TeleBoss 850 UserManual
TeleBoss 850 UserManual
Asentria Corporation
1200 North 96th Street
Seattle, Washington, 98103
U.S.A.
Tel: 206.344.8800
Fax: 206.344.2116
www.asentria.com
TeleBoss™ 850 Telecom Site Controller
Installation and Operation Guidelines
For firmware Version 2.06.280_STD
Manual Release Date: March 9, 2011
Manual Revision: B
Rev B
Removed erroneous statement that the T850 supports SFTP “gets“. It does not, only SFTP push.
Removed the description of the ’XF‘ Usage Command – thi s is not a user command.
Quick Start
What's Included
This chapter is a brief guide to help get your TeleBoss 850 (T850) up and running quickly.
Hardware Needed
Asentria TeleBoss 850
15VDC power adaptor (Included if AC power option)
DC power source (if DC power option)
Computer with serial port and terminal emulation software, and/or network access.
Ethernet cable
RJ45 M-M unshielded serial cable and RJ45/DB9 straight thru adapter (Included)
A PC running any type of SNMP trap management software, if T850 will be sending SNMP traps as event actions.
Information Needed
IP address(es) to assign to the T850
Subnet mask
Default router IP or gateway router IP address if on a WAN (Optional)
IP address of a PC running any type of SNMP trap management software, if T850 will be sending SNMP traps as
event actions.
A) Elevated Operating Ambient - If installed in a closed or multi-unit rack assembly, the operating ambient
temperature of the rack environment may be greater than room ambient. Therefore, consideration should be given to
installing the equipment in an environment compatible with the maximum ambient temperature (Tma), which is 40C
for standard units 65C for extended temperature units.
B) Reduced Air Flow- Installation of the equipment in a rack should be such that the amount of air flow required for
safe operation of the equipment is not compromised.
C) Mechanical Loading - Mounting of the equipment in the rack should be such that a hazardous condition is not
achieved due to uneven mechanical loading.
D) Circuit Overloading - Consideration should be given to the connection of the equipment to the supply circuit and
the effect that overloading of the circuits might have on overcurrent protection and supply wiring. Appropriate
consideration of equipment nameplate ratings should be used when addressing.
E) Reliable Earthing -Reliable earthing of rack-mounted equipment should be maintained. Particular attention should
be given to supply connections other than direct connections to the branch circuit (e.g.use of power strips).
Physically install the SiteBoss into your site. Use the included Mounting Brackets to secure to a standardly grounded
equipment rack.
If the unit is not mounted within a grounded rack system, connect the attached ground wire securely to an appropriate
earth ground.
Page 1
TeleBoss 850 2.06.280_STD User Manual
Connecting
Cables and Power
1. Connect the RJ45 cable (with optional adapter, if needed) to the serial port I/O2 of the T850 and the COM1
of a PC or laptop running any terminal emulator.
2. Connect the attached ground wire securely to an appropriate earth ground (this is essential).
3. Connect an Ethernet cable, if available, into the RJ-45 jack labeled ETH1.
4. Connect the power supply to the unit (see Power Requirements section).
Power Requirements
The T850 is configured with one of two types of power connectors: AC or DC.
If configured for AC, the unit uses a barrel connector for connecting to the 15VDC power adapter shipped with the
unit.
If configured for DC, the unit is configured with a 4-pin Molex connector for use with a DC power source. The unit is
shipped with the cables and instructions for direct connection to a DC power source. The instructions are shown
below, in case they are missing from the box.
Note: This instruction sheet describes connection of the provided –48V wiring harness kit to the source power
supply. This unit should be assembled and installed by a qualified technician who can ensure the power source is an
isolated, SELV (Safety Extra Low Voltage) circuit. There are two versions of the harness using different wiring colors
as shown below.
Note: The DC input should be protected by an external 2A DC rated slow Blow Fuse suitable for branch circuit
protection, at the power supply or within the building circuitry. The input DC power current limiting fuse circuit is
provided for by the end user, and is required for unit operation in compliance with safety agency approvals.
CONTENTS:
Please inventory the package contents and ensure you have the following items pertaining to the -48VDC Power
Option:
1. A cable harness consisting of 2 red and 2 blue wires connected to a white nylon “molex” connector.
2. A bare white nylon housing.
3. 5 crimp-on contacts.
Option A: Connect the supplied harness assembly to your -48VDC voltage source:
1. Ensure the unit is not connected to any peripheral equipment.
NOTE: Peripheral Equipment connections may cause a short circuit of your -48V supply if the power
connections are reversed! Do not connect peripheral equipment connections until you know the unit is
operational by observing the front panel Power LED.
2. Strip the ends of the wires.
Page 2
TeleBoss 850 2.06.280_STD User Manual
3. Using wire nuts (not supplied), connect the stripped wires to the power source. The red wires connect to ground
or the most Positive connection on the voltage source. The blue wires connect to -48VDC or the most Negative
connection on the voltage source.
1. Connect to I/O 2 with a serial terminal emulation program at 19200 baud, 8N1.
2. Enter STATUS or ? and press <Enter>. You will be presented with a status screen similar to the following.
COMPLETE
>
When the status screen appears, the unit is successfully connected and ready for use.
2. Open the OmniDiscover program. It will immediately display all Asentria devices on the network. Right clicking
on the line for this unit displays three options: Setup, Telnet and Web.
Setup opens another window where the IP Address, Subnet Mask, and Gateway (router) can be configured
(see below). Press “OK” and these will be assigned to the unit and displayed in the previous window. (Select
this option to configure the network settings for the first time.)
Telnet opens a connection to the device using your default Telnet client.
Page 3
TeleBoss 850 2.06.280_STD User Manual
Web opens an HTTP connection to the device using your default browser, if the device supports and is
configured to allow a web connection.
3. Once the network settings have been assigned, the T850 command line can be accessed via any Telnet client or
HTTP web connection.
Contact Asentria Technical Support for any questions or assistance with OmniDiscover.
Network Setup
via OmniDiscover connection:
1. See the description of how to use OmniDiscover as described above.
ping 192.168.100.59
PING 192.168.100.59 (192.168.100.59): 56 data bytes
64 bytes from 192.168.100.59: icmp_seq=0 ttl=128 time=8.0 ms
64 bytes from 192.168.100.59: icmp_seq=1 ttl=128 time=0.7 ms
64 bytes from 192.168.100.59: icmp_seq=2 ttl=128 time=1.8 ms
64 bytes from 192.168.100.59: icmp_seq=3 ttl=128 time=0.8 ms
64 bytes from 192.168.100.59: icmp_seq=4 ttl=128 time=0.7 ms
64 bytes from 192.168.100.59: icmp_seq=5 ttl=128 time=0.7 ms
2. Press <CTRL + C> to stop the ping testing. If <CTRL + C> is not pressed, the unit will continue pinging attempts
indefinitely.
3. If there is an error message or no response from the router, first check the network settings and connection, then
consult your System Administrator or Asentria Technical Support.
4. Using a Telnet client, connect to the IP address assigned to the unit.
Setup
1. Configure the network settings as described in the previous section.
2. Select the Network Settings then SNMP Settings sub-menu.
3. Verify the SNMP Community name is correct for your network.
4. Switch to the Action Definitions menu and enter the Hostname or IP address of the computer to receive the traps
into the field, “Hostname/IP Address 1”.
Page 4
TeleBoss 850 2.06.280_STD User Manual
5. Press <CTRL + C> to exit the Setup menu and return to the command prompt.
6. On the computer that will be receiving the SNMP traps, start your preferred SNMP trap manager.
Page 5
TeleBoss 850 2.06.280_STD User Manual
Note: Functionally, the TeleBoss 850-0 is identical to the T850-2 and T850-6 products, except that it does not
have expansion bays on the back panel for insertion of different I/O Expansion Cards. Therefore, references in this
manual to Expansion Cards (wireless modems, GPS) functions do not apply to the T850-0. However, the T850-0
does feature an on-board sensor port for use with Asentria EventSensors, many of which feature the same I/O as
some of the optional Expansion Cards, so references to contact closures, analog sensors, and relay outputs are all
applicable to the T850-0.
The T850 is a powerful remote device management system which can collect and forward text records such as those
used by Call Accounting and Telemanagement billing applications. These records are collected by the T850 from
PBX serial ports, and in some cases directly over a TCP/IP connection. The T850 can also make a passthrough
connection directly to devices connected on one of its serial ports, and can also connect you via web or Telnet to
other devices on the same remote network as the T850. The T850 provides versatile alarm management of text-
based alarms as well as interfaces with environmental monitoring equipment and contact closure alarms at your
remote site. The T850 is a powerful remote network management solution for Call Accounting systems, Service
Bureaus, and end users who need to collect PBX data as well as get remote access, and collect alarms from
equipment at remote sites.
On-board I/O provides serial, Ethernet, and dialup connectivity. The T850-2 (11-inch) and T850-6 (17-inch)
models provide two or six expansion slots respectively to allow addition of various communications and
monitoring interfaces (Expansion Cards).
Communication Methods
The T850 has a diverse selection of communication methods available for different applications. The following
methods can be used to either access the command processor or provide a passthrough connection to devices
attached to the serial ports. All methods of connecting to the unit can be secured via password for protection of data
and hardware.
RS-232 serial
Telnet
Standard modem serial
Security callback modem serial
SSH
HTTP Server
Page 6
TeleBoss 850 2.06.280_STD User Manual
Data may be retrieved from or through the T850 by any of the following methods:
Serial or modem connection to command processor (using Line or Zmodem) or pass-through
Inline Mode (data in I/O1, data out I/O2)
Telnet to command processor or passthrough
Telnet real-time sockets
FTP or SFTP push (automatic delivery to FTP or SFTP server)
FTP get (manual retrieval from FTP server)
Alarms generated or detected within the T850 can be delivered through any of the following means:
● Modem callout ● Dialup pager ● Asentria Alarms
● SNMP trap ● Script actions ● Relays (if configured with optional relay Expansion Card)
● Email ● SMS Messages
Data Storage
Basic data storage in the T850 is accomplished in a database of four files – FILE1, FILE2, EVENTS, and AUDIT.
FILE1 and FILE2 are typically associated with Serial Port I/O 1 and Serial Port I/O 2 respectively, although either
serial port can store to either FILE1 and FILE2, or both. Data collected via IP Record Collection (IPRC) is also stored
to either FILE1 or FILE2. EVENTS and AUDIT are log files generated from the Event Log Settings and Audit Log
Settings menus per the parameters set there. The number of records stored in each these four files can be displayed
using the DIR command on any connection to the command processor, including FTP.
The T850 also features three “auxillary” files for storage of data to be used in scripting functions, named AUX1, AUX2,
and AUX3. These three files are not displayed with the DIR command, although data collected via serial port or IPRC
can be stored to any of these three auxillary files in addition to FILE1 and FILE2. Refer to the Scripting chapter for
more information on processing data stored in AUX1, AUX2 and AUX3.
Remote Access
The T850 can provide an administrator transparent access to devices connected to the serial ports of the unit via
serial, modem, and Telnet pass-through connections. This sort of access can be used to configure, maintain, or
manipulate devices that would normally have no remote access.
Environmental Monitoring
Through the use of external EventSensor modules and/or internal Expansion Cards, a variety of environmental sensor
monitoring and alarming capabilities are available in the T850. Each individual sensor can be configured with
independent actions, counters and other unique settings. Sensor events triggered within the T850 can be logged to
an Event Log. This file can be viewed through the Event Log section on the Setup menu, via the TYPE EVENTS
command, or via FTP or the web interface.
Event Notification
Actions generated or detected within the T850 can be delivered through any of the following means:
● Modem callout ● Dialup pager ● Asentria Alarms
● SNMP trap ● Script actions ● Relays (if configured with optional relay Expansion Card)
● Email ● SMS Messages
Audit Log
The T850 has the capability to log many types of administrative events, from serial port handshaking alarms to login
attempts. These Audit Log entries are stored in a file and can be viewed through the Audit Log section of the Setup
menu, via the TYPE AUDIT command, or via FTP or the web interface.
Page 7
TeleBoss 850 2.06.280_STD User Manual
Integration with SitePath
Using the T850 in conjunction with Asentria’s SitePath Remote Management System, you can create secure and
controlled IP access to remote servers and appliances co-located on the same remote network as the T850. SitePath
uses an integrated SSL or IPSEC VPN implementation which simplifies otherwise complex VPN setup down to a few
easy steps, allowing users to access remote devices via the SitePath VPN Gateway. The T850 plus SitePath provide
IP routing to authorized remote network addresses, and prevents unauthorized access to any other addresses on the
remote LAN.
Page 8
TeleBoss 850 2.06.280_STD User Manual
Parts Identification
Features and Accessories
Standard Equipment
The base T850 comes with the following standard on-board equipment:
AC or DC Power Input
32MB logging database for CDR or other text records
2 – RJ45 DTE serial I/O ports
1 – RJ45 ESJ/ES sensor port for connection of Asentria EventSensors and SensorJack sensors.
2 – 10/100Mb Ethernet interfaces with support for six 802.1Q VLAN interfaces on each.
1 – MMC memory I/O slot
0, 2 or 6 – Expansion Card slots
Internal lithium coin-cell type battery backup*/**
* Battery backup preserves clock operation when power is not present. Data records and settings are stored in non-
volatile memory and therefore do not require battery backup.
In addition to the above components, the standard unit is shipped the following accessories:
This product manual on the Documentation and Software CD
RJ45 M-M unshielded serial cable and RJ45/DB9 straight thru adapter for each serial port ordered
RJ45 Ethernet cable for each Ethernet port
Power supply adapter (for AC units), or wiring harness and Molex plug (for DC units)
Options
Each of the following components is optional and may be installed on a T850:
Additional RJ45 DTE serial I/O ports in sets of 4 to total 6, 10, 14, 18, 22, or 26 ports
64MB logging database for CDR or other text records
Internal 33.6K baud, or wireless modem
Run-time battery (enables the unit to function for a period of time without power, if enabled).
Expansion Cards configured as wireless modem, ADSL modem, contact closures, analog sensors, and relays.
The T850 may come with any of the following accessories as well, depending on the configuration or order:
Modem cable for internal modem
Antenna for wireless modem Expansion Card
Serial cables and RJ45/DB9 adapters for 4-port Serial Expansion Cards
Page 9
TeleBoss 850 2.06.280_STD User Manual
Power
The Power LED is green and has two operational states. During the boot up cycle, it will blink once every second until
the boot sequence is complete. During normal operation, it is steady on with a blink every 5 seconds.
MDM (Modem)
The MDM LED lights solid green whenever the modem is connected and blinks when the modem is dialing out.
ETH (Ethernet)
The Link LED lights solid green whenever an active Telnet or FTP connection is made to the unit.
ALM (Alarm)
This LED is reserved for future use.
Expansion Card n
Each optional Expansion Card has eight LEDs associated with it that may or may not be used.
Each RJ45 port on the back panel has two LEDs associated with it – one on the Right of the port, one on the Left of
the port.
I/O Port 1 & 2 (and any additional 4-I/O Port cards that may be installed)
● Right – Lights solid green when a correctly configured cable from another device is connected to it.
Otherwise this LED remains off. As the I/O Port receives or transmits data, this LED will flash red.
● Left – Lights solid green when power is applied to the T850, regardless of whether a cable is connected
to the I/O Port or not.
Page 10
TeleBoss 850 2.06.280_STD User Manual
Back Panel configuration
Over the course of its lifetime, the T850 has had three hardware versions, known as Rev B, Rev D, and the current
version, Rev F. The main visually identifiable difference between each version is the sensor port. Briefly, here are
the differences:
The type of sensor port determines what type of Asentria sensors will work with the unit. A complete description and
explanation can be found in the T850 Hardware Revisions, Sensor Ports and Sensors section of this manual.
The current hardware revsion is Rev F (noted on the serial number label as H/W Rev: F.1)
The above drawings show the -2 and -6 models of the T850. Not shown is the -0 model which is configured
exactly like these two models except it does not feature any expansion slots, nor the bay for the optional battery
or -48VDC power.
Ports
Memory I/O
The slot labeled Memory I/O can be used for the optional external Temperature Sensor, which is a small MMC.
Eventually T850’s may also be upgraded using a MultiMedia Card (MMC) in this slot.
Sensor
The sensor port is an RJ45 connector for use with Asentria EventSensors and SensorJack sensors.
Ethernet
The Ethernet 10/100Mb interfaces are standard RJ45. Either of these standard connectors will connect the T850 to
an Ethernet hub or switch. Refer to the Telnet/TCP Connections section in the Features chapter for further
information regarding a number of different types of Telnet connection options. LEDs by each Ethernet connection on
the back panel flicker when packets are being transmitted/received on that port.
Page 11
TeleBoss 850 2.06.280_STD User Manual
Serial Ports
Each of the two (or more) serial ports is configured as a DTE port using an RJ45 connector. This is the standard
recommended pinout for EIA/TIA-561 for 8 pin RJ45 connector:
The DB9 female cable end which mates with the serial port connectors of connected devices will often have a pair of
screw-down cable screws. These cable screws should be used to assure a solid connection of the cable with the
device.
Default settings for the serial ports are 19200-baud, 8-bit word length, no parity, and one stop bit (19200, 8N1). Use
the internal setup menu to adjust these settings.
Internal Modem
If a dialup POTS modem is installed, an RJ11 (typical U.S. phone) connector is used. A POTS (analog) dialup phone
line is inserted into this connector. The modem installed within this unit is FCC certified. For further information,
consult the Internal Modem Guidelines appendix or the serial number label on the bottom of the T850.
CAUTION: To reduce the risk of fire, use only No. 26 AWG or larger telecommunication line cord.
ATTENTION: Pour réduire les risques d’incendie, utilizer uniquement des conducteurs de télécommunications 26 AWG au
de section supérleure.
DIP Switches
The bank of 8 DIP switches on the back panel of the T850 are used to control the baud and parity settings of I/O2, to
set the operational mode for I/O2, and to put the unit into “boot load mode” where it can be forced to load a new
application (firmware image). The following table shows how to set the various DIP switches to obtain certain
settings:
Page 12
TeleBoss 850 2.06.280_STD User Manual
Note: Boot Load Mode can only be set by flipping ALL DIP switches to the UP position. This is not a setting that
can be configured via internal menu settings, or Setting Keys.
Note: For settings that can be set either via DIP switch, internal menu settings, or Setting Keys, the T850 always
pays attention to the last setting, regardless of how it was done. So if the internal setting for I/O 2 Port Mode is
Command, and someone flips SW4 to the UP position, the Mode is immediately set to Data.
Buttons
The only button on the T850 is the Reset button located on the back panel next to the left of serial port I/O 2. The
Reset button can be used for two different functions:
1) To reset the T850 – press the Reset button for approximately 1 second and T850 will be begin the reboot
process as described in the Power Up Sequence section on the next page.
2) To activate the Button Unlock feature which resets the username and password back to default.
Page 13
TeleBoss 850 2.06.280_STD User Manual
Getting Connected
Power Up Sequence
On startup, the T850 goes through the following boot sequence in approximately 55 seconds:
Default Passwords
The T850 uses a very flexible system for managing users, passwords, and access rights. By default, the following
fifth user profiles are enabled. Note that if a password is defined without a user name, the profile is defined just by the
user name. All of the default profiles are password-only. All passwords are masked: ********
The default settings are configured to low security for your convenience in setup. It is highly recommended that you
change these passwords and record them in a secure location.
COMPLETE
>
TeleBoss 850 indicates that this product is the T850, followed by 2.06.280 STD, the currently loaded firmware
version.
Site Name is the identifier assigned to each T850 by the end user in the General Settings menu.
Serial Number is the factory-assigned, unique serial number for this T850.
Page 14
TeleBoss 850 2.06.280_STD User Manual
Date and Time display the current date and time.
Memory indicates the amount of flash memory configured for storage of data.
% Full Alarm / No Data Alarm n indicates the current ON/OFF status of the % Full Alarm, and No Data Alarms 1 and
2, respectively.
Duplex controls the echo settings for the command processor. Full duplex causes the T850 to echo all characters
sent to the remote device. Half duplex turns off character echo.
Eth 1 and Eth 2 displays STATIC, DHCP, or VLAN, depending on which mode each of the two Ethernet interfaces is
configured for.
IP Add and MAC Add immediately following Eth 1 and Eth 2 are the network IP address assigned to each Ethernet
card, and that cards MAC address. The MAC address of both Ethernet cards can also be found on the unit’s serial
number label.
The default serial port names of I/O 1, 2, etc are displayed for each of the installed serial ports along with the
following information:
Baud Rate/Etc. displays the baud, word length, parity, and stop bit settings for each installed serial port.
Recs shows the number of carriage return-delimited records stored within the file associated with each serial port.
Bytes displays the amount of storage allocated for the above records.
Full is a rough percentage indicator of how much data is stored in a particular file.
Wrap indicates the ON/OFF status of whether file wrapping is enabled on a particular port. When ON, a unit that is
100% full will overwrite the oldest buffered records with new ones.
Name displays the target name, which is an optional name given to the device connected to the port. This target
name is used in event notifications and can be configured in the Serial Settings menu for each port.
Page 15
TeleBoss 850 2.06.280_STD User Manual
Setup Menu
Overview
This section displays screen shots and descriptions taken from the command prompt menu system. However, the
menu structure and options are the same as the web interface.
The Setup menu contains all of the configuration options available on the T850. It is organized in a logical tree
structure with all settings classified under the following groups:
Note: Some menus may not be available, depending on your hardware configuration.
Note: Passwords are case sensitive and are masked in all menus for security reasons.
Each section in this chapter will go over one of the above setup branches, outlining the options within.
Press either <ESC> or <Enter> to go back one level in the menu tree, or <CTRL + C> to exit any setup menu and
return to the command prompt.
Since this product allows for multiple simultaneous command processors, two administrators could conceivably
change the same option at the same time, but due to the multitasking nature of the T850, the changes are processed
in the order received.
The T850 processes setup changes in real time. In other words, the unit begins to implement changes to its
configuration as soon as they are entered. There is no need to exit a setup menu or reboot the unit to apply changes.
The exception to this rule is IP-specific network settings. Changes to these settings are implemented only after all
open Telnet command processors are closed.
Option Types
String entry
There are several different types of inputs employed within the Setup menu. The most common is the string type
entry:
A) Site Name [Test Site]
When selected, this setting will provide a prompt requesting a new value. You may press <Enter> or <ESC> to abort
the option entry or press <SPACE> and <Enter> to delete the current value and leave it blank. Some numerical or
required settings will not allow you to leave an option blank, so pay attention to the unit's response when attempting to
delete a setting's value.
Toggle
The second most common option type is the toggle type option:
A) Enable Web Interface [OFF]
Page 16
TeleBoss 850 2.06.280_STD User Manual
When selected, this option will not prompt for a new value. It will simply cycle to the next available option in its list.
This is typically used for options with two or three choices. Most often it is in an ON/OFF form, but could be a series
of options such as "NONE", "1", and "2".
Option list
The option list type is similar to the toggle type in that it provides a list of options to choose from:
After selecting an option, you are immediately returned to the previous menu. The new value will be displayed to the
right of the setting name, letter, or number.
Web Interface
The T850 has a built-in HTTP web server that can be used to configure the unit from anywhere the unit can be
accessed on the network or Internet. Once you have enabled it through the network section of the Setup menu,
simply connect to http://<IP address of T850> or https://<IP address of T850> to use Secure Sockets Layer
(SSL). See Web Interface Settings menu for further description.
Upon connection, you will be greeted by a login screen. Log in with your Login ID (Username) and Password. These
are the same credentials you would use to log into the command prompt. Once logged in, the General Status screen
will be displayed with a menu bar across the top of the page that displays the same menu options as the command
prompt menu system. From here, you can alter any setting in the same way you could via the prompt.
Network Settings contains settings for network communication, SNMP, FTP, PPP, Email, and more.
Serial Settings contains settings pertaining to the function of each serial port.
Modem Settings contains modem init settings and modem-specific security options.
Page 17
TeleBoss 850 2.06.280_STD User Manual
Security Settings contains all user profiles, RADIUS configuration, and general security settings.
Alarm / Event Definitions contains all of the settings that define events within the T850.
Action Definitions contains configurations for all of the actions possible when events are detected.
General Settings contains the site name, answer string, confirmation prompt, date/time, and other general settings.
Event Log Settings allows for configuration and displaying of the Events Log.
Audit Log Settings allows for configuration and displaying of the Audit Log.
Network Settings
The Network Settings menu contains all of the options pertaining to network communication.
Ethernet Settings displays the menu where you can configure each of the two Ethernet interfaces, and also any of
the six VLAN interfaces that each supports.
Default Router displays the configured default router (gateway) for the unit. Refer to the Default Router section in the
Features chapter for more information.
Name Resolution Settings allows you to configure the IP addresses of up to two Domain Name Servers (DNS).
Telnet Duplex controls the echo settings for Telnet. Full duplex causes the unit to echo all characters sent to the
remote device. Half duplex turns off character echo. Default setting is Full.
Note: If Duplex is set to Half, set sys.terminal.mode=OFF. Otherwise, characters will continue to be echoed to
the terminal screen.
Inactivity Timeout sets the number of minutes (0 - 255) before a network connection with no activity will be
terminated. A setting of 0 means an inactive connection will not be terminated. Default setting is 0.
IP Record Collection Settings displays the IP Record Collection Settings menu where an IPRC protocol can be
selected and configured to collect data from various types of IP-enabled switches.
Page 18
TeleBoss 850 2.06.280_STD User Manual
Web Interface Settings displays the Web Interface Settings menu where you can toggle the web interface ON or
OFF, set the session timeout (0 - 65535 minutes), and set the TCP port number for the web connection.
EventSensor Reporting Settings displays the EventSensor Reporting Settings menu where where the parameters
of the EventSensor Reporting feature can be configured.
SNMP Settings displays the SNMP Settings menu where you can configure the SNMP community name, and
spoofed PPP/Trap IP address.
FTP Settings displays the FTP Settings menu, where you can configure automatic FTP pushes of buffered data.
PPP Settings displays the PPP Settings menu, where you can configure settings for PPP Dialout, PPP Hosting, and
IP Routing
Email Settings displays the Email settings menu, where you can configure the SMTP server address, Email domain
name, and authentication parameters.
Real-Time Socket Settings displays the Real-Time Socket Settings menus where you can configure real-time socket
settings for each file of buffered data. Real-Time Sockets are used to collect data on TCP port 2201 from a serial port
in real-time, while buffering data if the network connection goes down.
SNMP Trap Capture Settings displays the SNMP Trap Capture Settings menu where you can toggle this feature on
or off, and select which file to store the traps in.
IP Address Restrictions displays the IP Address Restrictions menu, where you can limit Ethernet and PPP
communications to or from specific IP addresses.
Static Route Settings displays the Static Route Settings menu where you can configure static network routes.
DSL Settings displays the DSL Settings menu where settings are configured so the T850 can communicate using the
optional ADSL Modem.
CPE Settings displays the Customer Premises Equipment (CPE) Settings menu where up to 64 different networked
devices can be configured to communicate with the optional Asentria SitePath secure, unified, administration portal
software.
Ethernet Settings
Ethernet Settings displays the following menu where each of the two installed Ethernet cards can be configured:
Security Note: If the T850 is going to be exposed to the Internet, use the other security features available within
the unit to prevent unauthorized access to your network. The other security features are SSH, SFTP, Strong
Passwords, Challenge and Responses. Also shutdown unsecure connections such as Telnet and FTP.
Page 19
TeleBoss 850 2.06.280_STD User Manual
Mode toggles between STATIC, DHCP, or VLAN – whichever is appropriate for this Ethernet port. Default setting is
STATIC.
IP Address is the network address assigned to this Ethernet card. Default setting is 0.0.0.0
Subnet Mask sets the network subnet mask provided by the network administrator. Default setting is 255.255.255.0
Router Address sets the router address provided by the network administrator. Default setting is 0.0.0.0
NAT is an ON/OFF toggle to enable Network Address Translation. Default setting is ON.
VLAN Settings displays the following sub-menu where any of six individual VLAN connections can be configured.
Refer to the VLANs section in the Features chapter for a detailed explanation of VLANs.
Note: The T850 does not heed changes to network configurations while you are connected to a command
processor via Telnet, web interface, or SSH. Changes, including population of the candidate default router set, are
pended until all network-based command processor sessions have ended. Open FTP and RTS connections will fail if
these settings are changed during an open connection.
DNS Server 1 / 2 are the IP addresses of Domain Name Servers that you may want to configure so that you can use
host names rather than IP addresses in functions where name resolution may be needed, such as; Email server, RTS
push hosts, action IP settings, network time servers, scripting tcp connections, etc. Default setting for each DNS
Server is 0.0.0.0.
DNS Mode toggles between MANUAL, ETH1-DHCP, ETH2-DHCP, and DSL. Default setting is MANUAL.
Page 20
TeleBoss 850 2.06.280_STD User Manual
IP Record Collection selects and displays a configuration menu for each of the IPRC protocols that the T850
supports: Generic Server, Avaya Reliable Session Protocol, Alcatel OmniPCX, Cisco CallManager 4.x, Generic Client
(supports Siemens HiPath 4000), Intecom Telari, Nortel BCM, Syslog, NEC NEAX2400, and Cisco CallManager 5.x.
Default setting is OFF.
Store Collected Data In sets the data file in which to store records received via IPRC. Default setting is FILE1.
Enable Web Interface is an ON/OFF toggle to enable the T850's internal web server. Default setting is ON.
Web Session Timeout sets the number of minutes (0 - 65535 minutes) a connection may remain idle before expiring.
A setting of 0 means the connection will never automatically expire. Default setting is 30.
HTTP Connection Port is the TCP port through which an HTTP connection is made. Default setting is 80.
HTTPS Connection Port is the TCP port through which an HTTPS connection is made. Default setting is 443.
Connect using HTTP://<IPaddress of T850> or HTTPS://<IPaddress of T850> to use Secure Sockets Layer
(SSL). You will be greeted by a login screen. Log in with your Login ID (Username) and Password. These are
the same credentials you would use to log into the command prompt. Once logged in, the Output Status screen
will be displayed, with a menu bar across the top of the page that displays the same menu options as the
command prompt menu system.
Note: If using SSL, the SSL certificate will show "localhost" as the name, which may cause a certificate security
warning to pop up, depending on the browser being used. The certificate may then be permanently accepted so the
warning doesn't appear each time.
Event Sensor Report To IP sets the IP address of the host unit a sensor connected to this T850 would report to.
Event Sensor Report To Port sets the TCP Port that a sensor connected to this T850 would use to report to a host
Asentria device. Default setting is 4000.
Page 21
TeleBoss 850 2.06.280_STD User Manual
Enable EventSensor Reporting Host is an ON/OFF toggle to enable this T850 to be a host for EventSensor
reporting from another Asentria device. Default setting is OFF.
EventSensor Reporting Host Port sets the TCP Port that this T850 will use for receiving sensor reports from
another Asentria device. Default setting is 4000.
For a further explanation of EventSensor Reporting, refer to the EventSensor Reporting section in the Features
chapter
SNMP Settings
SNMP Community sets the SNMP community name to use. Default setting is Public. (Max length is 23 chars)
Trap Settings displays a menu that allows you to configure various Notification settings.
Security Method toggles between MD5-DES and SHA-AES to controls whether MD5 and DES, or SHA-1 and AES,
are used for authentication and privacy, respectively, for for SNMPv3 get/set/trap operations. Default setting is MD5-
DES.
PPP/Trap IP Address Spoofing allows you to configure the IP address to be displayed in an SNMP trap sent over a
PPP connection. If undefined, the T850 PPP IP is used. Default setting is 0.0.0.0
Trap Settings
Notification Attempts sets the number of attempts (1 to 65535) of sending a notification (trap/inform) per cycle (that
is, the initial attempt + retries). If this is 0 then there is 1 infinite cycle. Default setting is 5.
Notification Timeout sets the number of seconds (3 to 60) between two attempts to send an SNMP notification in the
same cycle. Default setting is 60.
Notification Cycles sets the maximum number of cycles (0 to 60) to try per notification action, where one notification
action corresponds to one "inform" keyword in an action list for an event. A cycle is a set of notification attempts
delimited by a successful action delivery or snooze period. Default setting is 10.
Notification Snooze Period sets the time in minutes (1 to 1440) between two SNMP notification cycles for any one
notification action. That is, if you have two events generate informs, each inform will have its own timeouts for retries
and cycles, and its own snooze period. Default setting is 60.
Notification Security Name / Password sets the name and password used for authentication when sending
SNMPv3 traps. (Max length for each is 31 chars)
Note: SNMP traps are not a guaranteed means of delivering notifications. Traps are a one-way IP network
datagram and the device receiving traps does not acknowledge them. Therefore, if the trap does not reach its
intended destination for whatever reason, the sending device has no way of recognizing this and resending the trap.
Page 22
TeleBoss 850 2.06.280_STD User Manual
FTP Settings
FTP Push Enable toggles between OFF, REGULAR, and SECURE. Default setting is OFF.
FTP Server Address is the IP address or host name of the FTP server to push to. (Max length 64 chars)
Username/Password defines the login credentials that are able to access the remote FTP server. (Max length
Username is 126 chars) (Max length Password is 31 chars)
Account is a third login option used only on some FTP servers. Consult your network administrator to see if this is
necessary. (Max length 126 chars)
Directory is the path used to transfer the file(s). The file(s) is transferred to the root login directory if this option is left
blank. (Max length 253 chars)
Minutes Between Push Attempts sets the number of minutes (1 to 9999) between FTP push attempts. Default
setting is 1440 minutes.
Select Files to Push displays the FTP File Selection menu where you can select which files are pushed by toggling
ON or OFF. Default setting for all is ON, except for Audit Log, which is OFF.
Remote File Names displays the FTP File Names menu where you can give each file a name other than the default
name, and/or prepend a date, time, and/or unique sequence # to the file name.
Include Date in Filename toggles OFF, ON, or YYYYMMDD. When set to ON, the date is formatted with a 2-digit
year (YYMMDD). When set to YYYYMMDD, the date is formatted with a 4-digit year. Either of these options will
cause the date of the file transfer to be appended to the name of each transferred file of data. Default setting is OFF.
Page 23
TeleBoss 850 2.06.280_STD User Manual
Include Time in Filename is an ON/OFF toggle to enable the addition of the file transfer time to the name of each
transferred file of data. Default setting is OFF.
Include Sequence #s in Filename is an ON/OFF toggle to enable the addition of a unique sequence number to the
beginning of the name of each transferred file of data. This ensures that no two transfers will have the same file
name. Default setting is OFF.
Data File n / Events File are text-entry fields where the name each data file will have on the remote server (not
including any date, time, or sequence numbers) can be configured.
Note: There is no menu option to set “FTP Auto-delete”, a setting that will cause all data in the file to be deleted
when polled via the FTP ‘get’ function. To enable FTP Auto-delete, set net.ftp.autodel=ON.
Once FTP Push has been configured, entering the PUSHTEST command will test the connectivity to the FTP server
and write a “log in” and “log out” entry to the Status File in the directory you configured. No data is pushed with this
command. Connection data displayed on the terminal screen is useful if the connection fails.
PPP Settings
PPP Dialout Settings displays settings pertaining to making outbound PPP network connections.
IP Routing displays settings for routing of IP packets between PPP connections and the LAN a T850 is connected to.
Route Test Settings displays settings for network monitoring/PPP backup connection settings. This menu allows
you to configure up to three IP addresses to ping on a regular basis. If any of the configured addresses are up then
the unit will assume Ethernet is a reliable way of sending SNMP traps. If all configured addresses are down then the
unit will fall back to PPP dialout in order to maintain reliable network connectivity for sending SNMP traps.
PPP Dialout Enabled is an ON/OFF toggle to enable PPP dialout. Default setting is OFF.
Telephone Number sets the phone number of the PPP host the T850 is to dial into. (Max length 48 chars)
User Name / Password sets the login credentials that are used to log into the PPP host. (Max length for each is 64
chars)
Page 24
TeleBoss 850 2.06.280_STD User Manual
Idle Connection Disconnect (sec) sets the number of seconds to wait before disconnecting an idle connection. A
setting of 0 means the unit does not disconnect due to an idle connection. Default setting is 60 seconds.
Maximum Retries defines the maximum number of times to retry a failed connection. Default setting is 3.
Carrier Detect / Login Sequence Timeout (sec) configure standard login timeouts, from 0 to 65535 seconds.
Default setting is 60 seconds for Carrier Detect, and 30 seconds for Login Sequence.
Dialout Modem Init String sets the modem initialization string. (Max length 48 chars)
Setting Key:
net.pppdial.downafter.ftppush
Values are ON or OFF (default OFF). ON means that if FTP Push raised PPP, then it kills PPP when finished.
PPP Hosting Enabled is an ON/OFF toggle to enable inbound PPP connection hosting. Default setting is OFF.
Idle Connection Disconnect (sec) sets the number of seconds (0 – 65535) to wait before disconnecting an idle
connection. A setting of 0 means the unit does not disconnect due to an idle connection. Default setting is 60
seconds.
Local (Device) IP Address sets the IP address of the T850 for the PPP session. Default is 192.168.105.1
Remote (Caller) IP Address sets the IP address of the calling device for the PPP session. Default is 192.168.105.2.
IP Routing
Each of the above options toggles settings for routing TCP/IP packets of specific types and origins to and from a
device connected via PPP.
Route PPP to Ethernet toggles ON/OFF to enable the T850 to forward IP frames originating on PPP that are not IP-
addressed to the unit, as well as forward IP frames received on Ethernet that are associated with forwarded frames
that originated on PPP. Default setting is OFF.
Route Ethernet to PPP toggles ON/OFF to enable the T850 to forward IP frames originating on Ethernet that are not
IP-addressed to the unit, as well as forwards IP frames received on PPP that are associated with forwarded frames
that originated on Ethernet. Default setting is OFF.
Ethernet to PPP NAT Enable toggles ON/OFF to enable the T850 to do network address translation on these
forwarded frames. Default setting is ON.
Page 25
TeleBoss 850 2.06.280_STD User Manual
Ethernet Interface toggles between ETH1, ETH2, or any of the six VLANs that can be configured on either ETH1 or
ETH2, to inidcate which interface to use for the PPP connection. Default setting is ETH1.
Refer to the IP Routing section in the Features chapter for a detailed explanation of IP Routing.
Route Test Enable is an ON/OFF toggle to enable route testing. Default setting is OFF.
Minutes Between Tests sets the number of minutes (0 – 65535) to wait between each round of testing. Default
setting is 10 minutes.
Email Settings
SMTP Server IP Address sets the hostname or IP address of the outbound mail server. (Max length 64 chars)
Email Domain Name sets the @domain_name.com to use when the T850 sends an Email. Default setting is
“asentria.com”. (Max length 48 chars)
Authentication (LOGIN) displays a menu to configure the credentials that may be required by your server for SMTP
authentication. Some SMTP servers require an authentication to relay Emails. Default setting is OFF.
Authentication Enabled is an ON/OFF toggle to enable Email authentication. Default setting is OFF.
Username / Password defines the login credentials. (Max length for each is 48 chars)
Page 26
TeleBoss 850 2.06.280_STD User Manual
Real-Time Socket Mode can be toggled to LISTEN, PUSH, and OFF. When set to LISTEN this functions like
traditional real-time sockets on TCP port 2201. When set to PUSH the unit tries to make a TCP connection on the
TCP port specified in G) Real-Time Socket Push Port Number. As long as a connection exists, the unit sends all data
in the specified file on the connection as data become available. Default setting is LISTEN.
Show Answer String on Connection is an ON/OFF toggle to enable the prompt indicating successful connection to
the Real-Time Socket (RTS) port. Default setting is ON.
Require Xon to Start Data Flow is an ON/OFF toggle to enable the Xon/Xoff data flow control requirement. Default
setting is OFF.
Idle Connection Close Timer sets the number of seconds (0 – 255) to wait before disconnecting an idle connection.
A setting of 0 means the connection will never automatically close. Default setting is 0.
Close Socket When File Empty is an ON/OFF toggle to set whether or not the T850 will automatically terminate the
RTS connection when the file for this port has been emptied. Default setting is OFF.
Real-Time Socket Push Hostname/IP sets the hostname or IP address of the server where the unit will push the
data if the RTS Mode is set to Push. (Max length is 64 chars)
Real-Time Socket Push Port Number sets the TCP-port number the RTS push should use. Default setting is port
3000.
Real-Time Socket Push Retry Timer sets the number of minutes (1 – 255) to wait before retrying an RTS push that
has previously failed. Default setting is 5 minutes.
SNMP Trap Capture Enable is an ON/OFF toggle to enable the capturing of SNMPv1 traps and SNMPv2c inform-
requests (informs). Default setting is OFF.
Store Collected Traps In toggles between FILE1 and FILE2 to set the data file in which the collected traps/informs
are stored. Default setting is FILE1.
Refer to the SNMP Trap Capture section in the Features chapter for a detailed explanation of SNMP Trap Capture.
Page 27
TeleBoss 850 2.06.280_STD User Manual
IP Address Restrictions
New IP Restriction:
This menu is used to manipulate the IP Restrictions table. Refer to the IP Address Restrictions section in the
Features chapter for a detailed explanation of IP Address Restrictions. By default, no address restrictions are
configured.
Static routes are network routes that specify in a more or less permanent way (static) that traffic to a certain
destination (destination host or destination network) gets routed out a certain interface or via a certain gateway.
Static routes gives you the ability to fine-tune how outbound network traffic leaves the unit for up to eight different
routes.
Destination Network is the network notation, i.e., w.x.y.z/s, where s is the significant bits. Default is 0.0.0.0/0.
Interface displays a listing from which to select any one of the interfaces available on this T850 – None, Ethernet 1,
Ethernet 2, Ethernet 1 VLAN 1, 2, 3, 4, 5, 6, Ethernet 2 VLAN 1, 2, 3, 4, 5, 6, Dialup Modem PPP, and Wireless
Modem PPP. Default setting is NONE.
Refer to the Static Routes section in the Features chapter for a detailed explanation of Static Routes.
Page 28
TeleBoss 850 2.06.280_STD User Manual
DSL Settings
Following describes the menu options for configuring the optional ADSL Modem. For more information regarding the
operation of the ADSL modem, Setting Keys, DSL Routing example, and DSL Glossary, please refer to the ADSL
Modem chapter later in this manual.
Start Mode toggles between MANUAL and AUTO to set how the DSL interface is to be raised. Set this to MANUAL
to require user intervention to raise the DSL interface, or to let a VPN (if it is configured to use DSL) raise the DSL
interface when the VPN needs to use DSL. Set this to AUTO to tell the unit to automatically raise the DSL interface
upon boot. Default setting is MANUAL.
Type toggles between PPPoA, PPPoE, Static, or DHCP. This should be set as directed by your ADSL provider. This
is the most important DSL setting since its value determines what other DSL settings are applicable to the DSL
configuration. Default setting is PPPoA.
VPI sets the VPI (Virtual Path Identifier) used on the DSL interface. This should be set as directed by your ADSL
provider and is required for DSL operation. Values are: 0 to 4095 Default setting is 0.
VCI sets the VCI (Virtual Channel Identifier) for the DSL interface. This should be set as directed by your ADSL
provider and is required for DSL operation. Values are: 0 to 65535. Default setting is 0.
Encapsulation toggles between VCM and LLC to control whether the encapsulation is LLC (Logical Link Control) or
VCM (Virtual Channel Multiplexed). This should be set as directed by your ADSL provider and is required for DSL
operation. Default setting is VCM.
Mode toggles between BRIDGED and ROUTED to control whether the DSL is set up for Bridged mode or Routed
mode when the DSL type is STATIC. Default setting is BRIDGED.
Username and Password specify the PPP Username and PPP Password for the DSL interface when the DSL type is
set to PPPoA or PPPoE. These should be set as directed by your ADSL provider and are required for DSL operaton.
Values are text strings, max length 64 characters.
IP Address sets the public IP address of the unit in the case where the DSL link is active. If the DSL type is STATIC,
the user needs to set this. If the DSL Type if DHCP, it is set automatically. This should be set as directed by your
ADSL provider. Value is a dotted quad IP address. Default setting is 0.0.0.0
Mask sets the subnet mask used on the DSL interface. If the DSL type is STATIC, the user needs to set this. If the
DSL Type if DHCP, it is set automatically. This should be set as directed by your ADSL provider. Value is a dotted
quad subnet mask. Default setting is 0.0.0.0
Router sets the router for the DSL interface. If the DSL type is STATIC, the user needs to set this. If the DSL Type if
DHCP, it is set automatically. This should be set as directed by your ADSL provider. Value is a dotted quad IP
address. Default setting is 0.0.0.0
Page 29
TeleBoss 850 2.06.280_STD User Manual
CPE Settings
Following describes the menu options for configuring CPE Settings. These settings are only for use with the Asentria
SitePath secure, unified administration portal software and set up is beyond the scope of this manual. Contact
Asentria Technical Support for further information.
IP Address sets the IP address of the CPE. Value is a dotted quad IP address. Default setting is 0.0.0.0
Name sets the name given to the CPE. The only restriction on the name is that it cannot have any double or single
quotes ( ' or " ) in it. (Max length is 24 chars)
Description sets a description of what the CPE device is. The only restriction on the description is that it cannot have
any double or single quotes ( ' or " ) in it. (Max length is 64 chars)
Alarm Keep-alive Period (seconds) set the number of seconds between periodic pings (ping cycle) sent by the T850
to the CPE to make sure it is "alive“. 1 ping frame is transmitted per CPE per ping cycle. Values are: 0 to 65535.
Default setting is 0.
Alarm Threshold sets the number of times that the unit receives no response to the keep-alive ping from the device
before triggering the CPE down event. Values are: 1 to 255. Default setting is 1.
Enable SitePath Access is an ON/OFF toggle to enable SitePath to communicate with the CPE through the unit.
SSH to Telnet Bridging is an ON/OFF toggle on CPE 1 thru 4 only, that enables an authorized user to make a Telnet
connection to a Telnet-only CPE device while on an SSH connection to the T850. Refer to the SSH to Telnet Bridging
section in the Features chapter for more information.
Page 30
TeleBoss 850 2.06.280_STD User Manual
Serial Settings
Note: Because I/O2 has all the settings the other serial ports have, plus a few more, it will be described in the
section below with differences in other ports mentioned when necessary.
Target Name is the name given to the device connected to the other end of each port. The target name is used in
event notifications. Default setting is I/O n. (Max length is 24 chars)
Baud Rate displays a selection menu for baud rates available for the port. These values range from 300 baud to
115200 baud. Default setting is 19200.
Data Format toggles settings for word length, parity, and stop bit settings. The available options are: 8N1, 7E1, 7O1,
7N1, and 8O2. Default setting is 8N1.
Handshaking is a toggle item with the following options: None, Xon/Xoff, Both, and DTR. Default setting is None.
Wrap Around is an ON/OFF toggle to set whether the incoming data will wrap (overwrite) the oldest data in the file
should it become full. Default setting is OFF.
Record Stamping displays a menu that allows you to select whether the Date/Time and/or the Unit ID are pre-pended
to each incoming data string. Default setting for Date/Time and Unit ID is OFF.
Character Masking is an ON/OFF toggle to enable the character mask. The character mask allows you to block
most non-printing ASCII characters. Specifically, the following ASCII character values are blocked: 0, 1, 4-9, 11, 12,
14-31, and 128-255. Default setting is ON.
Data Alarm Enable is an ON/OFF toggle to enable data alarm monitoring for this port. Default setting is OFF.
Store Data To displays a menu that allows you to toggle ON/OFF the files to which incoming data on this port should
be stored, if any.
Page 31
TeleBoss 850 2.06.280_STD User Manual
Store Alarms During Pass-Through is an ON/OFF toggle to determine whether data strings that meet data alarm
criteria are stored in the Events File when a pass-through session is active on this port. Default setting is OFF.
Duplex (Port 2 only) toggles between FULL and HALF. Full duplex causes the unit to echo all characters sent to the
connected terminal when in Command mode. Half duplex turns off character echo. Default setting is FULL.
Note: If Duplex is set to Half, set sys.terminal.mode=OFF. Otherwise, characters will continue to be echoed to
the terminal screen.
Inactivity Timeout (Port 2 only) is the time (1 - 255 minutes) before a serial connection with no activity will be
terminated. A setting of 0 means an inactive connection will not be terminated. Default setting is 0.
Inline Mode Handshaking (Port 2 only) toggles the handshaking method used during Inline mode operation.
Available options are XON/XOFF, DTR, and Both. Default setting is XON/XOFF.
Strip Sent Pass-Through LFs is an ON/OFF toggle to enable the stripping of linefeeds on pass-through data sent out
of the T850. Default setting is OFF.
Strip Received Pass-Through LFs is an ON/OFF toggle to enable the stripping of linefeeds on pass-through data
received by the T850. Default setting is OFF.
Disable Serial Setup via DIP Switch (Port 2 only) is an ON/OFF toggle to disable the DIP switches. Default setting
is OFF.
Data Type toggles between ASCII and Binary to indicate the type of data being collected on this port. Default setting
is ASCII.
Change ETX to CR/LF is an ON/OFF toggle to set whether ETX characters in the incoming data should be converted
to CR/LF characters. Default setting is OFF.
The T850 has the ability to monitor incoming serial data for multi-line records (individual records that are broken into
multiple lines with carriage returns). If the records are separated by a specific number of blank lines, this basic
configuration menu will suffice. If a more complex delineation scheme is used, enable Complex Multiline Detection.
Multiline Record Enable is an ON/OFF toggle to enable multiline record detection. Default setting is OFF.
Blank Line Count sets the number of blank lines that must come between records. Default setting is 0.
Complex Multiline Detection displays settings for detecting more complex multiline records. Default setting is OFF.
Page 32
TeleBoss 850 2.06.280_STD User Manual
Complex Multiline Record Enable is an ON/OFF toggle to enable advanced multiline detection. Default setting is
OFF.
Start Field n Character Position sets the character position used to define the beginning of the multiline field. This
option is used with "Count" method record end detection.
Start Field n Text sets the text used to determine the beginning of the multiline field. This option is used with
"Formula" method record end detection.
Collect Lines Before Start Record sets the number of blank lines that are between each record.
End Detection toggles between FORMULA, COUNT, and BLANKS to set the method of detecting the end of each
record. Default setting is FORMULA.
Line Count is the number of lines to meter each record at. This option is used with "BLANKS" record end detection.
End Field n Text/Character Position is the counterpart to start the text or character position option. This option sets
the end delimiter for multiline records.
Modem Settings
The Modem Settings menu displays two sub-menus for configuring either the internal 56K modem, or a optional
wireless modem expansion card.
Dialup Modem
Internal Modem If a dialup POTS modem is installed, an RJ-11 (typical U.S. phone) connector is used. A POTS
(analog) dialup phone line is inserted into this connector. The modem installed within this unit is FCC certified. For
further information, consult the Internal Modem Guidelines appendix or the serial number label.
CAUTION: To reduce the risk of fire, use only No. 26 AWG or larger telecommunication line cord.
ATTENTION: Pour réduire les risques d’incendie, utilizer uniquement des conducteurs de télécommunications 26
AWG au de section supérleure.
Page 33
TeleBoss 850 2.06.280_STD User Manual
Note: If the optional 56K dialup modem is not installed in the T850, this menu is displayed, but changing any of the
settings will not do anything.
Data Format toggles settings for word length, parity, and stop bit settings. The available options are: 8N1, 7E1, 7O1,
and 7N1. Default setting is 8N1.
Duplex controls the echo settings for the modem command processor. Full duplex causes the T850 to echo all
characters sent to the remote device. Half duplex turns off character echo. Default setting is FULL.
Note: If Duplex is set to Half, set sys.terminal.mode=OFF. Otherwise, characters will continue to be echoed to
the terminal screen.
Init String sets the user-defined modem initialization string. This string is sent to the modem before important factory
modem initialization settings, so certain settings in this init string may be overridden. Default setting is ATM1. (Max
length 126 chars) Note: Make sure to enter 'AT' at the beginning of this initialization string.
Inactivity Timeout sets the number of minutes (0 – 255) to wait before disconnecting an idle modem connection. A
setting of 0 means the connection will never automatically expire. Default setting is 0.
Upon Modem Connect Go Directly To toggles through a list of actions to control what a user sees directly after
connecting via modem. LOGIN requires the user to login with username and password, and will then take them to a
command prompt. A serial port (I/O1, I/O2, etc.) redirects a modem user directly to that serial port upon connecting.
In this passthrough mode, the command processor of the T850 is transparent. Default setting is LOGIN.
TAP Init String is the user-defined modem initialization string used only when the modem is making an alphanumeric
modem callout. Default setting is ATM0. (Max length 126 chars) Note: Make sure to enter 'AT' at the beginning of
this initialization string.
TAP Uses 8N1 Data/Parity/Stop toggles between 1, to force the TAP initialization string data/parity/stop settings to
8N1, and 0 to not force this setting. Default setting is 0.
Caller ID Security displays a menu that allows you to configure from one to twenty inbound phone numbers to restrict
modem access.
Caller ID Security
Note: Caller ID must be available on the phone line connected to the T850 for this feature to work.
Page 34
TeleBoss 850 2.06.280_STD User Manual
Enable is an ON/OFF toggle to enable caller ID restrictions. When enabled, the T850 will only answer the modem if
caller ID indicates one of the allowed phone numbers is connecting. Default setting is OFF.
Caller ID n allows you to add or change a specific phone number. You are allowed to use simple wildcards in phone
numbers: An asterisk (*) wildcard allows for any number of digits to appear to the right of that position. A question
mark (?) matches any single digit. If no numbers are defined in this menu, all incoming calls are accepted. (Max
length 47 chars)
Add Number From Log List displays a list of phone numbers that have recently dialed into the T850 for addition to
this list.
Wireless Modem
Note: If the optional wireless modem expansion card is not installed in the T850, this menu is displayed, but
changing any of the settings will not do anything, except for the PPP/Wireless User Name and Password settings (see
below).
Note: For a complete description of the setup and operation of the wireless modem, please refer to the Wireless
Modem chapter later in this manual.
Mode toggles between OFF (disable modem), PERMANENT (maintain “always-on” connection with modem), and
CIRCUIT–SWITCHED. Default setting is OFF.
APN sets the Access Point Name as defined by your wireless provider. Default setting is “ “. (Max length is 31 chars)
PIN sets the PIN associated with the SIM card (if any). Default setting is “ “. (Max length is 15 chars)
Idle Timeout sets the number of minutes (3 – 255) to wait before disconnecting an inactive modem connection. The
purpose of this setting is to allow the modem to get reset after a period of inactivity to ensure the modem connection is
working properly. Default setting is 5 minutes.
Band (GPRS only) toggles between DUAL - 850/1900, DUAL – 900/1800, DUAL – 900/1900, MONO – 850, MONO –
900, MONO-1800, and MONO – 1900. This sets the GSM bands on which the modem will operate. Default setting is
DUAL - 850/1900.
Note: This setting is only used with the GPRS modem. For this setting to take effect, the wireless modem must be
reset; this can be accomplished by restarting the host unit, or by setting the wireless modem mode to OFF for at least
10 seconds, then back to a GPRS setting.
PPP Wireless User Name / Password sets the login credentials for the PPP connection. These settings are identical
to the same settings in the PPP Dialout Settings menu– so a change in one menu will change the settings in the other.
(Max length for each is 64 chars)
Default Route Enable is an ON/OFF toggle to enable the wireless interface to be the default route when connected.
Default setting is OFF.
Page 35
TeleBoss 850 2.06.280_STD User Manual
Security Settings
The Security Settings menu displays options for setting the security mode, as well as specific and general security
settings.
Security Mode toggles between USER PROFILES and RADIUS to determine which Specific Security Settings menu
to be displayed.
Specific Security Settings menu is determined by toggling Security Mode. USER PROFILES causes option B)
Specific Security Settings to display the User Profile Security Settings menu where twelve individual User Profiles can
be configured along with Authentication Settings. RADIUS causes option B) Specific Security Settings to display the
RADIUS Security Settings menu where RADIUS authentication server settings can be configured. Default setting is
USER PROFILES.
General Security Settings displays a menu with options that apply to every user of this T850.
Note: Passwords are case sensitive and are masked in all menus and while typing them from the command line,
for security reasons. If a user without permissions accesses the User Profile Settings menus, they will see all fields in
this menu either masked or with no data in them. If they select an option, a message will be displayed that says:
“You do not have permission to change this setting.”
Note: When configuring a new username, and an invalid or duplicate username is entered, the T850 responds as
follows:
Page 36
TeleBoss 850 2.06.280_STD User Manual
Invalid Entry.
Press any key to continue...
Note: When configuring a new password, the T850 will ask you to re-enter the password. If the second entry of
the password does not match the first, the T850 responds as follows:
Enable This User Access is an ON/OFF toggle to enable access for this user profile.
User Name / Password sets the username and/or password for this profile. (Max length for each is 31 chars)
User Profile Expiration Date/Time sets a date and/or time that this profile may be automatically disabled. This also
provides an option to adjust the current date/time that is on the T850. Selecting that option will transfer you to the
System Date/Time menu. If left blank, this user profile will not expire. Default setting is blank.
Allow User Connection via displays a menu allowing you to toggle ON or OFF access via Local (Console Port),
Modem, Telnet, FTP, Real-Time Socket, and SSH (Secure Shell). These are abbreviated: LMTFRSs and default
setting for all is ON.
Upon Login then Go To toggles the action this user will be directed to upon logging in, with the following options:
Command, Menu, and Passthrough as shown here:
Command
TeleBoss
Password: ********
READY
>
Menu
Page 37
TeleBoss 850 2.06.280_STD User Manual
1. Pass-Through to I/O 1
2. Pass-Through to I/O 2
A. Bridge to <CPE 1 name>
B. Bridge to <CPE 2 name>
C. Bridge to <CPE 3 name>
D. Bridge to <CPE 4 name>
P. 850 Command Prompt
M. 850 Setup Menu
S. 850 Status Menu
X. Exit (end connection)
Passthrough
TeleBoss
Password: ********
Connected to I/O 1
File Access Pointer toggles through each of the data files on the unit (FILE1, FILE2, etc) to set what data file the
user has access to when logging in to the command processor.
Set Pass-through Pointer To is in effect if the “Upon Login then Go To” action is set to Passthrough. Whatever this
option is set for determines where this user will be routed to on a pass-through connection. This option toggles the
serial port (I/O 1, I/O2, etc). Or, it can be toggled to any one of the four CPE devices (CPE1 thru CPE4). If the user is
connects and logs in via an SSH connection, and the CPE Settings/SSH to Telnet Bridging option for that CPE device
is set to ON, then the user will be automatically bridged to that CPE. If the user is not authorized to connect to that
CPE then a message will be output saying as much, and the user will be disconnected. Default setting is FILE1.
Pass-through Permissions is in effect if the “Upon Login then Go To” action is set to Menu. This option displays a
menu showing all serial ports and CPE devices 1 thru 4, and toggles ALLOW or DENY for each as needed. If a port
or CPE device is set as ALLOW, then that serial port is displayed in the Menu after the user logs in. If a port or CPE
device is set as DENY, then it is not displayed in the Menu. Default setting for all ports is ALLOW.
Note: If a CPE device name is defined in the CPE Settings menu, then that name will be displayed in the Login
Menu when set to ALLOW. If a name is not defined, then the IP address of the device will be displayed.
After PT, ESC Takes User To sets the action this user can perform when they exit out of a pass-through connection.
PPP Connection toggles between LOCAL, ROUTING and NONE. LOCAL allows PPP access, but denies all routing
to whatever LAN the T850 is connected to. ROUTING enables Route Ethernet to PPP and Route PPP to Ethernet for
the user, but only if those settings are enabled globally. NONE disables PPP access for the user.
Setup/Status Rights toggles through the actions available to the user if they are given access to the command
prompt. Options are MASTER, NONE, VIEW, ADMIN1, ADMIN2, and ADMIN3. See the User Rights Table for more
information on each access level. Default setting is MASTER.
File Release / Delete Permissions displays a menu showing all data files, Events Log and Audit Log, and toggles
ALLOW or DENY for each as needed. Default setting for all is ALLOW.
Page 38
TeleBoss 850 2.06.280_STD User Manual
TeleBoss 850 - Additional Authentication Options
A) Secure Authentication via Telnet [OFF]
B) For Telnet, Send Password To []
C) Secure Authentication via Modem [OFF]
D) For Modem, Send Password To []
E) Secure Authentication via Local Command Port [OFF]
F) Password Expires After [30]
G) Secure Callback 1 []
H) Secure Callback 2 []
I) Secure Callback 3 []
Secure Authentication via Telnet/Modem toggles between OFF (regular), CHALLENGE, and SEND PASSWORD
authentication modes. Default setting for each is OFF.
CHALLENGE requires the user send their username/password and then they are prompted with a short challenge
code. That code must be plugged into a program called Response Code Generator (RCG). This software can be
found on the Documentation and Utilities CD. Contact Asentria for more information on how to use or obtain this
application. RCG requires a shared secret as well as the challenge code generated by the T850. The user must
then respond with the proper hash generated by RCG in order to gain access.
SEND PASSWORD will generate a single-use password and send it to the Email address(es) specified by the
next option. That password will only allow a login for the user whom it was generated for.
For Telnet/Modem, Send Password To sets the Email address(es) where the single-use password is to be sent.
Secure Authentication via Local Command Port toggles between OFF (regular), and CHALLENGE. Because the
user is connected via the local Console port, Send Password is not an option. Default setting is OFF.
Password Expires After sets the number of minutes (0 – 180) before the single-use password expires. A setting of 0
means the password will never automatically expire. Default setting is 0.
Secure Callback n sets the modem callback numbers. If configured, the T850 will disconnect any modem
connections from this user and then attempt to dial out to each of these numbers. If one of the numbers answers, the
other end must respond with the login credentials of the user used to initiate the callback. (Max length 48 chars)
Authentication Settings
Authentication Settings set parameters for passwords and security that are required for every user who attempts to
log into the T850.
Local Command Requires Password is an ON/OFF toggle to set whether a password for I/O2 users is required.
Default setting is OFF.
Modem Callin Requires Password is an ON/OFF toggle to set whether a password for modem users is required.
Default setting is OFF.
TCP/IP Port 23 Requires Password is an ON/OFF toggle to set whether a password for Telnet (port 23) users is
required. Default setting is ON.
Page 39
TeleBoss 850 2.06.280_STD User Manual
TCP/IP Port 210x Requires Password is an ON/OFF toggle to set whether a password for passthrough (port 210x)
users is required. Default setting is OFF.
TCP/IP Port 220x Requires Password is an ON/OFF toggle to set whether a password for Real-Time Socket (port
220x) users is required. Default setting is OFF.
Note: When any of the above options is set to OFF, users connecting via that method are automatically granted all
access.
Username and/or Password Required toggles between: PASSWORD ONLY, USERNAME/PASSWORD (PW), or
PASSWORD(PW)/USERNAME. Default setting is PASSWORD ONLY.
Shared Secret for Challenge/Response sets the shared secret used to generate Challenge/Response codes. (Max
length 48 chars). Challenge/Response requires the use of the free Asentria Response Code Generator program.
Contact Asentria Technical Support for this, or download (named “Password Generator”) from the Product Resources
page on the Asentria website: http://www.asentria.com/docsandsoftware/productmanuals.aspx
Primary / Secondary Server sets the IP Address or host name of the primary and secondary RADIUS server.
Primary / Secondary Secret sets the secret for the primary and secondary RADIUS server. The secret is used to
authenticate RADIUS network traffic. (Max length for each is 16 chars)
Fallback Mode toggles between NONE and USER PROFILES. If the unit gets no response from any RADIUS server
when attempting to authenticate a user, no further action is taken if this option is set to NONE. The unit falls back to
the User Profiles configuration for authentication if this is set to USER PROFILES. Default setting is NONE.
Authentication Port sets the UDP port (1 – 65535) that the RADIUS server uses for authentication/authorization.
Default port is 1812.
Accounting Port sets the UDP port (1 – 65535) that the RADIUS server uses for accounting traffic. Set to 0 to
disable RADIUS accounting. Default port is 1813.
CHAP is an ON/OFF toggle to set whether the unit uses CHAP (Challenge-Handshake Authentication Protocol)
authentication when using RADIUS. ON sets authentication to CHAP. OFF sets authentication to PAP (Password
Authentication Protocol). Default setting is OFF.
Timeout sets the number of seconds (1 – 30) the unit waits for a response from the RADIUS server. Default setting is
3.
Retries sets the number of times (1 – 30) the unit should try a RADIUS request again after getting no valid response.
(Valid meaning a response that is verified as really coming from the RADIUS server.) Default setting is 3.
Note: For a complete description and explanation of RADIUS security, please refer to the RADIUS Security section
in the Features chapter.
Page 40
TeleBoss 850 2.06.280_STD User Manual
General Security Settings
Global Password/Security Settings set security options that are required for every user who attempts to log into the
T850.
Show Username / Password Prompt is an ON/OFF toggle to set whether a prompt for logging in is displayed.
Default setting is OFF.
Globally Allow Access via displays a menu allowing you to toggle ON or OFF access via Modem, Telnet (ports 23,
200x, 210x), FTP, Real-Time Socket, and Secure Shell (SSH). These are abbreviated: MTFRSs. Default setting for
all is ON.
Button Tap Allows Console Access is an ON/OFF toggle to give access to a user who has forgotten their log on
credentials. This is an insurance policy against locking yourself out of the unit. When set to ON, someone local to the
unit can tap the Reset button 5 times quickly (1-2 times per second), at which point the front-panel LEDs will flash
briefly for several seconds, giving the user immediate Console access using the default MASTER username and
password. Refer to the Securing a TeleBoss 850/Button Unlock section for more details about this. Default setting is
ON.
Note: Refer to the Data Events section in the Features chapter for an example-driven approach to defining alarm
definitions.
Class Table displays the menu for configuring event classification settings.
Data Alarm/Filter Settings displays the menus for configuring serial data event monitors.
EventSensor Device Settings displays the menus for configuring internal and external sensors and modules that
may be installed and/or connected to I/O 1 using the Serial to ESBus Adapter. (Contact Asentria Technical Support
for more details).
No-Data n Alarm Settings displays the menus for configuring alarms based on period of time when no-data is
received on a specific serial port.
Percent Full Alarm Settings displays the menu for configuring alarms based on how full the call record database of
the T850 is.
Page 41
TeleBoss 850 2.06.280_STD User Manual
Scheduled Event n Settings displays the menus for configuring alarm notifications for specific times and days of the
week.
IPRC Alarm Settings displays the menu for configuring alarms for a lost IP Record Collection connection.
Serial Handshaking Alarm Settings displays the menu for enabling serial handshaking alarms for specific ports.
CPE Alarm Settings displays the menu for configuring “CPE Down” events. These are used in conjunction with
devices managed by the Asentria SitePath application.
Data Filter Action toggles between REJECT and ACCEPT to indicate whether data filters are configured to reject or
accept specific incoming data string(s). Default setting is REJECT.
Event Message Settings displays the menu that permits customization of the event message that appears in traps,
Emails, pages, etc.
Class Table
Class n defines the event classification assignable to events detected by the T850. (Max length 47 chars)
Info, Minor, Major, and Critical are the default class names assigned to the first four classes. These can be changed
and others added as desired to meet your specific needs.
The class number and name are reported in Asentria Alarms, and SNMP traps. It is a mechanism for you to provide
varying severities for different alarms so that you can act on them upon receipt.
Data Alarm Field Settings displays the menu for configuring up to 16 data alarm fields.
Data Alarm Macro Settings displays the menu for configuring up to 100 macros to be used for data alarming.
Data Alarm Settings displays the menu for configuring up to 1000 data alarms or filters.
Display Alarm Status displays real time information on data event monitors you've configured.
Exit Upon True Data Alarm is an ON/OFF toggle to set whether the T850 will stop processing more data event
evaluations on a single record after it has found one match. This should be disabled if it is possible to have more than
one event in a record. This is a global setting – it applies to ALL configured data alarms. Default setting is OFF.
Page 42
TeleBoss 850 2.06.280_STD User Manual
Start Position sets the number of the characters to begin a particular alarm field starting from position 1. Field
definition is disabled if set to 0.
Field Name sets the name given for the alarm field. This name must be unique, is limited to 12 characters, and it
must not contain any spaces. It can contain alphanumeric characters and the underscore, but it must start with a
letter. These field names are case sensitive. If left blank, you can refer to the field by it’s field letter (A,B, etc…).
Note: To avoid naming conflicts, the T850 does not allow duplicate field names. The T850 will respond with
“Invalid Entry, Press any key to continue” if a duplicate field name is entered.
Field Line Number sets the optional line number the field should be limited to in multiline records.
Field Type toggles between Alpha and Numeric. Alpha is used for most alphanumeric data alarming, and Numeric is
used if you need to alarm on a range of numbers. Default setting is Alpha.
Data alarm macros provide a way to define up to 100 equations that can be used in one or more data alarm
equations. Each macro consists of an equation and an associated name that can be used to reference the macro in a
data alarm equation. Refer to the Data Alarm Macros section in the Features chapter for more information.
Page 43
TeleBoss 850 2.06.280_STD User Manual
Data Alarm/Filter Settings
Data alarms are configured by selecting an option from the main Data Alarm/Filter Settings menu, then selecting one
of the options which will give you a group of 16 data alarm/filters (1-16, 17-32, etc) or selecting the Next or Previous
Page Selection Screen. This will display a menu where you can select from those 16 data alarm options as follows:
Alarm/Filter n displays the menu where an individual data alarm or filter can be configured.
Next or Previous Alarm/Filter Page displays either the next or previous set of 16 Data Alarm/Filters.
Setup Alarm/Filter Fields displays the identical Data Alarm Field Setting menu as described above. This is simply
an easy way to access that menu without having to exit back through the previous menus.
Display Alarm Status displays real time information on data event monitors you've configured.
Exit Upon True Data Alarm is an ON/OFF toggle to set whether the T850 will stop processing more data event
evaluations on a single record after it has found one match. This should be disabled if it is possible to have more than
one event in a record. This is a global setting – it applies to ALL configured data alarms. Default setting is OFF.
Alarm/Filter Enable is an ON/OFF toggle for each individual data event monitor. Default setting is OFF.
Alarm/Filter Mode toggles between Alarm and Filter to indicate whether the T850 will recognize this data event as an
Alarm and take some action, or as a Filter and either accept or reject the data string. Default setting is ALARM.
Page 44
TeleBoss 850 2.06.280_STD User Manual
Alarm/Filter Name sets the name for the event monitor. This name is reported with the specified actions. (Max
length 16 chars)
Alarm/Filter Equation defines the event equation using the event fields defined in the previous menu. (Max length
160 chars) Refer to the Configuring Data Alarm Equations section in the Features chapter for more information.
Threshold sets the number of times the event equation must be matched before an event is triggered. If the event
counter is allowed to grow beyond the threshold, the unit will not trigger an event again until after the counter is reset.
Default setting is 1.
Auto-Clear when Threshold Reached is an ON/OFF toggle to control whether the unit will clear the event counter
each time the threshold is met. Default setting is ON.
Alarm Counter Clear Interval sets an interval at which the unit should clear the match counter for an individual data
event. Available options are: 2 hours, 4 hours, 6 hours, 8 hours, 12 hours, Daily, and Never. The first clear occurs at
midnight. Default setting is 12 Hours.
Alarm Counter Reset Time sets the time at which the daily clear should take place if it is enabled in the Alarm
Counter Clear Interval. This value is in 24-hour format. Default setting is 00:00.
Actions displays the Actions List, a menu where the action string for the event is configured. This field will be empty
[ ] if no actions have been configured, and will show [*SET*] if one or more actions have been configured.
Class sets the class for the alarm. When this option is selected, a list of the classes previously defined in the Class
Table is displayed, from which you can select one to be assigned to this data alarm.
Data Alarm Trap Number sets the number to be sent with any SNMP traps for this event. Default is 503, but trap
number can also be set in the range of 1000 – 1199 as needed.
Clear This Alarm Counter Now allows you to clear the counter for the selected data alarm manually. This happens
as soon as this option is selected, so make sure you really want to clear the counter before selecting it.
Actions List
Current Actions:
Enter Actions:
The Actions List provides you with a flexible mechanism to tell the unit how to react to events. An action is a text string
that specifies what the unit should do upon an event. It's comprised of a list of keywords and parameters separated by
Page 45
TeleBoss 850 2.06.280_STD User Manual
semicolon. Each keyword specifies a certain action and has its own parameter set, which is enclosed in parentheses.
Refer to Action List in the Features chapter for more information.
The T850 supports a wide variety of internal and external sensor devices and relays, including contact closures,
temperature and humidity sensors, analog voltage sensors, and relays. For the purposes of clarity, all of these will be
generally referred to as “EventSensors” (ES) unless a specific type of sensor or relay is being described.
The Sensor Events Menu is used to configure and control both internal and external sensors and relays. If you don't
have any internal sensors or relays, or remote ES devices connected, this menu will be unpopulated. Because of the
numerous ES configurations possible, menus shown in this section probably will not look exactly like the ones for your
T850. (The menu below shows a T850 with on-board 8 contact closures.)
The T850 supports a maximum of 16 external EventSensor slots. Some larger EventSensors occupy more than one
slot. For example, the ES-CCU32 requires two slots and the ES-CCU64 requires four.
EventSensor Slots (A thru P) displays the settings menu for each ES.
Sensor Unresponsive Settings displays the Sensor Unresponsive Menu where you can configure the actions the
T850 takes if an ES becomes unresponsive.
EventSensor Slots
The display for each ES will vary depending on configuration. For example, an ES could be either internal or external.
EventSensors can be configured with varying combinations of the I/O types. Refer to the Event Sensor Configuration
Setup section in the Features chapter that can be referred to for more information.
EventSensor Reporting Enabled is an ON/OFF toggle to enable the Event Sensor Reporting feature. See the Event
Sensor Reporting section in the Features chapter for more information
Contact Asentria for more information on obtaining Expansion Cards, EventSensors, and SensorJack for use with the
T850. See the EventSensor documentation for more information about configuring a specific ES device.
Page 46
TeleBoss 850 2.06.280_STD User Manual
Sensor Unresponsive Timeout sets the time (10 - 65535 seconds) to wait before declaring a non-communicative
EventSensor unresponsive. Default setting is 30.
Sensor Unresponsive Actions displays the Actions List, a menu where the action string for the event is configured.
This field will be empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions have been
configured. Refer to Action List in the Features chapter for more information.
Sensor Unresponsive Trap Number sets the number to be sent with any SNMP traps for this event. Default is 50,
but trap number can also be set in the range of 1000 – 1199 as needed.
Sensor Unresponsive Class sets the class for the alarm. When this option is selected, a list of the classes
previously defined in the Class Table is displayed, from which you can select one to be assigned to this event.
No Data Alarms can be configured on the T850 to monitor data coming in via the serial ports, and take an alarm action
if a certain period of time passes with no data.
No-Data n Alarm Settings allows you to configure two separate No-Data Alarms, each of which can be configured for
two different ranges of times with different time durations. The periods of time should be configured to match the
calling patterns of your business or organization. For example, if your normal business hours are M-F 8:00 to 5:00,
you will want to set lower time durations during those hours than you would “after hours” when call volumes are lighter
and the periods of time where there is "no data“ might be longer.
Alarm Enable is an ON/OFF toggle to enable the no-data monitor. Default setting is OFF.
Alarm Actions displays the Actions List, a menu where the action string for the event is configured. This field will be
empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions have been configured.
Refer to Action List in the Features chapter for more information.
Alarm Message sets the text string to be delivered with this event’s alarms. Default setting is "No-Data Timeout n“.
(Max length 126 chars)
Alarm Class sets the class for the alarm. When this option is selected, a list of the classes previously defined in the
Class Table is displayed, from which you can select one to be assigned to this event.
Trap Number sets the number to be sent with any SNMP traps for this event. Default is 505, but trap number can
also be set in the range of 1000 – 1199 as needed.
Schedule n Begin Time / End Time sets the beginning and ending times (24 hr clock) for each of two ranges of time.
Page 47
TeleBoss 850 2.06.280_STD User Manual
Schedule n Duration is the number of minutes (0-65535) the unit will wait without receiving data before alarming.
Apply Alarm on Days displays a menu where the seven days of the week are listed, and each can be toggled ON or
OFF to designate whether this particular No-Data alarm is active on that day. Default setting is ON for Monday thru
Friday, and OFF for Saturday and Sunday.
Enable Ports displays a menu where the installed serial ports are listed and each can be toggled ON or OFF to
designate whether this particular No-Data alarm is active on that port. Default setting is OFF for all ports.
Add Exclusion / Delete Exclusion allow you to add or delete specific dates when this No-Data Alarm should “take
the day off”. For example, Christmas is a day you might want to add here. Select Add Exclusion and type in 12/25.
To delete a date, you select Delete Exclusion and type in the date you want to remove. After an exclusion date is
added it appears in the brackets at the bottom of the menu. 15 dates can be entered to be excluded.
Alarm Enable is an ON/OFF toggle to enable the percent full alarm. Default setting is OFF.
Percent Full Threshold set the percent full level at which the alarm will be triggered. Default setting is 80 percent.
Alarm Actions displays the Actions List, a menu where the action string for the event is configured. This field will be
empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions have been configured.
Refer to Action List in the Features chapter for more information.
Alarm Message sets the text string to be delivered with the percentage full alarm. Default setting is DB Exceeds
Threshold. (Max length 111 chars)
Alarm Class sets the class for the alarm. When this option is selected, a list of the classes previously defined in the
Class Table is displayed, from which you can select one to be assigned to this percent full alarm.
Trap Number sets the number to be sent with any SNMP traps for this event. Default is 501, but trap number can
also be set in the range of 1000 – 1199 as needed.
Scheduled Events allow you to schedule specific a specific date/time for an alarm action to occur. For example, you
might want the T850 to send you an Email every morning at 8:00 just so you know it is live on the network.
Page 48
TeleBoss 850 2.06.280_STD User Manual
Scheduled Event n Setup allows you to configure two separate Scheduled Events, each of which can be configured
for any one time on any day of the week. Each day’s time can be scheduled independently from the others.
Enable Event is an ON/OFF toggle to enable the Scheduled Event. Default setting is OFF.
Event Actions displays the Actions List, a menu where the action string for the event is configured. This field will be
empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions have been configured.
Refer to Action List in the Features chapter for more information.
Event Message sets the text string to be delivered with this event’s action. Default setting is "Scheduled Event n“.
(Max length 126 chars)
Event Class sets the class for the event. When this option is selected, a list of the classes previously defined in the
Class Table is displayed, from which you can select one to be assigned to this event.
Trap Number sets the number to be sent with any SNMP traps for this event. Default is 506, but trap number can
also be set in the range of 1000 – 1199 as needed.
Event Time day sets the time (24 hour clock) each day at which the scheduled event action will occur. If no time is
configured for any day, this menu displays OFF.
Add Exclusion / Delete Exclusion allow you to add or delete specific dates when this Scheduled Event should “take
the day off”. For example Christmas is a day you might want to add here. Select Add Exclusion and type in 12/25.
To delete a date, you select Delete Exclusion and type in the date you want to remove. After an exclusion date is
added it appears in the brackets at the bottom of the menu. 15 dates can be entered to be excluded.
An IPRC alarm allows the T850 to monitor the IPRC connection and alert you if the connection is lost. This would be
an indicator that the IP-enabled switch has failed, something has failed on the network connection between the T850
and the switch, or a number of other reasons depending on the device.
Connection Lost Alarm Enable is an ON/OFF toggle to enable the IPRC alarm. Default setting is OFF.
Page 49
TeleBoss 850 2.06.280_STD User Manual
Connection Lost Timeout is the number of seconds to wait before declaring the connection lost. The exact
conditions for timeout vary according to the IPRC method. Default setting is 60 seconds.
Alcatel OmniPCX, this setting determines the number of seconds the client will wait before timing out. A
timeout will occur if the client has not received any data (either ticket data or any protocol control data) from
the switch in the amount of time set forth here. This timeout value can be set from 45 to 90 seconds.
Avaya Definity RSP, this event is triggered when either the socket or the session is down. With RSP, there is
an application-layer connection called a Session that runs on top of the lower-layer socket. It is possible that
the socket is established but the session is not. RSP will not run if the session is not established. This
timeout can be set from 3 to 600 seconds.
Generic Server does not use any application layer protocols so the socket lost timeout is triggered only by
the loss of the TCP connection. This timeout can be set from 3 to 600 seconds.
Connection Lost Alarm Actions displays a list of actions from which the action(s) to be taken for this alarm are
configured. This field will be empty [ ] if no actions have been configured. Refer to Action List in the Features chapter
for more information.
Connection Lost Alarm Message sets the text string to be delivered with this event’s action. Default setting is
Connection Lost.
Upon timeout, an Alcatel OmniPCX client disconnects and will attempt to reconnect in 10 seconds. The
timeout value is restricted between 45 and 90 seconds. Once the alarm is activated, the alarm will not re-arm
until a socket connection is re-established. Avaya RSP and Generic Server are passive TCP servers and
cannot attempt to reconnect to the client. They must wait for the client to reestablish the connection.
Alarm Class sets the class for the event. When this option is selected, a list of the classes previously defined in the
Class Table is displayed, from which you can select one to be assigned to this event.
Trap Number sets the number to be sent with any SNMP traps for this event. Default is 508, but trap number can
also be set in the range of 1000 – 1199 as needed.
Serial Handshaking Alarms allows the T850 to monitor each of its serial ports and alert you if the DTR signal from the
connected devices drops low. This would be an indicator that the connected device has failed, the cable between the
T850 and the device has been disconnected, or a number of other reasons depending on the device. It can also alert
you when the DTR signal goes high again.
I/O n Serial Handshaking Alarms displays a menu for configuring alarming on serial DTR handshaking conditions.
Page 50
TeleBoss 850 2.06.280_STD User Manual
Serial Handshaking Low/High Alarm Enable is an ON/OFF toggle to enable alarming on high or low handshaking
levels. Default setting is OFF.
Serial Handshaking Low/High Alarm Actions displays the Actions List, a menu where the action string for the alarm
is configured. This field will be empty [ ] if no actions have been configured, and will show [*SET*] if one or more
actions have been configured. Refer to Action List in the Features chapter for more information.
Serial Handshaking Low/High Alarm Message is the message sent with any text-based action for this event.
Default setting is “Handshake Low/High”. (Max length for each is 126 chars)
Serial Handshaking Low/High Alarm Class sets the class for the event. When this option is selected, a list of the
classes previously defined in the Class Table is displayed, from which you can select one to be assigned to this event.
Serial Handshaking Low/High Trap Number sets the number to be sent with any SNMP traps for this event. Default
is 510, but trap number can also be set in the range of 1000 – 1199 as needed.
Page 51
TeleBoss 850 2.06.280_STD User Manual
CPE Alarm Settings
These settings are only for use with Customer Premises Equipment (CPE) managed via the Asentria SitePath secure,
unified administration portal software. Contact Asentria Technical Support for further information.
Alarm Enable is an ON/OFF toggle to enable the CPE Down Event. Default setting is OFF.
Alarm Actions displays the Actions List, a menu where the action string for the event is configured. This field will be
empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions have been configured.
Refer to Action List in the Features chapter for more information.
Alarm Trap Number sets the number to be sent with any SNMP traps for this event. Default is 511, but trap number
can also be set in the range of 1000 – 1199 as needed.
Alarm Class sets the class for the alarm. When this option is selected, a list of the classes previously defined in the
Class Table is displayed, from which you can select one to be assigned to this event.
Return to Normal Actions displays the Actions List, a menu where the action string for the event is configured. This
field will be empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions have been
configured. Refer to Action List in the Features chapter for more information.
Return to Normal Trap Number sets the trap number which can be useful when using SNMP trap managers that
employ a trap numbering system to help identify incoming traps. The default trap number for CPR Down Events is
511, but any number in the alternate range of 1000 – 1199 can be used.
Return to Normal Class sets the class for the alarm. When this option is selected, a list of the classes previously
defined in the Class Table is displayed, from which you can select one to be assigned to this event.
Include Date and Time / Site Name / Sensor ID / User Defined Name / User Defined State / Event Class are each
ON/OFF toggles to permit customization of the event message that appears in SNMP traps, Emails, SMS messages,
pages, etc. sent by the T850. Default setting for each is ON, except for Include Event Class which defaults to OFF.
Page 52
TeleBoss 850 2.06.280_STD User Manual
Action Definitions
This menu is where you configure all of the actions possible when events are detected.
Hostname / IP Address n sets the hostname or IP address of the device(s) receiving SNMP Traps. The number
(1,2,3) corresponds to the “index” number for Traps as discussed in the Action List section of the Features chapter.
More Hostnames / IP Addresses displays the Hostname/IP Address Definition Menu where three more hostnames
or IP Addresses (index 4,5,6) can be configured.
Email Address n sets the Email address of the person(s) receiving Email alerts. The number (1,2,3) corresponds to
the “index” number for Email alerts as discussed in the Action List.
More Email Addresses displays the Email Address Definition Menu where three more Email Addresses (index 4,5,6)
can be configured.
Phone Number n sets the phone number (index 1,2,3,4) to call for each dispatch, malert or modem callout as
discussed in the Action List.
Pager Number n displays the Pager n Settings menu where each of four individual pager settings (index 1,2,3,4) can
be configured.
Action Settings displays the Action Settings menu where specific settings to manage actions can be configured.
Pager Number n
Pager Type toggles between NUMERIC and ALPHA to set the type of pager being called.
Pager Callout Number sets the phone number for the pager.
Pager ID is used only with paging systems where many pagers share the same phone number. This is common with
alphanumeric pagers. (Max length is 19 chars)
Page 53
TeleBoss 850 2.06.280_STD User Manual
Numeric Message sets the series of digits (typically callback number) sent to a numeric pager. (Max length is 19
chars)
Post Callout Delay sets the number of seconds (0 to 255) the unit will wait before sending the pager ID. Default
setting is 15 seconds.
Post ID Delay sets the number of seconds (0 to 255) the unit will wait before sending any message data. Default
setting is 5 seconds.
Action Settings
Callout Attempts sets the total number of times to attempt dispatch, Malert or modem callouts if previous attempts
fail. Default setting is 5.
Callout Delay sets the time in seconds (0 - 400) to wait between callout attempts. Default setting is 60 seconds.
Action Schedule displays the Action Schedule Settings menu where actions can be limited to defined days and
times.
Reminder Interval sets the time in minutes (0 – 65535) at which an action is repeated if the sensor (contact closure,
temperature, humidity, or voltage) that triggered the alarm is still in the “active” state. When the sensor has been
returned to the inactive state, the reminder interval is no longer in effect. Default setting is 120 minutes.
Asentria Alarm Version toggles between 1.1 and 1.0 to indicate which type of Asentria Alarm notification will be
displayed. Refer to the Asentria Alarms section in the Features chapter for a detailed explanation of Asentria Alarms.
Require AsentriaAlarm ACKs is an ON/OFF toggle to enable or disable forcing the unit to require an
acknowledgment when first connecting, and after each Asentria Alarm. If disabled, the T850 will allow non-CRC mode
where Asentria Alarms are delivered without waiting for any indication that the messages were properly delivered. If
enabled, CRC mode is required by the T850. Refer to the Asentria Alarms section for more information about
Asentria Alarms and CRC and non-CRC modes. Default setting is OFF.
Action Schedule
Actions Schedule Enable is an ON/OFF toggle to enable the action schedule. Default setting is OFF.
Begin Time/End Time sets the beginning and ending times (24 hr clock) during which alarm actions can be taken.
Default settings are 08:00 (Begin Time) and 17:00 (End Time).
Weekdays Only toggles whether actions are only performed Monday thru Friday. Default setting is ON.
Page 54
TeleBoss 850 2.06.280_STD User Manual
General Settings
Site Name sets the name assigned to this T850. This name is included with alarm messages (Traps, Emails, etc.)
and is displayed at the top of the Status screen. The name should be unique for clarity. (Max length 40 chars)
Default setting is “850 - <serial number>”
Answer String sets the string that is presented when a user connects to the T850 via Telnet or modem. (Max length
31 chars)
Escape Key is the decimal ASCII character code of the key you must press three times to escape from passthrough
or other transparent modes. Default is 27, the <ESC> key.
Confirmation Prompt is an ON/OFF toggle to set whether a confirmation prompt (Are you sure (y/n)?) is
displayed when the commands COLDSTART, DEFAULT, DEFAULT ALL, and ZERO are issued, and when clearing
the settings for an EventSensor in the EventSensor Setup menu. If there is no response within 30 seconds, the T850
will cancel the command. Default is ON.
Time Stamp Format toggles through three options for how time stamps are formatted: HH:MM, HH:MM:SS, or Blank.
Default setting is HH:MM.
Date Stamp Format toggles through four options for how date stamps are formatted: MM/DD, MM/DD/YY,
MM/DD/YYYY, or Blank. Default setting is MM/DD.
Space After Date/Time Stamp is an ON/OFF toggle to set whether a space is appended to the end of the Date/Time
stamp. Default setting is ON.
Prompt sets the character(s) or settings values displayed as the command line prompt. Refer to the Customizable
Command Prompt section in the Features chapter for more information. (Max length 63 chars)
Date/Time Setup displays the System Date/Time menu where you can manage the clock, daylight savings control,
and configure a networked time server.
Legacy Settings displays a menu for configuring legacy products that may be connected to the T850.
Joinable Pass-through is and ON/OFF toggle to allow or disallow multiple user pass-through sessions. ON allows
more than one user to connect on a pass-through session. OFF does not allow more than one concurrent pass-
through session, and those attempting to join after the first user is connected will receive a “port in use” error
message. Default setting is ON.
Page 55
TeleBoss 850 2.06.280_STD User Manual
Date/Time Settings
Current Date sets the date. The unit automatically calculates the day of the week to display on the Status screen.
Note: The date and time settings are maintained by means of an internal battery backup when power is removed
from the T850.
Adjust for Daylight Savings is an ON/OFF toggle that allows automatic daylight savings time updating.
A brief explanation of daylight savings time (effective 2007): On the second Sunday in March, clocks are set
ahead one hour at 2:00 a.m. local standard time, which becomes 3:00 a.m. local daylight time. On the first
Sunday in November, clocks are set back one hour at 2:00 a.m. local daylight time, which becomes 1:00 a.m.
local standard time.
GMT Difference (hours) sets the number of hours the current time zone is offset from GMT. Valid input ranges from
0 to 12. Default setting is 8 hours.
GMT Difference Direction sets whether you are east (ahead) or west (behind) of GMT. For example, Pacific time
(GMT-8) is behind and Tokyo time (GMT +9) is ahead. Default setting is BEHIND.
SIMPLE - With network time set to SIMPLE the unit attempts to contact the configured time servers (see Time
Servers setting below) periodically, attempting to query each using Simple Network Time Protocol (SNTP),
Time, and Daytime protocols, in that order. Once a response is received for any protocol, the unit sets the
system clock to the new time, updates the real time hardware clock (RTC), then the network time process
dies. The interval for checking network time is hard-coded to 12 hours plus or minus a random several hours.
NTP – With network time set to Network Time Protocol (NTP), the NTP daemon is kept running at all times.
Unlike the SIMPLE setting, with NTP the clock is not immediately set as soon as a time server is contacted.
Rather, the NTP daemon utilizes various algorithms to set the time in an accurate and robust manner. Since
the NTP daemon updates the system time asynchronously, the current time is stored in the RTC every 30
minutes while it is running. Note that if you change the clock manually, it may be a period of an hour or more
before NTP resets it.
Time Servers displays a menu where the hostname or IP address of six time-servers can be configured. (Max length
64 chars) The T850 uses the following servers by default:
Page 56
TeleBoss 850 2.06.280_STD User Manual
Legacy Settings
Released Compressed is an ON/OFF toggle to enable release of data in a compressed or uncompressed format.
Default setting is OFF.
Autodelete After Polling is an ON/OFF toggle to enable the deletion of data from the call record database once it
has been polled. Default setting is OFF.
Wait for NEXT is an ON/OFF toggle that causes the unit to wait for the NEXT command before sending data once the
RL command has been issued. Default setting is OFF.
Omit END DATA is an ON/OFF toggle that causes the unit to send or omit the string "END DATA" when a command
processor poll is complete. Default setting is OFF.
Line Tag is an ON/OFF toggle that adds or omits the serial number line tags on each line of stored data. Default
setting is OFF.
Release Mode toggles the following modes of releasing stored data: LINE, XMODEM, and CBB. Unless your
application specifically uses XMODEM or CBB, leave this set to the default setting of LINE.
CBB DLE Stuffing / Retransmits / Timeout are specific configuration options for polling via Compressed Binary
Block (CBB) mode. CBB is a release method included for compatibility and is not otherwise documented in this
manual.
The Event Log is a record of all data events that occur within the T850.
List Events File displays the contents of the Events File, if any records exist.
Clear Events File purges the records within the Events File. Records in the Events File are deleted immediately
when this option is selected, so make sure you want to do this before selecting.
Enable Events Log File is an ON/OFF toggle to enable Event logging. Default setting is ON.
Page 57
TeleBoss 850 2.06.280_STD User Manual
Maximum File Size sets the maximum number of KB the Event File can reach before overwriting the oldest records.
Available options are 0, 32, 64, 128, 256, 512 and 1024. Default setting is 32.
Store Data Alarm Records is an ON/OFF toggle to enable storing data alarm records. Default setting is OFF.
Store Sensor Events is an ON/OFF toggle to enable storing records generated by environmental sensors. Default
setting is OFF.
Date/Time Stamp Data Alarm Records is an ON/OFF toggle to prepend a Date/Time stamp to the beginning of data
alarm records. Default setting is OFF.
Prepend Data Alarm Name is an ON/OFF toggle to prepend the name of the Data Alarm to the beginning of the data
alarm record. This aids in identifying which Data Alarm an alarm record is associated with. Default setting is OFF.
The Audit Log is a record of a variety of actions that occur within the T850. The Audit Log is stored as a CRDB file;
that is, it is accessed and controlled under the same policies which govern how you would generally access buffered
data. For example, you can have the Audit Log FTP-pushed like any other CRDB file. Unlike other CRDB files, you
can view the Audit Log from within the Audit Log Settings menu. The Audit Log overwrites itself when it becomes full.
The audit.log.maxsize setting controls the maximum size (in K) to which the file should be limited. If the setting
is 0 then the Audit Log’s only constraint on size will be the available physical memory. This available memory could
be used for more important data buffering which is why the default maximum audit log file size is 32, not 0.
List Audit Log File displays the contents of the Audit Log file, if any records exist.
Clear Audit Log File purges the records within the Audit Log file. Records in the Audit Log File are deleted
immediately when this option is selected, so make sure you want to do this before selecting.
Enable Audit Log File is an ON/OFF toggle to enable Audit logging. Default setting is ON.
Maximum File Size is the maximum number of KB the Audit Log can reach before overwriting the oldest records.
Available options are 0, 32, 64, 128, 256, 512, and 1024. Default setting is 32.
The remaining options are ON/OFF toggles to enable logging of the action described. Default settings for all is ON.
Page 58
TeleBoss 850 2.06.280_STD User Manual
The most you can do to restrict what information the Audit Log contains is to disable the Audit Log by setting
audit.log.enable to OFF, also in Setup Menu -> Audit Log and the Logs -> Audit Log portion of the Web UI.
Nothing goes in the Audit Log when it is disabled. If you want some information to go in the Audit Log then configure
the settings for the kind of information you want logged.
Restrict which users have access to the Audit Log by changing their file permissions. There are two permissions:
read (a.k.a. release) and write (a.k.a. delete), which are accessible with sec.user[x].audit.readaccess and
sec.user[x].audit.writeaccess, also available in the Setup Menu -> Security -> Specific Security -> User
Profile x -> File Release Permissions/File Delete Permissions, and the Security -> User Profiles -> User Profile x ->
File Release/Delete Permissions portion of the Web UI. The possible values for these settings are ALLOW and
DENY.
The FTP Push settings are writable by a user with ADMIN1 rights or greater. Restrict which user(s) have ADMIN1
rights in order to prevent users who would ordinarily not have permissions to view the Audit Log to configure the unit
to FTP-push the Audit Log to some server where that user could read them.
Scripting Settings
Scripting is a T850 feature that is complex enough that it has been given it’s own chapter in this User Manual. The
initial Scripting Settings menu is displayed below, but a full description of the options along with other information
necessary to use the scripting functions can be found in the Scripting chapter.
Page 59
TeleBoss 850 2.06.280_STD User Manual
Note: Before upgrading it is always a good idea to make a copy of the Setting Keys file in your T850, in case
settings are lost during the upgrade. This usually does not happen, but it’s better to be safe than sorry.
From the command line type: xf f get <update filename> <host> <username>
(note: you can type ‘xf’ at the command prompt to get usage for this command.)
1) Make an FTP connection to the T850 using a username and password that has MASTER rights.
2) Type hash at the ftp prompt. (This is optional - it just creates hash marks (###) while the file is transferring so you
can see something happening.)
4) Hash marks will now appear to show you that the file is transferring. When the transfer is complete you will be
returned to an ftp prompt.
5) Type: BYE at the ftp prompt. The unit still has to process this file, which takes about 5 minutes, at which time the
unit will reboot. When the unit detects the update file and begins processing it. Wait until the unit reboots before
proceeding.
6) After the T850 reboots, connect to it and either check the top line of the Status screen, or type VER at the
command line. You should see that the unit is now upgraded to the new version.
7) Check your settings to be sure none have been lost. If they have, reload the Setting Keys file.
Note: While the T850 is processing the update file, it is very important that the unit not be power-cycled, nor should
the Reset button be pushed.
Note: The update file can be transferred via several other methods, including Xmodem, Zmodem, Ymodem,
ASCII, TFTP and SFTP. Contact Asentria Technical Support for instructions.
Page 60
TeleBoss 850 2.06.280_STD User Manual
Setting Keys
Setting Keys (SK) provide a flat file, human readable, means of setting and retrieving settings within the unit. Setting
Keys are commonly used to clone settings across multiple units or in automated processes.
Setting Keys is abbreviated when used on the command line as SK. Following are commands when working with the
Setting Keys File from the command line of the unit.
SK [KEY[=value]] allows for reading or setting a single Setting Key. If the value portion of the command is omitted,
the T830 will report back the value stored in that key. If the value is given, it will be stored in the key.
SK GET [X|A [CUSTOM] [filter]] initiates a download of unit settings. This listing can be retrieved either by Xmodem
or plain ASCII using the X and A attributes, respectively. If the transfer mode attribute is omitted, the unit will prompt
for the download method. The CUSTOM tag may be used to retrieve only the settings that are not set to factory
defaults. A filter may be applied to limit the keys output to just the branch specified. For example, to retrieve an ASCII
listing of all EventSensor settings, use the command: SK GET A EVENT.SENSOR
SK SET [X|A] puts the unit in bulk Settings Keys upload mode. Any of the settings retrieved by SK GET can be
manipulated and uploaded with new values. The unit will process settings in any order or number; not all settings
need to be uploaded each session. As with SK GET, both ASCII and Xmodem transfer methods may be used to
upload settings to the unit. These transfer methods are indicated by using the X and A attributes, respectively. The
T850 monitors for invalid Setting Keys and will notify you after the upload if any invalid data was received.
When using SK SET in ASCII mode, the data uploaded must end with a line consisting of the word "END" followed by
a return.
SK HERE allows you to set or get individual keys interactively. Typing just the key name will cause the value to be
displayed. Typing the key name plus a new value will set that key. The unit will keep prompting for a new key or
key/value pair until you press <Esc> or <Enter>.
FTP> GET SKALL FILENAME.TXT retrieves all of the Setting Keys for the unit, similar to the SK GET A command
described above.
FTP> GET SKCUSTOM FILENAME.TXT retrieves any settings that are not set to factory default, similar to the SK
GET A CUSTOM command described above.
FTP> PUT FILENAME.TXT SKALL and PUT FILENAME.TXT SKCUSTOM load the settings in FILENAME.TXT onto
the T850.
Upon successful completion of loading the settings FTP will respond with "226 - Transfer complete". If there is
a problem in the Setting Keys file then FTP will respond with "226 - Transfer complete; errors in
setting key file! Type Get SKLOG to view"
FTP> GET SKLOG retrieves the Setting Keys log as described above.
SK Commands Description
sk get script Dumps all scripts
sk r
sk get Dumps all Setting Keys followed by scripts. Setting Keys are
sk g wrapped with <keys>…</keys> XML-like header and footer text.
sk get custom Dumps only the custom Setting Keys – no scripts. Setting Keys are
sk c not wrapped with <keys>… </keys> XML-like header and footer text.
sk get status Dumps only the Status Keys – no scripts. Status Keys are not
sk ? wrapped with <keys>… </keys> XML-like header and footer text.
Page 61
TeleBoss 850 2.06.280_STD User Manual
Status Keys
Status Keys are read-only keys that can be read using the command SK [KEY]. The current value of the key will be
displayed.
Other commands to obtain a dump of all current Status Key values are:
sk get x status to start an Xmodem download of the Status Key file
sk get a status to start an ASCII download of the Status Key file
sk g status to start an ASCII download of the Status Key file
sk ? to start an ASCII download of the Status Key file
Or, you can log into the FTP server and issue the “get skstatus” command.
The table below lists the general Status Keys available on the T850. Other Status Keys that apply to specific
hardware (wireless modem, GPS) are defined in those sections of this manual.
Page 62
TeleBoss 850 2.06.280_STD User Manual
net.dsl.info.updated String Returns the last date/time at which the values in
the net.dsl.info.* key hierarchy were last
updated. These values are updated when
directed by the user (by setting
net.dsl.command to 20) or every few seconds
by the unit until the ADSL modem is connected
to the ISP (at which time it doesn't update until
directed by the user or ISP connectivity is lost).
net.dsl.info.ver.atm String Returns the ADSL modem ATM driver version.
net.dsl.info.ver.dslhal String Returns the ADSL modem DSL HAL version.
net.dsl.info.ver.fw String Returns the ADSL modem firmware version.
net.dsl.info.ver.pump String Returns the ADSL modem data pump version.
net.dsl.info.ver.sarhal String Returns the ADSL modem SAR HAL version.
net.dsl.info.ver.sw String Returns the ADSL modem software version.
net.dsl.status Integer >=0
Returns the state of the DSL interface. Refer to
DSL Status section for more details.
net.eth[x].link, where x is 1 or 2 Up, Down Returns whether the interface is up or down. It's
for first or second Ethernet interface used to determine if there is anything on the
other end of the Ethernet cable ("Up" if yes).
net.vpn.error String Returns any error in VPN setup that was
detected when a VPN connection (either passive
or active) was attempted.
net.vpn[x].status, where x is the 0..2 Returns the status of VPN x. Refer to the VPNs
VPN number section for more details.
sec.vpn.auth.pubkey String Returns the public part of the unit's IPsec key
pair for RSA digitial signature authentication
sys.commission.ip Dotted quad Returns the reserved IP address the unit uses
only for SitePath commissioning.
sys.commission.state 0..17 Returns values indicating the state of the
SitePath commissioning process.
sys.crdb.file[x].records, where Integer >=0 Returns the number of records in a CRDB file.
x is 1 to <number of serial ports>, or 17
for the Event Log or 18 for the Audit Log.
Page 63
TeleBoss 850 2.06.280_STD User Manual
SNMP
Telnet/FTP
Button Unlock
IP Address Restrictions
NetPoll Feature
Security mode
The security mode (sec.mode) tells the unit how to control users' access to it. You can configure either User Profiles
mode or RADIUS mode. (See Security Settings Menu). For either mode, you can restrict by what methods a user can
connect, as well as whether the user receives "Username:" and/or "Password:" when prompted for those items. Be
careful to always preserve a way to access the unit as a MASTER user (that is, a user with rights=MASTER). This is
the user with full access to configure all settings and invoke all commands. If you are using User Profiles, ensure,
before you log out, that you have a MASTER user configured and that you don't forget its password. If you are using
RADIUS then you can configure a MASTER user any time as long as you can configure users on the RADIUS server.
Before logging out of the unit when configuring RADIUS, ensure the unit can ping the RADIUS server, and that you
verify that a user can access the unit via RADIUS. If the user cannot log in to the unit via RADIUS then you will need
your existing login in order to gather data to help troubleshoot why the RADIUS user cannot log in.
If you are logged into the unit, you can put traffic on any network to which the unit is connected. For example, pinging
a host on the network, FTP-ing to it, SSH-ing to it, Telnet-ing to it. Therefore good security comes from making it so no
unauthorized persons have access to the unit. This is something you must ensure with the User Profiles or RADIUS
security mode configurations.
SNMP
By default anyone can access the unit via SNMP, and the TeleBoss's MIB is fully featured with configuration objects.
Therefore if you don't take care to secure SNMP, you leave the unit open to unauthorized users. There are 3 ways to
secure SNMP.
1. turn it off (net.snmp.enable=OFF)
2. leave it enabled for all SNMP versions (net.snmp.enable=ALL VERSIONS) but ensure that the community
name is a strong password and that all user profiles have strong passwords. Be aware however then for
snmpv1 and v2c, the community names are transmitted in the clear, as with Telnet, so anyone eavesdropping
on the network may get unauthorized access to the unit.
3. set it to V3 only (net.snmp.enable=V3 ONLY) and either use RADIUS or use a User Profiles configuration
that has strong passwords.
Telnet/FTP
Keep in mind that like SNMP, login credentials (and all application content) are transmitted in the clear for Telnet and
FTP, so anyone eavesdropping on the network could gain unauthorized access to the unit. Therefore, to tighten
security on Telnet, either do not use it, forbid it (with sec.connectvia), or use it with RADIUS/CHAP or User
Profiles with one-time password or challenge response.
Page 64
TeleBoss 850 2.06.280_STD User Manual
SSH (Secure Shell)
To enable SSH access to the T850, you must generate a host key with the SSHC command (see the section on
SSHC for details). This is the preferred network access method over telnet of course because the traffic is encrypted.
Button Unlock
With the Button Unlock feature, you can regain access to a unit that you have been locked out of. This is meant as an
insurance policy against the only other resort to locking yourself out, which is returning the unit to Asentria.
When this feature is set to ON (default setting), the user can tap the Reset button 5 times quickly (1-2 times per
second), at which point the front-panel LEDs will flash briefly for several seconds, giving the user immediate Console
access using the default MASTER username and password.
If you do not want the Button Unlock feature enabled, for example in environments where physical access is not
assumed to be trusted with access, then be sure to turn it off (sk sec.button.unlock=OFF), or set the Button Tap
Allows Console Access in the Security Settings/General Security Settings menu to OFF.
If you lock yourself out and gain access again with the Button Unlock feature, remember to reconfigure the settings
that were defaulted by the Button Unlock feature to maintain your prior security configuration!
IP Address Restrictions
With the IP Address Restrictions feature you can select what kind of network traffic the unit should ignore or heed
based on the source IP address of such IP frames.
VPN
For the highly secure, flexible, and centralized network access control (aside from unplugging the network cable), use
IPsec VPNs to SitePath (Asentria’s secure, unified administration portal software). VPNs are disabled and
unconfigured by default. Refer to SitePath documentation for details on how to manage units with SitePath via VPN.
NetPoll Feature
NetPoll is a feature developed for one customer of Asentria’s which all other users will never use. However it can
pose a security risk if it is enabled. When enabled, it causes the T850 to listen on TCP port 3001 for an incoming
connection from the polling machine, which it then accepts. This feature is set using one of the following two Setting
Keys:
sec.connectvia=ON
sec.connectvia.netpoll=ON
By default, neither of these Setting Keys are set to these values, so unless they are specifically set as such the T850
will not accept any connection attempt from TCP port 3001.
Page 65
TeleBoss 850 2.06.280_STD User Manual
Telnet/TCP Connections
The T850 provides support for Telnet/TCP connections via two internal Ethernet interfaces. Refer to the Ethernet
Settings menu for information on how to configure these.
All Telnet connections are TCP connections but not all TCP connections are Telnet connections. A Telnet connection
is made to the T850 by using the Telnet protocol and by specifying a TCP port address. ‘Telnet’ refers to a TCP
connection made on port address 23, which specifies that characters are supposed to be handled a certain way. The
T850 supports Telnet connections and also supports some custom assigned port numbers to facilitate certain
connection features.
The following information assumes that you know how to run your computer to establish and use Telnet/TCP
connections and only require the specific information relating to the T850 features. Port numbers below include "x“
where "x“ is the corresponding T850 file or port number. (ie; 2101 refers to the Telnet passthrough connection made
on serial port 1.)
Port Address 200x: A connection to port 200x is just like a regular Telnet connection to port 23, except it sets
the default file for retrieving data or the default port when the BYPASS command is given.
Port Address 210x : A connection to port 210x routes you directly to the device connected to the corresponding
serial (I/O) port. A banner message will be displayed indicating you are connected to that I/O port. To disconnect
from this access mode press the <ESC> key twice. Refer to the Passthrough section in this chapter for more
information.
Port Address 220x: A connection to port 220x is referred to as a Real-Time Socket. These are sockets that are
dedicated to exporting data from file "x“ in the T850. If there is any data already stored in a particular file, it will
first be transferred out of the T850 to the user or machine initiating the connection. After all the data currently in
the file is transferred out, any data that is coming into the T850 will be immediately transmitted out and across this
connection. Refer to the Real-Time Sockets menu for information on how to configure these.
Disable Telnet by setting sec.connectvia.telnet to OFF, also in Setup Menu -> Security -> General Security ->
Globally Allow Access via, and the Security -> General Settings portion of the Web UI.
Enable the “authentication required” options for Telnet-based services (applicable to User Profiles security mode only)
by setting the sec.tcp23req, and sec.tcp210xreq settings to ON. This is also in the Setup Menu -> Security ->
Specific Security -> Authentication Settings -> TCP/IP Port 23 Requires Password and TCP/IP Port 210x Requires
Password, and the Security -> User Profiles portion of the Web UI. You may also choose to make the unit require the
username upon login by setting sec.authmode to ”USERNAME/PW”, also in the nearby portion of the Setup Menu
labeled “Username and/or Password Required”.
When authentication is required (in RADIUS security mode, or in User Profiles security mode when the “authentication
required” options are enabled), then you can restrict which users are allowed to log in via Telnet. Do this my setting
sec.user[x].connectvia.telnet to ON or OFF (where x is the User Profile number, 1 – 12), also in the Setup
Menu -> Security -> Specific Security -> User Profile x -> Allow User Connection via, also in the Security -> User
Profiles -> User Profile x portion of the Web UI. When using RADIUS security mode, use the Asentria-Connect-Via-
Telnet vendor-specific attribute.
Enable enhanced authentication for Telnet-based services (applicable to User Profiles security mode only) by setting
sec.user[x].challenge.telnetmode to CHALLENGE or SEND PASSWORD, also in the Setup
Page 66
TeleBoss 850 2.06.280_STD User Manual
Menu -> Security -> Specific Security -> User Profile x -> Additional Authentication Options -> Secure Authentication
via Telnet, or the Security -> User Profiles -> User Profile x portion of the Web UI. Enhanced authentication uses
challenge/response or one-time-password mechanisms; this avoids having to transmit user credentials in the clear.
For more detail on enhanced authentication options, refer to the “Setup Menu -> Main Setup Menu -> Security
Settings” section of the User’s Manual.
When RADIUS security mode is enabled, Telnet must be enabled (i.e., sec.connectvia.telnet must be ON) in
order to use Telnet with RADIUS. The other two ways of securing Telnet (“authentication required” setting and
enhanced security settings) are not applicable to RADIUS security mode.
Page 67
TeleBoss 850 2.06.280_STD User Manual
VLANS
A VLAN (802.1Q Virtual Local Area Network) is used to separate broadcast domains via software instead of via
hardware (physical layout of network devices and cabling). Software on network nodes (like the T850) abstracts this
into virtual network interfaces, so each interface can have its own virtual interface configuration (static address, subnet
mask, router). The unit operates with virtual interfaces the same as it would with real interfaces.
Configuration
Each Ethernet interface can have up to 6 VLANs bound to it. Access configration items via any of the following:
Menu: Setup -> Network Settings -> Ethernet Settings -> Ethernet x -> VLAN Settings
Web: Networking -> Ethernet Settings -> Ethernet x Settings -> scroll down to VLANx Settings
Keys: net.eth[].vlan[].id
net.eth[].vlan[].priority
net.eth[].vlan[].ip
net.eth[].vlan[].mask
net.eth[].vlan[].router
net.eth[].mode
VLAN ID
0 to 4094; this is what identifies the VLAN.
VLAN priority
0 to 7; this is the priority assigned to egress frames.
Network mode
Set this to VLAN to engage the interface in VLAN mode. While the interaface operates in VLAN mode, its
normally configured settings (IP, mask, router) are still configured but the interface does not use them. The
interface heeds those settings only when it's in STATIC mode.
Example
Put the unit on three VLANs bound to the cable attached to the first Ethernet adapter, 10.20.20.0/24, 10.30.30.0/24,
and 10.40.40.0/24, with VLAN ids 20, 30, and 40, respectively. The unit will route off its local nets via the 10.30.30.1
router.
Configure:
net.eth[1].vlan[1].id=20
net.eth[1].vlan[1].ip=10.20.20.2
net.eth[1].vlan[1].mask=255.255.255.0
net.eth[1].vlan[2].id=30
net.eth[1].vlan[2].ip=10.30.30.2
net.eth[1].vlan[2].mask=255.255.255.0
net.eth[1].vlan[2].router=10.30.30.1
net.eth[1].vlan[3].id=40
net.eth[1].vlan[3].ip=10.40.40.2
net.eth[1].vlan[3].mask=255.255.255.0
net.eth[1].mode=vlan
If no other interfaces are active then the unit will select 10.30.30.1 as the default router (gateway); if other routers are
configured for other interfaces then you can override this by configuring net.default.router.
Page 68
TeleBoss 850 2.06.280_STD User Manual
VPNs
This section of the Features chapter is a discussion of Virtual Private Networks relating to how the T850
communicates with SitePath, Asentria’s secure, unified administration portal software. For a full description of how
SitePath is configured and administered, please refer to the SitePath User Manual and other user documentation that
comes with SitePath.
A Virtual Private Network (VPN) is a network that is tunneled (the virtual part), typically across a public network, and
secured (the private part), typically with IPsec or SSL.
The VPN architecture in SitePath version 1.00.xxx is one where all deployed units always have a VPN up to SitePath.
Remote access, alarm management, and configuration management were handled transparently with the assumption
that there is always a secure tunnel between SitePath and every deployed unit.
The VPN architecture in SitePath versions >= 1.01.000 is one where deployed units can be commissioned to either
always have a VPN up to SitePath, or only have a VPN up when needed. To make more conservative use of
resources, it is recommended such that units be commissioned such that VPNs are brought up only when needed.
That is, with VOD is enabled (this is done by enabling it in the unit web UI upon commissioning). Because units are
typically deployed behind firewalls at customer sites, the unit must initiate any kind of network traffic -- SitePath cannot
ordinarily initiate a VPN to a unit deployed behind a firewall. For this reason a lightweight UDP network channel is
implemented called the Unit SitePath Channel (USC). When the VPN is not up, the USC is used to control when the
VPN must be raised. When the VPN is up, the USC (which then operates over the VPN) is used to control what the
VPN can be used for and when the VPN can go down.
If SitePath needs to do remote access or configuration management of a deployed unit, it commands the unit to raise
the VPN via the USC. When the unit needs to send any traffic to SitePath (alarm traffic, email, etc.), it uses the USC to
raise the VPN. When the VPN is no longer needed (no remote access or configuration management, and no traffic to
send to SitePath from the unit), the VPN is taken down. The USC is always running between the unit and SitePath
and the unit can only initiate the USC (because the unit is typically behind a firewall). Without the USC, the VPN
cannot be raised, and without the VPN, you cannot do remote access, alarming, email, FTP push, and SNMP
notifications via SitePath.
The USC itself is selectively secure. That is, traffic is only secure (i.e., encrypted and authenticated with 256-bit
Blowfish and HMAC-SHA1) when it needs to be secured and is not secure when it does not need to be secured.
Currently the only USC traffic that is transmitted non-secure is traffic that does not need to be secure: the serial
number of the unit. This data is transmitted in keepalive frames which are used to keep the channel between SitePath
and the unit open through routers and firewalls.
Configuration
To use VPN on-demand, configure net.vpn.ondemand.enable=on on the unit. This setting is on by default in unit
version >= 2.04.040 and off by default in previous versions. No SitePath configuration is necessary.
Usage
In addition to the two areas where the user notices the impact of VPN on-demand – Raising a VPN and Lowering a
VPN –VOD can also be used for Automatic Data Delivery and Restricted Trust.
Page 69
TeleBoss 850 2.06.280_STD User Manual
Raising a VPN
In SitePath version < 1.01.000, a SitePath user clicked the Connect button in the SitePath web UI in order to initate
remote access. The Connect button immediately turned into a Disconnect button (meaning the connection was set up
immediately). This speed is because the VPN to the unit is always up. Now with VPN on-demand (SitePath version >=
1.01.000), the VPN may be down when a SitePath user clicks the Connect button. To raise the VPN there is a delay of
typically 15 seconds while the VPN is negotiated. During this time the Connect button (labeled as "Connect (will entail
a delay)") turns dim. Once the VPN is up the dim Connect button turns into a non-dim Disconnect button.
On units with version >= 2.04.030, the vpn can be raised multiple ways:
sk net.vpn.1.cmd=2
cause an event that has an action that causes the unit to connect to SitePath
enter DOTRAP, if any of the configured SNMP managers are the address of SitePath
enter PUSHTEST or PUSHNOW, if the configured FTP push server address is the address of SitePath
wait for the unit to raise a VPN on its own (or SitePath's own) accord, which can happen in multiple ways:
SitePath user wants access to the unit or any of its configured CPEs that are visible to SitePath
unit needs to sync its clock (clock sync is automatically configured during commissioning)
When raising a VPN via DOTRAP, DOMAIL, or PUSHTEST, the user receives feedback about SitePath connectivity
progress, much like the user receives feedback when they use those commands and cause PPP to be raised. There
are two main factors to consider when the unit sends data to SitePath:
1. the VPN status; if it is down, it needs to be raised.
2. the authorization status; all types of traffic sent over the VPN first needs to be authorized to be able to use
the VPN, and this is negotiated over the VPN with SitePath before that type of traffic (e.g., email, alarms,
etc.) is commenced. Once a type of traffic is authorized for a VPN, it remains authorized until the VPN
goes down.
Once a VPN is raised, it will remain up until it is decided and agreed by both the unit and SitePath that the VPN should
go down. This typically happens due to inactivity timeout, which can controlled by the SitePath key
vpn.idle.timeout. (3 minutes by default) Note that so long as a SitePath user is connected to a unit or any of its
CPEs, the VPN will not go down, even if there is no activity on the VPN to warrant the inactivity timeout triggering.
Lowering a VPN
A VPN between SitePath and a deployed unit is lowered when no SitePath user has a remote access connection to
the unit or to a CPE attached to the unit, and the inactivity timer for the VPN has expired. The inactivity timer is 3
minutes by default, but can be changed with SitePath key vpn.idle.timeout. When the VPN is lowered, a
subsequent operation to raise the VPN has a typical delay of 15 seconds, but can be longer depending on
unpredictable factors such as processor loading and network integrity.
Page 70
TeleBoss 850 2.06.280_STD User Manual
Restricted trust
Restricted trust (introduced in SitePath 1.01.000 and Omnix Release 2.04.030) is a way of using a unit with SitePath
such that the end user does not trust SitePath completely; in other words, the end user maintains full
admin privileges over the unit (and SitePath does not have full admin privilege of the unit) and restricts their trust of
SitePath. The unit and SitePath are still connected but SitePath (and any SitePath users or the SitePath administrator)
is not always authorized (i.e., is not completely trusted) to access the unit and CPEs behind that unit. Restricted trust
helps end users have more control over what CPEs are accessible when by SitePath, as well as the degree to which
SitePath can do certain functions on the unit (such as loading updates and settings).
There are two ways of thinking about restricted trust: coarse adjustment and fine adjustment.
Coarse adjustment
Restricted trust is configured with a setting called sys.sitepath.trustmode on the unit at the time of
commissioning (also in the Commissioning page of the unit web UI). There are two values: FULL and RESTRICTED.
FULL means the unit (and the end user) trust SitePath fully: SitePath or anyone behind SitePath can do
anything on the unit (this is called master access to the unit) and the end user network.
RESTRICTED is for end users less trusting of SitePath or at least more strict about authorizing what SitePath
can do on their networks. It means the unit (and end user) do not trust SitePath fully. In this mode of
operation, SitePath does not have master access to the unit. Without master access, you can't configure
CPE's, and you can't Telnet/SSH to nodes on the end user's LAN from the unit.
Restricted trust must be configured at the time of commissioning. If one configures full trust, commissions the unit, and
then changes the trust mode setting to restricted trust, that alone is not enough to make the unit restricted from
SitePath's perspective -- you must recommission (i.e., decommission and then commission again) the unit while the
unit is configured with restricted trust.
Restricted trust also has two other associated settings, sec.action.loadsk and sec.action.loadupdate.
These control whether a unit commissioned under restricted trust allows SitePath to load update files onto the unit or
load settings onto the unit. By contrast, when a unit is commissioned under full trust, SitePath always has the authority
to load settings and updates. In the unit web UI, these two settings are represented by the "Trust SitePath to load
settings/updates" controls in the Commissioning page. These two drop-down controls are yes or no, but the actual
values of the settings are are access levels (0-7). In a more general sense, these settings specify the minimum access
level (master, admin3, etc.) of a user that is necessary for that user to load settings or updates. Specifically for
SitePath, this means that:
when the web UI control is set to YES and trust mode is RESTRICTED, then the sec.action.* setting is
set to access level 5 (which equals admin3). Since SitePath is given admin3 rights to the unit in restricted trust
mode, this setting being 5 means that SitePath can do what the setting says (either load settings or updates).
when the web UI control is set to NO and trust mode is RESTRICTED, then the sec.action.* setting is set
to access level 6, meaning that SitePath cannot do the associated action (load settings or updates). In FULL
trust mode, SitePath is given master rights to the unit, so it does not matter what the sec.action.* settings
are (which is why their associated controls in the web UI are dimmed out when the trust mode is set to FULL).
Restricted trust affects a SitePath user in that when they go to initiate access to any CPEs they have permission to
access (permission as granted by the SitePath Administrator, confgured via the SECURITY section of the SitePath
Web User Interface), they may get a message saying that a CPE is unauthorized. They then have the option of
requesting authorization from the end user through in that same web UI page. When the end user authorizes access,
the SitePath user can then proceed with their remote access tasks. At any time the end user can deny access to
SitePath (and by extension, all SitePath users).
Restricted trust affects end users in that they can feel comfortable knowing that although they have outsourced
management of certain aspects of their network, the end user solely posseses the authority on deciding what gets
accessed when on their network. End users also have a fine-grained way to control access to CPEs which is
discussed in the next section.
In sum, restructed trust means that SitePath, and by extension the SitePath administrator, and by further extension
the SitePath users, cannot access any end-user-LAN IP address unless it is configured as a CPE, and only the
end user can configure the CPEs (because the CPE settings require master rights to change). Under restrictred trust,
SitePath (and its adminsitrator and its users) do not have master rights to a unit. Therefore, this feature solves of the
problem of "how to prevent SitePath from unauthorized access to nodes on the end user LAN". End users authorize
Page 71
TeleBoss 850 2.06.280_STD User Manual
access when end users configure CPEs, which happens at commissioning time -- presumably the end user does the
commissioning, not a technician from the entity running SitePath. Under restricted trust, end users have master rights
(somebody/something must and in restricted trust mode, it is not SitePath), so they (end users) are the ones that
authorize access.
Fine adjustment
There is also the problem of "how to more finely adjust when a CPE can be accessed", which is where the CPE
authorization feature comes in. CPE authorization means that for each CPE, there is a setting that specifies whether
the CPE is currently authorized for SitePath access (and by extension anyone behind SitePath: its administrator and
its users). In this way, the CPE can be in the SitePath web UI, but not accessible until the end user excplicity
authorizes access, once access is requested by a SitePath user, via the actions configured for the CPE Authrorization
Requested event on the unit (introduced in unit version 2.04.030). This is explained in further detail in the next
paragraph.
When a user clicks the connect button for a CPE, and the CPE is not currently authorized, SitePath causes the unit to
generate an event that means "SitePath wants to access CPE x -- please authorize?". The end user can configure
actions for this event, like emails or traps. So for example the end user could get an email saying "please authorize
CPE x". Once the end user authorizes access, the CPE is accessible from SitePath (and by extension, its
administrator and its users), and the end user can deny access at any time after that. The way that the end user
authorizes and denies access to the unit from SitePath is by browsing to the General->Commission Settings->Network
CPE Devices section of the unit web UI. For each CPE, the end user can choose to
deny
authorize indefinitely
authorize for a set of preset durations (1 hour, 6 hours, 24 hours). When authorizing for these durations, it
means that a timer is set for each CPE for the chosen duration. The unit automatically denies access to that
CPE when that CPE's timer expires, or if the unit is reset.
The ability for SitePath users to route to CPEs depends on both SitePath and the unit. SitePath has its own
permissions architecture for managing who is authorized to access certain CPEs on its end. The unit also has its own
similar permissions architecture for authorizing which CPE is accessible from SitePath, and this is something the end
user has complete and exclusive control over in restricted trust.
In sum, the problem of authorizing CPE access is a legitimate concern for IT administrators. Coarse adjustment of
authorzation happens with the feature of restricted trust. This is a blanket way of saying only certain CPEs are
accessible, and SitePath has limited capability/authority to affect the unit, particularly no authority when it comes to
configuring CPEs. Fine-grain adjustment of authorization happens with the CPE routing authorization feature. So
under restricted trust, the end user blanketly says SitePath:
1. has limited privilege to do certain things,
3. for the set of configured CPEs, may need additional on-the-fly authorization from the end user. The
authorization and denial of this access all happens through SitePath and the unit. For SitePath users, it
happens through SitePath (in the form of a button labeled "Request Authorization" or Re-request
authorization" in the CPE detail page of the SitePath Web User Interface). For end users, it happens by
browsing to the unit web UI and selecting an authorization option next to a certain CPE.
Also, a single SitePath installation can operate with a mix of units: some commissioned with FULL trust, others
commissioned with RESTRICTED trust.
Page 72
TeleBoss 850 2.06.280_STD User Manual
VPN Client
SSL VPN Client support is where the unit runs OpenVPN version 2.1_rc15 to connect to a an OpenVPN server to
form a VPN where SSL/TLS is used for authentication and key exchange.
SSL VPNs can work through NAT-ing routers/firwalls, unlike other VPN technologies such as IPsec.
The OpenVPN distribution is freely available and works on a variety of platforms including Unix/Linux,
Windows, and Mac.
When configuring SSL VPN Client it is best to use a question and answer format because it is relatively complex.
Page 73
TeleBoss 850 2.06.280_STD User Manual
How do I know the VPN is working?
To check the status of the VPN, read the net.vpn[x].status key. It returns one of 3 values:
0 (which means the VPN is off)
1 (which means the VPN is trying to start)
2 (which means the VPN is operational)
Note that the return value of 2 means the tunnel is up, but does not necessarily preclude configuration errors from
preventing VPN traffic to pass. So to ultimately know the VPN is operational, in addition to verifying
net.vpn.status returns 2, you should also ping the server from the unit using the VPN address of the server.
(Or you can ping the unit from the server, using the VPN address of the unit.)
You can also use the net.vpn[x].cmd key to read the status of the VPN.
How does the unit know the VPN server is authentic (and vice versa)?
The unit uses certificate-based SSL/TLS security to authenticate the server (and the server uses the same thing to
authenticate the unit). Configuring certificates can be done with Setting Keys, but is likely more simple for a user
to use the SSLC command on the unit. The SSLC command allows unit administrators to manipulate the SSL
VPN certificates and other authentication data associated with the VPN.
The SSLC command takes a variety of command line arguments that tell it what to do. These arguments are
mainly broken down into "actions" and "items"
actions
o add: add an item (load it into the unit)
o list: list an item (display what is already in the unit)
o delete: delete an item
items
o certificate
o key
o CA certificate
o DH parameters
The idea behind this paradigm is that you do something (an action) on something (an item).
The command line arguments that specify actions and items are:
-e Specify item: certificate
-k Specify item: key
-r Specify item: CA certificate
-t Specify item: TLS-auth key
-h Specify item: DH parameters
-l Specify action: list item
-a Specify action: add item
-d Specify action: delete item
You must also specify which VPN you want this applied to with the "-v" command line argument:
-v x Specify VPN x, where x is 1 or 2
The unit cannot generate its own SSL authentication key/certificate. You must do this (presumably with an
OpenVPN server installation) and load the certificates/keys on the unit with the SSLC command. It is
recommended you use the SSLC command either in a trusted network environment via Telnet or via SSH. This is
for two reasons:
1. The data you upload is text format, and is accepted without any application layer protocol like Xmodem.
Therefore to make eliminate communcation errors, use the protocol on a TCP-based command processor
(like Telnet or SSH).
Page 74
TeleBoss 850 2.06.280_STD User Manual
2. Some of the things you must transfer using the SSLC command are secret data (the key and the TLS-
auth key). "Secret" means that only the unit knows about it (and possibly the server as well, if that is kept
in secure location), and if this key is compromised then the security of the entire VPN is compromised.
The CA certificate is the certificate of the certificate authority that both the unit and the server trust. The CA signs
both the certificate for the server and the certificate for the unit. The CA certificate must exist on both machines.
So it works through NAT-ting routers, that means it uses TCP or UDP, right?
It can use either UDP or TCP, although it works optimally with UDP. Change this to suit your firewall access
policies with the net.vpn[x].ssl.proto key (its values are "TCP" and "UDP"), and the
net.vpn[x].ssl.port keys (its value is an integer for the TCP/UDP port you choose).
Some keys are specific: they specify the VPN protcol and VPN port, or the certificate to use. The previous
answers in this section have discussed how to configure such things on the unit. Other setting keys on the unit are
generic: they merely specify text where you can enter an OpenVPN configuration option. The idea is to look at the
server configuration to see what configuration items it requires on the client, and then supply any further
configuration items that you require on the unit, minus any configuration items that the unit handles automatically
for you. First, let's go over what a generic key is.
A generic key is of this form: net.vpn[x].ssl.conf[y], where y is a number between 1 and 16. For example,
by default, the cipher is "BF-CBC" (128-bit Blowfish CBC). You can change this to be stronger with, say, AES-256-
CBC (256-bit AES CBC), with the following setting:
net.vpn[1].ssl.conf[7]="cipher AES-256-CBC"
"cipher AES-256-CBC" is the OpenVPN configuration item, 1 is VPN slot 1 (which could also be slot 2), and 7 is
an arbitrary number between 1 and 16 that is unique among any other "ssl.conf" setting keys. In other words, 7 is
just an index used to denote you multiple configuration items. You can configure multiple settings, and the 'y' in
net.vpn[x].ssl.conf[y] can be in any order and not necessarily adjacent. For example:
net.vpn[x].ssl.conf[7]="cipher AES-256-CBC"
net.vpn[x].ssl.conf[3]="comp-lzo"
net.vpn[x].ssl.conf[9]="persist-key"
Some values of OpenVPN configuration items cannot be specified in a generic key. For example, the "ca"
OpenVPN configuration item is required. But you cannot specify the "ca" OpenVPN configuration item because
the unit already configures that item from the data you provide via the SSLC command.
Now that we've identified what a generic key is, examine the example below to see how to make the unit
cooperate.
Page 75
TeleBoss 850 2.06.280_STD User Manual
Example
Here is an example OpenVPN server configuration. It discusses what it means for the server and what it means
for the unit. To get a better understanding of OpenVPN configuration, consult the documentation at
www.openvpn.org.
tls-server
local 10.0.5.171
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/myserver.crt
key /etc/openvpn/myserver.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
tls-auth /etc/openvpn/tlsauth.key
cipher AES-256-CBC
comp-lzo
max-clients 8190
ping 15
ping-restart 60
verb 3
client-connect /etc/openvpn/openvpn.connect.sh
client-disconnect /etc/openvpn/openvpn.disconnect.sh
learn-address /etc/openvpn/openvpn.updown.sh
up /etc/openvpn/openvpn.up.sh
tmp-dir /etc/openvpn/tmp
daemon
management 127.0.0.1 1195
writepid /var/run/openvpn.pid
The "tls-server" item specifies that the server will operate in the mode secured by SSL/TLS. This the only mode
the unit supports, so if the server does not use tls-server mode then the unit is incompatible with it.
The "local 10.0.5.171" item specifies the address the server listens on. The only impact this has on the unit is that
the unit must connect to the server such that its connection ultimately arrives on 10.0.5.171 on the server. Use the
net.vpn[x].remote.host key to specify this address. Also, if firewalls separate the unit and the server, you
should be aware of the firewall configuration, so that the firewall routes traffic to the address on which the server is
listening.
The "port" and "proto" items specify what TCP/UDP port is used. The values for these items should match the
values for the net.vpn[x].ssl.port and net.vpn.ssl[x].proto keys on the unit.
The "dev" item specifies whether the server uses bridging or routing. The unit supports routing only (dev tun). If
the server says "dev tap" then the unit is incompatible with the server.
The "ca" item specifies the CA certificate. Use the SSLC command to load the CA certificate on the unit.
The "cert" and "key" items specify the server certificate and key. This is only for the server so there is nothing we
have to change on the unit to support this. However, note that the unit must be configured with a certificate (and
key) (dedicated to the unit, not the same certificate and key used by the server) using the SSLC command. Note
also that if the server certificate is generated with the "nsCertType" value of "server", then you can add the "ns-
cert-type server" config item to the unit (using the generic net.vpn[x].ssl.conf[y] key).
The "dh" item specifies the Diffie Hellman parameters. This is used only on the server so we don't have to
configure anything on the unit. (The SSLC command allows for adding DH parameters, but that is used when the
unit is in SSL VPN server mode, not SSL VPN client mode as is discussed here.
Page 76
TeleBoss 850 2.06.280_STD User Manual
The "server 10.8.0.0 255.255.255.0" item specifies the addressing method; again this is used only for the server,
but impacts the unit in that the unit typically is assigned its address on the VPN from the server.
The "client-config-dir /etc/openvpn/ccd" item specifies the directory for client-specific configuration. Each client
(including units) are identified in the client config directory by the common name of its certificate (loaded onto the
unit by the SSLC command).
The "tls-auth /etc/openvpn/tlsauth.key" item specifies the key used for the additional HMAC layer. If the server
uses this, then the unit must use this too. Specify this key with the SSLC command.
The "cipher AES-256-CBC" item specifies the cipher to use on the VPN; it must match the unit VPN configuration.
Specify this item with a generic key, for example: sec.vpn[x].ssl.conf[7]="cipher AES-256-CBC".
The "comp-lzo" item specifies LZO compression to be used on the VPN; it must match the unit VPN configuration.
Specify this item with a generic key, for example: sec.vpn[x].ssl.conf[7]="comp-lzo".
The "max-clients" item specifies the maximum number of clients that can connect. This is used only the server so
we don't have to configure anything on the unit.
The "ping 15" and "ping-restart 60" items specify that the server will send a frame to the client no less often than
15 seconds and restart the VPN after 60 seconds. This does not require the unit to have a similar configuration,
although it is recommended that the unit is configured with the "ping" and "ping-restart" items so that the unit does
not think the VPN is up when the physical connection is broken.
The "verb 3" item specifies the verbosity level of the OpenVPN syslog output. This configuration on the server is
independent of the client. If you want to configure it on the unit then use a generic key to specify it.
The "client-connect", "client-disconnect, "learn-address", and "up" items specify scripts to invoke on the server
upon certain client events. This cannot be configured on the unit.
The "tmp-dir" item specifies a temporary directory; again, this is not configurable on the unit.
The "daemon" item specifies that OpenVPN is to run as a daemon on the server. Daemon mode is mandated on
the unit, so this is automatically configured and not user-configurable.
The "management 127.0.0.1 7385" item specifies that OpenVPN is to run a management interface accessible on
the server's loopback interface via TCP port 7385. This is not configurable on the unit.
The "writepid" item specifies that OpenVPN is to record its process ID to a file; again, this is not configurable on
the unit.
In sum, the server configuration file in this example is by no means exhaustive, but it does cover what a typical
OpenVPN configuration may look like and how to make the unit work with it in SSL CLIENT VPN mode.
Page 77
TeleBoss 850 2.06.280_STD User Manual
VPN Server
SSL VPN Server support is where the unit runs OpenVPN version 2.1_rc15 to listen for a connection from an
OpenVPN where SSL/TLS is used for authentication and key exchange.
SSL VPNs can work through NAT-ing routers/firewalls, unlike other VPN technologies such as IPsec.
The OpenVPN distribution is freely available and works on a variety of platforms including Windows and Mac
When configuring SSL VPN Server it is best to use a question and answer format because it is relatively complex.
Quick Start
Use this procedure to quickly connect an OpenVPN client to the unit operating as an OpenVPN server.
1. Build keys and certificiates on the client machine. You will need the CA certficate, the client certificate, the client
key, the unit certificate, and the unit key.
Page 78
TeleBoss 850 2.06.280_STD User Manual
Note that the return value of 2 means the tunnel is up, but does not necessarily preclude configuration errors from
preventing VPN traffic to pass. So to ultimately know the VPN is operational, in addition to verifying
net.vpn.status returns 2, you should also ping the client from the unit using the VPN address of the client. (Or
you can ping the unit from the client, using the VPN address of the unit.)
You can also use the net.vpn[x].cmd key to read the status of the VPN.
How does the unit know the VPN client is authentic (and vice versa)?
The unit uses certificate-based SSL/TLS security to authenticate the client (and the client uses the same thing to
authenticate the unit). Configuring certificates can be done with Setting Keys, but is likely more simple for a user
to use the SSLC command on the unit. The SSLC command allows unit administrators to manipulate the SSL
VPN certificates and other authentication data associated with the VPN.
The SSLC command takes a variety of command line arguments that tell it what to do. These arguments are
mainly broken down into "actions" and "items"
actions
o add: add an item (load it into the unit)
o list: list an item (display what is already in the unit)
o delete: delete an item
Page 79
TeleBoss 850 2.06.280_STD User Manual
items
o certificate
o key
o CA certificate
o DH parameters
The idea behind this paradigm is that you do something (an action) on something (an item).
The command line arguments that specify actions and items are:
-e Specify item: certificate
-k Specify item: key
-r Specify item: CA certificate
-t Specify item: TLS-auth key
-h Specify item: DH parameters
-l Specify action: list item
-a Specify action: add item
-d Specify action: delete item
You must also specify which VPN you want this applied to with the "-v" command line argument:
-v x Specify VPN x, where x is 1 or 2
The unit cannot generate its own SSL authentication key/certificate. You must do this with another OpenVPN
server installation and load the certificates/keys, DH parameters, and possibly TLS-auth key (if you choose the
extra layer of security that TLS-auth provides), on the unit with the SSLC command. It is recommended you use
the SSLC command either in a trusted network environment via Telnet or via SSH. This is for two reasons:
1. The data you upload is text format, and is accepted without any application layer protocol like Xmodem.
Therefore to make eliminate communcation errors, use the protocol on a TCP-based command processor
(like Telnet or SSH).
2. Some of the things you must transfer using the SSLC command are secret data (the key and the TLS-
auth key). "Secret" means that only the unit knows about it (and possibly the server as well, if that is kept
in a secure location), and if this key is compromised then the security of the entire VPN is compromised.
The CA certificate is the certificate of the certificate authority that both the unit and the server trust. The CA signs
both the certificate for the server and the certificate for the unit. The CA certificate must exist on both machines.
The "DH parameters" item represents the Diffie Hellman parameters. By default the unit comes with 1024-bit
parameters.
So it works through NAT-ting routers, that means it uses TCP or UDP, right?
It can use either UDP or TCP, although it works optimally with UDP. Change this to suit your firewall access
policies with the net.vpn[x].ssl.proto key (its values are "TCP" and "UDP"), and the
net.vpn[x].ssl.port keys (its value is an integer for the TCP/UDP port you choose).
I already have an OpenVPN client configuration in mind...how do I make the unit cooperate?
The client is configured with a text configuration file; this is the first place to look to figure out what you need to
configure on the unit. The unit essentially maintains the same configuration file, but you cannot edit it directly.
Page 80
TeleBoss 850 2.06.280_STD User Manual
Instead, you specify settings via the unit's Setting Keys, and then the unit generates the configuration file from the
Setting Keys.
Some keys are specific: they specify the VPN protcol and VPN port, or the certificate to use. The previous
answers in this section have discussed how to configure such things on the unit. Other Setting Keys on the unit
are generic: they merely specify text where you can enter an OpenVPN configuration option. Once you have your
client configuration in mind, you can see what configuration items it requires on the server, and then supply any
further configuration items that you require on the unit, minus any configuration items that the unit handles
automatically for you. First, let's go over what a generic key is.
A generic key is of this form: net.vpn[x].ssl.conf[y], where y is a number between 1 and 16. For example,
by default, the cipher is "BF-CBC" (128-bit Blowfish CBC). You can change this to be stronger with, say, AES-256-
CBC (256-bit AES CBC), with the following setting:
net.vpn[1].ssl.conf[7]="cipher AES-256-CBC"
"cipher AES-256-CBC" is the OpenVPN configuration item, 1 is VPN slot 1 (which could also be slot 2), and 7 is
an arbitrary number between 1 and 16 that is unique among any other "ssl.conf" Setting Keys. In other words, 7 is
just an index used to denote your multiple configuration items. You can configure multiple settings, and the 'y' in
net.vpn[x].ssl.conf[y] can be in any order and not necessarily adjacent. For example:
net.vpn[x].ssl.conf[7]="cipher AES-256-CBC"
net.vpn[x].ssl.conf[3]="comp-lzo"
net.vpn[x].ssl.conf[9]="persist-key"
Some values of OpenVPN configuration items cannot be specified in a generic key. For example, the "ca"
OpenVPN configuration item is required. But you cannot specify the "ca" OpenVPN configuration item because
the unit already configures that item from the data you provide via the SSLC command.
The generic key has been identified, now examine the example below to see how to make the unit cooperate.
Example
Here is an example OpenVPN client configuration. It discusses what it means for the client and what it means for
the unit. For a better understanding of OpenVPN configuration, consult the documenation at www.openvpn.org.
client
remote 10.82.3.1
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/myserver.crt
key /etc/openvpn/myserver.key
tls-auth /etc/openvpn/tlsauth.key
cipher AES-256-CBC
comp-lzo
ping 15
ping-restart 60
verb 3
daemon
The "client" item specifies that the server will operate in the mode secured by SSL/TLS. This the only mode the
unit supports, so if the server does not use tls-server mode then the unit is incompatible with it. This item also
specifies that the client will allow the server to configure addressing information for it. This implies that on the unit,
there must be a "server" configuration option that specifies the virtual network. E.g., "server 10.8.0.0
255.255.255.0" means the server will hand out and address to the client in the 10.8.0.0/24 network. The unit
keeps the ".1" address in the virtual network for itself; e.g., the unit would have address 10.8.0.1 in this example.
The "remote" item specifies the address the address to connect to. The only impact this has on the unit is that the
unit must listen on the address that the connection ultimately arrives at. Use a generic key to specify this address
(e.g., net.vpn[x].ssl.conf="local 10.82.3.1"). Also, if firewalls separate the unit and the server, you should be aware
of the firewall configuration, so that the firewall routes traffic to the address on which the unit is listening.
Page 81
TeleBoss 850 2.06.280_STD User Manual
The "port" and "proto" items specify what TCP/UDP port is used. The values for these items should match the
values for the net.vpn[x].ssl.port and net.vpn.ssl[x].proto keys on the unit.
The "dev" item specifies whether the server uses bridging or routing. The unit supports routing only (dev tun). If
the client says "dev tap" then the unit is incompatible with the client.
The "ca" item specifies the CA certificate. Use the SSLC command to load the CA certificate on the unit.
The "cert" and "key" items specify the server certificate and key. The unit must be configured with a certificate
(and key) using the SSLC command. Note also that if the server certificate is generated with the "nsCertType"
value of "server", then you can add the "ns-cert-type server" config item to the client configuration as an extra
layer of authentication.
The "tls-auth /etc/openvpn/tlsauth.key" item specifies the key used for the additional HMAC layer. If the client uses
this, then the unit must use this too. Specify this key with the SSLC command.
The "cipher AES-256-CBC" item specifies the cipher to use on the VPN; it must match the unit VPN configuration.
Specify this item with a generic key, for example: sec.vpn[x].ssl.conf[7]="cipher AES-256-CBC".
The "comp-lzo" item specifies LZO compression to be used on the VPN; it must match the unit VPN configuration.
Specify this item with a generic key, for example: sec.vpn[x].ssl.conf[7]="comp-lzo".
The "ping 15" and "ping-restart 60" items specify that the client will send a frame to the unit no less often than 15
seconds and restart the VPN after 60 seconds. This does not require the unit to have a similar configuration,
although it is recommended that the unit is configured with the "ping" and "ping-restart" items so that the unit does
not think the VPN is up when the physical connection is broken.
The "verb 3" item specifies the verbosity level of the OpenVPN syslog output. This configuration on the client is
independent of the unit. If you want to configure it on the unit then use a generic key to specify it.
The "daemon" item specifies that OpenVPN is to run as a daemon on the server. Daemon mode is mandated on
the unit, so this is automatically configured and not user-configurable.
In sum, the client configuration file in this example is by no means exhaustive, but it does cover what a typical
OpenVPN client configuration may look like and how to make the unit work with it in SSL SERVER VPN mode.
Page 82
TeleBoss 850 2.06.280_STD User Manual
First connect to the unit command processor via a conventional method in a trusted environment (serial port, Telnet,
modem) to make these configuration changes:
1. By default the unit requires password authentication for SSH and does not require public key authentication. To
generate the host key, enter sshc -ht rsa (case sensitive) to create 1024-bit RSA host key.
2. Modify one or more of the user profiles (i.e., configure a strong password for the user profile(s)). This is done via
Setup Menu->Security, sec.user.* settings, or the Security->User Profiles portion of the Web UI.
3. Configure network settings such that the unit is reachable on your network(s). For more detail on this, refer to the
Network Settings section of this manual.
4. By default SSH access is enabled. To configure whether it is enabled, use the sec.connectvia.ssh setting,
also in Setup Menu->Security->General Security, and the Security->General Settings portion of the Web UI.
At this point the unit is ready to receive password-authenticated SSH connections. You can do the same tasks you
can do on a conventional connection, like unit administration and pass-through, only now it is secured by SSH.
With public key authentication you do not enter a password to authenticate yourself to the unit. Instead you load the
public part of a key bound to your identity onto the unit. In order to use public key authentication:
At this point the unit is ready to receive public-key-authenticated SSH connections. The user you connect to the unit
as must be configured in a user profile. Also, the public key you use in your SSH client when connecting should be
the one of the authorized keys you load on the unit.
The SSH server on the unit has the following preferred ciphers list:
AES-256,3DES,Blowfish,AES-192,AES-128,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
Page 83
TeleBoss 850 2.06.280_STD User Manual
This means, for example, if your SSH client is configured to support and prefer AES-256 the most then that is the
cipher that will be negotiated with the unit.
You can configure the unit to display a login banner when users connect via SSH. Configure this by entering sshc -
an (case-sensitive). Input the banner by sending the banner directory (e.g., paste it into your terminal) and
terminating it with "END" on a line by itself. It is recommended you do this on an error-correcting connection such as
Telnet or SSH.
SSH is inherently a security asset. There is nothing about it that needs to be secured aside from what has already
been discussed, namely enabling SSH access and configuring the authentication method. There is however one
setting that is useful.
The T850 uses SFTP to transfer CDR securely. SFTP runs on top of SSH version 2 and so has the same security as
SSH. The unit supports password and public key authentication methods for SFTP.
If the SFTP host requires a password then the password entered in the FTP Settings menu is used.
If the SFTP host requires public key authentication then do the following configuration steps:
1. Create a client key on the unit. Enter sshc –t rsa (case sensitive) to create an RSA public/private key pair.
The unit will generate the key and then output the key's fingerprint and public part as human-readable mostly
base-64 text. The key text will begin with "ssh-" and end with "Asentria_clientkey_<serial number of unit>". You
can see the unit's public client key at any time by entering SSHC.
2. Configure the SFTP server to make it aware that the unit is authorized to connect. - The SFTP server must
know the unit's public client key in order to do public key authentication. This means taking the public client key
output by the unit and configuring it in the SFTP server. For UNIX SSH servers (which typically support SFTP),
this is done by appending the unit's public client key to the "authorized_keys" file in the ".ssh" directory of the user
account the unit uses to SFTP-push CDR. Check with your System Administrator to determine exactly how to do
this with your SFTP server.
3. Configure SFTP push - Go to the Setup->Network Settings->FTP Settings menu. Select option A until it reads
"SECURE" and then configure the server address, username, password, etc.
4. Establish the authenticity of the SFTP host to the unit. - At this point the unit does not know whether to trust the
configured SFTP host. (It may be a malicious host that is pretending to be your host.) Essentially you must tell
the unit that you vouch for the host that is running the SFTP server; assuming you are 100% sure that the host to
which the unit connects is really your host. Do this by entering PUSHTEST. This command is used to see that
the connection between the unit and the SFTP (or FTP) host is working. For SFTP, it is also used to let you vouch
for the host. The first time you make the unit connect to the SFTP host with the PUSHTEST command, you will
see a message like the following:
Page 84
TeleBoss 850 2.06.280_STD User Manual
You may enter YES (you vouch for the host) or NO (you do not vouch for the host) at this point. To help you
vouch, the unit reports the host key fingerprint. If this fingerprint is equal to the fingerprint of the host key that you
know really belongs to your host, then you can safely vouch for it.
If you enter NO then the unit will not be able to push CDR to the SFTP host because it is un-trusted. If you enter
YES then the unit can trust the server and the server's host key is stored on the unit. As long as the SFTP host
key does not change, future connection attempts from the unit to the SFTP host will be trusted.
If the host key does change and you do not vouch for the SFTP host again to the unit (since the host has a new
host key) then the unit will revert to not trusting the host (and not push CDR). If this happens and you enter
PUSHTEST, the unit will say you have to reestablish the authenticity of the SFTP host (see next section).
If the host key changes, you will see something like the following when you enter PUSHTEST:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d7:3a:05:e0:70:4d:2c:15:ae:d2:f1:c2:75:d2:af:53.
Please contact your system administrator.
The unit will not push to a host that it sees has a different host key than the one you had vouched for. This is because
the unit does not know if the host key changed due to the key of the real host actually changing or due to an imposter
server coming on line to pretend to be your host (and thus having a different host key).
If you know your host key has not changed then you know the unit is being eavesdropped on. Otherwise, the host key
simply changed and you must reestablish the authenticity of the host to the unit. Do this with the following steps:
1. Delete the old host key from the unit by entering sshc -dkm <old hostname>
2. Enter PUSHTEST to vouch for the host again.
Page 85
TeleBoss 850 2.06.280_STD User Manual
Configuration
1) Configure the Telnet hosts to which users need acess. The first 4 CPE configuration slots have a setting which
enables this bridging access. Select the CPE configuration slot, configure an IP address and a name, and enable
SSH to Telnet Bridging. This can be done via the CPE Settings menu for CPE 1, 2, 3, or 4, or via the Setting Keys
shown here.
This can be done via the User Setup menu and setting the Pass-through Permissions option to ALLOW for the CPE
device that this user will be allowed to access or via the Setting Key shown here.
sec.user[x].cpe[y].ptaccess = ALLOW
ALLOW is the default value for this setting, so if you have all other users for which you would like to deny bridging
access to all CPEs, you have to explicity configure denying them. This can be done by first denying all users, and then
allowing your particular user. This can be done by setting the following configuration:
sec.user[all].cpe[all].ptaccess = DENY
sec.user[x].cpe[1].ptaccess = ALLOW
3) Configure which CPE the user can access. This is done via the User Setup menu and setting the Set Pass-through
Pointer To option to the CPE device (CPE 1, CPE 2, etc.) desired, or via the Setting Key shown here.
4) Configure how the user can access the bridged CPE. There are three options which can be configured via the User
Setup menu and setting the Upon Login Then Go To option to one of the following:
• MENU – upon login, the user is presented with the login menu. If they are authorized to bridge to a CPE, a menu
item will be present which they can use to engage this bridge.
• PASSTHROUGH – upon login, bridging access automatically engages to the CPE configured in 3) above.
• COMMAND – upon login the user is connected to the Command Processor, and then enters the EXIT command
to display the login menu.
Page 86
TeleBoss 850 2.06.280_STD User Manual
Default Router
The Default Router setting allows you to select the default router (gateway) for the T850. This tells the T850 which
router to use if a packet is not on any of the LANs defined on the network port. The default router is selected from the
routers defined for the Ethernet ports.
The Default Router setting allows you to select the default router (gateway) for the unit. The unit uses a routing table
to determine how to send any outbound IP frame. Each entry in the routing table tells the unit how to send a frame
whose destination address matches a rule in the routing table. Routing table entries are examined from most-
restrictive to least-restrictive, so the default routing table entry is the last entry in the table since it is the least
restrictive. It is the catch-all route: it tells the unit how to send a frame when it doesn't know how else to send it. The
only routes on the unit are network interface routes, any static routes you configure, and the default route. Network
interface routes tell the unit how to send a frame bound for a machine on one of the unit's local networks (subnets).
These routes are automatically configured when you configure the address of a network interface. If an outbound
frame is destined for a machine off all local networks then it is sent according to what the default route specifies. The
default route specifies the default router to use for these frames.
Each network interface has a router setting which you can configure; this is the machine on that interface to which
frames will be sent if they do not route to the local network of that interface. However the unit uses only one of those
configured routers at a time - - the default router setting specifies which router the unit will use at a time. As you
configure router settings the unit will choose a default router for you. This is available for you to see (and override) via
this net.default.router setting. The values you may choose for this setting (i.e., router addresses) are:
the set of routers which you have specified for Ethernet
the ADSL interface peer, if you have ADSL hardware installed, represented as "DSL"
The default router setting is special in that its set of allowed values (the routers for the various network interfaces) are
determined at runtime.
Values
Values are dotted-quads and must be in the set of routers configured with net.eth.router and
net.eth.vlan.router, or they are the special values "DSL" (when ADSL hardware is installed) and "DYNAMIC".
Key syntax
net.default.router
Page 87
TeleBoss 850 2.06.280_STD User Manual
Static Routes
Static routes are network routes that specify in a more or less permanent way (static) that traffic to a certain
destination (destination host or destination network) gets routed out a certain interface or via a certain gateway.
These give you the ability to fine-tune how outbound network traffic leaves the unit for up to eight different routes.
Configuration
The T850 has a set of 8 static route slots. Each slot has an option to enable it, set the destination net, set the
gateway, and set the interface.
Enable is ON/OFF, default OFF.
Destination Network is network notation, i.e., w.x.y.z/s, where s is the significant bits. Default is
0.0.0.0/0.
Gateway is the IP address of the gateway. Default setting is 0.0.0.0
Interface is one of the allowed values: NONE, Ethernet 1, Ethernet 2, Ethernet 1 or 2 VLAN 1, 2, 3, 4, 5,
6, Dialup Modem PPP, and Wireless Modem PPP. Default setting is NONE.
You can specify a gateway or interface. If you specify a gateway only then the frame will be IP-addressed to the
destination subnet and transmitted to the gateway, and the gateway needs to be either a local Ethernet subnet or the
peer of a PPP connection (be it wireless or PSTN). If you specify an interface, regardless of specifying a gateway,
then the frame will be transmitted out that interface. If it is an Ethernet interface then the destination address (which
matches the destination net of the route) will be arped. If it is a PPP interface then the frame which matches its route
will be transmitted to the PPP peer.
Note: Specifiying that certain traffic goes out a PPP interface does not cause PPP to be raised when that traffic
needs to leave the unit. If a PPP interface is down then any static routes that specify a PPP interface are effectively
disabled.
Note: Currently there is no support for Dialup Modem PPP and Wireless Modem PPP to be functional at the same
time. Eventually this will not be the case, but in the meantime if you specify a static route with Wireless Modem PPP
interface when the Dialup Modem PPP is up instead of the Wireless, then that traffic will go out the Dialup Modem
PPP interface.
Setting Keys
Net.staticroute.enable
Net.staticroute.destnet
Net.staticroute.gateway
Net.staticroute.if
Example
Configure to route traffic to the the host 10.90.90.2 to go out via a special gateway 10.90.80.67.
net.staticroute[1].enable=on
net.staticroute[1].destnet=10.90.90.2/32
net.staticroute[1].gateway=10.90.80.67
Configure to route traffic to 192.168.1.0/24 (which means a subnet of 255.255.255.0) to go out the wireless interface,
whenever wireless is up.
net.staticroute[1].enable=on
net.staticroute[1].destnet=192.168.1.0/24
net.staticroute[1].if=WPPP
Page 88
TeleBoss 850 2.06.280_STD User Manual
This may be desirable in situations where you need networked connectivity but you can't dedicate an Ethernet
connection. Combined with PPP routing, you can use a pair of units and an RS232 cable to extend IP connectivity to a
location where Ethernet connectivity is not available.
Configuration
PPP over Serial Port may be configured with the T850 set for Host Mode or Client Mode:
Host Mode
1. Connect the unit to the other machine via RS232.
2. Select the addressing to use. This is done with the PPP Hosting Local and Remote IP Address settings
(net.ppphost.localip, net.ppphost.remoteip).
3. Select the baud rate to use (it should match the baud rate configured for the other machine). This is done with
the I/O 2 Baud Rate setting (serial[2].baud). Typically you want to use the maximum (115200), but this
ultimately depends on the condition of the serial connection. The serial parametes used are always 8N1.
4. On the unit, set the I/O 2 mode to PPP HOST. (sk serial[2].mode=PPP HOST)
5. On the other machine, configure a client PPP connection. If the other machine is windows, use the Control
Panel -> Network Connections -> New Connection Wizard. Select Advanced connection -> Connect directly
to another computer -> Guest -> Computer name (pick anything) -> Select a device (pick a serial port) ->
Finish. Then when you start this connection, use login credentials for a user on the unit. If the other machine
is another unit, see the next section for how to configure PPP CLIENT mode on the unit.
6. When the other machine is finished making the connection, you can verify the addressing on the unit by
entering the PPP command on the unit.
The connection stays up as long as the units are physically connected regardless of PPP activity; the unit does not
time-out the connection (unlike with a dial-up PPP connection). If the connection is broken then the unit goes into a
state of waiting for a connection again.
2. Enter the PPP DOWN command. (Note that in doing this, if the machines are still physically connected, the
connection may be brought up again, since the PPP peer may be in a mode where it immediately restarts the
connection if it disconnects. This is true if the other machine is another unit.)
Note that by default, the unit firewalls its PPP connection. So if you try to talk to the unit from the other machine over
the PPP connection, you will have to disable the firewall on the unit by entering sk net.firewall.ppp=off.
Client Mode
1. Connect the unit to the other machine via RS232.
2. On the unit, configure the credentials used to log in to the other machine. This is done with the PPP Dialout
Username and Password settings (net.pppdial.username, net.pppdial.password).
3. Select the baud rate to use (it should match the baud rate configured for the other machine). This is done with
the I/O 2 Baud Rate setting (serial[2].baud). The serial parametes used are always 8N1.
4. On the unit, set the I/O 2 mode to PPP CLIENT. (sk serial[2].mode=PPP CLIENT)
Page 89
TeleBoss 850 2.06.280_STD User Manual
5. At this point the unit will attempt to raise the PPP connection. You can tell if it is successful by entering the
PPP command.
The connection stays up as long as the units are physically connected regardless of PPP activity; the unit does not
time-out the connection (unlike with a dial-up PPP connection). If the connection is broken then the unit goes into a
state of repetitively trying to connect again.
2. Enter the PPP DOWN command. (Note that in doing this, if the machines are still physically connected, the
unit will immediately try to bring up the connection again.)
Note that unlike dial-up PPP connections, the unit does not automatically make the PPP connection the default route.
Routing
The unit can route traffic received on this PPP connection to Ethernet. To configure this:
1. On the unit when it is used in HOST mode, enable PPP to Ethernet routing (sk
net.ppprouting.enable=on).
2. On the unit when it is used in HOST mode, configure the Ethernet interface that you intend to route onto (Eth1
or Eth2, if the unit has more than one Ethernet interface). Do this with the net.routing.if setting.
Typically it is desirable to have traffic NAT'ed as it is routed; this happens by default and can be configured
with the net.eth[].nat setting, where the NAT-ing is enabled on the same interface that you configured
with the net.routing.if setting.
3. On the client machine, ensure that you configure it so that it knows to route traffic to your Ethernet address
through the host machine. You can do this by configuring a static route. If the unit is the client machine, this is
how you configure a static route:
4. At this point you should be able to, for example, ping an Ethernet host in your static-route network
from the unit, via the PPP connection.
Example
To configure two units to connect to each other, where only one unit has an Ethernet connection, such that both units
can reach any host on Ethernet where the Eth1 interface network is configured as 10.2.3.0 on a 255.255.255.0
subnet:
First configure on the host unit (the one with the Ethernet connection):
serial[2].mode=ppp host
serial[2].baud=115200
net.firewall.ppp=off
net.ppprouting.enable=on
net.ppphost.localip=192.168.105.1
net.ppphost.remoteip=192.168.105.2
net.eth[1].nat=on
net.routing.if=ETH1
Then configure on the client unit (the one without the Ethernet connection):
serial[2].mode=ppp client
net.pppdial.username=admin
net.pppdial.password=password
Page 90
TeleBoss 850 2.06.280_STD User Manual
serial[2].baud=115200
net.staticroute[1].enable=on
net.staticroute[1].destnet=10.2.3.0/24
net.staticroute[1].if=SPPP
Connect the units together via serial cable and check the PPP state by entering the PPP command on either unit. See
that you can ping the host unit from the client unit via PPP (ping 192.168.105.1 in this example). Then see that you
can ping an Ethernet host (say, 10.2.3.4) from the client unit.
Page 91
TeleBoss 850 2.06.280_STD User Manual
IP Address Restrictions
IP Address Restrictions is the primary defense against unauthorized access via a network or PPP connection. An
administrator can restrict access by configuring one or more IP addresses that will be the only ones allowed to access
the unit. Restrictions can also be configured to allow or deny access to larger groups of IP addresses using .0 and
.255 wildcards. IP Address Restrictions do not replace or override any restrictions set by User Profiles, but they do
provide an extra level of protection by causing the unit to ignore all network traffic except from the addresses allowed.
IP Address Restrictions are configured from the Setup/Network Settings/IP Address Restrictions menu in all network-
enabled Asentria products. When selected, you will see a submenu similar to the following. Selecting option A) Add
Item to Table, presents a list of the different kinds of restrictions you can configure.
New IP Restriction:
From the “New IP Restriction” prompt you can enter up to eight IP addresses that will be allowed access to the unit.
The list is exclusive by default, so if you define a single IP address, that one is allowed access while all others are
denied.
Wildcards are also available to allow or deny access to larger groups of IP addresses. 0 and 255 serve as wildcards
for access and no-access, respectively. For example, an IP restriction of 0.0.0.0 would allow all access to the unit
where 255.255.255.255 would allow none. More practically, 192.168.55.0 would only allow traffic from IP addresses
beginning with 192.168.55.
Keep in mind that certain outbound network functions in the unit, such as FTP push, Email alerts, and pings, require a
response from the receiving device. These devices should not be restricted so the function can be completed
successfully.
The Asentria unit evaluates the list of IP restrictions from top to bottom. When it finds an entry that specifically allows
or disallows access, it uses that entry and stops looking. For example, examine the following list:
A computer with a 192.168.99 IP would be granted access to the unit despite #4 because #3 is processed first. #3
allows everyone access. If you wanted to allow everyone access except computers on subnet 192.168.99 you should
switch number 3 and 4.
Note: IP restrictions do not replace or override password protection; they simply provide an extra means of security
by causing the unit to ignore all traffic from disallowed IP addresses.
If no IP restrictions are defined in this menu, all incoming connections are allowed.
Page 92
TeleBoss 850 2.06.280_STD User Manual
IP Routing
Description
When you connect to the T850 via PPP you can make the unit act as a router between you and devices on one of the
unit's local networks. This allows you to communicate IP traffic between you and devices you wish to remotely access.
IP routing can also route traffic that originates on the remote site's network to you. By traffic we mean ICMP, TCP,
UDP.
Benefit
IP Routing allows you remote network access (as opposed to remote RS-232 access) to devices at the unit's site.
Configuration
IP Routing is configured with the following settings.
All Products:
net.ppprouting.enable
This setting controls whether the unit routes IP traffic from PPP to any Ethernet interface.
net.ethrouting.enable
This setting controls whether the unit routes IP traffic from the specified routing interface to PPP.
net.ethrouting.nat.enable
This setting controls whether the unit does NAT on routed frames egressing the unit on the PPP interface.
sec.user.ppptype
This is a per-user setting which controls whether the user under which the PPP session was authenticated
can actually route frames to one of the unit's local networks. It is for added security.
net.eth.nat
This setting controls whether the unit does NAT on routed frames egressing the unit on this interface.
net.routing.if
This setting controls to which network interface the unit routes PPP traffic.
Example
You want to remotely access the SSH CLI of some piece of equipment at a remote site. SSH rides on TCP so it can
be routed and NATted. Install a T850 at the remote site with the following configuration and connect the first Ethernet
adapter to the network that has your equipment.
// set up routing
net.ppprouting.enable=on
// set up nat
net.eth[1].nat=on
Now connect to the unit via PPP and then connect to your eqiupment via your SSH client.
Page 93
TeleBoss 850 2.06.280_STD User Manual
When SNMP Trap Capture is enabled, the T850 listens on port 162 for notifications; those over 1024 bytes are
ignored. The unit responds successfully to informs as soon as they arrive regardless of the content of the inform.
The first task the T850 does upon receiving a notification that is an inform, is to send a response. It then converts the
notification to a multiline record (MLR). A multiline record is an ASCII data packet comprised of 1 or more lines. In
this application each line is terminated by CRLF. A trap that is converted to an MLR is called a trap MLR; an inform
that is converted to an MLR is called an inform MLR. They are generally called notification MLRs when the difference
is irrelevant. There are specific format rules imposed to enable easy use of data events.
1. The first line of the trap MLR specifies the most important common attributes of a trap in this format:
A. generic trap number (position 6, length 2, padded with 0s) The generic trap number indicates the generic trap type,
of which there are 7:
0: coldStart
1: warmStart
2: linkDown
3: linkUp
4: authenticationFailure
5: egpNeighborLoss
6: enterpriseSpecific
C. date the inform was received (in MM/DD/YY format, position 15, length 8)
D. time the inform was received (in HH:MM:SS (24-hr) format, position 24, length 8)
E. source IP address (position 38, length 15, each octet is padded with 0s)
3. Each additional line in the MLR (for both inform MLRs and trap MLRs) is devoted to 1 varBind in the notification.
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA = BBB...
A. varBind OID (position 1, length 40, left-justified, truncated or padded with spaces as necessary)
B. varBind value (position 44, variable length, limited to 115 bytes)
Note: Quote marks are never inserted by the unit in varBind values, even if the value type is OCTET STRING.
Page 94
TeleBoss 850 2.06.280_STD User Manual
4. Every trap MLR and inform MLR has its last line be "END".
The unit ignores any varBinds which would cause it to break any of the above rules.
The unit stores notifications in the Event Log depending on the Event Log storage settings (Setup -> Event Log
Settings -> Event Log menu). If Store Data Alarm Records is enabled (default is disabled), then all notification MLRs
are stored in the Event Log. Since notification MLRs are stored in the Event Log, the user can poll them by any
means of polling the Event Log (TYPE EVENTS command, FTP, or Setup menu).
SNMP Informs
SNMP Inform requires a SMIv2 MIB. When loaded into an SNMP manager, the Asentria SMIv2 MIBs require an
associated MIB called Asentria-Root. Both are available from the Asentria website (www.asentria.com) or Asentria
Technical Support.
SNMP Inform support (that is, sending SNMP Informs) was added in T850 version 2.00.150.
Unlike SNMP Traps, which do not require acknowledgement from the receiving node, SNMP Informs do require an
acknowledgement, thus ensuring guaranteed delivery.
Configuration
net.snmp.ntfn.attempts
This is the number of attempts of sending a notification (trap/inform) per cycle (that is, the initial attempt +
retries). If this is 0 then there is 1 infinite cycle.
net.snmp.ntfn.timeout
This is the number of seconds between 2 attempts to send an SNMP notification in the same cycle.
net.snmp.ntfn.cycles
A cycle is a set of notification attempts delimited by a successful action delivery or snooze period. This setting
is the maximum number of cycles to try per notification action, where one notification action corresponds to
one "inform" keyword in an action list for an event.
net.snmp.ntfn.snooze
The snooze period measures the time in minutes between two SNMP notification cycles for any one
notification action. That is, if you have two events generate informs, each inform will have its own timeouts for
retries and cycles, and its own snooze period.
Then set up an event which does an inform action to an SNMP manager or inform receiver. E.g.,
event.sched[1].actions=inform(10.10.5.10). A T850 with notification capture enabled can serve as an
inform receiver. Remember you can't just send an inform to anything: you must send it to a machine capable of
replying to the unit with an inform response. Only when the unit gets the inform response will it consider the inform
action a success.
Page 95
TeleBoss 850 2.06.280_STD User Manual
SNMPv3
This feature enables secure SNMP management: sending traps, and servicing get and set operations. SNMPv3
provides authenticity and privacy of data while in transit that SNMPv1 or v2c does not.
Configuration
These are the following settings for SNMPv3 configuration
Example
Sending a trap
Configure the following settings to send a V3 trap:
net.snmp.ntfn.sec.name=siteboss
net.snmp.ntfn.sec.password=password
net.snmp.secmethod=MD5-DES
If you want to configure SNMPv3 traps as event actions then use the following action list piece:
trap(1,3)
or
trap(10.10.5.15,3)
Note the addition of the ",3" parameter to the "trap" action specifier.
Additionally, you must configure some user usable by a Network Management System in the SNMPv3 query. Set this
user up as a User Profile on the unit where the user name is at least 8 characters. Alternatively, you may using "V3
ONLY" as a value for net.snmp.agent.enable.
Page 96
TeleBoss 850 2.06.280_STD User Manual
Pass-through
Pass-through (also known as “Bypass”) is a bi-directional communication link for a serial, modem, Telnet or SSH
connection through the T850 to a device attached to a serial port. Pass-through is useful for configuring or
maintaining devices connected to the T850 without having to be in the same physical location.
Pass-through to a serial port is available on TCP ports 210n where ‘n’ is the number of the serial port.
Pass-through to a serial port is available via from any command processor, including serial, modem, Telnet or SSH
connections using the BYPASSn command where ‘n’ is the number of the serial port.
Following is a table showing what pass-through sub-features/behaviors are applicable to the T850 and a detailed
description of each sub-feature below the table.
Sub-feature T850
Bypass command Yes
Adjustable end sequence pause Yes
3 escapes (via login menu) or 1 escape (via
End sequence for network pass-through
bypass command)
End sequence for modem pass-through 1 escape (via bypass command)
Joinable sessions Yes
Buffered pass-through No
Allow serial break Yes
Bypass command
The command BYPASSn, where 'n’ is the number of the serial port, is used from any command processor,
including serial, modem, Telnet or SSH connections to establish a pass-through connection.
Joinable sessions
Up to 3 pass-through sessions can be joined in that they all connect to the same serial port. Data arriving on the
serial port gets passed through to all parties, and data arriving from any one party gets passed through to the
connected serial port as well as the other parties. Joinable pass-through can be enabled/disabled in the General
Settings menu, or the sys.pt.joinable Setting Key.
Buffered pass-through
Buffered pass-through is where upon connecting to a pass-through session, the first thing the unit does is dump
all data that has been buffered in that port's database file, instead of connecting to the port right away. Once all
data from that file is output then unit connects you to the port. If no data has been buffered (or this feature is
turned off) then the unit initially connects you to the port. This option is not available on the T850.
Serial Break
The T850 gives a pass-through client the ability to apply the 'serial break condition’ on any passthrough serial
port. A serial break can be a "wake up“ signal to a device connected to any of the T850 serial ports. This feature
allows the user to set: the ASCII character to be used for the break, and; the maximum number of times during the
current pass-through session the connected device will recognize that character as the break. After that number
of times, that character will not be interpreted as a break. This also allows the client to, within the same pass-
Page 97
TeleBoss 850 2.06.280_STD User Manual
through session, load binary data files that may include the break character without unintentionally applying the
break condition.
Each serial port may be configured independently of the others by use of two Setting Keys:
serial[].pt.breakchar (default 0)
serial[].pt.breakcount (default 1)
Example:
For example, say you have some device on I/O 6 that requires the serial break condition to wake up. If you
access the unit and enter pass-through mode to I/O 6, and you want to enter Ctrl-Break to apply the break
condition, and have it do that just once per pass-through session, configure this:
serial[6].pt.breakchar=3
serial[6].pt.breakcount=1
Ctrl-Break, at least on Windows PCs, sends ASCII character 0x03 down the wire, so this is why you would set the
breakchar to 3.
By default the unit provides pass-through access to anyone and can be further defined in the User Profile Settings
menus. Various settings control its behavior, as discussed above with each sub-feature.
Page 98
TeleBoss 850 2.06.280_STD User Manual
After dialing, if the call is successful then called number's failure count is set to 0.
Benefit
This enables the unit to not continually dial a number if the number has been shown to be unresponsive, in order to be
a good citizen on the telephone network.
Configuration
There are no settings or UI associated with this feature.
Usage
If a number has reached its failure limit (and thus turned into a forbidden number to dial) then a message is appended
to the Audit Log. Any future attempt to dial a forbidden number results in a message appended to the Audit Log. The
only way to make the unit dial any forbidden number again is wait until the 2-hour blackout expires for that number or
reset the unit (power cycle, RESTART command, RESTART ALL command, push reset button). When dialing is
attempted after the blackout period expires then a message is appended to the Audit Log saying that forbidden
number x was granted permission to be dialed again.
Page 99
TeleBoss 850 2.06.280_STD User Manual
RADIUS Security
Description
RADIUS (Remote Authentication Dial In User Service) is feature is used to offload authentication, authorization, and
accounting (AAA) work to a RADIUS server, instead of doing that work on the unit. Prior to the introduction of the
RADIUS feature, AAA was done on the unit via the User Profiles settings and the Audit Log, although it was never
explicitly called AAA in our documentation up to this point. With the introduction of the RADIUS feature, AAA can now
be done with a RADIUS server via the RADIUS protocol. A RADIUS server is one instance of a AAA server in that it
offers authentication, authorization, and accounting services to client machines, such as the unit. The next few
sections go into more detail about how the RADIUS feature works.
Overview
The RADIUS feature is enabled by setting the sec.mode Setting Key to RADIUS or setting the Security
Settings/Security Mode option to RADIUS. You configure a primary and/or secondary RADIUS server address (or
hostname), as well as secrets for each. The secret is for authenticating the network traffic between the unit and the
RADIUS server. The unit makes transactions with the RADIUS server in order to:
Each transaction has a timeout that specifies how long the unit will wait for a response from the server. (This is
configured with the sec.radius.timeout Setting Key or in the RADIUS Security Settings menu.) "A response
from the server" means a response that is authentic; i.e., the response network frame is verified as trusted. If a
response is not authentic, it could be due to an attacker, or corrupted network frame, or misconfiguration of the server
secret. A server can respond but if the secret is configured wrong then the unit will find it not authentic, and silently
discard the response. In this case, it is as if the unit had received no response at all. So from the perspective of the
unit, a response from a RADIUS server is one that is both received and authentic.
If no response arrives after the timeout, or if the unit could not transmit to the server in the first place (the server was
unreachable, because, for example, no network link, or no network configured on the unit), the unit can try again, up to
a limit as configured with sec.radius.retries Setting Key or in the RADIUS Security Settings menu. If the unit
exhausts all retries for authentication/authorization transactions, it has three options determined in this order:
1. try the same transaction with the secondary server (if its address/hostname and secret are configured). If the
secondary server responds, authentication/authorization will succeed/fail according to that server's response.
In any other case (secondary server unconfigured or configured but unreachable), the unit proceeds to step 2.
2. try to authenticate and authorize the user using the local User Profiles configuration (if its configured, when
sec.radius.fallback.mode=USER PROFILES). If the user fails to authenticate with the User Profiles
configuration (or if sec.radius.fallback.mode=NONE) then the unit proceeds to step 3.
3. give up; the unit cannot authenticate the user so the user cannot log in.
If a RADIUS server deems a user authentic then it passes back authorization info to the unit. So authentication and
authorization happen in one transaction. Accounting happens in a separate transaction. Once the unit sees that an
authentic user is authorized to do what they intend to do, the unit sends a RADIUS accounting start message to the
RADIUS server that originally authenticated the user. When the user's session ends, the unit sends an accounting
stop message to that same server.
In sum, the RADIUS feature enables the unit do AAA transactions with a RADIUS server in order to:
Page 100
TeleBoss 850 2.06.280_STD User Manual
The remaining subsections discuss details of each part of AAA.
Authentication
The RADIUS feature enables the unit to offload (and centralize) user authentication responsibilities to a RADIUS
server. The unit does this for the following services in Phase 2 implementation:
Note: Phase 3 implementation will support PPP while Phase 4 will support SSH. Neither Phase 3 nor Phase 4 are
supported in this version of the T850.
When the unit uses the USER PROFILES security mode, there can be at most 12 users configured, and the unit must
be configured with authentication and accounting details. With RADIUS security mode however, as many users can
log in to a unit as can be supported on the RADIUS server, and a manner completely independent of the User Profiles
configuration on the unit. Additionally, the unit may be just one of many machines that a user would need access to. If
all machines supported AAA, user management can be configured more easily and centrally via the RADIUS server,
instead of at the unit or other machines configured with their own security mechanisms.
PAP vs CHAP
Authentication can happen via PAP (Password Authentication Protocol) or CHAP (Challenge-Handshake
Authentication Protocol). Configured sec.radius.chap=ON for CHAP, or OFF for PAP.
PAP is where the user provides a username and password. Both the username and password are transmitted to the
unit from the user in clear text (unless protected by the application layer's security, such as SSL (for the web UI) or
SSH). The username is transmitted to the RADIUS server from the unit in clear text (the password is not).
CHAP is more complex but more secure because the password is not transmitted to the unit from the user (unlike
PAP). Instead, the unit first provides the user with a CHAP challenge. The user provides the username, CHAP ID, and
CHAP response (which is generated from both the challenge and the user's password). The user uses some local
program to generate a CHAP response based on the user's password, CHAP ID, and CHAP challenge. The CHAP ID
is just a number between 0 and 255 that the user chooses and provides to both the unit and the CHAP-response-
generating program. The unit passes the challenge, username, CHAP ID, and CHAP response to the RADIUS server,
which then authenticates the user based on this data.
When logging in to the command processor, pass-through, Web UI, or real-time sockets, the user is prompted for
three things when CHAP is enabled: username, CHAP ID, and CHAP response. When logging in to the FTP server,
the UI is more standardized as "username and password" and hence requires some special attention when using
CHAP. In the case of logging in to the unit via FTP, enter as the FTP password the concatenation of the ASCII-hex
CHAP ID value and CHAP response. For example, if the user chooses CHAP ID 225 and generates CHAP response
DD0F3C51116B74CFFEC4379BA6D03507, then the FTP password is 225 in ASCII-hex (which is "E1") concatenated
with that response: E1DD0F3C51116B74CFFEC4379BA6D03507.
For all login services, the CHAP challenge is presented as a 32-byte ASCII-hex value, representing 16 bytes of the
actual challenge value. This is so the challenge can be a pseudo-random bit sequence of the same size as the
RADIUS frame authenticator, and also cut-and-pastable by the user between their login UI and their CHAP-response-
generating program.
In sum, PAP is as simple as traditional authentication methods. CHAP is more secure but more complex and requires
the user to have a local CHAP-response-generating program. This program is anything that can create a 16-byte MD5
hash of the CHAP ID (as an 8-bit value), user password, and challenge (as a 16-byte value).
Page 101
TeleBoss 850 2.06.280_STD User Manual
Authorization
Once a RADIUS server deems a user is authentic, its necessary to determine what the user is authorized to do. For
example, a certain user may be, on the RADIUS server, configured and authorized to log in to the unit via telnet
command processor but not via the web UI. So if that user attempts to log in to the unit via the web UI, they will be
authenticated by the RADIUS server, but denied access by the unit. This happens because upon authentication, the
unit requires the RADIUS server to send it certain authorization data about the user. (If the RADIUS server does not
respond with all the required authorization data, the user is not allowed to log in to the unit, even though they were
authenticated by the RADIUS server.) The authorization data received by the unit essentially says "this user is not
allowed access via the web UI". The unit interprets this data by rejecting the user's web UI login attempt. To remedy,
the configuration on the RADIUS server would have to change to allow web UI access for that user. This is an
example of just one of the pieces of authorization data that the unit requires. The full set of data is detailed later in this
document.
When configuring users for access, be sure to limit their user rights (i.e., authorize them for sub-MASTER rights).
MASTER users have enough privilege to change the security settings on the unit, including creating their own user
profiles and changing the security mode away from RADIUS. If a user connects via RADIUS and is given MASTER
rights, then that user can change the security settings to fit what may be malicious intent. Rights are allocated by the
Asentria-User-Rights vendor-specific attribute defined later in this document.
Accounting
When a user is authentic and authorized, the unit sends RADIUS accounting start and accounting stop messages to
the RADIUS server that authenticated the user, when that user's login session begins and ends, respectively. If the
RADIUS accounting UDP port sec.radius.acct.port is set to 0 then the unit will not send accounting information.
For example, when a user logs in with RADIUS (in PAP mode) to the console port, the unit does the following four
things to or for the user:
1. authenticates
2. authorizes
3. sends accounting start information
4. starts a command processor
When the command processor session ends (either by the user explicitly disconnecting or lowering the handshaking
on the RS232), then the unit sends accounting stop information to the RADIUS server that authenticated that user (but
only if the unit had successfully sent accounting start information for that user when they logged in). Accounting
information being "successfully sent" means the unit could reach the RADIUS server and the server responded.
When the unit sends the RADIUS server accounting start and stop messages, it is actually sending RADIUS
Accounting-Request frames with the following RADIUS attributes:
Standard attribute: Acct-Status-Type, which is integer 1 for start or 2 for stop.
Standard attribute: Acct-Session-Id: the unit uses an RFC 4122 GUID as the value for this attribute; it is
used to correlate start and stop messages.
Limits of support
The unit does not support RADIUS Access-Challenge frame (which the RADIUS server can send in response to an
Access-Request frame); the unit interprets Access-Challenge as Access-Reject.
The unit does not support any Accouting-Request frames other than those with Acct-Status-Type set to 1 or 2.
SNMPv3 works only with users specified in the User Profiles configuration when the security mode is set to USER
PROFILES; SNMPv3 does not work with RADIUS.
Page 102
TeleBoss 850 2.06.280_STD User Manual
Locking yourself out
Be careful when you are configuring RADIUS, you may lock yourself out of the unit, which means there is no way to
gain access to the unit again: you must return it in order for it to be reinitialized at the factory. There are four ways
around this:
1. If you are locked out because there is something wrong with the primary RADIUS server (i.e., it is
reachable but it is incorrectly rejecting authentication requests), then configure a secondary (redundant)
one, if you have the resources for that.
2. The unit attempts to detect an invalid RADIUS configuration, and if it finds it, it automatically authenticates
you using User Profiles. An invalid RADIUS configuration is one where (primary server or secret is not
configured) and (secondary server or secret is not configured). So if you have misconfigured the unit in
this way, you can still get into the unit provided you know the credentials for a MASTER-rights user profile.
3. Configure the unit to fall back to User Profiles (sec.radius.fallback.mode=USER PROFILES). This
means when all RADIUS servers configured are unreachable or reachable but unresponsive, the unit will
authenticate and authorize the user with its User Profiles configuration. If any RADIUS servers (primary or
secondary) are responsive, then when they reject a user, the unit will reject a user and not fall back to
authenticating with User Profiles. On the one hand this is an insurance policy against locking yourself out,
but on the other hand it still means you must maintain some local authentication/authorization security
configuration of the unit, which erodes the purpose of centralized AAA.
4. If you end up in a situation where you cannot log in to the unit at all, there is one last resort before
returning the unit. There is a way to gain access with the button unlock feature. If you tap the reset button
a few times (at least 5) until the front panel lights flash, then the unit defaults the following settings, which
enables you to log in to the unit via the console port using the default MASTER user profile:
o sec.mode (to USER PROFILES)
o sec.consolereq (to OFF)
o sec.connectvia (to every method of connecting)
o "admin/password/MASTER" credentials for the user profile appropriate to the product
o IO2 mode set to COMMAND (if applicable to product)
Note:
o The button unlock feature can only be used if sec.button.unlock=ON (which it is by default). If you
do not want the unit to grant access via this feature, then turn it off. However, if you subsequently lock
yourself out then there is no way to gain access to the unit: you must return it.
o If you lock yourself out and gain access again with the button unlock feature, remember to reconfigure
the settings that were defaulted by the button unlock feature to maintain your prior security
configuration!
o "tap the reset button" means press the reset button on the unit (the only button for the current
products) until it clicks and then release it, at a frequency of about 1-2 taps per second. Do not hold in
the reset button otherwise that will reset the unit, just tap it like you click a mouse button.
Page 103
TeleBoss 850 2.06.280_STD User Manual
Required by
Corresponding User Profiles
Attribute Allowed values connection
Setting
method
Asentria-Connect-
ON,OFF sec.user[x].connectvia.local L
Via-Local
Asentria-Connect-
ON,OFF sec.user[x].connectvia.modem M
Via-Modem
Asentria-Connect-
ON,OFF sec.user[x].connectvia.telnet TP
Via-Telnet
Asentria-Connect-
ON,OFF sec.user[x].connectvia.ftp F
Via-FTP
Asentria-Connect-
ON,OFF sec.user[x].connectvia.rts R
Via-RTS
Asentria-Connect- N/A in phase
ON,OFF sec.user[x].connectvia.ssh
Via-SSH 2
Asentria-Log-In-To COMMAND, PASSTHROUGH, MENU sec.user[x].loginto FTMLP
Asentria-Access-
FILE1, FILE2, ... FILEn sec.user[x].accessfile TML
File
N/A in phase
Asentria-PPP-Type NONE, LOCAL, ROUTING sec.user[x].ppptype
2
Asentria-User- NONE, VIEW, ADMIN1, ADMIN2, ADMIN3,
sec.user[x].rights FTMLPW
Rights MASTER
Asentria-File1-
DENY, ALLOW sec.user[x].file[1].readaccess FTMLWR
Read-Access
Asentria-File2-
DENY, ALLOW sec.user[x].file[2].readaccess FTMLWR
Read-Access
Asentria-File3-
DENY, ALLOW sec.user[x].file[3].readaccess FTMLWR
Read-Access
Asentria-File4-
DENY, ALLOW sec.user[x].file[4].readaccess FTMLWR
Read-Access
Asentria-File5-
DENY, ALLOW sec.user[x].file[5].readaccess FTMLWR
Read-Access
Asentria-File6-
DENY, ALLOW sec.user[x].file[6].readaccess FTMLWR
Read-Access
Asentria-File7-
DENY, ALLOW sec.user[x].file[7].readaccess FTMLWR
Read-Access
Asentria-File8-
DENY, ALLOW sec.user[x].file[8].readaccess FTMLWR
Read-Access
Asentria-File9-
DENY, ALLOW sec.user[x].file[9].readaccess FTMLWR
Read-Access
Asentria-File10-
DENY, ALLOW sec.user[x].file[10].readaccess FTMLWR
Read-Access
Asentria-File11-
DENY, ALLOW sec.user[x].file[11].readaccess FTMLWR
Read-Access
Asentria-File12-
DENY, ALLOW sec.user[x].file[12].readaccess FTMLWR
Read-Access
Asentria-File13- DENY, ALLOW sec.user[x].file[13].readaccess FTMLWR
Page 104
TeleBoss 850 2.06.280_STD User Manual
Read-Access
Asentria-File14-
DENY, ALLOW sec.user[x].file[14].readaccess FTMLWR
Read-Access
Asentria-File15-
DENY, ALLOW sec.user[x].file[15].readaccess FTMLWR
Read-Access
Asentria-File16-
DENY, ALLOW sec.user[x].file[16].readaccess FTMLWR
Read-Access
Asentria-Events-
DENY, ALLOW sec.user[x].events.readaccess FTMLWR
Read-Access
Asentria-Audit-
DENY, ALLOW sec.user[x].audit.readaccess FTMLWR
Read-Access
Asentria-File1-
DENY, ALLOW sec.user[x].file[1].writeaccess FTMLWR
Write-Access
Asentria-File2-
DENY, ALLOW sec.user[x].file[2].writeaccess FTMLWR
Write-Access
Asentria-File3-
DENY, ALLOW sec.user[x].file[3].writeaccess FTMLWR
Write-Access
Asentria-File4-
DENY, ALLOW sec.user[x].file[4].writeaccess FTMLWR
Write-Access
Asentria-File5-
DENY, ALLOW sec.user[x].file[5].writeaccess FTMLWR
Write-Access
Asentria-File6-
DENY, ALLOW sec.user[x].file[6].writeaccess FTMLWR
Write-Access
Asentria-File7-
DENY, ALLOW sec.user[x].file[7].writeaccess FTMLWR
Write-Access
Asentria-File8-
DENY, ALLOW sec.user[x].file[8].writeaccess FTMLWR
Write-Access
Asentria-File9-
DENY, ALLOW sec.user[x].file[9].writeaccess FTMLWR
Write-Access
Asentria-File10-
DENY, ALLOW sec.user[x].file[10].writeaccess FTMLWR
Write-Access
Asentria-File11-
DENY, ALLOW sec.user[x].file[11].writeaccess FTMLWR
Write-Access
Asentria-File12-
DENY, ALLOW sec.user[x].file[12].writeaccess FTMLWR
Write-Access
Asentria-File13-
DENY, ALLOW sec.user[x].file[13].writeaccess FTMLWR
Write-Access
Asentria-File14-
DENY, ALLOW sec.user[x].file[14].writeaccess FTMLWR
Write-Access
Asentria-File15-
DENY, ALLOW sec.user[x].file[15].writeaccess FTMLWR
Write-Access
Asentria-File16-
DENY, ALLOW sec.user[x].file[16].writeaccess FTMLWR
Write-Access
Asentria-Events-
DENY, ALLOW sec.user[x].events.writeaccess FTMLWR
Write-Access
Asentria-Audit-
DENY, ALLOW sec.user[x].audit.writeaccess FTMLWR
Write-Access
Page 105
TeleBoss 850 2.06.280_STD User Manual
Asentria-Port1-PT-
DENY, ALLOW sec.user[x].port[1].ptaccess TMLWP
Access
Asentria-Port2-PT-
DENY, ALLOW sec.user[x].port[2].ptaccess TMLWP
Access
Asentria-Port3-PT-
DENY, ALLOW sec.user[x].port[3].ptaccess TMLWP
Access
Asentria-Port4-PT-
DENY, ALLOW sec.user[x].port[4].ptaccess TMLWP
Access
Asentria-Port5-PT-
DENY, ALLOW sec.user[x].port[5].ptaccess TMLWP
Access
Asentria-Port6-PT-
DENY, ALLOW sec.user[x].port[6].ptaccess TMLWP
Access
Asentria-Port7-PT-
DENY, ALLOW sec.user[x].port[7].ptaccess TMLWP
Access
The final column, "Required by connection method", lists the connection methods that require the attribute. Here is
what the letters mean for this column:
F=FTP
T=Telnet command processor
M=Modem command processor
L=Local (console) command processor
W=Web UI
R=Real time sockets
P=Telnet pass-through (to port 210x)
For example, Asentria-Access-File has "TML", which means if you configure a user on the RADIUS server that you
intend to connect by Telnet, Modem, or Local, then you must configure this attribute to be returned to the unit upon
successful authentication, otherwise the unit cannot authorize the user, and will therefore reject the user's login even
though they are authentic.
Page 106
TeleBoss 850 2.06.280_STD User Manual
The Asentria-Service-Type attribute is N/A for the last two columns because it does not deal with authorization -- it is
used in accounting RADIUS transactions only.
Note that the Asentria-Filex-* and Asentria-Portx-* attributes are required for only however many serial ports on the
unit. For example, if you have a unit with only 2 ports, then only Asentria-File1-*, Asentria-File2-*, Asentria-Port1-*,
and Asentria-Port2-* attributes are required by that unit for the given connection method.
Note that "N/A in phase 2" means that this attribute is not used in phase 2 of the RADIUS feature (phase 2 supports
everything except PPP and SSH).
Benefit
In a typical application environment for these units, there is hardware from other vendors too, and each piece of
hardware probably has its own way of doing AAA operations. As the number of disparate machines rises, so does the
administration headache of maintaining AAA for each machine for each user. If all machines use a standard,
centralized AAA architecture however, then that simplifies administration of all of them and makes each one fit more
easily in into the entire application environment. Therefore, having a unit support AAA (via RADIUS, one of the most-
deployed and most-mature of AAA servers) makes it easier for organizations to fit units into their environments.
Configuration
To configure RADIUS on the unit (minimum required configuration) enter the Setting Key values as shown below, or
onfigure using the RADIUS Security Settings menu:
sec.mode=RADIUS
sec.radius.server[1]=<address or hostname>
sec.radius.server[1].secret=<secret>
Example
Say you want to configure user "bob" to access the unit's modem command processor via RADIUS. First configure
"bob" on the RADIUS server. He may already be configured on your RADIUS server because his duties may include
administering other RADIUS-supporting machines besides the unit. Either way, you must configure the following
attributes for "bob" on the RADIUS server (this list is generated by looking at the table above and seeing which
attributes are required by the "T" method (telnet command processor). (Say the unit has only 2 serial ports to minimize
the File/Port authorization attributes listed here.)
Asentria-Connect-Via-Telnet = ON
Asentria-Log-In-To = COMMAND
Asentria-Access-File = FILE1
Asentria-User-Rights = ADMIN3
Asentria-File1-Read-Access = ALLOW
Asentria-File2-Read-Access = ALLOW
Asentria-File1-Write-Access = ALLOW
Asentria-File2-Write-Access = ALLOW
Asentria-Events-Read-Access = ALLOW
Asentria-Audit-Read-Access = ALLOW
Asentria-Events-Write-Access = DENY
Asentria-Audit-Write-Access = DENY
Asentria-Port1-PT-Access = ALLOW
Asentria-Port2-PT-Access = ALLOW
Page 107
TeleBoss 850 2.06.280_STD User Manual
This list of attributes for user "bob" on the RADIUS server specifies that he can access the unit's Telnet command
processor with ADMIN3 rights, the access file set to FILE1 and all files/ports readable and writable except that he
cannot write the Events and Audit files.
Also configure a user for yourself that gives you MASTER rights to the unit should you need access to it.
Then configure RADIUS on the unit according to the Configuration section above, verify the unit can reach the
RADIUS server by pinging it, and then log out. Then try logging in to test the RADIUS setup. If you or "bob" cannot log
in then you have locked yourself out of the unit. If the reason you cannot log in cannot be attributed to a configuration
error on the RADIUS server then you must use the unit's fallback options for getting access to the unit again: the
RADIUS fallback mode or the button unlock feature. From there troubleshooting steps can be taken to see why login
failed.
Please contact Asentria Technical Support for assistance in troubleshooting RADIUS connection problems.
Page 108
TeleBoss 850 2.06.280_STD User Manual
Data Events
This section offers a brief tutorial on how to set up a functional data event that will send an SNMP trap when the word
"test" is received over a data port. Full details on how to configure data alarm equations are available in the next
section, Configuring Data Alarm Equations.
3. Select Start Position. When prompted to enter a new value, enter "1" and press <Enter>.
4. Select Field Length. When prompted to enter a new value, enter "4" and press <Enter>.
5. Select Event Name and enter TEST_FIELD, then press <Enter>.
6. Press <Enter> to return to the Field definition Table. If configured properly, the data event field should appear in
this menu.
7. Press <Enter> to return to the Data Alarm/Filter Settings menu. From here, select the Data Alarm Settings menu,
Alarm/Filter Page 1, then Alarm/Filter 1. The following menu will be displayed:
Page 109
TeleBoss 850 2.06.280_STD User Manual
11. Select Alarm/Filter Equation and enter TEST_FIELD="test”. This will cause an event to occur any time the word
"test" is received.
12. Select Actions and enter "TRAP(1)" to cause this data event to send a trap to SNMP manager #1, as configured
below in the Hostname/IP Address menu.
Other Setup
1. Return to the Main Setup Menu, select “Action Definitions”, select “Hostname/IP Address 1” and enter either the
hostname or IP address of the SNMP Manager where the trap will be sent.
2. Go to the Serial Setup Menu for serial port I/O 1 (or whichever port incoming data will be monitored) and set the
Data Alarm Enable setting to ON.
3. Press <CTRL> + C to return to the command processor.
Testing
Connect to the unit serially on I/O 1 and type the word test followed by <Enter>. This should trigger the above data
event, and an SNMP trap should be sent to SNMP Manager #1. If this is not the case, double check the network and
data event settings and then call Asentria Technical Support.
Note: There will be a 30 second delay in alarming if the terminal emulator being used does not send a LF with the
CR. This may be circumvented by pressing <CTRL + J> to generate a LF.
Page 110
TeleBoss 850 2.06.280_STD User Manual
Here are a few tips to help you create your own data event equations:
Multiple field references are acceptable, as long as both fields are the same length. For example, d=c is a valid
equation if the fields that both 'd' and 'c' represent are two characters long
Variable names are case sensitive
Equation literals (the data contained within quotation marks) are case sensitive
If any rule is violated in a equation, an alarm will not be generated, nor will an error be presented
Note: There may be times when two or more fields are necessary to analyze one piece of data. For example, if a
time is represented in hh:mm format, some calculations may require two different fields. Other times, wildcards will do
the job of masking out non-important characters just fine.
The data alarm equations used in the T850 are standard Boolean-type operators. The following table outlines each of
the supported operators and their function.
Operator Function
> Greater Than
< Less Than
>= Greater Than or Equal to
<= Less Than or Equal to
! or <> Not Equal to
= Equal to
* Single character wildcard (matches any character or space)
() Parenthesis used to combine operations
OR Logical OR
AND Logical AND
@ Positional wildcard (used in place of a field name to match anywhere within an
incoming record)
Page 111
TeleBoss 850 2.06.280_STD User Manual
Data alarm macros can be configured using the setup menu or setting keys:
Menu
Setup -> Alarm/Event Definitions -> Data Alarm/Filter Settings -> Data Alarm Macro
Settings Keys
event.macro[].name
event.macro[}.equation
The macro equation is entered the same way as a data alarm equation. A macro equation cannot refer to another
macro; in such a case, the expression involved will always evaluate to FALSE. The macro equation can be up to 160
characters in length.
The macro name is the name by which the macro is referenced in any data alarm equation, and can be up to 16
characters in length. Macro names are subject to these restrictions:
Macro names and data field names are not case sensitive; therefore DLT35 and Dlt35 are equivalent.
A macro cannot be given the same name as a data field or another macro.
The following names are reserved and should not be used as macro names or data field names:
IOx (where x is a number) FALSE
IPRC AND
TRAP OR
FTP IS
TRUE ISNOT
Using a macro name or data field name that starts with AND or OR will cause that part of the expression to always
evaluate to FALSE.
When used in a data alarm equation, macros are always compared to TRUE or FALSE. Any other comparison yields
a result of FALSE.
Example
Settings
event.data[1].enable=ON
event.data[2].enable=ON
event.data[1].equation=m1=true
event.data[2].equation=m1 = true and f2 = "0"
event.field[1].start=7
event.field[2].start=6
event.field[1].length=1
event.field[2].length=1
event.field[1].name=f1
event.field[2].name=f2
event.macro[1].name=m1
event.macro[1].equation=f1="1"
Page 112
TeleBoss 850 2.06.280_STD User Manual
Incoming records
0000001 N 019 00 DN1042 T001034 02/25 09:21 00:00:50 A 5558481677
0000002 N 020 00 DN5280 T001033 02/25 09:22 00:00:08 A 5551377443
0000003 N 021 00 T002014 DN6502 02/25 09:22 00:00:10
0000004 N 022 00 T007002 DN5700 02/25 09:19 00:02:36
0000005 E 023 00 T002024 DN1006 02/25 09:22 00:00:58
0000006 N 024 00 T002042 DN6000 02/25 09:21 00:00:46
0000007 N 025 00 DN5154 T001035 02/25 09:04 00:17:50 A 5558451000
0000008 N 026 00 DN1192 T001031 02/25 09:22 00:01:10 A 5558406776
0000009 N 027 00 DN1048 T001034 02/25 09:23 00:00:26 A 5556426898
0000010 N 028 00 DN1197 T001020 02/25 09:19 00:04:30 A 5552550948
0000011 N 029 00 DN6063 T001033 02/25 09:23 00:00:16 A 5557458535
0000012 N 030 00 T002019 DN6447 02/25 09:23 00:00:10
Alarm records
0000001 N 019 00 DN1042 T001034 02/25 09:21 00:00:50 A 5558481677 (DA 1)
0000001 N 019 00 DN1042 T001034 02/25 09:21 00:00:50 A 5558481677 (DA 2)
0000011 N 029 00 DN6063 T001033 02/25 09:23 00:00:16 A 5557458535 (DA 1)
The first record matches data alarm 1, because macro 'm1' is true. Macro 'm1' is true any time the character in
the 7th position is '1'.
The first record also matches data alarm 2, because macro 'm1' is true and field 'f2' contains a '0' character.
The eleventh record matches data alarm 1, again because macro 'm1' is true. It does not match data alarm 2
because field 'f2' does not contain a '0' character.
Page 113
TeleBoss 850 2.06.280_STD User Manual
Action List
An action list is a text string that specifies what the unit should do upon an event. It's comprised of a list of keywords
and parameters separated by semicolon. Each keyword specifies a certain action and has its own parameter set,
which is enclosed in parentheses.
Note: Not all actions on the Action List may be available in this product. Check with Asentria Tech Support if you
have questions concerning this.
For example, the keyword trap has a parameter <ipaddress or index>, and has syntax trap(ipaddress or index) in an
action list. This keyword means send an SNMP trap to the specified parameter. If the parameter is an IP address then
that address is the trap destination. If the parameter is an index then it uses the address specified in the
corresponding index # for Hostname/IP Address in the Action Definitions menu. (This IP action setting list is
action.ip, so trap(1) means send a trap to the address in setting action.ip[1].)
Cancel: cancel(idname)
Cancel any running action list identified by idname.
Group: group(groupname)
Identify this action list as part of a group identified by groupname; not currently used. In a future version this
will be used to cancel or postpone groups of action lists.
ID: id(idname)
Identify this action list by idname.
Pause: pause(seconds)
Pause operation for a duration specified by seconds.
Page 114
TeleBoss 850 2.06.280_STD User Manual
EventSensor: the number of the EventSensor that has the specified relay, where it is the same as
that referred to by the index in an EventSensor key (e.g., 1 in event.sensor[1].* for the first
external EventSensor) as well as that referred to by the SNMP esIndex object.
point: the number of the relay (1-based) on the specified EventSensor. E.g., this is the same number x in
"event.sensor[1].relay[x].*"
Continue: continue(id)
Continue any event identified by idname that has either paused or postponed its action processing.
Each action can take a varying amount of time depending on what's going on in the unit. E.g., a trap may take less
than a second to send if there is a route for it on a network interface that is already up (like Ethernet). Otherwise, if the
unit is configured to bring up PPP in case the trap cannot be sent on an already-up interface, then the trap may take a
minute to send while the unit brings up PPP.
The unit starts all actions up to the first pause keyword at the same time. E.g., if you have an action list like
trap(1);email(1);modem(1);pause(60);trap(2) then the unit will start the first 3 actions, pause for a minute, then start
the last action.
Wherever you can configure an event you can configure its actions. Generally this is with the *.actions setting key
that applies to the event you want to monitor. You can also configure email actions (in the action list syntax) for a user
Page 115
TeleBoss 850 2.06.280_STD User Manual
profile's login challenge destination (e.g., sec.user.challenge.telnetsendto). Not all actions are applicable to
all events: relay actions can be caused only by sensor events and data events.
There may be a need to clear all event actions that are in the events queue that have not yet completed. In that case,
set the event.mgmt.clear key to any value (e.g., 0) to delete any event that has been triggered but has not yet
completed its action delivery. This is a function key only. Reading this key (sk event.mgmt.clear) simply returns a
blank value.
Page 116
TeleBoss 850 2.06.280_STD User Manual
SNMP Trap
Email Alarms
Asentria Alarms
SMS Alarms (requires wireless modem)
Pager Alarms (requires dialup modem)
The following section describes these messages and how to use them.
SNMP Traps
SNMP Traps are alarm notices which are sent using TCP/IP and which conform to the requirements of the SNMP
protocol. In essence, the SNMP Trap is a TCP/IP alarm message using the SNMP protocol, which contains a number
of name/value pairs in its payload. In this payload the “name” is an SNMP Object ID and the “value” is the value of
that OID.
In the case of the T850 product, there are two defined SNMP traps that you can choose from. These traps are
defined in the SNMP MIB which is provided with the T850 product (or which is available through the Asentria website
or Asentria Technical Support).
The first trap is a ‘Standard’ SNMP trap. This is the original SNMP trap format supported by Asentria products. In this
trap there are two name/value pairs in the trap payload; ‘siteName’ which is the sitename of the device sending the
trap and ‘stockTrapString’ which is a string value which is the standard concatenated alarm message string
used for this and other alarms messages in the T850.
Date Time :: SiteName :: Sensor Pod/Bank name :: Sensor Point Name :: Alarm Alias
10/24 06:43 :: San Diego Site #12 :: Sensor Pod 12 :: Cabinet Temp :: Temperature Very High
For users familiar with SNMP, the actual SNMP MIB definintion of the Standard SNMP looks like this:
t850StockTempTrap TRAP-TYPE
ENTERPRISE t850
VARIABLES { siteName, stockTrapString }
DESCRIPTION
"A stock temperature trap is issued when a temperature event
happens."
::= 120
The other kind of SNMP trap which you can use what we call a ‘User Defined Trap’. In this trap we provide for a
series of traps which each have an individual “Trap number”. This can be easier to integrate with management
systems because the manager can have rules setup to kick in when you get “trap # 1000” or “trap # 1001” or so on.
When using User Defined Traps, the trap number to use is assigned as part of the Event Definition Setup. In the case
of User Defined Traps, the payload of the trap contains a number of OID variables, essentially anything that might be
relevant to the particular alarm being transmitted. If the variable is not relevant for the alarm being transmitted then
that variable is null.
For users familiar with SNMP, the actual trap definintion in the SNMP MIB looks like this:
Page 117
TeleBoss 850 2.06.280_STD User Manual
t850UserTrap1000 TRAP-TYPE
ENTERPRISE t850
VARIABLES { siteName, esIndex, esName, trapEventTypeNumber,
trapEventTypeName, esIndexPoint, esPointName, esID,
clock, trapIncludedValue, trapIncludedString,
trapEventClassNumber, trapEventClassName }
DESCRIPTION
"This user-defined trap is issued when an event happens that causes a
trap with specific trap type 1000."
::= 1000
In the above there are various alarm values in this trap including the trapIncludedString referenced in the Standard
Trap.
Email Alarms
Email alarms contain a concatenated alarm string which follows the format of:
Date Time :: SiteName :: Sensor Pod/Bank name :: Sensor Point Name :: Alarm Alias
For example, a typical Email notification for a temperature alarm might look like the following:
10/24 15:59 :: San Diego Site #12 :: Sensor Pod 12 :: Cabinet Temp :: Temperature Very High
Asentria Alarms
Notices ride on an IP network. The IP network is facilitated by broadband internet connection or PPP in this model.
When riding on a network from a unit to SitePath, it is assumed that a notice is normally tunneled over a VPN via a
VPNG. In situations where the VPN is unavailable, the notice rides on a PPP link to SitePath via the PPPG. When
riding on a network from a VPNG to the notice receiver (or on a network from a PPPG to the notice receiver), a notice
travels in plaintext (i.e., not encrypted).
The format below is common to all events that can trigger a notice:
ID : 00
Date : mm/dd/yy
Time : hh:mm:ss
TargetPort:
TargetName:
AlarmType :
AlarmMsg :
Severity : {as specified by class/severity}
AlarmNum : {the value of the trap number setting for the triggering event}
Threshold :
Current :
Page 118
TeleBoss 850 2.06.280_STD User Manual
Text1 :
Note: There are 3 blank lines before "Hardware:" and 2 blank lines after "Serial #:".
Other more specific types of Asentria Alarm Notice formats are: (contact Asentria Technical Support for sample
format)
Data Alarm notice
No-data Alarm notice
CPE Down Alarm notice
VPN Down Alarm notice
VPNG Down Alarm notice
When an Asentria Alarm is initiated, the box dials into the callout number specified by the action. Once
connected, it sends a header and waits for a specific response. If the T850 receives a specific response to the
header, it delivers alarms in CRC mode; otherwise, alarms are delivered in non-CRC mode. In CRC mode, each
Asentria Alarm is transmitted with some extra control characters and a CRC, and the remote host is required to
acknowledge each alarm in a certain format.
After all Asentria Alarms have been delivered, the box waits for 20 seconds for any type of keystroke. If a
keystroke is detected, the box will present a login menu.
Initial header
Note: Please see the Control Characters appendix for more information about special characters used within
this section.
Upon dialing into the receiver, the T850 will send a message similar to the following:
TeleBoss 850
Server Room B
Asentria Alarm Notice ver. 1.00
(CR/LF)(ENQ)
Non-CRC Mode
After sending the initial header, the T850 pauses for 10 seconds to wait for an ACK from the receiver. Non-CRC
mode requires the Require Asentria Alarm ACKs setting to be turned off. If the T850 sees no response or the
receiver replies with:
(ACK)00(ACK)
then non-CRC mode is assumed and the sender will transmit the alarms. The control characters (SOH), (SOT),
and (ETX) are not transmitted in non-CRC mode.
Page 119
TeleBoss 850 2.06.280_STD User Manual
CRC Mode
CRC mode exists to ensure that event notifications are delivered intact. Asentria Alarms delivered in CRC mode
have extra control characters and a 16-bit CRC included in each alarm to allow for error detection by the receiver.
Additionally, CRC mode causes the T850 to store and later retry each alarm until a proper acknowledgement is
received from the receiver.
If Require Asentria Alarm ACKs is enabled, the T850 will require a positive CRC mode response or it will
disconnect and retry the call. To enable CRC, the receiver must respond with the following after the header is
received:
(ACK)01(ACK)
Once CRC mode is enabled, each alarm must be acknowledged by a message in the following format:
(ACK)XX(ACK)
XX represents the alarm ID to acknowledge. The ID can be found in the first line of each record sent by the T850.
Alarm Transmission
After successfully initiating a session, alarms are delivered in the following format:
(SOH)ID=XX(SOT)
Date=12/25/07
Time=10:30:02
TargetPort=
TargetName=
AlarmType=Data Alarm
AlarmName=Test Alarm
Threshold=0
Severity=Critical
Text1=text record line
Text2=text record line
(ETX)XX
(CR/LF)
(CR/LF)
The alarm ID indicates the index number of each alarm delivered during a call. This number restarts at 1 for each
new call.
The severity line represents the Class value defined for this alarm.
Up to twelve lines of Textn may be sent.
XX represents the 16-bit CRC if CRC mode is enabled. If not, this line will contain two spaces.
If additional alarms are queued to send in the same transmission, the above output is repeated, and the ID
incremented with each alarm. When non-CRC alarm transmission is selected, alarms are sent with a 5 second
delay between each. When all alarms and been transmitted, then T850 sends the following:
(EOT)
(CR/LF)
(CR/LF)
At this point, the T850 waits 20 seconds for the receiver to send any input, and then hangs up. If any commands
are received, a command prompt is established and the connection will remain active.
Action Definition
Asentria Alarm actions are designated by "Modem" in action definitions. The numbers correspond to callout
numbers.
Example: Modem(1), Modem(2), etc
Page 120
TeleBoss 850 2.06.280_STD User Manual
SMS Alarms
Note: SMS Messaging is only supported with an EDGE wireless modem installed in the T850.
SMS alarm messages contain a concatenated alarm string which follows the format of:
Date Time :: SiteName :: Sensor Pod/Bank name :: Sensor Point Name :: Alarm Alias
For example, a typical SMS notification for a temperature alarm might look like the following:
10/24 15:59 :: San Diego Site #12 :: Sensor Pod 12 :: Cabinet Temp :: Temperature Very High
Pager Alarms
Pager alarm messages contain a concatenated alarm string which follows the format of:
Date Time :: SiteName :: Sensor Pod/Bank name :: Sensor Point Name :: Alarm Alias
For example, a typical Pager notification for a temperature alarm might look like the following:
10/24 15:59 :: San Diego Site #12 :: Sensor Pod 12 :: Cabinet Temp :: Temperature Very High
Page 121
TeleBoss 850 2.06.280_STD User Manual
Above is a representative Internal Events Menu showing an ES-8C Type 2 EventSensor that features 8 contact
closures. Descriptions of temperature, humidity, voltage and relays will follow.
Contact Closure n displays the menu for configuring each of the contact closure points.
Contact closures (CC) sense the state of a circuit. A weak voltage is applied to the source pin and if pulled to ground
by a connection on the circuit, the sensor reports a "closed" state. If it remains high, the sensor reports an "open"
state. All of the CCs share a common ground. The contact closures may be configured to alarm in either the open or
closed state, depending on the needs of the attached devices.
Sensor Name is an alphanumeric field that allows you to name this contact closure. (Max length 16 chars)
Contact Closure Enabled is an ON/OFF toggle to enable this contact closure. Default setting is OFF.
Page 122
TeleBoss 850 2.06.280_STD User Manual
Event State is an OPEN/CLOSED toggle that determines whether an event will be triggered when the contact closure
circuit is opened or closed. The default state is OPEN.
Threshold is the number of seconds (0-255) the sensor must remain in the event state before an actual event occurs.
Default threshold is 2.
Event State / Return to Normal Actions displays the Actions List, a menu where the action string for the event is
configured. This field will be empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions
have been configured. Refer to Action List in the Features chapter for more information.
Event State / Return to Normal Class sets the class for the alarm. When this option is selected, a list of the classes
previously defined in the Class Table is displayed, from which you can select one to be assigned to this event.
Event / Return to Normal Trap Number sets the trap number which can be useful when using SNMP trap managers
that employ a trap numbering system to help identify incoming traps. The default trap number for Contact Closure
Events is 110, but any number in the alternate range of 1000 – 1199 can be used.
Active Alarm Alias is a special sensor name used when reporting active events for this sensor.
Inactive Alarm Alias is the same as Active Alarm Alias, but used with Return to Normal events.
Temperature Sensor Enabled is an ON/OFF toggle to enable the temperature sensor. Default setting is OFF.
Sensor Values Represented In toggles either FAHRENHEIT or CELSIUS for the desired temperature scale.
Temperature Deadband is the range, in degrees, on either side of a temperature setting that prevents the alarm from
repeatedly going in and out of the "alarm state" as the actual temperature fluctuates above and below the temperature
setting.
Very High / High / Low / Very Low Event Settings display a menu where the temperature at each level can be
configured to alarm along with the action(s) to occur, trap number, and class. In the case of Very High or High levels,
the alarm will occur as the temperature rises above the setting. In the case of Low or Very Low, the alarm will occur
as the temperature drops below the setting.
Return to Normal Settings displays a menu where the actions to occur when the temperature returns to normal
(drops below the High/Very High settings, or rises above the Low/Very Low settings) can be configured.
The menu for setting Very High Temperature settings is shown. Menus for High/Low/Very Low are identical.
Page 123
TeleBoss 850 2.06.280_STD User Manual
Very High Event Temperature sets the temperature at which the Very High Event Actions will be triggered.
Very High Event Actions displays the Actions List, a menu where the action string for the event is configured. This
field will be empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions have been
configured. Refer to Action List in the Features chapter for more information.
Very High Trap Number sets the trap number which can be useful when using SNMP trap managers that employ a
trap numbering system to help identify incoming traps. The default trap number for Temperature Events is 120, but
any number in the alternate range of 1000 – 1199 can be used.
Very High Event Class sets the class for the alarm. When this option is selected, a list of the classes previously
defined in the Class Table is displayed, from which you can select one to be assigned to this event.
Return to Normal Event Actions displays the Actions List, a menu where the action string for the event is
configured. This field will be empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions
have been configured. Refer to Action List in the Features chapter for more information.
Return to Normal Event Trap Number sets the trap number which can be useful when using SNMP trap managers
that employ a trap numbering system to help identify incoming traps. The default trap number for Temperature Events
is 120, but any number in the alternate range of 1000 – 1199 can be used.
Return to Normal Class sets the class for the alarm. When this option is selected, a list of the classes previously
defined in the Class Table is displayed, from which you can select one to be assigned to this event.
Humidity Sensor Enabled is an ON/OFF toggle to enable the humidity sensor. Default setting is OFF.
Humidity Deadband is the range on either side of a humidity setting that prevents the alarm from repeatedly going in
and out off the "alarm state" as the actual humidity fluctuates above and below the humidity setting.
Very High / High / Low / Very Low Event Settings display a menu where the humidity at each level can be
configured to alarm along with the action(s) to occur, trap number, and class. In the case of Very High or High levels,
the alarm will occur as the humidity rises above the setting. In the case of Low or Very Low, the alarm will occur as
the humidity drops below the setting.
Return to Normal Settings displays a menu where the actions to occur when the humidity returns to normal (drops
below the High/Very High settings, or rises above the Low/Very Low settings) can be configured.
Page 124
TeleBoss 850 2.06.280_STD User Manual
Very High/High/Low/Very Low Event Settings Setup
The menu for setting High Humidity settings is shown. Menus for Very High/Low/Very Low are identical.
High Event Humidity sets the humidity at which the High Event Actions will be triggered.
High Event Actions displays the Actions List, a menu where the action string for the event is configured. This field
will be empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions have been
configured. Refer to Action List in the Features chapter for more information.
High Trap Number sets the trap number which can be useful when using SNMP trap managers that employ a trap
numbering system to help identify incoming traps. The default trap number for Humidity Events is 130, but any
number in the alternate range of 1000 – 1199 can be used.
High Event Class sets the class for the alarm. When this option is selected, a list of the classes previously defined in
the Class Table is displayed, from which you can select one to be assigned to this event.
Return to Normal Event Actions displays the Actions List, a menu where the action string for the event is
configured. This field will be empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions
have been configured. Refer to Action List in the Features chapter for more information.
Return to Normal Event Trap Number sets the trap number which can be useful when using SNMP trap managers
that employ a trap numbering system to help identify incoming traps. The default trap number for Humidity Events is
130, but any number in the alternate range of 1000 – 1199 can be used.
Return to Normal Class sets the class for the alarm. When this option is selected, a list of the classes previously
defined in the Class Table is displayed, from which you can select one to be assigned to this event.
Below is a representative Events Menu showing an 8V Expanson Card to monitor 8 analog voltage inputs. Analog
current inputs, such as on an 8mA Expansion Card use an identical menu. Analog sensors can be used in various
applications, from monitoring a power supply to verifying RS232 voltage levels.
Page 125
TeleBoss 850 2.06.280_STD User Manual
Analog voltage sensors provide individual voltage sensing for ranges from –60/+60VDC.
Analog current sensors provide individual voltage sensing for ranges from 4-20mA.
Note: Effective with firmware version 2.05.840, the analog value has changed from 16-bit to 32-bit, which
increases range of unit value to +2147483647 and –2147483648. Now all analog voltage slot cards, including 4VP,
can handle +-60 volts and still maintain accuracy and resolution at lower voltage inputs.
Device Name is the option name given to the sensor. Default is unnamed.
Analog Input n displays a menu where each analog voltage sensor can be configured.
Event Sensor Reporting Enabled is an ON/OFF toggle to enable the Event Sensor Reporting feature. See the
Event Sensor Reporting section in the Features chapter for more information.
Clear Settings for This EventSensor when selected will immediately clear all of the configured settings for this
sensor and remove it from the Sensor Events menu (except for Internal Sensors). If "Confirmation Prompt“ in General
Settings is ON, then there will be a confirmation prompt (Are you sure (y/n)?) displayed before clearing the
configured settings. Return to the Sensor Events menu to assign it a new slot, if desired, and reconfigure it.
Analog Input n
Analog Input Enabled is an ON/OFF toggle to enable this analog sensor. Default setting is OFF.
Name is an alphanumeric field that allows you to name this analog input. (Max length 16 chars)
Input Polarity indicates to the unit whether the input polarity will be positive or negative.
Deadband is the range on either side of an analog setting that prevents the alarm from repeatedly going in and out off
the "alarm state" as the actual voltage or current fluctuates above and below the setting.
Very High / High / Low / Very Low Event Settings displays a menu where the voltage or current at each level can
be configured to alarm along with the action(s) to occur, trap number, and class. In the case of Very High or High
levels, the alarm will occur as the voltage or current rises above the setting. In the case of Low or Very Low, the alarm
will occur as the voltage or current drops below the setting.
Return to Normal Settings displays a menu where the optional action definition for alarms as they return to a normal
state can be configured.
Unit Conversion Settings displays a menu where “real world” values can be configured.
Page 126
TeleBoss 850 2.06.280_STD User Manual
Very High / High / Low / Very Low Analog Input Event Settings
The menu for setting Very High Event Value settings is shown. Menus for High/Low/Very Low are identical.
Very High Event Value sets the voltage or current (in tenths) at which the Very High Event Actions will be triggered.
Very High Event Actions displays the Actions List, a menu where the action string for the event is configured. This
field will be empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions have been
configured. Refer to Action List in the Features chapter for more information.
Very High Event Trap Number sets the trap number which can be useful when using SNMP trap managers that
employ a trap numbering system to help identify incoming traps. The default trap number for Analog Events is 140,
but any number in the alternate range of 1000 – 1199 can be used.
Very High Event Class sets the class for the alarm. When this option is selected, a list of the classes previously
defined in the Class Table is displayed, from which you can select one to be assigned to this event.
Return to Normal Event Actions displays the Actions List, a menu where the action string for the event is
configured. This field will be empty [ ] if no actions have been configured, and will show [*SET*] if one or more actions
have been configured. Refer to Action List in the Features chapter for more information.
Return to Normal Event Trap Number sets the trap number which can be useful when using SNMP trap managers
that employ a trap numbering system to help identify incoming traps. The default trap number for analog events is
140, but any number in the alternate range of 1000 – 1199 can be used.
Return to Normal Event Class sets the class for the alarm. When this option is selected, a list of the classes
previously defined in the Class Table is displayed, from which you can select one to be assigned to this event.
Page 127
TeleBoss 850 2.06.280_STD User Manual
Relay Output Setup
Internal relay outputs provide electrical output that can open or close an external circuit. Typically this is used with
devices that would not otherwise be able to interface with a host product, like audio alarms, LEDs, custom circuitry,
and an almost limitless number of other applications.
Clear Settings for This EventSensor when selected will immediately clear all of the configured settings for this relay
and remove it from the Sensor Events menu (except for Internal Sensors). Return to the Sensor Events menu to
assign it a new slot, if desired, and reconfigure it.
Relay n
Relay Name is a text-entry field that allows you to name this relay.
Relay Active State toggles CLOSED/OPEN to set whether the relay will close or open when activated. Default
setting is CLOSED.
Note: There are two types of optional relay Expansion Cards available for use in the T850.
a) 8R (or xx4R) which is an electro-mechanical relay, rated as follows:
a. Max switched VDC: 60V peak (AC or DC)
b. Max switched power: 30W (DC)
c. Max switched current: 0.6A
b) 8SR (or xx4SR) which is a solid state relay, rated as follows:
a. Max switched VDC: 60V peak (AC or DC)
b. Max switched power: 90W (DC)
c. Max switched current: 01.5A
With the use of solid state relays, mechanical components and switch contacts are eliminated, thus having less
potential issues with arcing, terminal degradation or fused contacts.
There is no way to differentiate one type of relay from the other in the user interface so use this Setting Key
event.sensor[x].output[y].type, which will return the type of output for a given point on the card.
Page 128
TeleBoss 850 2.06.280_STD User Manual
event.sensor[1].output[4].type = SSR
event.sensor[1].output[5].type = SSR
event.sensor[1].output[6].type = SSR
event.sensor[1].output[7].type = SSR
event.sensor[1].output[8].type = SSR
Contact Asentria Technical Support if you have any questions about the type of relay card installed in your T850.
Page 129
TeleBoss 850 2.06.280_STD User Manual
Caution: Do not exceed maximum ratings for relays. T850 relays are only designed to switch relatively
low voltages and amps, and are not intended to switch AC powered devices. Only a certified electrician
should work with and connect AC Voltage to the T850. Improper use outside the guidelines of this manual
could cause injury or death.
Note: Be aware of the inrush (startup) current of the device you are connecting to the relays. A device drawing 1A
while powered up can draw many times that upon power up. This is especially true with capacitive or inductive
circuits.
Action Definition
Relays actions are defined in the Action List and below. Relay definitions are somewhat more complicated than
other sensors in that they must declare the action to perform, which sensor the relay is on, and which relay on
that sensor to switch.
Page 130
TeleBoss 850 2.06.280_STD User Manual
EventSensor Reporting
EventSensor Reporting (formerly known as Contact Mirroring) is the feature where a unit can transmit/receive
EventSensor (ES) data to/from other units. When transmitting, you can select which physical ES’s should report their
data, and one IP address to report to. When receiving, you can configure the unit to monitor an ES as if it were
attached to the unit with a cable, when it is actually attached to the unit only with a TCP connection. Put simply, this
feature allows a device in one location to affect an action at another location even though the two devices are not
physically connected.
A unit can monitor data from EventSensors on any medium that can carry a TCP connection: Ethernet, ADSL,
POTS/Wireless modems, SitePath, etc.
In addition to the menu option you saw on the Sensor Events Menu, there is this menu option in the Networking
Settings menu:
Options A & B are configured on the client unit. A is where you enter the IP address of the host T850 and B is
where you select a TCP port to use.
Options C & D are configured on the host T850. C enables it to receive EventSensor reports from the client unit,
and D is where you select the TCP port it should be listening on.
Obviously Option B on the client unit should match Option D on the host T850.
When everything is properly configured, the sensor at the client (Site A) will appear in the Sensor Events Menu of the
host (Site B), with (REMOTE) following the Alive indicator for that sensor:
Setting Keys
There is one per-ES setting that controls whether the ES reports its data:
event.sensor.reporting.enable
Page 131
TeleBoss 850 2.06.280_STD User Manual
Connections
There are two types of Asentria sensor devices: SensorJack sensors, and EventSensor sensors. Each are described
below:
SensorJack sensors use 1-Wire technology and are economical single-purpose environment sensors that connect to
an RJ45 SensorJack port on the Asentria host unit. Note that only T850’s build on hardware Rev F (with RJ45 sensor
port) support SensorJack sensors.
EventSensor sensors (formerly referred to as Type2 EventSensors) are compatible with all Asentria SiteBoss and
TeleBoss products. (Older Type1 EventSensors work only with now-retired products like the Data-Link and SNMP-
Link.)
Configuration of SensorJack sensors and EventSensor sensors is done either via Setting Keys, or within the
EventSensor Device Settings menu of the Asentria host product.
Connections
SensorJack sensors have the sensor on one end and terminate on the other end with an RJ45 plug. This plug
connects directly to the SensorJack port of the host unit. Multiple SensorJack sensors can be daisy-chained together
to one port using an RJ45 T-Splitter (Asentria part# 4162-011). Note that SensorJack sensors will not work if
connected to either the Control or Sensor port of an EventSensor sensor. SensorJack sensors must connect directly
to the host unit or to another SensorJack sensor via a splitter. SensorJack sensors do not have DIP switches and are
automatically slotted into an available sensor slot within the host unit.
EventSensor sensors connect to the host unit and each other via an RJ45/RJ45 Cat-5 straight-through cable. The
cable from the host EventSensor sensor port plugs into the port labeled Control on the first EventSensor. Chain
additional EventSensors together in a variety of ways, but always connecting the Sensor port of one to the Control
port of the next. Be sure to set the DIP switches for each additional EventSensor so that each occupies its own slot
as per the chart below.
Page 132
TeleBoss 850 2.06.280_STD User Manual
Different configuration arrays Event Sensors are fully described with graphics in the EventSensor User Manual which
is available from either Asentria Sales ([email protected]) or Tech Support. ([email protected]).
Configuration
Temperature and humidity settings can be calibrated in ES-T and ES-TH EventSensors via Setting Keys (no menu
options available to do this). This gives a user the ability to make calibration adjustments to fine-tune the accuracy of
the reported reading, if desired. This process is transparent and provides temperature and humidity readings that are
consistent with other devices that measure temperature and relative humidity in the same environment. This
mechanism uses two calibration points to set up a slope and offset that is used to adjust the measured reading.
This feature is enabled by changing Setting Key values only; the text menu and web interface do not provide access
to these keys. The default Setting Keys are:
event.sensor[x].humid[y].callowin=0
event.sensor[x].humid[y].callowout=0
event.sensor[x].humid[y].calhighin=100
event.sensor[x].humid[y].calhighout=100
event.sensor[x].temp[y].callowin=0
event.sensor[x].temp[y].callowout=0
event.sensor[x].temp[y].calhighin=100
event.sensor[x].temp[y].calhighout=100
1) Place the ES-TH in a controlled-humidity environment along with an accurate humidity reference.
2) Set the humidity to some level toward the low end of the range, like 10-20%, and wait for it to stabilize.
3) Write down the humidity as indicated by the reference, and the humidity as indicated by the ES-TH.
4) Repeat the previous two steps, except set the range toward the high end, like 70-90%.
5) Enter the values that were written down in the appropriate settings:
For example, if the eventsensor 1 indicated 23% RH when the reference indicated 30% R, and the eventsensor
indicated 84% RH when the reference indicated 90% RH, then the following values should be entered:
event.sensor[1].humid[1].callowin = 23
event.sensor[1].humid[1].callowout = 30
event.sensor[1].humid[1].calhighin = 84
event.sensor[1].humid[1].calhighout = 90
Page 133
TeleBoss 850 2.06.280_STD User Manual
Contact Asentria Technical Support if you have any questions concerning this.
The Virtual EventSensor allows a script to populate sensor values based on some custom functionality, like querying a
thrid part sensor via serial port or network. With some scripting customization, a third party sensor can be treated as
one of the T850’s EventSensors, bringing it under the umbrella of consistent SNMP access and event/action
management.
The script calls a_lib.InitVirtualES. This allocates the Virtual EventSensor. From there, the script can write sensor
values to it (and read them). Configure events and actions for it as you normally would for any other kind of
EventSensor.
Page 134
TeleBoss 850 2.06.280_STD User Manual
The command prompt setting is available in the General setup menu section, and via the Setting Key sys.prompt.
The setting can contain up to 64 characters, but the prompt itself is limited to 30 characters; any additional characters
are truncated.
In addition to specifying plain text to be included in the command prompt, setting values can be embedded using a
special syntax: $(setting_key_name). If this construct is used, the value of the specified Setting Key replaces the
construct. If the Setting Key is not accessible for any reason (invalid key, insufficient user access level, etc), "ERROR"
is displayed instead.
Note: T850 only supports the sys.sitename Setting Key; all others return "ERROR".
To make the system prompt blank, set sys.prompt to a null value (i.e. "sk sys.prompt = ").
Examples:
Page 135
TeleBoss 850 2.06.280_STD User Manual
Generic Server
Avaya – Reliable Session Protocol
Alcatel OmniPCX
CCM4 (Cisco CallManager version 4.x)
Generic Client
Siemens HiPath 4000
Intecom Telari
Nortel BCM
Syslog
NEC NEAX2400
CCM5 (Cisco CallManager version 5.x)
Generic Server
Definition
Generic Server is plain text record collection that offers no handshaking or quality control above that of the TCP/IP
protocols. Therefore, this method of record collection is not specific to Avaya Definity in that there is no application-
layer protocol. Plain Text IPRC data is received on TCP port 5000 (user-adjustable).
Commands
Command Function
IPRC Displays a status report of the active IPRC
IPRC STATUS mode.
IPRC ?
Status Display
The IPRC command brings up a status report similar to the following report for Generic Server:
iprc
Record Collection Server
Status: Listening on port 5000
This report simply indicates the status of the RCS. The TCP port is displayed for informational purposes only.
Page 136
TeleBoss 850 2.06.280_STD User Manual
Commands
Command Function
IPRC or IPRC STATUS or IPRC ? Displays a status report of the active IPRC mode.
IPRC PORT n Changes the TCP port on which to listen for RSP connections.
IPRC RESET Manually disconnects the current session (if connected), closes
the socket (if established), and reinitializes the server.
Status Display
The IPRC command brings up a status report similar to the following report for RSP:
RSP Server
Status: Listening on port 9000
SAMs tx : 0
ACKs tx : 0
SDMs tx : 0
SCMs rx : 0
New data rx : 0
Blocks rx : 0
Dup. blocks rx : 0
IPRC Terms
The following terms are used in the status display accessed by the IPRC command for RSP:
Term Meaning
SAM (Session Accept Message) A message transmitted by the Data-Link to acknowledge
the client's Session Connect Message.
ACK (session Acknowledgement A response transmitted by the Data-Link to acknowledge
message) data blocks.
SDM (Session Disconnect Message) A command sent from the T850 to terminate the current
session. This happens when the T850 encounters an
anomaly in the protocol or the user resets the server.
SCM (Session Connect Message) A request transmitted from the client to establish a
session with the T850's IPRC server.
New Data The number of non-duplicate bytes received by the server.
Blocks Represents the number of blocks (including duplicates)
received by the unit.
Dup. Blocks The number of duplicate blocks received by the unit. If this
number is high relative to the number of blocks received,
either the SPDU Response Timer (ST2) on the switch needs
to be increased or the Data-Link is full and needs to be
polled.
Page 137
TeleBoss 850 2.06.280_STD User Manual
Commands
Command Function
SK SET X Initiates a settings key file upload via Xmodem.
SK SET A Initiates a settings key file upload via plaintext ASCII.
SK LOG Displays results of uploading the settings key file.
IPRC START Opens a connection to the PBX if not already open. This is
required if the unit was unable to connect to the PBX at
boot because of improper settings.
IPRC STOP Places the client into an idle state. Closes any open
connection.
IPRC or IPRC STATUS or IPRC ? Displays a status report of the active IPRC mode.
IPRC FIELDS Displays the list of compiled output fields.
IPRC DEBUG ON Show the ticket data as it is parsed.
IPRC DEBUG OFF Disables showing ticket data as it is parsed.
Status Display
The following is an example status display for Alcatel OmniPCX IPRC:
net.ip=192.168.100.32
net.subnet=255.255.255.0
net.router=192.168.100.100
net.snmp[1]=192.168.100.36
net.snmp[2]=0.0.0.0
net.snmpcomm=public
The unit assembles output fields into records defined by their end-of-line characters. Using this method we can
specify output fields using the specific ticket field numbers (1-48) or by character start position and length within the
ticket structure. For example, if the user wants to create an output record which contains these fields:
Page 138
TeleBoss 850 2.06.280_STD User Manual
Call Type, Start Date Time, End Date Time, Effective Call Duration (converted from seconds to HH:MM:SS format),
Acting Extension Number, Trunk 1 and the user wants to specify the record using TICKET FIELD NUMBERS, the
setup would look like this:
alcatel.ip=22.23.212.12
alcatel.port = 2533
alcatel.timeout = 30
alcatel.field[1]=10,2,L // Call Type
alcatel.field[2]=40,17,L // Start Date Time
alcatel.field[3]=12,17,L // End Date Time
alcatel.field[4]=38,10,L,STOHMS // Effective Call Duration
alcatel.field[5]=41,25,R // Acting Extension Number
alcatel.field[6]=16,5,5,L // Trunk Identity
alcatel.field[7]=9,30,L // Calling Number
alcatel.field[8]=2,30,L,0D0A // Called Number
The 0D0A terminator on field 8 tells the unit to store all assembled output fields up to and including that output field
(in ascending order of field definition number) as 1 record. Note that the 0D0A optional value places the end-of-line
characters on the last field, but you could include the EOL characters at other fields also so as to make multiple
records. If the final field definition does not have any EOL characters, then the unit stores whatever it has assembled
so far as 1 record, appended with either:
1. the first EOL character set found in any other field definition starting with the first field, or
2. CRLF, if no other field definitions have EOL characters.
If we wanted to use explicit character position values, the setup would look like this:
alcatel.ip=22.23.212.12
alcatel.port = 2533
alcatel.timeout = 30
alcatel.field[1]=166,2,2,R // Call Type
alcatel.field[2]=441,17,17,L // Start Date Time
alcatel.field[3]=169,17,17,L // End Date Time
alcatel.field[4]=430,10,10,R,STOHMS // Effective Call Duration
alcatel.field[5]=458,30,20,L // Acting Extension Number
alcatel.field[6]=211,5,5,R // Trunk Identity
alcatel.field[7]=136,30,30,L // Calling Number
alcatel.field[8]=5,30,30,L,0D0A // Called Number
<field>=<start pos, how long the field is, length of that field to take, justification[,end of line chars][,conversion]>
Once a configuration file is uploaded to the unit, the T850 indicates that it is processing the data. It returns
"COMPLETE" when all settings are processed. The unit gives no other progress or status feedback to the user while
it is processing the file. Instead, it logs feedback to a file that the user can view after processing is complete. If there
were any problems, the unit will display an error message after processing is complete.
To view the log, enter the SK LOG command. This will display which settings, if any, it failed to process because of
bad value, key name, or syntax. Bear in mind, this upload process does not attempt to error check the output field
definitions, it only stores them. Instead, the real time client verifies these field definitions when it is started. If the
client is idle (you can tell the client's state by entering the IPRC STATUS command), you must start the client in order
to tell it to compile the settings (IPRC START command).
Page 139
TeleBoss 850 2.06.280_STD User Manual
Limits of field definitions
There is room for up to 3 EOL characters for each field definition. Null is an invalid EOL character. There are 2
available conversion options, if conversion is desired, for each field definition: STOHMS and MTOHMS. STOHMS
assumes the input data from the ticket is a value represented in seconds, and it will convert this value to hh:mm:ss
format in the output field. MTOHMS works like STOHMS except it assumes the value to be converted is in minutes.
The maximum output field length is 300 characters. The maximum record length is 520 characters.
Aside from the up to 48 output fields, there are 6 other items to configure:
Setting Function
alcatel.ip IP address of PBX.
alcatel.port TCP port of PBX real time interface. Default is 2533.
alcatel.timeout Timeout (in seconds) used for waiting for packets and connection
retries. Default is 30.
alcatel.delim Output field delimiter. This is a 1-byte value, expressed as ASCII-HEX.
If it is non-zero, then this byte is appended to each unterminated
output field. For example, to separate each output field with a space,
assign this key the value of "20". Default is "00".
net.iprc.mode = ALCATEL OMNIPCX Selects the client as the active IPRC service.
Net.iprc.file Selects the database file used for record storage.
Note: Ticket structure is subject to change by Alcatel. You should refer to the latest Alcatel documentation if there
is any problem or question.
Page 140
TeleBoss 850 2.06.280_STD User Manual
30 Segments-Rate 2 368-377 10 R
31 Segments-Rate 3 378-387 10 R
32 Com Type 388 1 NA
33 X25 In Flow Rate 389-390 2 R
34 X25 Out Flow Rate 391-392 2 R
35 Carrier 393-394 2 R
36 Initial Dialed Number 395-424 30 L
37 Waiting Duration 425-429 5 R
38 Effective Call Duration 430-439 10 R
39 Redirected Call Indicator 440 1 NA
40 Start Date-time 441-457 17 NA
41 Acting Extension Number 458-487 30 L
42 Called Number Node 488-492 5 R
43 Calling Number Node 493-497 5 R
44 Initial Dialed Number Node 498-502 5 R
45 Acting Extension Number Node 503-507 5 R
46 Transit Trunk Group ID 508-512 5 R
47 EndOfLine (0x0A) 513 1 NA
Once the client has accepted a valid configuration, it will attempt to connect to the OmniPCX whenever the unit is
reset. If the user manually stops the client with the IPRC STOP command, then the client will remain in the idle state
until either the unit is reset or the user enters the IPRC START command.
If a new configuration is uploaded while the client is connected to the PBX, then it will:
Page 141
TeleBoss 850 2.06.280_STD User Manual
Commands
Command Function
SK SET X Initiates a settings key file upload via Xmodem.
SK SET A Initiates a settings key file upload via plaintext ASCII.
SK LOG Displays results of uploading the settings key file.
IPRC START Causes immediate connection to CallManager to retrieve any new records,
followed by automatic connection at the interval specified by the connection
interval setting. When the T850 starts up in Cisco CallManager IPRC mode, and a
non-zero connection interval is set, automatic connection is enabled. This
command is only required if automatic connection was previously stopped using
the IPRC STOP command, or the connection interval was changed from zero to a
non-zero value.
IPRC STOP Disables automatic connection to CallManager, and terminates any open
connection. Automatic connection is re-enabled if the T850 is restarted.
IPRC NOW Causes the T850 to connect to CallManager immediately and retrieve any available
[value] new records. If value is specified, it will only retrieve that many records even if
more are available.
IPRC DBINFO Causes the T850 to connect to CallManager immediately and retrieve and display
the total number of records present, and the date/time stamp of the first and last
records.
IPRC or Displays a status report of the active IPRC mode.
IPRC STATUS or
IPRC ?
IPRC FIELDS Displays the list of compiled output fields.
IPRC LOG Shows any messages returned by the CallManager server during the last non-
interactive connection attempt. This information can be useful for troubleshooting.
IPRC Causes the T850 to connect to CallManager, and then present an interface for
INTERACTIVE entering SQL commands to be sent to CallManager. The results of any SQL
commands are displayed on-screen, and are not stored in the T850 database. Field
settings do not apply in interactive mode.
Status Display
The following is an example status display for Cisco CallManager IPRC:
Page 142
TeleBoss 850 2.06.280_STD User Manual
Configuration File
The record retrieving functionality is configured via a configuration file. This configuration file is a list of setting keys,
where a setting key is a "<setting> = <value>" statement. <setting> is a period-delimited string of keywords. These
keys can name all of the setup variables of the product. These include the generic operational parameters of the box
such as these below, as well as specialized parameters such as those for the Cisco CallManager:
net.ip=192.168.100.32
net.subnet=255.255.255.0
net.router=192.168.100.100
net.snmp[1]=192.168.100.36
net.snmp[2]=0.0.0.0
net.snmpcomm=public
The unit queries the CallManager database and, for each available record, retrieves the values (columns) specified in
the field table. The retrieved values are assembled into records as defined in the field table. Using this method we
can specify output fields using the specific database column numbers (shown in the tables below), or by specifying the
exact name of the database column.
Values can be retrieved from two CallManager tables: CallDetailRecord (CDR), and CallDetailRecordDiagnostic
(CMR). When CMR values are specified, values are retrieved only from CMR records that are related to CDR records
included in the query. When specifying fields, each field name/number is prefixed by "cdr." or "cmr." depending on
which table the field is coming from.
For example, if the user wants to create an output record which contains these fields:
cdr.dateTimeDisconnect, cdr.originalCalledPartyNumber, cdr.finalCalledPartyNumber, cdr.dateTimeOrigination
(converted to MM/DD/YYYY HH:MM:SS format), cdr.origIPAddr (converted to 4-dot notation), cdr.duration, cmr.jitter,
and cmr.latency, and the user wants to specify the fields using COLUMN NUMBERS, the field setup would look like
this:
If the specified length is greater than the length of the returned value, then the returned value is padded with spaces
and justified within the output field based on the justification specification. 'L' means the value is left-aligned, 'R' means
the value is right-aligned, and 'N' means the output field retains the size of the returned value and is not padded with
spaces.
The 0D0A terminator on field 8 tells the unit to append CRLF to the end of that field. Note that in this example the
0D0A optional value places the end-of-line characters on the last field, but you could include the EOL characters at
other fields also so as to break the record into multiple lines. If the final field definition does not have any EOL
characters specified, then the unit appends CRLF automatically.
If we wanted to use explicit column names (if, for example, a column is desired that is not in the COLUMN NUMBER
table), the setup would look like this:
Page 143
TeleBoss 850 2.06.280_STD User Manual
Once a configuration file is uploaded to the unit, the T850 indicates that it is processing the data. It returns
"COMPLETE" when all settings are processed. The unit gives no other progress or status feedback to the user while
it is processing the file. Instead, it logs feedback to a file that the user can view after processing is complete. If there
were any problems, the unit will display an error message after processing is complete.
To view the log, enter the SK LOG command. This will display which settings, if any, it failed to process because of
bad value, key name, or syntax. This upload process does not attempt to error check the output field definitions, it
only stores them. Instead, the fields are verified when a connection attempt is made to the CallManager server.
Aside from the up to 48 output fields, there are some other items to configure:
Setting Function
iprc.mode Selects the client as the active IPRC service.
iprc.file Selects the database file used for record storage.
iprc.ccm.database The name of the CallManager database containing call detail records.
iprc.ccm.username The username for logging into the CallManager server.
iprc.ccm.password The password for logging into the CallManager server.
iprc.ccm.interval Determines how often the T850 connects to the CallManager server to retrieve new
records, in minutes. Setting this value to 0 effectively disables automatic connection.
iprciiprc.ccm.delimiter Output field delimiter. This is a 1-byte value, expressed as ASCII-HEX. If it is non-zero,
then this byte is appended to each unterminated output field. For example, to separate
each output field with a space, assign this key the value of "20". Default is "00".
iprc.ccm.startdate The date and time, in “MM/DD/YYYY HH:MM:SS” format, that determines which records
in the CCM database are considered new records. By default, when CCM IPRC is enabled
for the first time, the T850 retrieves records that are time stamped on or after midnight
the day before, according to the T850 system clock. After each non-interactive
connection to the CCM server, this setting is updated to reflect the last “new record”
date/time.
There are 67 columns to choose from in the CallManager database – 50 in the CDR table, and 17 in the CMR table.
When specifying an output field using COLUMN NUMBERS, the unit uses these standard CallManager columns:
Page 144
TeleBoss 850 2.06.280_STD User Manual
Note: The CallManager database structure is subject to change by Cisco. You should refer to the latest Cisco
documentation if there is any problem or question.
CallDetailRecord Fields
Field Name Max Length* Data Type
1 cdrRecordType 10 Number
2 globalCallID_callId 10 Number
3 globalCallID_callManagerId 10 Number
4 origLegCallIdentifier 10 Number
5 dateTimeOrigination 10/19 Number
6 origNodeId 10 Number
7 origSpan 10 Number
8 callingPartyNumber 25 Text
9 origIpPort 10 Number
10 origIpAddr 10/15 Number
11 originalCallingPartyNumberPartition 50 Text
12 origCause_location 10 Number
13 origCause_value 10 Number
14 origMediaTransportAddress_IP 10/15 Number
15 origMediaTransportAddress_Port 10 Number
16 origMediaCap_payloadCapability 10 Number
17 origMediaCap_maxFramesPerPacket 10 Number
18 origMediaCap_g723BitRate 10 Number
19 lastRedirectDn 25 Text
20 lastRedirectDnPartition 50 Text
21 destLegIdentifier 10 Number
22 destNodeId 10 Number
23 destSpan 10 Number
24 destIpAddr 10/15 Number
25 destIpPort 10 Number
26 originalCalledPartyNumber 25 Text
27 originalCalledPartyNumberPartition 50 Text
28 finalCalledPartyNumber 25 Text
29 finalCalledPartyNumberPartition 50 Text
30 destCause_location 10 Number
31 destCause_value 10 Number
32 destMediaTransportAddress_IP 10/15 Number
33 destMediaTransportAddress_Port 10 Number
34 destMediaCap_payloadCapability 10 Number
35 destMediaCap_maxFramesPerPacket 10 Number
36 destMediaCap_g723BitRate 10 Number
37 dateTimeConnect 10/19 Number
38 dateTimeDisconnect 10/19 Number
39 duration 10 Number
40 origDeviceName 129 Text
41 destDeviceName 129 Text
42 origCallTerminationOnBehalfOf 10 Number
43 destCallTerminationOnBehalfOf 10 Number
44 origCalledPartyRedirectOnBehalfOf 10 Number
45 lastRedirectRedirectOnBehalfOf 10 Number
46 origCalledPartyRedirectReason 10 Number
47 lastRedirectRedirectReason 10 Number
48 joinOnBehalfOf 10 Number
49 destConversationId 10 Number
50 globalCallId_ClusterID 50 Text
Note: Max Length specifies the number of characters to represent the maximum possible value. Where two
numbers are supplied, the second number specifies the number of characters after performing the usual
conversion on that particular type of value.
Page 145
TeleBoss 850 2.06.280_STD User Manual
CallDetailRecordDiagnostic Fields
Field Name Max Length* Data Type
1 cdrRecordType 10 Number
2 globalCallID_ callManagerId 10 Number
3 globalCallID_callId 10 Number
4 nodeId 10 Number
5 directoryNum 50 Text
6 callIdentifier 10 Number
7 dateTimeStamp 10/19 Number
8 numberPacketsSent 10 Number
9 numberOctetsSent 10 Number
10 numberPacketsReceived 10 Number
11 numberOctetsReceived 10 Number
12 numberPacketsLost 10 Number
13 jitter 10 Number
14 latency 10 Number
15 directoryNumPartition 50 Text
16 globalCallId_ClusterID 50 Text
17 deviceName 129 Text
CallManager Operation
After the T850 is reset, or Cisco CallManager IPRC mode is selected, the unit attempts to connect to the CallManager
server using the settings provided. Once successfully connected, the unit will retrieve any new records and store
them into the specified T850 database file, and then disconnect from the CallManager. This operation is repeated at
the interval specified in the settings, regardless of whether the previous connection attempt was successful. If a record
retrieval session is in progress when the interval expires (that is, either automatic or via IPRC NOW command), the
interval timer is reset and the next connection is deferred until the next interval expires.
The IPRC status command (IPRC, IPRC STATUS, or IPRC ?) provides information about the current state, as well as
the result of the last connection attempt. Additional information may be available via the IPRC LOG command.
When a connection is made to the CallManager server, the settings in effect at the beginning of that session are used;
IPRC settings changes that are made during the session are ignored.
Page 146
TeleBoss 850 2.06.280_STD User Manual
Generic Client
Definition
Generic Client IPRC is a TCP/IP client that runs on the T850 and attempts connections to a specified host to
download records. This connection is a clear text telnet protocol, typically over port 1752.
Commands
Command Function
IPRC Displays a status report of the active IPRC
IPRC STATUS mode.
IPRC ?
Status Display
The IPRC command brings up a status report similar to the following report:
The Siemens HiPath 4000 uses the Generic Client protocol in the T850. Setup is as described below:
The HiPath sends CDR via Plain text Telnet. Use Generic Client in the T850 to connect to the PBX "Atlantic" Port -
an Ethernet port that is dedicated for CDR only. It is always set to 192.0.2.3.
Use of a Default Router is also very difficult w/ this IP setup; it is best to leave it blank.
To setup a T850 for the HiPath, one merely needs to configure the T850 Ethernet IP address as directed by the
Siemens Tech, and configure IP Record Collection for Generic Server as shown above.
nd
Polling via network (FTP push, FTP “get”, Real Time Sockets) can be accomplished using the 2 Ethernet Port on the
T850.
Page 147
TeleBoss 850 2.06.280_STD User Manual
Intecom Telari
Definition
Intecom Telari is IPRC from EADS (f.k.a. Intecom) E and Telari switches. In this method of IP record collection, a
TCP/IP client on the unit attempts connections and accepts CDR via the connection. This method of IPRC differs
from Generic Client in that it employs a proprietary application-layer protocol to transmit records.
Configuration:
Store Collected Data In toggles the FILE to which all incoming Syslog data will be stored. Options are FILE1, FILE2,
AUX1, AUX2, and AUX3. Default setting is FILE1.
Data Alarm/Filter Enable is an ON/OFF toggle to set whether configured Data Alarms or Filters will be applied to the
incoming data. Default setting is OFF.
Target Name is the name used to identify the switch when an IPRC Connection Lost Alarm is sent via an
AsentriaAlarm. Default setting is IPRC 1.
Hostname/IP Address sets the hostname or IP Address of the Telari Record Collection Server (RCS).
Port set the TCP port used by the Telari RCS. Default setting is port 8186.
Connection Interval (minutes) sets the number of minutes (1 – 65535) to wait before disconnecting an idle
connection. Default setting is 1.
Time Stamping is an ON/OFF toggle to set whether each individual call record is stamped with the Date and Time
received in the T850. Default setting is OFF.
Commands
Command Function
IPRC Displays a status report of the active IPRC mode.
IPRC STATUS
IPRC ?
IPRC Connect Forces the client to connect from a state where it's waiting to connect.
IPRC Start Causes immediate connection to the server to retrieve any new records and to
resume regular checking. This command is only required if automatic connection
was previously stopped using the IPRC STOP command.
IPRC Stop Disables automatic connection and terminates any open connection. Automatic
connection is re-enabled if the T850 is restarted.
Status Display
The IPRC command brings up a status report similar to the following report:
Page 148
TeleBoss 850 2.06.280_STD User Manual
Nortel BCM
The Nortel Business Communications Manager (BCM) sends call records to the T850 using FTP. Therefore, the T850
must be configured to allow an incoming FTP connection from the BCM, including logging in with a user name and
password. To do this, there are three things to configure – two on the T850 and one on the BCM.
On the T850:
2) Configure any unused user with User Name: bcm, Password: bcm, Allow User Connection via FTP, and Upon
Login the Go To COMMAND. The remaining menu options do not matter.
On the BCM:
The user should consult with the Nortel BCM technical personnel for exactly how to configure the BCM, but here is a
brief outline of the Data File Transfer parameters that must be configured:
Other settings on the BCM are your preference and Asentria cannot give advice as to how any of those should be set.
Page 149
TeleBoss 850 2.06.280_STD User Manual
Syslog
The Syslog IP Record Collection protocol allows the T850 to receive syslog messages from any Cisco voice-enabled
router, including Cisco CallManager Express.
Syslog IP Record Collection protocol is based on the BSD Syslog protocol. Messages are typically a single line of
text, however, they are occasionally longer than one line of text (> 506 bytes) so the T850 features an option to break
the oversize record into multiple lines, and assemble the component single lines into one multiline record. The impact
of this is that the user has to take this into account when defining data alarms. To make it more predictable to the
user where the unit divides an oversize message, there are additional settings called division targets (strings up to 8
characters). If the unit needs to divide an oversize message, it tries to make it so that the division target is the
beginning of the remainder piece. The BSD syslog protocol specifies that a message can be 1024 bytes. So the
worst case is that the unit must store a 1024-byte single-line record. The minimum number of divisions necessary to
break a 1024-byte message into records of acceptable size is 2. Therefore there are 2 division target settings. If the
division targets fail to work through misconfiguration then the unit divides the message such that the 1st, 507th, and
1013th bytes are the first bytes of each of the new records.
Store Collected Data In toggles the FILE to which all incoming Syslog data will be stored. Options are FILE1, FILE2,
AUX1, AUX2, and AUX3. Default setting is FILE1.
Data Alarm/Filter Enable is an ON/OFF toggle to set whether configured Data Alarms or Filters will be applied to the
incoming data. Default setting is OFF.
Target Name is the name used to identify the switch when an IPRC Connection Lost Alarm is sent via an
AsentriaAlarm. Default setting is IPRC 1.
TCP Port sets the TCP port used by the sending Cisco device. Default setting is port 1468.
UDP Port sets the UDP port used by the sending Cisco device. Default setting is port 514.
Time Stamping is an ON/OFF toggle to set whether each individual call record is stamped with the Date and Time
received in the T850. Default setting is OFF.
Division Target 1 / 2 are eight charaters text strings used to designate the beginning of a section of a divided
oversize record. Default settings are blank.
Page 150
TeleBoss 850 2.06.280_STD User Manual
The T850 has the ability to monitor incoming Syslog CDR for multi-line records (individual records that are broken into
multiple lines with carriage returns). If the records are separated by a specific number of blank lines, this basic
configuration menu will suffice. If a more complex delineation scheme is used, enable Complex Multiline Detection.
Multiline Record Enable is an ON/OFF toggle to enable multiline record detection. Default setting is OFF.
Blank Line Count sets the number of blank lines that must come between records. Default setting is 0.
Complex Multiline Detection displays settings for detecting more complex multiline records. Default setting is OFF.
Complex Multiline Record Enable is an ON/OFF toggle to enable advanced multiline detection. Default setting is
OFF.
Start Field n Character Position sets the character position used to define the beginning of the multiline field. This
option is used with "Count" method record end detection.
Start Field n Text sets the text used to determine the beginning of the multiline field. This option is used with
"Formula" method record end detection.
Collect Lines Before Start Record sets the number of blank lines that are between each record.
End Detection toggles between FORMULA, COUNT, and BLANKS to set the method of detecting the end of each
record. Default setting is FORMULA.
Line Count is the number of lines to meter each record at. This option is used with "BLANKS" record end detection.
End Field n Text/Character Position is the counterpart to start the text or character position option. This option sets
the end delimiter for multiline records.
Page 151
TeleBoss 850 2.06.280_STD User Manual
NEC NEAX2400
The T850 collects data from the NEC NEAX2400 by opening a socket on a specific port. Generally, only the
Hostname or IP Address of the switch is all that needs to be configured on the T850. Two other settings on the T850
that have the same default values as the corresponding settings in the switch: Port and Device Number. In certain
cases where the switch is not configured to default port and device number, you may have to adjust these either on
the switch or on the T850 to get IPRC running. The Device Number ranges from 0 to 3 (default 0 on the unit) and
controls what kind of data the unit retrieves from the switch; refer to the NEAX2400 SMDR reference manual for
details.
Page 152
TeleBoss 850 2.06.280_STD User Manual
On the T850:
2) Configure any unused user with User Name: ccm, Password: ccm, Allow User Connection via FTP, and Upon
Login the Go To COMMAND. The remaining menu options do not matter.
On the CCM:
The user should consult with the Cisco technical personnel for exactly how to configure the CCM, but here is a brief
outline of the Data File Transfer parameters that must be configured:
Other settings on the CCM are your preference and Asentria cannot give advice as to how any of those should be set.
Page 153
TeleBoss 850 2.06.280_STD User Manual
Scripting
Scripting provides the ability to easily customize the operation of an Asentria device. Scripts are written in the Lua
scripting language, with access to Asentria-specific functionality via a rich set of library functions. Scripts can read or
change any setting on the unit, and can also create custom settings that can be accessed via Setting Keys. Scripting
capabilities open up all sorts of possibilities that would previously require custom factory programming.
This chapter covers the configuration and management of scripts in the Asentria T850, and assumes a level of
scripting knowledge that may not be applicable to all T850 users who wish to use scripting. For a basic primer in
scripting in the T850, titled “Scripting 101”, please contact Asentria Tech Support to have this document emailed to
you.
Configuration
General - the steps for using a script are:
● Write the script code in a text editor.
● Transfer the script to the unit.
● Configure the script (can be done any time before running the script).
● Invoke the script (if not scheduled to start automatically).
● The details of these steps are given in later sections.
Running Scripts
Before a script can be run, it must be transferred to the unit and then configured. Simply putting the script file on
the unit will not allow it to be run.
Script Configuration
A script must be configured to tell the unit when the script should run, and provide any parameters required
by the script. Scripts are configured via the settings described in a following section.
Script Management
In addition to scripting settings, scripts are managed via a group of commands that are available in any command
processor. Here is a list of the commands with a brief description:
Page 154
TeleBoss 850 2.06.280_STD User Manual
Usage
SCRIPT STATUS <scriptname>
Page 155
TeleBoss 850 2.06.280_STD User Manual
SCRIPT RECORDS [CLEAR]
DEVICES - Display Device Allocations
Displays a list of IO devices that are currently allocated to scripts. For example, if a script reserves IO1 for i/o activity,
it will appear in this list.
Usage
SCRIPT DEVICES
Scripts can be uploaded to and downloaded from the T850 using Setting Key commands. This enables settings and
scripts to be configured in one operation. MASTER-level security requirement is enforced when transferring scripts
with an SK file.
Uploading - Scripts can be uploaded onto the unit by doing an ‘SK set’ operation. These can be in a text file with just
scripts, or in a text file with both Setting Keys and scripts.
Downloading - Scripts can be downloaded from the unit by doing any of the ‘SK get’ operations decribed here:
sk get or sk g Dumps all Setting Keys followed by scripts. Setting Keys are wrapped with
<keys>…</keys> XML-like header and footer text.
Page 156
TeleBoss 850 2.06.280_STD User Manual
Deleting - Scripts can be deleted by inserting the special tag <deleteAllScripts> on a line by itself in the SK file.
Script Settings
There is a group of standard settings that control various aspects of scripting. These settings are available in the
Setup menu as shown here:
Enable Scripting is on ON/OFF toggle that controls whether scripts are allowed to run on the unit at all. If scripting is
disabled, then scripts cannot be started either automatically or manually, and other scripting functionality such as
record collection and DTR override will not happen regardless of the related settings. If scripting is disabled while
scripts are running, they will be issued the STOP command which could take up to 20 seconds to complete. If re-
enabled, scripting will not function until after the previous scripting session is completely shut down (i.e. all scripts are
stopped).
Clear Pending Records displays the number of script records pending, and when selected will clear them, setting the
counter back to 0.
DTR Override Ports displays a menu that toggles ON/OFF to specify IO ports where DTR handling will be under
script control. Normally the state of the DTR output pin on the IO ports is kept high. On these ports, after a power-
cycle or reset, DTR will stay low until a script changes it to the high state.
List Allocated Devices displays a list of I/O devices that are currently allocated to a running script.
List Scripts displays the menu that lists of all of the 20 script entries, including the name, current state, and configured
arguments. Selecting a script opens up a submenu with detailed settings and status for that script.
Manage Script Files displays the menu that allows the user to manage script files.
Script List
Page 157
TeleBoss 850 2.06.280_STD User Manual
Enable is an ON/OFF togle that enables/disables the script. If disabled, the script will not run on schedule, and cannot
be run manually. Default setting is OFF.
Name sets the name of script. This is the name that is used when referring to the script, and should not be confused
with the name of the script file associated with the script.
File Name sets the name of the script file associated with this script. The same script file can be used with any
number of scripts.
Run Always is an ON/OFF toggle where if enabled, the script starts after the unit starts up, and is restarted
automatically if it stops for any reason. Default setting is OFF.
Run At Startup is an ON/OFF toggle where if enabled, the script starts after the unit starts up. If it stops for any
reason, it is not restarted unless the unit itself is restarted. Default setting is OFF.
Run At Scheduled Time is an ON/OFF toggle where if enabled, the script is run at the specified time each day.
Default setting is OFF.
Repeat Interval sets the time in minutes of how often the script is repeated. If a non-zero value is entered, the script
is run at the specified interval, measured from the last time the script was started on a schedule. Default setting is 0.
Arguments sets the specified arguments that are passed to the script when it is invoked on a schedule, manually
from the setup menu, or via the SCRIPT START command with no arguments specified. Note: Arguments do not
work when running scripts interactively.
Start Script Now when selected immediately starts the script using the configured arguments. This item has no effect
if the script is already running.
Stop Script Now when selected immediately stops the script if it is running. This may take up to 30 seconds before it
actually stops the script. If Run Always is set then the script will restart immediately after ending.
Detailed Status displays detailed information about the script (example shown below).
List Script Files displays a list of all script files contained on the unit. Equivalent to the SCRIPT DIR command.
Page 158
TeleBoss 850 2.06.280_STD User Manual
View Script File displays the contents of the selected script file. Equivalent to the SCRIPT SHOW command.
Edit Script File bring up the selected script file, or a new blank one, in the VI text editor. Equivalent to the SCRIPT
EDIT command.
Delete Script File deletes the selected script file. Equivalent to the SCRIPT DELETE command.
Download Script File to Unit transfers a script file to the unit. Equivalent to the SCRIPT GET command.
Upload Script File From Unit transfers a script file from the unit. Equivalent to the SCRIPT PUT command.
A complete list of Asentria-specific functions can be found in OmniLua Function List. Additional OmniLua scripting
information can be found in the Scripting FAQ.
Scripting FAQ
1. How do I post records to a database file using a script?
2. How do I retrieve or change a setting?
3. How do I create a custom setting?
4. Which functions should a well-behaved script contain?
5. How do I save frequently-changing data so it survives a power cycle?
6. How can I generate an event?
There are 200 settings keys available to the write of a script to store values.
One hundred of these keys are for nonvolatile settings - settings that do not change often and need to
survive resets. Those keys are:
scripting.nvstring[x]
scripting.nvint[x]
Where X can range from 1 to 50. Obviously there is a group of settings for string values and a group of
settings for integer values. Examples of this would be things like sitenames or IP addresses.
One hundred settings are also available for volatile settings that do not have to survive a reset.
scripting.vstring[x]
scripting.vint[x]
Strings can be up to 64 characters long. Integers can go from 0 to 2,147,483,647. These settings would
be used to store values that can change often such as a signal strength or temperature.
Page 159
TeleBoss 850 2.06.280_STD User Manual
Additionally these settings are tied to SNMP variables so that they are available to any SNMP based network
management system available. This allows the script to be able to send and receive data via SNMP and thereby
creating the possibility of our units acting as a true SNMP proxy for another device.
Through the use of a_lib.AccessSetting( ) a script can read and write SNMP values. This allows a script to actually
and easily act as a proxy for a device that is not already SNMP compatible. This has very broad range application.
Some simple examples are:
You can use the a_lib.DBDeleteAndPost() function to save up to 500 characters of text (or any other data that can be
stored in a Lua string). This stores the data in a special area of the database, which has provisions for being
maintained regardless of power loss. The data can be retrieved using the normal methods (i.e. a_lib.DBGetRecord(),
where the file is specified as AUX1 or whatever).
Note: DIR ALL displays a directory of all records in the unit in all files.
Page 160
TeleBoss 850 2.06.280_STD User Manual
Page 161
TeleBoss 850 2.06.280_STD User Manual
IO Functions
a_lib.CloseDevice
Description
Closes an IO device (IO port or modem) that has been previously opened, freeing it for use by other scripts or
processes.
Syntax
a_lib.CloseDevice(handle)
a_lib.CloseDevice(name)
Returns
None.
Example
a_lib.CloseDevice(name)
a_lib.Flush
Description
Syntax
a_lib.Flush(handle)
handle: The handle obtained when the device or socket was opened
Returns
None.
Example
Page 162
TeleBoss 850 2.06.280_STD User Manual
a_lib.GetCharacter
Description
Reads a single character from the device or socket. Returns immediately whether a character is available or not.
Syntax
a_lib.GetCharacter(handle)
handle: The handle obtained when the device or socket was opened
Returns
Example
-- prompt user
a_lib.SendString(handle, "Are you sure (y/n)? ")
-- wait for a character
repeat
char = a_lib.GetCharacter(handle)
until char ~= nil
-- if response is Yes
if char == 'y' or char == 'Y'
-- do stuff.....
end
a_lib.GetLine
Description
Reads a line of text from the device or socket. Returns when a line is received that is terminated by CR, or when
the timeout, if specified, is exceeded. The maximum size of the received line must be less than 128 characters.
Syntax
a_lib.GetLine(handle)
a_lib.GetLine(handle, timeout)
handle: The handle obtained when the device or socket was opened
timeout: How many milliseconds to wait for the incoming line;
will wait forever if timeout is not specified
Returns
Returns a string containing line that was read, not including the terminating CR. Returns 'nil' if a complete line was
not received before the timeout, or if more than 128 characters were received without a terminating CR.
Example
Page 163
TeleBoss 850 2.06.280_STD User Manual
a_lib.OpenDevice
Description
Opens an IO device (IO port or modem), and prevents it from being used by other scripts or processes.
Syntax
a_lib.OpenDevice(name)
Returns
Example
a_lib.SendString
Description
Syntax
a_lib.SendString(handle, string)
handle: The handle obtained when the device or socket was opened
string: The text string to be sent
Returns
Example
Page 164
TeleBoss 850 2.06.280_STD User Manual
a_lib.SetDTR
Description
Sets the state of the DTR pin on the specified IO port. The port must be configured via the
'scripting.dtrcontrol.portenable' setting for DTR to be under scripting control.
Syntax
a_lib.SetDTR(port, state)
Returns
Example
a_lib.TCPClose
Description
Syntax
a_lib.TCPClose(handle)
Returns
None.
Example
Page 165
TeleBoss 850 2.06.280_STD User Manual
a_lib.TCPConnect
Description
Syntax
a_lib.TCPConnect(ip_address, port)
a_lib.TCPConnect(ip_address, port, timeout)
a_lib.TCPConnect(ip_address, port, options ...)
a_lib.TCPConnect(ip_address, port, timeout, options ...)
Returns
Example
a_lib.UDPClose
Description
Closes a UDP socket that has previously been opened using a_lib.UDPListen().
Syntax
a_lib.UDPClose(handle)
handle: The handle obtained when the socket was opened
Returns
Example
Page 166
TeleBoss 850 2.06.280_STD User Manual
a_lib.UDPListen
Description
Opens a UDP socket to listen for incoming frames on the specified port.
Syntax
a_lib.UDPListen(port number)
Returns
Example
a_lib.UDPListen(port number)
a_lib.UDPOpen
Description
Syntax
a_lib.UDPOpen()
Returns
Example
a_lib.UDPReceive
Description
Receives a frame on UDP socket that has previously been opened using a_lib.UDPListen().
Syntax
Page 167
TeleBoss 850 2.06.280_STD User Manual
Returns
If successful, returns received data, length of received data, and remote IP address. If no frame was received,
returns 'nil'.
Example
a_lib.UDPSend
Description
Send a frame on UDP socket that has previously been opened using a_lib.UDPOpen().
Syntax
Returns
If successful, returns number of bytes sent. If unsuccessful, returns 'nil' and error message.
Example
Page 168
TeleBoss 850 2.06.280_STD User Manual
a_lib.WaitForString
Description
Syntax
a_lib.WaitForString(handle, string)
a_lib.WaitForString(handle, string, timeout)
Returns
Example
a_lib.CTSHigh
Description
Syntax
a_lib.CTSHigh(port)
Returns
Returns 1 if the CTS pin is high, 0 if low, and 'nil' if port is not physically present.
Example
Page 169
TeleBoss 850 2.06.280_STD User Manual
Database Functions
a_lib.DBDeleteAndPost
Description
Posts data to an auxiliary database file, deleting the existing file first. The purpose of this function is to provide a
way for a script to store information that needs to be preserved across resets and power-cycles of the unit. Since
the file is deleted first, the data is never written to flash (which would slow things down and possibly cause
premature failure of the flash part). Only the 'AUXx' files can be posted to with this function.
Syntax
a_lib.DBDeleteAndPost(table)
Returns
Example
-- create a table
a = {}
-- two-line record
a.numlines = 2
-- fill in line 1
a[1] = timestamp
-- fill in line 2
a[2] = record_hash
-- post the record
a_lib.DBDeleteAndPost(a)
a_lib.DBDeleteRecords
Description
Deletes records from a database file. Oldest records are always deleted first.
Syntax
a_lib.DBDeleteRecords(file, numrecs)
a_lib.DBDeleteRecords(file, "all")
Returns
Returns how many records were deleted, or 'nil' if the function was unsuccessful.
Page 170
TeleBoss 850 2.06.280_STD User Manual
Example
a_lib.DBGetRecord
Description
Syntax
a_lib.DBGetRecord(file, recnum)
Returns
Returns the record data as a string, and the record length; returns 'nil' if unsuccessful or a record is not available.
Example
a_lib.DBGetRecordCount
Description
Syntax
a_lib.DBGetRecordCount(file)
a_lib.DBGetRecordCount()
file: The file to return the record count for; if not specified,
returns record count for entire database
Page 171
TeleBoss 850 2.06.280_STD User Manual
Returns
Example
a_lib.DBLockFile, a_lib.DBUnlockFile
Description
Locks or unlocks a database file. Locking a database file prevents records from being polled or deleted by another
script or process.
Syntax
a_lib.DBLockFile(file)
a_lib.DBUnlockFile(file)
Returns
a_lib.DBPostRecord
Description
Posts a record to the database. The record can be posted directly to the database, or it can be routed through the
data filters and/or data alarms.
Syntax
a_lib.DBPostRecord(table)
Returns
Page 172
TeleBoss 850 2.06.280_STD User Manual
Example
-- create a table
a = {}
-- two-line record
a.numlines = 2
-- destination is file 2
a.dest = 2
-- fill in the timestamp
a.time = os.time()
-- fill in line 1
a[1] = "this is line 1, jack\r\n"
-- fill in line 2
a[2] = "and here is line 2, jill\r\n"
-- post the record
a_lib.DBPostRecord(a)
Page 173
TeleBoss 850 2.06.280_STD User Manual
Miscellaneous Functions
a_lib.AccessSetting
Description
Syntax
a_lib.AccessSetting(setting_key)
setting_key: Setting key name, plus equals sign and new value if modifying
Returns
Returns a string containing the value of the setting if successful, 'nil' if not.
Example
-- read a setting
print(a_lib.AccessSetting("sys.sitename"))
Data-Link
-- modify a setting
print(a_lib.AccessSetting("sys.sitename = Yakkity Yack"))
Yakkity Yack
a_lib.CheckMessages
Description
Syntax
a_lib.CheckMessages()
Returns
Returns the message ID of the received message, and the message string if any. Returns 'nil' if no message was
received. There are several messages that could be sent to a script from the system. A well-behaved script
should call CheckMessages() periodically and handle these messages appropriately:
Message
Purpose
ID
Terminate. The script should do any necessary cleanup and then shut down gracefully using
13808
the a_lib.Exit() function.
Yield device. A passthrough session is being initiated to a port that is currently allocated by
13819 the script. The script can close the device or terminate to allow the passthrough session to
proceed, but it is not required to.
Page 174
TeleBoss 850 2.06.280_STD User Manual
Example
a_lib.Decrypt
Description
Syntax
a_lib.Decrypt(ciphertext, length)
ciphertext: String containing the ciphertext
length: Length of ciphertext string
Returns
Example
a_lib.Encrypt
Description
Syntax
a_lib.Encrypt(plaintext, length)
plaintext: String containing the data to encrypt
length: Length of plaintext string
Page 175
TeleBoss 850 2.06.280_STD User Manual
Returns
Example
a_lib.Exit
Description
Syntax
a_lib.Exit(result)
result: Result code to indicate the exit status of the script
Returns
None.
Example
Page 176
TeleBoss 850 2.06.280_STD User Manual
a_lib.HashFinalize
Description
Syntax
a_lib.HashFinalize()
Returns
Example
a_lib.HashInit
Description
Syntax
a_lib.HashInit()
Returns
None.
Example
Page 177
TeleBoss 850 2.06.280_STD User Manual
a_lib.HashUpdate
Description
Syntax
a_lib.HashUpdate(string)
Returns
None.
Example
a_lib.InitEncryption
Description
Syntax
a_lib.InitEncryption(key, key_length)
key: String value to use as encryption/decryption key
key_length: Length of key string
Returns
Example
Page 178
TeleBoss 850 2.06.280_STD User Manual
a_lib.PostAudit
Description
Syntax
a_lib.PostAudit(string
)
string: Message to post
Returns
None.
Example
a_lib.PostEvent
Description
Syntax
a_lib.PostEvent(message_text, actions_key)
a_lib.PostEvent(message_text, actions_key, class_offset)
a_lib.PostEvent(message_text, actions_key, class_offset, trap_number)
Returns
Example
Page 179
TeleBoss 850 2.06.280_STD User Manual
a_lib.ReadDIPs
Description
Syntax
a_lib.ReadDIPs(bank)
Returns
Returns string representing DIP switch state, from left-to-right, where '1' represents UP and '0' represents DOWN.
Returns nil and error message if argument invalid or DIPs not present on platform.
Example
print(a_lib.ReadDIPs(1))
01001111
print(a_lib.ReadDIPs(2))
nil Invalid DIP switch number.
a_lib.Relay
Description
Syntax
Returns
Example
print(a_lib.Relay(0, 3, "closed", 5)
Page 180
TeleBoss 850 2.06.280_STD User Manual
a_lib.SendMessage
Description
Syntax
a_lib.SendMessage(target_script, message_id)
a_lib.SendMessage(target_script, message_id, message)
Returns
Returns 1 if the target script is running, or 'nil' if not. Note that there is no guarantee the target script will actually
process the message.
Example
a_lib.SetLED
Description
Controls the state of front panel LEDs on the SL85. Supported LEDs can be set to off, steady on, or flashing at 1
cycle per second.
Syntax
a_lib.SetLED(led, state)
Returns
None.
Example
Page 181
TeleBoss 850 2.06.280_STD User Manual
a_lib.Sleep
Description
Syntax
a_lib.Sleep(time_in_milliseconds)
Returns
None.
Example
a_lib.SNMPGet
Description
Syntax
Returns
Returns a string containing the value of the object if successful. If not successful, returns 'nil' and an error
message.
Example
Page 182
TeleBoss 850 2.06.280_STD User Manual
a_lib.SNMPSet
Description
Syntax
Returns
Example
a_lib.GetModbusValue
Description
Syntax
handle: The handle obtained when the serial port device was opened
address: Address of the Modbus device (1-63)
type: The type of data to return ("int16", "uint16", "int32",
"uint32", "float")
register: The register on the Modbus device from which to obtain the value
Returns
Returns a string containing the requested value if successful. If not successful, returns nil plus a string containing
an error message.
Note: The serial port device must already be set to the required baud rate and data format.
Page 183
TeleBoss 850 2.06.280_STD User Manual
Example
a_lib.SetModbusValue
Description
Syntax
handle: The handle obtained when the serial port device was opened
address: Address of the Modbus device (1-63)
type: The type of data to store ("int16", "uint16", "int32", "uint32",
"float")
register: The register on the Modbus device to write the value to
value: Value to write to the reigster
Returns
Returns 1 if successful, otherwise returns nil plus a string containing an error message.
Note: The serial port device must already be set to the required baud rate and data format.
Note: It is assumed that the device stores the values high-word-first, high-byte-first, and that floating point
values are stored in 32-bit IEEE format.
Example
a_lib.MODBUSReadRegisters
Description
Syntax
handle: The handle obtained when the serial port device was opened
address: Address of the Modbus device (1-63)
register: The first register on the Modbus device to read
register_count: How many 16-bit registers to read
Page 184
TeleBoss 850 2.06.280_STD User Manual
Returns
If successful, returns Lua string containing register values as an array. If not successful, returns nil plus a string
containing an error message.
Note: The serial port device must already be set to the required baud rate and data format.
Example
a_lib.MODBUSWriteRegisterSingle
Description
Syntax
handle: The handle obtained when the serial port device was opened
address: Address of the Modbus device (1-63)
register: The register on the Modbus device to write to
value: Lua string containing value as byte array
Returns
Returns 1 if successful, otherwise returns nil plus a string containing an error message.
Note: The serial port device must already be set to the required baud rate and data format.
Page 185
TeleBoss 850 2.06.280_STD User Manual
Example
a_lib.MODBUSWriteRegisterMultiple
Description
Syntax
handle: The handle obtained when the serial port device was opened
address: Address of the Modbus device (1-63)
register: The first register on the Modbus device to write to
register_count: How many 16-bit registers to write to
value: Lua string containing value as byte array
Returns
Returns 1 if successful, otherwise returns nil plus a string containing an error message.
Note: The serial port device must already be set to the required baud rate and data format.
Note: The length of the value string must be equal to or larger than register_count * 2. If the value being
written is shorter, it must be padded to fulfill this requirement.
Example
-- write a 32-bit unsigned integer (stored with high-word first and high-byte
first)
value = 123456
-- populate value array (string)
v = string.char(value / 0x1000000, value / 0x10000, value / 0x100, value %
0x100)
-- set the registers
a_lib.MODBUSWriteRegisterMultiple(handle, address, register, 2, v)
Page 186
TeleBoss 850 2.06.280_STD User Manual
a_lib.InitVirtualES
Description
Syntax
a_lib.InitVirtualES(setting_slot)
Returns
Example
Page 187
TeleBoss 850 2.06.280_STD User Manual
Command Reference
User Interface Commands
Note: The HELP command can give helpful context sensitive information for most commands.
Setup Commands
Command Summary Syntax Description
BYPASS Access serial ports BYPASS [port_number] Provide pass-through terminal access
between the user and the input port.
SK Set/get key SK [KEY[=value]] Set or get a single key
See Setting Keys for more information.
SK GET Read keys SK GET [X|A [CUSTOM] [filter]] SK GET initiates a download of Setup
menu options.
See Setting Keys for more information.
SK HERE Manage individual SK HERE SK HERE allows you to set or get individual
keys keys interactively.
See Setting Keys for more information.
SK LOG Show SK error log SK LOG SK LOG outputs a list of any errors
generated during an SK set.
See Setting Keys for more information.
SK SET Set keys SK SET [X|A] SK SET puts the unit in bulk settings key
upload mode.
See Setting Keys for more information.
SETUP Enter setup menu SETUP Opens the setup menu.
Page 188
TeleBoss 850 2.06.280_STD User Manual
Page 189
TeleBoss 850 2.06.280_STD User Manual
System Commands
Command Summary Syntax Description
COLDSTART Cold boot unit COLDSTART Restores all settings to defaults, deletes all
record data, and reboots the unit.
DEFAULT Restore MOST settings to DEFAULT Resets most settings to factory default
factory defaults values, except for the following:
IP address
Subnet mask
Router address
Serial port baud rate and data format
Data alarm fields
Data alarm settings
Action queue
Does not affect record data
DEFAULT ALL Restore ALL settings to DEFAULT ALL Restores all settings to defaults, but does not
factory defaults affect record data, and does not reboot the
unit.
DOALARM sends a test Asentria DOALARM [IP Useful in quickly diagnosing problems and
Alarm via TCP/IP ADDRESS or HOST verifying setup of SitePath. If used without
NAME] arguments then the DOALARM command
sends a test alarm to all configured action IP
hosts (action.host[]). If you supply an
argument then the unit interprets it as a
specific host (IP or DNS name) to which you
want one test alarm sent.
DOMAIL Test emails DOMAIL Sends a test email to all defined email
addresses.
DOPAGE Test pagers DOPAGE Sends a test page to all defined pagers.
DOSMS Test SMS DOSMS Sends a test SMS message to each phone
number configured in the Actions settings.
DOSMS Test SMS to a specific DOSMS [<phone #> Sends a test SMS message to a specific
[<phone #> phone number with <message>] phone number.
<message>] message
DOTRAP Test traps DOTRAP Sends a test trap to all defined trap
managers.
DOTRAP 3 Send a test SNMPv3 trap DOTRAP 3 Sends a test SNMPv3 trap to all defined trap
managers.
PUSHNOW Initiate an immediate FTP PUSHNOW Initiates an immediate FTP push of data
push of data
PUSHTEST Test connectivity to the PUSHTEST Tests connectivity to the FTP server
FTP server
TYPE Display file contents TYPE [EVENTS|AUDIT] Displays the contents of the Events or Audit
file.
VER Display unit version VER Displays unit hardware and software versions
as well as the product and version build.
Page 190
TeleBoss 850 2.06.280_STD User Manual
Numeric Commands
The T850 supports numeric (Ctrl-B) commands as follows:
Page 191
TeleBoss 850 2.06.280_STD User Manual
Usage Commands
Usage for certain functions (SCRIPT, SK, SSH, SSHC, TCPDUMP, TELNET, TRACEROUTE, VWB, and XF) can be
displayed by simply entering the function command without any arguements, as shown below:
SCRIPT
>SCRIPT
Script Commands:
>
SK
>SK
Usage:
sk key[<operator>[value]] |
get [x|a][ filter|custom|@] |
set [x|a] |
here |
help |
log |
shortcut [filter|custom|@]
Where key:
segment1.segment2....
where segment:
word | word[index] | word.index
where word:
defined by factory or scripting dictionaries
where index:
number | 'all'
where referenced as:
static: referring to one value
indexed: referring to multiple values depending on index(es)
enumerated: referring to a finite set of values
Where operator:
=: write value
@: read/write access levels
#: read key possible values where enumerated
$: read key restriction class
%: read key instance count where indexed
+: read eventsensor index instance set
-: reset to default value
Where shortcut:
g: get a
c: get a custom
s: set a
?: get a status
Examples:
Page 192
TeleBoss 850 2.06.280_STD User Manual
sk get: read all keys and be prompted for transfer method
sk get a: read all keys at terminal
sk get x: read all keys via xmodem transfer
sk set: write keys and be prompted for transfer method
sk set a: write keys at terminal, delimit with 'end' on line by itself
sk set x: write keys by transferring a file of them via xmodem to the unit
sk get a custom: read non-default keys at terminal
sk get a net: read all net keys at terminal
sk g: same as 'sk get a'
sk s: same as 'sk set a'
sk c: same as 'sk get a custom'
sk ?: same as 'sk get a status'
sk here: perform key operations in interactive interface
sk help: display this help screen
sk <key>: read a key setting value
sk <key>=<value>: write a key setting value
sk <key>@: read key access levels
sk <key>@<read level,write level>: write key access levels
sk get a @: read all access levels at terminal
sk <indexed-key>^: read the next key instance of an indexed key
sk log: output log of last 'set' operation
sk serial.i-: reset all settings under index branch 'serial' to default
sk net-: reset all settings under non-indexed branch 'net' to default
sk event.sensor[16]-: reset all settings for eventsensor 16 to default
>
SSH
>SSH
usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-i identity_file] [-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-w tunnel:tunnel] [user@]hostname [command]
>
SSHC
>SSHC
No client key exists. Use "sshc -t rsa" to make an RSA key.
Usage: sshc [options]
Options:
-h Specify Host key
-o Specify Authorized key
-c Specify Client key (default)
-k Specify Known host key
-n Specify authentication banner
-t key_type Type of key to generate (rsa|dsa)
-b bits Bits to use (1024|2048) default=1024
-s url URL to send public client key to
(ftp://user:password@host/directory)
-d Delete keys/banner (default is key)
-dd Delete everything
-a Add item (authorized key, known host key, or banner)
-l List key(s)/banner
-i Use FTP active mode
-m hostname Specify hostname
Examples:
1. Create the host key as 2048-bit RSA: sshc -h -t rsa -b 2048
2. Delete the host key: sshc -dh
3. List the host key: sshc -lh
Page 193
TeleBoss 850 2.06.280_STD User Manual
4. Create the client key as 1024-bit RSA: sshc -t rsa
5. Create the client key as 1024-bit DSA and transfer as
"Asentria_<key-type>_<serial-number>" to an FTP server:
sshc -t dsa -s "ftp://user:[email protected]/some/directory"
(note quotes around URL)
6. Delete the client key: sshc -d
7. List the client key: sshc -l, or sshc with no arguments
8. Add authorized key(s): sshc -ao
9. Delete all authorized keys: sshc -do
10. List authorized keys: sshc -lo
11. Add authentication banner: sshc -an
12. Delete authentication banner: sshc -dn
13. List authentication banner: sshc -ln
14. Add known host key: sshc -ak
15. Delete known host key for host 'myhost': sshc -dkm myhost
16. List known host keys: sshc -lk
Note: If SFTP push discovers a known host key has changed then you must
reestablish its authenticity to the unit manually: first delete its
known host key (sshc -dkm <host>) and then invoke PUSHTEST.
>
TCPDUMP
>TCPDUMP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ixp0, link-type EN10MB (Ethernet), capture size 68 bytes
<CTRL-C to escape>
>
TELNET
>TELNET
BusyBox v1.00 (2009.09.19-20:48+0000) multi-call binary
>
TRACEROUTE
>TRACEROUTE
Version 1.4a5
Usage: traceroute [-dFInrvx] [-g gateway] [-i iface] [-f first_ttl] [-m max_ttl]
>
VWB
>VWB
-------- SLOT CONTENTS ------------------
Page 194
TeleBoss 850 2.06.280_STD User Manual
The field technician must take precautions to ensure he/she is electrically grounded so as not to damage the
Expansion Card circuit board, or the main circuit board of the unit. Follow normal Electrostatic Discharge
(ESD) procedures for handling electronics per IPC-610.
The Expansion Card should remain in its protective ESD bag until it is time to actually insert it into the
expansion bay.
1. Unplug the power cable from the T850. Expansion Cards are NOT hot-swappable.
2. Unplug the telephone cord from the internal modem (if connected). This MUST be done before removing any
expansion port cover plates.
3. Remove the two screws for any expansion bay cover plate and set the plate aside.
4. Carefully remove the Expansion Card from its protective ESD bag and slide it into the plastic rails inside the
expansion bay. Visually confirm that the Card is in both rails and properly aligned.
5. Push the card until it is fully inserted in its slot.
6. Replace the two screws previously removed so the Card is held securely in the bay.
7. Place the Expansion Card label on the back panel directly above or below the Expansion Card, taking care to
align the markings on the label with appropriate I/O points or ports on the Card.
Note: If installing a Wireless Modem Expansion Card, attach an antenna to the SMA connector. (An antenna
such as the MobilMark RMA3-900/1900 or equivalent is recommended). A rubber GSM antenna is included for a
convenient interim antenna. This can be screwed on to the SMA connector for trial. The unit should not be
powered up without an antenna connected to the modem.
8. Replace the telephone cord in the internal modem jack (if used).
9. Plug the power cable into the host unit.
10. After the unit reboots, proceed with connecting devices to, and configuring the Expansion Card, as necessary
for the type of Card it is.
Page 195
TeleBoss 850 2.06.280_STD User Manual
Wireless Modem
The wireless modem expansion card supports the same features as connecting directly to the T850 interface,
including Telnet, FTP, SSH, and so on. It also supports PPP routing, which allows communication with devices
connected to one of the local Ethernet interfaces.
The wireless EDGE modem is for use in TeleBoss products with firmware version 2.00.240 and above.
The wireless GPRS modem is for use in TeleBoss products with firmware version 2.00.330 and above.
Installation
If installing the wireless modem for the first time (not factory installed), follow these installation instructions:
Make sure the the host T850 is powered down and remove the telephone line from the internal modem (if
used).
Insert your SIM card into the slot on the wireless modem module, with the contacts on the bottom, using
the card outline printed on the circuit board as a guide.
Remove the two screws from any of the expansion bay covers on the back panel of the T850 and set the
cover aside. Carefully slide the wireless modem card into the plastic rails inside the expansion bay and
push the card in all the way. Replace the two screws previously removed to hold the card securely in the
bay.
o Note: When adding a SIM card to an already installed wireless modem card, remove the
existing wireless modem card from the unit by removing the two outermost screws only. Do not
remove the two innermost screws closest to the SMA connector.
Attach an antenna to the SMA connector. (An antenna such as the MobilMark RMA3-900/1900 or
equivalent is recommended). A rubber GSM antenna is included for a convenient interim antenna. This
can be screwed on to the SMA connector for trial. The unit should not be powered up without an antenna
connected to the modem.
Setup
In addition to installing an activated SIM card in the wireless modem card, certain settings on the host unit need to be
configured for the wireless connection to work. These settings can be configured via either Setting Keys or the Setup
Menus as described below. Changing any of these settings should be done with net.wireless.mode set to OFF,
otherwise unexpected behavior may occur.
Setting Keys
Following are the Setting Keys used to configure the wireless modem card. All of the Setting Keys below can also be
configured in the Setup menus listed in parenthesis after each.
Page 196
TeleBoss 850 2.06.280_STD User Manual
net.ppprouting.enable (Setup -> Network Settings -> PPP Settings -> IP Routing)
This setting controls whether the unit routes IP traffic from PPP to an Ethernet interface specified by the destination IP
address's subnet. On products which have DIP switches, this setting is mechanically locked with a DIP switch for
added security. On products with this feature but without DIP switches, there is no way to lock this.
net.eth.nat (Setup -> Network Settings -> Ethernet Settings -> Ethernet n Settings)
This setting controls whether the unit does Network Address Translation (NAT) on routed frames egressing the unit on
the specified interface. That is, when PPP routing is operating and forwarding frames received on the PPP interface
(which can be the same thing as the wireless modem interface), the unit rewrites the source IP address of forwarded
frames leaving the unit to the IP address of the ethernet interface on which they leave. If this setting is disabled then
forwarding may still happen since it is governed only by the PPP routing settings, but the source IP address of the
forwarded frames is not rewritten.
Setup Menu
All of the net.wireless settings above can be accessed in the setup menu at: Modem Setting -> Wireless
Modem
Operation
With net.wireless.mode set to PERMANENT (depending on the type of modem installed), the unit attempts to
maintain a connection to the wireless network at all times. If the connection goes down for any reason, including
inactivity, the unit immediately attempts to reconnect. When there is no activity on the link for longer than the inactivity
timeout (see below), the connection is terminated and immediately restarted. If net.wireless.mode is set to OFF,
wireless modem operations are terminated immediately (there may be up to a minute's delay if certain operations are
pending).
The WIRELESS RESTART command causes the wireless modem to terminate the connection and restart it
based on the current settings; this is useful if a setting other than "mode" is changed.
The default setting for the wireless connection is to NOT be the default route for outbound IP frames. A static
route must be entered for any frame to be sent out on the wireless connection. If Default Route Enable is changed
to ON for the wireless connection, then all IP frames that do not match an existing static route will be sent out on
the wireless connection. For situations where the wireless modem is the only means of off-net access, Default
Route Enable should be set to ON.
Page 197
TeleBoss 850 2.06.280_STD User Manual
The front-panel MODEM LED shows the status of the wireless modem. If net.wireless.mode is set to OFF then
the LED should remain unlit. When net.wireless.mode is set to PERMANENT the LED flashes once per second
while the modem is attempting to establish a network connection. Once the connection is established, the LED blinks
every 3 seconds.
Status Commands
On all products, the current status of the wireless connection can be displayed using the “?W” or “STATUSW”
commands. (Note that “?WIRE” or “?WIRELESS” or “STATUSW” or “STATUS WIRELESS” are also valid
commands.) The unit will respond with: “Wireless modem status: <state> Possible states are:
* if it says “Connecting” most of the time, there is a problem and it would be advisable to contact Asentria Tech
Support to check the wireless modem log.
?W INFO will display Network Registration and Subscriber & Equipment information similar to the following:
?w info
Wireless Modem Information:
Network Registration:
Registration Status : Registered to home network
Location Area Code : 0xCB52 (52050)
Cell ID : 0xCC89 (52361)
Signal Strength : 5 of 5 bars (0:00:06 ago)
Troubleshooting Commands
For troubleshooting, user either the "?W LOG" or “STATUSW LOG” command. (Note that “?WIRE LOG” or
“?WIRELESS LOG” or “STATUSW LOG” or “STATUS WIRELESS LOG” are also valid commands. The word “log”
must be preceded by a space.) Contact Asentria Tech Support if troubleshooting is required as the log data probably
will not be useful to the user.
Page 198
TeleBoss 850 2.06.280_STD User Manual
ADSL Modem
TeleBoss units that are ADSL-modem-equipped can connect to the Internet via ADSL. This means that the unit can
reach Internet hosts and have an Internet IP address but the address is completely firewalled so you will not be able
to, for example, ping the unit's DSL interface IP address.
Note: Full ADSL modem functionality is only available on TeleBoss products with the “SitePath” build (version
2.03.000 or greater). If there is any question about whether your unit has the SitePath build, contact Asentria
Technical Support.
Installation
If installing the ADSL modem for the first time (not factory installed), follow these installation instructions:
Make sure the the host T850 is powered down and remove the telephone line from the internal modem (if
used).
Remove the two screws from any of the expansion bay covers on the back panel of the T850 and set the
cover aside. Carefully slide the ADSL modem card into the plastic rails inside the expansion bay and
push the card in all the way. Replace the two screws previously removed to hold the card securely in the
bay.
Description of ADSL
ADSL (Asymmetric Digital Subscriber Line) is a technology where data is modulated onto higher frequencies of
copper telephone lines not used for voice in such a way that upstream and downstream data rates differ. Certain
Asentria TeleBoss units can have an ADSL modem expansion card installed to provide an interface to a line. The
machine on the other end of the line is a DSLAM (Digital Subscriber Line Access Multiplexer). DSLAMs exist typically
inside telephone company central offices (COs) but also exist in standalone hutches (remote DSLAMs).
The abbreviations "DSL" and "ADSL" are used interchangably in this documentation; where "DSL" is written, "ADSL"
also applies unless the difference is explicitly specified.
Certain terms and acronyms are used throughout this guide that may require further explanation. These are hyper-
linked to the Glossary at the end of the guide.
Configuration
The ADSL modem can be configured via two methods in the TeleBoss unit: command line menus or Setting Keys.
For simplicity, only the Setting Keys method is discussed in this guide. However, as you are working through the
configurations you are welcome to also use the related Command Line menus (Setup ->Network Settings -> DSL
Settings) or web-interface menus in your TeleBoss unit to view or configure specific settings.
There are four ways to configure ADSL depending on the specifications from your ADSL and ISP providers. In some
cases the ADSL provider and ISP provider are the same. For simplicity and unless otherwise specified, "ADSL
provider" means the entity that provides all settings required for the unit to use the Internet over the ADSL.
The key datum to get from your ADSL provider is what type of addressing is to be used: PPPoA (PPP over ATM),
PPPoE (PPP over Ethernet), Static, or DHCP. Make note of this, then proceed with configuring the ADSL modem as
described below.
Set the value of the net.dsl.type Setting Key to either PPPoA, PPPoE, Static, or DHCP as instructed by your
ADSL provider. This is the most important DSL setting since its value determines what other DSL settings are
applicable to the DSL configuration. Each of these connection protocols requires specific settings, so refer to the
paragraph below for the protocol you will be using. But first, there are some settings that must be configured
regardless of how net.dsl.type is set.
Page 199
TeleBoss 850 2.06.280_STD User Manual
net.dsl.vpi
This specifies the VPI (Virtual Path Identifier) used on the DSL interface. This is provided for you by your DSL
provider and is required for DSL operation. Values are: 0 to 4095
net.dsl.vci
This specifies the VCI (Virtual Channel Identifier) for the DSL interface. This is provided for you by your DSL
provider and is required for DSL operation. Values are: 0 to 65535.
net.dsl.encap
This controls whether the encapsulation is LLC (Logical Link Control) or VCM (Virtual Channel Multiplexed).
This is provided for you by your DSL provider and is required for DSL operation. Values are LLC or VCM.
net.dsl.username
This specifies the PPP username for the DSL interface. This is provided for you by your DSL provider. Values
are text strings up to 64 characters.
net.dsl.password
This specifies the PPP password for the DSL interface. This is provided for you by your DSL provider. Values
are text strings up to 64 characters.
net.dsl.mode
This controls whether the DSL is set up for Bridged mode or Routed mode. This is provided for you by your
DSL provider. Values are BRIDGED or ROUTED.
net.dsl.ip
This is the public IP address of the unit in the case where the DSL link is active. This is essentially
inaccessible from the outside world because it is completely firewalled on the unit. This is provided for you by
your DSL provider. Value is a dotted quad IP address.
net.dsl.mask
This controls the mask used on the DSL interface. This is provided for you by your DSL provider. It is
applicable only when net.dsl.type is STATIC. Value is a dotted quad subnet mask.
net.dsl.router
The router for the DSL interface. This is provided for you by your DSL provider. This is applicable only when
net.dsl.type is STATIC. Value is a dotted quad IP address.
net.dns
This specifies Domain Name System addresses to use. This is provided for you by your DSL provider. Value
is a dotted quad IP address.
Activation
Once the DSL interface is configured it must be activated. This happens automatically or manually according to how
the Start Mode setting is configured:
net.dsl.startmode Set this to MANUAL to require user intervention to raise the DSL interface, or to let a VPN (if
it is configured to use DSL) raise the DSL interface when the VPN needs to use DSL. Set this to AUTO to tell the unit
to automatically raise the DSL interface upon boot. Values are MANUAL or AUTO. Default setting is MANUAL.
Manual Activation
net.dsl.command Set this to 1 to manually activate the DSL interface, and set this to 0 to manually deactivate the
DSL interface.
Page 200
TeleBoss 850 2.06.280_STD User Manual
In manual activation the DSL interface will not activate unless some purpose requires it: either you tell it to activate or
your ADSL-based VPN, when it is being raised, tells it to activate. If you tell the interface to activate then do this by
setting net.dsl.command=1. The unit returns COMPLETE, meaning it has started the activation process; it does not
mean that the inteface is ready to use yet. Activation is a multistep process and may take a minute or two to complete.
If the VPN tells the interface to activate, then activation happens when the VPN raises.
Read net.dsl.command (or net.dsl.status) to check the status of the DSL interface.
If the interface doesn't activate, then first check if anything about the configuration on the unit is invalid. Then check
this configuration against what was specified by the ADSL provider.
Automatic Activation
In automatic activation the unit raises the DSL interface upon boot and keeps it up until it is explicitly deactivated by
the user by setting net.dsl.command=0.
Once the interface is activated you can use it as an outbound-only interface. It is completely firewalled to the Internet.
The only traffic allowed in is traffic associated with existing connections, meaning all connections must originate from
unit. Pinging (ICMP), TCP, and UDP traffic is the only traffic allowed and this traffic must originate from the unit.
Data on the ADSL connection can be viewed with the net.dsl.info.* key branch:
net.dsl.info.isp.ip
Read this key to see what IP address the DSL interface is using with the ISP.
net.dsl.info.isp.linktime
Read this key to see how long the unit has been connected to the ISP (i.e., how long the unit has had Internet access)
since the connection was started.
net.dsl.info.isp.status
Read this key to see whether the unit is connected to the ISP; it returns "Connected" or "Not Connected". Another key
that gives the same information in a different format is net.dsl.status.
net.dsl.info.isp.discreason
Read this key to see why, if available, DSL connectivity was lost.
net.dsl.info.link
Read this key to see whether the unit has DSL connectivity (as opposed to ISP connectivity shown with
net.dsl.info.isp.status).
net.dsl.info.speed
Read this key to see the speed of the link (provided there is DSL connectivity, as shown with net.dsl.info.link).
net.dsl.info.ver.sw
Read this key to see the ADSL modem software version.
net.dsl.info.ver.fw
Read this key to see the ADSL modem firmware version.
net.dsl.info.ver.atm
Read this key to see the ADSL modem ATM driver version.
Page 201
TeleBoss 850 2.06.280_STD User Manual
net.dsl.info.ver.dslhal
Read this key to see the ADSL modem DSL HAL version.
net.dsl.info.ver.sarhal
Read this key to see the ADSL modem SAR HAL version.
net.dsl.info.ver.pump
Read this key to see the ADSL modem data pump version.
net.dsl.info.updated
Read this key to see the last date/time at which the values in the net.dsl.info.* key hierarchy were last updated.
These values are updated when directed by the user (by setting net.dsl.command to 20) or every few seconds by
the unit until the ADSL modem is connected to the ISP (at which time it doesn't update until directed by the user or
ISP connectivity is lost).
DSL Status
net.dsl.status is a read-only key that displays a value that reflects the current state of the DSL interface. Values
are an integer >=0.
0 means it is not activated (the unit is not talking to the modem, no address is usable with the ISP, the DSL is
not trained)
1 means the interface is in an intermediate level of availability: there is no address usable with the ISP and the
DSL is not trained, but the unit can talk (but not necessarily is talking) to the modem.
2 means the interface is in an intermediate level of availability, moreso than value "1": there is no address
usable with the ISP but the DSL is trained and the unit has good communication with its DSL modem.
3 means the interface is fully activated: DSL is trained and there is an address usable with the ISP.
These values are analagous to modem LEDs seen on some DSL routers: power, "link", "DSL", "Internet". 0 can be
though of as "power", 1 can be thought of as "link", 2 can be thought of as "DSL", and 3 can be thought of as
"Internet".
Connectivity
When the interface is activated it can be used for Internet connectivity. The simplest way to use it is as ADSL gateway
via the DSL routing function (see DSL Routing section).
Deactivation
Deactivation means the unit is no longer connected to the ISP provider via ADSL. Deactivate by setting
net.dsl.command=0. When the DSL interface is deactivated the line may still be trained.
ADSL specifications
Full rate ANSI T1.413 Issue2, ITU-T G.992.1 and ITU-T G.992.2 standards compliant
Page 202
TeleBoss 850 2.06.280_STD User Manual
Multiple protocols over AAL5 (RFC 2684 / RFC 1483)
DSL Routing
DSL routing is used to make the unit route, and do network address translation (NAT) on, NAT-capable traffic (TCP,
UDP, and ICMP) from the unit's Ethernet ports to the unit's DSL peer, and hence on to the Internet. For example, a
PC that uses one of the unit's Ethernet addresses as its default router can browse the web via the unit's DSL
connection. The DSL interface is firewalled such that only traffic related to already-existing-outgoing connections is
allowed in.
Configuration
net.dsl.startmode
Set this to AUTO to tell the unit to automatically raise the DSL interface upon boot. Set this to MANUAL to require user
intervention to raise the DSL interface, or to let a VPN (if it is configured to use DSL) raise the DSL interface when the
VPN needs to use DSL. Values are MANUAL or AUTO. Default setting is MANUAL.
net.default.router
This setting allows you to select the default router (gateway) for the unit. Each network interface has a router setting
which you can configure; this is the machine on that interface to which frames will be sent if they do not route to the
local network of that interface. However the unit uses only one of those configured routers at this time. As you
configure router settings the unit will choose a default router for you. This is available for you to see (and override) via
this net.default.router setting. The values you may choose for this setting (i.e., router addresses) must be in the
set of routers which you have specified, or the special value, "DSL", which means that the DSL interface peer is the
default router. For DSL Routing, set net.default.router=DSL.
The unit uses a routing table to determine how to send any outbound IP frame. Each entry in the routing table tells the
unit how to send a frame whose destination address matches a rule in the routing table. Routing table entries are
examined from most-restrictive to least-restrictive, so the default routing table entry is the last entry in the table since it
is the least restrictive. It is the catch-all route: it tells the unit how to send a frame when it doesn't know how else to
send it. The only routes on the unit at this time are network interface routes and the default route. Network interface
routes tell the unit how to send a frame bound for a machine on one of the unit's local networks (subnets). These
routes are automatically configured when you configure the address of a network interface. If an outbound frame is
destined for a machine off all local networks then it is sent according to what the default route specifies. The default
route specifies the default router to use for these frames.
If you have configured only one router for all of your network interfaces then you don't have to worry about this setting:
the unit configures it for you and there is nothing you can override it with. The default router is engaged as soon as it
is configured.
net.dsl.routing.enable
Set this to ON to make the unit forward frames received on either Ethernet interface (and not addressed to the unit)
out the DSL interface. Frames are NAT-ed as they leave the DSL interface. Frames arriving on the DSL interface not
associated with existing connections are blocked (the unit is firewalled). Note that the unit's default router must be set
to DSL (net.default.router=DSL) for DSL routing to work. Set this to OFF to make the unit not do this. Values
are: ON or OFF. Default is OFF.
net.dsl.override
Set this to a non-zero value to enable ADSL web configuration access on the TCP port specified by the value. Set this
to 0 to disable web configuration access. Values are: 0 to 65535. Default is 0.
Page 203
TeleBoss 850 2.06.280_STD User Manual
net.dsl.cmd
This has the same behavior as net.dsl.command.
net.dsl.status
Upon read this returns 0, 1, 2 or 3. Refer to the net.dsl.status description above for further details.
6) Upon setting this key to 1 the unit begins the process of raising the DSL interface. You can query the status of the
DSL interface by reading the net.dsl.status function key. To lower the DSL interface, set:
net.dsl.cmd=0
7) After a minute or two this key (or the net.dsl.status key) will return 3. If something went wrong then it will stay at 1
or 2 in which case the configuration should be rechecked.
9) Test the connection by pinging an Internet host from the unit. Once it is verified good, proceed to configure
machines which will use the unit as a DSL router. On these machines set their default router to the unit's Ethernet
IP address (address that is on the same subnet as these machines). Optionally you can configure this same
address as a DNS server for these machines. Test the routing connection by pinging an Internet host from these
machines.
DSL Glossary
ATM
Asynchronous Transfer Mode is a network technology based on transferring data in cells or packets of a fixed size.
The cell used with ATM is relatively small compared to units used with older technologies. The small, constant cell
size allows ATM equipment to transmit video, audio, and computer data over the same network, and assure that no
single type of data hogs the line.
DHCP
Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With
dynamic addressing, a device can have a different IP address every time it connects to the network.
Page 204
TeleBoss 850 2.06.280_STD User Manual
DSLAM
A Digital Subscriber Line Access Multiplexer is a mechanism at a phone company's central location that links many
customer DSL connections to a single high-speed ATM line. When the phone company receives a DSL signal, an
ADSL modem with a splitter detects voice calls and data. Voice calls are sent to the PSTN (Public Switched
Telephone Network), and data are sent to the DSLAM, where it passes through the ATM to the Internet, then back
through the DSLAM and ADSL modem before returning to the customer's PC or networked-device.
PPP
Point-to-Point Protocol is a method of connecting a PC or networked-device to the Internet.
Setting Keys
A Setting Key is a "<setting> = <value>" statement. <setting> is a series of keywords that describe a particular
function of the unit, or setting. These keywords are separated by periods, for example net.dsl.startmode. The
current value of a Setting Key can be obtained by typing sk <setting> at the command line and pressing the Enter
key. A new value for a Setting Key can be set by typing sk <setting> = <value> and pressing the Enter key. The
value must be valid for that particular Setting Key, and the unit will respond with COMPLETE when it is accepted. If
the value is invalid, the unit will respond with Invalid Value. Contact Asentria Tech Support for more information on
Setting Keys if necesary.
Signal-to-noise ratio
Signal-to-noise ratio is an electrical engineering concept defined as the ratio of a signal power to the noise power
corrupting the signal. In less technical terms, signal-to-noise ratio compares the level of a desired signal to the level of
background noise. The higher the ratio, the less obtrusive the background noise is.
Trained
This refers to the general ability of a modem to adjust itself to optimize the communication channel. When a modem
modulates data on a line, the communication infrastructure degrades the data. Some of this degradation is due to
noise and some of it is due to the modem's own echo. Part of training the modem (also sometimes referred to as
"training the line") involves having the modem select optimal signal-to-noise ratio as well as teaching the modem what
its own "voice" (its echo) sounds like on the line. A modem receives not only data from the other modem but also its
own echoes, like when you yell to someone across a canyon and listen for their response; training helps the modem
separate its own echos from the signal from the other modem.
VCI
A Virtual Channel Identifier is a unique identifier which indicates a particular virtual circuit on a network. It is a 16-bit
field in the header of an ATM cell. The VCI, together with the VPI (Virtual Path Identifier) is used to identify the next
destination of a cells as it passes through a series of ATM switches on its way to its destination.
VPI
Virtual Path Identifier refers to an 8-bit (user to network packets) or 12-bit (network-network packets) field within the
header of an ATM cell. The VPI, together with the VCI (Virtual Channel Identifier) is used to identify the next
destination of a cell as it passes through a series of ATM switches on its way to its destination. VPI is useful to reduce
the switching table for some Virtual Circuits which have common path.
VPN
Virtual Private Network is a network that is tunneled (the virtual part), typically across a public network, and secured
(the private part).
Page 205
TeleBoss 850 2.06.280_STD User Manual
Setup
Ensure the battery enable/disable switch is in the 'enable' position. There is no other setup associated with using the
battery module, nor are there any settings related to it.
Operation
As long as the battery enable/disable switch is in the 'enable' position, the battery will be available in case of power
loss. The amount of time that the host unit can run off battery power depends on various things including the state of
battery charge at the time, and the number and type of optional devices installed in the host unit.
If the unit is running on battery power, and the battery enable/disable switch is changed to the 'disable' position, the
host unit will immediately shut down.
The host unit cannot be started up from the battery. This is because battery relay (which connects the battery power to
the system) is open when no power is applied; it gets closed once the unit starts up and the battery manager
application runs. Only at that point does battery power become available.
The status of the battery module can be determined from the command processor via the battery status command.
Basic Status
>status battery
Battery Status
Note that the command can also be invoked in a more abbreviated format such as "? BATTERY", "STATUSB" or
even "?B".
When the charging current goes below 100mA, the charging voltage is switched from high (7.35 volts) to low (6.85
volts).
When running on battery power, if the battery voltage falls below 5.435 volts, the unit shuts down. Several warning
messages are sent to all open command processors as the battery voltage gets low.
Page 206
TeleBoss 850 2.06.280_STD User Manual
Appendices
User Rights Table
Each command has an associated minimum user right required to execute it. (Unlike the minimum user rights for
settings, these cannot be changed for any command; they are hard-coded.) Here is a list of TeleBoss commands and
their associated minimum user right numbers and aliases.
Page 207
TeleBoss 850 2.06.280_STD User Manual
pushnow 3 ADMIN1
ppp 3 ADMIN1
pushtest 3 ADMIN1
resend 3 ADMIN1
restart 0 NONE
restore 3 ADMIN1
rlmode 3 ADMIN1
rl 3 ADMIN1
sa 3 ADMIN1
sx 3 ADMIN1
script 5 ADMIN3
sensors 2 VIEW
setup 3 ADMIN1
sk 2 VIEW
spawn 6 MASTER
spawnc 6 MASTER
ssh 6 MASTER
sshc 6 MASTER
sslc 6 MASTER
stamp 3 ADMIN1
status 2 VIEW
switch 2 VIEW
tag 3 ADMIN1
tcpdump 6 MASTER
tcplog 6 MASTER
telnet 6 MASTER
testtime 2 VIEW
traceroute 6 MASTER
trim 6 MASTER
type 3 ADMIN1
wait 3 ADMIN1
wireless 3 ADMIN1
wrap 3 ADMIN1
ver 2 VIEW
vw 6 MASTER
xf 2 VIEW
zap 6 MASTER
zero 3 ADMIN1
Page 208
TeleBoss 850 2.06.280_STD User Manual
Control Characters
Some of the following control characters may be used in various functions within the T850, including CRC mode for
AsentriaAlarms and the Escape Key.
Page 209
TeleBoss 850 2.06.280_STD User Manual
Technical Specifications
T850-0
Width: 7.25in / 18.4cm Power Consumption (Typical): 5.25W
Height: 1.75in / 4.45cm Power Consumption (Max): 24W
Depth: 7.0in / 17.8cm BTU’s (Nominal): 18 BTU/Hour
Weight: 2lbs / 0.90kg BTU’s (Max): 82 BTU/hour
Mounting: Shelf or tabletop Operating Temperature: 0-40° C
Power: 15VDC Desktop Supply or optional Storage Temperature: -20° to +60°C
external -48VDC to15VDC supply
RoHS/CE/CSA/A-tick Certification: Yes Operating Humidity: 10-80% (non-condensing)
Mean Time Between Failure: 70,000hr Storage Humidity: 10-80% (non-condensing)
T850-2
Width: 11in / 27.94cm Power Consumption (Typical): 5.25W
Height: 1.75in / 4.45cm Power Consumption (Max): 24W
Depth: 7.8in / 19.812cm BTU’s (Nominal): 18 BTU/Hour
Weight: (depending on configuration) 3 - 5lbs / BTU’s (Max): 82 BTU/hour
1.36 - 2.27kg
Mounting: Shelf or in 19in rack Operating Temperature: 0-40° C
Power: 15VDC Desktop Supply or optional - Storage Temperature: -20° to +60°C
48VDC
RoHS/CE/CSA/A-tick Certification: Yes Operating Humidity: 10-80% (non-condensing)
Mean Time Between Failure: 70,000hr Storage Humidity: 10-80% (non-condensing)
T850-6
Width: 17in / 43/18cm Power Consumption (Typical): 5.25W
Height: 1.75in / 4.45cm Power Consumption (Max): 24W
Depth: 7.8in / 19.812cm BTU’s (Nominal): 18 BTU/Hour
Weight: (depending on configuration) 3 - 5lbs / BTU’s (Max): 82 BTU/hour
1.36 - 2.27kg
Mounting: Shelf or in 19in rack Operating Temperature: 0-40° C
Power: 15VDC Desktop Supply or optional - Storage Temperature: -20° to +60°C
48VDC
RoHS/CE/CSA/A-tick Certification: Yes Operating Humidity: 10-80% (non-condensing)
Mean Time Between Failure: 70,000hr Storage Humidity: 10-80% (non-condensing)
Page 210
TeleBoss 850 2.06.280_STD User Manual
PB1
No
PB2
No, a PB2 is only supported by on-board sensor ports, and will not work if connected to a 4SJ expansion card.
Since the Rev B T850 has no on-board sensor port, the PB2 is not supported.
SensorJack (Type3)
No
EventSensor (Type1) sensors cannot be daisy-chained with EventSensor (Type2) sensors; however, you can use
EventSensor (Type1) sensors connected to Serial Port I/O1 and EventSensor (Type2) sensors connected to a
4SJ expansion card simultaneously. Just make sure the DIP Switches on all are set so that there are no slotting
conflicts.
Page 211
TeleBoss 850 2.06.280_STD User Manual
Rev D
On-board ES (Type 2A) port:
PB1
No
PB2
Yes, requires the T850 host to be running version 2.06.290 or higher. Also, a PB2 is only supported by an on-
board sensor port, so it will not work if connected to a 4SJ expansion card.
SensorJack (Type3)
No
EventSensor (Type1) sensors cannot be daisy-chained with EventSensor (Type2) sensors; however, you can use
EventSensor (Type1) sensors connected to Serial Port I/O1 and EventSensor (Type2) sensors connected to any
sensor port simultaneously. Just make sure the DIP Switches on all are set so that there are no slotting conflicts.
Page 212
TeleBoss 850 2.06.280_STD User Manual
Rev F
On-board ESJ/ES (Type 3B) port:
PB1
No
PB2
Yes, requires the T850 host to be running version 2.06.290 or higher. Also, a PB2 is only supported by an on-
board sensor port, so it will not work if connected to a 4SJ port.
SensorJack (Type3)
Yes. These sensors terminate with an RJ45 plug so connect directly to the ESJ/ES port. If using multiple Sensor
Jack sensors, or with EventSensor (Type2) sensors, use an RJ45 Splitter (part# 4162-011).
Note: Currently only the SensorJack Temp Sensor is supported by the T850. Support for the SensorJack
Temp/Humidity sensor will be coming soon.
Daisy-chaining a SensorJack sensor to an EventSensor (Type2) sensor does not work. The SensorJack sensor
must be connected directly to the ESJ/ES port, or to an RJ45 Splitter that routes directly to the port (through other
RJ45 splitters is OK).
EventSensor (Type1) sensors cannot be daisy-chained with EventSensor (Type2) sensors; however you can use
EventSensor (Type1) sensors connected to Serial Port I/O1 and EventSensor (Type2) sensors connected to any
sensor port simultaneously. Just make sure the DIP Switches on all are set so that there are no slotting conflicts.
Page 213
TeleBoss 850 2.06.280_STD User Manual
The REN is useful to determine the quantity of devices you may connect to a telephone line and still have all of these
devices ring when the number is called. In most, but not all areas, the sum of the RENs of all devices connected to
one line should not exceed five (5.0). To be certain of the number of devices you may connect to a line, as
determined by the REN, you should contact the local telephone company to determine the maximum REN for your
calling area.
If the modem causes harm to the telephone network, the telephone company may temporarily discontinue your
service. If possible, they will notify you in advance. If advance notification is not possible, you will be notified as soon
as possible.
Your telephone company may make changes in its facilities, equipment, operations or procedures that could affect
proper functioning of your equipment. If they do, you will be notified in advance to give you an opportunity to maintain
uninterrupted telephone service.
If you experience trouble with the modem, contact Asentria Technical Support for information on obtaining service or
repairs. The telephone company may ask you to disconnect the device from the network until the problem has been
corrected or until you are sure that the device is not malfunctioning.
This device may not be used on coin service lines provided by the telephone company (this does not apply to private
coin telephone applications which use standard lines). Connection to party lines is subject to state tariffs.
Page 214
TeleBoss 850 2.06.280_STD User Manual
Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local
telecommunications company. The equipment must also be installed using an acceptable method of connection. In
some cases, the company's inside wiring associated with a single line individual service may be extended by means of
a certified connector assembly (telephone extension cord). The customer should be aware that compliance with the
above conditions may not prevent degradation of service in some situations.
Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the
supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the
telecommunications company cause to request the user to disconnect the equipment.
Users should ensure for their own protections that the electrical ground connections of the power utility, telephone
lines and internal metallic water pipe system, if present, are connected together. This precaution may be particularly
important in rural areas.
Caution: Users should not attempt to make such connections themselves, but should contact the appropriate electric
inspection authority, or electrician, as appropriate.
The Load Number (LN) assigned to each terminal device denotes the percentage of total load to be connected to a
telephone loop, which is used by the device, to prevent overloading.
The termination of a loop may consist of any combination of devices subject only to the requirement that the total of
the Load Numbers of all the devices does not exceed 100. The load number of this unit is five.
This digital apparatus does not exceed the Class A limits for Radio noise emissions from digital apparatus set out in
the interference-causing equipment standard entitled "Digital
Apparatus", ICES-003 of the Department of Communications.
AVIS: - L'étiquette du ministère des Communications du Canada identify le materiel homologué. Cette étiquette
certifie que le matériel est conforme a certaines normes de protection, d'exploitation et de sécurité des réseaux de
télécommunications. Le Ministère n'assure toutefois pas que le matériel fonctionnera a la satisfaction de l'utilisateur.
Avant d'installer ce matériel, l'utilisateur doit s'assurer qu'il est permis de le raccorder aux installations de l'entreprise
locale de télécommunication. le matériel doit également etre installé en suivant une méthod acceptée de
raccordement. Dans certains cas, les fils intérieurs de l'entreprise utilisés pour un service indivuduel a linge unique
peuvent etre prolongés au moyen d'un dispositif homologué de raccordement (cordon prolongateur téléphonique
interne). L'abonné ne doit pas oublier qu'il est possible que la conformité aux conditions énoncées ci-dessus
n'empechent pas la dégradation du service dans certaines situations. Actuellement, les entreprises de
télécommunication ne permettent pas que l'on raccorde leur matériel a des jacks d'abonné, sauf dans les cas précis
prévus pas les tarrifs particuliers de ces entreprises.
Les réparations de matériel homologué doivent etre effectuées pas un centre d'entretien Canadien autorisé designé
par le fournisseur, La compagnie de télécommunications puet demander a l'utilisateur de débrancher un appareil a la
suite de réparations ou de modifications effectuées par l'utilisateur ou a cause de mauvais fonctionnement.
Pour sa propre protection, l'utilisateur doit s'assurer que tous les fils de mise a la terre de la source d'energie
electrigue, des lignes téléphoniques et des canalisations d'eau métalliques, s'il y en a, sont raccordés ensemble.
Cette précaution est particuliérement importante dans les régions rurales.
Avertissement. - L'utilisateur ne doit pas tenter de faire ces raccordements lui-meme; il doit avior recours a un service
d'inspection des installations électriques, ou a electricien, selon le cas.
L'indice de charge (IC) assigné a chaque dispositif terminal indique, pour éviter toute surcharge, le pourcentage de la
charge totale qui peut etre raccodée a un circuit téléphonique bouclé utilisé par ce dispositif. La terminaison du circuit
Page 215
TeleBoss 850 2.06.280_STD User Manual
bouclé peut etre constituée de n'import quelle combinaision de dispositif, pourvu que la somme des indices de charge
de l'ensemble des dispositifs ne dépasse pas 100. L'indice de charge de cet produit est 5.
Cet appereil numérique respecte les limites de bruits radioélectriques applicables aux appareils numériques de
Classe A prescrites dans la norme sur le matériel brouilleur :"Appareils Numériques", NMB-003 édictée par le ministre
des Communications.
Page 216
TeleBoss 850 2.06.280_STD User Manual
Warranty Information
Asentria Corporation hereby warrants that it will, as the buyers sole remedy, repair or replace, at its option, any part of
the T850 which proves to be defective by reason of improper materials or workmanship, without charge for parts or
labor, for a period of 12 (twelve) months. This warranty period commences on the date of first retail purchase, and
applies only to the original retail purchaser.
To obtain service under this warranty, you must obtain, by telephone, postal letter, or email, a return authorization
number from Asentria Technical Support. This authorization number may be obtained by contacting Asentria
Technical Support at the address and/or phone number below. The defective unit is to be returned to Asentria with
shipping prepaid, and the return authorization number must be clearly marked on the outside of the package
containing the defective unit.
The dealer's bill of sale or other satisfactory proof of the date of purchase may be required to be presented in order to
obtain service under this warranty.
This warranty applies if your T850 fails to function properly under normal use and within the manufacturer's
specifications. This warranty does not apply if, in the opinion of Asentria Corporation, the unit has been damaged by
misuse; neglect; or improper packing, shipping, modification, or servicing by other than Asentria or an authorized
Asentria Service Center.
In no event shall Asentria Corporation be liable for any loss, inconvenience or damage, whether direct, incidental,
consequential or otherwise, with respect to the T850. Asentria Corporation's liability shall be limited to the purchase
price of the T850. No warranty of fitness for purpose, or of fitness of the T850 for any particular application is
provided. It is the responsibility of the user to determine fitness of the T850 for any particular application or purpose.
This warranty gives you specific legal rights. These rights may vary from state to state, as some states do not allow
limitations on liability.
You may request information on how to obtain service under this warranty by contacting Asentria Technical Support at
the address and phone number below:
www.asentria.com
Page 217