Performing a secure access reset – Echelon SmartServer 2.2 User Manual

SmartServer

2.2 User’s Guide

55

See Appendix B, Using the SmartServer Console Application, for more information on the enable
secureaccess and disable secureaccess console commands.

Performing a Secure Access Reset

If you have disabled secure access on your SmartServer and you do not have access to the console
application, but you do have access to the SmartServer hardware, you can perform a security access
reset to re-enable secure access. To do this, follow these steps:

1. To ensure maximum security, disconnect your computer and SmartServer from the LAN.

2. Remove the SmartServer from the TCP/IP network and attach it to the computer using an Ethernet

cable or a local server hub. This step is optional, but it is likely needed because performing a
security access reset temporarily resets the SmartServer’s IP address to 192.168.1.222.

3. Press and hold the service pin on the SmartServer hardware.

4. Reboot the SmartServer while holding down the service pin. You can reboot using the

SmartServer hardware or the SmartServer Web pages.



To reboot using the SmartServer hardware, use a small wire such as a paper clip to press the
reset switch located just below the Output LEDs on top of the SmartServer.



To reboot using the SmartServer Web pages, right-click the SmartServer icon in the
navigation pane in the left frame, point to Setup, select Reboot from the shortcut menu, and
then click Reboot in the Setup – Reboot dialog.

5. Continue holding the service pin. In approximately 10 seconds, all the LEDs on the SmartServer

will illuminate.

6. Approximately 30 seconds from when the reboot began, the service LED will illuminate solid

yellow. At this point you can release the service pin.

7. The SmartServer enters secure access mode and its IPv4 address, subnet mask, and gateway are

temporarily changed to 192.168.1.222, 255.255.255.0, and 192.168.1.222, respectively (IPv6
addresses are not changed during this process). They are returned to their specified IP addresses
after the SmartServer is rebooted.

Note: The IPv4 address change could place the SmartServer on a subnet with which your computer
cannot communicate. If this occurs, you can either modify your computer’s IP configuration and place
it on the 192.168.1.* subnet, or enter the following command in the Windows Command Prompt
window with administrator privileges:

route add 192.168.1.0 mask 255.255.255.0 %computername%

To open the command prompt with administrator privileges, click Start, type cmd in the search box,
right-click the cmd.exe, and then select Run as Administrator. If you receive a “The parameter is
incorrect” error after entering the route command, replace %computername% with the IP address of
your computer.

This command allows your computer to communicate with the SmartServer even when they are not on
the same subnet. This command does not persist through computer reboots, but you can add it to the
startup script for your computer or add the –p option to the route add command listed above.

Securing SmartServer Web Pages

You can secure the Web pages on your SmartServer using the i.LON Web Server Security and
Parameters program. Using this tool, you add security realms for to the webParams.dat file located
at the root of the SmartServer’s flash disk. A realm defines which files (Web pages) and folders on the
SmartServer can be accessed by which users from which IP addresses.

To secure a SmartServer Web page, you create a realm for that Web page’s .htm file, which is located
in the SmartServer’s root/web/user/echelon folder, and define which users can access it from which