Network setup AX: Difference between revisions
Jodivandyke (talk | contribs) No edit summary |
(TL-WA1801) |
||
(116 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
<div style="font-size:84%">'''[[Chime_Master_Help|Help]] | <span class="crumbs"><div style="font-size:84%"> | ||
''' [[Settings_screen_AX| | '''[[Chime_Master_Help|Help]] » [[Operating manuals]] » [[:Category:AX_Manual|AX Table of Contents]]'''<br/> | ||
''' [[Settings_screen_AX|← Settings screen]] [[Keyboard_setup_AX|Next section →]] ''' | |||
<br />Video help - [https://ezbells.com/ans0 Current Version] - [https://ezbells.com/ans9 Older setup screens (< 1.4.12)] | |||
</div></span> | |||
There are many advantages to having your | There are many advantages to having your ringing system connected to the internet. | ||
* Continual time clock synchronization | |||
* [[Remote_AX|Remote control]] experience is enhanced | |||
* Advanced music, seasons and schedules using [[Using_Chime_Center|Chime Center]] | |||
* Automatic software and security updates | |||
== Check your connection == | |||
=== Login screen === | |||
You can tell if the system is connected to the Internet by checking the connection icon found on the PIN login screen at the top right corner, just below the system status icon. It will display one of the following states: | |||
* Check mark on the globe - indicates the system has full Internet connectivity | |||
* X mark on the globe - indicates the system is not able to reach the Chime Center server | |||
* '''AP''' (no globe) - indicates the system is in Access Point (AP) mode for local remote control | |||
** Turn on Access Point mode whenever you cannot connect the ringing system to the Internet, even if you do not need the local remote control. This will turn off Internet services so that errors resulting from these missing connections will not degrade your ringing system's performance. | |||
=== Network settings screen === | |||
Connection status is shown at the top of the Network Settings screen. Possible messages are: | |||
* Status: '''Connected to the Internet''' - System is connected to Chime.Center. | |||
* Status: '''Connected to Local Network''' - System is available on the local network. It is likely that router or firewall settings for the network are not allowing connections to Chime.Center. Restart the system and if that does not help, check that all [[Network_setup_AX#Your_network|required outgoing ports]] are available. | |||
* Status: '''Access Point Mode''' - System is in Access Point (AP) mode for local remote control. | |||
* Status: '''Not Connected''' - System is not making connections to any network. Check cabling and if using antenna, retry WiFi setup. | |||
== Wired | == Connection modes == | ||
[[File:NetworkSettings.jpg|right|550px]] | |||
=== Wired Ethernet === | |||
A wired network will always provide the easiest and most reliable connection if you have it. | |||
;Setup | |||
* Connect an Ethernet cable from your router to the labeled jack on the back of the AX carillon. This will be recognized immediately. | * Connect an Ethernet cable from your router to the labeled jack on the back of the AX carillon. This will be recognized immediately. | ||
* | * When a network address is displayed with a green check mark next to ''Ethernet network Connected'' you are connected. | ||
* | * Make sure the Access point switch at the bottom of the screen is '''Normal''' and gray in color. If you change the Access Point mode the system must be restarted (see below). | ||
== Wireless | * If you also have a green check mark and IP address under WiFi Networks, you should unplug the antenna from the rear USB port. | ||
=== WiFi === | |||
* From the home page of the | === Wireless === | ||
* The Access Point Mode at the | These connections require the available wireless adapter antenna. Screw the two parts together and powered down the ringing system before plugging in the antenna. Keep the system level while the antenna is plugged in, as tipping the system can cause damage to the antenna or port connection. | ||
* Tap | |||
* When the unit has successfully connected, it should update the Current WiFi Network and Wireless IP. If | ==== WiFi network ==== | ||
* | WiFi is trickier to set up, but has the advantage that it provides an air gap between the lightning prone outside components of your ringing system and your other wired network equipment. | ||
* After entering your PIN, the system will check its network connection status. | |||
* | [[File:Wifi.jpg|frameless|right|450px]] | ||
* From the home page of the AX ringing system, choose Settings then Network. This page displays if you are connected via an Ethernet cable or a wireless network. | |||
* The Access Point Mode at the bottom of the screen should be set to '''Normal''' - gray when connecting to a WiFi network. | |||
* If you have changed the Access Point mode, restart the system (see below). | |||
* Tap on '''WiFi Networks''' and choose the one you want to connect to. Enter the WiFi password in the next box and tap Connect. It may take a couple of minutes. | |||
* When the unit has successfully connected, it should update the Current WiFi Network and Wireless IP address. | |||
* If you have trouble connecting with the wireless antenna we supply (password is not accepted): | |||
** Your Router or Access point may be configured for WPA3 only. Please have your network administrator configure the WiFi network for mixed-mode WPA2+WPA3. The AX system does not currently support WPA3. | |||
** A network bridge can be configured to connect your WiFi to the ringing system's Ethernet port. Your network administrator should be able to set this up for you. TP-Link makes a WPA3 compatible device, TL-WA1801 ([https://www.amazon.com/TP-Link-TL-WA1801-Beamforming-Supports-Multi-SSID/dp/B0CNSCVXZN Amazon link]). | |||
==== Access Point (no Internet) ==== | |||
Advanced eXperience ringing systems are designed to be connected to the Internet, but if none is available at your facility, the system can provide an ad-hoc local Access Point WiFi network to which you can connect your phone. | |||
This means you can [[Remote_AX|remote control]] your ringing system when your phone is nearby. | |||
* QR codes are different for remote controls that use the local connection from those that use Internet connection. | |||
* Refer to the [[Remote_AX|Remote Control instructions]] for scanning multiple users and saving the app to you phones home screen. | |||
===== Enable local remote access point ===== | |||
* While the Chime Master AX carillon is powered off, plug in the included wireless antenna into the top right USB port on the back, then restart the unit. | |||
* From the home page, choose Settings then Network. At the top, you can view if you are connected via an Ethernet cable or a wireless network (network address beside the appropriate IP label). | |||
* Tap the Access Point switch near the bottom of the screen. When the '''Access Point switch is gold''' and an IP address appears beside ''Wireless IP'' you can exit the Network setup page and proceed. | |||
Restart the system as described below. When the system restarts in AP mode, it will disable all Internet dependent services. This prevents internal connection errors and improves system performance. | |||
* When you tap the lock page clock, the PIN login screen will indicate at top right that the system is in AP mode. | |||
* Login and from the home page, tap the Remote button. | |||
* After entering your PIN, the system will check its network connection status. You will be asked to connect your smart phone or other device to a password protected CMS WiFi. The SSID and Password will appear above the QR Code. After connecting your phone to the carillon's network, scan the QR code with your phone’s camera or QR reader. Tap the link which is provided from the QR code to open the '''Local Remote''' in your phone’s browser. | |||
=== (Re-)Enable Internet features === | |||
If the system has an Internet Connection (using a network cable) and the wireless antenna is plugged in and the Access Point is left on, Internet features such as clock synchronization are disabled. Always turn off the Access Point when using a wired connection. | |||
* From the home page, choose Settings then Network. At the top, you can view if you are connected via an Ethernet cable or a wireless network (network address beside the appropriate IP label). | |||
* Tap the Access Point switch in the lower left corner of the screen. When the '''Access Point switch is gray''' with an x on it, Internet features are enabled (after restart). | |||
* Leave the WiFi antenna plugged in only if you are ''not'' connecting using an Ethernet cable. | |||
Restart the system as described below. When the system starts with the Access Point switch set to '''Normal''', update, backup and other Chime Center remote features are enabled. | |||
==== Verify connection and reset Remote ==== | |||
* When you tap the lock page clock, the PIN login screen will display the connection icon as described at the top of this page. | |||
* Return to the home page, then tap the Remote button. | |||
* After entering your PIN, the system will check its network connection status. | |||
* Above the QR code the system will indicate that this code is for the Chime Center Remote. | |||
* Make sure your phone has Internet access and scan the QR code with your phone’s camera or QR reader. Tap the link which is provided from the QR code to open the '''Chime Remote''' in your phone's browser. | |||
=== Restart after changing modes === | |||
Restarting the system is required to change the Access Point mode: | |||
* Press and hold the front panel lighted power button until it turns red. Release the button and it will begin to blink violet then blue. | |||
* When the power button has stopped blinking and is solid blue, click it to restart the system. | |||
* The light will blink green then turn solid gold for normal operation. | |||
== Advanced settings == | |||
DHCP is the default setting that allows the system to obtain network information from your router and automatically attach to your network. Large campus installations may require the IT department to define how the system should be connected. | |||
Open the Settings - Network page. The type of current connection will be displayed with a green check mark, along with the current IP address and interface mac address. | |||
Tap the network connection you wish to change to static IP. | |||
;WiFi | |||
:Tap the Advanced Network Setup switch, re-enter the WiFi password and change IP settings to Static. | |||
;Ethernet | |||
:Tap the Advanced Network Setup switch. | |||
Scroll down to enter the static IP to use, the Subnet (in CIDR bit count format without the slash), your gateway's IP, and your name server (DNS) IP. Tap Save and close the menu. It shouldn't be necessary, but a good idea to hold the lighted power button for five seconds to shut down the system. Click the button again when it is solid blue to restart. | |||
== Internet access requirements == | |||
While connected only to your network (mobile data off), a test device (phone or PC) must be able to access | |||
'''https://chime.center''' | |||
* This site may need to be white-listed in firewall or DNS rules | |||
== Security == | |||
AX ringing systems do not require static IP addresses or any special inbound port forwarding through your firewall. Chime Center's routing will make sure that only you have control of your bells. Best practices should be followed whenever connecting anything other than computers and printers to your network and the Internet. The following are a few suggestions that you should consider. The easiest are at the top and should be complied with first. | |||
=== Ringing system === | |||
* [[User_profile_setup_AX|Change the default login PIN number]] for the login screen. Users who have (or guess) this code can use the front panel remote screen to authenticate remote access. You can use up to 10 digits. | |||
* Use a strong password to login to Chime Center. Use a password manager to generate unique and strong passwords for each of your site logins. Never re-use your email password on other sites. | |||
* Do not attempt to simultaneously use the wired Ethernet connection and the WiFi antenna connection. Make sure the Access Point is set to '''Normal''' (see above) if you are connected to a network. Necessary services are inhibited by the Access Point mode such as: | |||
** Automatic clock synchronization | |||
** Software updates | |||
** Chime Center access | |||
* Do not connect the ringing system directly to the Internet without a firewall (router based or dedicated). | |||
=== Your network === | |||
No inbound ports need to be open on your firewall. Most router firewalls default to allow outgoing connections on all ports while blocking incoming connections. | |||
In more secure facilities, your IT people may configure the firewall also to not allow outgoing connections to ports other than those needed for typical web browsing. If your firewall filters outbound ports, call us for the outbound ports that need to be open (in addition to '''TCP 443''' : https, and '''UDP 123''' : time sync). | |||
* Use a strong WiFi password on your router or access point. | |||
* Test your firewall for unneeded open inbound ports. Gibson Research provides the [https://www.grc.com/shieldsup Shields Up!] tool. After clicking the Proceed button, click the All Service Ports button to begin testing. | |||
* | * Have your IT personnel configure a [https://robpickering.com/ubiquiti-configure-micro-segmentation-for-iot-devices/ segmented VLAN or Internet-of-Things sub-network] for the ringing system and other appliances. [https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network The FBI recommends] you do this at home as well. | ||
* | <br/> | ||
<span class="crumbs"><div style="font-size:84%"> | |||
[[Media:AX Security Sheet-2022-11-30.pdf|PDF: AX Network Connectivity and Security]] | |||
''' [[Settings_screen_AX| | ''' [[Settings_screen_AX|← Settings screen]] [[Keyboard_setup_AX|Next section →]] ''' | ||
</div></span> | |||
[[Category:AX Manual]] | [[Category:AX Manual]] |
Latest revision as of 15:00, 12 September 2024
There are many advantages to having your ringing system connected to the internet.
- Continual time clock synchronization
- Remote control experience is enhanced
- Advanced music, seasons and schedules using Chime Center
- Automatic software and security updates
Check your connection
Login screen
You can tell if the system is connected to the Internet by checking the connection icon found on the PIN login screen at the top right corner, just below the system status icon. It will display one of the following states:
- Check mark on the globe - indicates the system has full Internet connectivity
- X mark on the globe - indicates the system is not able to reach the Chime Center server
- AP (no globe) - indicates the system is in Access Point (AP) mode for local remote control
- Turn on Access Point mode whenever you cannot connect the ringing system to the Internet, even if you do not need the local remote control. This will turn off Internet services so that errors resulting from these missing connections will not degrade your ringing system's performance.
Network settings screen
Connection status is shown at the top of the Network Settings screen. Possible messages are:
- Status: Connected to the Internet - System is connected to Chime.Center.
- Status: Connected to Local Network - System is available on the local network. It is likely that router or firewall settings for the network are not allowing connections to Chime.Center. Restart the system and if that does not help, check that all required outgoing ports are available.
- Status: Access Point Mode - System is in Access Point (AP) mode for local remote control.
- Status: Not Connected - System is not making connections to any network. Check cabling and if using antenna, retry WiFi setup.
Connection modes
Wired Ethernet
A wired network will always provide the easiest and most reliable connection if you have it.
- Setup
- Connect an Ethernet cable from your router to the labeled jack on the back of the AX carillon. This will be recognized immediately.
- When a network address is displayed with a green check mark next to Ethernet network Connected you are connected.
- Make sure the Access point switch at the bottom of the screen is Normal and gray in color. If you change the Access Point mode the system must be restarted (see below).
- If you also have a green check mark and IP address under WiFi Networks, you should unplug the antenna from the rear USB port.
Wireless
These connections require the available wireless adapter antenna. Screw the two parts together and powered down the ringing system before plugging in the antenna. Keep the system level while the antenna is plugged in, as tipping the system can cause damage to the antenna or port connection.
WiFi network
WiFi is trickier to set up, but has the advantage that it provides an air gap between the lightning prone outside components of your ringing system and your other wired network equipment.
- From the home page of the AX ringing system, choose Settings then Network. This page displays if you are connected via an Ethernet cable or a wireless network.
- The Access Point Mode at the bottom of the screen should be set to Normal - gray when connecting to a WiFi network.
- If you have changed the Access Point mode, restart the system (see below).
- Tap on WiFi Networks and choose the one you want to connect to. Enter the WiFi password in the next box and tap Connect. It may take a couple of minutes.
- When the unit has successfully connected, it should update the Current WiFi Network and Wireless IP address.
- If you have trouble connecting with the wireless antenna we supply (password is not accepted):
- Your Router or Access point may be configured for WPA3 only. Please have your network administrator configure the WiFi network for mixed-mode WPA2+WPA3. The AX system does not currently support WPA3.
- A network bridge can be configured to connect your WiFi to the ringing system's Ethernet port. Your network administrator should be able to set this up for you. TP-Link makes a WPA3 compatible device, TL-WA1801 (Amazon link).
Access Point (no Internet)
Advanced eXperience ringing systems are designed to be connected to the Internet, but if none is available at your facility, the system can provide an ad-hoc local Access Point WiFi network to which you can connect your phone.
This means you can remote control your ringing system when your phone is nearby.
- QR codes are different for remote controls that use the local connection from those that use Internet connection.
- Refer to the Remote Control instructions for scanning multiple users and saving the app to you phones home screen.
Enable local remote access point
- While the Chime Master AX carillon is powered off, plug in the included wireless antenna into the top right USB port on the back, then restart the unit.
- From the home page, choose Settings then Network. At the top, you can view if you are connected via an Ethernet cable or a wireless network (network address beside the appropriate IP label).
- Tap the Access Point switch near the bottom of the screen. When the Access Point switch is gold and an IP address appears beside Wireless IP you can exit the Network setup page and proceed.
Restart the system as described below. When the system restarts in AP mode, it will disable all Internet dependent services. This prevents internal connection errors and improves system performance.
- When you tap the lock page clock, the PIN login screen will indicate at top right that the system is in AP mode.
- Login and from the home page, tap the Remote button.
- After entering your PIN, the system will check its network connection status. You will be asked to connect your smart phone or other device to a password protected CMS WiFi. The SSID and Password will appear above the QR Code. After connecting your phone to the carillon's network, scan the QR code with your phone’s camera or QR reader. Tap the link which is provided from the QR code to open the Local Remote in your phone’s browser.
(Re-)Enable Internet features
If the system has an Internet Connection (using a network cable) and the wireless antenna is plugged in and the Access Point is left on, Internet features such as clock synchronization are disabled. Always turn off the Access Point when using a wired connection.
- From the home page, choose Settings then Network. At the top, you can view if you are connected via an Ethernet cable or a wireless network (network address beside the appropriate IP label).
- Tap the Access Point switch in the lower left corner of the screen. When the Access Point switch is gray with an x on it, Internet features are enabled (after restart).
- Leave the WiFi antenna plugged in only if you are not connecting using an Ethernet cable.
Restart the system as described below. When the system starts with the Access Point switch set to Normal, update, backup and other Chime Center remote features are enabled.
Verify connection and reset Remote
- When you tap the lock page clock, the PIN login screen will display the connection icon as described at the top of this page.
- Return to the home page, then tap the Remote button.
- After entering your PIN, the system will check its network connection status.
- Above the QR code the system will indicate that this code is for the Chime Center Remote.
- Make sure your phone has Internet access and scan the QR code with your phone’s camera or QR reader. Tap the link which is provided from the QR code to open the Chime Remote in your phone's browser.
Restart after changing modes
Restarting the system is required to change the Access Point mode:
- Press and hold the front panel lighted power button until it turns red. Release the button and it will begin to blink violet then blue.
- When the power button has stopped blinking and is solid blue, click it to restart the system.
- The light will blink green then turn solid gold for normal operation.
Advanced settings
DHCP is the default setting that allows the system to obtain network information from your router and automatically attach to your network. Large campus installations may require the IT department to define how the system should be connected.
Open the Settings - Network page. The type of current connection will be displayed with a green check mark, along with the current IP address and interface mac address.
Tap the network connection you wish to change to static IP.
- WiFi
- Tap the Advanced Network Setup switch, re-enter the WiFi password and change IP settings to Static.
- Ethernet
- Tap the Advanced Network Setup switch.
Scroll down to enter the static IP to use, the Subnet (in CIDR bit count format without the slash), your gateway's IP, and your name server (DNS) IP. Tap Save and close the menu. It shouldn't be necessary, but a good idea to hold the lighted power button for five seconds to shut down the system. Click the button again when it is solid blue to restart.
Internet access requirements
While connected only to your network (mobile data off), a test device (phone or PC) must be able to access
https://chime.center
- This site may need to be white-listed in firewall or DNS rules
Security
AX ringing systems do not require static IP addresses or any special inbound port forwarding through your firewall. Chime Center's routing will make sure that only you have control of your bells. Best practices should be followed whenever connecting anything other than computers and printers to your network and the Internet. The following are a few suggestions that you should consider. The easiest are at the top and should be complied with first.
Ringing system
- Change the default login PIN number for the login screen. Users who have (or guess) this code can use the front panel remote screen to authenticate remote access. You can use up to 10 digits.
- Use a strong password to login to Chime Center. Use a password manager to generate unique and strong passwords for each of your site logins. Never re-use your email password on other sites.
- Do not attempt to simultaneously use the wired Ethernet connection and the WiFi antenna connection. Make sure the Access Point is set to Normal (see above) if you are connected to a network. Necessary services are inhibited by the Access Point mode such as:
- Automatic clock synchronization
- Software updates
- Chime Center access
- Do not connect the ringing system directly to the Internet without a firewall (router based or dedicated).
Your network
No inbound ports need to be open on your firewall. Most router firewalls default to allow outgoing connections on all ports while blocking incoming connections.
In more secure facilities, your IT people may configure the firewall also to not allow outgoing connections to ports other than those needed for typical web browsing. If your firewall filters outbound ports, call us for the outbound ports that need to be open (in addition to TCP 443 : https, and UDP 123 : time sync).
- Use a strong WiFi password on your router or access point.
- Test your firewall for unneeded open inbound ports. Gibson Research provides the Shields Up! tool. After clicking the Proceed button, click the All Service Ports button to begin testing.
- Have your IT personnel configure a segmented VLAN or Internet-of-Things sub-network for the ringing system and other appliances. The FBI recommends you do this at home as well.