Hirschmann RS20 User Manual
  1. Manuals
  2. Brands
  3. Hirschmann Manuals
  4. Network Router
  5. RS20 series
  6. User manual

Hirschmann RS20 User Manual

Hide thumbs Also See for RS20:
Table of Contents

Advertisement

Quick Links

See also: Programming Manual , User Manual

User Manual

Basic Configuration

Industrial ETHERNET (Gigabit-)Switch
RS20/RS30/RS40, MS20/MS30, OCTOPUS, Power MICE,
RSR20/RSR30, MACH 1000, MACH 4000
Basic Configuration L2P
Technical Support
Release 4.2 07/08
HAC-Support@hirschmann.de

Advertisement

Table of Contents
loading

Related Manuals for Hirschmann RS20

Summary of Contents for Hirschmann RS20

  • Page 1: User Manual

    User Manual Basic Configuration Industrial ETHERNET (Gigabit-)Switch RS20/RS30/RS40, MS20/MS30, OCTOPUS, Power MICE, RSR20/RSR30, MACH 1000, MACH 4000 Basic Configuration L2P Technical Support Release 4.2 07/08 HAC-Support@hirschmann.de...
  • Page 2 This publication has been created by Hirschmann Automation and Control GmbH according to the best of our knowledge. Hirschmann reserves the right to change the con- tents of this manual without prior notice. Hirschmann can give no guarantee in respect of the correctness or accuracy of the details in this publication.

  • Page 3: Table Of Contents

    Content Content Content About this Manual Introduction Access to the user interfaces System Monitor Command Line Interface Web-based Interface Entering the IP Parameters IP Parameter Basics 2.1.1 IP address (version 4) 2.1.2 Network mask Entering IP parameters via CLI Entering the IP Parameters via HiDiscovery Loading the system configuration from the ACA System configuration via BOOTP System configuration via DHCP...
  • Page 4 Content Saving settings 3.2.1 Saving locally (and on the ACA) 3.2.2 Saving in a file on URL 3.2.3 Saving in a binary file on the PC 3.2.4 Saving as a script on the PC Loading software updates Loading the software from the ACA 4.1.1 Selecting the software to be loaded 4.1.2 Starting the software 4.1.3 Performing a cold start...
  • Page 5 7.2.5 Setting up the Multicast application Rate Limiter 7.3.1 Description of the Rate Limiter 7.3.2 Rate Limiter settings for MACH 4000 and Power MICE 7.3.3 Rate Limiter settings for RS20/RS30/40, MS20/MS30, MACH 1000 and OCTOPUS QoS/Priority 7.4.1 Description of Prioritization 7.4.2 VLAN tagging...
  • Page 6 Content 8.2.1 Description of SNTP 8.2.2 Preparing the SNTP coordination 8.2.3 Configuring SNTP Precision Time Protocol 8.3.1 Description of PTP functions 8.3.2 Preparing the PTP configuration 8.3.3 Configuring PTP Interaction of PTP and SNTP Operation diagnosis Sending traps 9.1.1 SNMP trap listing 9.1.2 SNMP traps when booting 9.1.3 Configuring traps Monitoring the device status...
  • Page 7 Content Setting up configuration environment Setting up DHCP/BOOTP server Setting up DHCP Server Option 82 tftp server for software updates A.3.1 Setting up the tftp process A.3.2 Software access rights Preparing access via SSH A.4.1 Generating a key A.4.2 Uploading the key A.4.3 Access via SSH General information Management Information Base (MIB)
  • Page 8 Content Basic Configuration L2P Release 4.2 07/08...

  • Page 9: About This Manual

    About this Manual About this Manual The “Basic Configuration” user manual contains all the information you need to start operating the device. It takes you step by step from the first startup operation through to the basic settings for operation in your environment. The following thematic sequence has proven itself in practice: Set up device access for operation by entering the IP parameters Check the status of the software and update it if necessary...
  • Page 10 About this Manual The "Command Line Interface" reference manual contains detailed informa- tion on using the Command Line Interface to operate the individual functions of the device. The Network Management Software HiVision provides you with additional options for smooth configuration and monitoring: Event logbook.

  • Page 11: Key

    The designations used in this manual have the following meanings: List Work step Subheading Link Indicates a cross-reference with a stored link Note: A note emphasizes an important fact or draws your attention to a dependency. ASCII representation in user interface Courier Execution in the Web-based Interface user interface Execution in the Command Line Interface user interface...
  • Page 12 A random computer Configuration Computer Server PLC - Programmable logic controller I/O - Robot Basic Configuration L2P Release 4.2 07/08...

  • Page 13: Introduction

    Introduction Introduction The device has been developed for practical application in a harsh industrial environment. Accordingly, the installation process has been kept simple. Thanks to the selected default settings, you only have to enter a few settings before starting to operate the device. Basic Configuration L2P Release 4.2 07/08...
  • Page 14 Introduction Basic Configuration L2P Release 4.2 07/08...

  • Page 15: Access To The User Interfaces

    Access to the user interfaces 1 Access to the user interfaces The device has three user interfaces, which you can access via different interfaces: System monitor via the V.24 interface (out-of-band) Command Line Interface (CLI) via the V.24 connection (out-of-band) and Telnet (in-band) Web-based interface via Ethernet (in-band).

  • Page 16: System Monitor

    Access to the user interfaces 1.1 System Monitor 1.1 System Monitor The system monitor enables you to select the software to be loaded perform a software update start the selected software shut down the system monitor delete the configuration saved and display the boot code information.
  • Page 17 Access to the user interfaces 1.1 System Monitor < PowerMICE MS4128-5 (Boot) Release: 1.00 Build: 2005-09-17 15:36 > Press <1> to enter System Monitor 1 ... Figure 1: Screen display during the boot process Press the <1> key within one second to start system monitor 1. System Monitor (Selected OS: L3P-01.0.00-K16 (2005-10-31 19:32)) Select Boot Operating System...

  • Page 18: Command Line Interface

    Access to the user interfaces 1.2 Command Line Interface 1.2 Command Line Interface The Command Line Interface enables you to use all the functions of the device via a local or remote connection. The Command Line Interface provides IT specialists with a familiar environment for configuring IT devices.
  • Page 19 Access to the user interfaces 1.2 Command Line Interface Copyright (c) 2004-2005 Hirschmann Automation and Control GmbH All rights reserved PowerMICE Release L3P-01.0.00-K16 (Build date 2005-10-31 19:32) System Name: PowerMICE Mgmt-IP 149.218.112.105 1.Router-IP: 0.0.0.0 Base-MAC 00:80:63:51:74:00 System Time: 2005-11-01 16:00:59...
  • Page 20 NOTE: Enter '?' for Command Help. Command help displays all options that are valid for the 'normal' and 'no' command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann PowerMICE) > Figure 4: CLI screen after login Basic Configuration L2P Release 4.2 07/08...

  • Page 21: Web-Based Interface

    Access to the user interfaces 1.3 Web-based Interface 1.3 Web-based Interface The user-friendly Web-based interface gives you the option of operating the device from any location in the network via a standard browser such as Mozilla Firefox or Microsoft Internet Explorer. As a universal access tool, the Web browser uses an applet which commu- nicates with the device via the Simple Network Management Protocol (SNMP).
  • Page 22 Access to the user interfaces 1.3 Web-based Interface Start your Web browser. Make sure that you have activated JavaScript and Java in the security settings of your browser. Establish the connection by entering the IP address of the device which you want to administer via the Web-based management in the address field of the Web browser.
  • Page 23 Access to the user interfaces 1.3 Web-based Interface Note: The changes you make in the dialogs are copied to the device when you click on "Write". Click on "Load" to update the display. Note: You can block your access to the device by entering an incorrect configuration.
  • Page 24 Access to the user interfaces 1.3 Web-based Interface Basic Configuration L2P Release 4.2 07/08...

  • Page 25: Entering The Ip Parameters

    Entering the IP Parameters 2 Entering the IP Parameters The IP parameters must be entered when the device is installed for the first time. The device provides 6 options for entering the IP parameters during the first installation: Using the Command Line Interface (CLI). Choose this "out of band" method if you preconfigure your device outside its operating environment you do not have network access ("in-band") to the device...
  • Page 26 Entering the IP Parameters If the device already has an IP address and can be reached via the network, then the Web-based interface provides you with another option for configur- ing the IP parameters. Basic Configuration L2P Release 4.2 07/08...

  • Page 27: Ip Parameter Basics

    Entering the IP Parameters 2.1 IP Parameter Basics 2.1 IP Parameter Basics 2.1.1 IP address (version 4) The IP addresses consist of 4 bytes. These 4 bytes are written in decimal no- tation, separated by a decimal point. Since 1992, five classes of IP address have been defined in the RFC 1340. Class Network ad- Host address...

  • Page 28: Network Mask

    Entering the IP Parameters 2.1 IP Parameter Basics Net ID - 7 bits Host ID - 24 bits Class A Net ID - 14 bits Host ID - 16 bits Class B Net ID - 21 bits Host ID - 8 bit s Class C Multicast Group ID - 28 bits Class D...
  • Page 29 Entering the IP Parameters 2.1 IP Parameter Basics Example of a network mask: Decimal notation 255.255.192.0 Binary notation 11111111.11111111.11000000.00000000 Subnetwork mask bits Class B Example of IP addresses with subnetwork assignment when the above sub- net mask is applied: Decimal notation 129.218.65.17 128 <...
  • Page 30 Entering the IP Parameters 2.1 IP Parameter Basics Example of how the network mask is used In a large network it is possible that gateways and routers separate the management agent from its management station. How does addressing work in such a case? Romeo Juliet Lorenzo...
  • Page 31 Entering the IP Parameters 2.1 IP Parameter Basics Lorenzo receives the letter and removes the outer envelope. From the in- ner envelope he recognizes that the letter is meant for Juliet. He places the inner envelope in a new outer envelope and searches his address list (the ARP table) for Juliet's MAC address.

  • Page 32: Entering Ip Parameters Via Cli

    Entering the IP Parameters 2.2 Entering IP parameters via CLI 2.2 Entering IP parameters via If you do not configure the system via BOOTP/DHCP, DHCP Option 82, the HiDiscovery protocol or the ACA auto configuration adapter, then you per- form the configuration via the V.24 interface using the CLI. Entering IP addresses Connect the PC with terminal program started to the RJ11 socket...
  • Page 33 'normal' and 'no' command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann PowerMICE) > Change to the Privileged EXEC mode by entering enable and pressing the Enter key. Disable DHCP by entering network protocol none and then pressing the Enter key.
  • Page 34 (Hirschmann PowerMICE) >en (Hirschmann PowerMICE) #network protocol none (Hirschmann PowerMICE) #network parms 149.218.112.105 255.255.255.0 (Hirschmann PowerMICE) #copy system:running-config nvram:startup-con- Are you sure you want to save? (y/n) y Copy OK: 15811 bytes copied Configuration Saved!

  • Page 35: Entering The Ip Parameters Via Hidiscovery

    Entering the IP Parameters 2.3 Entering the IP Parameters via HiDiscovery 2.3 Entering the IP Parameters via HiDiscovery The HiDiscovery protocol enables you to assign IP parameters to the device via the Ethernet. You can easily configure other parameters via the Web-based interface (see the "Web-based Interface"...
  • Page 36 Entering the IP Parameters 2.3 Entering the IP Parameters via HiDiscovery Figure 10: HiDiscovery When HiDiscovery is started, it automatically searches the network for those devices which support the HiDiscovery protocol. HiDiscovery uses the first PC network card found. If your computer has sev- eral network cards, you can select these in HiDiscovery on the toolbar.
  • Page 37 Entering the IP Parameters 2.3 Entering the IP Parameters via HiDiscovery Figure 11: HiDiscovery - assigning IP parameters Note: When the IP address is entered, the device copies the local configura- tion settings (see on page 53 „Loading/saving settings“). Note: For security reasons, switch off the HiDiscovery function for the device in the Web-based interface, after you have assigned the IP parameters to the device (see page 49 „Web-based IP...

  • Page 38: Loading The System Configuration From The Aca

    Entering the IP Parameters 2.4 Loading the system configuration from the 2.4 Loading the system configu- ration from the ACA The AutoConfiguration Adapter (ACA) is a device for storing the configuration data of a device and storing the device software. In the case of a device failure, the ACA makes it possible to easily transfer the configuration data by means of a substitute device of the same type.
  • Page 39 Entering the IP Parameters 2.4 Loading the system configuration from the Start-up plugged-in? Password in Default device and ACA password in identical? device? Loading configuration Loading configuration from ACA, from local memory, ACA LEDs flashing ACA LEDs flashing synchronously alternately Configuration data loaded Figure 12: Flow chart of loading configuration data from the ACA...

  • Page 40: System Configuration Via Bootp

    Entering the IP Parameters 2.5 System configuration via BOOTP 2.5 System configuration via BOOTP When it is started up via BOOTP (bootstrap protocol), a device receives its configuration in accordance with the "BOOTP process" flow chart (see fig. 13). Note: In its delivery state, the device gets its configuration data from the DHCP server.
  • Page 41 Entering the IP Parameters 2.5 System configuration via BOOTP switch_01:ht=ethernet:ha=008063086501:ip=149.218.112.83:tc=.global: switch_02:ht=ethernet:ha=008063086502:ip=149.218.112.84:tc=.global: Lines that start with a '#' character are comment lines. The lines under ".global:" make the configuration of several devices easier. With the template (tc) you allocate the global configuration data (tc=.global:) to each device .
  • Page 42 Entering the IP Parameters 2.5 System configuration via BOOTP Start-up Load default configuration Switch in initalization Switch runs with settings from local flash Send DHCP DHCP/ BOOTP BOOTP? Requests Reply from Save IP parameter and config file URL DHCP/BOOTP server? locally initialize IP stack with IP parameters...
  • Page 43 Entering the IP Parameters 2.5 System configuration via BOOTP Load remote Start tftp process configuration from with config URL of DHCP? file URL of DHCP tftp successful? Load transferred config file Save transferred config file local and set boot configuration to local Loading of configurations data...
  • Page 44 Entering the IP Parameters 2.5 System configuration via BOOTP Note: The loading process started by DHCP/BOOTP (see on page 40 „Sys- tem configuration via BOOTP“) shows the selection of "from URL & save locally" in the "Load" frame. If you get an error message when saving a configuration, this could be due to an active loading process.

  • Page 45: System Configuration Via Dhcp

    Entering the IP Parameters 2.6 System configuration via DHCP 2.6 System configuration via DHCP The DHCP (dynamic host configuration protocol) responds similarly to the BOOTP and additionally offers the configuration of a DHCP client via a name instead of via the MAC address. For the DHCP, this name is known as the "client identifier"...
  • Page 46 Entering the IP Parameters 2.6 System configuration via DHCP The special feature of DHCP in contrast to BOOTP is that the DHCP server can only provide the configuration parameters for a certain period of time ("lease"). When this time period ("lease duration") expires, the DHCP client must attempt to renew the lease or negotiate a new one.
  • Page 47 Entering the IP Parameters 2.6 System configuration via DHCP host hugo { option dhcp-client-identifier "hugo"; option dhcp-client-identifier 00:68:75:67:6f; fixed-address 149.218.112.83; server-name "149.218.112.11"; filename "/agent/config.dat"; Lines that start with a '#' character are comment lines. The lines preceding the individually listed devices refer to settings that apply to all the following devices.

  • Page 48: System Configuration Via Dhcp Option

    Entering the IP Parameters 2.7 System configuration via DHCP Option 82 2.7 System configuration via DHCP Option 82 As with the classic DHCP, on startup an agent receives its configuration data according to the "BOOTP/DHCP process" flow chart (see fig. 13).

  • Page 49: Web-Based Ip Configuration

    Entering the IP Parameters 2.8 Web-based IP configuration 2.8 Web-based IP configuration With the Basics:Network dialog you define the source from which the device gets its IP parameters after starting, and you assign the IP parameters and VLAN ID and configure the HiDiscovery access. Figure 16: Network parameters dialog Under "Mode", enter where the device is to obtain its IP parameters: In the BOOTP mode, the configuration is via a BOOTP or DHCP serv-...
  • Page 50 Entering the IP Parameters 2.8 Web-based IP configuration You enter the name applicable to the DHCP protocol in the "Name" line in the system dialog of the Web-based interface. The "VLAN ID" frame enables you to assign a VLAN to the agent. If you enter the illegal VLAN ID "0"...

  • Page 51: Faulty Device Replacement

    Entering the IP Parameters 2.9 Faulty device replacement 2.9 Faulty device replacement The device provides two plug-and-play solutions for replacing a faulty device with a device of the same type (faulty device replacement): Configuring the new device via an AutoConfiguration Adapter (see on page 38 „Loading the system configuration from the ACA“) Configuration via DHCP Option 82...
  • Page 52 Entering the IP Parameters 2.9 Faulty device replacement Basic Configuration L2P Release 4.2 07/08...

  • Page 53: Loading/Saving Settings

    Loading/saving settings 3 Loading/saving settings The device saves settings such as the IP parameters and the port configura- tion in the temporary memory. These settings are lost when you switch off or- reboot the device. The device enables you to load settings from a non-volatile memory into the temporary memory save settings from the temporary memory in a non-volatile memory.

  • Page 54: Loading Settings

    Loading/saving settings 3.1 Loading settings 3.1 Loading settings When it is restarted, the device loads its configuration data from the local non-volatile memory, once you have not activated BOOTP/DHCP and no ACA is connected to the device. During operation, the device allows you to load settings from the following sources: the local non-volatile memory the AutoConfiguration Adapter.

  • Page 55: Loading From The Local Non-Volatile Memory

    Loading/saving settings 3.1 Loading settings 3.1.1 Loading from the local non-volatile memory When loading the configuration data locally, the device loads the configura- tion data from the local non-volatile memory if no ACA is connected to the device. Select the Basics: Load/Save dialog.

  • Page 56: Loading From A File

    Loading/saving settings 3.1 Loading settings 3.1.3 Loading from a file The device allows you to load the configuration data from a file in the con- nected network if there is no AutoConfiguration Adapter connected to the device. Select the Basics: Load/Save dialog. In the "Load"...
  • Page 57 Loading/saving settings 3.1 Loading settings Figure 17: Load/store dialog Switch to the Priviledged EXEC mode. enable The device loads the configuration data from a copy tftp://149.218.112.159/ tftp server in the connected network. switch/config.dat nvram:startup-config Note: The loading process started by DHCP/BOOTP (see on page 40 „Sys- tem configuration via BOOTP“) shows the selection of "from URL &...

  • Page 58: Resetting The Configuration To The State On Delivery

    Loading/saving settings 3.1 Loading settings 3.1.4 Resetting the configuration to the state on delivery The device enables you to reset the current configuration to the state on delivery. The locally saved configuration is kept. reset the device to the state on delivery. After the next restart, the IP address is also in the state on delivery.

  • Page 59: Saving Settings

    Loading/saving settings 3.2 Saving settings 3.2 Saving settings In the "Save" frame, you have the option to save the current configuration on the device save the current configuration in binary form in a file under the specified URL, or as an editable and readable script save the current configuration in binary form or as an editable and read- able script on the PC.

  • Page 60: Saving In A File On Url

    Loading/saving settings 3.2 Saving settings 3.2.2 Saving in a file on URL The device allows you to save the current configuration data in a file in the connected network. Note: The configuration file includes all configuration data, including the password. Therefore pay attention to the access rights on the tftp server. Select the Basics: Load/Save dialog.

  • Page 61: Saving In A Binary File On The Pc

    Loading/saving settings 3.2 Saving settings 3.2.3 Saving in a binary file on the PC The device allows you to save the current configuration data in a binary file on your PC. Select the Basics: Load/Save dialog. In the "Save" frame, click "on the PC (binary)". In the save dialog, enter the name of the file in which you want the device to save the configuration file.
  • Page 62 Loading/saving settings 3.2 Saving settings Basic Configuration L2P Release 4.2 07/08...

  • Page 63: Loading Software Updates

    Loading software updates 4 Loading software updates Hirschmann never stops working on improving the performance of its products. So it is possible that you may find a more up to date release of the device software on the Hirschmann Internet site (www.hirschmann.com) than the release saved on your device.
  • Page 64 Loading software updates Loading the software The device gives you three options for loading the software: From the ACA 21 USB (out-of-band) Via tftp from a tftp server (in-band) Via a file selection dialog from your PC. Note: The existing configuration of the device is still there after the new software is installed.

  • Page 65: Loading The Software From The Aca

    Loading software updates 4.1 Loading the software from the ACA 4.1 Loading the software from the ACA You can connect the ACA 21-USB to a USB port of your PC like a conven- tional USB stick and copy the device software into the main directory of the ACA 12-USB.

  • Page 66: Selecting The Software To Be Loaded

    Loading software updates 4.1 Loading the software from the ACA 4.1.1 Selecting the software to be loaded In this menu item of the system monitor, you select one of two possible soft- ware releases that you want to load. The following window appears on the screen: Select Operating System Image (Available OS: Selected: 1.00 (2004-08-26 07:15), Backup: 1.00 (2004-08-26 07...

  • Page 67: Starting The Software

    Loading software updates 4.1 Loading the software from the ACA Test stored images in USB memory Select 4 to check whether the images of the software stored in the ACA 21-USB contain valid codes. Apply and store selection Select 5 to confirm the software selection and to save it. Cancel selection Select 6 to leave this dialog without making any changes.

  • Page 68: Loading The Software From The Tftp Server

    Loading software updates 4.2 Loading the software from the tftp server 4.2 Loading the software from the tftp server For a tftp update, you need a tftp server on which the software to be loaded is stored (see on page 200 „tftp server for software updates“).
  • Page 69 Loading software updates 4.2 Loading the software from the tftp server Figure 19: Software update dialog After successfully loading it, you activate the new software: Select the dialog Basic Settings:Restart and perform a cold start. After booting the device, click "Reload" in your browser to access the device again.

  • Page 70: Loading The Software Via File Selection

    Loading software updates 4.3 Loading the software via file selection 4.3 Loading the software via file selection For an update via a file selection window, the device software must be on a drive that you can access via your PC. Select the Basics:Software dialog.

  • Page 71: Configuring The Ports

    Configuring the ports 5 Configuring the ports The port configuration consists of: Switching the port on and off Selecting the operating mode Activating the display of connection error messages Configuring Power over ETHERNET. Switching the port on and off In the state on delivery, all the ports are switched on. For a higher level of access security, switch off the ports at which you are not making any con- nection.

  • Page 72: Configuring Power Over Ethernet

    Configuring the ports Displaying connection error messages In the state on delivery, the device displays connection errors via the sig- nal contact and the LED display. The device allows you to suppress this display, because you do not want to interpret a switched off device as an interrupted connection, for example.
  • Page 73 Configuring the ports Nominal power for MACH 4000: The device provides the nominal power for the sum of all PoE ports plus a surplus. Should the connected devices require more PoE power than is provided, the device then switches PoE off at the ports. Initially, the device switches PoE off at the ports with the lowest PoE priority.
  • Page 74 Configuring the ports In the “Port on” column, you can enable/disable PoE at this port. The “Status” column indicates the PoE status of the port. In the “Priority” column (MACH 4000), set the PoE priority of the port to “low”, “high” or “critical”. The “Class”...

  • Page 75: Protection From Unauthorized Access

    Protection from unauthorized access 6 Protection from unauthorized access Protect your network from unauthorized access. The device provides you with the following functions for protecting against unauthorized access. Password for SNMP access Telnet/Web/SSH access disabling HiDiscovery function disabling Port access control via IP or MAC address Port authentication according to 802.1X Basic Configuration L2P Release 4.2 07/08...

  • Page 76: Password For Snmp Access

    Protection from unauthorized access 6.1 Password for SNMP access 6.1 Password for SNMP access 6.1.1 Description of password for SNMP access A network management station communicates with the device via the Simple Network Management Protocol (SNMP). Every SNMP packet contains the IP address of the sending computer and the password with which the sender of the packet wants to access the device MIB.

  • Page 77: Entering The Password For Snmp Access

    Protection from unauthorized access 6.1 Password for SNMP access 6.1.2 Entering the password for SNMP access Select the Security: Password / SNMP access dialog. This dialog gives you the option of changing the read and read/write passwords for access to the device via the Web-based interface/CLI/ SNMP.
  • Page 78 Protection from unauthorized access 6.1 Password for SNMP access Figure 21: Password dialog Basic Configuration L2P Release 4.2 07/08...
  • Page 79 Protection from unauthorized access 6.1 Password for SNMP access Important: If you do not know a password with read/write access, you will not have write access to the device! Note: After changing the password for write access, restart the Web interface in order to access the device.
  • Page 80 Protection from unauthorized access 6.1 Password for SNMP access Password Password with which this computer can access the device. This password is independent of the SNMPv2 password. IP address IP address of the computer that can access the device. IP mask IP mask for the IP address Access The access mode determines whether the computer has...

  • Page 81: Telnet/Web/Ssh Access

    Protection from unauthorized access 6.2 Telnet/Web/SSH access 6.2 Telnet/Web/SSH access 6.2.1 Description of Telnet access The Telnet server of the device allows you to configure the device by using the Command Line Interface (in-band). You can deactivate the Telnet server to prevent Telnet access to the device.

  • Page 82: Description Of Ssh Access

    Protection from unauthorized access 6.2 Telnet/Web/SSH access After the Web server has been switched off, it is no longer possible to login via a Web browser. The login in the open browser window remains active. Note: The Command Line Interface and this dialog allow you to reactivate the Telnet server.

  • Page 83: Enabling/Disabling Telnet/Web/Ssh Access

    Protection from unauthorized access 6.2 Telnet/Web/SSH access 6.2.4 Enabling/disabling Telnet/Web/SSH access Select the Security:Telnet/Web/SHH access dialog. Disable the server to which you want to refuse access. Switch to the Priviledged EXEC mode. enable Enable Telnet server. transport input telnet Disable Telnet server. no transport input telnet Enable Web server.

  • Page 84: Disabling The Hidiscovery Function

    Protection from unauthorized access 6.3 Disabling the HiDiscovery function 6.3 Disabling the HiDiscovery function 6.3.1 Description of the HiDiscovery protocol The HiDiscovery protocol allows you to assign the device an IP address based on its MAC address (see on page 35 „Entering the IP Parameters via HiDiscovery“).

  • Page 85: Port Access Control

    Protection from unauthorized access 6.4 Port access control 6.4 Port access control 6.4.1 Port access control The device protects every port from unauthorized access. Depending on your selection, the device checks the MAC address or the IP address of the connected device.

  • Page 86: Defining Port Access Control

    Protection from unauthorized access 6.4 Port access control 6.4.2 Defining port access control Select the Security:Port Security dialog. First select whether you want MAC-based or IP-based port security. If you have selected MAC-based security, you enter the MAC ad- dresses of the devices with which a data exchange at this port is per- mitted in the "Allowed Mac Address"...
  • Page 87 Protection from unauthorized access 6.4 Port access control Figure 23: Port Security dialog Note: This entry in the port configuration table is part of the configura- tion (see on page 53 „Loading/saving settings“) and is saved together with the configuration. Note: Prerequisites for the device to be able to send an alarm (trap) (see on page 163 „Configuring traps“):...

  • Page 88: Port Authentication Acc. To 802.1X

    Protection from unauthorized access 6.5 Port authentication acc. to 802.1X 6.5 Port authentication acc. to 802.1X 6.5.1 Description of port authentication according to 802.1X The port-based network access control is a method described in norm IEEE 802.1X to protect IEEE 802 networks from unauthorized access. The proto- col controls the access at a port by authenticating and authorizing a device that is connected to this port of the device.

  • Page 89: Authentication Process According To 802.1X

    Protection from unauthorized access 6.5 Port authentication acc. to 802.1X 6.5.2 Authentication process according to 802.1X A supplicant attempts to communicate via a device port. The device requests authentication from the supplicant. At this time, only EAPOL traffic is allowed between the supplicant and the device. The supplicant replies with its identification data.

  • Page 90: Setting 802.1X

    Protection from unauthorized access 6.5 Port authentication acc. to 802.1X 6.5.4 Setting 802.1X Configurating the RADIUS server Select the Security:802.1x Port Authentication:RADIUS Server dialog. This dialog allows you to enter the data for one, two or three RADIUS servers. Click "Create entry" to open the dialog window for entering the IP ad- dress of a RADIUS server.

  • Page 91: Network Load Control

    Network load control 7 Network load control To optimize the data transmission, the device provides you with the following functions for controlling the network load: Settings for direct packet distribution (MAC address filter) Multicast settings Rate limiter Prioritization - QoS Flow control Virtual LANs Basic Configuration L2P...

  • Page 92: Direct Packet Distribution

    Network load control 7.1 Direct packet distribution 7.1 Direct packet distribution With direct packet distribution, you protect the device from unnecessary net- work loads. The device provides you with the following functions for direct packet distribution: Store-and-forward Multi-address capability Aging of learned addresses Static address entries Disabling the direct packet distribution 7.1.1 Store-and-forward...

  • Page 93: Aging Of Learned Addresses

    Network load control 7.1 Direct packet distribution The device can learn up to 8000 addresses. This is necessary if more than one terminal device is connected to one or more ports. It is thus possible to connect several independent subnetworks to the device. 7.1.3 Aging of learned addresses The device monitors the age of the learned addresses.

  • Page 94: Entering Static Address Entries

    Network load control 7.1 Direct packet distribution 7.1.4 Entering static address entries An important function of the device is the filter function. It selects data pack- ets according to defined patterns, known as filters. These patterns are as- signed distribution rules. This means that a data packet received by a device at a port is compared with the patterns.

  • Page 95: Disabling The Direct Packet Distribution

    Network load control 7.1 Direct packet distribution Select the Switching:Filters for MAC Addresses dialog. Each row of the filter table represents one filter. Filters specify the way in which data packets are sent. They are set automatically by the Switch (learned status) or created manually.

  • Page 96: Multicast Application

    Network load control 7.2 Multicast application 7.2 Multicast application 7.2.1 Description of the Multicast application The data distribution in the LAN differentiates between three distribution classes on the basis of the addressed recipients: Unicast - one recipient Multicast - a group of recipients Broadcast - every recipient that can be reached In the case of a Multicast address, the device forwards all data packets with a Multicast address to all ports.

  • Page 97: Example Of A Multicast Application

    Network load control 7.2 Multicast application 7.2.2 Example of a Multicast application The cameras for monitoring machines normally transmit their images to mon- itors located in the machine room and to the monitoring room. In an IP trans- mission, a camera sends its image data with a Multicast address via the network.

  • Page 98: Description Of Igmp Snooping

    Network load control 7.2 Multicast application 7.2.3 Description of IGMP Snooping The Internet Group Management Protocol (IGMP) describes the distribution of Multicast information between routers and terminal devices on the Layer 3 level. Routers with an active IGMP function periodically send queries to find out which IP Multicast group members are connected to the LAN.

  • Page 99: Description Of Gmrp

    Network load control 7.2 Multicast application 7.2.4 Description of GMRP The GARP Multicast Registration Protocol (GMRP) describes the distribu- tionof data packets with a Multicast address as the destination address on layer 2. Devices that want to receive data packets with a Multicast address as the use the GMRP to perform the registration of the Multicast address.

  • Page 100: Setting Up The Multicast Application

    Network load control 7.2 Multicast application 7.2.5 Setting up the Multicast application Select the Switching:Multicasts dialog. Global settings "IGMP Snooping" allows you to enable IGMP Snooping globally for the entire device. If IGMP Snooping is disabled, then the device does not evaluate Query and Report packets received, it sends (floods) received data packets with a Multicast address as the destination address to all ports.

  • Page 101: Igmp Querier

    Network load control 7.2 Multicast application IGMP Querier “IGMP Querier active” allows you to enable/disable the Query function. The Protocol selection fields allow you to select IGMP version 1, 2 or 3. In “Sending interval” you specify the interval at which the device sends query packets (valid entries: 2-3599 s, default setting: 125 s).
  • Page 102 Network load control 7.2 Multicast application Unknown Multicasts In this frame you can determine how the device in IGMP mode sends packets with an unknown MAC/IP Multicast address that was not learned through IGMP Snooping. "Send to Query Ports". The device sends the packets with an unknown MAC/IP Multicast address to all query ports.
  • Page 103 IGMP queries (disable = default setting). This column allows you to also send IGMP report messages to other selected ports (enable) or to connected Hirschmann devices (automatic). Learned Query Port This table column shows you at which ports the device has received IGMP queries, if "disable"...
  • Page 104 Network load control 7.2 Multicast application GMRP per Port This table column enables you to enable/disable the GMRP for each port when the global GMRP is enabled. When you disable the GMRP at a port, no registrations can be made for this port, and GMRP packets cannot be sent out of this port.
  • Page 105 Network load control 7.2 Multicast application Figure 26: IGMP/GMRP/Unknown Multicasts dialog Basic Configuration L2P Release 4.2 07/08...

  • Page 106: Rate Limiter

    Network load control 7.3 Rate Limiter 7.3 Rate Limiter 7.3.1 Description of the Rate Limiter To ensure reliable data exchange during heavy traffic, the device can limit the traffic. Entering a limit rate for each port specifies the amount of traffic the device is permitted to transmit and receive.

  • Page 107: Rate Limiter Settings For Rs20/Rs30/40, Ms20/Ms30, Mach 1000 And Octopus

    = 0, no rate limit for outbound broadcast packets at this port. > 0, maximum number of outgoing broadcasts per second sent at this port. Figure 27: Rate Limiter dialog 7.3.3 Rate Limiter settings for RS20/RS30/40, MS20/MS30, MACH 1000 and OCTOPUS Select the Switching:Rate Limiter dialog. Basic Configuration L2P...
  • Page 108 Network load control 7.3 Rate Limiter "Ingress Limiter (kbit/s)" allows you to enable or disable the input lim- iting function for all ports. "Egress Limiter (Pkt/s)" allows you to enable or disable the broad- cast output limiter function at all ports. "Egress Limiter (kbit/s)"...
  • Page 109 Network load control 7.3 Rate Limiter Figure 28: Rate Limiter Basic Configuration L2P Release 4.2 07/08...

  • Page 110: Qos/Priority

    Network load control 7.4 QoS/Priority 7.4 QoS/Priority 7.4.1 Description of Prioritization This function prevents time-critical data traffic such as language/video or real-time data from being disrupted by less time-critical data traffic during pe- riods of heavy traffic. By assigning high traffic classes for time-critical data and low traffic classes for less time-critical data, you ensure optimal data flow for time-critical data traffic.

  • Page 111: Vlan Tagging

    Table 4: Assignment of the priority entered in the tag to the traffic classes Note: Network protocols and redundancy mechanisms use the highest traffic classes 3 (RS20/30/40, MS20/30, MACH 1000, OCTOPUS) and 7 (Power MICE, MACH 4000). Therefore, you select other traffic classes for applica- tion data.
  • Page 112 Network load control 7.4 QoS/Priority 42-1500 Octets min. 64, max. 1522 Octets Figure 29: Ethernet data packet with tag 4 Octets Figure 30: Tag format Although VLAN prioritizing is widespread in the industry sector, it has a num- ber of limitations: The additional 4-byte VLAN tag enlarges the data packets.

  • Page 113: Ip Tos / Diffserv

    Network load control 7.4 QoS/Priority End-to-end prioritizing requires the VLAN tags to be transmitted to the en- tire network, which means that all network components must be VLAN-ca- pable. Routers cannot receive or send packets with VLAN tags via port-based router interfaces.

  • Page 114: Differentiated Services

    Network load control 7.4 QoS/Priority Differentiated Services The newly defined Differentiated Services field in the IP header in RFC 2474 (see fig. 31) - often known as the DiffServ Code Point or DSCP, re- places the ToS field and is used to mark the individual packets with a DSCP.
  • Page 115 Table 6: Assigning the IP precedence values to the DSCP value Immediate CS2 (010000) Priority CS1 (001000) Routine CS0 (000000) DSCP Value DSCP Name Traffic class for Traffic class for MACH 400, RS20/RS30/RS40, Power MICE RSR20/RSR30, (default setting) MS20/MS30, OCTOPUS, MACH 1000 (default setting) Best Effort /CS0 9,11,13,15 10,12,14 AF11,AF12,AF13...

  • Page 116: Management Prioritizing

    Network load control 7.4 QoS/Priority 7.4.4 Management prioritizing In order for you to have full access to the management of the device, even when there is a high network load, the device enables you to prioritize man- agement packets. In prioritizing management packets (SNMP, Telnet, etc.), the device sends the management packets with priority information.

  • Page 117: Handling Of Traffic Classes

    Network load control 7.4 QoS/Priority 7.4.6 Handling of traffic classes For the handling of traffic classes, the device provides: Strict Priority Description of Strict Priority With the Strict Priority setting, the device first transmits all data packets that have a higher traffic class before transmitting a data packet with the next highest traffic class.
  • Page 118 Network load control 7.4 QoS/Priority Assign port priority 3 to interface 1/1. vlan priority 3 Switch to the Configuration mode. exit Assigning the VLAN priority to the traffic classes Switch to the Priviledged EXEC mode. enable Switch to the Configuration mode. configure Assign traffic class 4 to VLAN priority 0.
  • Page 119 Network load control 7.4 QoS/Priority Assigning the traffic class to a DSCP Switch to the Priviledged EXEC mode. enable Switch to the Configuration mode. configure Assign traffic class 1 to DSCP CS1. classofservice ip-dscp-map- ping cs1 1 show classofservice ip-dscp-mapping IP DSCP Traffic Class -------------...
  • Page 120 Network load control 7.4 QoS/Priority Class of Service Trust Mode: IP DSCP Always assign the DSCP priority to received IP data pack- ets globally (RS20/RS30/RS40, MS20/MS30, RSR20/RSR40, MACH 1000 and OCTOPUS) Select the QoS/Priority:Global dialog. Select trustIPDSCP in the "Trust Mode" line.
  • Page 121 Network load control 7.4 QoS/Priority Configuring Layer 3 management priority Select the QoS/Priority:Global dialog. In the line IP-DSCP value for management packets you enter the IP-DSCP value with which the device sends management pack- ets. Switch to the Priviledged EXEC mode. enable Assign the value cs7 to the management priority so network priority ip-dscp...

  • Page 122: Flow Control

    Network load control 7.5 Flow control 7.5 Flow control 7.5.1 Description of flow control Flow control is a mechanism which acts as an overload protection for the device. During periods of heavy traffic, it holds off additional traffic from the network.
  • Page 123 Network load control 7.5 Flow control Port 1 Port 4 Switch Port 2 Port 3 Workstation 1 Workstation 2 Workstation 3 Workstation 4 Figure 32: Example of flow control Flow control with a full duplex link In the example (see fig. 32) there is a full duplex link between Workstation 2 and the device.

  • Page 124: Setting The Flow Control

    Network load control 7.5 Flow control 7.5.2 Setting the flow control Select the Basics:Port Configuration dialog. In the "Flow Control on" column, you checkmark this port to specify that flow control is active here. You also activate the global "Flow Control"...

  • Page 125: Vlans

    Network load control 7.6 VLANs 7.6 VLANs 7.6.1 Description of VLANs A virtual LAN (VLAN) consists of a group of network participants in one or more network segments who can communicate with each other as if they be- longed to the same LAN. VLANs are based on logical (instead of physical) links and are flexible ele- ments in the network design.
  • Page 126 Network load control 7.6 VLANs VLAN Gelb VLAN Grün MACH 3002 VLAN Grün VLAN Gelb MICE VLAN Gelb VLAN Grün Figure 33: Example of a VLAN Key words often used in association with VLANs are: Ingress rule The ingress rules stipulate how incoming data is to be handled by the device.
  • Page 127 Network load control 7.6 VLANs Egress rule The egress rules stipulate how outgoing data is to be handled by the device. VLAN identifier The assignment to a VLAN is effected via a VLAN ID. Every VLAN exist- ing in a network is identified by an ID. This ID must be unique, i.e. every ID may only be assigned once in the network.

  • Page 128: Configuring Vlans

    VLAN ID "0" remains in the packet, regardless of set- ting of the port VLAN ID in the "VLAN Port" dialog. Note: For RS20/RS30/RS40, MS20/MS30, MACH 1000 and OCTO- PUS in "transparent mode" the devices ignore the set port VLAN ID. Set the VLAN membership of the ports of VLAN 1 to member or untagged.
  • Page 129 Network load control 7.6 VLANs Note: Save the VLAN configuration to non-volatile memory (see fig. 39). Note: The 255 available VLANs (Power MICE, MACH 4000: 256) can use any VLAN ID between 1 and 4042 (MACH 4000: 3966). Note: In a HIPER-Ring with VLANs, you should only operate devices with the software that supports this function: RS2 xx/xx (from vers.
  • Page 130 Network load control 7.6 VLANs Note: In the Network/Ring Coupling configuration, select for the cou- pling and partner coupling ports VLAN ID 1 and "Ingress Filtering" in the port table and VLAN membership U in the static VLAN table. Basic Configuration L2P Release 4.2 07/08...

  • Page 131: Example Of A Simple Vlan

    Network load control 7.6 VLANs 7.6.3 Example of a simple VLAN The following example provides a quick introduction to configuring a VLAN as it is often done in practice. The configuration is performed step by step. 149.218.112.76 VLAN Brown ID = 1 Network VLAN Yellow VLAN Green...
  • Page 132 Network load control 7.6 VLANs Figure 35: Creating a VLAN Figure 36: Entering a VLAN ID Basic Configuration L2P Release 4.2 07/08...
  • Page 133 Network load control 7.6 VLANs Repeat the Creating a VLAN and Entering a VLAN ID steps for all VLANs. Figure 37: Assigning a VLAN any name and saving it Basic Configuration L2P Release 4.2 07/08...
  • Page 134 Network load control 7.6 VLANs Figure 38: Defining the VLAN membership of the ports. Ports 1.1 to 1.3 are assigned to the terminal devices of the Yellow VLAN, and ports 2.1 to 2.4 are assigned to terminal devices of the Green VLAN.
  • Page 135 Network load control 7.6 VLANs Figure 39: Saving the VLAN configuration Figure 40: Assigning the VLAN ID, Acceptable Frame Types and Ingress Filter- ing to the ports and saving Basic Configuration L2P Release 4.2 07/08...
  • Page 136 Network load control 7.6 VLANs Ports 1.1 to 1.3 are assigned to the terminal devices of the Yellow VLAN and thus to VLAN ID 2, and ports 2.1 to 2.4 are assigned to terminal de- vices of the Green VLAN and thus to VLAN ID 3. Because terminal de- vices usually do not sent data packets with a tag, you select the admitAll setting here.
  • Page 137 Network load control 7.6 VLANs Figure 42: Saving the configuration to non-volatile memory Basic Configuration L2P Release 4.2 07/08...
  • Page 138 Network load control 7.6 VLANs Basic Configuration L2P Release 4.2 07/08...

  • Page 139: Synchronizing The System Time In The Network

    Synchronizing the system time in the 8 Synchronizing the system time in the network The actual meaning of the term "real time" depends on the time requirements of the application. The device provides two options with different levels of accuracy for synchro- nizing the time in your network.

  • Page 140: Entering The Time

    Synchronizing the system time in the 8.1 Entering the time 8.1 Entering the time If no reference clock is available, you have the option of entering the system time in a device and then using it like a reference clock.(see on page 144 „Configuring SNTP“)(see on page 153 „Configuring PTP“) Note: When setting the time in zones with summer and winter times, make an adjustment for the local offset.
  • Page 141 Synchronizing the system time in the 8.1 Entering the time The "Local Offset" is for displaying/entering the time difference be- tween the local time and the "IEEE 1588 / SNTP time". With "Set off- set from PC", the device determines the time zone on your PC and uses it to calculate the local time difference.

  • Page 142: Sntp

    Synchronizing the system time in the 8.2 SNTP 8.2 SNTP 8.2.1 Description of SNTP The Simple Network Time Protocol (SNTP) enables you to synchronize the system time in your network. The device supports the SNTP Server and SNTP Client functions. The SNTP server makes the UTC (Universal Time Coordinated) available.

  • Page 143: Preparing The Sntp Coordination

    Synchronizing the system time in the 8.2 SNTP 8.2.2 Preparing the SNTP coordination To get an overview of how the time is passed on, draw a network plan with all the devices participating in PTP. When planning, bear in mind that the accuracy of the time depends on the signal runtime.

  • Page 144: Configuring Sntp

    Synchronizing the system time in the 8.2 SNTP 8.2.3 Configuring SNTP Select the Time:SNTP dialog. Configuration SNTP Client and Server In this frame you switch the SNTP function on/off. When it is switched off, the SNTP server does not send any SNTP packets or respond to any SNTP requests.
  • Page 145 Synchronizing the system time in the 8.2 SNTP In "VLAN ID" you specify the VLAN to which the device may period- ically send SNTP packages. In "Anycast send interval" you specify the interval at which the device sends SNTP packets (valid entries: 1 second to 3600 seconds, on delivery: 120 seconds).
  • Page 146 Synchronizing the system time in the 8.2 SNTP Configuration SNTP Client In "External server address" you enter the IP address of the SNTP server from which the device periodically requests the sys- tem time. In "Redundant server address" you enter the IP address of the SNTP server from which the device periodically requests the sys- tem time, if it does not receive a response to a request from the "External server address"...
  • Page 147 Synchronizing the system time in the 8.2 SNTP Device 149.218.112.1 149.218.112.2 149.218.112.3 Function Server destination address 0.0.0.0 0.0.0.0 0.0.0.0 Server VLAN ID Send interval Client external server address 149.218.112.0 149.218.112.1 149.218.112.2 Request interval Accept broadcasts Table 9: Settings for the example (see fig.

  • Page 148: Precision Time Protocol

    Synchronizing the system time in the 8.3 Precision Time Protocol 8.3 Precision Time Protocol 8.3.1 Description of PTP functions Precise time management is required for running time-critical applications via a LAN. The IEEE 1588 standard with the Precision Time Protocol (PTP) describes a procedure that assumes one clock is the most accurate and thus enables precise synchronization of all clocks in an LAN.
  • Page 149 Synchronizing the system time in the 8.3 Precision Time Protocol Stratum Specification number For temporary, special purposes, in order to assign a better value to one clock than to all other clocks in the network. Indicates the reference clock with the highest degree of accuracy. A stratum 1 clock can be both a boundary clock and an ordinary clock.
  • Page 150 Synchronizing the system time in the 8.3 Precision Time Protocol Reference Local (Master clock) (Slave clock) Delay + Jitter Delay + Jitter Delay + Jitter Precision Time Protocol (Application Layer) UDP User Datagramm Protocol (Transport Layer) Internet Protocol (Network Layer) MAC Media Access Control Physical Layer Figure 46: Delay and jitter problems when synchronizing clocks...
  • Page 151 Synchronizing the system time in the 8.3 Precision Time Protocol Reference (Grandmaster Clock) Switch Ordinary Clock Ordinary Clock Slave Master Boundary Clock Figure 47: Boundary clock Independently of the physical communication paths, the PTP provides logical communication paths which you define by setting up PTP subdomains. Subdomains are used to form groups of clocks that are time-independent from the rest of the domain.

  • Page 152: Preparing The Ptp Configuration

    Synchronizing the system time in the 8.3 Precision Time Protocol Ordinary Clock Reference (Grandmaster Clock) Switch PTP Subdomain 1 Boundary Clock PTP Subdomain 2 Figure 48: PTP Subdomains 8.3.2 Preparing the PTP configuration After the function is activated, the PTP takes over the configuration automat- ically.

  • Page 153: Configuring Ptp

    Synchronizing the system time in the 8.3 Precision Time Protocol Enable the PTP function on all devices whose time you want to synchro- nize using PTP. If no reference clock is available, you specify a device as the reference clock and set its system time as accurately as possible. 8.3.3 Configuring PTP In the Time:PTP:Global dialog, you can enable/disable the function and make PTP settings on the MS20/30 and Power MICE devices...

  • Page 154: Application Example

    Synchronizing the system time in the 8.3 Precision Time Protocol Figure 49: PTP Global dialog Application example: PTP is used to synchronize the time in the network. As an SNTP client, the left device gets the time from the NTP server via SNTP. The device assigns clock stratum "2"...
  • Page 155 Synchronizing the system time in the 8.3 Precision Time Protocol Reference Switch mit (Grandmaster Clock) RT-Modul Switch mit 10.0.1.116 RT-Modul 10.0.1.112 10.0.1.2 Boundary Clock Ordinary Clock Switch ohne Switch ohne RT-Modul RT-Modul 10.0.1.105 10.0.1.106 Figure 50: Example of PTP synchronization Device 10.0.1.112 10.0.1.116...

  • Page 156: Interaction Of Ptp And Sntp

    Synchronizing the system time in the 8.4 Interaction of PTP and SNTP 8.4 Interaction of PTP and SNTP According to PTP and SNTP, both protocols can exist in parallel in the same network. However, since both protocols effect the system time of the device, situations may occur in which the two protocols compete with each other.
  • Page 157 Synchronizing the system time in the 8.4 Interaction of PTP and SNTP Device 149.218.112.1 149.218.112.2 149.218.112.3 Operation Clock Mode ptp-mode- ptp-mode- ptp-mode- boundary-clock boundary-clock boundary-clock Preferred Master false false false SNTP Operation Server destination address 224.0.1.1 224.0.1.1 224.0.1.1 Server VLAN ID Send interval Client external server address 149.218.112.0 0.0.0.0...
  • Page 158 Synchronizing the system time in the 8.4 Interaction of PTP and SNTP Basic Configuration L2P Release 4.2 07/08...

  • Page 159: Operation Diagnosis

    Operation diagnosis 9 Operation diagnosis The device provides you with the following diagnostic tools for the operation diagnosis: Sending traps Monitoring device status Out-of-band signaling via signal contact Port status indication Event counter at port level SFP status indication TP cable diagnostics Topology discovery Reports Monitoring the data traffic of a port (port mirroring)

  • Page 160: Sending Traps

    Operation diagnosis 9.1 Sending traps 9.1 Sending traps If unusual events occur during normal operation of the device, they are reported immediately to the management station. This is done by means of what are called traps - alarm messages - that bypass the polling procedure ("Polling"...

  • Page 161: Snmp Trap Listing

    Operation diagnosis 9.1 Sending traps 9.1.1 SNMP trap listing All the possible traps that the device can send are listed in the following table. Trap name Meaning authenticationFailure is sent if a station attempts to access an agent without permission. coldStart is sent for both cold and warm starts during the boot process after successful management initialization.

  • Page 162: Snmp Traps When Booting

    Operation diagnosis 9.1 Sending traps 9.1.2 SNMP traps when booting The device sends the ColdStart trap during every booting. Basic Configuration L2P Release 4.2 07/08...

  • Page 163: Configuring Traps

    Operation diagnosis 9.1 Sending traps 9.1.3 Configuring traps Select the Diagnostics:Alarms (Traps) dialog. This dialog allows you to determine which events trigger an alarm (trap) and where these alarms should be sent. Select "Create entry". In the "Address" column, enter the IP address of the management station to which the traps should be sent.
  • Page 164 Operation diagnosis 9.1 Sending traps The events which can be selected are: Name Meaning Authentication The device has rejected an unauthorized access attempt (see the Access for IP Addresses and Port Security dialog). Cold Start The device has been switched on. Link Down At one port of the device, the link to the device connected there has been interrupted.

  • Page 165: Monitoring The Device Status

    Operation diagnosis 9.2 Monitoring the device status 9.2 Monitoring the device status The device status provides an overview of the overall condition of the device. Many process visualization systems record the device status for a device in order to present its condition in graphic form. The device enables you to signal the device status out-of-band via a signal contact (see on page 171 „Monitoring the device status via the signal contact“)

  • Page 166: Configuring The Device Status

    Operation diagnosis 9.2 Monitoring the device status Note: With non-redundant voltage supply, the device reports the absence of a supply voltage. You can prevent this message by feeding the supply volt- age over both inputs, or by switching off the monitoring (see on page 170 „Monitoring correct operation via the signal contact“).
  • Page 167 Operation diagnosis 9.2 Monitoring the device status Time of the oldest existing alarm Cause of the oldest existing alarm Symbol indicates the Device Status Figure 53: Device status and alarm display Switch to the Priviledged EXEC mode. exit Display the device status and the setting for the show device-status device status determination.

  • Page 168: Out-Of-Band Signaling

    Operation diagnosis 9.3 Out-of-band signaling 9.3 Out-of-band signaling The signal contact is used to control external devices and monitor the oper- ation of the Gerätes, thus enabling remote diagnostics. A break in contact is reported via the potential-free signal contact (relay con- tact, closed circuit): Incorrect supply voltage, the failure of at least one of the two supply voltages,...

  • Page 169: Controlling The Signal Contact

    Operation diagnosis 9.3 Out-of-band signaling 9.3.1 Controlling the signal contact With this mode you can remotely control every signal contact individually. Application options: Simulation of an error during SPS error monitoring. Remote control of a device via SNMP, such as switching on a camera. Select the Diagnostics:Signal Contact 1/2) dialog.

  • Page 170: Monitoring Correct Operation Via The Signal Contact

    Operation diagnosis 9.3 Out-of-band signaling 9.3.2 Monitoring correct operation via the signal contact Configuring the operation monitoring Select the Diagnostics:Signal Contact dialog. Select "Monitoring correct operation" in the "Mode signal contact" frame to use the contact for operation monitoring. In the "Monitoring correct operation" frame, you select the events you want to monitor.

  • Page 171: Monitoring The Device Status Via The Signal Contact

    Operation diagnosis 9.3 Out-of-band signaling Figure 54: Signal contact dialog Switch to the Priviledged EXEC mode. exit Displays the status of the operation monitoring show signal-contact 1 and the setting for the status determination. 9.3.3 Monitoring the device status via the signal contact The "Device Status"...

  • Page 172: Port Status Indication

    Operation diagnosis 9.4 Port status indication 9.4 Port status indication Select the Basics:System dialog. The device view shows the device with the current configuration. The symbols underneath the device view represent the status of the individual ports. Figure 55: Device view Meaning of the symbols: The port (10, 100 Mbit/s, 1, 10 Gbit/s) is enabled and the connection is OK.

  • Page 173: Event Counter At Port Level

    Operation diagnosis 9.5 Event counter at port level 9.5 Event counter at port level The port statistics table enables experienced network administrators to iden- tify possible problems in the network. This table shows you the contents of various event counters. In the Restart menu item, you can reset all the event counters to zero using "Warm start", "Cold start"...
  • Page 174 Operation diagnosis 9.5 Event counter at port level Figure 56: Port Statistics dialog Basic Configuration L2P Release 4.2 07/08...

  • Page 175: Displaying The Sfp Status

    Operation diagnosis 9.6 Displaying the SFP status 9.6 Displaying the SFP status The SFP status display allows you to look at the current connections to the SFP modules and their properties. The properties include: module type support provided in media module temperature in degrees Celsius transmission power in milliwatts reception power in milliwatts...

  • Page 176: Tp Cable Diagnosis

    Operation diagnosis 9.7 TP cable diagnosis 9.7 TP cable diagnosis The TP cable diagnosis allows you to check the connected cables for short circuits or interruptions. Note: While the check is being carried out, the data traffic at this port is suspended.

  • Page 177: Topology Discovery

    Operation diagnosis 9.8 Topology discovery 9.8 Topology discovery 9.8.1 Description of topology discovery IEEE 802.1AB describes the Link Layer Discovery Protocol (LLDP). LLDP enables the user to have automatic topology recognition for his LAN. A device with active LLDP sends its own connection and management information to neighboring devices of the shared LAN, once these devices have also activated LLDP.

  • Page 178: Displaying The Topology Discovery

    LLDP packets. Thus a non-LLDP-capable device between two LLDP-capa- ble devices prevents LLDP information exchange between these two devic- es. To get around this, Hirschmann devices send and receive additional LLDP packets with the Hirschmann Multicast MAC address 01:80:63:2F:FF:0B. Hirschmann devices with the LLDP function are thus also able to exchange LLDP information with each other via devices that are not LLDP-capable.
  • Page 179 Operation diagnosis 9.8 Topology discovery This dialog allows you to switch on/off the topology discovery function (LLDP). The topology table shows you the collected information for neighboring devices. This information enables the network manage- ment station to map the structure of your network. The option "Show LLDP entries exclusively"...
  • Page 180 Operation diagnosis 9.8 Topology discovery If several devices are connected to one port, for example via a hub, the table will contain one line for each connected device. devices with active topology discovery function and devices without active topology discovery function are connected to a port, the topology table hides the devices without active topology discovery.

  • Page 181: Detecting Ip Address Conflicts

    Operation diagnosis 9.9 Detecting IP address conflicts 9.9 Detecting IP address con- flicts 9.9.1 Description of IP address conflicts By definition, each IP address may only be assigned once within a subnet- work. Should two or more devices erroneously share the same IP address within one subnetwork, this will inevitably lead to malfunctions, including communication disruptions with devices that have this IP address.In his In- ternet draft, Stuart Cheshire describes a mechanism that industrial Ethernet...

  • Page 182: Configuring Acd

    Operation diagnosis 9.9 Detecting IP address conflicts 9.9.2 Configuring ACD Select the Diagnostics:IP Address Conflict Detection dialog. With "Status" you enable/disable the IP address conflict detection or select the operating mode (see table 17). 9.9.3 Displaying ACD Select the Diagnostics:IP Address Conflict Detection dialog. Basic Configuration L2P Release 4.2 07/08...
  • Page 183 Operation diagnosis 9.9 Detecting IP address conflicts In the table the device logs IP address conflicts with its IP address. For each conflict the device logs: the time the conflicting IP address the MAC address of the device with which the IP address conflict- For each IP address, the device logs a line with the last conflict that occurred.

  • Page 184: Reports

    Operation diagnosis 9.10 Reports 9.10Reports The following reports are available for the diagnostics: Log file The log file is an HTML file in which the device writes all the important device-internal events System information. The system information is an HTML file containing all system-relevant data.
  • Page 185 Operation diagnosis 9.10 Reports Index IP Address Severity Port Status ----- ----------------- ---------- ---- ------------- 10.0.1.159 error Active Basic Configuration L2P Release 4.2 07/08...

  • Page 186: Monitoring Port Traffic (Port Mirroring)

    Operation diagnosis 9.11 Monitoring port traffic (port mirroring) 9.11Monitoring port traffic (port mirroring) In port mirroring, the valid data packets of one port, the source port, are cop- ied to another, the destination port. The data traffic at the source port is not influenced by port mirroring.
  • Page 187 Operation diagnosis 9.11 Monitoring port traffic (port mirroring) Select the source port whose data traffic you want to observe. Select the destination port to which you have connected your man- agement tool. Select "enabled" to switch on the function. The "Delete" button in the dialog allows you to reset all the port mirroring settings of the device to the state on delivery.
  • Page 188 Operation diagnosis 9.11 Monitoring port traffic (port mirroring) Basic Configuration L2P Release 4.2 07/08...

  • Page 189: A Setting Up Configuration Environment

    Setting up configuration environment A Setting up configuration environment Basic Configuration L2P Release 4.2 07/08...

  • Page 190: Setting Up Dhcp/Bootp Server

    Setting up configuration environment A.1 Setting up DHCP/BOOTP server A.1 Setting up DHCP/BOOTP server On the CD-ROM supplied with the device you will find the software for a DHCP server from the software development company IT-Consulting Dr. Herbert Hanewinkel. You can test the software for 30 calendar days from the date of the first installation, and then decide whether you want to purchase a license.
  • Page 191 Setting up configuration environment A.1 Setting up DHCP/BOOTP server Figure 63: DHCP setting To enter the configuration profiles, select Options:Configuration Profiles in the menu bar. Enter the name of the new configuration profile and click Add. Figure 64: Adding configuration profiles Enter the network mask and click Accept.
  • Page 192 Setting up configuration environment A.1 Setting up DHCP/BOOTP server Figure 65: Network mask in the configuration profile Select the Boot tab page. Enter the IP address of your tftp server. Enter the path and the file name for the configuration file. Click Apply and then OK.
  • Page 193 Setting up configuration environment A.1 Setting up DHCP/BOOTP server Add a profile for each device type. If devices of the same type have different configurations, then you add a profile for each configuration. To complete the addition of the configuration profiles, click OK. Figure 67: Managing configuration profiles To enter the static addresses, click Static in the main window.
  • Page 194 Setting up configuration environment A.1 Setting up DHCP/BOOTP server Figure 69: Adding static addresses Enter the MAC address of the device. Enter the IP address of the device. Select the configuration profile of the device. Click Apply and then OK. Figure 70: Entries for static addresses Add an entry for each device that will get its parameters from the DHCP server.
  • Page 195 Setting up configuration environment A.1 Setting up DHCP/BOOTP server Figure 71: DHCP server with entries Basic Configuration L2P Release 4.2 07/08...

  • Page 196: Setting Up Dhcp Server Option

    Setting up configuration environment A.2 Setting up DHCP Server Option 82 A.2 Setting up DHCP Server Option 82 On the CD-ROM supplied with the device you will find the software for a DHCP server from the software development company IT-Consulting Dr.
  • Page 197 Setting up configuration environment A.2 Setting up DHCP Server Option 82 Figure 73: DHCP setting To enter the static addresses, click New. Figure 74: Adding static addresses Select Circuit Identifier and Remote Identifier. Basic Configuration L2P Release 4.2 07/08...
  • Page 198 ID cl: length of the circuit ID hh: Hirschmann ID: 01 if a Hirschmann device is connected to the port, otherwise 00. vvvv: VLAN ID of the DHCP request (default: 0001 = VLAN 1) ss: socket of device at which the module with that port is located to which the device is connected.
  • Page 199 Setting up configuration environment A.2 Setting up DHCP Server Option 82 Figure 76: Entering the addresses Switch (Option 82) MACH 3002 MICE MAC-Adresse = IP = 00:80:63:10:9a:d7 149.218.112.100 DHCP-Server IP = 149.218.112.1 IP = 149.218.112.100 Figure 77: Application example of using Option 82 Basic Configuration L2P Release 4.2 07/08...

  • Page 200: Tftp Server For Software Updates

    Setting up configuration environment A.3 tftp server for software updates A.3 tftp server for software updates On delivery, the device software is held in the local flash memory. The device boots the software from the flash memory. Software updates can be performed via a tftp server. This presupposes that a tftp server has been installed in the connected network and that it is active.

  • Page 201: Setting Up The Tftp Process

    Setting up configuration environment A.3 tftp server for software updates A.3.1 Setting up the tftp process General prerequisites: The local IP address of the device and the IP address of the tftp server or the gateway are known to the device. The TCP/IP stack with tftp is installed on tftp server.
  • Page 202 Setting up configuration environment A.3 tftp server for software updates Note: The command "ps" does not always show the tftp daemon, although it is actually running. Special steps for HP workstations: During installation on an HP workstation, enter the user tftp in the file /etc/passwd.
  • Page 203 Setting up configuration environment A.3 tftp server for software updates Checking the tftp process Edit the file e t c i n e t d . c o n f Is tftp* commented out? Delete the comment character »#« from this line Re-initialize inetd.conf by entering k i l l - 1 P I D...

  • Page 204: Software Access Rights

    Setting up configuration environment A.3 tftp server for software updates A.3.2 Software access rights The agent needs read permission for the tftp directory on which the device software is stored. Example of a UNIX tftp server Once the device software has been installed, the tftp server should have the following directory structure with the stated access rights: File name Access...

  • Page 205: Preparing Access Via Ssh

    Setting up configuration environment A.4 Preparing access via SSH A.4 Preparing access via SSH To be able to access the device via SSH, you will need: a key to install the key on the device to enable access via SSH on the device and a program for executing the SSH protocol on your computer.

  • Page 206: Uploading The Key

    Setting up configuration environment A.4 Preparing access via SSH Figure 79: PuTTY key generator The OpenSSH Suite offers experienced network administrators a further option for generating the key. To generate the key, enter the following command: ssh-keygen(.exe) -q -t rsa1 -f rsa1.key -C '' -N '' A.4.2 Uploading the key The Command Line Interface enables you to upload the SSH key to the device.

  • Page 207: Access Via Ssh

    Setting up configuration environment A.4 Preparing access via SSH The device loads the key file to its non-volatile copy tftp://10.0.10.1/ memory. device/rsa1.key 10.0.10.1 represents the IP address of the nvram:sshkey-rsa1 tftp server. device represents the directory on the tftp server. rsa1.key represents the file name of the key.
  • Page 208 Setting up configuration environment A.4 Preparing access via SSH Check the fingerprint to protect yourself from unwelcome guests. Your fin- gerprint is located in the "Key" frame of the PuTTY key generator (see fig. 79) If the fingerprint matches your key, click "Yes". PuTTY will display another security alert message for the warning threshold set.

  • Page 209: B General Information

    General information B General information Basic Configuration L2P Release 4.2 07/08...

  • Page 210: Management Information Base (Mib)

    General information B.1 Management Information Base (MIB) B.1 Management Information Base (MIB) The Management Information Base (MIB) is designed in the form of an ab- stract tree structure. The branching points are the object classes. The "leaves" of the MIB are called generic object classes.
  • Page 211 Lower (e.g. threshold value) Power supply Power supply System User interface Upper (e.g. threshold value) Vendor = manufacturer (Hirschmann) Definition of the syntax terms used: Integer An integer in the range 0 - 2 IP address xxx.xxx.xxx.xxx xxx = integer in the range 0-255)
  • Page 212 7 udp 11 snmp 16 rmon 17 dot1dBridge 26 snmpDot3MauMGT Figure 82: Tree structure of the Hirschmann MIB A complete description of the MIB can be found on the CD-ROM included with the device. Basic Configuration L2P Release 4.2 07/08...

  • Page 213: Abbreviations Used

    General information B.2 Abbreviations used B.2 Abbreviations used AutoConfiguration Adapter Access Control List BOOTP Bootstrap Protocol Command Line Interface DHCP Dynamic Host Configuration Protocol Forwarding Database GARP General Attribute Registration Protocol GMRP GARP Multicast Registration Protocol http Hypertext Transfer Protocol ICMP Internet Control Message Protocol IGMP...

  • Page 214: List Of Rfc's

    General information B.3 List of RFC's B.3 List of RFC's RFC 768 (UDP) RFC 783 (TFTP) RFC 791 (IP) RFC 792 (ICMP) RFC 793 (TCP) RFC 826 (ARP) RFC 854 (Telnet) RFC 855 (Telnet Option) RFC 951 (BOOTP) RFC 1112 (IGMPv1) RFC 1157 (SNMPv1)
  • Page 215 General information B.3 List of RFC's RFC 2576 (Coexistence between SNMP v1,v2 & v3) RFC 2578 (SMI v2) RFC 2579 (Textual Conventions for SMI v2) RFC 2580 (Conformance statements for SMI v2) RFC 2613 (SMON) RFC 2618 (RADIUS Authentication Client MIB) RFC 2620 (RADIUS Accounting MIB) RFC 2674...

  • Page 216: Based Specifications And Standards

    General information B.4 Based specifications and standards B.4 Based specifications and standards IEEE 802.1AB Topologie Discovery (LLDP) IEEE 802.1 D Switching, GARP, GMRP, Spanning Tree (Supported via 802.1S implementation) IEEE 802.1 D-1998 Media access control (MAC) bridges (includes IEEE 802.1p Priority and Dynamic Multicast Filtering, GARP, GMRP) IEEE 802.1 Q-1998 Virtual Bridged Local Area Networks...

  • Page 217: Technical Data

    Size of MAC address table 8000 (incl. static filters) Max. number of statically configured MAC address filters Max. number of MAC address filters 512 (RS20/RS30/RS40, MS20/MS30, learnable via GMRP/IGMP Snooping OCTOPUS, MACH1000, RSR20/RSR30) 1000 (PowerMICE, MACH4000) Max. length of over-long packets 1632 (RS20/RS30/RS40, MS20/MS30, (from 03.0.00)

  • Page 218: Copyright Of Integrated Software

    General information B.6 Copyright of integrated software B.6 Copyright of integrated software B.6.1 Bouncy Castle Crypto APIs (Java) The Legion Of The Bouncy Castle Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies...

  • Page 219: Lvl7 Systems, Inc

    General information B.6 Copyright of integrated software B.6.2 LVL7 Systems, Inc. (c) Copyright 1999-2006 LVL7 Systems, Inc. All Rights Reserved. Basic Configuration L2P Release 4.2 07/08...

  • Page 220: Reader´s Comments

    General information B.7 Reader´s comments B.7 Reader´s comments What is your opinion of this manual? We are always striving to provide as comprehensive a description of our product as possible, as well as important information that will ensure trouble-free operation. Your comments and sug- gestions help us to further improve the quality of our documentation.
  • Page 221 Zip code / City: Date / Signature: Dear User, Please fill out and return this page by fax to the number +49 (0)7127/14-1798 or by mail to Hirschmann Automation and Control GmbH Department AMM Stuttgarter Str. 45-51 72654 NeckartenzlingenGermany Germany Basic Configuration L2P...
  • Page 222 General information B.7 Reader´s comments Basic Configuration L2P Release 4.2 07/08...

  • Page 223: C Index

    Index C Index 38, 54, 55, 65, 67, 164 Data transfer parameter Access Destination address 94, 95, 99 Access rights 60, 76 Destination address field Access security Destination port Destination table Address conflict Device status Address Conflict Detection DHCP 25, 33, 48, 54 Address table DHCP client DHCP Option 82...
  • Page 224 Index IANA Object classes IAONA Object description IEEE 1588 time Object ID IEEE 802.1 Q Operating mode IEEE 802.1X Operation monitoring IEEE MAC address Option 82 25, 48, 196 IGMP Ordinary clock IGMP Querier Overload protection IGMP Snooping 96, 98 Industry protocols Ingress Filter Password...
  • Page 225 Index TP cable diagnosis RIPE NCC Traffic class 117, 118, 119 RMON probe Traffic classes Router Training courses Transmission reliability Trap 86, 160 Security data sheet trap Segmentation Trap Destination Table Service Trivial File Transfer Protocol Service provider trust dot1p Set time from PC trust ip-dscp SFP module...
  • Page 226 Index Basic Configuration L2P Release 4.2 07/08...

  • Page 227: D Further Support

    Further support D Further support Technical questions and training courses In the event of technical queries, please talk to the Hirschmann contract partner responsible for looking after your account or directly to the Hirschmann office. You can find the addresses of our contract partners on the Internet: www.hirschmann-ac.com.

This manual is also suitable for:

Rs40Ms20Ms30OctopusPower miceRsr20 ... Show all

Table of Contents