Device Management Web Server

The MAC36PRO features a built-in Device Management Web Server, a web-based interface designed for pre-commissioning the controller, monitoring the system parameters and health status, managing the controller network parameters, and configuring the iSMA OS-level settings.The web server can be used to pre-commission the controller even if the host ID has not been licensed yet. By default, the web server is enabled and accessible via HTTPS connection on port 5580. It can be accessed using ETH1, ETH2, and USB network connection.

The first connection can be established using the default IP address of the controller (192.168.1.123) or through the USB connection on static IP address (169.254.1.123).

Login

To access the web server functions, the user must be logged in. The web server is secured with Niagara Platform credentials.

First Login

If the controller has not been commissioned yet, please use the default Niagara Platform credentials (tridium:niagara).

If the default credentials are used, the system will prompt the user to change them. A dialog window appears requiring:

• new username,

• new password,

• system passphrase,

The default tridium user will be removed and the new user will be created. The same user will be used to log in to the controller platform in Niagara Workbench.

Home Page

Home page of the MAC36PRO device management web server contains basic data about the device. It is displayed after a successful logging in to the device. It is useful for troubleshooting, and monitoring controller health status.

Home page contains the following data:

• Date/Time/Time Zone: shows a current date, time, and time zone set on the controller,

• Disk Space: shows a current usage of the disk space on the controller (presented in %),

• Free Disk Space: shows an amount of free disk space out of the total disk space available on the controller (presented in GB)

• RAM Usage: shows a current RAM usage by the controller (presented in %),

• Free RAM: shows an amount of free RAM out of total RAM available on the controller (presented in MB/GB),

• CPU Current Usage: shows a current CPU usage by the controller (presented in %),

• CPU Overall Usage: shows a summary CPU usage by the controller from the device start (presented in %),

• Hostname: shows a hostname of the controller; the hostname can be configured in the Network Configuration section,

• Model: shows a Niagara model of the controller,

• Product: shows a product code of the controller,

• Serial Number: shows a serial number of the controller,

• CPUs: shows a number of CPUs in the controller,

• Baja Version: shows a Baja version,

• Deamon Version: shows a Niagara deamon version,

• JVM: shows a Java Virtual Machine version,

• Profiles: shows used Niagara profiles,

• Host ID: shows a host ID for the licensing purposes.

In the top right corner of the device management web server, there are 2 buttons available for the device reboot and logging off. These are available regardless of which tab of the web server is being displayed at the moment.

For a reboot, a confirmation pop-up is displayed:

Network Configuration

The Network Configuration tab shows the settings of the controller’s network interfaces and allows to manage them. It allows to pre-configure network parameters for each Ethernet interface available on the controller, before accessing the platform in the Niagara Workbench or in case of any changes to the network parameters during the controller operation.

The Network Configuration tab has the following fields:

General Settings tab:

• Host Name: allows to set a network hostname of the controller,

• DNS Domain: allows to set a DNS domain,

• Default Gateway: allows to set a default IP gateway,

• DNSv4 Servers: allows to set a DNS server for IPv4,

  • +Add DNSv4 Server: allows to add an additional DNS server for IPv4,

• DNSv6 Servers: allows to set a DNS server for IPv6,

  • +Add DNSv6 Server: allows to add an additional DNS server for IPv6;

Interface ETH1/ETH2 tabs (dependent on controller’s interfaces):

• Interface Name: shows the interface’s name,

• MAC Address: shows the MAC address of the controller’s eth1/2 interface,

• Adapter Enabled: allows to enable/disable the Ethernet adapter mode;

IPv4 Settings:

• DHCP Enabled: allows to switch on/off a DHCP mode,

• IPv4 Address: allows to set an IP address of the controller,

• Subnet Mask: allows to set a subnet mask of the controller;

IPv6 Settings:

• IPv6 Enabled: allows to enable the IPv6 addressing for the controller,

• Auto Configuration: allows to set the controller’s IPv6 address and subnet prefix length automatically,

• IPv6 Address: allows to set the controller’s IPv6 address if the auto configuration is checked off,

• Subnet Prefix Length: allows to set the controller’s subnet prefix length if the auto configuration is checked off.

After making any change in the Network Configuration tab, it is required to confirm changes with the Save Configuration button.

Any change made to the network settings is validated. A green pop-up upon saving a new configuration informs that entered data are correct and a reboot is required:

A red pop-up informs that entered data are incorrect. Saving will not be possible until corrected data are filled in.

Remote Access - VPN

In the Device Management web server’s tree, under Remote Access, the VPN tab is available. The tab allows to manage the VPN connection supported by the MAC36PRO controller.

MAC36PRO WireGuard VPN Connection

The MAC36PRO supports a connection to a WireGuard VPN network in a client mode. It enables secure remote access to the controller through an encrypted tunnel. Once the VPN connection is established, the controller's web server, platform, and station can be accessed using the VPN IP address, providing complete remote control of the MAC36PRO controller.

To establish a VPN connection, a valid WireGuard configuration file (.conf) must be provided by the VPN server administrator. This is a standard file, which defines all necessary parameters including:

• interface private key,

• VPN server (peer) public key,

• client IP,

• VPN server IP (endpoint address),

• allowed IP ranges.

To set up the WireGuard VPN Client, follow the three step process:

Step 1: Upload configuration
Add the .conf file provided by the VPN server administrator. Use the Choose File button to select the file and Upload button to send it.

Step 2: Activate the configuration
After uploading a configuration file, it is required to activate it in order to initiate the VPN connection.

Step 3: Controller reboot
A device restart is required to apply the changes and establish the connection with the WireGuard VPN server. Reboot can be initiated using the button in the top right corner of the web server.

A correctly configured VPN service will display information about the established connection to the WireGuard VPN server.

Settings

The Settings tab refers to the basic configuration options related to the web server’s operation and security.

• Web Server Status:

For projects with increased security requirements, the Device Management web server can be permanently disabled after the commissioning process.

• Web Server Port Settings:

The Device Management web server is configured to use TCP port 5580 by default for incoming HTTPS connections. This port can be changed in the Settings tab to comply with the site-specific security policies or avoid conflicts with other services.

To confirm changes, it is required to use the Submit button and reboot the controller.

Debug - Ping

In the Device Management web server’s tree, under Debug, the Ping tab is available. The Ping tab provides a basic utility for network troubleshooting by allowing users to send ICMP echo requests (ping) directly from the MAC36PRO network stack. It is especially useful for verifying the connection to devices on the OT network, such as IP Multiprotocol I/O modules, VAV14-IP, or RAC18-IP.

To ping the controller, a raw IP address must be entered in IPv4 address format. Domain names are not accepted.