Lockout threshold. When the Session Lockout threshold is exceeded, this minor alarm indication comes up.
— If this setting is Enabled, then any firmware upgrade operation attempt when the Lock Relay setting is
enabled brings up this self test alarm.
— If this setting is Enabled then an unauthorized write attempt to a setting for a given role activates this self
SETTINGS PRODUCT SETUP SECURITY SUPERVISORY SELF TESTS FAILED AUTHENTICATE
When first using CyberSentry security, use the following procedure for setup.
Log in to the relay as Administrator by using the
"ChangeMe1#". Note that the Lock Relay setting needs to be disabled in the Security > Supervisory menu. When this
setting is disabled, configuration and firmware upgrade are possible. By default, this setting is disabled.
Enable the Supervisor role if you have a need for it.
Make any required changes in configuration, such as setting a valid IP address for communication over Ethernet.
Log out of the Administrator account by choosing None.
Next, Device or Server authentication can be chosen on the login screen, but the choice is available only in EnerVista.
Use Device authentication to log in using the five pre-configured roles (Administrator, Supervisor, Engineer, Operator,
Observer). When using a serial connection, only Device authentication is supported. When Server authentication is
required, characteristics for communication with a RADIUS server must be configured. This is possible only in the
EnerVista software. The RADIUS server itself also must be configured. The appendix called RADIUS Server at the end of
this instruction manual gives an example of how to set up a simple RADIUS server. Once both the RADIUS server and
the parameters for connecting the UR to the server have been configured, you can choose Server authentication on
the login screen of EnerVista.
To configure Server authentication:
In the EnerVista software, choose Device authentication and log in as Administrator.
Configure the following RADIUS server parameters: IP address, authentication port, shared secret, and vendor ID.
On the RADIUS server, configure the user accounts. Do not use the five pre-defined roles as user names (Administrator,
Supervisor, Engineer, Operator, Observer) in the RADIUS server. If you do, the UR relay automatically provides the
authentication from the device.
In the EnerVista software, choose Server authentication and log in using the user name and password configured on
the RADIUS server for Server authentication login.
After making any required changes, log out.
— If this setting is Enabled then the number of failed authentications is compared with the Session
The use of CyberSentry for devices communicating through an Ethernet-to-RS485 gateway is not
supported. Because these gateways do not support the secure protocols necessary to communicate
with such devices, the connection cannot be established. Use the device as a non-CyberSentry
Users logged in through the front panel are not timed out and cannot be forcefully logged out by a
supervisor. Roles logged in through the front panel that do no allow multiple instances (Administrator,
Supervisor, Engineer, Operator) must switch to None (equivalent to a logout) when they are done in
order to log out.
For all user roles except Observer, only one instance can be logged in at a time, for both login by front
panel and software.
When changing settings offline, ensure that only settings permitted by the role that performs the
settings download are changed because only those changes are applied.
Range: Enabled, Disabled
keys on the front panel to enter the default password
C30 CONTROLLER SYSTEM – INSTRUCTION MANUAL
CHAPTER 5: SETTINGS