Hirschmann MS30, Power MICE, MACH 4000, OCTOPUS User Manual
  1. Manuals
  2. Brands
  3. Hirschmann Manuals
  4. Network Router
  5. MS30, Power MICE, MACH 4000, OCTOPUS
  6. User manual

Hirschmann MS30, Power MICE, MACH 4000, OCTOPUS User Manual

Industrial ethernet gigabit switch
Hide thumbs Also See for MS30, Power MICE, MACH 4000, OCTOPUS:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Programming Manual, Reference Manual

User Manual

Basic Configuration

Industrial ETHERNET Gigabit Switch
RS20/RS30, MS20/MS30, Power MICE, MACH 4000, OCTOPUS
Layer 2 Enhanced with Layer 2 Professional
Technical Support
Release 1.0 10/05
HAC-Support@hirschmann.de

Advertisement

Table of Contents
loading

Related Manuals for Hirschmann MS30, Power MICE, MACH 4000, OCTOPUS

Summary of Contents for Hirschmann MS30, Power MICE, MACH 4000, OCTOPUS

  • Page 1: User Manual

    User Manual Basic Configuration Industrial ETHERNET Gigabit Switch RS20/RS30, MS20/MS30, Power MICE, MACH 4000, OCTOPUS Layer 2 Enhanced with Layer 2 Professional Technical Support Release 1.0 10/05 HAC-Support@hirschmann.de...
  • Page 2 This publication has been created by Hirschmann Automation and Control GmbH according to the best of our knowledge. Hirschmann reserves the right to change the contents of this manual without prior notice. Hirschmann can give no guarantee in respect of the correctness or accuracy of the details in this publication.

  • Page 3: Table Of Contents

    Contents Contents About this Manual Introduction Access to the user interfaces System monitor Command Line Interface Web based Interface Entering the IP parameters Basics IP parameter 2.1.1 IP address (version 4) 2.1.2 Network mask 2.1.3 Example of how the network mask is used Entering the IP parameters via CLI Entering the IP parameters via HiDiscovery Loading the system configuration from the ACA...
  • Page 4 Contents Loading/saving settings Loading settings 3.1.1 Loading from the local non-volatile memory 3.1.2 Loading from the AutoConfiguration Adapter 3.1.3 Loading from a file 3.1.4 Resetting the configuration to the state on delivery Saving settings 3.2.1 Saving Locally (and on the ACA) 3.2.2 Saving into a file Loading Software Updates Loading the Software from the ACA...
  • Page 5 Contents Synchronizing the System Time of the Network Entering the Time SNTP 7.2.1 Descripton SNTP 7.2.2 Preparing the SNTP configuration 7.2.3 Configuring SNTP Precison Time Protocol 7.3.1 Funtion description PTP 7.3.2 Preparing the PTP configuration 7.3.3 Configuring PTP Interaction PTP and SNTP Traffic control Directed frame forwarding 8.1.1 Store-and-forward...
  • Page 6 Contents VLANs 8.6.1 Description VLANs 8.6.2 Configuring VLANs 8.6.3 Setting up VLANs 8.6.4 Displaying the VLAN configuration 8.6.5 Deleting the VLAN settings 8.6.6 Example of a simple VLAN Operation Diagnostics Sending traps 9.1.1 SNMP trap listing 9.1.2 SNMP traps when booting 9.1.3 Configuring traps Out-of-band signaling 9.2.1 Manual setting the signal contact...
  • Page 7 Contents General Information Hirschmann Competence Management Information BASE MIB Used abbreviations List of RFC's Based IEEE standards Technical Data Copyright of integrated software B.8.1 Bouncy Castle Crypto APIs (Java) B.8.2 LVL7 Systems, Inc. Reader's comments B.10 Index Layer 2 Enhanced with Layer 2 Professional...
  • Page 8 Contents Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 9: About This Manual

    About this Manual About this Manual The “Basic Configuration” user manual contains all the information you need to start operating the switch. It takes you step by step from the first startup operation through to the basic settings for operation in your environment. The following thematic sequence has proven itself in practice: Set up device access for operation by entering the IP parameters Check the status of the software and update it if necessary...
  • Page 10 About this Manual Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 11: Key

    The designations used in this manual have the following meanings: List V Work step Subheading Indicates a cross-reference with a stored link. Note: A note emphasizes an important fact or draws your attention to a dependency. Courier font ASCII representation in user interface Execution in the Web-based Interface user interface Execution in the Command Line Interface user interface Symbols used:...
  • Page 12 A random computer Configuration computer Server Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 13: Introduction

    Introduction Introduction The Switch has been developed for practical application in a harsh industrial environment. Accordingly, the installation process has been kept simple. Thanks to the selected default settings, you only have to enter a few settings before starting to operate the Switch. Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...
  • Page 14 Introduction Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 15: Access To The User Interfaces

    Access to the user interfaces 1 Access to the user interfaces The Switch has three user interfaces, which you can access via different interfaces: System monitor via the V.24 interface (out-of-band) Command Line Interface (CLI) via the V.24 connection (out-of-band) and Telnet (in-band) Web-based interface via Ethernet (in-band) Layer 2 Enhanced with Layer 2 Professional...

  • Page 16: System Monitor

    Access to the user interfaces 1.1 System monitor 1.1 System monitor The system monitor enables you to select the boot operating software, update the operating software, start the selected operating software, end the system monitor, erase the saved configuration and show the bootcode information.
  • Page 17 Access to the user interfaces 1.1 System monitor < PowerMICE MS4128-5 (Boot) Release: 1.00 Build: 2005-09-17 15:36 > Press <1> to enter System Monitor 1 ... Fig. 1: Screenshot during the boot process V Press within one second the <1> key to start system monitor 1. Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...
  • Page 18 Access to the user interfaces 1.1 System monitor System Monitor (Selected OS: L3P-01.0.00-K16 (2005-10-31 19:32)) Select Boot Operating System Update Operating System Start Selected Operating System End (reset and reboot) Erase main configuration file sysMon1> Fig. 2: System monitor 1 screen display V Select the desired menu by entering the number.

  • Page 19: Command Line Interface

    Access to the user interfaces 1.2 Command Line Interface 1.2 Command Line Interface The Command Line Interface allows you to use all device functions via a local or a remote connection. The command line interface provides IT specialists with a familiar environ- ment for configuring IT devices.
  • Page 20 Access to the user interfaces 1.2 Command Line Interface Copyright (c) 2004-2005 Hirschmann Automation and Control GmbH All rights reserved PowerMICE Release L3P-01.0.00-K16 (Build date 2005-10-31 19:32) System Name: PowerMICE Mgmt-IP 149.218.112.105 1.Router-IP: 0.0.0.0 Base-MAC 00:80:63:51:74:00 System Time: 2005-11-01 16:00:59 User: Fig.
  • Page 21 NOTE: Enter '?' for Command Help. Command help displays all options that are valid for the 'normal' and 'no' command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann PowerMICE) > Fig. 4: CLI screen after login Layer 2 Enhanced with Layer 2 Professional...

  • Page 22: Web Based Interface

    Access to the user interfaces 1.3 Web based Interface 1.3 Web based Interface The user-friendly Web-based interface gives you the option of operating the Switch from any location in the network via a standard browser such as the Mozilla Firefox or the Microsoft Internet Explorer. As a universal access tool, the Web browser uses an applet which commu- nicates with the Switch via the Simple Network Management Protocol (SNMP).
  • Page 23 Access to the user interfaces 1.3 Web based Interface V Start your Web browser. V Make sure that you have activated JavaScript and Java in the security settings of your browser. V Establish the connection by entering the IP address of the Switch that you want to administer via the Web-based network management in the address field of the Web browser.
  • Page 24 Access to the user interfaces 1.3 Web based Interface V The password “public”, with which you have read permission, appears in the password field. If you wish to access the Switch with write per- mission, then highlight the contents of the password field and overwri- te it with the password “private”...

  • Page 25: Entering The Ip Parameters

    Entering the IP parameters 2 Entering the IP parameters IP address(es) must be entered when the Switch is installed for the first time. The Switch provides 6 options for entering the IP parameters during the first installation: Using the Command Line Interfaces (CLI). Choose this “out-of-band”...
  • Page 26 Entering the IP parameters Using DHCP Option 82. Choose this “in-band” method if you want to configure the installed Switch using DHCP Option 82. You need a DHCP server with Option 82 for this. The DHCP server assigns the configuration data to the Switch using its physical connection (see “System Configuration via DHCP Option 82”...

  • Page 27: Basics Ip Parameter

    Entering the IP parameters 2.1 Basics IP parameter 2.1 Basics IP parameter 2.1.1 IP address (version 4) The IP addresses consist of 4 bytes. These 4 bytes are written in decimal notation, separated by a decimal point. Since 1992, five classes of IP address have been defined in the RFC 1340. Class Network address Host address...

  • Page 28: Network Mask

    Entering the IP parameters 2.1 Basics IP parameter Net ID - 7 bits Host ID - 24 bits Klasse A Net ID - 14 bits Host ID - 16 bits Klasse B Net ID - 21 bits Host ID - 8 bit s Klasse C Multicast Group ID - 28 bits Klasse D...
  • Page 29 Entering the IP parameters 2.1 Basics IP parameter Example of a network mask: Decimal notation 255.255.192.0 Binary notation 11111111.11111111.11000000.00000000 Subnetwork mask bits Class B Example of IP addresses with subnetworks assignment when the above sub- net mask is applied: Decimal notation 129.218.65.17 128 <...

  • Page 30: Example Of How The Network Mask Is Used

    Entering the IP parameters 2.1 Basics IP parameter 2.1.3 Example of how the network mask is used In a large network it is possible that gateways and routers separate the man- agement agent from its management station. How does addressing work in such a case? Romeo Juliet...
  • Page 31 Entering the IP parameters 2.1 Basics IP parameter Lorenzo receives the letter and removes the outer envelope. From the inner envelope he recognizes that the letter is meant for Juliet. He places the inner envelope in a new outer envelope and searches his address list (the ARP ta- ble) for Juliet's MAC address.

  • Page 32: Entering The Ip Parameters Via Cli

    Entering the IP parameters 2.2 Entering the IP parameters via CLI 2.2 Entering the IP parameters via CLI If you do not configure the system via BOOTP/DHCP, DHCPOption 82, Hidiscovery protocol or the ACA AutoConfiguration Adapter, then perform the configuration via the V.24 interface using the Command Line Interface: Entering IP addresses Connect the PC with terminal program started to the RJ11 socket...
  • Page 33 'normal' and 'no' command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann PowerMICE) > V Change to privileged EXEC mode by entering enable and then press the Enter key. V Disable DHCP by entering network protocol none and then press the Enter key.
  • Page 34 (Hirschmann PowerMICE) >en (Hirschmann PowerMICE) #network protocol none (Hirschmann PowerMICE) #network parms 149.218.112.105 255.255.255.0 (Hirschmann PowerMICE) #copy system:running-config nvram:startup-config Are you sure you want to save? (y/n) y Copy OK: 15811 bytes copied...

  • Page 35: Entering The Ip Parameters Via Hidiscovery

    Entering the IP parameters 2.3 Entering the IP parameters via HiDiscovery 2.3 Entering the IP parameters via HiDiscovery The HiDiscovery protocol enables you to assign IP parameters to the Switch via the Ethernet. You can easily configure additional parameters with the Web-based mana- gement (see Reference manual „Web-based Interface“).
  • Page 36 Entering the IP parameters 2.3 Entering the IP parameters via HiDiscovery When HiDiscovery is started, it automatically searches the network for those devices which support the HiDiscovery protocol. HiDiscovery uses the first PC network card found. If your computer has se- veral network cards, you can select these in HiDiscovery on the toolbar.

  • Page 37: Loading The System Configuration From The Aca

    Entering the IP parameters 2.4 Loading the system configuration from the 2.4 Loading the system configuration from the ACA The ACA is a device for storing the configuration data of a Switch. storing the Switch software. In the case of a Switch failure, the ACA enables a very simple configuration data transfer by means of a substitute Switch of the same type.
  • Page 38 Entering the IP parameters 2.4 Loading the system configuration from the Switch starten Nein vorhanden? Passwort im Voreingestelltes Nein Nein Switch und ACA Passwort im identisch? Switch? Konfiguration vom Konfiguration aus ACA laden lokalem Speicher laden ACA-LEDs blinken ACA-LEDs blinken synchron alternierend Konfigurationsdaten...

  • Page 39: System Configuration Via Bootp

    Entering the IP parameters 2.5 System configuration via BOOTP 2.5 System configuration via BOOTP During startup operation via BOOTP (bootstrap protocol) the Switch receives its configuration data according to the “BOOTP process” flowchart (see Fig. 13). Note: In its state on delivery, the Switch gets its configuration data from the BOOTP server.
  • Page 40 Entering the IP parameters 2.5 System configuration via BOOTP rs2_01:ht=ether- net:ha=008063086501:ip=149.218.17.83:tc=.global: rs2_02:ht=ether- net:ha=008063086502:ip=149.218.17.84:tc=.global: Lines that start with a '#' character are comment lines. The lines under “.global:” make the configuration of several devices easier. With the template (tc) you allocate the global configuration data (tc=.global:). The direct allocation of hardware address and IP address occurs in the de- vice lines (rs2-0...).
  • Page 41 Entering the IP parameters 2.5 System configuration via BOOTP Start-up Load default configuration Switch in initalization Switch runs with settings from local flash Send DHCP DHCP/ BOOTP BOOTP? Requests Reply from Save IP parameter DHCP/BOOTP and config file URL server? locally initialize IP stack with IP parameters...
  • Page 42 Entering the IP parameters 2.5 System configuration via BOOTP Load remote Start tftp process configuration from with config URL of DHCP? file URL of DHCP tftp successful? Load transferred config file Save transferred config file local and set boot configuration to local Loading of configurations data...

  • Page 43: System Configuration Via Dhcp

    Entering the IP parameters 2.6 System configuration via DHCP 2.6 System configuration via DHCP The DHCP (dynamic host configuration protocol) responds similarly to the BOOTP and offers in addition the configuration of a DHCP client with a name instead of the MAC address. For the DHCP, this name is known as the “client identifier”...
  • Page 44 Entering the IP parameters 2.6 System configuration via DHCP The special feature of DHCP in contrast to BOOTP is that the server can only provide the configuration parameters for a certain period of time (“lease”). When this time period (“lease duration”) expires, the DHCP client must at- tempt to renew the lease or negotiate a new one.
  • Page 45 Entering the IP parameters 2.6 System configuration via DHCP # Host hugo requests IP configuration # with his client identifier. host hugo { # option dhcp-client-identifier "hugo"; option dhcp-client-identifier 00:68:75:67:6f; fixed-address 149.218.112.83; server-name "149.218.112.11"; filename "/agent/config.dat"; Lines that start with a '#' character are comment lines. The lines preceding the individually listed devices refer to settings that apply to all the following devices.

  • Page 46: System Configuration Via Dhcp Option

    Entering the IP parameters 2.7 System Configuration via DHCP Option 82 2.7 System Configuration via DHCP Option 82 As with the classic DHCP, on startup an agent receives its configuration data according to the “BOOTP/DHCP process” flow chart (see Fig. 13).

  • Page 47: System Configuration Via The Web-Based Interface

    Entering the IP parameters 2.8 System configuration via the Web-based 2.8 System configuration via the Web-based Interface With the dialog Basics:Network you define the source from which the Switch gets its network parameters after starting, assign IP parameters and VLAN ID and configure the HiDiscovery access. Fig.
  • Page 48 Entering the IP parameters 2.8 System configuration via the Web-based V Enter the parameters according to the selected mode on the right. V You enter the system name applicable to the DHCP protocol in the Sy- stem dialog of the Web-based Interfaces, in the “Name” line. V In the “Local”...

  • Page 49: Faulty Device Replacement

    Entering the IP parameters 2.9 Faulty Device Replacement 2.9 Faulty Device Replacement There are two plug-and-play solutions available for replacing a faulty Switch with a Switch of the same type (Faulty Device Replacement): First, you can configure the new switch using an AutoConfiguration Adapter (see “Loading the system configuration from the ACA”...
  • Page 50 Entering the IP parameters 2.9 Faulty Device Replacement Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 51: Loading/Saving Settings

    Loading/saving settings 3 Loading/saving settings The Switch saves settings such as the IB parameters and the port configuration in the temporary memory. These settings are lost when you switch off or reboot the device. The Switch enables you to save settings from the temporary memory in a permanent memory load settings from a permanent memory into the temporary memory.

  • Page 52: Loading Settings

    Loading/saving settings 3.1 Loading settings 3.1 Loading settings During restart, the Switch automatically loads its configuration data from the local non-volatile memory, provided that you have not activated BOOTP/ DHCP and that no ACA is connected to the Switch. During operation, the Switch enables you to load settings from the following sources: the local non-volatile memory, the AutoConfiguration Adapter.

  • Page 53: Loading From The Local Non-Volatile Memory

    Loading/saving settings 3.1 Loading settings 3.1.1 Loading from the local non-volatile memory When loading the configuration data locally, the Switch loads the configuration data from the local permanent memory if no ACA is connected to the Switch. V Select the Basics:Load/Save dialog. V Click in the “Load”-frame “Local”.

  • Page 54: Loading From A File

    Loading/saving settings 3.1 Loading settings 3.1.3 Loading from a file The Switch allows you to load the configuration data from a file in the connected network if there is no AutoConfiguration Adapter connected to the Switch. V Select the Basics:Load/Save dialog. V Click in the Load"-frame “fromURL”, if you want the Switch to load the configuration data from a file and to retain the locally saved con- figuration..
  • Page 55 Loading/saving settings 3.1 Loading settings Fig. 17: Dialog Load/Save V Enter the enable command to change to the Priviledged EXEC mode. V Enter the command copy tftp://149.218.112.159/switch/config.dat nv- ram:startup-config if you want the switch to load the configura- tion data from a tftp server in the connected network. Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 56: Resetting The Configuration To The State On Delivery

    Loading/saving settings 3.1 Loading settings 3.1.4 Resetting the configuration to the state on delivery The Switch gives you the option to, reset the current configuration to the state on delivery. The locally saved configuration remains. reset the Switch to the state on delivery. After restarting, the IP address is also in the original delivery state.

  • Page 57: Saving Settings

    Loading/saving settings 3.2 Saving settings 3.2 Saving settings The Switch enables you to save the settings you have made locally locally and on the ACA, or into a file. 3.2.1 Saving Locally (and on the ACA) The Switch allows you to save the current configuration data in the local permanent memory and the ACA.

  • Page 58: Saving Into A File

    Loading/saving settings 3.2 Saving settings 3.2.2 Saving into a file The Switch allows you to save the current configuration data in a file in the connected network. V Select the Basics:Load/Save dialog. V Click in the “Save”-frame “to URL”. V Type in the “URL” edit field the path under which you want the Switch to save the configuration file.

  • Page 59: Loading Software Updates

    Hirschmann is continuously working on improving the performance of its products. So it is possible that you may find a more up to date release of the Switch software on the Hirschmann Internet site than the release the you have on your Switch.

  • Page 60: Loading The Software From The Aca

    Loading Software Updates 4.1 Loading the Software from the ACA 4.1 Loading the Software from the ACA Like an usual USB stick, you can also connect the ACA 21-USB to an USB port of your PC and copy the Switch software to the main directory of the ACA 21-USB.
  • Page 61 Loading Software Updates 4.1 Loading the Software from the ACA Select Operating System Image (Available OS: Selected: 1.00 (2004-08-26 07:15), Backup: 1.00 (2004-08- 26 07 :15(Locally selected: 1.00 (2004-08-26 07:15)) Swap OS images Copy image to backup Test stored images in Flash mem. Test stored images in USB mem.

  • Page 62: Starting The Software

    Loading Software Updates 4.1 Loading the Software from the ACA Test stored images in USB memory Select 4 to test, if the stored images of the software in ACA 21-USB contain valid codes. Apply and store selection Select 5 to apply and store the selection of the software. Cancel selection Select Sie 6 to cancel selection and leave this dialogue without changes.

  • Page 63: Loading The Software From The Tftp Server

    Loading Software Updates 4.2 Loading the Software from the tftp Server 4.2 Loading the Software from the tftp Server For a tftp update you need a tftp server on which the software to be loaded is stored (see “tftp server for software updates” on page 165).
  • Page 64 Loading Software Updates 4.2 Loading the Software from the tftp Server V After the loading procedure has been completed successfully, activa- te the new software as follows: Select the Basics:Restart dialog und and perform a cold start. V After booting the switch, click “Reload” in your browser to re-enable your access to the Switch.

  • Page 65: Loading Software Via Http

    Loading Software Updates 4.3 Loading Software via HTTP 4.3 Loading Software via HTTP For an http update you need access from your computer to the update soft- ware. V Select the Basics:Software dialog. V Click “http-Update” to open the http Update browser window. V Click “Browse...”...
  • Page 66 Loading Software Updates 4.3 Loading Software via HTTP V After the software procedure has been completed successfully, go to Basics:Restart, and perform a cold start (“Restart Switch”). V Click “Reload” in your browser to re-enable Switch access after boo- ting. Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 67: Configuring Ports

    Configuring ports 5 Configuring ports The port configuration consists of: Switching the port on and off, Selecting the operation mode, Displaying connection error messages. Switching the port on and off In the state on delivery, all ports are switched on. To enhance access security, switch off the ports which you do not wish to connect..
  • Page 68 Configuring ports Displaying connection error mMessages In the state on delivery the Switch displays a connection error via the signal contact and the LED display. The Switch allows you to disable the displaying of connection error messages, for instance to prevent a device that has been turned off from being interpreted as an interrupted line.

  • Page 69: Protection From Unauthorized Access

    Protection from unauthorized access 6 Protection from unauthorized access Protect your network from unauthorized access. The Switch provides you with the following functions for protecting against unauthorized access. Password for SNMP access, Setting the Telnet/Web-Based access, Disabling the HiDiscovery function, Port access control via IP- or MAC-address, Authentication according to 802.1X, Layer 2 Enhanced with Layer 2 Professional...

  • Page 70: Password For Snmp Access

    Protection from unauthorized access 6.1 Password for SNMP access 6.1 Password for SNMP access 6.1.1 Description Password for SNMP access A network management station communicates with the Switch via the Simple Network Management Protocol. Every SNMP packet contains the IP address of the sending computer and the password under which the sender of the packet wants to access the Switch MIB.

  • Page 71: Entering Password For Snmp Access

    Protection from unauthorized access 6.1 Password for SNMP access 6.1.2 Entering password for SNMP access V Select the Security:Password / SNMPv3 access dialog. This dialog gives you the option of changing the read and read/write passwords for access to the Switch via Web-based Interface/CLI/ SNMP.
  • Page 72 Protection from unauthorized access 6.1 Password for SNMP access Fig. 21: Password dialog Important: If you do not know a password with read/write access, you will not have write access to the Switch! Note: After changing the password for write access, restart the Web in- terface in order to access the Switch.
  • Page 73 Protection from unauthorized access 6.1 Password for SNMP access V Select the Security:SNMPv1/v2 Access dialog. This dialog gives you the option to select the access via SNMPv1 or SNMPv2. In the state on delivery both protocols are enabled. Thus you can manage the Switch via HiVision and communicate with earlier versions of SNMP.
  • Page 74 Protection from unauthorized access 6.1 Password for SNMP access Abb. 22: Dialog SNMPv1/v2 access V To create a new line in the table click "Create entry" . V To delete an entry select the line in the table and click "Delete". Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 75: Setting Telnet/Web Access

    Protection from unauthorized access 6.2 Setting Telnet/Web access 6.2 Setting Telnet/Web access 6.2.1 Description Telnet/Web access The Telnet server of the Switch allows you to configure the Switch using the Command Line Interface (in-band). You can switch off the Telnet server to prevent Telnet access to the Switch.

  • Page 76: Enabling/Disabling Telnet/Web Access

    Protection from unauthorized access 6.2 Setting Telnet/Web access 6.2.2 Enabling/disabling Telnet/Web access V Select the Security:Telnet/Web Access dialog. V Switch off the server to which you wish to disable access. V Enter the command enable to switch to the privileged EXEC mode. V Enter the command transport input telnet to switch on the telnet server.

  • Page 77: Disabling Hidiscovery Function

    Protection from unauthorized access 6.3 Disabling HiDiscovery function 6.3 Disabling HiDiscovery function 6.3.1 Description HiDiscovery protocol The HiDiscovery protocol (see “Entering the IP parameters via HiDiscovery” on page 35) allows you to assign an IP address to the Switch on the basis of its MAC address.

  • Page 78: Disabling Hidiscovery Function

    Protection from unauthorized access 6.3 Disabling HiDiscovery function 6.3.2 Disabling HiDiscovery function V Select the Basics:Network. dialog. V Switch off the HiDiscovery function in the “HiDiscovery Protocol” frame, or limit access to “read-only”. V Enter the command enable to switch to the privileged EXEC mode. V Enter the command network protocol hidiscovery off to switch off the HiDiscovery function.

  • Page 79: Port Access Control

    Protection from unauthorized access 6.4 Port access control 6.4 Port access control 6.4.1 Description port access control The Switch protects every port from unauthorized access. Depending of your choice the Switch checks the MAC address or the IP address of the connected device. The following functions are available for monitoring every individual port: Who has access to this port? The Switch recognizes 2 classes of access control:...

  • Page 80: Defining Port Access Control

    Protection from unauthorized access 6.4 Port access control 6.4.2 Defining port access control V Select the Security:Port Security dialog. V First select, whether you wish the MAC based or the IP based port security. V If you have selected MAC based you enter in the “Allowed MAC address”...
  • Page 81 Protection from unauthorized access 6.4 Port access control Fig. 23: Port Security dialog Note: This entry in the port configuration table is part of the configuration (“Loading/saving settings” on page 51) and is saved together with the configuration. Note: An alarm (trap) can only be sent if at least one recipient is entered under “Configuring traps”...

  • Page 82: Port Authentication

    Protection from unauthorized access 6.5 Port Authentication according to 802.1X 6.5 Port Authentication according to 802.1X 6.5.1 Description Port-Based Network Access Control (802.1X) The Port-Based Network Access Control is a method described in the standard IEEE 802.1X for the authentication and authorization of devices in IEEE 802 networks which are connected to a port of the Switch, and which want to access the Switch and/or the network connected to the Switch.

  • Page 83: Authentication Process

    Protection from unauthorized access 6.5 Port Authentication according to 802.1X 6.5.2 Authentication process A supplicant tries to communicate via a Switch port. The Switch requests authentication from the supplicant. At that time only EAPOL traffic is permitted between the supplicant and the Switch. The supplicant replies his identification data.
  • Page 84 Protection from unauthorized access 6.5 Port Authentication according to 802.1X 6.5.4 Setting 802.1X Configurating the Radius server V Select the Security:802.1x Port Authentication:RA- DIUS-Server dialog This dialog allows you to enter the data for one, two or three Radius servers. V Click on “Create entry”...

  • Page 85: Synchronizing The System Time Of The Network

    Synchronizing the System Time of the 7 Synchronizing the System Time of the Network The real meaning of the term real time depends on the time requirements of the application. The Switch provides two options with different levels of accuracy for synchronizing the time in your network.

  • Page 86: Entering The Time

    Synchronizing the System Time of the 7.1 Entering the Time 7.1 Entering the Time If there is no reference clock available, you can enter the system time in the Switch so that you can use it like a reference clock (see “PTP Global”...
  • Page 87 Synchronizing the System Time of the 7.1 Entering the Time V Enter the command enable to switch to the privileged EXEC mode. V Enter the command configure to change to the configuration mo- V Enter the command sntp time <YYYY-MM-DD HH:MM:SS> to set the Switch system time.

  • Page 88: Sntp

    Synchronizing the System Time of the 7.2 SNTP 7.2 SNTP 7.2.1 Descripton SNTP SNTP has a hierarchical structure. The SNTP Server places the UTC (Uni- versal Time Coordinated) at disposal. The UTC is the time which is refe- renced to Universal Time Coordinated. The display is the same worldwide. Local time differences are not taken into account.

  • Page 89: Preparing The Sntp Configuration

    Synchronizing the System Time of the 7.2 SNTP 7.2.2 Preparing the SNTP configuration V To gain an overview of how the system time is passed on, draw a network plan which shows all devices involved in SNTP. Please bear in mind that the accuracy of the system time depends on signal runtime.

  • Page 90: Configuring Sntp

    Synchronizing the System Time of the 7.2 SNTP 7.2.3 Configuring SNTP V Select the Time:SNTP dialog. Configuration SNTP Client and Server V In this frame you Switch the SNTP function on/off. When it is switched off, the SNTP server does not send any SNTP packages and does not reply to any SNTP requests.
  • Page 91 Synchronizing the System Time of the 7.2 SNTP Configuration SNTP-Client V In “External Server Address” you enter the IP address of the SNTP server from which the Switch periodically obtains the sy- stem time. V In “Redundant Server Address” you enter the IP address of the SNTP server from which the Switch periodically obtains the sy- stem time, if the Switch does not receive an answer from the “ex- ternal server address”...
  • Page 92 Synchronizing the System Time of the 7.2 SNTP Switch 149.218.112.1 149.218.112.2 149.218.112.3 Function Anycast destination address 224.0.1.1 224.0.1.1 224.0.1.1 Server VLAN ID Anycast send interval Client External server address 149.218.112.0 149.218.112.1 149.218.112.2 Server request interval Accept SNTP Broadcasts Tab. 5: Settings for the example (see Fig.

  • Page 93: Precison Time Protocol

    Synchronizing the System Time of the 7.3 Precison Time Protocol 7.3 Precison Time Protocol 7.3.1 Funtion description PTP The requirment for running time-critical applications over a LAN is a precise time management system. The IEEE 1588 standard with the Precision Time Protocol (PTP) describes a procedure that is based on the principle that one clock is the most precise and makes it possible to synchronize all clocks within a LAN.
  • Page 94 Synchronizing the System Time of the 7.3 Precison Time Protocol Cable delays; device delays The communication protocol defined by IEEE 1588 makes it possible to measure cable delays. Formulas for calculating the current time eliminate delays. Accuracy of local clocks The communication protocol defined by IEEE 1588 takes into account the inaccuracy of local clocks in relationship to the reference clock.
  • Page 95 Synchronizing the System Time of the 7.3 Precison Time Protocol The cable delays are relatively constant. Changes occur very slowly. This fact is taken into account by IEEE 1588 by performing measurements and calculations on a regular basis. IEEE ignores the inaccuracy caused by device delays and device jitter through the definition of “boundary clocks”.

  • Page 96: Preparing The Ptp Configuration

    Synchronizing the System Time of the 7.3 Precison Time Protocol Ordinary Clock Reference (Grandmaster Clock) Switch PTP Subdomain 1 Boundary Clock PTP Subdomain 2 Fig. 29: PTP- subdomains 7.3.2 Preparing the PTP configuration After the function is activated, the PTP takes over the configuration automatically.

  • Page 97: Configuring Ptp

    Synchronizing the System Time of the 7.3 Precison Time Protocol V Switch on the PTP function on all devices whose time you want to syn- chronize using PTP. V If there is no reference clock available, designate a Switch as reference clock, and set the system time as precisely as possible.
  • Page 98 Synchronizing the System Time of the 7.3 Precison Time Protocol PTP SyncLowerBound: Lower PTP synchronization threshold = difference between reference time and local time, entry in nanoseconds. If the difference between the local clock and the reference clock exceeds the value for the lower PTP synchroni- zation threshold, the local clock is considered to be synchronous with the reference clock.
  • Page 99 Synchronizing the System Time of the 7.3 Precison Time Protocol PTP ClockStratum: Qualification of the local clock (see Table 6 on page 91). PTP ClockIdentifier: Properties of the clock (e.g. accuracy, epoch, etc.). Fig. 30: PTP Global dialog PTP port PTP-Port enalble: Port sends/receives PTP synchronization messages, disable: Port blocks PTP synchronization messages.
  • Page 100 Synchronizing the System Time of the 7.3 Precison Time Protocol PTP port state master: Port is in the PTP master mode slave: Port is in the PTP slave mode. disabled: PTP function on this port is disabled. passive: Port is in the PTP passive mode. listening: Port has no information available and is awaiting synchronization messages.

  • Page 101: Interaction Ptp And Sntp

    Synchronizing the System Time of the 7.4 Interaction PTP and SNTP 7.4 Interaction PTP and SNTP According to PTP and SNTP, both protocols are permitted to coexist in one network. However, since both protocols influence the system time of the device, situations may occur in which both protocols compete with each other.

  • Page 102: Application Example

    Synchronizing the System Time of the 7.4 Interaction PTP and SNTP Application example: The requirements made to network time accuracy are rather high, how- ever the terminal devices exclusively support SNMP (see Fig. 32).. Switch 149.218.112.1 149.218.112.2 149.218.112.3 Operation Clock Mode ptp-mode- ptp-mode- ptp-mode-...

  • Page 103: Traffic Control

    Traffic control 8 Traffic control To optimize the data transmission, the Switch provides you with the following functions for controlling the network load: Settings for directed frame forwarding (MAC address filter) Multicast settings Broadcast limiter Prioritization Flow control Virtual LANs Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 104: Directed Frame Forwarding

    Traffic control 8.1 Directed frame forwarding 8.1 Directed frame forwarding Directed frame forwarding is a method used by the Switch to avoid unneces- sary increases in the network load. The Switch features the following directed frame forwarding functions: Store-and-forward Multiadress capability Aging of learned addresses Static address entries 8.1.1 Store-and-forward...

  • Page 105: Aging Of Learned Addresses

    Traffic control 8.1 Directed frame forwarding The Switch can learn up to 8000 addresses. This becomes necessary if more than one terminal device is connected to one or more ports. It is thus possible to connect several independent subnetworks to the Switch. 8.1.3 Aging of learned addresses The Switch monitors the age of the learned addresses.

  • Page 106: Entering Static Address Entries

    Traffic control 8.1 Directed frame forwarding 8.1.4 Entering static address entries One of the most important functions of a Switch is the filter function. It selects data packets according to certain defined patterns called filters. These patterns are associated with switching rules. This means that a data packet received at the port of a Switch is compared to the patterns.
  • Page 107 Traffic control 8.1 Directed frame forwarding V Select the Switching:Filter for MAC addresses dialog. In the filtering table each row represents one filter. Filters specify the way in which data packets are sent. They are set automatically by the Switch (learned status) or manually. Data packets whose destination addresses are entered in the table are sent from the receiving port to the ports marked in the table.

  • Page 108: Multicast Application

    Traffic control 8.2 Multicast application 8.2 Multicast application 8.2.1 Description multicast application The data distribution in the LAN distinguishes between three distribution classes with reference to the addressed recipient: Unicast - one recipient Multicast - a group of recipients Broadcast - every recipient that can be reached In the case of a Multicast address, Switches pass on all the data packets with a Multicast address to all the ports.

  • Page 109: Example Of A Multicast Application

    Traffic control 8.2 Multicast application 8.2.2 Example of a multicast application The cameras for machine surveillance normally transmit their images to monitor located in the machine room and in the monitoring room. In a IP transmission, a camera sends its image data with a multicast address over the network.

  • Page 110: Description Igmp Snooping

    Traffic control 8.2 Multicast application 8.2.3 Description IGMP snooping The Internet Group Management Protocol (IGMP) describes the distribution of Multicast information between routers and terminal devices on the Layer 3 level. Routers with an active IGMP function periodically send queries to find out which IP Multicast group members are connected to the LAN.
  • Page 111 Traffic control 8.2 Multicast application 8.2.4 Description GMRP The GARP Multicast Registration Protocol (GMRP) describes how multicast information is distributed to other Switches on layer 2 level. This makes it possible for Switches to learn multicast addresses. When a Multicast address is entered in the static address table, the Switch sends this informa- tion to all the ports.

  • Page 112: Setting Multicast Applications

    Traffic control 8.2 Multicast application 8.2.5 Setting multicast applications V Select the Switching:Multicasts dialog. Global Configuration With “IGMP Snooping” check box you can switch IGMP Snooping on/off globally for the entire Switch. If IGMP Snooping is switched off, then: the Switch does not evaluate Query and Report packets received it sends (floods) received data packets with a Multicast address as the target address to all ports.
  • Page 113 Traffic control 8.2 Multicast application IGMP Forward All per port This column of the table allows you to switch on/off the IGMP Snoo- ping function “Forward All” when the global IGMP Snooping is swit- ched on. With the “Forward All” setting, the Switch forwards all the data packets with a Multicast address in the target address field to this port.
  • Page 114 Traffic control 8.2 Multicast application Fig. 34: IGMP/GMRP dialog Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 115: Broadcast Limiter

    Traffic control 8.3 Broadcast Limiter 8.3 Broadcast Limiter 8.3.1 Description Broadcast Limiter To guarantee reliable data exchange during high broadcast traffic, the Switch can limit broadcast traffic. By entering a number for each port, you can set the number of broadcasts that can be sent out of this port within a second.

  • Page 116: Prioritization

    Traffic control 8.4 Prioritization 8.4 Prioritization 8.4.1 Description Prioritization This function prevents high priority data traffic being disrupted by other traffic during busy periods. The lower priority traffic will be discarded when the me- mory or transmission channel is overloaded. The Switch supports four priority queues (traffic classes in compliance with IEEE 802.1D-1998).

  • Page 117: Strict Priority

    Traffic control 8.4 Prioritization 8.4.2 Strict Priority With Strict priority, the Switch sends all data packets with a higher priority level before it sends a data packet with the next lower priority level. Thus the Switch does not send a data packet with the next lower priority until there are no other data packets waiting in the queue.
  • Page 118 Traffic control 8.4 Prioritization 42-1500 Octets min. 64, max. 1522 Octets Fig. 35: Ethernet data packet with tag 4 Octets Fig. 36: Tag-Format Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 119: Setting Prioritization

    Traffic control 8.4 Prioritization 8.4.4 Setting Prioritization V Select the Basics:Port Configuration.dialog. V In the “Port Priority” column, you can specify the priority (low, normal, high, admin) with which the Switch sends data packets which it re- ceives without a VLAN tag at this port. Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 120: Flow Control

    Traffic control 8.5 Flow control 8.5 Flow control 8.5.1 Description Flow control Flow control is a mechanism which acts as an overload protection. During periods of heavy traffic it holds off additional traffic. In the example (see Fig. 37) the functioning of flow control is displayed gra- phically.

  • Page 121: Setting Flow Control

    Traffic control 8.5 Flow control Flow control with a full duplex link In the example (see Fig. 37) there is a full duplex link between Work- station 2 and the Switch. Before the send queue of Port 2 overflows, the Switch sends a request to Workstation 2 to include a small break in the sending transmission.

  • Page 122: Vlans

    Traffic control 8.6 VLANs 8.6 VLANs 8.6.1 Description VLANs A virtual LAN (VLAN) consists of a group of network participants in one or more network segments who can communicate with each other as if they be- longed to the same LAN. VLAN Yellow VLAN Green MACH 3002...
  • Page 123 Traffic control 8.6 VLANs VLANs are based on logical (instead of physical) links and are flexible elements in the network design. The biggest advantage of VLANs is the possibility of forming user groups based on the participant function and not on their physical location or medium.

  • Page 124: Configuring Vlans

    Traffic control 8.6 VLANs Member set The member set is list of ports belonging to a VLAN. Every VLAN has a member set. Untagged set The untagged set is a list of the ports of a VLAN which send data packets without a tag.
  • Page 125 Traffic control 8.6 VLANs Note: Save the VLAN configuration to non-volatile memory (see Fig. 44). Note: The 256 available VLANs can use any VLAN ID in the range 1 to 4042. Note: In a HIPER-Ring with VLANs you should only operate devices with the software that supports this function, namely: Power MICE MICE Rel.

  • Page 126: Setting Up Vlans

    Traffic control 8.6 VLANs 8.6.3 Setting up VLANs V Select the Switching:VLAN:Static dialog. To set up VLANs, you first specify the desired VLANs in the VLAN static table: V After clicking on “Create”, you enter the appropriate VLAN ID. A new line appears in the table.

  • Page 127: Displaying The Vlan Configuration

    Traffic control 8.6 VLANs 8.6.4 Displaying the VLAN configuration V Select the Switching:VLAN:Current dialog. The Current table displays all configured VLANs. All refers to the local VLANs configured by GVRP. 8.6.5 Deleting the VLAN settings V Select the Switching:VLAN:Global dialog. The “Delete”...
  • Page 128 Traffic control 8.6 VLANs 149.218.112.76 VLAN Brown ID = 1 Network VLAN Yellow VLAN Green Management Station 149.218.112.208 Fig. 39: Example of a VLAN Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...
  • Page 129 Traffic control 8.6 VLANs Fig. 40: Creating a VLAN Fig. 41: Entering a VLAN ID V Repeat the steps: Creating a VLAN and Entering a VLAN ID for all VLANs. Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...
  • Page 130 Traffic control 8.6 VLANs Fig. 42: Assigning a VLAN any name and saving it Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...
  • Page 131 Traffic control 8.6 VLANs Fig. 43: Defining the VLAN membership of the ports. Ports 1.1 to 1.3 are assigned to the terminal devices of the yellow VLAN and ports 2.1 to 2.4 to the terminal devices of the green VLAN. As termi- nal devices normally do not sent data packets with a tag, the setting U must be selected here.
  • Page 132 Traffic control 8.6 VLANs Fig. 44: Saving the VLAN configuration Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...
  • Page 133 Traffic control 8.6 VLANs Fig. 45: Assigning the VLAN ID to the ports and saving it Ports 1.1 to 1.3 are assigned to the terminal devices of the yellow VLAN and therefore VLAN ID 2 and ports 2.1 to 2.4 are assigned to the termi- nal devices of the green VLAN and hence VLAN ID 3.
  • Page 134 Traffic control 8.6 VLANs Fig. 46: Saving the configuration to non-volatile memory Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 135: Operation Diagnostics

    Operation Diagnostics 9 Operation Diagnostics The Switch provides you with the following diagnostic tools for the function diagnosis: Sending traps Out-of-band signaling via signal contact Port status indication Event counter on port level SFP status indication TP cable diagnosis Topology discovery Reports Monitoring the traffic of a port (Portmirroring) Layer 2 Enhanced with Layer 2 Professional...

  • Page 136: Sending Traps

    Operation Diagnostics 9.1 Sending traps 9.1 Sending traps If unusual events occur during normal operation of the Switch, they are reported immediately to the management station. This is done by means of so-called traps - alarm messages - that bypass the polling procedure (“Polling”...

  • Page 137: Snmp Trap Listing

    Operation Diagnostics 9.1 Sending traps 9.1.1 SNMP trap listing All possible traps that can occur are listed in the following table. Trap description Meaning authenticationFailure is sent if a station attempts to access an agent without permission. coldStart is sent for a cold and warm start during the boot process after successful management initialization.

  • Page 138: Snmp Traps When Booting

    Operation Diagnostics 9.1 Sending traps 9.1.2 SNMP traps when booting The ColdStart trap is sent during every boot procedure. Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 139: Configuring Traps

    Operation Diagnostics 9.1 Sending traps 9.1.3 Configuring traps V Select the Diagnostics:Alarms (Traps) dialog. This dialog allows you to specify which events trigger an alarm (trap) and to whom these alarms should be sent. V In the “IP Address” column, enter the IP address of a network management station to which the traps should be sent.
  • Page 140 Operation Diagnostics 9.1 Sending traps V The events which can be selected are: Name Bedeutung Authentication The Switch has rejected an unauthorized access attempt (see the Access for IP Addresses und Port Security dialog). Cold Start The Switch has been switched off. Link Down At one port of the Switch, the link to the device connected there has been interrupted.

  • Page 141: Out-Of-Band Signaling

    Operation Diagnostics 9.2 Out-of-band signaling 9.2 Out-of-band signaling The signal contacts are for controlling external devices by manually setting the signal contacts. monitoring proper functioning of the Switch which makes it possible to perform remote diagnostics. A break in contact is reported via the potential-free signal contact (relay contact, closed circuit): Faulty power supply: the failure of the supply voltage 1/2,...

  • Page 142: Manual Setting The Signal Contact

    Operation Diagnostics 9.2 Out-of-band signaling 9.2.1 Manual setting the signal contact This mode gives you the option of remote switching each signal individually. Application options: Simulation of an error during SPS error monitoring. Remote control of a device via SNMP, such as switching on a camera.. V Select the Diagnostics:Signal Contact 1/2 dialog.

  • Page 143: Monitoring Correct Operation Via The Signal Contact

    Operation Diagnostics 9.2 Out-of-band signaling 9.2.2 Monitoring correct operation via the signal contact Configuring the signal contact V Select the Diagnostics:Signal Contact dialog. V Select “Monitoring correct operation” in the frame “Mode Signal con- tact”, to use the contact for function monitoring. V Select in the frame “Monitoring correct operation”...
  • Page 144 Operation Diagnostics 9.2 Out-of-band signaling Fig. 49: Signal contact dialog Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 145: Port Status Indication

    Operation Diagnostics 9.3 Port status indication 9.3 Port status indication V Select the Basics:System dialog. The device view displays the Switch with the current configuration. The symbols underneath the device view represent the status of the individu- al ports. Abb. 50: Eaxample for a device view Meaning of the symbols: The port (10, 100, 1000 MBit/s) is enabled and the connection is OK.
  • Page 146 Operation Diagnostics 9.3 Port status indication The port is in autonegotiation mode. Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 147: Event Counter On Port Level

    Operation Diagnostics 9.4 Event counter on port level 9.4 Event counter on port level The port statistics table allows experienced network administrators to identify possible problems occuring in the network. This table shows you the contents of various event counters. After a restart, all the event counters begin again at zero.
  • Page 148 Operation Diagnostics 9.4 Event counter on port level Fig. 51: Port statistic table Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 149: Displaying The Sfp Status

    Operation Diagnostics 9.5 Displaying the SFP Status 9.5 Displaying the SFP Status By having the SFP status displayed you can view the current connection to the SFP modules and their properties. The properties include: module type, support provided in the media module temperature in degrees Celsius transmission power in milliwatts reception power in milliwatts...
  • Page 150 Operation Diagnostics 9.6 TP cable diagnosis 9.6 TP cable diagnosis The TP cable diagnosis allows you to check the connected cables for short circuits or interruptions. Note: While the check is being carried out, the data traffic at this port is suspended.

  • Page 151: Topology Discovery

    Operation Diagnostics 9.7 Topology discovery 9.7 Topology discovery 9.7.1 Description Topology discovery IEEE 802.1AB describes the Link Layer Discovery Protocol (LLDP). LLDP allows users to automatically detect the topology of their LANs. A device with active LLDP sends its own connection and management information to neighboring devices of the shared LAN, in as far as they have also LLDP activated.
  • Page 152 LLDP packets. Consequently, a non-LLDP-capable device between two LLDP-capable devices prevents the exchange of LLDP infor- mation. To avoid this, Hirschmann Switch send additional LLDP packets to the Hirschmann Multicast-MAC address 01:80:63:2F:FF:0B. Hirschmann Switch with the LLDP function are thus also able to exchange LLDP informa- tion with each other via devices which themselves are not LLDP-capable.

  • Page 153: Displaying The Topology Discovery

    Operation Diagnostics 9.7 Topology discovery 9.7.2 Displaying the topology discovery V Select the Diagnostics:Topology Discovery dialog. This dialogue offers you the possibility to switch on/off the function for topology discovery (LLDP). The topology table shows you the selected information to neighbour devices.
  • Page 154 Operation Diagnostics 9.7 Topology discovery If several devices are connected to a port, for example via a hub, the table shows one line for each connected device. devices with active topology discovery function and devices without active topology discovery function are connected to a port, the topology table hides the devices without ac- tive topology discovery.

  • Page 155: Reports

    Operation Diagnostics 9.8 Reports 9.8 Reports For diagnosis purposes, the Switch allows you to use the following reports: Log Filei The Log File is an HTML file in which the Switch records all important device internal events. System Information The system information in an HTML file containing all system relevant data.

  • Page 156: Monitoring Port Traffic (Port Mirroring)

    Operation Diagnostics 9.9 Monitoring port traffic (port mirroring) 9.9 Monitoring port traffic (port mirroring) In port mirroring, the data traffic related to a port, the source port, is copied to another port, the destination port. Data traffic at the source port is not in- fluenced by port mirroring.
  • Page 157 Operation Diagnostics 9.9 Monitoring port traffic (port mirroring) V Select „enabled“, to enable the function. The “Delete” button in the dialog allows you to restore all the default port mirroring settings (state on delivery). Note: In active port mirroring, the specified port is used solely for obser- vation purposes.
  • Page 158 Operation Diagnostics 9.9 Monitoring port traffic (port mirroring) Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 159: A Setting Up Dhcp Server And Tftp

    Setting up DHCP Server and TFTP Apendix A: Setting up DHCP Server and TFTP Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 160: Setting Up Dhcp/Bootp Server

    Setting up DHCP Server and TFTP A.1 Setting up DHCP/BOOTP Server A.1 Setting up DHCP/BOOTP Server On the CDROM supplied with the switch you will find the software for a DHCP server from the software development company IT-Consulting Dr. Herbert Hanewinkel.
  • Page 161 Setting up DHCP Server and TFTP A.1 Setting up DHCP/BOOTP Server V Open the window for the program settings in the menu bar: Options:Preferences and select the DHCP tab page.Enter the settings shown in the illustration and click on OK. Fig.
  • Page 162 Setting up DHCP Server and TFTP A.1 Setting up DHCP/BOOTP Server V Enter the network mask and click on Accept. Fig. 59: Network mask in the configuration profile V Select the Boot tab page. V Enter the IP address of your tftp server. V Enter the path and the file name for the configuration file.
  • Page 163 Setting up DHCP Server and TFTP A.1 Setting up DHCP/BOOTP Server V Add a profile for each device type. If devices of the same type have different configurations, then you add a profile for each configuration. To complete the addition of the configuration profiles, click on OK. Fig.
  • Page 164 Setting up DHCP Server and TFTP A.1 Setting up DHCP/BOOTP Server V Click on New. Fig. 63: Adding static addresses V Enter the MAC address of the switch. V Enter the IP address of the switch. V Select the configuration profile of the switch. V Click on Accept and then on OK.
  • Page 165 Setting up DHCP Server and TFTP A.1 Setting up DHCP/BOOTP Server V Add an entry for each device that will get its parameters from the DHCP server. Fig. 65: DHCP server with entries Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 166: Setting Up Dhcp Server Option

    Setting up DHCP Server and TFTP A.2 Setting up DHCP Server Option 82 A.2 Setting up DHCP Server Option 82 On the CDROM supplied with the switch you will find the software for a DHCP server from the software development company IT-Consulting Dr. Herbert Hanewinkel.
  • Page 167 Setting up DHCP Server and TFTP A.2 Setting up DHCP Server Option 82 V Select static. Fig. 67: Static address input V Open the window for the program settings in the menu bar: Options:Preferences and select the DHCP tab page. V Select the DHCP tab page.
  • Page 168 Setting up DHCP Server and TFTP A.2 Setting up DHCP Server Option 82 V To enter the static addresses, click on Add. Fig. 69: Adding static addresses V Select Circuit Identifier and Remote Identifier. Fig. 70: Default setting for the fixed address assignment Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...
  • Page 169 ID cl: length of the circuit ID hh: Hirschmann identifier: 01 if a Hirschmann switch is connected to the port, otherwise 00. vvvv: VLAN ID of the DHCP request (default: 0001 = VLAN 1) ss: socket of switch at which the module with that port is located to which the device is connected.
  • Page 170 Setting up DHCP Server and TFTP A.2 Setting up DHCP Server Option 82 Switch (Option 82) h H h H MACH 3002 MICE MAC address = IP = 00:80:63:10:9a:d7 149.218.112.100 DHCP server IP = 149.218.112.1 IP = 149.218.112.100 Fig. 72: Application example of using Option 82 Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 171: Tftp Server For Software Updates

    Setting up DHCP Server and TFTP A.3 tftp server for software updates A.3 tftp server for software updates On delivery, the switch software is held in the flash memory. The Switch boots the software from the flash memory. Software updates can be realized via a tftp server. This presupposes that a tftp server has been installed in the connected network and that it is active.

  • Page 172: Setting Up The Tftp Process

    Setting up DHCP Server and TFTP A.3 tftp server for software updates A.3.1 Setting up the tftp process General prerequisites: The local address of the Switch and the IP address of the tftp servers or the gateway are known to the Switch. The TCP/IP stack with tftp is installed on tftp server.
  • Page 173 Setting up DHCP Server and TFTP A.3 tftp server for software updates You can obtain additional information about the tftpd daemon tftpd with the UNIX command “man tftpd”. Hinweis: The command “ps” does not always show the tftp daemon, alt- hough it is actually running.
  • Page 174 Setting up DHCP Server and TFTP A.3 tftp server for software updates Checking the tftp process Edit the file /etc/inetd.conf Is tftp* commented out? Delete the comment character »#« from this line Re-initialize inetd.conf by entering kill-1 PID Problems with the tftp server? cd /tftpboot/mice tftp <tftp-Servername>...

  • Page 175: Software Access Rights

    Setting up DHCP Server and TFTP A.3 tftp server for software updates A.3.2 Software access rights The agent needs read permission to the tftp directory with the Switch soft- ware. Example of a UNIX tftp server Once Switch software has been installed, the tftp server should have the following directory structure with the stated access rights: Filename Access...
  • Page 176 Setting up DHCP Server and TFTP A.3 tftp server for software updates Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 177: B General Information

    General Information Appendix B: General Information Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 178: Hirschmann Competence

    General Information B.1 Hirschmann Competence B.1 Hirschmann Competence In the longterm, product excellence alone is not an absolute guarantee of a successful project implementation. Comprehensive service makes a diffe- rence worldwide. In the current scenario of global competition, the Hirsch-...

  • Page 179: Faq

    General Information B.2 FAQ B.2 FAQ Answers to frequently asked questions can be found at the Hirschmann Website: www.hirschmann.com Under Products/Support inside Automation and Network Soluti- ons is located on the pages Products the area FAQ. For detailed information on all services offered by the Hirschmann Competence Center, please visit the Web site http://www.hicomcenter.com/.

  • Page 180: Management Information Base Mib

    General Information B.3 Management Information BASE MIB B.3 Management Information BASE MIB The Management Information Base (MIB) is designed in the form of an ab- stract tree structure. The branching points are the object classes. The “leaves” of the MIB are called generic object classes.
  • Page 181 General Information B.3 Management Information BASE MIB System User Interface Upper (e.g. threshold value) Vendor = manufacturer (Hirschmann) Definition of the syntax terms used: Integer An integer in the range 0 - 2 IP address xxx.xxx.xxx.xxx (xxx = integer in the range 0-255)
  • Page 182 16 rmon 17 dot1dBridge 26 snmpDot3MauMGT Fig. 74: Tree structure of the Hirschmann MIB A complete description of the MIB can be found on the CD-ROM that is included with the device. Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

  • Page 183: Used Abbreviations

    General Information B.4 Used abbreviations B.4 Used abbreviations AutoConfiguration Adapter BOOTP Bootstrap Protocol Command Line Interface DHCP Dynamic Host Configuration Protocol) Forwarding Database GARP General Attribute Registration Protocol GMRP GARP Multicast Registration Protocol http Hypertext Transfer Protocol ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol Internet Protocoll...

  • Page 184: List Of Rfc's

    General Information B.5 List of RFC's B.5 List of RFC's RFC 768 (UDP) RFC 783 (TFTP) RFC 791 (IP) RFC 792 (ICMP) RFC 793 (TCP) RFC 826 (ARP) RFC 854 (Telnet) RFC 855 (Telnet Option) RFC 951 (BOOTP) RFC 1112 (IGMPv1) RFC 1157 (SNMPv1) RFC 1155 (SMIv1) RFC 1212 (Concise MIB Definitions)
  • Page 185 General Information B.5 List of RFC's RFC 2574 (User Based Security Model for SNMP v3) RFC 2575 (View Based Access Control Model for SNMP) RFC 2576 (Coexistence between SNMP v1,v2 & v3) RFC 2578 (SMI v2) RFC 2579 (Textual Conventions for SMI v2) RFC 2580 (Conformance statements for SMI v2) RFC 2613 (SMON) RFC 2618 (RADIUS Authentication Client MIB)

  • Page 186: Based Ieee Standards

    General Information B.6 Based IEEE standards B.6 Based IEEE standards IEEE 802.1AB Topologie Discovery (LLDP) IEEE 802.1 D Switching, GARP, GMRP, Spanning Tree (Supported via 802.1S implementation IEEE 802.1 D-1998 Media access control (MAC) bridges (includes IEEE 802.1p Priority and Dynamic Multi- cast Filtering, GARP, GMRP) IEEE 802.1 Q-1998 Virtual Bridged Local Area Networks (VLAN Tagging, Port Based VLANs, GVRP)

  • Page 187: Technical Data

    General Information B.7 Technical Data B.7 Technical Data Switch MAC address table up to 8000 entries Static address filter up to 100 entries VLAN VLAN ID 1 to 4042 (MACH 4000: 3966) Number of VLANs max. 256 simultaneously per switch max.

  • Page 188: Copyright Of Integrated Software

    General Information B.8 Copyright of integrated software B.8 Copyright of integrated soft- ware B.8.1 Bouncy Castle Crypto APIs (Java) The Legion Of The Bouncy Castle Copyright (c) 2000 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies...

  • Page 189: B.9 Reader's Comments

    General Information B.9 Reader's comments B.9 Reader's comments What is your opinion of this manual? We are always striving to provide as comprehensive a description of our product as possible, as well as important information that will ensure trouble-free operation. Your comments and suggestions help us to further improve the quality of our documentation.
  • Page 190 ......................Dear User, Please fill out and return this page − by fax to the number +49 (0)7127/14-1798 or − by mail to Hirschmann Automation and Control GmbH Department AMM Stuttgarter Str. 45 - 51 72654 Neckartenzlingen Germany Layer 2 Enhanced with Layer 2 Professional...

  • Page 191: Index

    Index Index 37, 53, 60, 62, 136 Access right Faulty Device Replacement Address table Aging Time 103, 108 Filter Alarm 80, 135 Filter table Alarm messages First installation Allowed MAC address Flow control APNIC Forwarding Database ARIN Authentication AutoConfiguration Adapter gateway Generic object classes GMRP...
  • Page 192 Index LLDP PTP is Synchronized Local clock PTP Offset To Master Logical communication path PTP Parent UUID Login PTP Port Burst PTP Preferred Master PTP Subdomain Name PTP synchronization interval MAC address 43, 48, 77, 80 PTP synchronization threshold MAC destination address PTP-Subdomain Master Master clock...
  • Page 193 Index TCP/IP stack Telnet Temperature threshold Time management Time stamp unit Topology Traffic classes Transmission security Trap 80, 132, 135 Trap destination table Trivial File Transfer Protocol Type field Unicast Unique Universal Identifier Universal Time Coordinated Untagged set Update User group Username UUID V.24...
  • Page 194 Index Layer 2 Enhanced with Layer 2 Professional Release 1.0 10/05...

This manual is also suitable for:

Rs30, ms20Rs20

Table of Contents