Table of Contents
Advertisement
5 SETTINGS
The use of local authentication for devices with 7.x firmware equipped with CyberSentry when com-
municating through an Ethernet-to-RS485 gateway is not supported. Because these gateways do not
support the secure protocols necessary to communicate with such devices, the connection cannot be
established. Use the device as a non-CyberSentry device.
To use local authentication:
1.
Log in as outlined (Administrator or Supervisor, then Observer).
2.
After making any required changes, log off using the Commands > Relay Maintenance > Security menu.
logged in through the front panel log out by logging in as None.
Users logged in through the front panel are not timed out and cannot be forcefully logged out by a
supervisor. Roles logged in through the front panel that do no allow multiple instances (Administrator,
Supervisor, Engineer, Operator) must switch to None (equivalent to a logout) when they are done in
order to log out.
To configure remote authentication:
1.
In the EnerVista software, in the login window, choose Device Authentication and log in as Administrator.
2.
Configure the following RADIUS server parameters: IP address, authentication port, shared secret, and vendor ID. The
following procedure outlines how to set up a simple RADIUS server, where the third-party tool used is an example.
a. Download and install
FreeRADIUS from www.freeradius.net
lation that is known to work. If you try another third-party tool and it does not work, use the FreeRADIUS software from
freeradius.net.
b. Open the radius.conf file in the <Path_to_Radius>\etc\raddb folder, locate the "bind_address" field and enter your
RADIUS server IP address. An example is
bind_address = 10.14.61.109
Text editor software that supports direct editing and saving of UNIX text encodings and line breaks, such as EditPad
Lite, is needed for this editing.
c. In the users.conf file in the <Path_to_Radius>\etc\raddb folder, add the following text to configure a user "Tester"
with an Administrator role.
Tester:
->User-Password == "Testing1!1"
->GE-UR-Role = Administrator
d. In the clients.conf file in the <Path_to_Radius>\etc\raddb folder, add the following text to define the UR as a RADIUS
client, where the client IP address is 10.0.0.2, the subnet mask is 255.255.255.0, the shared secret specified here is
also configured on the UR device for successful authentication, and the shortname is a short, optional alias that can be
used in place of the IP address.
client 10.0.0.2/24 {
secret = testing123
shortname = private-network-1
}
e. In the <Path_to_Radius>\etc\raddb folder, create a file called dictionary.ge and add the following content.
# ##########################################################
# GE VSA's
############################################################
VENDOR
# Management authorization
BEGIN-VENDOR
GE Multilin
GE
2910
GE
D30 Line Distance Protection System
as the RADIUS server. This is a Windows 32-bit instal-
5.2 PRODUCT SETUP
Users
5
5-13
Advertisement
Table of Contents
