ÃÛÌÒÊÓƵ

FDC3302e High-Performance Frequency Distribution ÃÛÌÒÊÓƵ

FDC3302e Frequency Distribution ÃÛÌÒÊÓƵ

Free Lifetime Technical ÃÛÌÒÊÓƵ

We support our products for as long as you own them with FREE technical support by phone or email and free software upgrades as they become available. No maintenance contract required.

Product Status

Introduction:
Status: Recommended for all installations.
Last Software Update:
Latest Network Security Bulletin: None
Latest Field Service Bulletin: None

Product Documents

User Manual

Datasheets

Product Bulletins

240228
Feb 28, 2024

Security Vulnerability Announcements re: c_rehash script

CVE-2022-1292

CVE-2022-2068

ÃÛÌÒÊÓƵ products are not vulnerable.

Field Service Bulletins: None

Frequently Asked Questions (FAQs)

I've had my unit for 1 year already, can I get an extended warranty?

As long as your unit is still under its current warranty then yes, you can purchase an extended warranty. ÌýContact ÃÛÌÒÊÓƵ Sales for information.

My product is 12 years old and out-of-warranty. Can I get it repaired?

Yes - we will try. The problem may be that we no longer have parts for the oldÌýmodels.ÌýBut, if we can still get the needed parts thenÌýwe willÌýrepair your unit and charge for time and materials.

What is the EOL on my ÃÛÌÒÊÓƵ product?

At ÃÛÌÒÊÓƵ, End-of-Life (EOL) means end of the production life cycle. We continue to provide free technicalÌýsupport (by phone or email) for as long as you own an ÃÛÌÒÊÓƵ product.Ìý In fact, we are still providing free support for products that we shipped in 2001.

How are upgrades handled and what do they cost?

Software upgrades for all our products are freely available for download from our website at:Ìýwww.endruntechnologies.com/support/software-upgrades.

Ìý

I haven't upgraded my firmware for a long time. Can I upgrade straight to the latest version without installing subsequent versions first?

Current products (Sonoma, Meridian II, Tycho II, RTM3205) can be upgraded to the latest version of firmware straight from any older version. ÌýHowever, if you have modified either /etc/profile or /etc/rc.d/rc.MÌýand yourÌýLinux Root File System (RFS) is prior to version 2.20 then please contact ÃÛÌÒÊÓƵ (support@endruntechnologies.com).

Legacy products (Tempus LX, Unison, Meridian, Tycho, RTM3204) can also be upgraded to the latest version of firmware straight from any older version. ÌýHowever, if your RFS is prior to version 2.60 then please read this.

When I log into my unit from the CLI, a time string displays that does not match the current UTC. What is wrong?

This string:

ÌýÌýÌýSonoma_D12 ÃÛÌÒÊÓƵ 6010-0065-000 v 2.40 - Tue Sep 19 02:19:38 UTC 2017

which is displayed immediately after login simply means that firmware 6010-0065-000 version 2.40 was released on Tuesday September 16, 2017 at 02:19:38Ìý UTC. ÌýIt has nothing to do with current UTC.

Ìý

Do I have root access to the Linux file system via the command line interface?

Yes.

Do I need to be familiar with Linux in order to use your equipment?

No. To see a list of ÃÛÌÒÊÓƵ's product commands that you can easily use,Ìýtype:

ÌýÌýÌýhelp

To get help on a particular command type "help ÃÛÌÒÊÓƵ-command-name". For example:

ÌýÌýÌýhelp gpsstat

This will show you details regarding the gpsstat command.

Ìý

Ìý

How can the default prompt be changed?

Edit the file Ìý/etc/profileÌý and modify the definition of PS1.Ìý After making the change, copy the file to the non-volatile area:

ÌýÌýÌýcp /etc/profile /boot/etc

Our security guys did a scan on the ÃÛÌÒÊÓƵ unit and found a few vulnerabilities. Is there going to be a firmware update soon to address this?

Serious vulnerabilities that cannot be mitigated with a reasonable workaround will be addressed with a new firmware update as soon as possible.Ìý For remaining vulnerabilities, please see Network Security Bulletins for mitigation steps.

Also, we recommend reading this: Best Practices to Secure Your Time Server.Ìý Taking the steps outlined in this paper will eliminate most, if not all, vulnerabilities.Ìý It was written for the Sonoma Time Servers but the same general steps apply to our other Linux-based products.

Is there a way to set a timeout for ssh sessions?

Yes.Ìý Follow these instructions:

1.ÌýÌýOpen theÌýsshd_configÌýfile for editing.

For current models (Sonoma, Meridian II, Tycho II, RTM3205) open this file:

ÌýÌýÌý/etc/ssh/sshd_config

For legacy models open this file:

ÌýÌýÌý/etc/sshd_config

2.ÌýÌýUncomment and edit the lines in sshd_config with ClientAliveInterval and ClientAliveCountMax settings as follows:

ÌýÌýÌýClientAliveInterval <session timeout in seconds>
ÌýÌýÌýClientAliveCountMax 0

3.ÌýÌýDon't forget to make the modified file persistent, by copying it to FLASH:

For current models (Sonoma, Meridian II, Tycho II, RTM3205):

ÌýÌýÌýcp -p /etc/ssh/sshd_config /boot/etc/ssh

For legacy models:

ÌýÌýÌýcp -p /etc/sshd_config /boot/etc/

4.ÌýÌýReboot the unit using this command:

ÌýÌýÌýreboot

Ìý

I am using WinSCP to upload files for upgrading and the upgrade keeps failing. What do I do?

If you are uploading via SSH, do not use WinSCP!Ìý WinSCP does not work well with a raw flash partition.Ìý We have had great success using PuTTY's pscp utility, which is executed from the Windows command line and uses the same syntax as the Linux-based scp utility.Ìý You can download pscp from .

Ìý

How can I serve time on two different networks?

You will need to configure a gateway for both the Ethernet ports.Ìý The user manual indicates that only one port can be configured with a default gateway (using the front panel or netconfig).Ìý However, with advanced routing you can configure a gateway for both ports (eth0 and eth1).Ìý You must add commands to set up static routes in theÌý/etc/rc.d/rc.MÌýstartup script. There is an easily spotted comment in the rc.MÌýfile showing where to add the commands.ÌýFor more information, read this Product NoteÌýor contact ÃÛÌÒÊÓƵ Technical ÃÛÌÒÊÓƵ.

Ìý

Are any products manufactured by ÃÛÌÒÊÓƵ affected by the CVE-2021-44228 Apache Log4j vulnerability?

No.Ìý Products manufactured by Endrun Technologies are not affected because none of them include any version of Apache Log4j.

How are restrictions for subnet access with SSH/SNMP and telnet achieved? For example, how do I set restriction for access to 192.168.1.0/24 subnet?

For our third-generation units such as Sonoma, Meridian II, Tycho II, Ninja, RTM3205 and e-Series Distribution ÃÛÌÒÊÓƵ run the command below to invoke interactive script:

accessconfig

Then, when prompted enter a hostname, host address or range of host addresses to be given telnet/ssh/snmp access (name, IP address or IP address range, 0 to quit).Ìý You enter:

192.168.1.0/255.255.255.0