Supervisor Role; Serial Inactivity Timeout; Failed Authenticate; Firmware Lock - GE T60 Instruction Manual

5.2 PRODUCT SETUP
SUPERVISOR ROLE: When enabled (meaning "Yes" is selected) the Supervisor role is active. When "No" is selected this
role is disabled. To disabled this setting a Supervisor authentication is necessary. If disabled, the Supervisor role is not
allowed to log on. In this case the Administrator can change the settings under the Supervisory menu.
If enabled, Supervisor authentication is required to change the settings in the Supervisory menu. If the Supervisor disables
his role after authentication, the Supervisor session remains valid until he switches to another role using MMI or until he
ends the current Supervisor session if using communications.
This role is disabled by default.
5
SERIAL INACTIVITY TIMEOUT: The role logged via a serial port is auto logged off after the Serial Inactivity timer times
out. A separate timer is maintained for RS232 and RS485 connections. The default value is 1 minute.
a) SELF TESTS

PATH: SETTINGS
 SELF TESTS

FAILED AUTHENTICATE: If this setting is Enabled then the number of failed authentications is compared with the Session
lockout threshold. When the Session lockout threshold is exceeded, this minor alarm indication comes up.
FIRMWARE LOCK: If this setting is Enabled then any firmware upgrade operation attempt when the "LOCK FIRMWARE
UPGRADE" setting is set to "Yes" brings up this self test alarm.
SETTINGS LOCK: If this setting is Enabled then an unauthorized write attempt to a setting for a given role activates this
self test.

PATH: SETTINGS
 FAILED
 AUTHENTICATE
CYBERSENTRY SETUP
When first using CyberSentry security, use the following procedure for set up.
1. Log in to the relay as Administrator by using the Value keys on the front panel to enter the default password
"ChangeMe1#". Note that the "Lock relay" setting needs to be disabled in the Security > Supervisory menu. When
this setting is disabled, configuration and firmware upgrade are possible. By default, this setting is disabled.
2. Enable the Supervisor role if you have a need for it.
3. Make any required changes in configuration, such as setting a valid IP address for communication over Ethernet.
4. Log out of the Administrator account by choosing None.
Next, device or server authentication can be chosen on the login screen, but the choice is available only in EnerVista. Use
device authentication to log in using the five pre-configured roles (Administrator, Supervisor, Engineer, Operator,
Observer). When using a serial connection, only device authentication is supported. When server authentication is
required, characteristics for communication with a RADIUS server must be configured. This is possible only in the EnerV-
ista software. The RADIUS server itself also must be configured. The appendix called RADIUS Server gives an example of
how to setup a simple RADIUS server. Once both the RADIUS server and the parameters for connecting UR to the server
have been configured, you can choose server authentication on the login screen of EnerVista.
5-22

PRODUCT SETUP SECURITY
 FAILED
 AUTHENTICATE

FIRMWARE LOCK:

MESSAGE
Enabled
SETTINGS LOCK:
MESSAGE
Enabled

PRODUCT SETUP SECURITY

FAILED AUTHENTICATE:

Enabled
The use of CyberSentry for devices communicating through an Ethernet-to-RS485 gateway is not
supported. Because these gateways do not support the secure protocols necessary to communicate
with such devices, the connection cannot be established. Use the device as a non-CyberSentry
device.
T60 Transformer Protection System
 
SUPERVISORY SELF TESTS
See below
Range: Enabled, Disabled
Range: Enabled, Disabled
 
SUPERVISORY SELF TESTS
Range: Enabled, Disabled
5 SETTINGS

FAILED AUTHENTICATE
GE Multilin