Fork Networking Forums

[apex]

*REPOSTED* Feb, 2009. Original post from 2005.

There are a some old models of remote reboot devices made by APC that have been proven over time to be very reliable and perfectly suited for high quality network environments. Specifically APC Masterswitch models AP9211 and AP9225.

The AP9211 is an 8 port power distribution unit that allows power cycling of individual power outlets by multiple users. It has a simple and robust web interface, and also a telnet interface for management. Firmware upgrades are done over FTP and initial configuration is via a null-modem cable over a serial port, bootp, or arp.

The AP9225 (aka Masterswitch Plus) is functionally the same as the 9211 but also lets you 'cascade' up to 3 AP9225EXP expansion units underneath it and manage all 24 ports via one interface. It also supports sending reboot commands over serial ports instead of a power-cycle and a few other features.

Both units are readily available for under $300 with SNMP management cards on Ebay.

Configure serially with a null-model cable

1) Connect the null-model cable from the masterswitch to the serial port on a computer. (for the AP9225, this is the 'advanced port'.
2) Open a terminal program with settings: 2400bps, no parity, 8 data bits, 1 stop bit, and no flow control.
3) Press 'enter' a few times until the login prompt appears.
4) Login as 'apc' with password 'apc'.
5) Proceed to configure the TCP/IP settings. Be sure to change the default admin username and password and the Device Manager Password.
6) Upgrade the firmware.

If you don't have a null-modem cable, you can configure it via bootp or arp. Arp is the simplest so I'll cover that.


Configuring via arp

Connect the masterswitch unit to your network with an ethernet cable and make sure it's powered on.
Configuring via arp requires that you know the MAC address of the Web/SNMP management card and have a spare IP address on your network. You can find the MAC address by removing the Web/SNMP card. The MAC address should be visible somewhere on the card.

1) As root in a *nix based os, type: arp -s [ip address] [mac address]
2) Telnet to the IP address.
3) Login as 'apc' with password 'apc'.
4) Proceed to configure the TCP/IP settings. Be sure to change the default admin username and password and the Device Manager Password.
5) Upgrade the firmware.

*I've tested this in Mac OS X and FreeBSD, I don't know if Windows based OS's can set arp routes.

*HINT*
If a masterswitch device already has an IP address assigned, but you don't know what it is, you can perform a tcpdump of your network traffic to find it's IP address. Start your tcpdump first, then turn on the masterswitch and watch for repeating 'bootp' messages from an IP address that isn't in your network. You can then place your computer on the same network the masterswitch is assigned to in order to connect via telnet or http and configure it.

Upgrading the firmware is a simple process, but you have to do it in the correct order and have the correct firmware. I find APC's website very difficult to find information on and it will sometimes lead you to the wrong firmware version.

*Updated 12/27/2005*
Once again APC has changed their website and the files have disappeared. You can get the firmware here:

Latest Firmware for AP9211:
http://www.forked.net/ap9211/aos309a.bin
http://www.forked.net/ap9211/ms225a.bin

Latest Firmware for AP9225:
http://www.forked.net/ap9225/aos258b.bin
http://www.forked.net/ap9225/msp205a.bin


FTP to the masterswitch via a command line FTP client and send these commands:
You will have to disable passive FTP in your FTp client. Usually done with: set passive off
(replace XXX with the corresponding portion of the filename of the firmware you are installing)

Code: Select all


ftp> passive

Passive mode: off; fallback to active mode: off.

ftp> bin

200 Command okay.

ftp> put aosXXX.bin

local: aos258b.bin remote: aos258b.bin

500 Syntax error, command unrecognized.

200 Command okay.

150 Opening data connection for aos258b.bin

100% |****************************************************************************|   320 KB   57.20 KB/s    00:05   

250 Requested file action okay, completed. Management Card Rebooting....

327680 bytes sent in 00:06 (48.97 KB/s)


The masterswitch will reboot.
FTP to it again and send these commands:

Code: Select all


ftp> passive

Passive mode: off; fallback to active mode: off.

ftp> bin

200 Command okay.

ftp> put msXXX.bin

local: msp205a.bin remote: msp205a.bin

500 Syntax error, command unrecognized.

200 Command okay.

150 Opening data connection for msp205a.bin

100% |****************************************************************************|   448 KB   55.29 KB/s    00:08   

250 Requested file action okay, completed. Management Card Rebooting....

458752 bytes sent in 00:08 (49.79 KB/s)



The unit will reboot and you're done.


Configuring and using a masterswitch is very easy. You can use either the telnet interface or the web interface. Just enter the IP address of the unit in your web browser and enter your admin name and password. You can then configure outlets, add users, enable or disable features, and of course, reboot your connected devices.


Resetting Admin Password

If you've acquired a used Masterswitch and don't have the admin password, or have lost it, it's very easy to recover. Connect it to your computers serial port like above with the null modem cable (2400,8,n,1,no flow control) and press enter a few times until you get a login prompt. Then press the reset button on the AP9606 Management card (this is the card that has the ethernet port). Login as apc/apc within 30 seconds and you can then change the admin name and password.

Recovering Admin Password

If you can't connect to the Masterswitch through a serial port, you can recover the current admin username and password via telnet using the built-in backdoor password. This only works with older firmware versions.

Telnet to the masterswitch and login using any username and the password "TENmanUFactOryPOWER". At the Selection menu type 13 and press enter. Enter the byte address '0d0'. Press the space bar repeatedly until you dump all the data from the masterswitch and it begins to repeat the last page over and over.

Code: Select all



Connected to 10.32.9.29.

Escape character is '^]'.


User Name : apex

Password  : TENmanUFactOryPOWER


Factory Menu

<CTRL-A> to exit


1AP9606

2WA0043017844

3G9

402/20/2002

500 C0 B7 A2 B8 40

6v2.5.4

7A

8A

910.32.9.29

A255.255.255.0

B10.32.9.1

C

D

E

F

G


Selection> 13


Enter byte address in Hex(XXXX): 0d0



Search through the output until you see 'admin user phrase'. A few lines up from this will be the admin username which you can find because it will begin with "PF". Everything after PF is the username and the next phrase after some periods is the password.

Example:

Code: Select all


0E18   FF 50 46 61 70 63 6D 64  .PFapcmd

0E20   63 00 FF FF FF FF 6D 64  c.....md

0E28   63 61 70 63 00 FF FF FF  capc....

0E30   FF 64 65 76 69 63 65 00  .device.

0E38   FF FF FF FF 61 70 63 00  ....apc.

0E40   FF FF FF FF FF FF FF 61  .......a

0E48   64 6D 69 6E 20 75 73 65  dmin use


<sp>nxt,b-bck,p-pch,other-exit


0E50   72 20 70 68 72 61 73 65  r phrase

0E58   00 FF FF FF FF FF FF FF  ........



In the above example the username is apcmdc and the password is mdcapc.

[apex]

I've recently begun using AP7930's. Unlink the AP9211 and AP9225, the AP7930 has SSH support, an LED that shows power consumption of all attached devices and a 0U form factor with 24 outlets. No more daisy chaining AP9225's.

To remotely configure an AP7930 you can use arp like the old masterswitches, but you have to tell the device it's initial IP address by using a 113 byte ping packet.

Code: Select all

arp -s <ip> <mac address>
ping -s 113 <ip>
telnet <ip>


...configure...

[apex]

AP7930 & AP7932 Password recovery/serial access.

Oh boy this was a PITA. I recently purchased an AP7930 on ebay and it had an unknown username/password and it didn't have a serial cable.

I discovered the pinout for the real cable (904-0144) are as follows:

Assuming a standard RJ11 (4 pin telephone cable) using Black, Green, Red, & Yellow. I used a female to female DB9 cable to make my testing easier.

DB9 Pin 2 - Red
DB9 Pin 3 - Green
DB9 Pin 4 - Black

This get you serial access to the unit. Press reset twice and login as apc/apc. yay

[penguinpower]

sweet. thank you

[apex]

Control/Rebooting via SNMP.

Ap9606 card from the command line. This applies to AP9225 and AP9225EXP units (possibly others).

Code: Select all

snmpset -v 1 -c <community> <ip address> .1.3.6.1.4.1.318.1.1.6.5.1.1.5.1.1.1 integer "5"


*You will need the net-snmp and net-snmp-util packages for the snmp commands.

Your APC unit's SNMP community must be configured for write access for the IP address you are sending the command from.
The last digit of the OID (1) is the port number. The second to the last digit is the number of the masterswitch expansion unit if you have multiple daisy-chained units. The final integer number, 5 is the code for reboot, 3 is power off and 2 is power on.

PHP code to reboot port 1 of unit one on AP9225 w/AP9606 management card:

Code: Select all

$port = "1";
$ipaddress = "127.0.0.1";
  $mib = ".1.3.6.1.4.1.318.1.1.6.5.1.1.5.1.1.";
  $mib = $mib.$port;
  #reboot command is 5
  $result = snmpset($ipaddress, "community", $mib, i, "5");


If you were rebooting unit #2 of an AP9225 daisy-chain, you would use this MIB:

Code: Select all

  $mib = ".1.3.6.1.4.1.318.1.1.6.5.1.1.5.2.1.";


and then add the port number at the end.

For the 24 port, metered AP7930 series, the mib is ".1.3.6.1.4.1.318.1.1.12.3.3.1.1.4." and the reboot code is "3".