serial number recorded in step 1 in the MAC Address and Serial Number fields, respectively. 5. Click Claim. A success message is displayed if the claim is successful. NOTE: If an error message is displayed stating that the device does not exist, connect the device to a network that has access to the Internet, wait 15 minutes, and then try again.
Page 64
2. Save the CSV file to a location that may be accessed by the computer used to access the Crestron XiO Cloud service. 3. In the Crestron XiO Cloud service, click the ENVIRONMENT menu button to display a drop-down menu.
Page 65
5. Click Choose, and then select the CSV file created in step 1. 6. Click Claim to claim all of the devices listed in the file. A message indicating the claim status of each device is displayed. NOTE: If an error message is displayed stating that a device does not exist, connect that device to a network that has access to the Internet, wait 15 minutes, and then try again.
1-second gap between each press. 3. Wait up to 15 minutes for the self-recovery process to complete. 4. Attempt to make a connection to Crestron Toolbox via USB. USB is the only valid connection type to recover a control system.
Appendix B: Port Forwarding Port forwarding can be used to provide connections from outside the local network for mobile and browser applications. Observe the following points about port forwarding: Remap the external ports from the initial defaults. Remapping the • external ports minimizes the number attempts that are allowed to access the system.
Page 68
Crestron Electronics, Inc. Reference Guide – DOC. 7150B 15 Volvo Drive, Rockleigh, NJ 07647 (2029865) Tel: 888.CRESTRON 05.19 Fax: 201.767.7576 Specifications subject to www.crestron.com change without notice.