User Guide

Network Management Card 3

AP9640, AP9641, AP9643

UPS devices with an embedded Network Management Card 3, such as Smart-UPS

devices with the SRT prefix, Smart-UPS Ultra devices with the SRTL prefix, or Smart-
UPS Modular Ultra devices with the SRYLF prefix.
990-91148M-001
September, 2024
Schneider Electric Legal Disclaimer
The information presented in this manual is not warranted by Schneider Electric to be authoritative, error free,
or complete. This publication is not meant to be a substitute for a detailed operational and site specific
development plan. Therefore, Schneider Electric assumes no liability for damages, violations of codes,
improper installation, system failures, or any other problems that could arise based on the use of this
Publication.

The information contained in this Publication is provided as is and has been prepared solely for the purpose of
evaluating data center design and construction. This Publication has been compiled in good faith by Schneider
Electric. However, no representation is made or warranty given, either express or implied, as to the
completeness or accuracy of the information this Publication contains.

IN NO EVENT SHALL SCHNEIDER ELECTRIC, OR ANY PARENT, AFFILIATE OR SUBSIDIARY COMPANY

OF SCHNEIDER ELECTRIC OR THEIR RESPECTIVE OFFICERS, DIRECTORS, OR EMPLOYEES BE
LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL, OR INCIDENTAL
DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, CONTRACT,
REVENUE, DATA, INFORMATION, OR BUSINESS INTERRUPTION) RESULTING FROM, ARISING OUT,
OR IN CONNECTION WITH THE USE OF, OR INABILITY TO USE THIS PUBLICATION OR THE CONTENT,
EVEN IF SCHNEIDER ELECTRIC HAS BEEN EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO MAKE CHANGES OR UPDATES WITH
RESPECT TO OR IN THE CONTENT OF THE PUBLICATION OR THE FORMAT THEREOF AT ANY TIME
WITHOUT NOTICE.

Copyright, intellectual, and all other proprietary rights in the content (including but not limited to software, audio,
video, text, and photographs) rests with Schneider Electric or its licensors. All rights in the content not expressly
granted herein are reserved. No rights of any kind are licensed or assigned or shall otherwise pass to persons
accessing this information.

This Publication shall not be for resale in whole or in part.

Contents

Introduction ....................................................................... 1
Product Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Supported Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
IPv4 initial setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
IPv6 initial setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Network management with Other Applications . . . . . . . . . . . . . . . . . . . 3

Internal Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Access priority for logging on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Types of user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

How to Reset after a Lost Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Front Panel (AP9640) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Front Panel (AP9641) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Front Panel (AP9643) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

LED Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Status LED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Link-RX/TX (10/100/1000) LED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Watchdog Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Network interface watchdog mechanism . . . . . . . . . . . . . . . . . . . . . . . 10
Resetting the network timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Automatic Logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Web User Interface ......................................................... 11

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Supported Web browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

How to Log On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
URL address formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
First log in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

UPS Network Management Card 3 User Guide i

 Home Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Icons and Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Monitoring the UPS: Status menu................................... 15

UPS on Status menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Outlet Groups on Status menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Battery System on Status menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Universal I/O on Status menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Network on Status menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Controlling the UPS......................................................... 23

UPS on Control menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Outlet Groups on Control menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Security on Control menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Network on Control menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Configuring your Settings: 1............................................ 28

Outlet Groups on Configuration menu . . . . . . . . . . . . . . . . . . . . . . . . . 28
What are Outlet Groups? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Configuring your Outlet Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Power Settings on Configuration menu. . . . . . . . . . . . . . . . . . . . . . . . . 30

Shutdown on Configuration menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Start of Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Duration of Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
PowerChute Shutdown Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 32

UPS General screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Self-Test Schedule screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Shutdown Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
For both the UPS and outlet group options . . . . . . . . . . . . . . . . . . . . . 37

UPS Network Management Card 3 User Guide ii

Firmware Update screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Update the UPS firmware from a USB drive (AP9641, AP9643, and embedded NMC devices
only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Update the UPS firmware from the NMC. . . . . . . . . . . . . . . . . . . . . . . 39
Using FTP to update the UPS firmware. . . . . . . . . . . . . . . . . . . . . . . . 39
Firmware Update Settings Configuration screen . . . . . . . . . . . . . . . . . 40

PowerChute Network Shutdown clients . . . . . . . . . . . . . . . . . . . . . . . . 40

Universal I/O screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Temperature and Humidity screen . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Input Contacts screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Output Relay screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Fluid Sensor screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Configuring the Control Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Security menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Session Management screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Ping Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Local Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Remote Users authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
LDAP screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Configuring the LDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
RADIUS screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring the RADIUS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
TACACS+ screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configuring the TACACS+ Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Firewall screens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
802.1X Security Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

UPS Network Management Card 3 User Guide iii

Configuring your Settings: 2............................................ 57
Network on Configuration menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
TCP/IP settings for IPv4 screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
TCP/IP settings for IPv6 screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
DHCP response options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Port Speed screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
DNS screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Testing DNS screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Web access screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Web SSL Certificate screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Console screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
SNMP screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Modbus screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
BACnet screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
FTP Server screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Wi-Fi screen (AP9641, AP9643, and devices with an embedded NMC3 only)69

Notification menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Types of notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Configuring event actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
E-mail notification screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
SNMP Trap Receivers screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
SNMP Traps test screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

General menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Identification screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Date/ Time screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Creating and Importing settings with the config file . . . . . . . . . . . . . . . 77
Configure Links screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Logs on Configuration menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Identifying Syslog servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Syslog settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Syslog test and format example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

CEIP on Configuration menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Tests menu ..................................................................... 81

Testing and calibrating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Setting the NMC LED lights to blink . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

UPS Network Management Card 3 User Guide iv

Logs and About menus ................................................... 82
Using the Event and Data Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Event log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Data log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
How to use SCP or FTP to retrieve log files . . . . . . . . . . . . . . . . . . . . 85

UPS Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Energy Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Firewall Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

About the Network Management Card 3. . . . . . . . . . . . . . . . . . . . . . . . 88

About the UPS device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
About the NMC and the firmware modules . . . . . . . . . . . . . . . . . . . . . 90
Support screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

How to Export Configuration Settings ............................. 91

Retrieving and Exporting the .ini File . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Summary of the procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Contents of the .ini file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Detailed procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

The Upload Event and Error Messages . . . . . . . . . . . . . . . . . . . . . . . . 93

The event and its error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Messages in config.ini . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Errors generated by overridden values . . . . . . . . . . . . . . . . . . . . . . . . 94

NMC Firmware Upgrades ............................................... 95

Upgrading Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Firmware File Transfer Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Verifying Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Verify the success of the transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Last Transfer Result codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Verify the version numbers of installed firmware . . . . . . . . . . . . . . . . . 95

Changing UI Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Secure Boot with Root of Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

UPS Network Management Card 3 User Guide v

Troubleshooting .............................................................. 97
Network Management Card Access Problems . . . . . . . . . . . . . . . . . . . 97

SNMP Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Modbus Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

APC USB Wi-Fi Device (AP9834) Problems. . . . . . . . . . . . . . . . . . . . . 99

LED Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Two-Year Factory Warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Terms of warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Non-transferable warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Exclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Warranty claims . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Copyright Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

UPS Network Management Card 3 User Guide vi

Introduction
Product Description
Features
The Schneider Electric Network Management Cards (AP9640, AP9641, and AP9643) and UPS devices with an
embedded Network Management Card 3 are Web-based, IPv6 Ready products. Devices with the NMC
installed can be managed using multiple open standards such as:
Hypertext Transfer Protocol over Secure Sockets Secure SHell (SSH)
Layer (HTTPS)
Secure Copy (SCP) Lightweight Directory Access Protocol (LDAP)
Terminal Access Controller Access-Control System Extensible Authentication Protocol (EAP) over LAN
Plus (TACACS+) (EAPoL)
Building Automation and Control Networks Protocol Syslog
(BACnet)
Simple Network Management Protocol versions 1, Telnet
2c and 3
RADIUS Hypertext Transfer Protocol (HTTP)
Modbus File Transfer Protocol (FTP)

The AP9640 Network Management Card:

• Provides UPS control and self-test scheduling features.
• Provides data and event logs.
• Enables you to set up notifications through event logging, e-mail, Syslog and SNMP traps.
• Provides support for PowerChute® Network Shutdown.
• Supports using a Dynamic Host Configuration Protocol (DHCP) or BOOTstrap Protocol (BOOTP)
server to provide the network (TCP/IP) values of the NMC.
• Provides the ability to export a user configuration (.ini) file from a configured card to one or more
unconfigured cards without converting the file to a binary file.
• Provides a selection of security protocols for authentication and encryption.
• Communicates with EcoStruxure™ IT or Data Center Expert.
• Supports Modbus TCP/IP.
• Supports BACnet/IP.

Network Management Card 3 User Guide 1

The AP9641 Network Management Card includes all AP9640 Network Management Card features and the
following:
• Provides two USB ports, which support upgrading the NMC and UPS firmware from a USB flash drive,
and the optional APC USB Wi-Fi Device (AP9834).
• Supports two universal input/output ports, to which you can connect:
– Temperature (AP9335T) or temperature/humidity sensors (AP9335TH)
– Relay input/output connectors that support two input contacts and one output relay (using the
AP9810 Dry Contact I/O Accessory, which is an optional add-on)
– Spot Fluid Sensor (NBES0301, an optional add-on)
• Supports Modbus RTU via Universal I/O port 2, in addition to Modbus TCP/IP. For information on how
to configure Modbus RTU refer to the Modbus Documentation Addendum.
The AP9643 Network Management Card includes all AP9640 Network Management Card features and the
following:
• Provides two USB ports, which support upgrading the NMC and UPS firmware from a USB flash drive,
and the optional APC USB Wi-Fi Device (AP9834).
• Supports one universal input/output port, to which you can connect:
– Temperature (AP9335T) or temperature/humidity sensor (AP9335TH)
– Relay input/output connector that supports two input contacts and one output relay (using the
AP9810 Dry Contact I/O Accessory, which is an optional add-on)
– Spot Fluid Sensor (NBES0301, an optional add-on)
• Supports Modbus RTU via the serial RS485 port, in addition to Modbus TCP/IP. For information on how
to configure Modbus RTU refer to the Modbus Documentation Addendum.
UPS devices with the SRTL/SRYLF prefix with an embedded Network Management Card include all AP9640
Network Management Card features (except Modbus and BACnet support) and:
• Provides one or two USB ports, which support upgrading the NMC and UPS firmware from a USB flash
drive, and the optional APC USB Wi-Fi Device (AP9834).
• Supports one universal input/output port, to which you can connect:
– Temperature (AP9335T) or temperature/humidity sensor (AP9335TH)
– Relay input/output connector that supports two input contacts and one output relay (using the
AP9810 Dry Contact I/O Accessory, which is an optional add-on)
– Spot Fluid Sensor (NBES0301, an optional add-on)

Supported Devices
The Network Management Card 3 is compatible with:
• Smart-UPS® devices with a SmartSlot with the SUM, SURT, SURTA, SURTD, SMT, SMX, and SRT
prefixes, and SUA devices manufactured after 2008 *.
• Single phase Symmetra® UPS devices.
* To view the full list of compatible UPS in which an NMC 3 can be installed, see Knowledge Base
article FA237786.

Network Management Card 3 User Guide 2

IPv4 initial setup
You must define the following TCP/IP settings for the NMC before it can operate on the network:
• the IP address of the NMC
• the subnet mask of the NMC
• the IP address of the default gateway (only needed if you are going off segment)
NOTE: If a default gateway is unavailable, use the IP address of a computer that is located on the same
subnet as the NMC and that is usually running. The NMC uses the default gateway to test the network when
traffic is very light.
NOTE: The Network Management Card has a MAC address prefix of 00:C0:B7 or 28:29:86. To check the MAC
address of your NMC, go to Support screen. You can use this MAC address prefix to configure your DHCP
service.
NOTE: Do not use the loopback address (127.0.0.1) as the default gateway. Doing so disables the
card. You must then log on using a serial connection and reset the TCP/IP settings to their defaults.

To configure the TCP/IP settings, see the Network Management Card Installation Guide in printed
form.
For detailed information on how to use a DHCP server to configure the TCP/IP settings at an NMC,
see DHCP response options.

IPv6 initial setup

IPv6 network configuration provides flexibility to accommodate your requirements. IPv6 can be used anywhere
an IP address is entered on this interface. You can configure manually, automatically, or using DHCPv6, see
the TCP/IP settings for IPv6 screen.

Network management with Other Applications

These applications, utilities and resources work with a UPS that connects to the network through an NMC.
• PowerChute Network Shutdown — Provide unattended remote graceful shutdown of computers that
are connected to UPS devices.
• APC PowerNet® MIB — Discover how to access UPS devices via SNMP.
• EcoStruxure IT — Cloud-based monitoring software with which you can monitor your UPS devices via
SNMP and Modbus TCP.
• EcoStruxure™ IT Data Center Expert — Provide enterprise-level power management and
management of SNMP agents such as networked UPS devices and environmental sensors.
• NMC Security Wizard CLI — Assists in creating or importing Transport Layer Security (TLS) server
certificates and Secure SHell (SSH) host keys, which help to protect the integrity and confidentiality of
communication with the NMC.

Network Management Card 3 User Guide 3

Internal Management Features
Overview
Use the Web user interface (UI) or the command line interface (CLI) to view the status of the UPS and to
manage the UPS and the NMC. You can also use SNMP to monitor the status of the UPS.
For more information about the UIs, see Web User Interface and the Command Line Interface
(CLI) Guide. For information on how SNMP access to the NMC is controlled, see SNMP screens.

Access priority for logging on

You can enable more than one user to log on at the same time, where each user has equal access. For more
information, see Session Management screen.

Types of user accounts

The NMC has various levels of access — Super User, Administrator, Device User, Read-Only User and
Network-only User:
• A Super User can use all of the menus in the UI and all of the commands in the command line
interface. The Super User can also define additional user accounts, and set variables for the additional
users. The default user name and password are both apc at first log in. You will be prompted to enter
a new password after you log in.
NOTE: The Super User cannot be renamed or deleted, but it can be disabled. It is recommended that
the Super User account is disabled once any additional Administrator accounts are created. Make sure
that there is at least one Administrator account enabled before the Super User account is disabled.
• An Administrator can use all of the menus in the UI and all of the commands in the command line
interface. There is no default name and password.
• A Device User has read and write access to device-related screens and commands in the Web UI.
Administrative functions like session management under the Security menu, and menus and
commands under the Network section are greyed out.
The default user name is device, and a password must be set before the user account can be
enabled.
• A Read-Only User has the access to the same menus as a Device User above, but without the
capability to change configurations, control devices, delete data, or use file transfer options. Links to
configuration options are visible but disabled. (The Event and Data Logs display no button for this user
to clear the log).
The default user name is readonly, and a password must be set before the user account can be
enabled.
• A Network-only User can only log on using the Web user interface (UI) and CLI (Telnet/SSH, not
serial). There is no default name and password.
The Administrator, Device User, Read-Only User, and Network-only User accounts are disabled by
default, and cannot be enabled until the Super User default password (apc) is changed.

To set User Name and Password values for Administrator, Device User and Read-Only account
types, see Local Users.

Network Management Card 3 User Guide 4

How to Reset after a Lost Password
NOTE: Resetting your NMC will reset the card to its default configuration.

If you forget your password, you must use the Reset button on the NMC to wipe all configuration, including the
password. Hold down the Reset button for 20-25 seconds, ensuring the Status LED is pulsing green during this
time. When the Status LED changes to amber or orange, release the Reset button to allow the NMC to
complete its reboot process.
After the NMC reboots, you must re-configure your NMC. For more information, see the Installation Guide or
Knowledge Base article FA156064.
It is recommended you export the .ini file after configuring your NMC to prevent loss of data in the
event of a lost password. For more information, see Retrieving and Exporting the .ini File.

Network Management Card 3 User Guide 5

Front Panel (AP9640)

Network
10/100/
1000

Console Reset

AP9640 Network Management Card 3

Item Description

1 Connects the NMC to a local computer, via a micro-USB cable

USB console port (APC part number 960-0603), to configure initial network settings
or access the command line interface (CLI).

2 10/100/1000 Base-T connector Connects the NMC to the Ethernet network.

3 Restarts the network management interface. NOTE: This does not

Reset button
affect the output power of the device in which the NMC is installed.

4 Link-RX/TX (10/100/1000) LED See Link-RX/TX (10/100/1000) LED.

5 Status LED See Status LED.

Network Management Card 3 User Guide 6

Front Panel (AP9641)

Network
USB Universal I/O 10/100/
1000
1

2 Console Reset

AP9641 Network Management Card 3

Item Description

1 Support for NMC and UPS firmware updates and the optional APC
USB Wi-Fi Device (AP9834). See NMC Firmware Upgrades,
USB ports Update the UPS firmware from a USB drive (AP9641, AP9643,
and embedded NMC devices only), and Wi-Fi screen (AP9641,
AP9643, and devices with an embedded NMC3 only).

2 Connect temperature sensors, temperature/humidity sensors,

3 relay input/output accessory connectors, and Spot Fluid Sensor to
Universal I/O ports
the UIO ports. The relay input/output accessory has two input
contacts and one output relay.

4 10/100/1000 Base-T connector Connects the NMC to the Ethernet network.

Restarts the network management interface. NOTE: This does not
5 Reset button
affect the output power of the device in which the NMC is installed.
Connects the NMC to a local computer, via a micro-USB cable (APC
6 USB console port part number 960-0603), to configure initial network settings or
access the command line interface (CLI).

7 Link-RX/TX (10/100/1000)
See Link-RX/TX (10/100/1000) LED.
LED

8 Status LED An LED (light-emitting diode) is a light source. See Status LED.

Network Management Card 3 User Guide 7

Front Panel (AP9643)

Modbus Network
USB Universal I/O TXD
0- 1+ 10/100/
1000
1

2 Console Reset

0- 1+ Com
RxD

AP9643 Network Management Card 3

Item Description
Support for NMC and UPS firmware updates and the optional APC
USB Wi-Fi Device (AP9834). See NMC Firmware Upgrades,
1 USB ports Update the UPS firmware from a USB drive (AP9641, AP9643,
and embedded NMC devices only), and Wi-Fi screen (AP9641,
AP9643, and devices with an embedded NMC3 only).
Connect temperature sensors, temperature/humidity sensor, relay
2 input/output accessory connector, or Spot Fluid Sensor to the UIO
Universal I/O port
port. The relay input/output accessory has two input contacts and
one output relay.
Connects the NMC to a Building Management System (BMS). Two-
3 terminal block plugs connectors are included (part number 730-
Modbus connector
0532). To verify if your UPS supports Modbus, consult your UPS
documentation.

4 10/100/1000 Base-T connector Connects the NMC to the Ethernet network.

Restarts the network management interface. NOTE: This does not
5 Reset button
affect the output power of the device in which the NMC is installed.
Connects the NMC to a local computer, via a micro-USB cable (APC
6 USB console port part number 960-0603), to configure initial network settings or
access the command line interface (CLI).

7 Link-RX/TX (10/100/1000)
See Link-RX/TX (10/100/1000) LED.
LED

8 Status LED An LED (light-emitting diode) is a light source. See Status LED.

For embedded NMC3 devices within a UPS, see the User’s Guide provided with the device for the
placement of the various NMC connections.

Network Management Card 3 User Guide 8

LED Descriptions
Status LED
This LED (light-emitting diode) indicates the status of the NMC.

Condition Description

One of the following situations exists:

• The NMC is not receiving input power.
Off
• The NMC is not operating properly. It may need to be repaired or replaced.
Contact Customer Support. See APC Worldwide Customer Support.
Solid green The NMC has valid TCP/IP settings.
One of the following situations exists:
• A hardware malfunction has been detected in the NMC. Contact Customer
Solid orange Support. See APC Worldwide Customer Support.
• The NMC is in Bootmonitor mode. See About the NMC and the firmware
modules.
Flashing green The NMC does not have valid TCP/IP settings.1
Flashing orange The NMC is making BOOTP requests.1
Alternately flashing If the LED is flashing slowly, the NMC is making DHCP2 requests.1
green and orange If the LED is flashing rapidly, the NMC is starting up.
1. If you do not use a BOOTP or DHCP server, see the Network Management Card Installation Guide
to configure the TCP/IP settings of the NMC.
2. To use a DHCP server, see DHCP response options.
NOTE: If the micro-USB cable is connected while the NMC is booting up, the NMC will wait 15 seconds to allow
time to access the Boot Monitor. No LEDs are active during this delay period. It is recommended to disconnect the
micro-USB cable if local access to the CLI is not required.

Link-RX/TX (10/100/1000) LED

This LED indicates the network status of the NMC.

Condition Description

One or more of the following situations exist:

• The NMC is not receiving input power.
• The cable that connects the NMC to the network is disconnected or not
functioning properly.
Off • The device that connects the NMC to the network is turned off or not
operating correctly.
• The NMC itself is not operating properly. It may need to be repaired or
replaced. Contact Customer Support. See APC Worldwide Customer
Support.
The NMC is connected to a network operating at 10-100 Megabits per
Solid yellow
second (Mbps).
Solid green The NMC is connected to a network operating at 1000 Mbps.
Flashing yellow The NMC is receiving or transmitting data packets at 10-100 Mbps.

Network Management Card 3 User Guide 9

 Condition Description

Flashing green The NMC is receiving or transmitting data packets at 1000 Mbps.

Watchdog Features
Overview
To detect internal problems and recover from unanticipated inputs, the NMC 3 uses internal, system-wide
watchdog mechanisms. When it restarts to recover from an internal problem, a System: Network Interface
restarted event is recorded in the event log.

Network interface watchdog mechanism

The NMC 3 implements internal watchdog mechanisms to protect itself from becoming inaccessible over the
network. For example, if the NMC 3 does not receive any network traffic for 9.5 minutes (either direct traffic,
such as SNMP, or broadcast traffic), it assumes that there is a problem with its network interface and restarts.

Resetting the network timer

To ensure that the NMC 3 does not restart if the network is quiet for 9.5 minutes, the NMC 3 attempts to contact
the default gateway every 4.5 minutes. If the gateway is present, it responds to the NMC 3, and that response
restarts the 9.5-minute timer. If your application does not require or have a gateway, specify the IP address of a
computer that is running on the network and is on the same subnet. The network traffic of that computer will
restart the 9.5-minute timer frequently enough to prevent the NMC 3 from restarting.

Automatic Logout
By default, users will be automatically logged out of the NMC Web and CLI interfaces after 3 minutes of
inactivity. The default logout time for each user can be adjusted through the web interface:
Configuration > Security > Local Users > Management.
– Click the hyperlink of the user name for the account you want to change.
– Under Session timeout, modify the number of minutes.

Automatic Logout Duration (min)

Default 3
Minimum 1
Maximum 60 (1hr)

Network Management Card 3 User Guide 10

Web User Interface
Introduction
Overview
The Web user interface (UI) provides options to manage the UPS and the Network Management Card (NMC)
and to view the status of the UPS.
See Web access screen for information on how to select, enable, and disable the protocols that
control access to the UI and to define the Web-server ports for the protocols.

Supported Web browsers

The NMC Web UI is compatible with the latest versions of:
• Microsoft Edge
• Firefox
• Google Chrome
Other commonly available browsers might work but have not been fully tested.
The NMC cannot work with a proxy server. Before you can use a browser to access the UI of the NMC, you
must do one of the following:
• Configure the browser to disable the use of a proxy server for the NMC.
• Configure the proxy server so that it does not proxy the specific IP address of the NMC.

How to Log On
Overview
You can use the DNS name or the System IP address of the NMC for the URL address of the UI. Use your
case-sensitive user name and password to log on. The password is not shown as it is entered. If the log in is
unsuccessful, an invalid login message will be displayed.
The default user name differs by account type:
• apc for Administrator or Super User
• device for a Device User
• readonly for a Read-Only User
See also Types of user accounts.
You can set your UI language as you log on by choosing a language from the Language drop-down box. For
more information, see Changing UI Language.
When HTTPS is enabled, the NMC generates its own certificate. This certificate negotiates
encryption methods with your browser. Refer to the Security Handbook for more details.

Network Management Card 3 User Guide 11

URL address formats
Type the DNS name or IP address of the NMC in the Web browser’s URL address field and press ENTER.
When you specify a non-default Web server port in Internet Explorer, you must include http:// or https:/
/ in the URL.
NOTE: HTTP is disabled by default and HTTPS is enabled by default.
Common browser error messages at log-on.

Error Message Browser Cause of the Error

Web access is disabled, or
“This page cannot be displayed” Internet Explorer
the URL was not correct.

“Unable to connect.” Web access is disabled, or

Firefox, Chrome
the URL was not correct.

URL format examples. See also TCP/IP settings for IPv6 screen.

Example and Access Mode URL Format

DNS name of Web1

HTTP http://Web1

HTTPS https://Web1
System IP address of 139.225.6.133 and a default
Web server port (80)

HTTP http://139.225.6.133

HTTPS https://139.225.6.133
System IP address of 139.225.6.133 and a non-default
Web server port (5000)

HTTP http://139.225.6.133:5000

HTTPS http://139.225.6.133:5000
System IPv6 address of 2001:db8:1::2c0:b7ff:fe00:1100 and
a non-default Web server port (5000)

HTTP http://
[2001:db8:1::2c0:b7ff:fe00:
1100]:5000

Network Management Card 3 User Guide 12

First log in
When you log in to the NMC for the first time, you will be prompted to change the default Super User account
password (apc). When you log into the Web UI, you will be asked if you want to participate in the Customer
Experience Improvement Program (CEIP) for the Network Management Card. You will not be able to proceed
without selecting your preference. You can join or leave the CEIP at any time by navigating to Configuration >
CEIP > Settings in the Web UI. For more information, see CEIP on Configuration menu. You will then be
directed to the Configuration Summary Overview screen. This screen is an overview of all system protocols,
and their current values (e.g. enabled/disabled). You can access this screen at any time afterwards by
following the path: Configuration > Network > Summary.

Home Screen
Overview
Path: Home
On the Home screen of the interface, you can view active alarms and the most recent events recorded in the
Event Log.
One or more icons and accompanying text indicate the current operating status of the UPS:

Symbol Description

No Alarms: No alarms are present, and the UPS and NMC are operating normally.

Warning: An alarm condition requires attention and could jeopardize your data or
equipment if its cause is not addressed.

Critical: A critical alarm exists, which requires immediate action.

At the upper right corner of every screen, the same icons report the UPS status. If any Critical or Warning
alarms exist, the number of active alarms also displays.
To view the entire Event Log, click More Events.

Network Management Card 3 User Guide 13

Icons and Links
To make any screen the “home” screen (i.e., the screen that displays first when you log on), go to that screen,
and click the icon at the top right.
Click to revert to displaying the Home screen when you log on.
At the lower left on each screen of the interface, there are three configurable links to useful websites. By
default, the links access the URLs for these Web pages:
• Link 1: the Knowledge Base with useful troubleshooting information
• Link 2: the Product Information with background information on your hardware

To reconfigure the links, see Configure Links screen.

Network Management Card 3 User Guide 14

Monitoring the UPS: Status menu

The options below are not available for all UPS devices.

The Status menu options report on the current state of your UPS and network.
You can configure your UPS and network using the Configuration menu options, see Configuring
your Settings: 1 and Configuring your Settings: 2.

See the following sections:

• UPS on Status menu
• Outlet Groups on Status menu
• Battery System on Status menu
• Universal I/O on Status menu
• Network on Status menu

UPS on Status menu

Path: Status > UPS
This shows you the UPS load, battery charge, voltage, and other useful information.

Field Description

Last Battery Transfer The cause of the last switch to battery operation. Excludes Self-Test.
Internal Temperature The temperature inside the UPS.
Runtime Remaining How long the UPS can use battery power to support its present load.
UPS Input
Input Voltage The AC voltage (VAC) being received by the UPS.
The AC voltage (VAC) used when the UPS is in bypass mode.
Bypass Input Voltage
This option is not available for all UPS devices.
UPS Output
Output Voltage The AC voltage (VAC) that the UPS is supplying to its load.
Load Current The current, in Amps, supplied by the input voltage.
Output Load The load placed on each phase by the attached equipment, in kVA.
The load placed on each phase by the attached equipment, as a percentage of
Output Percent Load
the kVA available with no redundancy.
Output Percent The load placed on each phase by the attached equipment, as a percentage of
Power the available kVA.
Output Watts The UPS load as a percentage of available Watts.
Output VA The UPS load as a percentage of available VA.

Network Management Card 3 User Guide 15

 Field Description

The percentage of the input power going directly out to the load. Input power not
Output Efficiency
going to the load is consumed by the UPS.
The energy used by the load, starting from when the UPS was last reset to
Output Energy Usage
defaults.
Battery Status
The percentage of the UPS battery capacity that is available to support the
Battery Capacity
attached equipment.
Battery Voltage The DC voltage of the batteries.
External Batteries The number of batteries connected to the UPS, excluding any internal batteries.

The options below are not available for all UPS devices.
.

Field Description

Nominal Battery The rated voltage capacity of the UPS batteries; the DC voltage that the batteries
Voltage are rated to supply when the UPS uses its battery for output power.
Actual Battery Bus
The available DC power.
Voltage
External Battery
The battery cabinet Amp-Hour rating of an external battery source.
Cabinet Rating
Batteries The total number of batteries (both internal and external) that the UPS has.
Bad Batteries The number of “bad” batteries (the batteries that need to be replaced).
Battery Current The current being output from the battery.
Next Battery Among the installed UPS battery cartridges, this is the earliest recommended date
Replacement Date for replacing your batteries.
Information about the Intelligence Module. You may be asked for this information
Intelligence Module (Firmware Revision, Manufacture Date, Serial Number, and Hardware Revision)
when seeking assistance from APC Customer Support.
Input Voltage The AC voltage (VAC) being received by the UPS.
Bypass Input Voltage The AC voltage (VAC) used when the UPS is in bypass mode.
Input Frequency The frequency in Hertz (Hz) of the voltage being received by the UPS.
Frequency The frequency in Hertz (Hz) shared by the input voltage and output voltage.
Bypass Frequency The frequency in Hertz (Hz) of the voltage used when the UPS is in bypass mode.
Output Current The current, in Amps, applied to the load.
Output Frequency The frequency in Hertz (Hz) of the output voltage.
Load Power The UPS load as a percentage of available Watts.
Apparent Load
The UPS load as a percentage of available VA.
Power
Information about the modules installed in the UPS. You may be asked for this
Modules information (Firmware Revision, Manufacture Date, Serial Number, and Hardware
Revision) when seeking assistance from APC Customer Support.

Network Management Card 3 User Guide 16

 Field Description

Information about the power module installed in the UPS. You may be asked for
Power Module
this information when seeking assistance from APC Customer Support.

Path: Status > UPS > Measurements

The options below are only applicable for UPS devices with the SRTL/SRYLF prefix with an
embedded NMC.

This shows you the UPS runtime remaining, battery charge, voltage, and other useful information.

Field Description

Last Battery Transfer The cause of the last switch to battery operation. Excludes Self-Test.
Runtime Remaining How long the UPS can use battery power to support its present load.
UPS Input
Input Voltage The AC voltage (VAC) being received by the UPS.
Frequency The frequency in Hertz (Hz) being received by the UPS.
UPS Output
Output Voltage The AC voltage (VAC) that the UPS is supplying to its load.
Frequency The frequency in Hertz (Hz) being sent by the UPS.
Load Current The current, in Amps, supplied by the input voltage.
Output VA The UPS load as a percentage of available VA.
Output Watts The UPS load as a percentage of available Watts.
The energy used by the load, starting from when the UPS was last reset to
Output Energy Usage
defaults.
This value indicates how effectively you use electricity. The ideal value is 1, and
Power Factor
anything less than 1 indicates that there are losses in the electrical system.

Output Efficiency The percentage of the input power going directly out to the load. Input power not
going to the load is consumed by the UPS.

Network Management Card 3 User Guide 17

 Field Description

Battery Status

State of Charge The percentage of the UPS battery capacity that is available to support the
attached equipment.
Battery Voltage The DC voltage of the batteries.

Health This includes any battery system errors including the individual frame errors.
Errors are logged as events.
Next Battery Among the installed UPS battery frames, this is the earliest recommended date for
Replacement Date replacing your batteries.

Path: Status > UPS > Overview

The options below are only applicable for UPS devices with the SRYLF prefix with an embedded
NMC.
This page shows you what is present in different positions of the UPS Main Frame. For example: power
module, battery module, intelligence module, external battery frame.
Path: Status > UPS > Power

The options below are only applicable for UPS devices with the SRYLF prefix with an embedded
NMC.
This page shows you the power modules present, their position, and the status of each module.
Path: Status > UPS > Battery

The options below are only applicable for UPS devices with the SRTL/SRYLF prefix with an
embedded NMC.
This provides an overview battery system status and battery frame status.

Field Description

Battery System Status

Battery Capacity The percentage of the UPS battery capacity that is available to support the
attached equipment.
Runtime Remaining How long the UPS can use battery power to support its present load.
Nominal Battery The rated voltage capacity of the UPS batteries; the DC voltage that the batteries
Voltage are rated to supply when the UPS uses its battery for output power.
Actual Battery Bus
The available DC power.
Voltage
Maximum Battery
Temperature Over All The highest temperature of all the installed modules.
Modules

Network Management Card 3 User Guide 18

 Field Description

Minimum Battery
Temperature Over All The lowest temperature of all the installed modules.
Modules
Maximum Cell
The highest voltage of all the cells in all of the installed modules.
Voltage
Minimum Cell
The lowest voltage of all the cells in all of the installed modules.
Voltage
Battery Frame Status

The status of the battery frame, including the statuses of the individual frame.
Status Other than OK, this value can signal the battery is near end of its life, or the battery
lifetime is exceeded for the pack. Errors are logged as events.

Critical If there is a value higher than 0 displayed, there is a battery frame issue that
should be addressed immediately.

Warning If there is a value higher than 0 displayed, there is a battery frame issue that may
need to be addressed.
Good If there is a value higher than 0 displayed, everything is working as expected.

Vacant If there is a value higher than 0 displayed, there is no battery module installed in a
slot.

Click on Main or XRn / Battery Frame n to reach the Battery Status: Main Frame / Battery Status: Battery
Frame n screen.

Field Description

Module The battery module and its location within the frame.

Status The status of the battery frame. Other than OK, this value can signal the battery is
near end of its life, or the battery lifetime is exceeded. Errors are logged as events.
Health This includes any battery system errors. Errors are logged as events.
Last Battery The date when the battery was last replaced.
Replacement

Path: Status > UPS > Intelligence Modules

The options below are only applicable for UPS devices with the SRYLF prefix with an embedded
NMC.

This page shows you the intelligence modules present, their position, and the status of each module.

Outlet Groups on Status menu

Path: Status > Outlet Groups
This option is not available for all UPS devices. It displays status details of all outlet groups on your UPS. For
more information, see Outlet Groups on Control menu and Outlet Groups on Configuration menu.

Network Management Card 3 User Guide 19

Battery System on Status menu
Path: Status > Battery System

This option is not available for all UPS devices.

Field Description

Battery System Status

The percentage of the UPS battery capacity that is available to support the
State of Charge
attached equipment.
Runtime Remaining How long the UPS can use battery power to support its present load.
Positive Bus Voltage
Negative Bus The UPS device supports both positive and negative battery voltages.
Voltage:
Replacement Battery
The part number that you should quote for a replacement battery cartridge.
Cartridge SKU
Battery Pack Status
Battery Pack 1, 2... The battery pack number as derived from the internal numbering method.
Serial Number The serial number of the battery pack.
This includes any pack battery system errors including the individual cartridge
Health
errors. Errors are logged as events.
The status of the battery pack, including the statuses of the individual cartridges.
Status Other than OK, this value can signal the battery is near end of its life, or the
battery lifetime is exceeded for the pack. Errors are logged as events.

Click on Battery Pack 1,2...to reach the Battery Pack n screen.

Field Description

Battery Pack 1, 2...

or
Internal Pack
Serial Number
The serial number of the battery pack.
(if present)
Firmware Revision The battery pack revision number.
Temperature Temperature as reported by the sensor in the battery compartment.
Errors for the battery pack only, not including the individual cartridge errors. Errors
are logged as events and can be:
• temperature not in range
Pack Status • general errors
• communication errors
• a disconnected pack frame
• firmware is incompatible with the hardware

Network Management Card 3 User Guide 20

 Field Description

Battery Cartridge 1 and (if present) Battery Cartridge 2

This can be OK, battery near end of life, battery lifetime exceeded, or measured
Health battery near end of life for the cartridge.
Errors are logged as events.
Installation Date The date when individual cartridges were installed. You can edit this date.
Predicted The UPS calculates when the battery should be replaced.
Replacement Date The Health field above is derived from this date.
This is specific to the cartridge. See Pack Status above for general pack errors.
Errors are logged as events and can be:
• disconnected cartridge
Status • cartridge needs replacement
• cartridge temperature is too high: critical
• cartridge temperature is too high: warning. This usually but not always displays
before critical above.

Universal I/O on Status menu

Path: Status > Universal I/O
This option is not available for all devices.

Temperature & Humidity displays the name, alarm status, temperature, and humidity (if supported) for each
sensor. Click the name of a sensor to edit the name and location and to configure its thresholds and its
hysteresis. For more information, see Temperature and Humidity screen.
Input Contacts displays the name, alarm status, and state (open or closed) of each contact. These are
automatically found and displayed here when you install the environmental accessory. Click the name of an
input contact for detailed status or to configure its values. If contacts are configured and disabled, they do not
display here. For more information, see Input Contacts screen.
Output Relay displays the name and state (open or closed) of each relay. These are automatically found and
displayed here when you install the environmental accessory. Click the name of an output relay for detailed
status or to configure its values. For more information, see Output Relay screen.
Fluid Sensor displays the name, alarm status and state (Fluid Detected or No Fluid) of each fluid sensor.
These are automatically found and displayed here when you install the environmental accessory. Click the
name of the fluid sensor for detailed status or to configure its values. For more information, see Fluid Sensor
screen.
Recent Environmental Events displays events that are related to your environmental monitoring, for example
a temperature threshold violation or a warning message about an environmental monitor input contact. Click
the More Events link to see a full list of recent events.

Network Management Card 3 User Guide 21

Network on Status menu
Path: Status > Network
The Network screen gives you your IP, domain name, and ethernet port settings. See Network on
Configuration menu for background details on the fields.

Network Management Card 3 User Guide 22

Controlling the UPS

The options below are not available for all UPS devices.

The Control menu options enable you to take immediate actions affecting your UPS and your outlets, and they
also have some security and network functions. See the following sections:
• UPS on Control menu
• Outlet Groups on Control menu
• Security on Control menu
• Network on Control menu

UPS on Control menu

Path: Control > UPS
When you choose a radio button option and click Next, another screen summarizes the action to take place;
click Apply there to continue with the action.
The actions vary depending on whether you have a UPS device with Outlet Groups or not. The two tables
below cover these separately.
• Actions on the UPS screen for devices WITH Outlet Groups.
• Actions on the UPS screen for devices WITHOUT Outlet Groups.
These screen check box options directly below apply to both tables.

Check Box Description

For UPS with Outlet Groups, this is greyed out if no PowerChute clients exist (see
PowerChute Network Shutdown clients).
Signal
Select this option to notify all servers configured as PowerChute Network Shutdown
PowerChute
clients that are in communication with this UPS to shut down according to the values
Network
configured for PowerChute Network Shutdown Parameters (see Shutdown on
Shutdown
Configuration menu).
Clients
However, this option will not notify servers when performing any bypass control
actions.
This option is available for UPS with Outlet Groups only.
Skip outlet off Turn off outlets immediately, skipping the configured Outlet Group delays.
delays You might want to do this in an emergency or to save runtime. Or the load devices
might already have been turn off manually.

Network Management Card 3 User Guide 23

 For more information about the delays and settings, see Shutdown on Configuration menu,
Universal I/O screens, and Outlet Groups on Control menu.

Actions on the UPS screen for devices WITH Outlet Groups

Action Description

Applies a Shutdown Immediately, AC Restart command to all outlet groups (see

Outlet Groups on Control menu). Click Next to see specific details on timing and
delays.
Turns off the output power of the Switched Outlet Groups and then, if present, the
Reboot UPS Main Outlet Group. Any outlet group to which the action is applied waits the number of
Outlet Groups seconds configured for its Reboot Duration and Power On Delay. (Then, the outlet
groups turn on if AC utility power is available, or waits to turn on until AC utility power
is available. See What are Outlet Groups?).
The UPS turns on if AC utility power is available, or waits to turn on until AC utility
power is available.
Turns on the Main Outlet Group, if present, and then all Switched Outlet Groups. This
Turn On UPS option displays only if the UPS is currently turned off. Click Next to see specific details
Outlet Groups timing and delays.
The UPS and outlet groups then turn on.
Turns off the output power of the Switched Outlet Groups and then, if present, the
Turn Off UPS
Main Outlet Group. Any outlet group to which the action is applied remains off until
Outlet Groups
you turn on its power again. Click Next to see specific details on timing and delays
Puts the UPS outlet groups into sleep mode by turning off the output power of the
UPS for a period of time defined by the following parameters. Click Next to see
specific details on timing and delays
• The outlet groups wait the times configured as their Power Off Delay before
Put UPS Outlet turning off their power.
Groups to Sleep • When input power returns, the UPS turns on output power after two configured
periods of time elapse: Sleep Time and Power On Delay.
The UPS then turns off. After the hours configured as Sleep Time elapse, the UPS
turns on if AC utility power is available, or waits to turn on until AC utility power is
available.
Put UPS in These options control the use of bypass mode, which allows maintenance to be
Bypass performed at the UPS without turning off power at the UPS.
Return UPS from
Bypass These options are only available for Symmetra UPS and some Smart-UPS device.

For more information about the delays and settings, see Shutdown on Configuration menu and
Outlet Groups on Control menu.

Network Management Card 3 User Guide 24

 Actions on the UPS screen for devices WITHOUT Outlet Groups

Action Description

Restarts the attached equipment by doing the following. (Click Next to see specific
details on timing and delays).
• Turns off power at the UPS.
Reboot UPS
Turns on power at the UPS after the UPS battery capacity returns to at least the
percentage configured for Minimum Battery Capacity (Configuration - Shutdown -
End of Shutdown, see Controlled Early Shutdown and End of Shutdown).
Turns on power at the UPS. The option only displays when the UPS is turned off.
Turn UPS On
Click Next to see specific details on timing and delays.
Turns off the output power of the UPS immediately, without a shutdown delay. The
Turn Off UPS
UPS remains off until you turn it on again.
Puts the UPS into sleep mode by turning off its output power for a defined period of
time. Click Next to see specific details on timing and delays.
• The UPS turns off output power after waiting the time configured Shutdown
Put UPS To Sleep
delays and PowerChute Network Shutdown
• When input power returns, the UPS turns on output power after the configured
Sleep Time.

Put UPS In Bypass These options control the use of bypass mode, which allows maintenance to be
and Return UPS performed at some Smart-UPS devices without turning off power at the UPS.
from Bypass Click Next to see specific details on timing and delays.
These options are only available for Symmetra UPS and some Smart-UPS device.

Outlet Groups on Control menu

Path: Control > Outlet Groups

This option is not available for all UPS devices.

Use this option to turn on, turn off, or restart individual outlet groups as distinct from the UPS device.(This
screen lists by name and state each UPS outlet group that has been configured through the Configuration -
Outlet Groups option, see Outlet Groups on Configuration menu).
You can select any of the following actions (or no action) for each outlet group. These are one-time actions.
• When the state of the outlet group is off:
– On Immediately
– On with Delay: Turn on the outlet group after the number of seconds configured as Power On
Delay. (For more information, see Shutdown on Configuration menu)

Network Management Card 3 User Guide 25

 • When the state of the outlet group is on:
– Off Immediately
– Off with Delay: Turn off the group after the number of seconds configured as Power Off Delay
(For more information, see Shutdown on Configuration menu).
– Reboot Immediately: Turn off the group immediately, then turn it on after the number of seconds
configured as Reboot Duration (see Shutdown on Configuration menu) and Power On Delay.
– Reboot with Delay: Turn the outlet group off after the number of seconds configured as Power
Off Delay, then turn it on after the number of seconds configured as Reboot Duration and
Power On Delay.
– Shutdown Immediately, AC Restart: Turn off the group immediately. After the number of
seconds configured as Reboot Duration and Power On Delay, check that AC utility power has
returned and the UPS can support the minimum return runtime demand, then turn on the group.
– Shutdown with Delay, AC Restart: Turn off the group after the number of seconds configured as
Power Off Delay. After the number of seconds configured as Reboot Duration and Power On
Delay, check that AC utility power has returned and the UPS can support the minimum return
runtime demand, then turn on the group.
After you select an action, click Next to view a detailed description of the action, including the duration of any
delays. Click Apply to commence the action.

Security on Control menu

Path: Control > Security > Session Management
The screens gives details about users who are logged on, the interface they are using (e.g. the Web user
interface, the CLI), their IP address, and how long they have been logged on.
If you have sufficient rights, click on the name to see what means of authentication were used to validate the
user. You can then also use the Terminate Session button to log off a user.

Network Management Card 3 User Guide 26

Network on Control menu
Path: Control > Network > Reset/Reboot
Use these options to reset various Network Management Card options and the UI.

Action Description

Reboot Restarts the management interface (e.g. the Web user interface, the CLI) by logging
Management you off.
Interface The UPS and NMC devices are not rebooted.
Caution:This resets all configurable values to their defaults.
• If you do not select Exclude TCP/IP, all configured values and settings are reset
to their default values, including the setting that determines how this device must
obtain its TCP/IP configuration values and the EAPoL configuration. The default
Reset All1
for TCP/IP configuration settings is DHCP and that for EAPoL access is disabled.
• If you select Exclude TCP/IP, all configured values and settings except the setting
that determines how this device must obtain its TCP/IP and the EAPoL
configuration values are reset to their default values.

TCP/IP: Resets only the setting that determines how this device must obtain its
TCP/IP configuration values including the EAPoL configuration which is reset to
disabled. The default for TCP/IP configuration setting is DHCP and that for EAPoL
access is disabled.

Event Configuration: Resets events to their default configuration. Any specifically

configured event or group will also revert to the default value. See Notification
menu
UPS to Defaults: Reset only UPS settings, not network settings, to their defaults.
Lost Environmental Communication Alarms: Reset the Lost Environmental
Reset Only1 Communication alarm that is triggered when a Universal I/O port’s device is
unplugged.
Control Policy: Reset the settings that define how the NMC will respond to alarms
that are detected at the Dry Contact I/O Accessory.
1Resettingmay take up to a minute. The UPS name you configured will not be reset (see UPS
General screen).

Network Management Card 3 User Guide 27

Configuring your Settings: 1

The options below are not available for all UPS devices.

With the Configuration menu options, you can set fundamental operational values for your UPS and NMC.
See the sections below and also Configuring your Settings: 2.
• Outlet Groups on Configuration menu
• Power Settings on Configuration menu
• Shutdown on Configuration menu
• UPS General screen
• Self-Test Schedule screen
• Shutdown Scheduling
• Firmware Update screens
• PowerChute Network Shutdown clients
• Universal I/O screens
• Security menu
NOTE: You can view some of your configuration settings via the Configuration Summary screen
(Configuration > Network > Summary).

Outlet Groups on Configuration menu

Path: Configuration > Outlet Groups
This option is not available with all UPS devices. With it, you can display and configure your outlet and
sequencing delays.
See also Outlet Groups on Status menu, Outlet Groups on Control menu, and Shutdown on
Configuration menu.

What are Outlet Groups?

Outlet grouping is available on some UPS devices only. To determine whether your UPS device
supports outlet groups, see your UPS documentation.
The available settings differ based on the UPS device.

Main Outlet Groups. Some UPS devices provide AC utility power to one Main Outlet Group. The Main Outlet
Group controls the distribution of power to all Switched Outlet Groups (if present) for the UPS.
• If the Main Outlet Group is off, the Switched Outlet Groups cannot be turned on.
• If you turn off the Main Outlet Group, the UPS turns off the Switched Outlet Groups before it turns off
the Main Outlet Group.
• To turn on a Switched Outlet Group, the UPS must turn on the Main Outlet Group first.

Network Management Card 3 User Guide 28

Switched Outlet Groups.
• Each Switched Outlet can perform actions independently. You can start or stop these outlets in
sequence and also restart devices plugged into these outlets.

Configuring your Outlet Groups

Outlet group name and type. View the name, type, and delays of your UPS outlets on the Configuration -
Outlet Groups screen. Click the name of an outlet group under Group to change its settings including
sequencing delays and load shedding options.
Sequencing settings. Settings vary by UPS device. Use the sequencing options to define how the UPS will
respond to user-issued commands.

Field Description

When this outlet group is on, it waits this delay in seconds before turning off. By
Power Off Delay setting different times here for outlets, you can sequence their turn-offs, that is, you
can specify the order in which they turn off.
Reboot Duration The outlet waits this amount of time before rebooting.
When this outlet group is off and receives a signal to turn on, it waits this delay in
Power On Delay seconds before turning on. By setting different times here for outlets, you can
sequence their turn-ons.
Min Return The minimum amount of time the UPS must be able to support the load before it can
Runtime turn on again.

Load-shedding options. Load shedding enables you to specify conditions that cause individual Switched
Outlet Groups to lose power.
NOTE: If you are using PowerChute Network Shutdown to manage your UPS, it is not
recommended to use the NMC load-shedding options, which may conflict with the Outlet Group
settings specified in PowerChute.
An example of using load shedding would be for turning off non-critical loads like monitors when the UPS is
running on battery or is overloaded. This would preserve the battery charge and the runtime for essential
loads. Another example would be to disable an automatic restart after an overload in order to investigate the
cause of the overload before turning the outlet group back on.
The options enable you to shut down an outlet group when ANY of the conditions that you specify are met:
• When the time on battery exceeds a set number of minutes.
• When the runtime remaining of the UPS is less than a set number of minutes. (Runtime is how long the
UPS can use battery power to support its present load).
• The UPS is overloaded (the power demand of the devices connected to the UPS exceeds the amount
of power the UPS can provide).
You can also enable these actions:
• Skip outlet off delay. (Turn the outlet group off immediately, without waiting the number of seconds
configured as Power Off Delay. By default, this option is disabled.)
• Stay off after power returns. (Remain off when AC utility power returns. By default, this option is
disabled, and the UPS waits the number of seconds configured as Power On Delay, then turns on the
outlet groups.)

Network Management Card 3 User Guide 29

Outlet group events and traps. A change in the state of an outlet group generates the event UPS: Outlet
Group turned on with a severity of Informational, or UPS: Outlet Group turned off with a severity of
Warning. The format of event messages is “UPS: Outlet Group group_number, group_name, action due to
reason”. For example:

UPS: Outlet Group 1, Web Server, turned on.

UPS: Outlet Group 3, Printer, turned off.

By default, the event generates an Event Log entry, e-mail, and a Syslog message.
If you configure trap receivers for the events, trap 298 is generated when an outlet group turns on, and trap 299
is generated when an outlet group turns off. The event message is the trap argument. The default severity level
is the same as for the event.

Power Settings on Configuration menu

Path: Configuration > Power Settings

The path for UPS devices with the SRTL/SRYLF prefix with an embedded NMC is Configuration >
UPS > Power Settings.

The available settings differ based on the UPS device.

The Rated Output Voltage is the AC voltage the UPS supplies to the load, while the UPS is on battery. You
can configure the following types of device-specific items:
• Upper and Lower Voltage settings determine the ranges at which the UPS automatically regulates
battery output to the load. This protects the load.
When the upper voltage is breached, the UPS uses its AVR Trim feature; when the lower voltage is
breached, the UPS uses its AVR Boost feature (or it switches to battery operation if the UPS does not
have AVR Boost).
• Enabling Green Mode runs the UPS in bypass, which uses energy more efficiently. However, in green
mode the speed of transferring to the UPS battery power when necessary is slower. If your
environment needs a fast switching time, you can disable green mode.
• The UPS reacts to input power line noise by going on battery. The Sensitivity setting changes the time
the UPS takes to react to line noise. Use the Reduced and Low options to allow the UPS to accept a
noisy power input for a longer time, before going on battery. Use Low when the input power is known to
have a lot of noise on the line, e.g. input power supplied by a generator.
• Output Watt Rating: the maximum power rating to meet the requirements of your load devices
• Bypass settings define conditions under which the UPS can switch to bypass mode
• Alarm thresholds are based on available runtime and redundant power and on UPS load.
• Output Frequency Range: the range within which the UPS will continue to operate online without
switching to on battery.
• Output Frequency Slew Rate: the maximum amount that the output frequency can change over a
given time period when the UPS is acquiring phase lock with the input source. This is expressed in Hz/
s (Hertz / second).

Network Management Card 3 User Guide 30

Shutdown on Configuration menu
Path: Configuration > Shutdown

The path for UPS devices with the SRTL/SRYLF prefix with an embedded NMC is Configuration >
UPS > Shutdown.

Use this screen to configure the parameters of a UPS shutdown. See the table below and also Controlled
Early Shutdown and End of Shutdown.

Start of Shutdown
Define the delays and durations that are considered when a UPS shutdown is required.

Field Description

For a UPS on battery, this defines a runtime remaining threshold, below which a low
battery condition is triggered on the UPS. For example, if the Low Battery Duration is
set to ten minutes and the UPS predicted runtime remaining reaches ten minutes or
Low Battery below, a low battery condition is triggered. If input power is not restored to the UPS, it
Duration will turn off when the battery has exhausted.
A low battery condition will trigger a shutdown on all PowerChute Network Shutdown
clients associated with the NMC.
Calculates the delay needed to ensure that each PowerChute client has enough time
to shut down gracefully when the UPS or the PowerChute client initiates a graceful
shutdown.
Maximum • It is the longest shutdown delay needed by any server listed as a PowerChute
Required Delay Network Shutdown client.
• It is calculated whenever the management interface of the UPS turns on or is reset,
or when the Force Negotiation option is selected and you click Apply.
See Shutdown delays and PowerChute Network Shutdown.

Basic Signaling Shutdown.

Basic Signaling or “Simple Signaling” is a simple method of communication between a UPS and a server,
workstation or third party system. The Interface Expander 2 (AP9624) is a Smart Slot accessory that can
provide simple signaling for your UPS. UPS Simple Signaling can provide notification and graceful system
shutdown, but does not provide the continuous advanced monitoring features available with advanced or smart
signaling.
NOTE: If you are using PowerChute Network Shutdown, it is not recommended to use Basic
Signaling Shutdown. For certain UPS models, options such as Basic Shutdown Delay can impact
UPS shutdown and supersede the Low Battery Duration, which is used by PowerChute to calculate
the total shutdown time required.

Field Description

Enable Basic Signaling Shutdown if you have connected a server, workstation or third
Basic Signaling
party system to your UPS using a basic signaling cable. Enable it if your UPS does
Shutdown
not support advanced signaling, or is configured to communicate in basic signaling.

Network Management Card 3 User Guide 31

 Field Description

For a UPS on battery, this defines a runtime remaining threshold, below which a low
battery condition is triggered on the UPS. The UPS will then:
• Display the low battery notification on the UPS display.
Basic Low • Send the low battery notification from the UPS to connected devices via the simple
Battery Duration signaling cable.
If input power is not restored to the UPS, it will turn off when the battery has
exhausted. This duration is available for SMT, SMX, SRC, SURTD, and SRT Smart-
UPS models only.
Defines a specific duration that the UPS will wait before shutting down, following a
basic shutdown notification. When this duration elapses, the UPS will shut down,
Basic Shutdown irrespective of battery runtime remaining.
Delay
This delay is available for certain SMT, SMX, SRC, SURTD, and SRT Smart-UPS
models only.

Duration of Shutdown
Specify the length of time for which the UPS is powered off.

Field Description

Defines how long the UPS keeps its output power turned off when you issue a UPS/
Outlet Group Sleep command. When the UPS/Outlet Group turns off, it will turn back
on following the Sleep Time defined here, plus the Return Time or Power On Delay for
Sleep Time Outlet Groups. If utility power has not been restored at this point, the UPS will wait
until it is restored to turn back on. See Outlet Groups on Configuration menu.
The Sleep command can be issued via the UPS display, the UPS on Control menu,
via SNMP command or via PowerChute Business Edition.

PowerChute Shutdown Parameters

Specify the shutdown parameters used by PowerChute Network Shutdown.

Field Description

Enabling Force Negotiation resets the Maximum Required Delay value to match the
Low Battery Duration. An updated status packet is sent by the NMC to all of the
registered PowerChute agents. PowerChute then compares the Low Battery Duration
sent in that packet to its total required shutdown time and increases the Maximum
Required Delay accordingly, or the Power Off Delay for the Outlet Group with which it
is registered.
Maximum PowerChute does a runtime remaining verification check every 30 seconds, which
Required Delay - compares the PowerChute total shutdown time required to the NMC Low Battery
Force Negotiation Duration.
Selecting Force Negotiation will reset the Power Off Delay for all Outlet Groups to the
same value as Low Battery Duration.
Force Negotiation can take up to ten minutes to calculate the value required by all of
the PowerChute clients registered on the NMC. For more information see Shutdown
delays and PowerChute Network Shutdown.

Network Management Card 3 User Guide 32

 Field Description

Define the behavior of the UPS following a shutdown:

On-Battery • Restart when power is restored - When utility power is restored, restart the UPS.
Shutdown • Turn off and stay off - The UPS remains off, even if the utility power is restored.
Behavior • Ignore PCNS shutdown commands - The UPS will shut down and ignore any
configured PowerChute shutdown commands.
User Name Enter the user name to be used for PowerChute.
Authentication This phrase is used for authentication between PowerChute and the NMC. The
Phrase phrase is empty by default, and must be set before you can enable PowerChute.
PCNS
Select the communication protocol to communicate with PowerChute: HTTPS or
Communication
HTTP.
Protocols

Controlled Early Shutdown and End of Shutdown.

These options are not available for all UPS devices. These options are not available for SMT, SMX,
SRC, SURTD, or SRT Smart-UPS models. To control early shutdown of outlet groups for these
models, see Load-shedding options.
The Controlled Early Shutdown options enable you to shut down a UPS device on battery when ANY of the
conditions that you specify are met:
• When the time on battery exceeds a set number of minutes.
• When the runtime remaining of the UPS is less than a set number of minutes. (Runtime is how long the
UPS can use battery power to support its present load).
• When the battery charge is less than a set percentage of its total capacity.
• When the load on the UPS output is less than a set percentage.
With Stay off after power returns, you can also decide whether the UPS turns back on, or not, after AC utility
power is restored.
The End of Shutdown options enable you to set a condition and a delay time for when a UPS can turn back
on after AC utility power is restored. Depending on the UPS model, you can specify a Minimum Battery
Capacity or Min Return Runtime, before the UPS will turn back on.

Network Management Card 3 User Guide 33

Shutdown delays and PowerChute Network Shutdown.
The following section describes how the Low Battery Duration, Maximum Required Delay and Outlet Group
Power Off Delays impact the PowerChute shutdown sequence.
For more information on PowerChute shutdown sequences, see the User Guide.
For both types of UPS, with and without Outlet Groups, the shutdown time is negotiated by the
NMC interacting with PowerChute Network Shutdown, as follows:
UPS without Outlet Groups. For a UPS with NO outlet groups, the UPS shutdown time is the greater of the
Maximum Required Delay or Low Battery Duration values on the NMC Shutdown screen, plus a non-
configurable 2 minute delay, plus the shutdown delay for the UPS.

UPS turn off starts UPS Off

Low Battery Duration or Non-configurable UPS

Maximum Required Delay two minute delay Shutdown
Delay

UPS without outlet groups -Shutdown time in minutes

Notes:
•If a shutdown has been triggered by a Low Battery condition, the Low Battery Duration value takes
precedence over Maximum Required Delay.
•As an exception, UPS models with the prefix SUM that have Outlet Groups use the UPS without
Outlet Groups method to calculate the UPS shutdown time.
UPS with Outlet Groups. For a UPS WITH outlet groups, the shutdown time is the Power Off Delay value
on the NMC Outlet Groups screen, see Outlet Groups on Configuration menu. (Not available with all UPS
devices).
Outlet Group turn off Outlet Group off
starts

Outlet Group Power Off Delay

(NMC Outlet Groups screen)

UPS with Outlet Groups - shutdown time in minutes

Network Management Card 3 User Guide 34

 Notes:
For more information on PowerChute shutdown sequences, see “Sample Shutdown Scenarios” in
the PowerChute Network Shutdown User Guide.
During the comparison of the PowerChute Required Shutdown time and the NMC Maximum
Required Delay/Outlet Group Power Off Delay, the largest value is used. For example, if the
PowerChute client command line shutdown duration is set to 8 minutes, but the UPS Low Battery
Duration is 10 minutes, the NMC will use the larger value of 10 minutes for the Maximum Required
Delay.
In Forced Negotiation, the NMC polls the PowerChute Clients to get their required shutdown time.
As a result it can take up to ten minutes for the Maximum Required Delay/Outlet Group Power Off
delay values to update.
PowerChute never changes the NMC Low Battery Duration field value.
With PowerChute Network Shutdown v3.x or higher, the Maximum Required Delay value is never
used by the NMC for a UPS with outlet groups.

UPS General screen

Path: Configuration > UPS

The path for UPS devices with the SRTL/SRYLF prefix with an embedded NMC is Configuration >
UPS > General.
This screen is not available for all UPS devices.
Some of the options explained below might NOT display for some UPS devices.

Field Description

UPS Name A name to identify the UPS.

UPS Position The physical orientation of the UPS, rack or tower.
Enable or disable the audible alarm of the UPS, and, for some UPS
Audible Alarm
devices, define the condition that will cause the alarm to sound.
LCD Language
Specify which language you want to use for your UPS display.
Preference
Disable or enable write-access to the UPS display interface.
LCD Display When disabled, the user still has read-access to most screens, but not to
sub-screens on the Control and Configuration menus.
Battery Health Alarm Sets the number of days before the critical battery replacement alarm is
Warning Time displayed on the UPS LCD. Set to -1 to display no notification warning.
Sets the number of days that the UPS LCD battery alarm should sleep
Battery Health Alarm
before it is displayed, after it is first acknowledged. Set to -1 to display no
Sleep Time
further warnings once the warning is first acknowledged.

Network Management Card 3 User Guide 35

 Field Description

Specify the level of access allowed to the UPS device’s LCD display:
• Locked: All menu items at the LCD display are greyed out except
Status, Configuration, Logs, and About and you cannot make any
configuration changes.
User Mode
• Unlocked: All menu items at the LCD display are accessible.
• Authentication needed: You must provide the UPS device’s
username and password to make any configuration changes via the
LCD display.
Last Battery
Enter the month and year of the most recent UPS battery replacement.
Replacement

Number of Batteries The number of batteries, excluding built-in batteries, that the UPS has.
Some devices that have more than 16 batteries must add batteries in
or
quantities of 16 (e.g., 16, 32, 48, etc.), but can then be adjusted to the
External Batteries correct value.
External Battery
The battery cabinet Amp-Hour rating of an external battery source.
Cabinet
With this field, you can change the speed by which the UPS batteries are
charged, in percentage terms. Here, 100% represents the manufacturer's
recommended rate of charge. For example, to double the charge rate set
this value to 200%.
For example, when the Battery Charger Rate is set to 100%:
• If total battery capacity is increased, the battery charging current
supplied by the UPS battery charger will automatically increase to meet
the 100% charger rate - you do not need to change the Charger Rate.
Battery Charger Rate
• If total battery capacity is decreased, the battery charging current
supplied by the UPS battery charger will automatically decrease to
meet the 100% charger rate - you do not need to change the Charger
Rate.
See your UPS User Guide for more information on Battery Capacity.
Caution: Charging at too high a rate can result in boiling and/or venting of
electrolytes and/or high gas pressure. Do not change this setting unless
you have strong background knowledge in this area.
Indicate the battery type where VRLA is Valve Regulated Lead Acid and
Battery Type
Vented Cell is a wet cell type battery (as used in cars).
Use this setting to specify the total capacity of your UPS batteries,
between 7 and 200 ampere hours (Ah). This is used to estimate runtime
and determine the current needed to charge the batteries. If your UPS has
Total Battery Capacity
the Total Battery Capacity option available, update the value for Total
Battery Capacity when you add batteries to or remove batteries from your
UPS. See your UPS User Guide for more information on Battery Capacity.

Network Management Card 3 User Guide 36

Self-Test Schedule screen
Path: UPS > Configuration > Self-Test Schedule

The path for UPS devices with the SRTL/SRYLF prefix with an embedded NMC is Configuration >
UPS > Self-Test Schedule.

Use this option to define when your UPS will initiate a self-test.

Shutdown Scheduling
Path: Configuration > Scheduling

The path for UPS devices with the SRTL/SRYLF prefix with an embedded NMC is Configuration >
UPS > Scheduling.

This option is not available for all UPS devices. Self-test schedule options are not the same for all
UPS devices.

NOTE: Do not create shutdown schedules that overlap. An example of an overlapping shutdown
schedule is a Weekly Shutdown set from 8pm to 9pm, and a One-time Shutdown set from 8.10pm
to 8.30pm. Overlapping shutdown schedules result in unknown and untested behavior.

For both the UPS and outlet group options

You can schedule a shutdown for a UPS device under UPS or for an individual Switched Outlet Group (if
applicable) under outlet groups.
Any configured shutdown schedules display along the top of the screen when you select UPS or outlet
groups, with relevant details, including whether they are currently enabled or disabled.
Edit, Enable, Disable, or Delete a Scheduled Shutdown. Click the schedule name in the list of
schedules along the top of either the UPS or outlet groups screen. This displays the complete details where
you can edit the parameters. This includes disabling it temporarily by clearing the Enable check box, or
deleting it permanently.
Creating a UPS or a Switched Outlet Group shutdown schedule.
1. Under Scheduling, select either UPS or outlet group.
2. Use the radio buttons to select the type of shutdown to schedule, One-time Shutdown, Daily
Shutdown, or Weekly Shutdown, and click the Next button.
3. To disable a schedule temporarily, clear the Enable check box.
4. Specify a name, and a schedule date and time.
For a weekly shutdown, specify the frequency using the drop-down box.
5. Specify whether the device or outlet group should turn back on after the shutdown:
Turn back on: Specify whether the UPS will turn on at a specific day and time, Never (the UPS must
be turned on manually), or Immediately (the UPS will turn on after waiting 6 minutes).
For an outlet group only, specify the group to shut down by selecting the appropriate button.

Network Management Card 3 User Guide 37

Signal PowerChute Network Shutdown Clients: Specify whether to notify PowerChute clients, see
PowerChute Network Shutdown clients.
This option enables you to use the PowerChute Network Shutdown utility to shut down a maximum
of 50 servers on the network that use a client version of the utility.

Firmware Update screens

Path: Configuration > Firmware Update

The path for UPS devices with the SRTL/SRYLF prefix with an embedded NMC is Configuration >
UPS > Firmware Update > Upload.
This option is not available for all UPS devices.
The update here refers to the firmware on the UPS. Do not confuse this with an NMC firmware
upgrade (For more information, see NMC Firmware Upgrades).
Follow the instructions on the Firmware Update screen to determine if the output of your UPS
needs to be turned off in advance of a firmware update. This is specific to the UPS model.

NOTE: To view the Firmware Update screen with Internet Explorer ®, use version 10 or higher,
with compatibility view turned off. The Firmware Update screen is not compatible with the Edge ®
browser.
Follow these steps to update the firmware. (See also Update the UPS firmware from a USB drive (AP9641,
AP9643, and embedded NMC devices only) and Using FTP to update the UPS firmware for alternative
ways).
1. See the Knowledge Base article IDs FA164737 and FA170679 for information on obtaining a firmware
update file and further instructions.
2. Choose Configuration > Firmware Update.
3. Click on the button to locate the downloaded update file on your computer.
4. Click the Update UPS button to update the UPS firmware.
5. When the update finishes, check the status under Last Update Result and Current Version, or in the
Event Log.

Network Management Card 3 User Guide 38

Update the UPS firmware from a USB drive (AP9641, AP9643, and embedded NMC
devices only)
Before updating the UPS firmware, make sure the USB drive supports USB v1.1, and is in FAT, FAT16 or
FAT32 format.
1. Insert a USB drive into the USB port on your computer.
2. Visit the Knowledge Base article IDs FA164737 and FA170679 to download the correct firmware
update file for your UPS, and save the file to the root of the USB drive, or to a
/upsfw/ directory on the USB drive.
3. Eject the USB drive containing the firmware file from your computer, and insert it into the USB port of
the NMC.
4. Open the NMC web interface and go to Configuration > Firmware Update.
5. Select the firmware file from the drop-down list under the Update from USB drive pane.
6. Click the Update UPS button to update the UPS firmware.
NOTE: Firmware update can take a few minutes. Do not remove the USB drive from the
NMC until the UPS firmware update has completed. If you remove the USB drive before
completion, the firmware update will not be successful.
7. When the update finishes, check the status under Last Update Result or in the Event Log.

Update the UPS firmware from the NMC

Follow these steps to update the firmware:
1. See the Knowledge Base article IDs FA164737 and FA170679 for information on obtaining a firmware
update file and further instructions.
2. SCP or FTP the update file onto the card’s root directory. For example: scp <firmware_file>.enc
<nmc_username>@<nmc_ip_address>:<firmware_file>.enc
3. Open the NMC web interface and go to Configuration > Firmware Update.
4. Select the firmware file from the drop-down list under the Update from NMC pane.
5. Click the Update UPS button to update the UPS firmware.
6. When the update finishes, check the status under Last Update Result or in the Event Log.

Using FTP to update the UPS firmware

If you have updates to make on many UPS devices, it can be quicker to use FTP. The steps below show an
example of how to do this. This is an alternative to updating from the Firmware Update screens.
NOTE: FTP is disabled by default and must be enabled before continuing. See FTP Server
screen.

1. See the Knowledge Base article IDs FA164737 and FA170679 for information on obtaining a firmware
update file and further instructions.
2. FTP the update file onto the card’s upsfw directory to start the firmware update process.
The FTP firmware transfer might be aborted if the update file is corrupted or not applicable to the UPS.
Here's an example of loading an update file using the DOS FTP command:
$ ftp <NMC Network Address Here>
Connected to <NMC Network Address>.
220 AP9641 Network Management Card AOS vX.Y.Z FTP server ready.

Network Management Card 3 User Guide 39

 User (<NMC Network Address>:(none)): apc
331 User name okay, need password.
Password:
230 User logged in, proceed.
ftp> bin
200 TYPE Command okay.
ftp> hash
Hash mark printing On ftp:(2048 bytes/hash mark).
ftp> cd upsfw
250 CWD requested file action okay, completed.
ftp> put “<Path to UPS Firmware File>”
200 PORT Command okay.
150 File status okay; about to open data connection.
226 Closing data connection.
ftp: 121984 bytes sent in 1.39Seconds 87.70Kbytes/sec.
ftp> quit
221 Goodbye.
3. When the update finishes, check the status under Last Update Result on the firmware update page of
the web interface or in the Event Log.

Firmware Update Settings Configuration screen

Path: Configuration > UPS > Firmware Update > Settings

The options below are only applicable for UPS devices with the SRTL/SRYLF prefix with an
embedded NMC.

Specify when to switch to the new UPS firmware: only in manual bypass or when the output power is off after
download (not supported on all UPS devices / UPS firmware revisions), only when output power is off after
download, or manually.

PowerChute Network Shutdown clients

Path: UPS > Configuration > PowerChute
PowerChute Network Shutdown can shut down your UPS devices remotely.
When you install a PowerChute Network Shutdown client on your network, it is added to this list automatically.
When you uninstall a PowerChute Network Shutdown client, it is removed automatically.
Click Add Client to enter the IP address of a new PowerChute Network Shutdown client. To delete a client,
click the IP address of that client in the list, and then click Delete Client. The list can contain the IP addresses
of up to 50 clients.
With outlet groups, you also have to specify which outlet group is supplying power to the PowerChute client.

NOTE: PowerChute cannot connect to the NMC if HTTP is disabled on the NMC. See Web access
screen to enable HTTP or HTTPS.

Network Management Card 3 User Guide 40

Universal I/O screens
The Universal I/O menu is relevant when you have installed the temperature and humidity sensors
(AP9335T/ TH), the Dry Contact I/O Accessory (AP9810), or the Spot Fluid Sensor (NBES0301).
Using these is often referred to as environmental monitoring.

Temperature and Humidity screen

Path: Universal I/O > Temp & Humidity
This displays the name, alarm status, temperature, and humidity (if supported) for each sensor. Click the name
of a sensor to edit the name and location and to configure its thresholds and its hysteresis.
Thresholds. For each sensor, you set the thresholds for temperature and (if supported) humidity measured at
the sensor. When a threshold is breached, the alarm signals.
High and Low are warning messages. Maximum and Minimum are critical, they must be dealt with.
Hysteresis. Use the Hysteresis value to avoid getting alarms repeatedly for the same violation of the
temperature or humidity threshold.
When the temperature or humidity that causes a violation tends to waver slightly up and down, it can
repeatedly trigger the alarm. A greater hysteresis value can prevent this.
If the hysteresis value is not great enough, the wavering can first cause a threshold violation and then clear it,
meaning the alarm can be triggered several times. See the examples below, after noting the following.
• For maximum and high threshold violations, the clearing point for the alarm is the threshold minus the
hysteresis value you input.
• For minimum and low threshold violations, the clearing point is the threshold plus the hysteresis value.
Example of rising but wavering humidity: Say the maximum humidity threshold is 65%, and the humidity
hysteresis is 10%. Then, the humidity rises above 65%, causing an alarm. It then wavers down to 60% and up
to 70% repeatedly, but — because of the 10% hysteresis value — the alarm is not cleared and therefore no
new alarm occurs. For the existing alarm to clear, the humidity would have to drop below 55% (which is 65%
minus 10%).
Example of falling but wavering temperature: Say the minimum temperature threshold is 12°C, and the
temperature hysteresis is 2°C. Then the temperature drops below 12°C, causing an alarm. It then wavers back
up to 13°C and then down to 11°C repeatedly, but — because of the 2°C hysteresis value — the alarm is not
cleared and therefore no new alarm occurs. For the existing alarm to clear, the temperature would have to rise
above 14°C (which is 12°C plus 2°C).

Input Contacts screen

Path: Universal I/O > Input Contacts
Input Contacts displays the name, alarm status, and state (open or closed) of each contact. These are
automatically found and displayed here when you install the environmental accessory.

Network Management Card 3 User Guide 41

Click the name of an input contact for detailed status or to configure its values. When disabled, the contact
generates no alarm even when it is in the abnormal position. Other fields are discussed below:

Field Description

Alarm Normal if this input contact is not reporting an alarm, or the severity of the alarm if this
Status input contact is reporting an alarm. If not enabled for a contact, it displays Disabled.
State The present state of this input contact: Closed or Open.
Normal
The normal (non-alarm) state of this input contact: Closed or Open.
State
The severity of the alarm that the abnormal state of this input contact generates:
Severity
Warning or Critical.

Output Relay screen

Path: Universal I/O > Output Relay
Output Relay displays the name and state (open or closed) of each relay. These are automatically found and
displayed here when you install the environmental accessory.
Click the name of an input contact for detailed status or to configure its values. The fields are discussed below:

Field Description

State The current state of this output relay: Closed or Open.

Normal
The normal (non-alarm) state of this output relay: Closed or Open.
State
Control To change the current state of this output relay, select this check box and click Apply.
The number of seconds a selected alarm condition must exist before the output relay
is activated. Use this setting to avoid activating an alarm for brief transient conditions.
Delay
If additional mapped alarms occur after the delay begins, the delay does not restart
but continues counting down until the output relay is activated.
The minimum number of seconds the output relay remains activated after the alarm
occurs.
Hold
Even if the activating alarm condition is corrected, the output relay remains activated
until this time period expires.

Fluid Sensor screen

Path: Universal I/O > Fluid Sensor
Fluid Sensor displays the name and state (Fluid Detected or No Fluid) of each sensor. These are
automatically found and displayed here when you install the environmental accessory.
Click the name of a fluid sensor for detailed status or to configure its values. The fields are discussed below:

Field Description

Alarm Normal if this fluid sensor is not reporting an alarm, or Critical if this fluid sensor is
Status reporting an alarm. If not enabled for a fluid sensor, it displays Disabled.
State The state of this sensor: Fluid Detected or No Fluid.

Network Management Card 3 User Guide 42

Configuring the Control Policy
Path: Universal I/O > Control Policy
On an AP9641 or AP9643 NMC with connected Dry Contact I/O Accessories (AP9810), you can:
• configure output relays to open or close based on UPS events and input contacts, see Configuring an
output to respond to an event
• configure the UPS to take action based on input contacts, see Configuring the UPS or output to
respond to an input alarm

Not all UPS devices can be configured to respond to input contacts.

Configuring an output to respond to an event.

1. From the Configuration menu, select Universal I/O and Control Policy.
2. Click the Add Policy button.
3. Click a category or sub-category name to view corresponding events.
4. To configure, click an event name, select the output relay check box that will change state when this
event occurs, and click Save Policy.

Configuring the UPS or output to respond to an input alarm.

1. From the Configuration menu, select Universal I/O and Control Policy.
2. Click the Add Policy button.
3. Click the I/O Contact sub-category.
4. Choose the event with the same severity as the input contact. For example, if the severity of the input
contact is critical, then choose the critical event.
The NMC supports up to four inputs. You must specify the input that will be associated with this event.
5. In the Port drop-down list, select the Universal Sensor Port number (1 or 2) to which the Dry Contact I/
O Accessory is installed.
6. In the Zone drop-down list, select the zone letter (A or B) of the contact to which the input is installed.
7. Define the action the UPS will perform (if any) when the input changes state.
8. Select the output that will open or close (if any).
9. Click Save Policy.
The action you configure occurs once.
If you restore the output to its normal state before the alarm condition clears, the output will not
open or close again unless the alarm condition clears and then reoccurs.

Network Management Card 3 User Guide 43

Security menu
Session Management screen
Path: Configuration > Security > Session Management
Enabling Allow Concurrent Logins means that two or more users can log on at the same time. Each user has
equal access and each interface (HTTP, FTP, telnet console, serial console (CLI), etc.) counts as a logged-in
user. Allow Concurrent Logins allows a maximum of eight users logged into the web interface, five users
logged into the CLI and one user logged into the serial console at the same time.
Remote Authentication Override: The NMC supports several remote authentication protocols. However, if
you enable this override, the NMC will allow a local user to log on using the password for the NMC that is
stored locally on the NMC. See also Local Users and Remote Users authentication.

Ping Response
Path: Configuration > Security > Ping Response
Enable the IPv4 Ping Response check box to allow the Network Management Card 3 to respond to network
pings. This does not apply to IPv6.

Local Users
Use these menu options to view, and to set up access and individual preferences (like displayed date format),
to the NMC user interfaces. This applies to users as defined by their logon name.
Path: Configuration > Security > Local Users > Management

Setting user access. With this option an administrator or super user can list and configure the users allowed
access to the UI. Click on the name link to view details, and to edit or delete a user.
Click on Add User to add a user. On the resulting User Configuration screen, you can add a user and
withhold access by clearing the Access check box. The maximum length for both the name and password is
64 bytes, with less for multi-byte characters. You have to enter a password.

Values greater than 64 bytes in Name and Password might get truncated.
To change a Super User setting, you must enter the current password. Passwords can be no longer
than 64 ASCII characters.
Use Session Timeout to configure the time that this UI waits before logging off this user (three minutes by
default). If you change this value, you must log off for the change to take effect.
Serial Remote Authentication Override: By selecting this, you can bypass remote authentication protocols
by using the serial console (CLI) connection. This screen enables it for the selected user, but it must also be
enabled globally to work, through Session Management screen.
For more information, see Configuration > Security > Local Users > Default Settings below. For
background information on accounts see Types of user accounts.

Network Management Card 3 User Guide 44

User Preferences. Select the Event Log Color Coding check box to enable color-coding of alarm text
recorded in the Event Log. (System-event entries and configuration-change entries do not change color).

Text Color Alarm Severity

Red Critical: A critical alarm exists, which requires immediate action.
Warning: An alarm condition requires attention and could jeopardize your data or
Orange
equipment if its cause is not addressed.
Green Alarm Cleared: The conditions that caused the alarm have improved.
Normal: No alarms are present. The Network Management Card and all connected
Black
devices are operating normally.
Informational: An alarm to provide information. The Network Management Card and all
Blue
connected devices are operating normally.

Export Log Format: Exported log files can be formatted using CSV (comma-separate values), or tabs. See To
display the Event Log.
Select the temperature scale for measurements in this UI. US Customary corresponds to Fahrenheit and
Metric corresponds to Celsius.
You can specify the default language for the UI with the Language field. This can be set when you log on also.
You can also specify different languages for e-mail recipients and SNMP trap receivers. For more
information, see E-mail recipients and Trap Receivers.

Path: Configuration > Security > Local Users > Default Settings
Setting up defaults can make adding users quicker. Use this option to set defaults for the many options on the
Management screen, see Configuration > Security > Local Users > Management above.

Remote Users authentication

Path: Configuration > Security > Remote Users > Authentication

Authentication. Specify how you want users to be authenticated at logon.

For information about local authentication (not using the centralized authentication of a RADIUS
server), see the Security Handbook.

The following authentication and authorization functions of LDAP (Lightweight Directory Access Protocol),
RADIUS (Remote Authentication Dial-In User Service), and TACACS+ (Terminal Access Controller Access
Control System) are supported:
• When a user accesses the NMC or other network-enabled device that has RADIUS or TACACS+
enabled, an authentication request is sent to the server to determine the user’s permission level.
• LDAP, RADIUS, and TACACS+ user names are limited to 64 characters with the NMC.

Network Management Card 3 User Guide 45

See the options below for authentication method:

Setting Description

Specify if and when the local user database is checked:

First: The local user database is always checked first. If the username is found, then
the password is checked and the login either succeeds or fails. If the username is not
found, then remote authentication, if enabled, is used.
Last: The local user database is checked after attempting remote authentication if
there is an error contacting the remote authentication server. When remote
Local User authentication is off, this behaves the same as First.
Authentication Off: The local user database is never checked.
NOTE: Setting this to Off is not recommended as it can result in being permanently
locked out of the NMC if the remote authentication server goes down or is
misconfigured on the NMC. If Off is used, it is strongly recommended to enable the
Remote Authentication Override setting and to set the Serial Remote Authentication
Override option for the super user or an administrator.
Note: If both Local and Remote User Authentication settings are set to Off, then Local
User Authentication will automatically be set to First.
Specify which, if any, remote authentication protocol is used:
Off: Do not use remote user authentication and always perform local user
authentication.
RADIUS: Remote user authentication will use RADIUS.
Note: The message "No configured RADIUS servers have been added." indicates that
you must add a properly configured RADIUS server so that RADIUS authentication can
Remote User operate.
Authentication TACACS+: Remote user authentication will use TACACS+.
Note: The message "No configured TACACS+ servers have been added." indicates
that you must add a properly configured TACACS+ server so that TACACS+
authentication can operate.
LDAP: Remote user authentication will use LDAP.
NOTE: The message "No configured LDAP servers have been added." indicates that
you must properly configure LDAP so that LDAP authentication can operate.

If Local Authentication is set to Off, and the authentication servers are unavailable,
improperly identified, or improperly configured, remote access is unavailable to all users. To
regain access, you must use a serial connection to the command line interface and change
the access setting to local, radiusLocal or tacacs+Local
For example, the command to change the access setting to local would be:
userauth -a local
For RADIUS server, see RADIUS screen below and Configuring the RADIUS Server.
For TACACS+ server, see TACACS+ screen below and Configuring the TACACS+ Server.
For LDAP server, see LDAP screen below and Configuring the LDAP Server.

Network Management Card 3 User Guide 46

LDAP screen
Path: Path: Configuration > Security > Remote Users > LDAP
You can set up the device to use an LDAP server to authenticate remote users. Two common examples of this
are Microsoft Active Directory and OpenLDAP. Authentication is always performed using a simple bind request
over a TLS connection. Ensure that the LDAP server's CA certificate is installed in order for the TLS
connection to the LDAP server to complete.

LDAP Setting Description

An LDAP URI representing the location of a user object to initially bind to. This user
object must have permission to search the LDAP database for users. During a user
login attempt, the LDAP server in this URI is connected to and a bind to the DN is
performed with the password provided in "Search User Password". If this bind is
successful, the user attempting to login is then searched for.
This LDAP URI must include a scheme of either "ldap" or "ldaps". When "ldaps" is
used, then the TLS connection is implicit and the TCP connection defaults to using port
636. When "ldap" is used, then the TLS connection is initiated by sending a StartTLS
request and the TCP connection defaults to using port 389. Use of "ldaps" is non-
standard and discouraged.
This LDAP URI may include the address of the LDAP server and optionally the port
number. The DN of the search user object follows. If the search user DN ends with DC
components, then a DNS lookup of the SRV record for the LDAP service at this domain
is performed. If the SRV record is found, then it is used instead of the host specified in
the URI. If the SRV record is not found, then the host specified in the URI is used. The
host component of the URI may be omitted if the SRV record for LDAP is known to
exist.
If the DN is omitted, then the host component must be present and an anonymous bind
is performed.
Examples:
Search User URI • "ldap://ldap.domain.com/CN=searchuser,OU=users,DC=domain,DC=com
If DNS is available, a DNS lookup of the SRV record for the LDAP service at
domain.com is performed. If it is found, then it is connected to. If it is not found, then
"ldap.domain.com" at port 389 is connected to. TLS is then established after
sending a StartTLS request, and then a bind to the object
"CN=searchuser,OU=users,DC=domain,DC=com" with the password specified in
Search User Password is performed. From here a search for the user logging in is
performed.
• "ldap:///CN=searchuser,OU=users,DC=domain,DC=com
If DNS is available, a DNS lookup of the SRV record for the LDAP service at
domain.com is performed. If it is found, then it is connected to. If it is not found, then
no connection is made because the host component of the URI is omitted and LDAP
authentication cannot proceed. If the connection is successful, then StartTLS, bind,
and search are performed as described above.
• "ldaps://ldap.domain.com
"ldap.domain.com" at port 636 is connected to and a TLS handshake is immediately
performed without sending a StartTLS request. If this succeeds, then an anonymous
bind is performed. From here a search for the user logging in is performed.
• "ldap://ldap.domain.com:42/CN=searchuser,OU=users,DC=domain,DC=com
• This is the same as the first example except that if the SRV record is not found then
"ldap.domain.com" at port 42 is connected to.

Network Management Card 3 User Guide 47

 LDAP Setting Description

The password to use in the initial bind request to the search user as described
Search User
above. If left blank, then either an anonymous or unauthenticated bind is
Password
performed depending on whether or not a search user DN is provided.
The timeout in seconds to use when connecting to and communicating with the
LDAP server. The initial TCP connection must complete within this amount of
time. If it does, then each LDAP response from the server must be received
Reply Timeout within this amount of time following each LDAP request. Because a single
LDAP authentication can consist of multiple requests (and even to multiple
servers if referrals are chased) the overall authentication time may end up
being much longer than the timeout value specified here.
This is the DN of the base object entry under which all users who login must
Users Base DN
exist.
This is the DN of the base object entry under which the user groups specified in
Groups Base DN
the following settings must exist.
This is the common name (CN) of the LDAP group to which NMC
Admins Group
Administrators are members of. If the user logging in is a member of this group,
Name
then the user is granted Administrator access.
This is the common name (CN) of the LDAP group to which NMC Device Users
Device Users
are members of. If the user logging in is a member of this group, then the user
Group Name
is granted Device User access.
This is the common name (CN) of the LDAP group to which NMC Network
Network Users
Users are members of. If the user logging in is a member of this group, then the
Group Name
user is granted Network User access.
This is the common name (CN) of the LDAP group to which NMC Read Only
Read Only Users
Users are members of. If the user logging in is a member of this group, then the
Group Name
user is granted Read Only User access.
If this is enabled, then LDAP directories containing users of the "User" class
Active Directory
and groups of the "Group" class following the standard Active Directory
Schema
schema will be supported.
If this is enabled, then LDAP directories containing users of the "posixAccount"
RFC2307 POSIX
class and groups of the "posixGroup" class following the schema defined in
Schema
RFC 2307 will be supported.
If this is enabled, then LDAP directories containing users of the "uidObject"
RFC4519 User class and groups of either the "groupOfNames" class or the
Schema "groupOfUniqueNames" class following the schema defined in RFC 4519 will
be supported.
RFC2798 If this is enabled, then LDAP directories containing users of the
inetOrgPerson "inetOrgPerson" class as defined in RFC 2798 will be supported.
If this is enabled, then LDAP directories containing users of classes that do not
Custom User conform to any of the supported classes above can be supported. When this is
Class enabled, the settings Custom User Class Name and Custom User Username Attr
must be provided, and Custom User Group Number Attr may optionally be provided.

Network Management Card 3 User Guide 48

 LDAP Setting Description

If this is enabled, then LDAP directories containing groups of classes that do

not conform to any of the supported classes above can be supported. When
Custom Group this is enabled, the settings Custom Group Class Name and Custom Group
Class Member Attr must be provided, and Custom Group Number Attr may
optionally be provided. Custom Group Member Type must also be set
correctly.
Custom User This is the name of the object class that user entries belong to. It is only used
Class Name when Custom User Class is enabled.
This is the name of the attribute that contains a user's username for the object
Custom User
class specified by Custom User Class Name. It is only used when Custom
Username Attr
User Class is enabled.
This is the name of the attribute that contains the group number for a user's
Custom User
primary group for the object class specified by Custom User Class Name.
Group Number
Attr
This is optional, and only used when Custom User Class is enabled. It is used
the same way as the "gidNumber" attribute in the "posixAccount" class.
Custom Group This is the name of the object class that group entries belong to. It is only used
Class Name when Custom Group Class is enabled.
This is the name of the attribute that contains the members of the group for the
object class specified by Custom Group Class Name. It is only used when
Custom Group
Custom Group Class is enabled. When Custom Group Member Type is set
Member Attr
to "DN", then the values in this attribute are DNs. When it is set to "User
Name", then the values in this attribute are user names.
This is the name of the attribute that contains the group number of the group for the
Custom Group object class specified by Custom Group Class Name. This is optional, and only used
Number Attr when Custom Group Class is enabled. It is used the same way as the "gidNumber"
attribute in the "posixGroup" class.
This specifies how members of the group for the object class specified by
Custom Group
Custom Group Class Name are specified. It can be set to either "DN" or "User
Member Type
Name".
Enter the username and password of any account on the server to test the
newly configured settings before applying them. If the user successfully
Test Settings
authenticates and is a member of at least one of the specified groups, then the
settings are applied. Otherwise, they are not applied.
Skip Test and
Applies the settings without first performing a test authentication.
Apply

See also Remote Users authentication above.

Network Management Card 3 User Guide 49

Configuring the LDAP Server
Configuration of an OpenLDAP, Active Directory, or other LDAP server is beyond the scope of this document.
As mentioned in the Settings descriptions above, the most common schemas are supported by default,
including Active Directory users and groups, the POSIX schema defined in RFC2307, the User Schema
defined in RFC4519, and the inetOrgPerson user class defined in RFC2798. If configuring a new server, it is
recommended that one of these schemas is chosen. Ensure that groups are created for each NMC user type
that you wish to support, and that users are added to them accordingly.

RADIUS screen
Path: Configuration > Security > Remote Users > RADIUS
You can use a RADIUS server to authenticate remote users.Use this option to do the following:
• List the RADIUS servers (a maximum of two) available to the NMC and the time-out period for each.
• Configure the authentication parameters for a new or existing RADIUS server by clicking on a Radius
Server link.

RADIUS Setting Description

RADIUS Server The server name or IP address of the primary or secondary RADIUS server.
The port number of the primary or secondary RADIUS server.
Port NOTE: RADIUS servers use port 1812 by default to authenticate users. The
NMC supports ports 1 to 65535.
Secret The shared secret between the RADIUS server and the NMC.
The time in seconds that the NMC waits for a response from the RADIUS
Reply Timeout
server.
Enter the Administrator user name and password in order to test the RADIUS
Test Settings
server path that you have configured.
Skip Test and
Do not test the RADIUS server path.
Apply

See also Remote Users authentication above and Configuring the RADIUS Server below.

Configuring the RADIUS Server

Summary of the configuration procedure.
You must configure your RADIUS server to work with the NMC, see the steps below.
For examples of the RADIUS users file with Vendor Specific Attributes (VSAs) and an example of
an entry in the dictionary file on the RADIUS server, see the Security Handbook.
1.Add the IP address of the NMC to the RADIUS server client list (file).
2. Users must be configured with Service-Type attributes unless Vendor Specific Attributes (VSAs) are
defined. If no Service-Type attributes are configured, users will have read-only access (on the Web UI
only).
See your RADIUS server documentation for information about the RADIUS users file, and
see the Security Handbook for an example.

Network Management Card 3 User Guide 50

 3. VSAs can be used instead of the Service-Type attributes provided by the RADIUS server.
VSAs require a dictionary entry and a RADIUS user’s file. In the dictionary file, define the names for the
ATTRIBUTE and VALUE keywords, but not for the numeric values. If you change numeric values,
RADIUS authentication and authorization will not work. VSAs take precedence over standard RADIUS
attributes.
Configuring a RADIUS server on UNIX® with shadow passwords.
If UNIX shadow password files are used (/etc/passwd) with the RADIUS dictionary files, the following two
methods can be used to authenticate users:
• If all UNIX users have administrative privileges, add the following to the RADIUS “user” file. To allow
only Device Users, change the APC-Service-Type to Device.
DEFAULT Auth-Type = System
APC-Service-Type = Admin
• Add user names and attributes to the RADIUS “user” file, and verify the password against /etc/passwd.
The following example is for users bconners and thawk:
bconners Auth-Type = System
APC-Service-Type = Admin
thawk Auth-Type = System
APC-Service-Type = Device
Supported RADIUS servers.
FreeRADIUS v1.x and v2.x, and Microsoft Server 2008 and 2012 Network policy Server (NPS) are supported.
Other commonly available RADIUS applications may work, but may not have been fully tested.

TACACS+ screen
Path: Configuration > Security > Remote Users > TACACS+
You can use a TACACS+ server to authenticate remote users. Use this option to do the following:
• List the TACACS+ servers (a maximum of two) available to the NMC and the time-out period for each.
• Configure the authentication parameters for a new or existing TACACS+ server by clicking on a
TACACS+ Server link.

TACACS+ Setting Description

TACACS+ Server The server name or IP address of the primary or secondary TACACS+ server.
The port number of the primary or secondary TACACS+ server.
Port NOTE: TACACS+ servers use port 49 by default to authenticate users. The
NMC supports ports 1 to 65535.
Secret The shared secret between the TACACS+ server and the NMC.
The time in seconds that the NMC waits for a response from the TACACS+
Reply Timeout
server.
Enter the Administrator user name and password in order to test the TACACS+
Test Settings
server path that you have configured.
Skip Test and
Do not test the TACACS+ server path.
Apply

See also Remote Users authentication above and Configuring the TACACS+ Server below.

Network Management Card 3 User Guide 51

There are two global TACACS+ options that are applicable to all servers:

TACACS+ Setting Description

Specify a value between 0 and 15. If an authorized user's privilege level (priv-lvl
Read-Only User authorization argument) is greater than or equal to the specified value, and less than
Privilege Level the Administrator Privilege Level, then the user will be granted read-only access.
This value must be less than the Administrator Privilege Level.
Specify a value between 0 and 15. If an authorized user's privilege level (priv-lvl
Administrator authorization argument) is greater than or equal to this then the user will be granted
Privilege Level administrator access. This value must be greater than the Read-Only User Privilege
Level.

Configuring the TACACS+ Server

Summary of the configuration procedure.
You must configure your TACACS+ server to work with the NMC.

See more information on configuring the TACACS+ server in the Security Handbook.

Firewall screens
Path: Configuration > Security > Firewall > Configuration
Enable or disable the firewall functionality. The configured policy is listed by default. Select the Enable check
box to enable the firewall. The check box is un-checked by default.
• Click Apply to confirm a firewall policy you have selected to enable. The Firewall Confirmation page
will open.
– The Confirmation page contains a recommendation to test the firewall before enabling. It is not
mandatory.
– The first hyperlink goes to the Firewall Policy page.
– The second hyperlink goes to the Firewall Test page.
– Click on Apply to enable the firewall and return to the Configuration page.
– Click on Cancel to return to the Configuration page without enabling the Firewall.
• Click Cancel: No new selection will be enabled. You stay on the Configuration page.

Path: Configuration > Security > Firewall > Active Policy

Select an active policy from the Available Policies drop-down list, and view the validity of that policy. The
current active policy is displayed by default; you can select another from the list.
• Click Apply to enable your changes. If a different firewall was selected and enabled, the change is
effective immediately. If a newly configured firewall policy has been selected, it is recommended that
you test the new firewall before enabling it. (See Configuration above.)
• Click Cancel to restore the original active policy and stay on the Active Policy page.

Path: Configuration > Security > Firewall > Active Rules

Network Management Card 3 User Guide 52

When a firewall is enabled, this read-only page lists the individual rules that are being enforced by a current
active policy. See the Create/Edit Policy section for descriptions of the fields (Priority, Destination, Source,
Protocol, Action, and Log).
Path: Configuration > Security > Firewall > Create/Edit Policy
Create a new policy; delete or edit an existing policy:
NOTE: While deleting an active enabled firewall policy cannot be done, editing a running policy can be done
but is not recommended as changes are applied immediately. Instead, disable the firewall, edit the policy, test
it, and then re-enable the policy.
Create a new policy: Click Add Policy, and type in the file name for the new firewall file. The filename should
have a .fwl file extension. If left without a file extension, .fwl will be appended to the name automatically.
• Click Apply: If the filename is legal, the empty file firewall policy file will be created. It will be located in
the /fwl folder with the other policies on the system.
• Click Cancel to return to the previous page without creating a new firewall file.
Edit an existing policy:
Select Edit Policy to go to the edit page. You can edit an firewall policy which is not active.
Warning page: If you attempt to edit the active enabled policy, a warning page will open:
“Editing the active firewall policy will cause all changes made to be applied immediately. It is
recommended to disable the firewall and test the policy before enabling it.”
– Click Apply to leave the Warning page and return to the Edit Policy page.
– Click Cancel to leave the Warning page and return to the Create/Edit Policy page.

1. Select the policy you want to edit from the Policy Name drop-down list, and click Edit Policy.
2. Click Add Rule or select the Priority of an existing rule to go to the Edit Rule page. From this page,
you can change the rule settings or delete the selected rule.
Setting Description

If 2 rules conflict, the rule with the higher priority will determine what happens.
Priority
The highest priority is 1; the lowest is 250.
host: In the IP/any field, you will enter a single IP address.
Type subnet: In the IP/any field, you will enter a subnet address.
range: In the IP/any field, you will enter a range of IP addresses.
Specify the IP address or range of addresses this rule applies to, or select one
of the following:
IP/any • any: The rule applies regardless of the IP address.
• anyipv4:The rule applies for any IPv4 address.
• anyipv6:The rule applies for any IPv6 address.
Specify a port the rule will apply to.
• None: The rule will apply to any port.
Port
• Common Configured ports: Select a standard port.
• Other: Specify a non-standard port number.

Network Management Card 3 User Guide 53

 Setting Description

Specify which protocol the rule applies to.

• any: any protocol.
• tcp: used for reliable information transfer between applications.
Protocol • udp: alternative to TCP using for faster, lower bandwidth information
transfer. Though it has fewer delays, UDP is less reliable than TCP.
• icmp: used to report errors for troubleshooting.
• icmpv6: used to report errors for troubleshooting on applications using
IPv6.
allow: Allow the packet that matches this rule.
Action
discard: Discard the packet that matches this rule.
If this rule applied to a packet, regardless of whether the packet is blocked or
Log allowed, this will add an entry to the Firewall Log. For more information, see
Firewall Log.

It is recommended that you add one of the following as the lowest priority rule in your firewall policy:
• To use the firewall as an allowlist, add
priority 250, destination host any, source host any, protocol any, action
discard
• To use the firewall as a blocklist, add
priority 250, destination host any, source host any, protocol any, action
allow

Delete a policy:
Select Delete Policy to open the Confirm Deletion page.
Click Apply to confirm, and the selected firewall file is removed from the file system.

Path: Configuration > Security > Firewall > Load Policy

Upload a policy (with the .fwl suffix) from a source external to this device.

Path: Configuration > Security > Firewall > Test

Temporarily enforce the rules of a chosen policy for a time that you specify.

802.1X Security Configuration

Path: Configuration > Security > 802.1X Security
The NMC takes the role of a supplicant in an EAPoL (Extensible Authentication Protocol over LAN)
architecture used in IEEE 802.1X port-based network access control. The NMC supports the EAP-TLS
authentication method.

Network Management Card 3 User Guide 54

EAP-TLS performs mutual authentication in a TLS handshake so that the network can authenticate the NMC,
and the NMC can authenticate the network. The NMC must have installed an end-entity certificate and its
associated private key. This certificate is passed to the authenticator during the handshake. The
authenticator's certificate is also passed to the NMC during the handshake. In order for the NMC to verify this
certificate, it must also have installed the certificate for the CA that signed this certificate (or the root CA if a
chain of trust is used). These certificates must be installed to the NMC's certificate store using the certificate
loader. See SSL Certificates.

The Web UI offers the following options for EAPoL configuration:

Setting Description

Enables IEEE 802.1X authentication (EAPoL) using the EAP-TLS

authentication method.
EAPoL Access
NOTE: 802.1X security access is disabled by default. You can only enable
access when a valid client certificate has been installed. See SSL Certificates.
The identity of the EAP Supplicant to send to the authenticator (up to 32
Supplicant characters including whitespace).
Identifier NOTE: By default, the supplicant identifier is set to “NMC-Supplicant-xx:
xx:xx:xx:xx:xx” where six octets of “xx” are the MAC ID of the NMC.
The NMC's client certificate to use in the EAP-TLS authentication handshake.
Client Certificate A list of installed end-entity certificates is provided and one must be chosen.
Client certificates can be installed on the SSL Certificates page.

SSL Certificates
Path: Configuration > Security > SSL Certificates
The NMC supports TLS (Transport Layer Security) and SSL (Secure Sockets Layer) which provide
a layer of security on top of TCP by adding authentication and encryption to the connection. To support TLS/
SSL connections, the NMC provides a certificate store to which both X.509 certificates and private keys can be
uploaded. Both CA (Certificate Authority) certificates and end entity certificates may be uploaded.
A list of all installed certificates is displayed on this page. Clicking on a certificate’s common name navigates to
a certificate details page. The details page provides additional information about the certificate and allows for
the file containing it to be uninstalled.

Upload CA Certificate

Setting Description

Provide the CA certificate. The supported file formats are PEM and DER encoded
Certificate File X.509. The file extension should be .crt, .cer, .pem, or .der.
PEM files may contain a list of any number of CA certificates.

Network Management Card 3 User Guide 55

 Upload Local Device Certificate

Setting Description

Provide the end entity certificate. The supported file formats are PEM and DER
encoded X.509. The file extension should be .crt, .cer, .pem, or .der. PEM files may
Certificate File contain a certificate chain where the first certificate is the end entity certificate. The
following certificates must be for intermediate CAs where each certificate directly
certifies the one preceding.
Provide the private key for the end entity certificate. The file can be encrypted or
unencrypted and must be PEM or DER encoded with PKCS#8 format. The file
Private Key File
extension must be .p8, .key, .pem, or .der. NOTE: All private keys are encrypted by the
NMC prior to storage.

Private Key Provide the passphrase to decrypt the encrypted private key. Allows up to 64
characters including whitespace. If the private key file is not encrypted, this field must
Passphrase be left blank.

Network Management Card 3 User Guide 56

Configuring your Settings: 2
With the Configuration menu options, you can set fundamental operational values for your UPS and NMC.
See the sections below and also Configuring your Settings: 1.
• Network on Configuration menu
• Notification menu
• General menu
• Logs on Configuration menu
NOTE: You can view some of your configuration settings via the Configuration Summary screen
(Configuration > Network > Summary).

Network on Configuration menu

TCP/IP settings for IPv4 screen
Path: Configuration > Network > TCP/IP > IPv4 Settings
This option displays any current IPv4 address, subnet mask, default gateway, MAC address, and boot mode of
the Network Management Card 3 (NMC). Use the lower part of the screen to configure those settings,
including disabling IPv4.

For information on DHCP and DHCP options, see RFC2131 and RFC2132.

Option Description

Manual Specify your IPv4 address, subnet mask, default gateway here.
At 32-second intervals, the device requests network assignment from any BOOTP
server:
• If it receives a valid response, it starts the network services.
• If previously configured network settings exist, and it receives no valid response to
BOOTP* five requests (the original and four retries), by default it uses those previously
configured settings. This ensure that it remains accessible if a BOOTP server is no
longer available.
• If it finds a BOOTP server, but the request to that server does not work or times out,
the device stops requesting network settings until it is restarted.
At 32-second intervals, the device requests network assignment from any DHCP
server:
• If a DHCP server is found, but the request to that server does not work or times out,
DHCP* it stops requesting network settings until it is restarted.
• Optionally, you can set up the device with Require vendor specific cookie to
accept DHCP Address in order to accept the lease and start the network services.
See DHCP response options.

*Vendor Class: APC

Client ID: The MAC address of the device. If you change this value, the new value must be unique on the LAN.
User Class: The name of the application firmware module, see NMC Firmware Upgrades.

Network Management Card 3 User Guide 57

TCP/IP settings for IPv6 screen
Path: Configuration > Network > TCP/IP > IPv6 Settings
This option displays any current IPv6 settings of the Network Management Card 3 (NMC). Use the lower part
of the screen to configure those settings, including disabling IPv6.
You have a choice of using manual or automated IP addressing. It is possible to use them both concurrently.
For Manual, select the check box and then enter the System IP v6 address and the Default Gateway.
Select the Auto Configuration check box to enable the system to obtain addressing prefixes from the router
(if available). It will use those prefixes to automatically configure IPv6 addresses.

IPv6 Possible Formats Description

fe80:0000:0000:0000:0204:61ff:fe9d:f156 full form of IPv6

fe80:0:0:0:204:61ff:fe9d:f156 drop leading zeroes

fe80::204:61ff:fe9d:f156 collapse multiple zeroes to :: in the IPv6 address

fe80:0000:0000:0000:0204:61ff:254.157.241.86 IPv4 dotted quad at the end

fe80:0:0:0:0204:61ff:254.157.241.86 drop leading zeroes, IPv4 dotted quad at the end

fe80::204:61ff:254.157.241.86 dotted quad at the end, multiple zeroes collapsed

::1 localhost

fe80:: link-local prefix

2001:: global unicast prefix

For DHCPv6 Mode, see the table below.

DHCPv6 Mode for IPv6 Configuration

Option Description

When this radio box is selected, DHCPv6 is controlled by the

M (Managed Address Configuration Flag) and O (Other Stateful Configuration Flag)
flags received in IPv6 Router Advertisements.
When a router advertisement is received, the NMC checks whether the M and O flags
are set. The NMC interprets them as follows:
• Neither is set: Indicates that the local network has no DHCPv6 infrastructure. The
NMC uses Router Advertisements and manual configuration to get non-link-local
addresses and other settings.
Router • M, or M and O are set: In this situation, full DHCPv6 address configuration occurs.
Controlled DHCPv6 is used to obtain addresses AND other configuration settings. This is
known as “DHCPv6 stateful”.
Once the M flag has been received, the DHCPv6 address configuration stays in
effect until the interface in question has been closed, even if subsequent Router
Advertisement packets are received in which the M flag is not set.
If an O flag is received first, then an M flag is received subsequently, the NMC
performs full address configuration upon receipt of the M flag.
• Only O is set: In this situation, the NMC sends a DHCPv6 Info-Request packet.
DHCPv6 is used to configure “other” settings (such as location of DNS servers), but
NOT to provide addresses. This is known as “DHCPv6 stateless”.

Network Management Card 3 User Guide 58

 DHCPv6 Mode for IPv6 Configuration

Option Description

Address and
DHCPv6 is used to obtain addresses AND other configuration settings. This is known
Other
as “DHCPv6 stateful”.
Information
Non-Address DHCPv6 is used to configure “other” settings (such as location of DNS servers), but
Information Only NOT to provide addresses. This is known as “DHCPv6 stateless”.
Never DHCPv6 is NOT used for any configuration settings.

DHCP response options

Each valid DHCP response contains options that provide the TCP/IP settings that the NMC needs in order to
operate on a network. Each response also has other information that affects the operation of the NMC. See
also Knowledge Base article FA156110.
Vendor Specific Information (option 43). The NMC uses this option in a DHCP response to determine
whether the DHCP response is valid. This option contains an option in a TAG/LEN/DATA format, called the
APC Cookie. This is disabled by default.
• APC Cookie. Tag 1, Len 4, Data “1APC”
Option 43 communicates to the NMC that a DHCP server is configured to service devices.
The following, in hexadecimal format, is an example of a Vendor Specific Information option that
contains the APC cookie:
Option 43 = 0x01 0x04 0x31 0x41 0x50 0x43
TCP/IP options. The NMC uses the following options within a valid DHCP response to define its TCP/IP
settings. All of these options except the first are described at RFC2132.
• IP Address (from the yiaddr field of the DHCP response, described in RFC2131): The IP address that
the DHCP server is leasing to the NMC.
• Subnet Mask (option 1): The Subnet Mask value that the NMC needs to operate on the network.
• Router, i.e., Default Gateway (option 3): The default gateway address that the NMC needs to operate
on the network.
• IP Address Lease Time (option 51): The time duration for the lease of the IP Address to the NMC.
• Renewal Time, T1 (option 58): The time that the NMC must wait after an IP address lease is assigned
before it can request a renewal of that lease.
• Rebinding Time, T2 (option 59): The time that the NMC must wait after an IP address lease is
assigned before it can seek to rebind that lease.
Other options. The NMC also uses these options within a valid DHCP response. All of these options except
the last two are described in RFC2132.
• Network Time Protocol Servers (option 42): Up to two NTP servers (primary and secondary) that the
NMC can use.
• Time Offset (option 2): The offset of the NMC's subnet, in seconds, from Coordinated Universal Time
(UTC).
• Domain Name Server (option 6): Up to two Domain Name System (DNS) servers (primary and
secondary) that the NMC can use.
• Host Name (option 12): The host name that the NMC will use (32-character maximum length).

Network Management Card 3 User Guide 59

 • Domain Name (option 15): The domain name that the NMC will use (64-character maximum length).
• Boot File Name (from the file field of the DHCP response, described in RFC2131): The fully qualified
directory-path to a user configuration file (.ini file) to download. The siaddr field of the DHCP response
specifies the IP address of the server from which the NMC will download the .ini file. After the
download, the NMC uses the .ini file as a boot file to reconfigure its settings.
• Fully Qualified Domain Name (FQDN, option 81): The fully qualified domain name of the NMC.

Port Speed screen

Path: Configuration > Network > Port Speed
The Port Speed setting defines the communication speed of the Ethernet network port. Your current setting is
displayed in Current Speed.
You can change the setting by choosing a radio button under Port Speed:
• For Auto-negotiation (the default), network devices negotiate to transmit at the highest possible
speed, but if the supported speeds of two devices are not matched, the slower speed is used.
• Alternatively, you can choose 10 Mbps or 100 Mbps, each with the option of:
– half-duplex (communication in only one direction at a time) or
– full-duplex (communication in both directions on the same channel simultaneously).
NOTE: You can only change the Port Speed to 1000 Mbps by choosing the Auto-negotiation radio button.

DNS screen
Path: Configuration > Network > DNS > Configuration
The values under Domain Name System Status list your current status and setup.
Use the options under Manual Domain Name System Settings to configure the Domain Name System
(DNS):
• Enabling the Override Manual DNS Settings means that configuration data from other sources like
DHCP take precedence over the manual configurations here.
• Specify the Primary DNS Server and, optionally, the Secondary DNS Server with IPv4 or IPv6
addresses. For the NMC to send e-mail, you must at least define the IP address of the primary DNS
server.
– The NMC waits up to 15 seconds for a response from the primary DNS server or the secondary
DNS server. If the NMC does not receive a response within that time, e-mail cannot be sent. Use
DNS servers on the same segment as the NMC or on a nearby segment, but not across a wide-
area network (WAN).
– After you define the IP addresses of the DNS servers, test it, see Testing DNS screen.
• System Name Synchronization: Enabling this synchronizes the DNS hostname with the NMC
System Name. Click on the System Name link to define it.
If the DNS hostname and the NMC System Name are synchronized, the System Name is
limited to a certain number of characters, based on DNS RFC. If they are not synchronized,
the system name is limited to 255 characters.

• Host Name: After you configure a host name here and a domain name in the Domain Name field,
users can enter a host name in any field in the NMC interface (except e-mail addresses) that accepts a
domain name.

Network Management Card 3 User Guide 60

 • Domain Name (IPv4/IPv6): For the NMC interface, you only need to configure the domain name here.
In all other fields in this UI — except e-mail addresses — that accept domain names, the NMC defaults
to adding this domain name when only a host name is entered.
– To override the expansion of a specified host name by the addition of a domain name, set this
domain name field to its default, somedomain.com or to 0.0.0.0.
– To override the expansion of a specific host name entry (for example, when defining a trap
receiver), include a trailing period. The NMC recognizes a host name with a trailing period (such
as mySnmpServer.) as if it were a fully-qualified domain name and does not append the domain
name.
• Domain Name (IPv6): Specify the IPv6 domain name here.

Testing DNS screen

Path: Configuration > Network > DNS > Test
Use this option to send a DNS query that tests the setup of your DNS servers by looking up the IP address.
See DNS screen above on how to set up your servers.
View the result of a test in the Last Query Response field.
• At Query Type, select the method to use for the DNS query, see table below.
• At Query Question, specify the value to be used for the selected query type as explained in the table.

Query Type Selected Query Question to Use

by Host The host name, the URL

The fully-qualified domain name,
by FQDN
my_server.my_domain.com
by IP The IP address of the server.
by MX The Mail Exchange address.

Web access screen

Path: Configuration > Network > Web > Access
Use this option to configure the access method for the Web interface. (In order to activate any changes here,
you must reboot the NMC. See Network on Control menu).
You can enable access to this UI through either HTTP or HTTPS or through both, by using the Enable check
boxes. HTTP is disabled by default, and HTTPS is enabled by default. HTTPS encrypts user names,
passwords, and data during transmission; HTTP does not.
HTTPS also authenticates the NMC by digital certificate. See Creating and Installing Digital Certificates in
the Security Handbook to see how to use digital certificates.
For the ports, you can change the setting to any unused port for additional security; the range is 5000–32768.
You must then use a colon (:) in the address field of the browser to specify the port number. For example, for a
port number of 5000 and an IP address of 152.214.12.114:
http(s)://152.214.12.114:5000
Specify the minimum protocol used to secure the communication between the browser and the NMC: TLS
v1.1, TLS v1.2, or TLS v1.3.

Network Management Card 3 User Guide 61

You can enable using a session cookie for authentication tracking within the browser by using the Require
Authentication Cookie Enable check box. NOTE: The cookie will be removed when the session ends.

Select whether or not to display a read-only, public web page with basic device status using the Limited
Status Access check boxes. This feature is disabled by default and can be set via the Use as default page
option to show as the default landing page when a user accesses the device with just the IP/hostname.

Web SSL Certificate screen

Path: Configuration > Network > Web > SSL Certificate
Add, replace, or remove a security certificate. SSL (Secure Socket Layer) is a protocol used to encrypt data
between your browser and the web server.
The Status can be:
• Valid certificate: A valid certificate was installed or was generated by the NMC. Click on this link to
view the contents of the certificate.
• Certificate not installed: A certificate is not installed or was installed by FTP or SCP to an incorrect
location. Using Add or Replace Certificate File installs the certificate to the correct location: /ssl on
the NMC.
• Generating: The NMC is generating a certificate because no valid certificate was found.
• Loading: A certificate is being activated on the NMC.
If you install an invalid certificate, or if no certificate is loaded while SSL is enabled, the NMC
generates a default certificate, a process which delays access to the interface for up to one minute.
You can use the default certificate for basic encryption-based security, but a security alert message
displays whenever you log on.
Add or Replace Certificate File: Browse to the certificate file created with the Security Wizard. See Creating
and Installing Digital Certificates in the Security Handbook to see how to use digital certificates created by
the Security Wizard or generated by the NMC.
Remove: Delete the certificate. See screen text also.

Console screen
Path: Configuration > Network > Console > Access

Path: Configuration > Network > Console > SSH Host Key

Console access. You need to enable console access in order to update your UPS firmware, see Firmware
Update screens. Console access enables use of the command line interface (CLI).
You can enable access to the CLI through either Telnet or SSH or through both, by using the Enable check
boxes. Telnet is disabled by default, and SSH is enabled by default. Telnet does not encrypt user names,
passwords, and data during transmission whereas SSH does.
NOTE: If you enable SSH, SCP (SeCure CoPy) is also enabled, for secure file transfer. See NMC Firmware
Upgrades for more information on the use of SCP.

Network Management Card 3 User Guide 62

For the ports to be used to communicate with the NMC, you can change the setting to any unused port from
5000 to 32768 for additional security.
• Telnet Port: This is 23 by default. You must then use a colon (:) or a space to specify the non-default
port, as required by your Telnet client program.
For example, for port 5000 and an IP address of 152.214.12.114, your Telnet client requires one of the
these commands:
telnet 152.214.12.114:5000 or telnet 152.214.12.114 5000
• SSH Port: This is 22 by default. See the documentation for your SSH client for the command line
format required to specify a non-default port. See also SSH Host Key below.
SSH Host Key. If you’re using SSH (Secure Shell Protocol) for console (CLI) access, you can add, replace,
or remove the host key on the SSL Host Key screen.
Status indicates whether the host key (private key) is valid. The Status can be:
• SSH Disabled: No host key in use.
• Generating: The NMC is creating a host key because no valid host key was found.
• Loading: A host key is being activated on the NMC.
• Valid: One of the following valid host keys is in the /ssh directory (the required location on the Network
Management Card):
– A 1024-bit or 2048-bit host key created by the Security Wizard
– A 2048-bit RSA host key generated by the Network Management Card
Add or Replace Host Key: Upload a host key file created by the Security Wizard. To use the Security Wizard,
see the Security Handbook. To use an externally created host key, load the host key before you enable SSH
(with Console access above).
NOTE: To reduce the time required to enable SSH, create and upload a host key in advance. If you enable
SSH with no host key loaded, the NMC takes up to one minute to create a host key, and the SSH server is not
accessible during that time.
Remove: Delete the host key. See screen text also.
To use SSH, you must have an SSH client installed. Most Linux and other UNIX platforms include
an SSH client, but Microsoft Windows operating systems do not (except Windows 10). Clients for
Windows are available from various vendors, such as PuTTY which is available from
www.putty.org.

SNMP screens
All user names, passwords, and community names for SNMPv1 are transferred over the network as plain text.
If your network requires the high security of encryption, disable SNMPv1 access or set the access for each
community to Read. (A community with Read access can receive status information and use SNMPv1 traps.)
When using EcoStruxure™ IT or Data Center Expert to manage a UPS on the public network of an
EcoStruxure system, you must have SNMPv1 or SNMPv3 enabled in the NMC interface. Read access will
allow the EcoStruxure device to receive traps from the NMC, but Write access is required while you use the
NMC user interface to set the EcoStruxure device as a trap receiver.
For detailed information on enhancing and managing the security of your system, see the Security
Handbook.

Network Management Card 3 User Guide 63

SNMPv1.
Path: Configuration > Network > SNMPv1 > Access and Access control
Use Access to enable or disable SNMP version 1 as a method of communication with the NMC.

SNMPv1 is disabled by default. The Community Name must be set before SNMPv1
communications can be established.

Use of SNMPv2c is supported by the SNMPv1 options.

Access Control. You can configure up to four access control entries to specify which Network Management
Systems (NMSs) have access to the NMC. To edit, click a community name.
By default one entry is assigned to each of the four available SNMPv1 communities. You can edit these
settings to apply more than one entry to any one community to grant access by several specific IPv4 and IPv6
addresses, host names, or IP address masks.
• By default, a community has access to the NMC from any location on the network.
• If you configure multiple access control entries for any one community name, it means that one or more
of the other communities have no access to the device.
Community Name: The name that a Network Management Station (NMS) must use to access the community.
The maximum length is 16 ASCII characters.
NMS IP/Host Name: The IPv4 or IPv6 address, IP address mask, or host name that controls access by NMSs.
A host name or a specific IP address (for example, 149.225.12.1) allows access only by the NMS at that
location. IP addresses that contain 255 restrict access as follows:
• 149.225.12.255: Access only by an NMS on the 149.225.12 segment.
• 149.225.255.255: Access only by an NMS on the 149.225 segment.
• 149.255.255.255: Access only by an NMS on the 149 segment.
• 0.0.0.0 (the default setting) which can also be expressed as 255.255.255.255: Access by any NMS on
any segment.
Access Type: The actions an NMS can perform through the community.
• Read: GETS only, at any time
• Write: GETS at any time, and SETS when no user is logged onto the UI or command line interface.
• Write+: GETS and SETS at any time.
• Disable: No GETS or SETS at any time.

Network Management Card 3 User Guide 64

SNMPv3.
Path: Configuration > Network > SNMPv3 > Access, User Profiles, and Access Control
For GETs, SETs, and trap receivers, SNMPv3 uses a system of user profiles to identify users. An SNMPv3
user must have a user profile assigned in the MIB software program to perform GETs and SETs, to browse the
MIB, and to receive traps.
SNMPv3 is disabled by default. A valid user profile must be enabled with passphrases
(Authentication Passphrase, Privacy Passphrase) set before SNMPv3 communications can be
established.
To use SNMPv3, you must have a MIB program that supports SNMPv3.
The NMC supports SHA-256, SHA or MD5 authentication and AES-256, AES or DES encryption.

Enable SNMPv3 access under access enables this method of communication with this device.
User Profiles. By default, lists the settings of four user profiles, configured with the user names apc snmp
profile1 through apc snmp profile4, with no authentication and no privacy (no encryption). To edit the
following settings for a user profile, click a user name in the list.
• User Name: The identifier of the user profile. SNMP version 3 maps GETs, SETs, and traps to a user
profile by matching the user name of the profile to the user name in the data packet being transmitted.
A user name can have up to 32 ASCII characters.
• Authentication Passphrase: A phrase of 8 to 32 ASCII characters that verifies that the NMS
communicating with this device through SNMPv3 is the NMS it claims to be.
It also verifies that the message has not been changed during transmission, and that the message was
communicated in a timely manner. This indicates that it was not delayed and that it was not copied and
sent again later at an inappropriate time.
• Privacy Passphrase: A phrase of 8 to 32 ASCII characters that ensures the privacy of the data that an
NMS is sending to or receiving from this device through SNMPv3, by using encryption.
• Authentication Protocol: The implementation of SNMPv3 supports SHA-256, SHA and MD5
authentication. One of these must be selected.
• Privacy Protocol: The implementation of SNMPv3 supports AES-256, AES and DES as the protocols
for encrypting and decrypting data. You must use both a privacy protocol and a privacy password,
otherwise the SNMP request is not encrypted.
In turn, you cannot select the privacy protocol if no authentication protocol is selected.
Access Control. You can configure up to four access control entries to specify which Network Management
Systems (NMSs) have access to the NMC. To edit, click a user name.
By default one entry is assigned to each of the four user profiles. You can edit these settings to apply more
than one entry to any one user profile to grant access by several specific IP addresses, host names, or IP
address masks.
• By default, all NMSs that use that profile have access to this device.
• If you configure multiple access control entries for one user profile, it means that one or more of the
other user profiles must have no access to this device.
User Name: From the drop-down list, select the user profile to which this access control entry will apply. The
choices available are the four user names that you configure through the User Profiles option.

Network Management Card 3 User Guide 65

NMS IP/Host Name: The IP address, IP address mask, or host name that controls access by the NMS. A host
name or a specific IP address (for example, 149.225.12.1) allows access only by the NMS at that location. An
IP address mask that contains 255 restricts access as follows:
• 149.225.12.255: Access only by an NMS on the 149.225.12 segment.
• 149.225.255.255: Access only by an NMS on the 149.225 segment.
• 149.255.255.255: Access only by an NMS on the 149 segment.
• 0.0.0.0 (the default setting) which can also be expressed as 255.255.255.255: Access by any NMS on
any segment.

Modbus screens

UPS devices with the SRTL/SRYLF prefix with an embedded NMC do not support Modbus.

Use the Modbus options to configure your NMC to use the Modbus protocol, to connect to a Building
Management System (BMS). The AP9640 NMC card supports Modbus TCP, and the AP9641 and AP9643
NMC cards support Modbus serial in addition to Modbus TCP.
For more information on the Modbus implementation on your UPS, see the Modbus
Documentation Addendum and Modbus Register Maps on the APC website.
For more information on Switched Outlet Group Management with Modbus for Smart-UPS models
with prefix SMT, SMX, SURTD, SRC and SRT, see Application Note # 177.

NOTE: Temperature and humidity sensors attached to the UIO port(s) of the AP9641 and AP9643
NMCs are not supported via Modbus.

Modbus Serial (AP9641 and AP9643 only).

Path: Configuration > Network > Modbus > Serial
1. Use Access to enable or disable Modbus Serial as a method of communication with the NMC.
2. Set the connection parameters for the Modbus Serial connection:
– Baud Rate supports 2400, 9600 (default), 19200, 38400, 57600, or 115200.
– Parity Bit is the check bit and can be set to Even, Odd or None.
– Target Unique ID is the unique ID of the target device. It can be set to a value between 1 and
247.
3. Click Apply to save your changes.

Modbus TCP.
Path: Configuration > Network > Modbus > TCP
1. Use Access to enable or disable Modbus TCP as a method of communication with the NMC.
2. Set the Port number for the TCP connection. It can be set to 502 (default) or to a value between 5000
and 32768.
3. Click Apply to save your changes.

Network Management Card 3 User Guide 66

BACnet screen

UPS devices with the SRTL/SRYLF prefix with an embedded NMC do not support BACnet.

Use the BACnet options to configure your NMC to use the BACnet protocol, and to make UPS data available to
building automation and control networks.
For more information on the UPS data points made available via BACnet, see the BACnet
Application Maps on the APC website.

BACnet Configuration

Option Description

Select the check box to enable BACnet. If this is not enabled, the NMC cannot be
accessed via BACnet. BACnet is disabled by default.
Access
NOTE: BACnet cannot be enabled until the Device Communication Control
Password is set.
A unique identifier for this BACnet device, used for addressing the device. Acceptable
Device ID
range: 0–4194303.
A name for this BACnet device, which must be unique on the BACnet network. The
default device name is “BACn”+ the last eight digits of the NMC MAC address. The
Device Name
minimum length is 1, the maximum length is 150 characters, and special characters
are permitted.

Network Select the protocol to be used:

Protocol • BACnet/IP
The number of milliseconds the NMC will wait for a response to a BACnet request.
APDU Timeout
Acceptable range: 1000-30000. The default value is 6000.
The number of BACnet requests attempts that the NMC will make before aborting the
APDU Retries
request. Acceptable range: 1–10. The default value is 3.
The Device Communication Control service is used by a BACnet client to instruct a
remote device (e.g. a BACnet-enabled NMC) to stop initiating, or stop responding to all
APDUs (except the Device Communication Control service) for a specified duration of
Device time. This service can be used for diagnostic purposes.
Communication
Specify the Device Communication Control password to ensure that a BACnet client
Control
cannot control the BACnet communication of an NMC without first providing the
Password
password set here. The password is required to be between 8 and 20 characters.
It is recommended to update the password when you first enable BACnet. You do not
need to know the current password to update the password.

Network Management Card 3 User Guide 67

BACnet/IP

Option Description

The UDP/IP port the NMC uses to send and receive BACnet/IP messages.
Acceptable range: 5000–65535. Default: 47808.
Local Port
NOTE: The address of a BACnet/IP-enabled NMC is defined as the IP address
of the NMC and the local port.
Select the check box to register the NMC with a BACnet broadcast
management device (BBMD).
NOTE: You need to register your NMC as a foreign device with a BBMD if there
is no BBMD currently on the subnet of the NMC, or if the NMC uses a different
local port to the BBMD.

IP Router

BBMD A BBMD B

NMC V NMC X NMC Z

Port: 47808 Port: 47809 Port: 48100

Enable foreign
device registration NMC W NMC Y
Port: 47808 Port: 47809

Subnet 1 Subnet 2 Subnet 3

In the above example:

• BBMD A manages the broadcast messages to NMCs V and W.
• BBMD B manages the broadcast messages to NMCs X and Y.
• Only NMC Z needs to register with a BBMD A or B as a foreign device, as
there is no BBMD present on its subnet.
• Once registered, NMC Z can receive broadcast messages from the BBMD
with which it is registered, and can send messages to the BBMD, which
broadcasts them to all devices on its subnet, and to the other BBMDs on the
network via the IP router.
The status of the foreign device registration (FDR):
• Foreign device registration inactive
FDR will be inactive if:
– FDR is enabled and BACnet is disabled
– FDR is disabled and BACnet is enabled
– FDR is disabled and BACnet is disabled
• Registration successful
Status
FDR has completed successfully.
• Registration rejected
FDR has not completed successfully. The NMC will retry registration
automatically, but you can also toggle the Enable foreign device
registration check box to prompt the NMC to retry registration.
• Registration sent
The FDR request has been sent, but it has not yet completed.

Network Management Card 3 User Guide 68

 Option Description

BACnet/IP
The IP address or fully qualified domain name (FQDN) of the BACnet broadcast
Broadcast
management device with which this NMC card will be registered.
Management Device
Port The port of the BBMD with which this NMC card will be registered.
The number of seconds (Time To Live) that the BBMD will maintain the NMC as
a registered device. If the NMC does not re-register before this time expires, the
BBMD will delete it from its foreign-device table, and the NMC will no longer be
TTL
able to send and receive broadcast messages via the BBMD. The TTL controls
how frequently the NMC registers with the BBMD, as the NMC will attempt to
re-register before this time expires.

FTP Server screen

Path: Configuration > Network > FTP Server
Use this screen to enable access to an FTP server and to specify a port.

Option Description

FTP transmits files without encrypting them. By default, FTP is disabled.

For encrypted file transfer, use Secure CoPy (SCP). SCP (via SSH) is enabled by
default. However, it will not allow a file transfer until the Super User default password
Access
(apc) is changed.
For detailed information on enhancing and managing the security of your system, see
the Security Handbook.
The TCP/IP port of the FTP server (21 by default).
The FTP server uses both the specified port and the port one number lower. The
allowed non-default port numbers are indicated on the screen: 21, and 5001–32768.
Port NOTE: Configuring the FTP server to use a non-default port enhances security by
requiring users to append the port name to the IP address in an FTP command line.
The appended port name must be preceded by a space or colon depending on the
FTP client used.

Wi-Fi screen (AP9641, AP9643, and devices with an embedded NMC3 only)
Path: Configuration > Network > Wi-Fi
NOTE: This screen is relevant when the optional APC USB Wi-Fi Device (AP9834) is inserted in a
USB port of an AP9641/AP9643 card, or a UPS device with an embedded NMC.

Use this screen to view the current status of the Wi-Fi network, enable/disable Wi-Fi, and configure the Wi-Fi
network’s settings.
NOTE: Enabling/disabling Wi-Fi will disable/enable the wired LAN connection. The NMC 3 will
reboot when the Wi-Fi settings are configured. After the reboot, the wired network will be disabled
and the NMC 3 will attempt to connect to the given Network Name (SSID).
Network Name (SSID): Specify the network name (SSID) of the Wi-Fi network. The maximum length is 32
characters.

Network Management Card 3 User Guide 69

Security Type: Specify the security type of the Wi-Fi network and provide the authentication details:

Option Description

WPA
WPA2-AES Wi-Fi Password: Specify a password for the Wi-Fi network. The maximum length is 64
WPA2-Mixed characters.

WPA2-TKIP
• User Name: The user name for WPA2-Enterprise authentication. The
maximum length is 32 characters.
• Password: The password for WPA2-Enterprise authentication. The maximum
WPA2-
length is 32 characters.
Enterprise
• Outer Identity: Specify the WPA-2-Enterprise outer identity. This is an optional
unencrypted identification used by the WPA-2-Enterprise server. For example:
user@example.com or anonymous. The maximum length is 32 characters.

For information on how to upgrade the APC USB Wi-Fi Device’s (AP9834) firmware, see the wifi
command in the NMC 3 CLI Guide.
To troubleshoot the connection to the APC USB Wi-Fi Device (AP9834), and the Device’s LED
descriptions, see APC USB Wi-Fi Device (AP9834) Problems.

Notification menu
See these sections:
• Types of notification
• Configuring event actions
• E-mail notification screens
• SNMP Traps test screen
• SNMP Trap Receivers screen

Types of notification
You can configure notification actions to occur in response to an event. You can notify users of an event in any
of several ways:
• Active, automatic notification. The specified users or monitoring devices are contacted directly.
– E-mail notification
– SNMP traps
– Syslog notification
• Indirect notification
– Event log. If no direct notification is configured, users must check the log to determine which
events have occurred

You can also log system performance data to use for device monitoring. See Data log
for information on how to configure and use this data logging option.

Network Management Card 3 User Guide 70

 – Queries (SNMP GETs)
For more information, see SNMP Trap Receivers screen and SNMP Traps test
screen. SNMP enables an NMS to perform informational queries. For SNMPv1, which
does not encrypt data before transmission, configuring the most restrictive SNMP
access type (READ) enables informational queries without the risk of allowing remote
configuration changes.
The NMC supports the use of the RFC1628 MIB (Management Information Base). See SNMP Trap Receivers
screen for information on how you can set up a trap receiver. The 1628 MIB group of three events only work
with that MIB, not the alternative Powernet MIB. They can be configured like any event (see Configuring
event actions below).

Configuring event actions

Configuring by event.
Path: Configuration > Notification > Event Actions > By Event
By default, logging an event is selected for all events. To define event actions for an individual event:
1. Select the Configuration menu, then Notification, Event Actions, and By Event.
2. To find an event, click on a column heading to see the lists under the Power Events, Environment
Events, or System Events categories.
Or you can click on a sub-category under these headings like Input Line Status or Temperature.
3. Click on the event name to view or change the current configuration, such as recipients to be notified by
e-mail, or Network Management Systems (NMSs) to be notified by SNMP traps. See Notification
parameters. Click on the Event Log check box to enable or disable an event log entry for this event.

If no Syslog server is configured, items related to Syslog configuration are not displayed.

When viewing details of an event’s configuration, you can enable or disable event logging or
Syslog, or disable notification for specific e-mail recipients or trap receivers, but you cannot add or
remove recipients or receivers. To add or remove recipients or receivers, see the following:
• Identifying Syslog servers
• E-mail recipients
• Trap Receivers

Configuring by groups of events.

Path: Configuration > Notification > Event Actions > By Group

Network Management Card 3 User Guide 71

To configure a group of events simultaneously:
1. Select the Configuration menu, then Notification, Event Actions, and By Group.
2. Choose how to group events for configuration:
– Choose Grouped by severity, and then select one or more severity levels. You cannot change
the severity of an event.
– Choose Grouped by category, and then select all events in one or more pre-defined categories.
3. Click Next to move from screen to screen to do the following:
a. Select event actions for the group of events.
• To choose any action except Logging (the default), you must first have at least one
relevant recipient or receiver configured.
• If you choose Logging and have configured a Syslog server, select Event Log or Syslog
(or both) on the next screen. (See Logs on Configuration menu).
b. Select whether to leave the newly configured event action enabled for this group of events or to
disable the action.
See Notification parameters directly below.
Notification parameters. These configuration fields define the parameters for sending notifications of
events. See Configuring by event and Configuring by groups of events.
They are usually accessed by clicking the receiver or recipient name.

Field Description

If the event persists for the specified time (default is 0), the notification is sent.
Notification Delay
If the condition clears before the time expires, no notification is sent.
The notification is sent repeatedly at the specified interval (the default is every
Repeat Interval
2 minutes until the condition clears).
Number of Notifications
During an active event, the notification repeats for this number of times.
After Initial
or
Notify Until Condition Is
The notification is sent repeatedly until the condition clears or is resolved.
Cleared

For events that have an associated clearing event, you can also set these parameters. (An example of an
event with its clearing event is UPS: Lost communication with the battery packs and
UPS: Restored communication with the battery packs).

E-mail notification screens

Overview of setup. Use Simple Mail Transfer Protocol (SMTP) to send e-mail to up to four recipients when
an event occurs.
To use the e-mail feature, you must define the following settings:
• The IP addresses of the primary and, optionally, the secondary Domain Name System (DNS) servers.
(See DNS screen)
• The IP address or DNS name for the SMTP Server and From Address when “Server” is set to “Local”
for a least one e-mail recipient. See SMTP Server and E-mail recipients below.
• The e-mail addresses for a maximum of four recipients. (See E-mail recipients)

Network Management Card 3 User Guide 72

 You can use the To Address setting of the recipients option to send e-mail to a text-based
screen.

SMTP Server.
Path: Configuration > Notification > E-mail > Server
This screen lists your primary and secondary DNS server (see DNS screen) and then these fields:

Field Description

Outgoing Mail Configuration

From Address The address from which e-mail will be sent by the NMC.
SMTP Server The IPv4/IPv6 address or DNS name of the local SMTP server.
Authentication Enable this if your SMTP server requires authentication.
The SMTP port number, default is 25. Common ports are 25 for unencrypted e-mail, 465
Port and 587 for SSL/TLS encrypted e-mail. You can change the port setting to any port from 1
to 65535.
User Name/
Password/
If the SMTP server requires authentication, type your user name and password here.
Confirm
Password
Advanced
• Never: The SMTP server does not require/support encryption
• If supported: The SMTP server advertises support for STARTTLS but does not
require the connection to be encrypted. The STARTTLS command is sent after the
advertisement is given. This is typically used with port 25.
Use SSL/TLS
• Always: The SMTP server requires the STARTTLS command to be sent upon
connection to the server. This is typically used with port 587.
• Implicitly: The SMTP server only accepts connections that begin encrypted. No
STARTTLS message is sent to the server. This is typically used with port 465.

This should be enabled if the security policy of your organization does not allow for implicit
Require CA trust of SSL/TLS connections. If this is enabled, a valid CA certificate for the SMTP server
Root Certificate must be installed to the NMC's certificate store using the certificate loader in order for a TLS
connection with the SMTP server to succeed. See the SSL Certificates page.

E-mail recipients.
Path: Configuration > Notification > E-mail > Recipients
Specify up to four e-mail recipients. Click on a name to configure the settings. See also SMTP Server above.

Field Description

E-mail
Enables (default) or disables sending e-mail to the recipient.
Generation

Network Management Card 3 User Guide 73

 Field Description

The user and domain names of the recipient. To use e-mail for paging, use the e-mail
address for the recipient’s pager gateway account (for example,
myacct100@skytel.com). The pager gateway will generate the page.
To Address To bypass the DNS lookup of the mail server’s IP address, use the IP address in brackets
instead of the e-mail domain name, e.g., use jsmith@[xxx.xxx.x.xxx] instead of
jsmith@company.com. This is useful when DNS lookups are not working correctly.
NOTE: The recipient’s pager must be able to use text-based messaging.
The long format contains name, location, contact, IP address, serial number of the device,
Format date and time, event code, and event description. The short format provides only the event
description.
Chose a language from the drop-down list and any mails will be sent in that language. It is
Language
possible to use different languages for different users. See Changing UI Language.
Select one of the following methods for routing e-mail:
• Local: Through the site-local SMTP server. This recommended setting ensures that the
e-mail is sent using the site-local SMTP server. Choosing this setting limits delays and
network outages and retries sending e-mail for many hours.
When choosing the Local setting you must also enable forwarding at the SMTP server of
your device and set up a special external e-mail account to receive the forwarded e-mail.
Check with your SMTP server administrator before making these changes.
Server • Recipient: Through the recipient's SMTP server. The NMC performs an MX record look-
up on the recipients e-mail address and uses that as its SMTP server. The e-mail is only
sent once so it could easily be lost.
NOTE: When using this setting, the From Address will match the To Address,
authentication and encryption (TLS) will be disabled, and port 25 will be used.
• Custom: This setting enables each e-mail recipient to have its own server settings. When
selected, the server settings that follow are enabled. These settings are the same as
those described under SMTP Server above and are independent of them.

SNMP Trap Receivers screen

Trap Receivers.
Path: Configuration > Notification > SNMP Traps > Trap Receivers
With Simple Network Management Protocol (SNMP) traps, you can get automatically notified of significant
UPS events. They are a useful tool for monitoring devices on your network.
The trap receivers are displayed by NMS IP/Host Name, where NMS stands for Network Management
System. You can configure up to six trap receivers.
To configure a new trap receiver, click Add Trap Receiver. To edit (or delete) one, click its IP address/ host
name.
If you delete a trap receiver, all notification settings configured under Configuring event actions for the
deleted trap receiver are set to their default values.
Select either the SNMPv1 or SNMPv3 radio button to specify the trap type. For an NMS to receive both types
of traps, you must separately configure two trap receivers for that NMS, one for each trap type.

Network Management Card 3 User Guide 74

 Field Description

Trap Generation Enable (the default) or disable trap generation for this trap receiver.
Choose between these two MIB trap generation types for each trap
created.
The Powernet option is customized for Schneider Electric and contains
many additional variables relevant to the company’s products. The
Powernet MIB Trap
RFC1628 is the generic, standard Management Information Base (MIB)
Generation/
for UPS devices.
RFC1628
If you use the RFC1628 MIB, you can also use the three RFC1628 event
notifications (see Configuring event actions). They can be used to
avoid having to configure notification events outside the NMC
environment, see RFC1628 MIB.
The IPv4/ IPv6 address or host name of this trap receiver. The default,
NMS IP/Host Name
0.0.0.0, leaves the trap receiver undefined.
Chose a language from the drop-down list. This can differ from the UI
Language
and from other trap receivers.
Community Name: The name used as an identifier when SNMPv1 traps
are sent to this trap receiver.
SNMPv1 Authenticate Traps: When this option is enabled (the default), the NMS
identified by the NMS IP/Host Name setting will receive authentication
traps (traps generated by invalid attempts to log on to this device).
User Name: Select the identifier of the user profile for this trap receiver.
SNMPv3
See also User Profiles under SNMP screens.

SNMP Traps test screen

Path: Configuration > Notification > SNMP Traps > Test
Last Test Result: The result of the most recent SNMP trap test. A successful SNMP trap test verifies only that
a trap was sent; it does not verify that the trap was received by the selected trap receiver. A trap test succeeds
if all of the following are true:
• The SNMP version (SNMPv1 or SNMPv3) configured for the selected trap receiver is enabled on this
device.
• The trap receiver itself is enabled.
• If a host name is selected for the To address, that host name can be mapped to a valid IP address.
To: Select the IP address or host name to which a test SNMP trap will be sent. If no trap receiver is configured,
a link to the Trap Receiver configuration screen is displayed. See SNMP Trap Receivers screen above.

Network Management Card 3 User Guide 75

General menu
This menu deals with miscellaneous configuration items including device identification, date and time,
exporting and importing your NMC configuration options, the three links at the bottom left of the screen, and
consolidating data for troubleshooting purposes.

Identification screen
Path: Configuration > General > Identification
Define the Name (the NMC System Name, see DNS screen), the Location (the physical location), the
System Message (a custom defined message displayed at log on) and the Contact (the person responsible
for the device) used by:
• the SNMP agent of the NMC
• EcoStruxure™ IT or Data Center Expert
Specifically, the name field is used by the sysName, sysContact, and sysLocation object
identifiers (OIDs) in the NMC’s SNMP agent. For more information about MIB-II OIDs, see the
PowerNet® SNMP Management Information Base (MIB) Reference Guide, available on the APC
website.

Date/ Time screen

Mode.
Path: Configuration > General > Date/Time > Mode
Set the time and date used by the NMC. You can change the current settings manually or through a Network
Time Protocol (NTP) Server:
With both, you select the Time Zone. This is your local time difference with Coordinated Universal Time (UTC),
also known as Greenwich Mean Time (GMT).
• Manual Mode: Do one of the following:
– Enter the date and time for the NMC or
– mark the check box Apply Local Computer Time to read the date and time settings of the
computer you are using and apply those here.
• Synchronize with NTP Server: Have an NTP (Network Time Protocol) Server define the date and
time for the NMC.

By default, any NMC on the private side of EcoStruxure™ IT or Data Center Expert obtains its time
settings by using EcoStruxure™ IT or Data Center Expert as an NTP server.

Field Description

Override Manual NTP If you select this, data from other sources (typically DHCP) take
Settings precedence over the NTP configurations you set here.
Primary NTP Server Enter the IP address or domain name of the primary NTP server.
Secondary NTP Enter the IP address or domain name of the secondary NTP server,
Server when a secondary server is available.

Network Management Card 3 User Guide 76

 Field Description

Define, in hours, how often the NMC accesses the NTP Server for an
Update Interval
update. Minimum: 1; Maximum: 8760 (1 year).
Update Using NTP
Initiate an immediate update of the date and time by the NTP Server.
Now

Daylight saving.
Path: Configuration > General > Date /Time > Daylight Savings
Daylight Saving Time (DST) is disabled by default. You can enable traditional United States DST, or enable and
configure a customized daylight saving time to match how Daylight Saving Time is implemented in your local
area.
When customizing DST, the system puts the clock forward by an hour when the time and date you specify
under Start is reached and puts the clock back an hour when the time and date you specify under End is
reached.
• If your local DST always starts or ends on the fourth occurrence of a specific weekday of a month (e.g,
the fourth Sunday), choose Fourth/Last. If a fifth Sunday occurs in that month, you should still choose
Fourth/Last.
• If your local DST always starts or ends on the last occurrence of a specific weekday of a month,
whether it is the fourth or the fifth occurrence, choose Fifth/Last.

Creating and Importing settings with the config file

Path: Configuration > General > User Config File
You can speed up and simplify the configuration of new devices by re-using the existing configuration settings
with this option. Use Upload to transfer configuration data to this interface and Download to transfer from this
interface (and then use the file to configure another interface). The default name of the file is config.ini.
To retrieve and customize the file of a configured NMC, see How to Export Configuration
Settings.

Configure Links screen

Path: Configuration > General > Quick Links
Use this option to view and change the URL links displayed at the bottom left of each screen of the interface.
To reconfigure a link, click the link name in the Name column. You can reset the links to their defaults at any
time by clicking on Reset to Defaults there.

Network Management Card 3 User Guide 77

Logs on Configuration menu
Path: Configuration > Logs > Syslog > options
The NMC can send messages to up to four Syslog servers when an event occurs. The Syslog servers record
events that occur at network devices in a log that provides a centralized record of events.
This user’s guide does not describe Syslog or its configuration values in detail. See RFC5424 for
more information about Syslog.

Identifying Syslog servers

Path: Configuration > Logs > Syslog > Servers
Field Description

Syslog Uses IPv4/ IPv6 addresses or host names to identify from one to four servers to receive
Server Syslog messages sent by the NMC.
The port that the NMC will use to send Syslog messages. The default port is 6514
Port
which is the port assigned to secure Syslog (TLS).
Language Choose the language for any Syslog messages.
Protocol Choose between UDP, TCP, or TLS.
When the chosen protocol is TLS, choose a client certificate to use for mutual
TLS Client
authentication with the Syslog server. The default option “None” disables mutual
Certificate
authentication. Client certificates can be installed on the SSL Certificates.

Syslog settings
Path: Configuration > Logs > Syslog > Settings
Field Description

Message Enable the generation and the logging of Syslog messages for events that have
Generation Syslog configured as a notification method. See “Configuring event actions”.
Selects the facility code assigned to the NMC’s Syslog messages (User, by default).
Facility
Code NOTE: User best defines the Syslog messages sent by the NMC. Do not change this
selection unless advised to do so by the Syslog network or system administrator.

Network Management Card 3 User Guide 78

 Field Description

Maps each severity level of NMC or Environment events to available Syslog priorities.
The local options are Critical, Warning, and Informational. You should not need to
change the mappings.
The following definitions are from RFC5424:
• Emergency: The system is unusable
• Alert: Action must be taken immediately
• Critical: Critical conditions
• Error: Error conditions
Severity • Warning: Warning conditions
Mapping
• Notice: Normal but significant conditions
• Informational: Informational messages
• Debug: Debug-level messages
Following are the default settings for the Local Priority settings:
• Severe is mapped to Critical
• Warning is mapped to Warning
• Informational is mapped to Info
NOTE: To disable Syslog messages, see Configuring event actions.

Syslog test and format example

Path: Logs > Syslog > Test
Send a test message to the Syslog servers (configured through the Identifying Syslog servers option above).
The result will be sent to all configured Syslog servers.
Select a severity to assign to the test message and then define the test message. Format the message to
consist of the event type (APC, System, or Device, for example) followed by a colon, a space, and the event
text. The message can have a maximum of 50 characters.
• The priority (PRI): the Syslog priority assigned to the message’s event, and the facility code of
messages sent by the NMC.
• The Header: a time stamp and the IP address of the NMC.
• The message (MSG) part:
– The TAG field, followed by a colon and space, identifies the event type.
– The CONTENT field is the event text, followed (optionally) by a space and the event code.
Example: APC: Test Syslog is valid.

CEIP on Configuration menu

Path: Configuration > CEIP > Settings
The Network Management Card’s Customer Experience Improvement Program (CEIP) provides us with the
information that enables us to improve our product and services, and helps us to advise you on how best to
deploy and configure your NMC.

Network Management Card 3 User Guide 79

As part of the CEIP, we will collect certain information about how you configure and use your Network
Management Card in your environment. This information is completely anonymous, and cannot be used to
personally identity any individual. For more information, please refer to the CEIP Frequently Asked
Questions.

Network Management Card 3 User Guide 80

Tests menu
Testing and calibrating
Path: Tests > UPS
This option is not available for all UPS devices.
It is not supported to run a calibration for lithium-ion UPS devices, including UPS devices with the
SRTL/SRYLF prefix.
With some UPS devices, you can run a self-test, an alarm test, or a runtime calibration for your UPS. The Self-
Test and Calibration fields display the results of the most recent test and calibration.
A runtime calibration causes the UPS to recalculate its available runtime capacity based on its current load.
This ensures that the runtime reported is more accurate. Because a calibration temporarily depletes the UPS
batteries, you can perform a calibration only if battery capacity is at 100%. The load on your UPS must be at
least 15% without fluctuating to guarantee that a calibration will be accepted.
Caution - Runtime calibrations deeply discharge UPS batteries, which can leave a UPS temporarily
unable to support its attached load if a power outage occurs.
Frequent calibrations reduce the life of batteries.
Perform a calibration whenever you significantly increase the load that the UPS is supporting.

The alarm test for a UPS is device-specific and might not be available for your UPS. To enable the alarm, see
UPS General screen.
• When you select UPS Alarm Test, the UPS beeps for four seconds and the LEDs illuminate.
• When you select UPS Alarm Test - Continuous, the UPS beeps and illuminates the LEDs until you
cancel the test. A separate bullet displays on this screen, Cancel Continuous Alarm Test. To cancel
the test, select this and click Apply. Alternatively, you press any key on the LED display interface of the
UPS. This test is useful for locating a UPS.

Setting the NMC LED lights to blink

Path: Tests > Network > LED Blink
If you are having trouble finding your UPS device, enter a number of minutes in the LED Blink Duration field,
click Apply, and your NMC LED lights will start flashing. This can assist in locating the physical device.

Network Management Card 3 User Guide 81

Logs and About menus
Using the Event and Data Logs
The Event Log records individual occurrences. The Data Log, by contrast, provides you with a snapshot of
your system by recording values at regular time intervals.
Each Event contains the following information:

Event Description

Date The date the event occurred.

Time The time the event occurred.
The user that initiated the action. This can either be the username,
User “system” if it was part of an internal service, or “device” if it was
initiated by the connected device.
Event The text which describes the event.
Code The event identifier. (Not available in all user interfaces.)

Event log
By default, the log displays all events. See Configuring by event.
The Event Log records all events including access control, request errors, system events, configuration
changes (including via config.ini file) and audit events. It can be configured to store from 25 to 30,000 events,
the default is 1500. If the Event log is full and a new event occurs, the oldest event will be overwritten. If you
want to retain your events, you should configure exporting events to a Syslog server.
You can enable event color coding for through Local Users on the Configuration menu.
Note: Event logs are encrypted using AES-256 ESSIV and cryptographically authenticated with HMAC-
SHA256 by the NMC before use.

To display the Event Log.

Path: Logs > Events > Log
By default, the Event Log displays the most recent events first. To see the events listed together on a Web
page, click the Launch Log in New Window button. JavaScript must be enabled in your browser to do this.
To open the log in a text file or to save the log to disk, click on the floppy disk icon, , in the same line as the
Event Log heading.
You can also use Secure CoPy (SCP) or FTP to view the Event Log. For more information, see
How to use SCP or FTP to retrieve log files.

To filter the Event Log. Use filtering to omit information you don’t want to display.
Filtering the log Use the Last or From radio buttons. (The filter configuration is saved until the
by date or time NMC restarts).

Network Management Card 3 User Guide 82

 Click Filter Log. Clear a check box to remove it from view. After you click Apply text at
Filtering the log
the upper right corner of the Event Log page indicates that a filter is active. The filter is
by event
active until you clear it or until the NMC restarts. To remove an active filter, click Filter
severity or
Log, then Clear Filter (Show All). As Administrator, click Save As Default to save this
category
filter as the new default log view for all users.

Important points on filtering:

• Events are processed through the filter using OR logic. If you apply a filter, it works regardless of the
other filters.
• Events that you cleared in the Filter By Severity list never display in the filtered Event Log, even if
selected in the Filter by Category list.
• Similarly, events that you clear in the Filter by Category list never display in the filtered Event Log.
To delete the Event Log. To delete all events, click Clear Log. Deleted events cannot be retrieved.
To disable the logging of events based on their assigned severity level or their event category, see
Configuring by groups of events.

To configure reverse lookup:

Path: Logs > Events > Reverse Lookup
With reverse lookup enabled, when a network-related event occurs, both the IP address and the domain name
for the networked device with the event are logged in the Event Log. If no domain name entry exists for the
device, only its IP address is logged with the event.
Since domain names generally change less frequently than IP addresses, enabling reverse lookup can
improve the ability to identify addresses of networked devices that are causing events.
Reverse lookup is disabled by default. You should not need to enable it if you have no DNS server configured
or have poor network performance because of heavy network traffic.
To resize the Event Log.
Path: Logs > Events > Size
Use Event Log Size to specify the maximum number of log entries.
Caution: When you resize the Event Log in order to specify a maximum size, all existing log entries
are deleted. To avoid losing log data, use SCP or FTP to retrieve the log first, see How to use SCP
or FTP to retrieve log files. When the log subsequently reaches the maximum size, the older
entries are deleted.

Data log
Path: Logs > Data > options
Use the Data Log to display measurements about the UPS, the power input to the UPS, and the ambient
temperature of the UPS and batteries.
Note: Data logs are encrypted using AES-256 ESSIV and cryptographically authenticated with HMAC-SHA256
by the NMC before use.
The steps to display and resize the Data Log are the same as for the Event Log, except that you use menu
options under Data instead of Events. See To display the Event Log and To resize the Event Log.

Network Management Card 3 User Guide 83

To filter the Data Log by date or time, use the Last or From radio buttons. (The filter configuration is saved until
the NMC restarts). To delete all data recorded in the Data Log, click Clear Data Log. Deleted data cannot be
retrieved.
To set the data collection interval (Logs > Data > Interval): Define, in the Log Interval setting, how
frequently data is searched for and stored in the Data Log. When you click Apply, the number of possible
storage days is recalculated and display at the top of the screen.
When the log is full, the oldest entries are deleted. To avoid automatic deletion of older data, see To configure
Data Log rotation (Logs > Data > Rotation): directly below.
NOTE: Because the interval specifies how often the data is recorded, the smaller the interval, the more times
the data is recorded and the larger the log file.
To configure Data Log rotation (Logs > Data > Rotation): Rotation causes the contents of the Data Log
to be appended to the file you specify by name and location. This means you can store the data before it is
deleted, see To set the data collection interval (Logs > Data > Interval): directly above.
Use this option to set up password-protection and other parameters.

Field Description

FTP Server The IP address or host name of the server where the file will reside.
The user name with password required to send data to the repository
User Name
file. This user must also be configured to have read and write access
Password
to the data repository file and the directory (folder) in which it is stored.
File Path The path to the repository file.
The name of the repository file (an ASCII text file), e.g.
Filename datalog.txt.
Any new data is appended to this file, it does not overwrite it.
Select this check box to save the log as
mmddyyyy_<filename>.txt, where filename is what you specified
Unique Filename in the Filename field above.
Any new data is appended to the file but each day has its own file.
Delay n hours between The number of hours between uploads of data to the file (max. 24
uploads. hours).
Upon failure, try
The number of minutes between attempts to upload data to the file
uploading every n
after an upload does not work.
minutes
The maximum number of times the upload will be attempted after it
up to n times
does not work initially.
until upload succeeds Attempt to upload the file until the transfer is completed.

Network Management Card 3 User Guide 84

How to use SCP or FTP to retrieve log files
An Administrator or Device User can use SCP or FTP to retrieve a tab-delineated Event Log file (event.txt) or
Data Log file (data.txt) and import it into a spreadsheet. Both reside on the NMC.
• The file reports all events or data recorded since the log was last deleted, or truncated because it
reached maximum size.
• The file includes information that the Event Log or Data Log does not display.
– The Application version
– The date and time the file was retrieved
– The Name, Contact, and Location values and IP address of the NMC
– The name of the UPS Model (data.txt file only)
– The unique Event Code for each recorded event (event.txt file only)
– The NMC uses a four-digit year for log entries. You may need to select a four-digit date format in
your spreadsheet application to display all four digits.
If you are using the encryption-based security protocols, see To use SCP to retrieve the files. If
you are using unencrypted authentication methods for security, see To use FTP to retrieve the
files.
See the Security Handbook for information on available protocols and methods for setting up the
type of security you need.

To use SCP to retrieve the files. Enable SSH on the NMC, see Console access. NOTE: The below
commands are examples only.
To retrieve the event.txt file, use the following command:
scp <username@hostname> or <ip_address>:event.txt ./event.txt
To retrieve the data.txt file, use the following command:
scp <username@hostname> or <ip_address>:data.txt ./data.txt
To use FTP to retrieve the files. To use FTP to retrieve the event.txt or data.txt file:
1. At a command prompt, type ftp and the IP address of the NMC, and press ENTER.
If the Port setting for the FTP Server option (see FTP Server) has been changed from its default (21),
you must use the non-default value in the FTP command.
For Windows FTP clients, use the following command, including spaces. (For some FTP clients, you
must use a colon instead of a space between the IP address and the port number.)
ftp>open ip_address port_number
To set a non-default port value to enhance security for the FTP Server, see FTP Server. You
can specify any port from 5001 to 32768.

2. Use the case-sensitive User Name and Password for Administrator or Device User to log on. For
Administrator, apc is the default user name. For the Device User, the default user name is device.
3. To set the file transfer mode to binary, type:
ftp>bin
To show a progress bar during file transfer, type:
ftp>hash
4. Use the get command to transmit the text of a log to your local drive.

Network Management Card 3 User Guide 85

 ftp>get event.txt
or
ftp>get data.txt
5. You can use the del command to clear the contents of either log.
ftp>del event.txt
or
ftp>del data.txt
You will not be asked to confirm the deletion.
– If you clear the Data Log, the Event Log records a deleted-log event.
– If you clear the Event Log, a new event.txt file records the event.
6. Type quit at the ftp> prompt to exit from FTP.

Network Management Card 3 User Guide 86

UPS Log
Path: Logs > UPS

This menu option is not available for all UPS devices.

The path for UPS devices with the SRTL/SRYLF prefix with an embedded NMC is Logs > Power
Events.
This information is derived from your UPS device and is separate from your NMC logs. (It is not directly related
to or a subset of the NMC Event log).
The information can be useful to help the technical support team solve problems.
UPS Transfer Logs Displays a table of the UPS stored transfer events, including transfers to battery and
transfers to bypass.
UPS Fault Logs Displays a table of the UPS stored faults.

Energy Usage
Path: Logs > Energy Usage

This menu option is not available for all UPS devices.

The cumulative energy usage figures for your UPS device display at the top of the screen, with a week-by-
week breakdown in the table at the bottom of the screen.

Field Description

The amount of energy, in kilowatt-hours, consumed thus far by your UPS. For example,
Energy Usage a UPS providing power to a 350 W light bulb for 1000 hours consumes 350 kWh of
energy.
The estimated total cost of energy used thus far. For example, a light bulb consuming
Total Cost 350kWh of energy over 1000 hours with a price of $0.10 per kWh costs $35 over that
period of time.
The estimated quantity of CO2 released by the AC utility company into the environment
CO2 Emissions
to provide the energy used thus far.

Costs and CO2 emissions vary greatly by energy source and distribution network. You can obtain a rough
estimate by choosing your country from the Location drop-down box, or use the “(edit)” link to input your own
cost and emissions data.
Editing a location creates a custom location and does not alter the default figures for that location. For
example, if you choose IE-Ireland from the drop-down list and subsequently use edit to change data, then an
entry called Custom (IE-Ireland) is created at the top of the drop-down list.

Network Management Card 3 User Guide 87

Firewall Log
Path: Logs > Firewall
If you create a firewall policy, firewall events will be logged here. For more information on implementing a
policy, see Firewall screens.
The information can be useful to help the technical support team solve problems.
Log entries contain information about the traffic and the rules action (allowed, discarded). When logged here,
these events are not logged in the main Event Log. See Event log.
A firewall log contains up to 50 of the most recent events. The firewall log is cleared when the NMC reboots.

About the Network Management Card 3

About the UPS device
Path: About > UPS

The path for UPS devices with the SRTL/SRYLF prefix with an embedded NMC is About > UPS >
General.

The information displayed under UPS varies according to the device used.

Field Description

Model/
SKU/ These fields identify your UPS device.
Serial Number
Manufacture Date The date your UPS was manufactured.
Firmware Revision The revision numbers of the firmware modules currently installed on the UPS.
The second revision number of the firmware currently installed on the UPS. This is
Firmware Revision2
used when multiple processors require different versions.
Apparent Power The total VA capability of the UPS.
Rating
Real Power Rating The total load capability (in Watts) of the UPS.
The VA capability of each UPS phase.
Apparent Power More technically, it is the present apparent power for each phase in Volt-Amps
Rating/Phase (VA). Apparent power is the product of RMS (root mean square) volts and RMS
amperes.
The total load capability (in Watts) of the UPS.
Real Power
Rating/Phase The present active bypass power for each phase in watts (W). Active power is the
time average of the instantaneous product of voltage and current.
Internal Battery SKU/ These fields identify the part numbers for your batteries. This can be useful when
External Battery SKU troubleshooting problems or when ordering replacement parts.

Network Management Card 3 User Guide 88

 Path: About > UPS > Power

The options below are only applicable for UPS devices with the SRYLF prefix with an embedded
NMC.

Field Description

Serial Number The serial number of the power module(s).

SKU The SKU of the power module(s).
Date The manufacture date of the power module(s).
Version The firmware version of the power module(s).

Click on Main or XRn / Battery Frame n to reach the Main Frame / Battery Frame n screen for additional
battery information.
Path: About > UPS > Battery

The options below are only applicable for UPS devices with the SRTL/SRYLF prefix with an
embedded NMC.

Field Description

Serial Number The serial number of the battery frame/module.

SKU The SKU of the battery frame/module.
Date The manufacture date of the battery frame/module.
Version The firmware version of the battery frame/module.

Path: About > UPS > Intelligence Modules

The options below are only applicable for UPS devices with the SRYLF prefix with an embedded
NMC.

Field Description

Serial Number The serial number of the intelligence module(s).

SKU The SKU of the intelligence module(s).
Date The manufacture date of the intelligence module(s).
Version The firmware version of the intelligence module(s).

Network Management Card 3 User Guide 89

About the NMC and the firmware modules
Path: About > Network
Hardware Factory: This hardware information is useful for troubleshooting problems with your NMC device
including model and serial number, hardware revision, manufacture date, MAC address, and management
uptime.
Management Uptime refers to the length of time this management interface has been running continuously;
that is, the length of time since the NMC has been warm or cold started.
Application Module, APC OS (AOS), and Boot Monitor: This information is useful for troubleshooting, and
for determining if updated firmware is available, www.apc.com/shop/us/en/tools/software-firmware.

Field Label Description

The name of the firmware module.

The Application Module name differs according to the UPS device type, e.g. su
Name applies to Smart-UPS devices, sy applies to Symmetra devices.
The APC AOS module is always named aos, and the boot monitor module is always
named boot.
The version number of the firmware module. Version numbers of the modules may
Version differ, but compatible modules are released together.
See Upgrading Firmware.
Date/ Time The date and time at which the firmware module was loaded.

See also Verify the version numbers of installed firmware.

Support screen
Path: About > Support
With this option, you can consolidate various data in this interface into a single zipped file for troubleshooting
purposes and customer support. The data includes the event and data logs, the configuration file (see
Creating and Importing settings with the config file) and complex debugging information.
Click Generate Logs to create the file and then Download. You are asked whether you want to view or save
the zipped file.

Network Management Card 3 User Guide 90

How to Export Configuration Settings
Retrieving and Exporting the .ini File
Summary of the procedure
An Administrator can retrieve the .ini file of a Network Management Card 3 (NMC) and export it to another
NMC or to multiple NMCs. The steps are below, see details in the sections following.
1. Configure an NMC with the desired settings and export them, see Creating and Importing settings
with the config file.
2. Retrieve the .ini file from that NMC.
3. Customize the file to change the TCP/IP settings at least.
4. Use a file transfer protocol supported by the NMC to transfer a copy to one or more other NMCs. For a
transfer to multiple NMCs, use an FTP or SCP script or the .ini file utility.
Each receiving NMC uses the file to reconfigure its own settings and then deletes it.

Contents of the .ini file

The config.ini file you retrieve from an NMC contains the following:
• section headings and keywords (only those supported for the particular UPS/ NMC device from which
you retrieve the file): Section headings are category names enclosed in brackets ([ ]). Keywords,
under each section heading, are labels describing specific NMC settings. Each keyword is followed by
an equals sign and a value (either the default or a configured value).
• The Override keyword: With its default value, this keyword prevents the exporting of one or more
keywords and their device-specific values. For example, in the [NetworkTCP/IP] section, the default
value for Override (the MAC address of the NMC) blocks the exporting of values for the SystemIP,
SubnetMask, DefaultGateway, and BootMode.

Detailed procedures
Retrieving. To set up and retrieve an .ini file to export:
1. If possible, use the interface of an NMC to configure it with the settings to export. (Directly editing the
.ini file risks introducing errors).
2. The example below shows how to use FTP to retrieve config.ini from the configured NMC using a
command prompt type client:
a. Open a connection to the NMC, using its IP address:
ftp> ip_address
b. Log on using the Administrator user name and password.
c. To set the file transfer mode to binary, type:
ftp> bin
To show a progress bar during file transfer, type:
ftp> hash
d. Retrieve the config.ini file containing the NMC’s settings:
ftp> get config.ini
The file is written to the folder from which you launched the FTP client from.

Network Management Card 3 User Guide 91

 To retrieve configuration settings from multiple NMCs and export them to other NMCs, see Release
Notes: ini File Utility, available on the APC website. Or see Knowledge Base article FA156117.
Customizing. You must customize the file before you transfer it to another NMC.
1. Use a text editor to customize the file.
– Section headings, keywords, and pre-defined values are not case-sensitive, but string values that
you define are case-sensitive.
– Use adjacent quotation marks to indicate no value. For example, LinkURL1="" indicates that the
URL is intentionally undefined.
– Enclose in quotation marks any values that contain leading or trailing spaces or are already
enclosed in quotation marks.
– To export scheduled events, configure the values directly in the .ini file.
– To export a system time with the greatest accuracy, if the receiving NMCs can access a Network
Time Protocol server, configure enabled for NTPEnable:
NTPEnable=enabled
Alternatively, reduce transmission time by exporting the [SystemDate/Time] section as a separate
.ini file.
– To add comments, start each comment line with a semicolon (;).
2. Copy the customized file to another file name in the same folder:
– The file name can have up to 64 characters and must have the .ini suffix.
– Retain the original customized file for future use. The file that you retain is the only record of your
comments.
– Starting with version 3.2.x, the customized .ini file name may optionally contain a CRC32 for
integrity checking of the .ini file before processing. To enable this check, the format of the .ini file
name should be "<name>_CRC32-<8 hexidecimal CRC32>.ini".
For example, if the .ini file had computed CRC32 of 47C6C10D, the customized .ini file name
could be config_CRC32-47C6C10D.ini. When the NMC3 receives an .ini file with this naming
convention, it will compute the CRC32 of the file and verify it matches before processing its
contents.
Transferring the file to a single NMC. To transfer the .ini file to another Network Management Card, do
either of the following:
• From the user interface of the receiving NMC, select Configuration - General - User Config File.
Enter the full path of the file, or use Browse on your local PC.
• Use any file transfer protocol supported by Network Management Cards, i.e., FTP, FTP Client, SCP, or
TFTP. The following example uses FTP:
a. From the folder containing the copy of the customized .ini file, use FTP to log in to the NMC to
which you are exporting the .ini file:
ftp> open ip_address
b. To set the file transfer mode to binary, type:
ftp> bin
To show a progress bar during file transfer, type:
ftp> hash
c. Export the copy of the customized .ini file to the root directory of the receiving NMC:
ftp> put filename.ini

Network Management Card 3 User Guide 92

Transferring the file to multiple NMCs. Follow these steps:
• Use FTP or SCP, but write a script that incorporates and repeats the steps used for exporting the file to
a single NMC.
• Use a batch processing file and the .ini file utility.
To create the batch file and use the utility, see Release Notes: ini File Utility, available on the APC
website. Or see Knowledge Base article FA156117.

The Upload Event and Error Messages

The event and its error messages
The following event occurs when the receiving Network Management Card completes using the .ini file to
update its settings:
Configuration file upload complete, with number valid values
If a keyword, section name, or value is invalid, the upload by the receiving NMC succeeds, and additional
event text states the error.

Event text Description

Configuration file warning: Invalid

keyword on line number.
A line with an invalid keyword or value is ignored.
Configuration file warning: Invalid
value on line number.
Configuration file warning: Invalid If a section name is invalid, all keyword/value pairs in that
section on line number. section are ignored.
Configuration file warning: Keyword
A keyword entered at the beginning of the file (i.e., before
found outside of a section on line
any section headings) is ignored.
number.
Configuration file warning: If the file is too large, an incomplete upload occurs. Reduce
Configuration file exceeds maximum the size of the file, or divide it into two files, and try uploading
size. again.
Configuration file warning: Unable to If the file is named to include the CRC32 and the computed
process configuration file. Integrity CRC32 doesn't match the given CRC32, it will not be
check unsuccessful: computed value processed. Verify the contents and rename the file correctly
was CRC32. as CRC32.

Messages in config.ini
A device associated with the NMC from which you download the config.ini file must be discovered successfully
in order for its configuration to be included. If the device (such as a UPS) is not present or is not discovered,
the config.ini file contains a message under the appropriate section name, instead of keywords and values. For
example:
UPS not discovered
If you did not intend to export the configuration of the device as part of the .ini file import, ignore these
messages.

Network Management Card 3 User Guide 93

Errors generated by overridden values
The Override keyword and its value will generate error messages in the Event Log when it blocks the
exporting of values.

See Contents of the .ini file for information about which values are overridden.
Because the overridden values are device-specific and not appropriate to export to other NMCs,
ignore these error messages. To prevent these error messages, delete the lines that contain the Override
keyword and the lines that contain the values that they override. Do not delete or change the line containing
the section heading.

Network Management Card 3 User Guide 94

NMC Firmware Upgrades
Upgrading Firmware
Firmware version 2.5.x is the last NMC3 firmware that will be available without a Secure NMC System
subscription. The Secure NMC System (SNS) protects your business by ensuring your connected devices are
secure from unknown threats (IEC 62443-4-2), compliant with changing regulations and resilient for the
entirety of your hardware’s life. To learn more, please visit www.apc.com/secure-nmc.

Firmware File Transfer Methods

To upgrade the firmware of one or more NMCs, download the Secure NMC System Tool for your application
from the APC website. For more information on how to use the Secure NMC System Tool, please consult the
User Guide.

Verifying Upgrades
Verify the success of the transfer
To verify whether a firmware upgrade succeeded, you can use the xferStatus command in the command
line interface to view the last transfer result.

Last Transfer Result codes

Possible transfer errors include the TFTP or FTP server not being found, or the server refusing access, the
server not finding or not recognizing the transfer file, or a corrupt transfer file.

Verify the version numbers of installed firmware

Path: About - Network

Use the Web UI to verify the versions of the upgraded firmware modules. You could also use an SNMP GET to
the MIB II sysDescr OID. In the command line interface, use the about command.

Changing UI Language
You can display the NMC user interface (UI) in different languages by selecting a language from the Language
drop-down box in the Login screen.
The UI has nine languages available: French, Italian, German, Spanish, Brazilian Portuguese, Russian,
Korean, Japanese, and Simplified Chinese.

Network Management Card 3 User Guide 95

Secure Boot with Root of Trust
Secure Boot with Root of Trust provides enhanced security at the NMC hardware level. The NMC's processor
uses ECDSA to verify the bootloader's signature using a known public key. The bootloader also uses ECDSA
to verify firmware signatures using Schneider Electric's Firmware Signing CA public key, stored in the
bootloader.

Network Management Card 3 User Guide 96

Troubleshooting
Network Management Card Access Problems
Visit the Knowledge Base at www.apc.com/support for step-by-step troubleshooting, and helpful solutions to
common issues. To contact customer support, see APC Worldwide Customer Support.

Problem Solution

If the NMC’s Status LED is green, try to ping another node on the
same network segment as the NMC. If that does not work, it is not a
problem with the NMC. If the Status LED is not green, or if the ping
test succeeds, perform the following checks:
• Verify that the NMC is properly seated in the UPS.
Unable to ping the NMC • Verify all network connections.
• Verify the IP addresses of the NMC and the NMS.
• If the NMS is on a different physical network (or subnetwork) from
the NMC, verify the IP address of the default gateway (or router).
• Verify the number of subnet bits for the NMC’s subnet mask.
Cannot allocate the Before you can use a terminal program to configure the NMC, you
communications port must shut down any application, service, or program using the
through a terminal program communications port.
Cannot access the
Make sure that you did not change the baud rate. Try 2400, 9600,
command line interface
19200, 38400, 57600 or 115200.
through a serial connection
• Make sure you are using the correct access method, Telnet or
Secure SHell (SSH). An Administrator can enable these access
Cannot access the methods. By default, Telnet is disabled, and SSH is enabled. SSH
command line interface and Telnet can be enabled/disabled independently.
remotely • For SSH, the NMC may be creating a host key. The NMC can take
up to one minute to create the host key, and SSH is inaccessible for
that time.
• Verify that HTTP or HTTPS access is enabled.
• Make sure you are specifying the correct URL — one that is
consistent with the security system used by the NMC. SSL requires
https, not http, at the beginning of the URL.
• Verify that you can ping the NMC.
Cannot access the user
interface (UI) • Verify that you are using a Web browser supported for the NMC.
See “APC Worldwide Customer Support”.
• If the NMC has just restarted and SSL security is being set up, the
NMC may be generating a server certificate. The NMC can take up
to one minute to create this certificate, and the SSL server is not
available during that time.

Network Management Card 3 User Guide 97

SNMP Issues

Problem Solution

• Verify the read (GET) community name (SNMPv1) or the user profile
Unable to perform a configuration (SNMPv3).
GET • Use the command line interface or UI to ensure that the NMS has access.
See SNMP screens.
• Verify that SNMP is enabled. SNMPv1 and SNMPv3 are disabled by default.
• Verify the read/write (SET) community name (SNMPv1) or the user profile
Unable to perform a configuration (SNMPv3).
SET • Use the command line interface or UI to ensure that the NMS has write
(SET) access (SNMPv1) or is granted access to the target IP address
through the access control list (SNMPv3). See SNMP screens.
• Make sure the trap type (SNMPv1 or SNMPv3) is correctly configured for
the NMS as a trap receiver.
• For SNMP v1, query the mconfigTrapReceiverTable MIB OID to verify that
the NMS IP address is listed correctly and that the community name defined
Unable to receive for the NMS matches the community name in the table. If either is not
traps at the NMS correct, use SETs to the mconfigTrapReceiverTable OIDs, or use the
command line interface or UI to correct the trap receiver definition.
• For SNMPv3, check the user profile configuration for the NMS, and run a
trap test.
See SNMP screens, Trap Receivers, and SNMP Traps test screen.
Traps received at an
See your NMS documentation to verify that the traps are properly integrated in
NMS are not
the alarm/trap database.
identified

Modbus Problems
For more information on Modbus wiring and serial configuration for the AP9641 and AP9643 cards,
see the Modbus Documentation Addendum. For detailed information on Modbus registers and
bit descriptions, see the Modbus Register Maps on the APC website.

Network Management Card 3 User Guide 98

APC USB Wi-Fi Device (AP9834) Problems

Problem Solution

• Verify that the APC USB Wi-Fi Device is correctly inserted in a USB port of
an AP9641/AP9643 card.
• Verify that the correct Wi-Fi settings are provided in the NMC Web UI or CLI.
• Verify that there are no Wi-Fi-related events in the NMC’s Event Log. If the
Unable to connect to
Wi-Fi settings are entered incorrectly or left blank, the NMC will log an error
wi-fi network
to the Event Log. For example: “USB Wi-Fi Device error. Wi-Fi Settings”.

If the issue still persists, contact a network administrator to diagnose

connection issues.
• Verify that the correct Wi-Fi settings are provided in the NMC Web UI or CLI.
• Resolve any Wi-Fi-related events in the NMC’s Event Log. For example:
“USB Wi-Fi Device error. Wi-Fi Settings”.
• Re-enable the wired connection and configure the Wi-Fi settings via an
alternative method:
– Web UI (Configuration > Network > Wi-Fi)
– Command Line Interface (wifi command)
Unable to resolve
the Device’s solid – config.ini file (NetworkWiFi section)
red LED state If the wired connection is no longer available, connect the micro-USB cable
(960-0603) to the console port of the NMC to access the CLI, and transfer the
config.ini file using the xferINI command. For more information see the NMC 3
CLI Guide.

If the issue still persists, contact Customer Support. See APC Worldwide
Customer Support.

LED Descriptions

Condition Description

One of the following situations exists:

• The Device is not inserted in a USB port on an AP9641/AP9643 NMC.
• The NMC’s firmware does not support Wi-Fi. Wi-Fi support is available in
Off firmware version 1.4 and higher. See NMC Firmware Upgrades.
• The Device is not operating properly. It may need to be repaired or
replaced. Contact Customer Support. See APC Worldwide Customer
Support.
Solid green The Device is connected to an access point but there is no network activity.
Flashing green The Device is connected to an access point and the Wi-Fi network is active.

Network Management Card 3 User Guide 99

Condition Description

One of the following situations exists:

• There is a permanent error with the Device.
Solid red
• There is a permanent error with the NMC Wi-Fi settings.
• There are unresolvable issues connecting to an access point.
Flashing red The Device is in the process of making a Wi-Fi connection to an access point.

Network Management Card 3 User Guide 100

Two-Year Factory Warranty
This warranty applies only to the products you purchase for your use in accordance with this manual.

Terms of warranty
APC warrants its products to be free from defects in materials and workmanship for a period of two years from
the date of purchase. APC will repair or replace defective products covered by this warranty. This warranty
does not apply to equipment that has been damaged by accident, negligence or misapplication or has been
altered or modified in any way. Repair or replacement of a defective product or part thereof does not extend the
original warranty period. Any parts furnished under this warranty may be new or factory-remanufactured.

Non-transferable warranty
This warranty extends only to the original purchaser who must have properly registered the product. The
product may be registered at the APC Web site, www.apc.com.

Exclusions
APC shall not be liable under the warranty if its testing and examination disclose that the alleged defect in the
product does not exist or was caused by end user’s or any third person’s misuse, negligence, improper
installation or testing. Further, APC shall not be liable under the warranty for unauthorized attempts to repair or
modify wrong or inadequate electrical voltage or connection, inappropriate on-site operation conditions,
corrosive atmosphere, repair, installation, exposure to the elements, Acts of God, fire, theft, or installation
contrary to APC recommendations or specifications or in any event if the APC serial number has been altered,
defaced, or removed, or any other cause beyond the range of the intended use.
THERE ARE NO WARRANTIES, EXPRESS OR IMPLIED, BY OPERATION OF LAW OR OTHERWISE, OF
PRODUCTS SOLD, SERVICED OR FURNISHED UNDER THIS AGREEMENT OR IN CONNECTION
HEREWITH. APC DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTION
AND FITNESS FOR A PARTICULAR PURPOSE. APC EXPRESS WARRANTIES WILL NOT BE
ENLARGED, DIMINISHED, OR AFFECTED BY AND NO OBLIGATION OR LIABILITY WILL ARISE OUT
OF, APC RENDERING OF TECHNICAL OR OTHER ADVICE OR SERVICE IN CONNECTION WITH THE
PRODUCTS. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND IN LIEU OF ALL
OTHER WARRANTIES AND REMEDIES. THE WARRANTIES SET FORTH ABOVE CONSTITUTE APC’S
SOLE LIABILITY AND PURCHASER’S EXCLUSIVE REMEDY FOR ANY BREACH OF SUCH
WARRANTIES. APC WARRANTIES EXTEND ONLY TO PURCHASER AND ARE NOT EXTENDED TO ANY
THIRD PARTIES.
IN NO EVENT SHALL APC, ITS OFFICERS, DIRECTORS, AFFILIATES OR EMPLOYEES BE LIABLE FOR
ANY FORM OF INDIRECT, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, ARISING OUT OF
THE USE, SERVICE OR INSTALLATION, OF THE PRODUCTS, WHETHER SUCH DAMAGES ARISE IN
CONTRACT OR TORT, IRRESPECTIVE OF FAULT, NEGLIGENCE OR STRICT LIABILITY OR WHETHER
APC HAS BEEN ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES. SPECIFICALLY,
APC IS NOT LIABLE FOR ANY COSTS, SUCH AS LOST PROFITS OR REVENUE, LOSS OF EQUIPMENT,
LOSS OF USE OF EQUIPMENT, LOSS OF SOFTWARE, LOSS OF DATA, COSTS OF SUBSTITUENTS,
CLAIMS BY THIRD PARTIES, OR OTHERWISE.
NO SALESMAN, EMPLOYEE OR AGENT OF APC IS AUTHORIZED TO ADD TO OR VARY THE TERMS
OF THIS WARRANTY. WARRANTY TERMS MAY BE MODIFIED, IF AT ALL, ONLY IN WRITING SIGNED
BY AN APC OFFICER AND LEGAL DEPARTMENT.

Network Management Card 3 User Guide 101

Warranty claims
Customers with warranty claims issues may access the APC customer support network through the Support
page of the APC Web site, www.apc.com/support. Select your country from the country selection pull-down
menu at the top of the Web page. Select the Support tab to obtain contact information for customer support in
your region.

Copyright Notices
To view Copyright Notices for Network Management Card 3, see here.

Network Management Card 3 User Guide 102

 APC by Schneider Electric
Worldwide Customer Support
Access to customer support terms may vary by product. Customer support is available in the
following ways:
• Visit the Schneider Electric Web site to access documents in the Schneider Electric Knowledge
Base and to submit customer support requests.
– www.apc.com (Corporate Headquarters)
Connect to localized Schneider Electric Web sites for specific countries, each of which
provides customer support information.
– www.apc.com/support/
Global support searching Schneider Electric Knowledge Base and using e-support.
• Contact the Schneider Electric Customer Support Center by telephone or e-mail.
– Local, country-specific centers: go to www.apc.com/support/contact for contact information.

For information on how to obtain local customer support, contact the representative or other
distributors from whom you purchased your product.

© 2024 Schneider Electric. All Rights Reserved. Schneider Electric, APC and Network
Management Card are trademarks and the property of Schneider Electric SE, its subsidiaries and
affiliated companies. All other trademarks are property of their respective owners.

990-91148M--001 09/2024