Network setup AX: Difference between revisions
AP |
m Chime.Center formatting |
||
| (37 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
<div style="font-size:84%"> '''[[Chime_Master_Help|Help]] » [[Operating manuals]] » [[:Category:AX_Manual|AX Table of Contents]]'''<br/> | <span class="crumbs"><div style="font-size:84%"> | ||
''' [[Settings_screen_AX|← Settings screen]] [[Keyboard_setup_AX|Next section →]] '''</div> | '''[[Chime_Master_Help|Help]] » [[Operating manuals]] » [[:Category:AX_Manual|AX Table of Contents]]'''<br/> | ||
''' [[Settings_screen_AX|← Settings screen]] [[Keyboard_setup_AX|Next section →]] ''' | |||
<br />Video help - [https://ezbells.com/ans0 Current Version] - [https://ezbells.com/ans9 Older setup screens (< 1.4.12)] | |||
</div></span> | |||
There are many advantages to having your ringing system connected to the internet. | There are many advantages to having your ringing system connected to the internet. | ||
* Continual time clock synchronization | * Continual time clock synchronization | ||
* [[Remote_AX|Remote control]] experience is enhanced | * [[Remote_AX|Remote control]] experience is enhanced | ||
* Advanced music, seasons and schedules using [[Using_Chime_Center|Chime Center]] | * Advanced music, seasons and schedules using [[Using_Chime_Center|Chime.Center]] | ||
* Automatic software and security updates | * Automatic software and security updates | ||
== Check your connection == | == Check your connection == | ||
=== Login screen === | |||
* Check mark - indicates the system has full Internet connectivity | You can tell if the system is connected to the Internet by checking the connection icon found on the PIN login screen at the top right corner, just below the system status icon. It will display one of the following states: | ||
* X mark - indicates the system is not able to reach the Chime Center server | * Check mark on the globe - indicates the system has full Internet connectivity | ||
* '''AP''' - indicates the system is in Access Point mode for local remote control | * X mark on the globe - indicates the system is not able to reach the Chime.Center server | ||
* '''AP''' (no globe) - indicates the system is in Access Point (AP) mode for local remote control | |||
** Turn on Access Point mode whenever you cannot connect the ringing system to the Internet, even if you do not need the local remote control. This will turn off Internet services so that errors resulting from these missing connections will not degrade your ringing system's performance. | ** Turn on Access Point mode whenever you cannot connect the ringing system to the Internet, even if you do not need the local remote control. This will turn off Internet services so that errors resulting from these missing connections will not degrade your ringing system's performance. | ||
=== Network settings screen === | |||
Connection status is shown at the top of the Network Settings screen. Possible messages are: | |||
* Status: '''Connected to the Internet''' - System is connected to Chime.Center. | |||
* Status: '''Connected to Local Network''' - System is available on the local network. It is likely that router or firewall settings for the network are not allowing connections to Chime.Center. Restart the system and if that does not help, check that all [[Network_setup_AX#Your_network|required outgoing ports]] are available. | |||
* Status: '''Access Point Mode''' - System is in Access Point (AP) mode for local remote control. | |||
* Status: '''Not Connected''' - System is not making connections to any network. Check cabling and if using antenna, retry WiFi setup. | |||
=== System time === | |||
The system will not be able to properly negotiate connections with our servers if the ringing system's time is incorrect. Go the the Settings - Date and Time screen to verify the correct date, time and time zone. Make sure the switches for DST and Automatic Time Sync are on. | |||
== Connection modes == | == Connection modes == | ||
[[File:NetworkSettings.jpg|right|550px]] | [[File:NetworkSettings.jpg|right|550px]] | ||
| Line 21: | Line 34: | ||
* Connect an Ethernet cable from your router to the labeled jack on the back of the AX carillon. This will be recognized immediately. | * Connect an Ethernet cable from your router to the labeled jack on the back of the AX carillon. This will be recognized immediately. | ||
* When a network address is displayed with a green check mark next to ''Ethernet network Connected'' you are connected. | * When a network address is displayed with a green check mark next to ''Ethernet network Connected'' you are connected. | ||
* Make sure the Access point switch at the bottom of the screen is ''' | * Make sure the Access point switch at the bottom of the screen is '''Normal''' and gray in color. If you change the Access Point mode the system must be restarted (see below). | ||
* If you also have a green check mark and IP address under WiFi Networks, you should unplug the antenna from the rear USB port. | * If you also have a green check mark and IP address under WiFi Networks, you should unplug the antenna from the rear USB port. | ||
=== Wireless === | === Wireless === | ||
These connections require the | These connections require the available wireless adapter antenna. Screw the two parts together and power down the ringing system before plugging in the antenna. Keep the system level while the antenna is plugged in, as tipping the system can cause damage to the antenna or port connection. | ||
==== WiFi network ==== | ==== WiFi network ==== | ||
WiFi is trickier to set up, but has the advantage that it provides an air gap between the lightning prone outside components of your ringing system and your other wired network | WiFi is trickier to set up, but has the advantage that it provides an air gap between the lightning prone outside components of your ringing system and your other wired network components. | ||
[[File:Wifi.jpg|frameless|right|450px]] | [[File:Wifi.jpg|frameless|right|450px]] | ||
* From the home page of the | * From the home page of the AX ringing system, choose Settings then Network. This page displays if you are connected via an Ethernet cable or a wireless network. | ||
* The Access Point Mode at the bottom of the screen should be set to ''' | * The Access Point Mode at the bottom of the screen should be set to '''Normal''' - gray when connecting to a WiFi network. | ||
* If you have changed the Access Point mode, restart the system (see below). | * If you have changed the Access Point mode, restart the system (see below). | ||
* Tap on '''WiFi Networks''' and choose the one you want to connect to. Enter the WiFi password in the next box and tap Connect. It may take a couple of minutes. | |||
* When the unit has successfully connected, it should update the Current WiFi Network and Wireless IP address. | * When the unit has successfully connected, it should update the Current WiFi Network and Wireless IP address. | ||
* If you have trouble connecting with the wireless antenna we supply (password is not accepted): | |||
** Your Router or Access point may be configured for WPA3 only. Please have your network administrator configure the WiFi network for mixed-mode WPA2+WPA3. The AX system does not currently support WPA3. | |||
** A network bridge can be configured to connect your WiFi to the ringing system's Ethernet port. Your network administrator should be able to set this up for you. TP-Link makes a WPA3 compatible device, TL-WA1801 ([https://www.amazon.com/TP-Link-TL-WA1801-Beamforming-Supports-Multi-SSID/dp/B0CNSCVXZN Amazon link]). | |||
=== Access Point (no Internet) === | ==== Access Point (no Internet) ==== | ||
Advanced eXperience ringing systems are designed to be connected to the Internet, but if none is available at your facility, the system can provide an ad-hoc local Access Point WiFi network to which you can connect your phone. | Advanced eXperience ringing systems are designed to be connected to the Internet, but if none is available at your facility, the system can provide an ad-hoc local Access Point WiFi network to which you can connect your phone. | ||
This | This means you can [[Remote_AX|remote control]] your ringing system when your phone is nearby. | ||
* QR codes are different for remote controls that use the local connection from those that use Internet connection. | * QR codes are different for remote controls that use the local connection from those that use Internet connection. | ||
* Refer to the [[Remote_AX|Remote Control instructions]] for scanning multiple users and saving the app to you phones home screen. | * Refer to the [[Remote_AX|Remote Control instructions]] for scanning multiple users and saving the app to you phones home screen. | ||
==== Enable local remote access point ==== | ===== Enable local remote access point ===== | ||
* While the Chime Master AX carillon is powered off, plug in the included wireless antenna into the top right USB port on the back, then restart the unit. | * While the Chime Master AX carillon is powered off, plug in the included wireless antenna into the top right USB port on the back, then restart the unit. | ||
* From the home page, choose Settings then Network. At the top, you can view if you are connected via an Ethernet cable or a wireless network (network address beside the appropriate IP label). | * From the home page, choose Settings then Network. At the top, you can view if you are connected via an Ethernet cable or a wireless network (network address beside the appropriate IP label). | ||
* Tap the Access Point switch | * Tap the Access Point switch near the bottom of the screen. When the '''Access Point switch is gold''' and an IP address appears beside ''Wireless IP'' you can exit the Network setup page and proceed. | ||
Restart the system as described below. When the system restarts in AP mode, it will disable all Internet dependent services. This prevents internal connection errors and improves system performance. | Restart the system as described below. When the system restarts in AP mode, it will disable all Internet dependent services. This prevents internal connection errors and improves system performance. | ||
* When you tap the lock page clock, the PIN login screen will | * When you tap the lock page clock, the PIN login screen will indicate at top right that the system is in AP mode. | ||
* | * Login and from the home page, tap the Remote button. | ||
* After entering your PIN, the system will check its network connection status. You will be asked to connect your smart phone or other device to a password protected CMS WiFi. The SSID and Password will appear above the QR Code. After connecting your phone to the carillon's network, scan the QR code with your phone’s camera or QR reader. Tap the link which is provided from the QR code to open the '''Local Remote''' in your phone’s browser. | * After entering your PIN, the system will check its network connection status. You will be asked to connect your smart phone or other device to a password protected CMS WiFi. The SSID and Password will appear above the QR Code. After connecting your phone to the carillon's network, scan the QR code with your phone’s camera or QR reader. Tap the link which is provided from the QR code to open the '''Local Remote''' in your phone’s browser. | ||
| Line 62: | Line 78: | ||
* Leave the WiFi antenna plugged in only if you are ''not'' connecting using an Ethernet cable. | * Leave the WiFi antenna plugged in only if you are ''not'' connecting using an Ethernet cable. | ||
Restart the system as described below. When the system starts with the Access Point | Restart the system as described below. When the system starts with the Access Point switch set to '''Normal''', update, backup and other Chime.Center remote features are enabled. | ||
==== Verify connection and reset Remote ==== | ==== Verify connection and reset Remote ==== | ||
| Line 68: | Line 84: | ||
* Return to the home page, then tap the Remote button. | * Return to the home page, then tap the Remote button. | ||
* After entering your PIN, the system will check its network connection status. | * After entering your PIN, the system will check its network connection status. | ||
* Above the QR code the system will indicate that this code is for the Chime Center Remote. | * Above the QR code the system will indicate that this code is for the Chime.Center Remote. | ||
* Make sure your phone has Internet access and scan the QR code with your phone’s camera or QR reader. Tap the link which is provided from the QR code to open the '''Chime Remote''' in your phone's browser. | * Make sure your phone has Internet access and scan the QR code with your phone’s camera or QR reader. Tap the link which is provided from the QR code to open the '''Chime Remote''' in your phone's browser. | ||
| Line 94: | Line 110: | ||
While connected only to your network (mobile data off), a test device (phone or PC) must be able to access | While connected only to your network (mobile data off), a test device (phone or PC) must be able to access | ||
'''https://chime.center''' | '''https://chime.center''' | ||
'''https://sf.chime.center''' | |||
* This site may need to be white-listed in firewall or DNS rules | * This site may need to be white-listed in firewall or DNS rules | ||
=== Bandwidth === | |||
Typically you can expect around 50MB to 100MB per day (less than 3GB/month) of usage by the bell system, depending on the frequency of remote control and management usage. | |||
== Security == | == Security == | ||
AX ringing systems do not require static IP addresses or any special inbound port forwarding through your firewall. Chime Center's routing will make sure that only you have control of your bells. Best practices should be followed whenever connecting anything other than computers and printers to your network and the Internet. The following are a few suggestions that you should consider. The easiest are at the top and should be complied with first. | AX ringing systems do not require static IP addresses or any special inbound port forwarding through your firewall. Chime.Center's routing will make sure that only you have control of your bells. Best practices should be followed whenever connecting anything other than computers and printers to your network and the Internet. The following are a few suggestions that you should consider. The easiest are at the top and should be complied with first. | ||
=== Ringing system === | === Ringing system === | ||
* [[User_profile_setup_AX|Change the default login PIN number]] for the login screen. Users who have (or guess) this code can use the front panel remote screen to authenticate remote access. You can use up to 10 digits. | * [[User_profile_setup_AX|Change the default login PIN number]] for the login screen. Users who have (or guess) this code can use the front panel remote screen to authenticate remote access. You can use up to 10 digits. | ||
* Use a strong password to login to Chime Center. Use a password manager to generate unique and strong passwords for each of your site logins. Never re-use your email password on other sites. | * Use a strong password to login to Chime.Center. Use a password manager to generate unique and strong passwords for each of your site logins. Never re-use your email password on other sites. | ||
* Do not attempt to simultaneously use the wired Ethernet connection and the WiFi antenna connection. Make sure the Access Point is set to | * Do not attempt to simultaneously use the wired Ethernet connection and the WiFi antenna connection. Make sure the Access Point is set to '''Normal''' (see above) if you are connected to a network. Necessary services are inhibited by the Access Point mode such as: | ||
** Automatic clock synchronization | ** Automatic clock synchronization | ||
** Software updates | ** Software updates | ||
** Chime Center access | ** Chime.Center access | ||
* Do not connect the ringing system directly to the Internet without a firewall (router based or dedicated). | * Do not connect the ringing system directly to the Internet without a firewall (router based or dedicated). | ||
=== Your network === | === Your network === | ||
No inbound ports need to be open on your firewall. Most router firewalls default to allow outgoing connections on all ports while blocking incoming connections. | No inbound ports need to be open on your firewall. Most router firewalls default to allow outgoing connections on all ports while blocking incoming connections. | ||
In more secure facilities, | In more secure facilities, outgoing connections may also be blocked to ports other than those needed for typical web browsing. Keep these outbound ports open for the ringing system: | ||
* '''SSH 22''' (to *.sf.chime.center - remote tunnel for API and backups) | |||
* '''TCP 443''' (to *.sf.chime.center - updates) | |||
* '''TCP 7443''' (to *.chime.center - update systems with firmware < 1.4.20) | |||
* '''UDP 123''' (time sync) | |||
==== Issues with firewalls ==== | |||
'''Verizon''' router/modem firewalls often default to closing connections to port 22. Check if your security settings is set to maximum. If so, manually add SSH 22. | |||
Chime.Center does not support Deep Packet Inspection of SSH packets (DPI-SSH), typically encountered on '''SonicWall''' products. If your network must enable DPI-SSH (very rare circumstances), disable it for the ringing system's (static) IP or mac address to allow API tunneling. Otherwise, the Chime.Center server will detect your firewall as a man-in-the-middle attacker and drop the connection. | |||
==== Best Practices ==== | |||
* Use a strong WiFi password on your router or access point. | * Use a strong WiFi password on your router or access point. | ||
* Test your firewall for unneeded open inbound ports. Gibson Research provides the [https://www.grc.com/shieldsup Shields Up!] tool. After clicking the Proceed button, click the All Service Ports button to begin testing. | * Test your firewall for unneeded open inbound ports. Gibson Research provides the [https://www.grc.com/shieldsup Shields Up!] tool. After clicking the Proceed button, click the All Service Ports button to begin testing. | ||
* Have your IT personnel configure a [https://robpickering.com/ubiquiti-configure-micro-segmentation-for-iot-devices/ segmented VLAN or Internet-of-Things sub-network] for the ringing system and other appliances. [https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network The FBI recommends] you do this at home as well. | * Have your IT personnel configure a [https://robpickering.com/ubiquiti-configure-micro-segmentation-for-iot-devices/ segmented VLAN or Internet-of-Things sub-network] for the ringing system and other appliances such as security cameras. [https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network The FBI recommends] you do this at home as well. | ||
<br/> | <br/> | ||
[[Media:AX | <span class="crumbs"><div style="font-size:84%"> | ||
[[Media:AX Security Sheet-2022-11-30.pdf|PDF: AX Network Connectivity and Security]] | |||
''' [[Settings_screen_AX|← Settings screen]] [[Keyboard_setup_AX|Next section →]] ''' | |||
</div></span> | |||
[[Category:AX Manual]] | [[Category:AX Manual]] | ||