Page 1: User Manual
User Manual Basic Configuration Industrial ETHERNET (Gigabit) Switch PowerMICE, MACH 1040, MACH 4000 UM Basic Configuration L3P Technical Support Release 7.1 12/2011 HAC.Support@Belden.com...
Page 2 In addition, we refer to the conditions of use specified in the license contract. You can get the latest version of this manual on the Internet at the Hirschmann product site (www.beldensolutions.com). Printed in Germany Hirschmann Automation and Control GmbH Stuttgarter Str.
Page 3: Table Of Contents
Contents Contents About this Manual Introduction Access to the user interfaces System Monitor Command Line Interface Web-based Interface Entering the IP Parameters IP Parameter Basics 2.1.1 IP address (version 4) 2.1.2 Netmask 2.1.3 Classless Inter-Domain Routing Entering IP parameters via CLI Entering the IP Parameters via HiDiscovery Loading the system configuration from the ACA System configuration via BOOTP...
Page 4 Contents 3.2.1 Saving locally (and on the ACA) 3.2.2 Saving in a binary file or a script file on a URL 3.2.3 Saving to a binary file on the PC 3.2.4 Saving as a script on the PC 3.2.5 Saving as an offline configuration file on the PC Loading Software Updates Loading the Software manually from the ACA 4.1.1 Selecting the software to be loaded...
Page 5 8.2.4 Setting IGMP Snooping 8.2.5 Description of GMRP 8.2.6 Setting GMRP Rate Limiter 8.3.1 Description of the Rate Limiter 8.3.2 Load limiter settings (PowerMICE and MACH 4000) 8.3.3 Load limiter settings QoS/Priority 8.4.1 Description of Prioritization 8.4.2 VLAN tagging 8.4.3 IP ToS / DiffServ UM Basic Configuration L3P Release 7.1 12/2011...
Page 6 Contents 8.4.4 Management prioritization 8.4.5 Handling of Received Priority Information 8.4.6 Handling of Traffic Classes 8.4.7 Setting prioritization Flow Control 8.5.1 Description of Flow Control 8.5.2 Setting the Flow Control VLANs 8.6.1 VLAN Description 8.6.2 Examples of VLANs 8.6.3 Double VLAN Tagging Operation Diagnosis Sending Traps 9.1.1 List of SNMP traps...
Page 7 Contents 9.12 Monitoring Data Traffic at Ports (Port Mirroring) 9.13 Syslog 9.14 Event Log EtherNet/IP 10.1 Integration into a Control System 10.2 EtherNet/IP Parameters 10.2.1 Identity Object 10.2.2 TCP/IP Interface Object 10.2.3 Ethernet Link Object 10.2.4 Ethernet Switch Agent Object 10.2.5 RSTP Bridge Object 10.2.6 RSTP Port Object 10.2.7 I/O Data...
Page 8 Contents UM Basic Configuration L3P Release 7.1 12/2011...
Page 9: About This Manual
About this Manual About this Manual The “Basic Configuration” user manual contains the information you need to start operating the device. It takes you step by step from the first startup operation through to the basic settings for operation in your environment. The following thematic sequence has proven itself in practice: ...
Page 10 SNMP/OPC gateway. Maintenance  Hirschmann are continually working on improving and developing their software. You should regularly check whether there is a new version of the software that provides you with additional benefits. You will find software information and downloads on the product pages of the Hirschmann website.
Page 11: Key
The designations used in this manual have the following meanings:  List Work step  Subheading  Link Cross-reference with link Note: A note emphasizes an important fact or draws your attention to a dependency. ASCII representation in user interface Courier Execution in the Graphical User Interface (Web-based Interface user interface) Execution in the Command Line Interface user interface...
Page 12 Bridge A random computer Configuration Computer Server PLC - Programmable logic controller I/O - Robot UM Basic Configuration L3P Release 7.1 12/2011...
Page 13: Introduction
Introduction Introduction The device has been developed for use in a harsh industrial environment. Accordingly, the installation process has been kept simple. Thanks to the selected default settings, you only have to enter a few settings before starting to operate the device. Note: The changes you make in the dialogs are copied into the volatile memory of the device when you click on "Set".
Page 14 Introduction UM Basic Configuration L3P Release 7.1 12/2011...
Page 15: Access To The User Interfaces
Access to the user interfaces 1 Access to the user interfaces The device has 3 user interfaces, which you can access via different interfaces:  System monitor via the V.24 interface (out-of-band)  Command Line Interface (CLI) via the V.24 connection (out-of-band) as well as Telnet or SSH (in-band) ...
Page 16: System Monitor
Access to the user interfaces 1.1 System Monitor 1.1 System Monitor The system monitor enables you to  select the software to be loaded  perform a software update  start the selected software  shut down the system monitor ...
Page 17 Access to the user interfaces 1.1 System Monitor < Device Name (Boot) Release: 1.00 Build: 2005-09-17 15:36 > Press <1> to enter System Monitor 1 ... Figure 1: Screen display during the boot process  Press the <1> key within one second to start system monitor 1. System Monitor (Selected OS: L3P-06.0.00 (2010-09-09 09:09)) Select Boot Operating System...
Page 18: Command Line Interface
Access to the user interfaces 1.2 Command Line Interface 1.2 Command Line Interface The Command Line Interface enables you to use the functions of the device via a local or remote connection. The Command Line Interface provides IT specialists with a familiar environment for configuring IT devices.
Page 19 Command Line Interface via Telnet. A window for entering the user name appears on the screen. Up to 5 users can access the Command Line Interface. Copyright (c) 2004-2010 Hirschmann Automation and Control GmbH All rights reserved PowerMICE Release L3P-06.0.00...
Page 20 NOTE: Enter '?' for Command Help. Command help displays all options that are valid for the 'normal' and 'no' command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann Product) > Figure 4: CLI screen after login UM Basic Configuration L3P Release 7.1 12/2011...
Page 21: Web-Based Interface
Access to the user interfaces 1.3 Web-based Interface 1.3 Web-based Interface The user-friendly Web-based interface gives you the option of operating the device from any location in the network via a standard browser such as Mozilla Firefox or Microsoft Internet Explorer. As a universal access tool, the Web browser uses an applet which communicates with the device via the Simple Network Management Protocol (SNMP).
Page 22 Access to the user interfaces 1.3 Web-based Interface Figure 5: Installing Java  Start your Web browser.  Make sure that you have activated JavaScript and Java in the security settings of your browser.  Establish the connection by entering the IP address of the device which you want to administer via the Web-based management in the address field of the Web browser.
Page 23 Access to the user interfaces 1.3 Web-based Interface Figure 6: Login window  Select the desired language.  In the drop-down menu, you select – user, to have read access, or – admin, to have read and write access to the device. ...
Page 24 Access to the user interfaces 1.3 Web-based Interface Note: You can block your access to the device by entering an incorrect configuration. Activating the function “Cancel configuration change” in the “Load/Save” dialog enables you to return automatically to the last configuration after a set time period has elapsed.
Page 25: Entering The Ip Parameters
Entering the IP Parameters 2 Entering the IP Parameters The IP parameters must be entered when the device is installed for the first time. The device provides 7 options for entering the IP parameters during the first installation:  Entry using the Command Line Interface (CLI). You choose this “out of band”...
Page 26 Entering the IP Parameters  Configuration via DHCP Option 82. You choose this “in-band” method if you want to configure the installed device using DHCP Option 82. You need a DHCP server with Option 82 for this. The DHCP server assigns the configuration data to the device using its physical connection (see page 49 “System Configuration via DHCP Option...
Page 27: Ip Parameter Basics
Entering the IP Parameters 2.1 IP Parameter Basics 2.1 IP Parameter Basics 2.1.1 IP address (version 4) The IP addresses consist of 4 bytes. These 4 bytes are written in decimal notation, separated by a decimal point. Since 1992, five classes of IP address have been defined in the RFC 1340. Class Network Host address...
Page 28: Netmask
Entering the IP Parameters 2.1 IP Parameter Basics Net ID - 7 bits Host ID - 24 bits Class A Net ID - 14 bits Host ID - 16 bits Class B Net ID - 21 bits Host ID - 8 bit s Class C Multicast Group ID - 28 bits Class D...
Page 29 Entering the IP Parameters 2.1 IP Parameter Basics Example of a netmask: Decimal notation 255.255.192.0 Binary notation 11111111.11111111.11000000.00000000 Subnetwork mask bits Class B Example of IP addresses with subnetwork assignment when the above subnet mask is applied: Decimal notation 129.218.65.17 128 <...
Page 30 Entering the IP Parameters 2.1 IP Parameter Basics Example of how the network mask is used  In a large network it is possible that gateways and routers separate the management agent from its management station. How does addressing work in such a case? Romeo Juliet Lorenzo...
Page 31: Classless Inter-Domain Routing
Entering the IP Parameters 2.1 IP Parameter Basics Lorenzo receives the letter and removes the outer envelope. From the inner envelope he recognizes that the letter is meant for Juliet. He places the inner envelope in a new outer envelope and searches his address list (the ARP table) for Juliet's MAC address.
Page 32 Entering the IP Parameters 2.1 IP Parameter Basics Since 1993, RFC 1519 has been using Classless Inter-Domain Routing (CIDR) to provide a solution. CIDR overcomes these class boundaries and supports classless address ranges. With CIDR, you enter the number of bits that designate the IP address range. You represent the IP address range in binary form and count the mask bits that designate the netmask.
Page 33: Entering Ip Parameters Via Cli
Entering the IP Parameters 2.2 Entering IP parameters via CLI 2.2 Entering IP parameters via If you do not configure the system via BOOTP/DHCP, DHCP Option 82, the HiDiscovery protocol or the AutoConfiguration Adapter (ACA), then you perform the configuration via the V.24 interface using the CLI. Entering IP addresses Connect the PC with terminal program started to the RJ11 socket...
Page 34 NOTE: Enter '?' for Command Help. Command help displays all options that are valid for the 'normal' and 'no' command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann PowerMICE) >  Deactivate DHCP.  Enter the IP parameters. ...
Page 35 Entering the IP Parameters 2.2 Entering IP parameters via CLI  Save the configuration entered using copy system:running-config nvram:startup-config. Switch to the privileged EXEC mode. enable Deactivate DHCP. network protocol none Assign the device the IP address 10.0.1.23 and network parms 10.0.1.23 the netmask 255.255.255.0.
Page 36: Entering The Ip Parameters Via Hidiscovery
Entering the IP Parameters 2.3 Entering the IP Parameters via HiDiscovery 2.3 Entering the IP Parameters via HiDiscovery The HiDiscovery protocol enables you to assign IP parameters to the device via the Ethernet. You can easily configure other parameters via the Web-based interface (see the "GUI"...
Page 37 Entering the IP Parameters 2.3 Entering the IP Parameters via HiDiscovery When HiDiscovery is started, HiDiscovery automatically searches the network for those devices which support the HiDiscovery protocol. HiDiscovery uses the first network interface found for the PC. If your computer has several network cards, you can select the one you desire in the HiDiscovery toolbar.
Page 38 Entering the IP Parameters 2.3 Entering the IP Parameters via HiDiscovery Note: Save the settings so that you will still have the entries after a restart (see on page 55 “Loading/saving settings”). UM Basic Configuration L3P Release 7.1 12/2011...
Page 39: Loading The System Configuration From The Aca
Entering the IP Parameters 2.4 Loading the system configuration from the ACA 2.4 Loading the system configuration from the ACA The AutoConfiguration Adapter (ACA) is a device for  for saving the device configuration data and  saving the device software. If a device becomes inoperative, the ACA allows the configuration data to be re-applied to a replacement device of the same type.
Page 40 Entering the IP Parameters 2.4 Loading the system configuration from the ACA Figure 12: Flow chart of loading configuration data from the ACA 1 – Device start-up 2 – ACA plugged-in? 3 – Password in device and ACA identical? 3a – Default password in device? 4 –...
Page 41: System Configuration Via Bootp
Entering the IP Parameters 2.5 System configuration via BOOTP 2.5 System configuration via BOOTP When it is started up via BOOTP (bootstrap protocol), a device receives its configuration data in accordance with the “BOOTP process” flow chart (see fig. 13). Note: In its delivery state, the device gets its configuration data from the DHCP server.
Page 42 Entering the IP Parameters 2.5 System configuration via BOOTP switch_01:ht=ethernet:ha=008063086501:ip=10.1.112.83:tc=.global: switch_02:ht=ethernet:ha=008063086502:ip=10.1.112.84:tc=.global: Lines that start with a ‘#’ character are comment lines. The lines under “.global:” make the configuration of several devices easier. With the template (tc) you allocate the global configuration data (tc=.global:) to each device .
Page 43 Entering the IP Parameters 2.5 System configuration via BOOTP Start-up Load default configuration Device in initalization Device runs with settings from local flash Send DHCP DHCP/ BOOTP BOOTP? Requests Reply from Save IP parameter DHCP/BOOTP and config file URL server? locally initialize IP stack with IP parameters...
Page 44 Entering the IP Parameters 2.5 System configuration via BOOTP Load remote Start tftp process configuration from with config URL of DHCP? file URL of DHCP tftp successful? Load transferred config file Save transferred config file local and set boot configuration to local Loading of configurations data...
Page 45 Entering the IP Parameters 2.5 System configuration via BOOTP Note: The loading process started by DHCP/BOOTP (see on page 41 “System configuration via BOOTP”) shows the selection of “from URL & save locally” in the “Load” frame. If you get an error message when saving a configuration, this could be due to an active loading process.
Page 46: System Configuration Via Dhcp
Entering the IP Parameters 2.6 System Configuration via DHCP 2.6 System Configuration via DHCP The DHCP (Dynamic Host Configuration Protocol) is a further development of BOOTP, which it has replaced. The DHCP additionally allows the configuration of a DHCP client via a name instead of via the MAC address. For the DHCP, this name is known as the “client identifier”...
Page 47 Entering the IP Parameters 2.6 System Configuration via DHCP Option Meaning Subnet Mask Time Offset Router Time server Host Name NTP server Client Identifier TFTP Server Name Bootfile Name Table 3: DHCP options which the device requests The advantage of using DHCP instead of BOOTP is that the DHCP server can restrict the validity of the configuration parameters (“Lease”) to a specific time period (known as dynamic address allocation).
Page 48 Entering the IP Parameters 2.6 System Configuration via DHCP Example of a DHCP-configuration file: # /etc/dhcpd.conf for DHCP Daemon subnet 10.1.112.0 netmask 255.255.240.0 { option subnet-mask 255.255.240.0; option routers 10.1.112.96; # Host berta requests IP configuration # with her MAC address host berta { hardware ethernet 00:80:63:08:65:42;...
Page 49: System Configuration Via Dhcp Option
Entering the IP Parameters 2.7 System Configuration via DHCP Option 82 2.7 System Configuration via DHCP Option 82 As with the classic DHCP, on startup an agent receives its configuration data according to the “BOOTP/DHCP process” flow chart (see fig. 13).
Page 50: Web-Based Ip Configuration
Entering the IP Parameters 2.8 Web-based IP Configuration 2.8 Web-based IP Configuration Use the Basic Settings:Network dialog to define the source from which the device receives its IP parameters after startup, assign the IP parameters and VLAN ID, and configure the HiDiscovery access. UM Basic Configuration L3P Release 7.1 12/2011...
Page 51 Entering the IP Parameters 2.8 Web-based IP Configuration Figure 16: Network parameters dialog  Under “Mode”, you enter where the device gets its IP parameters:  In the BOOTP mode, the configuration is via a BOOTP or DHCP server on the basis of the MAC address of the device (see page 272 “Setting up a DHCP/BOOTP Server”).
Page 52 Entering the IP Parameters 2.8 Web-based IP Configuration  The “VLAN” frame enables you to assign a VLAN to the management CPU of the device. If you enter 0 here as the VLAN ID (not included in the VLAN standard version), the management CPU will then be accessible from all VLANs.
Page 53: Faulty Device Replacement
Entering the IP Parameters 2.9 Faulty Device Replacement 2.9 Faulty Device Replacement The device provides 2 plug-and-play solutions for replacing a faulty device with a device of the same type (faulty device replacement):  Configuring the new device using an AutoConfiguration Adapter (see on page 39 “Loading the system configuration from the ACA”) ...
Page 54 Entering the IP Parameters 2.9 Faulty Device Replacement UM Basic Configuration L3P Release 7.1 12/2011...
Page 55: Loading/Saving Settings
Loading/saving settings 3 Loading/saving settings The device saves settings such as the IP parameters and the port configuration in the temporary memory. These settings are lost when you switch off or reboot the device. The device allows you to do the following: ...
Page 56: Loading Settings
Loading/saving settings 3.1 Loading settings 3.1 Loading settings When it is restarted, the device loads its configuration data from the local non-volatile memory. The prerequisites for this are:  You have not connected an AutoConfiguration Adapter (ACA) and  the IP configuration is “local”. During a restart, the device also allows you to load settings from the following sources: ...
Page 57: Loading From The Local Non-Volatile Memory
Loading/saving settings 3.1 Loading settings During operation, the device allows you to load settings from the following sources:  the local non-volatile memory  a file in the connected network (setting on delivery)  a binary file or an editable and readable script on the PC and ...
Page 58: Loading From A File
Loading/saving settings 3.1 Loading settings 3.1.2 Loading from a file The device allows you to load the configuration data from a file in the connected network if there is no AutoConfiguration Adapter connected to the device.  Select the Basics: Load/Save dialog. ...
Page 59 Loading/saving settings 3.1 Loading settings Example of loading from a tftp server  Before downloading a file from the tftp server, you have to save the configuration file in the corresponding path of the tftp servers with the file name, e.g. switch/switch_01.cfg (see on page 66 “Saving in a binary file or a script file on a URL”).
Page 60: Resetting The Configuration To The State On Delivery
Loading/saving settings 3.1 Loading settings Note: The loading process started by DHCP/BOOTP (see on page 41 “System configuration via BOOTP”) shows the selection of “from URL & save locally” in the “Load” frame. If you get an error message when saving a configuration, this could be due to an active loading process.
Page 61: Loading From The Autoconfiguration Adapter
Loading/saving settings 3.1 Loading settings 3.1.4 Loading from the AutoConfiguration Adapter Loading a configuration during the boot procedure  If you have connected an ACA to the device, the device automatically loads its configuration from the ACA during the boot procedure. After the loading, the device updates its configuration in the local non-volatile memory with the configuration from the ACA.
Page 62: Using The Offline Configurator
Loading/saving settings 3.1 Loading settings Reporting configuration differences  The device allows you to trigger the following events when the configuration stored on the ACA does not match the configuration on the device:  send an alarm (trap) (see on page 213 “Configuring Traps”), ...
Page 63: Data Format
Loading/saving settings 3.1 Loading settings Data format  The offline configurator reads and writes configuration data in an XML- based format. The file name extension of these files is “.ocf” (Offline Configurator Format). You can use the Web-based interface of the devices to load these files and thus configure your devices very quickly.
Page 64: Saving Settings
Loading/saving settings 3.2 Saving settings 3.2 Saving settings In the “Save” frame, you have the option to  save the current configuration on the device,  save the current configuration in binary form in a file under the specified URL, or as an editable and readable script, ...
Page 65 Loading/saving settings 3.2 Saving settings Note: After you have successfully saved the configuration on the device, the device sends an alarm (trap) hmConfigurationSavedTrap together with the information about the AutoConfiguration Adapter (ACA), if one is connected. When you change the configuration for the first time after saving it, the device sends a trap hmConfigurationChangedTrap.
Page 66: Saving In A Binary File Or A Script File On A Url
Loading/saving settings 3.2 Saving settings 3.2.2 Saving in a binary file or a script file on a The device allows you to save the current configuration data in a file in the connected network. Note: The configuration file includes all configuration data, including the password.
Page 67: Saving To A Binary File On The Pc
Loading/saving settings 3.2 Saving settings Note: If you save the configuration in a binary file, the device saves all configuration settings in a binary file. In contrast to this, the device only saves those configuration settings that deviate from the default setting when saving to a script file. When loading script files, these are only intended for overwriting the default setting of the configuration.
Page 68: Saving As A Script On The Pc
Loading/saving settings 3.2 Saving settings 3.2.4 Saving as a script on the PC The device allows you to save the current configuration data in an editable and readable file on your PC.  Select the Basics: Load/Save dialog.  In the “Save” frame, click “to PC (script)”. ...
Page 69: Loading Software Updates
Loading Software Updates 4 Loading Software Updates Hirschmann is working constantly to improve the performance of their products. Therefore, on the Hirschmann web page (www.hirschmann-ac.de) you may find a newer release of the device software than the one installed on your device.
Page 70 Loading Software Updates Loading the software  The device gives you 4 options for loading the software:  manually from the ACA (out-of-band),  manually from the ACA (out-of-band),  via TFTP from a tftp server (in-band) and  via a file selection dialog from your PC. Note: The existing configuration of the device is still there after the new software is installed.
Page 71: Loading The Software Manually From The Aca
Loading Software Updates 4.1 Loading the Software manually from the ACA 4.1 Loading the Software manually from the ACA You can connect the AutoConfiguration Adapter (ACA) to a USB port of your PC like a conventional USB stick and copy the device software into the main directory of the ACA.
Page 72: Selecting The Software To Be Loaded
Loading Software Updates 4.1 Loading the Software manually from the ACA 4.1.1 Selecting the software to be loaded In this menu item of the system monitor, you select one of two possible software releases that you want to load. The following window appears on the screen: Select Operating System Image (Available OS: Selected: 05.0.00 (2009-08-07 06:05), Backup: 04.2.00 (2009-07-06 06:05 (Locally selected: 05.0.00 (2009-08-07 06:05))
Page 73 Loading Software Updates 4.1 Loading the Software manually from the ACA Swap OS images  The memory of the device provides space for two images of the software. This allows you, for example, to load a new version of the software without deleting the existing version.
Page 74: Starting The Software
Loading Software Updates 4.1 Loading the Software manually from the ACA 4.1.2 Starting the software This menu item (Start Selected Operating System) of the system monitor allows you to start the software selected. 4.1.3 Performing a cold start This menu item (End (reset and reboot)) of the system monitor allows you to reset the hardware of the device and perform a restart.
Page 75: Automatic Software Update By Aca
Loading Software Updates 4.2 Automatic software update by 4.2 Automatic software update by ACA  For a software update via the ACA, first copy the new device software into the main directory of the AutoConfiguration Adapter. If the version of the software on the ACA is newer or older than the version on the device, the device performs a software update.
Page 76 Loading Software Updates 4.2 Automatic software update by One of the following messages in the log file indicates the result of the update process:  S_watson_AUTOMATIC_SWUPDATE_SUCCESSFUL: Update completed successfully.  S_watson_AUTOMATIC_SWUPDATE_FAILED_WRONG_FILE: Update failed. Reason: incorrect file.  S_watson_AUTOMATIC_SWUPDATE_FAILED_SAVING_FILE: Update failed. Reason: error when saving. ...
Page 77: Loading The Software From The Tftp Server
Loading Software Updates 4.3 Loading the software from the tftp server 4.3 Loading the software from the tftp server For a tftp update, you need a tftp server on which the software to be loaded is stored (see on page 282 “TFTP Server for Software Updates”).
Page 78 Loading Software Updates 4.3 Loading the software from the tftp server  Enter the path of the device software.  Click on “tftp Update” to load the software from the tftp server to the device. Figure 19: Software update dialog ...
Page 79: Loading The Software Via File Selection
Loading Software Updates 4.4 Loading the Software via File Se- lection 4.4 Loading the Software via File Selection For an HTTP software update (via a file selection window), the device software must be on a data carrier that you can access from your workstation.
Page 80 Loading Software Updates 4.4 Loading the Software via File Se- lection UM Basic Configuration L3P Release 7.1 12/2011...
Page 81: Configuring The Ports
Configuring the Ports 5 Configuring the Ports The port configuration consists of:  Switching the port on and off  Selecting the operating mode  Activating the display of connection error messages  Configuring Power over ETHERNET. Switching the port on and off ...
Page 82 On delivery, the Power over ETHERNET function is activated globally and on all PoE-capable ports. Nominal power for MS20/30, MACH 1000 and PowerMICE: The device provides the nominal power for the sum of all PoE ports plus a surplus. Because the PoE media module gets its PoE voltage externally, the device does not know the possible nominal power.
Page 83: Global Settings
Configuring the Ports  Global settings – For devices with PoE select the Basic Settings:Power over Ethernet dialog. – For devices with PoE select the Basic Settings:Power over Ethernet Plus:Global dialog. Frame "Operation":  With “Function On/Off” you turn the PoE on or off. Frame "Configuration": ...
Page 84: Port Settings
Configuring the Ports  Port settings – For devices with PoE select the Basic Settings:Power over Ethernet dialog. – For devices with PoE+ select the Basic Settings:Power over Ethernet Plus:Port dialog. The table only shows ports that support PoE.  In the “POE on” column, you can enable/disable PoE at this port. ...
Page 85 Configuring the Ports Switch on PoE power supply  OCTOPUS PoE devices let you switch on the PoE power supply before loading and starting the software. This means that the connected PoE devices (powered devices) are supplied with the PoE voltage more quickly and the start phase of the whole network is shorter.
Page 86 Configuring the Ports Switch on the "Cold start if error detected“ function. #selftest reboot-on-error enable Switch on the "Cold start only if serious error #selftest reboot-on-error detected“ function. seriousOnly Switch off the "Cold start if error detected“ function #selftest reboot-on-error (enabled in the as-delivered state).
Page 87: Assistance In The Protection From Unauthorized Access
Assistance in the Protection from Un- authorized Access 6 Assistance in the Protection from Unauthorized Access The device provides the following functions to help prevent unauthorised accesses.  Password for SNMP access  Telnet/internet/SSH access can be switched off  Restricted Management access ...
Page 88: Protecting The Device
Assistance in the Protection from Un- 6.1 Protecting the device authorized Access 6.1 Protecting the device If you want to maximize the protection of the device against unauthorized access in just a few steps, you can perform some or all of the following steps on the device: ...
Page 89: Password For Snmp Access
Assistance in the Protection from Un- 6.2 Password for SNMP access authorized Access 6.2 Password for SNMP access 6.2.1 Description of password for SNMP access A network management station communicates with the device via the Simple Network Management Protocol (SNMP). Every SNMP packet contains the IP address of the sending computer and the password with which the sender of the packet wants to access the device MIB.
Page 90: Entering The Password For Snmp Access
Assistance in the Protection from Un- 6.2 Password for SNMP access authorized Access 6.2.2 Entering the password for SNMP access  Select the Security:Password/SNMP Access dialog. This dialog gives you the option of changing the read and read/write passwords for access to the device via the Web-based interface, via the CLI, and via SNMPv3 (SNMP version 3).
Page 91 Assistance in the Protection from Un- 6.2 Password for SNMP access authorized Access Figure 21: Password/SNMP Access dialog Note: If you do not know a password with “read/write” access, you will not have write access to the device. Note: For security reasons, the device does not display the passwords. Make a note of every change.
Page 92 Assistance in the Protection from Un- 6.2 Password for SNMP access authorized Access  Select the Security:SNMPv1/v2 access dialog. With this dialog you can select the access via SNMPv1 or SNMPv2. In the state on delivery, both protocols are activated. You can thus manage the device with HiVision and communicate with earlier versions of SNMP.
Page 93 Assistance in the Protection from Un- 6.2 Password for SNMP access authorized Access Figure 22: SNMPv1/v2 access dialog  To create a new line in the table click “Create”.  To delete an entry, select the line in the table and click “Remove”. UM Basic Configuration L3P Release 7.1 12/2011...
Page 94: Telnet/Internet/Ssh Access
Assistance in the Protection from Un- 6.3 Telnet/internet/SSH access authorized Access 6.3 Telnet/internet/SSH access 6.3.1 Description of Telnet Access The Telnet server of the device allows you to configure the device using the Command Line Interface (in-band). You can deactivate the Telnet server to inactivate Telnet access to the device.
Page 95 Assistance in the Protection from Un- 6.3 Telnet/internet/SSH access authorized Access 6.3.2 Description of Web Access The device's Web server allows you to configure the device by using the Web-based interface. You can deactivate the Web server to prevent Web access to the device.
Page 96 Assistance in the Protection from Un- 6.3 Telnet/internet/SSH access authorized Access 6.3.4 Switching Telnet/Internet/SSH access on/off The web server copies a Java applet for the web-based interface to your computer. The applet then communicates with the device by SNMPv3 (Simple Network Management Protocol). The web-server of the device allows you to configure the device through the web-based interface.
Page 97 Assistance in the Protection from Un- 6.3 Telnet/internet/SSH access authorized Access The web server uses HTTP to load a Java applet for the web-based interface onto your computer. This applet then communicates with the device by SNMP (Simple Network Management Protocol). If you have enabled the Web Server (HTTPS) function, the Java applet establishes an HTTPS connection to the device.
Page 98 Assistance in the Protection from Un- 6.3 Telnet/internet/SSH access authorized Access  Open the Security:Telnet/Internet/SSH Access dialog.  Tick the boxes Telnet Server active, Web Server(http) and Web Server(https). In the HTTPS Port Number box, enter the value 443.  To access the device by HTTPS, enter HTTPS instead of HTTP in your browser, followed by the IP address of the device.
Page 99: Restricted Management Access
Assistance in the Protection from Un- 6.4 Restricted Management Access authorized Access 6.4 Restricted Management Access The device allows you to differentiate the management access to the device based on IP address ranges, and to differentiate these based on management services (http, snmp, telnet, ssh). You thus have the option to set finely differentiated management access rights.
Page 100 Assistance in the Protection from Un- 6.4 Restricted Management Access authorized Access Set the IP address of the entry for the IT network. network mgmt-access modify 2 ip 192.168.1.0 Set the netmask of the entry for the IT network. network mgmt-access modify 2 netmask 255.255.255.0 Deactivate telnet for the entry of the IT network.
Page 101: Hidiscovery Access
Assistance in the Protection from Un- 6.5 HiDiscovery Access authorized Access 6.5 HiDiscovery Access 6.5.1 Description of the HiDiscovery Protocol The HiDiscovery protocol allows you to allocate an IP address to the device on the basis of its MAC address (see on page 36 “Entering the IP Parameters HiDiscovery”).
Page 102: Port Access Control
Assistance in the Protection from Un- 6.6 Port access control authorized Access 6.6 Port access control 6.6.1 Description of the port access control You can configure the device in such a way that it helps to protect every port from unauthorized access. Depending on your selection, the device checks the MAC address or the IP address of the connected device.
Page 103: Application Example For Port Access Control
Assistance in the Protection from Un- 6.6 Port access control authorized Access 6.6.2 Application Example for Port Access Control You have a LAN connection in a room that is accessible to everyone. To set the device so that only defined users can use this LAN connection, activate the port access control on this port.
Page 104 Assistance in the Protection from Un- 6.6 Port access control authorized Access Prerequisites for further configuration:  The port for the LAN connection is enabled and configured correctly (see on page 81 “Configuring the Ports”)  Prerequisites for the device to be able to send an alarm (trap) (see on page 213 “Configuring Traps”):...
Page 105 Assistance in the Protection from Un- 6.6 Port access control authorized Access Figure 23: Port Security dialog  Save the settings in the non-volatile memory.  Select the dialog Basic Settings:Load/Save.  In the “Save” frame, select “To Device” for the location and click “Save”...
Page 106: Port Authentication Ieee 802.1X
Assistance in the Protection from Un- 6.7 Port Authentication IEEE 802.1X authorized Access 6.7 Port Authentication IEEE 802.1X 6.7.1 Description of Port Authentication according to IEEE 802.1X The port-based network access control is a method described in norm IEEE 802.1X to protect IEEE 802 networks from unauthorized access. The protocol controls the access to this port by authenticating and authorizing a terminal device that is connected to one of the device's ports.
Page 107: Authentication Process According To Ieee 802.1X
Assistance in the Protection from Un- 6.7 Port Authentication IEEE 802.1X authorized Access 6.7.2 Authentication Process according to IEEE 802.1X A supplicant attempts to communicate via a device port.  The device requests authentication from the supplicant. At this time, only EAPOL traffic is allowed between the supplicant and the device.
Page 108: Ieee 802.1X Settings
Assistance in the Protection from Un- 6.7 Port Authentication IEEE 802.1X authorized Access 6.7.4 IEEE 802.1X Settings Configurating the RADIUS Server   Select the Security:802.1x Port Authentication:RADIUS Server dialog. This dialog allows you to enter the data for 1, 2 or 3 RADIUS servers. ...
Page 109: Access Control Lists (Acl)
Assistance in the Protection from Un- 6.8 Access Control Lists (ACL) authorized Access 6.8 Access Control Lists (ACL) With Access Control Lists (ACL), you can filter, forward,redirect or prioritise received data packets. The device provides  MAC-based ACLs and  IP-based ACLs.
Page 110: Description Of Prioritizing With Acls
(see on page 119 “Specifying the Sequence of Rules”). Note: With PowerMICE and MACH 4000, you can use either MAC-based or IP-based ACLs for each interface. With MACH 4002-24G/48G, you can use both MAC-based and IP-based ACLs for each interface.
Page 111: Description Of Ip-Based Acls
Assistance in the Protection from Un- 6.8 Access Control Lists (ACL) authorized Access Assign queue VLAN priority DSCP parameter CS0 (0) CS1 (8) CS2 (16) CS3 (24) CS4 (32) CS5 (40) CS6 (48) CS7 (56) Table 5: Assigning the assign queue parameters to the modified VLAN priority and to the modified DSCP value 6.8.2 Description of IP-based ACLs...
Page 112: Description Of Mac-Based Acls
Assistance in the Protection from Un- 6.8 Access Control Lists (ACL) authorized Access  DSCP field  IP precedence field Note: If you are using IP ACLs at ports which are located in the HIPER-Ring or which participate in the Ring/network coupling, you add the following rule to the ACLs: ...
Page 113 Assistance in the Protection from Un- 6.8 Access Control Lists (ACL) authorized Access  VLAN ID  VLAN priority (COS)  Secondary VLAN ID  Secondary VLAN priority Note: If you are using MAC ACLs at ports which are located in the HIPER- Ring or which participate in the Ring/network coupling, you add the following rule to the ACLs: ...
Page 114: Configuring Ip Acls
Assistance in the Protection from Un- 6.8 Access Control Lists (ACL) authorized Access 6.8.4 Configuring IP ACLs Example: Extended ACL IP: 10.0.1.11/24 IP: 10.0.1.13/24 Interface: 2.3 Interface: 3.1 Interface: 1.3 Interface: 2.1 IP: 10.0.1.159/24 IP: 10.0.1.158/24 B and C are not allowed to communicate with A. Switch to the privileged EXEC mode.
Page 115 Assistance in the Protection from Un- 6.8 Access Control Lists (ACL) authorized Access ACL ID: 100 Rule Number: 1 Action......... deny Match All........FALSE Protocol........255(ip) Source IP Address......10.0.1.11 Source IP Mask......... 0.0.0.0 Destination IP Address......10.0.1.158 Destination IP Mask......0.0.0.0 Rule Number: 2 Action.........
Page 116: Configuring Mac Acls
Assistance in the Protection from Un- 6.8 Access Control Lists (ACL) authorized Access 6.8.5 Configuring MAC ACLs Example: MAC ACL Filtering AppleTalk and IPX from the entire network. Switch to the privileged EXEC mode. enable Switch to the Configuration mode. configure Create the extended ACL “ipx-apple”.
Page 117: Configuring Priorities With Ip Acls
Assistance in the Protection from Un- 6.8 Access Control Lists (ACL) authorized Access 6.8.6 Configuring Priorities with IP ACLs Example: Prioritizing Multicast streams.  Assign priority 6 to the Multicast streams with the IP Multicast destination addresses 239.1.1.1 to 239.1.1.255 and ...
Page 118 Assistance in the Protection from Un- 6.8 Access Control Lists (ACL) authorized Access Example: Extended ACL with prioritizing using the Simple Network Management Protocol (SNMP, Layer 4) Switch to the privileged EXEC mode. enable Switch to the Configuration mode. configure Create the extended ACL 104 with the first rule.
Page 119: Specifying The Sequence Of The Rules
Assistance in the Protection from Un- 6.8 Access Control Lists (ACL) authorized Access 6.8.7 Specifying the Sequence of the Rules The sequence of the ACLs determines their usage. The first list that applies is used, and all subsequent rules are ignored. You can influence the sequence by assigning the sequence number.
Page 120 Assistance in the Protection from Un- 6.8 Access Control Lists (ACL) authorized Access UM Basic Configuration L3P Release 7.1 12/2011...
Page 121: Synchronizing The System Time In The Network
Synchronizing the System Time in the Network 7 Synchronizing the System Time in the Network The actual meaning of the term “real time” depends on the time requirements of the application. The device provides two options with different levels of accuracy for synchronizing the time in your network.
Page 122: Entering The Time
Synchronizing the System Time in the 7.1 Entering the Time Network 7.1 Entering the Time If no reference clock is available, you have the option of entering the system time in a device and then using it like a reference clock (see on page 127 “Configuring SNTP”),...
Page 123 Synchronizing the System Time in the 7.1 Entering the Time Network  Select the Time dialog. With this dialog you can enter time-related settings independently of the time synchronization protocol selected.  “System time (UTC)” displays the time determined using SNTP or PTP.
Page 124 Synchronizing the System Time in the 7.1 Entering the Time Network Set the system time of the device. sntp time <YYYY-MM-DD HH:MM:SS> Enter the time difference between the local time sntp client offset and the “IEEE 1588 / SNTP time”. <-1000 to 1000>...
Page 125: Sntp
Synchronizing the System Time in the 7.2 SNTP Network 7.2 SNTP 7.2.1 Description of SNTP The Simple Network Time Protocol (SNTP) enables you to synchronize the system time in your network. The device supports the SNTP client and the SNTP server function. The SNTP server makes the UTC (Universal Time Coordinated) available.
Page 126: Preparing The Sntp Configuration
Synchronizing the System Time in the 7.2 SNTP Network 7.2.2 Preparing the SNTP Configuration  To get an overview of how the time is passed on, draw a network plan with all the devices participating in SNTP. When planning, bear in mind that the accuracy of the time depends on the signal runtime.
Page 127: Configuring Sntp
Synchronizing the System Time in the 7.2 SNTP Network 7.2.3 Configuring SNTP  Select the Time:SNTP dialog.  Operation  In this frame you switch the SNTP function on/off globally.  SNTP Status  The “Status message” displays statuses of the SNTP client as one or more test messages, e.g.
Page 128 Synchronizing the System Time in the 7.2 SNTP Network  Configuration SNTP Client  In “Client status” you switch the SNTP client of the device on/off.  In “External server address” you enter the IP address of the SNTP server from which the device periodically requests the system time.
Page 129 Synchronizing the System Time in the 7.2 SNTP Network IP destination address Send SNTP packet to 0.0.0.0 Nobody Unicast address (0.0.0.1 - 223.255.255.254) Unicast address Multicast address (224.0.0.0 - 239.255.255.254), Multicast address especially 224.0.1.1 (NTP address) 255.255.255.255 Broadcast address Table 6: Destination address classes for SNTP and NTP packets Figure 27: SNTP Dialog Device 192.168.1.1...
Page 130 Synchronizing the System Time in the 7.2 SNTP Network Device 192.168.1.1 192.168.1.2 192.168.1.3 Request interval Accept Broadcasts Table 7: Settings for the example (see fig. 26) UM Basic Configuration L3P Release 7.1 12/2011...
Page 131: Precision Time Protocol
Synchronizing the System Time in the 7.3 Precision Time Protocol Network 7.3 Precision Time Protocol 7.3.1 Description of PTP Functions Precise time management is required for running time-critical applications via a LAN. The IEEE 1588 standard with the Precision Time Protocol (PTP) describes a procedure that determines the best master clock in a LAN and thus enables precise synchronization of the clocks in this LAN.
Page 132 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Factors influencing precision are:  Accuracy of the reference clock IEEE 1588 classifies clocks according to their accuracy. An algorithm that measures the accuracy of the clocks available in the network specifies the most accurate clock as the "Grandmaster"...
Page 133 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Reference Local (Master clock) (Slave clock) Delay + Jitter Delay + Jitter Delay + Jitter Precision Time Protocol (Application Layer) UDP User Datagramm Protocol (Transport Layer) Internet Protocol (Network Layer) MAC Media Access Control Physical Layer Figure 28: Delay and jitter for clock synchronization...
Page 134 Synchronizing the System Time in the 7.3 Precision Time Protocol Network With the introduction of PTP version 2, two procedures are available for the delay measurement:  End-to-End (E2E) E2E corresponds to the procedure used by PTP version 1. Every slave clock measures only the delay to its master clock.
Page 135 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Reference (Grandmaster Clock) Switch Ordinary Clock Ordinary Clock Slave Master Boundary Clock Figure 29: Integration of a boundary clock Irrespective of the physical communication paths, the PTP allocates logical communication paths which you define by setting up PTP subdomains.
Page 136 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Ordinary Clock Reference (Grandmaster Clock) Switch PTP Subdomain 1 Boundary Clock PTP Subdomain 2 Figure 30: PTP subdomains UM Basic Configuration L3P Release 7.1 12/2011...
Page 137: Preparing The Ptp Configuration
Synchronizing the System Time in the 7.3 Precision Time Protocol Network 7.3.2 Preparing the PTP Configuration After the function is activated, the PTP takes over the configuration automatically. The delivery settings of the device are sufficient for most applications.  To get an overview of the time distribution, draw a network plan with all the devices participating in PTP.
Page 138 Synchronizing the System Time in the 7.3 Precision Time Protocol Network PTP mode Application v1-simple-mode Support for PTPv1 without special hardware. The device synchronizes itself with received PTPv1 messages. Select this mode for devices without a timestamp unit (RT module). v1-boundary-clock Boundary Clock function based on IEEE 1588-2002 (PTPv1).
Page 139: Application Example
Synchronizing the System Time in the 7.3 Precision Time Protocol Network 7.3.3 Application Example PTP is used to synchronize the time in the network. As an SNTP client, the left device (see fig. 31) gets the time from the NTP server via SNTP. The device assigns PTP clock stratum 2 (PTPv1) or clock class 6 (PTPv2) to the time received from an NTP server.
Page 140 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Device 10.0.1.112 10.0.1.116 10.0.1.105 10.0.1.106 PTP Global Operation Clock Mode v1-boundary- v1-boundary- v1-simple-mode v1-simple-mode clock clock Preferred Master true false false false SNTP Operation Client Status External server 10.0.1.2 0.0.0.0 0.0.0.0 0.0.0.0...
Page 141 Synchronizing the System Time in the 7.3 Precision Time Protocol Network The following configuration steps apply to the device with the IP address 10.0.1.112. Configure the other devices in the same way with the values from the table above.  Enter the SNTP parameters. ...
Page 142 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Switch to the privileged EXEC mode. enable Switch to the Configuration mode. configure Switch on SNTP globally. sntp operation on Switch on SNTP client. sntp operation client on Enter the IP address of the external SNTP server sntp client server primary 10.0.1.2.
Page 143 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Switch on PTP globally. ptp operation enable Select PTP version and clock mode. ptp clock-mode v1-boundary- clock  In this example, you have chosen the device with the IP address 10.0.1.112 as the PTP reference clock.
Page 144 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Apply PTP parameters. ptp v1 re-initialize  Save the settings in the non-volatile memory.  Select the Basics: Load/Save dialog.  In the “Save” frame, select “To Device” for the location and click “Save”...
Page 145: Interaction Of Ptp And Sntp
Synchronizing the System Time in the 7.4 Interaction of PTP and SNTP Network 7.4 Interaction of PTP and SNTP According to the PTP and SNTP standards, both protocols can exist in parallel in the same network. However, since both protocols affect the system time of the device, situations may occur in which the two protocols compete with each other.
Page 146 Synchronizing the System Time in the 7.4 Interaction of PTP and SNTP Network Application Example  The requirements with regard to the accuracy of the time in the network are quite high, but the terminal devices only support SNTP (see fig. 32).
Page 147: Network Load Control
Network Load Control 8 Network Load Control To optimize the data transmission, the device provides you with the following functions for controlling the network load:  Settings for direct packet distribution (MAC address filter)  Multicast settings  Rate limiter ...
Page 148: Direct Packet Distribution
Network Load Control 8.1 Direct Packet Distribution 8.1 Direct Packet Distribution With direct packet distribution, you help protect the device from unnecessary network loads. The device provides you with the following functions for direct packet distribution:  Store-and-forward  Multi-address capability ...
Page 149: Multi-Address Capability
Network Load Control 8.1 Direct Packet Distribution 8.1.2 Multi-Address Capability The device learns all the source addresses for a port. Only packets with  unknown destination addresses  these destination addresses or  a multi/broadcast destination address in the destination address field are sent to this port. The device enters learned source addresses in its filter table (see on page 150 “Entering Static Addresses”).
Page 150: Entering Static Addresses
Network Load Control 8.1 Direct Packet Distribution  Select the Switching:Global dialog.  Enter the aging time for all dynamic entries in the range from 10 to 630 seconds (unit: 1 second; default setting: 30). In connection with the router redundancy, select a time ≥ 30 seconds.
Page 151 Network Load Control 8.1 Direct Packet Distribution Addresses already located in the static filter table are automatically transferred to the dynamic part by the device. An address entered statically cannot be overwritten through learning. Note: If the ring manager is active, it is not possible to make permanent unicast entries.
Page 152: Disabling The Direct Packet Distribution
Network Load Control 8.1 Direct Packet Distribution 8.1.5 Disabling the Direct Packet Distribution To enable you to observe the data at all the ports, the device allows you to disable the learning of addresses. When the learning of addresses is disabled, the device transfers all the data from all ports to all ports.
Page 153: Multicast Application
Network Load Control 8.2 Multicast Application 8.2 Multicast Application 8.2.1 Description of the Multicast Application The data distribution in the LAN differentiates between 3 distribution classes on the basis of the addressed recipients:  Unicast - one recipient  Multicast - a group of recipients ...
Page 154: Example Of A Multicast Application
Network Load Control 8.2 Multicast Application 8.2.2 Example of a Multicast Application The cameras for monitoring machines normally transmit their images to monitors located in the machine room and to the control room. In an IP transmission, a camera sends its image data with a Multicast address via the network.
Page 155: Description Of Igmp Snooping
Network Load Control 8.2 Multicast Application 8.2.3 Description of IGMP Snooping The Internet Group Management Protocol (IGMP) describes the distribution of Multicast information between routers and terminal devices on Layer 3. Routers with an active IGMP function periodically send queries to find out which IP Multicast group members are connected to the LAN.
Page 156: Setting Igmp Snooping
Network Load Control 8.2 Multicast Application 8.2.4 Setting IGMP Snooping  Select the Switching:Multicast:IGMP dialog. Operation  The “Operation” frame allows you to enable/disable IGMP Snooping globally for the entire device. If IGMP Snooping is disabled, then  the device does not evaluate Query and Report packets received, ...
Page 157 Network Load Control 8.2 Multicast Application IGMP Querier “IGMP Querier active” allows you to enable/disable the Query function. “Protocol version” allow you to select IGMP version 1, 2 or 3. In “Send interval [s]” you specify the interval at which the device sends query packets (valid entries: 2-3,599 s, default setting: 125 s).
Page 158: Parameter Values
Network Load Control 8.2 Multicast Application Parameter Values  The parameters – Max. Response Time, – Send Interval and – Group Membership Interval have a relationship to one another: Max. Response Time < Send Interval < Group Membership Interval. If you enter values that contradict this relationship, the device then replaces these values with a default value or with the last valid values.
Page 159 Network Load Control 8.2 Multicast Application Unknown Multicasts In this frame you can determine how the device in IGMP mode sends packets with known and unknown MAC/IP Multicast addresses that were not learned through IGMP Snooping. “Unknown Muilticasts” allows you to specify how the device transmits unknown Multicast packets: ...
Page 160 IGMP requests (disabled=as-delivered state). This table column also lets you send IGMP Report messages to: other selected ports (enable) or connected Hirschmann devices (automatic).  “Learned Query Port” This table column shows you at which ports the device has received IGMP queries, if “disable”...
Page 161 Network Load Control 8.2 Multicast Application Note: If the device is incorporated into a HIPER-Ring, you can use the following settings to quickly reconfigure the network for data packets with registered Multicast destination addresses after the ring is switched:  Switch on the IGMP Snooping on the ring ports and globally, and ...
Page 162: Description Of Gmrp
Network Load Control 8.2 Multicast Application 8.2.5 Description of GMRP The GARP Multicast Registration Protocol (GMRP) describes the distribution of data packets with a Multicast address as the destination address on Layer 2. Devices that want to receive data packets with a Multicast address as the destination address use the GMRP to perform the registration of the Multicast address.
Page 163: Setting Gmrp
Network Load Control 8.2 Multicast Application 8.2.6 Setting GMRP  Select the Switching:Multicasts:GMRP dialog. Operation  The “Operation” frame allows you to enable GMRP globally for the entire device. It GMRP is disabled, then  the device does not generate any GMRP packets, ...
Page 164 Network Load Control 8.2 Multicast Application Note: If the device is incorporated into a HIPER-Ring, you can use the following settings to quickly reconfigure the network for data packets with registered Multicast destination addresses after the ring is switched:  Activate GMRP on the ring ports and globally, and ...
Page 165: Rate Limiter
Network Load Control 8.3 Rate Limiter 8.3 Rate Limiter 8.3.1 Description of the Rate Limiter To ensure reliable operation at a high level of traffic, the device allows you to limit the rate of traffic at the ports. Entering a limit rate for each port determines the amount of traffic the device is permitted to transmit and receive.
Page 166: Load Limiter Settings (Powermice And Mach 4000)
Network Load Control 8.3 Rate Limiter 8.3.2 Load limiter settings (PowerMICE and MACH 4000) 8.3.3 Load limiter settings  Select the Switching:Rate Limiter dialog.  "Ingress Limiter (kbit/s)" allows you to enable or disable the ingress limiter function for all ports and to select the ingress limitation on all ports (either broadcast packets only or broadcast packets and Multicast packets).
Page 167 Network Load Control 8.3 Rate Limiter Setting options per port:  Inbound Limiter Rate for the packet type selected in the Inbound Limiter frame:  = 0, no inbound limit at this port.  > 0, maximum outbound traffic rate in kbit/s that can be sent at this port. ...
Page 168: Qos/Priority
Network Load Control 8.4 QoS/Priority 8.4 QoS/Priority 8.4.1 Description of Prioritization This function helps prevent time-critical data traffic such as language/video or real-time data from being disrupted by less time-critical data traffic during periods of heavy traffic. By assigning high traffic classes for time-critical data and low traffic classes for less time-critical data, this provides optimal data flow for time-critical data traffic.
Page 169: Vlan Tagging
Network Load Control 8.4 QoS/Priority Data packets can contain prioritizing/QoS information:  VLAN priority based on IEEE 802.1Q/ 802.1D (Layer 2)  Type of Service (ToS) or DiffServ (DSCP) for IP packets (Layer 3) 8.4.2 VLAN tagging The VLAN tag is integrated into the MAC data frame for the VLAN and Prioritization functions in accordance with the IEEE 802 1Q standard.
Page 170 Network Load Control 8.4 QoS/Priority Note: Network protocols and redundancy mechanisms use the highest traffic class 7. Therefore, select other traffic classes for application data. 42-1500 Octets min. 64, max. 1522 Octets Figure 37: Ethernet data packet with tag 4 Octets Figure 38: Tag format UM Basic Configuration L3P Release 7.1 12/2011...
Page 171: Ip Tos / Diffserv
Network Load Control 8.4 QoS/Priority When using VLAN prioritizing, note the following special features:  End-to-end prioritizing requires the VLAN tags to be transmitted to the entire network, which means that all network components must be VLAN- capable.  Routers cannot receive or send packets with VLAN tags via port-based router interfaces.
Page 172: Differentiated Services
Network Load Control 8.4 QoS/Priority Bits (0-2): IP Precedence Defined Bits (3-6): Type of Service Defined Bit (7) 111 - Network Control 0000 - [all normal] 0 - Must be zero 110 - Internetwork Control 1000 - [minimize delay] 101 - CRITIC / ECP 0100 - [maximize throughput] 100 - Flash Override 0010 - [maximize reliability]...
Page 173 Network Load Control 8.4 QoS/Priority  Assured Forwarding (AF): Provides a differentiated schema for handling different data traffic (RFC 2597).  Default Forwarding/Best Effort: No particular prioritizing. The PHB class selector assigns the 7 possible IP precedence values from the old ToS field to specific DSCP values, thus ensuring the downwards compatibility.
Page 174: Management Prioritization
Network Load Control 8.4 QoS/Priority DSCP value DSCP name Traffic class (default setting) Best Effort /CS0 9,11,13,15 10,12,14 AF11,AF12,AF13 17,19,21,23 18,20,22 AF21,AF22,AF23 25,27,29,31 26,28,30 AF31,AF32,AF33 33,35,37,39 34,36,38 AF41,AF42,AF43 41,42,43,44,45,47 49-55 57-63 Table 16: Mapping the DSCP values onto the traffic classes 8.4.4 Management prioritization To have full access to the management of the device, even in situations of...
Page 175: Handling Of Received Priority Information
Network Load Control 8.4 QoS/Priority 8.4.5 Handling of Received Priority Information The device offers three options, which can be selected for each port and determine how it treats received data packets that contain a priority indicator.  trust dot1p The device assigns VLAN-tagged packets to the different traffic classes according to their VLAN priorities.
Page 176 Network Load Control 8.4 QoS/Priority Description of Strict Priority  With the Strict Priority setting, the device first transmits all data packets that have a higher traffic class (higher priority) before transmitting a data packet with the next highest traffic class. The device transmits a data packet with the lowest traffic class (lowest priority) only when there are no other data packets remaining in the queue.
Page 177 Network Load Control 8.4 QoS/Priority Maximum bandwidth  By entering a maximum bandwidth you can limit the bandwidth for each traffic class to a maximum value, regardless of whether you selected “Weighted Fair Queuing” or “Strict Priority”.  Weighted Fair Queuing (see on page 176 “Description of Weighted Fair Queuing”) requires that the maximum bandwidth is at least as big...
Page 178: Setting Prioritization
Network Load Control 8.4 QoS/Priority 8.4.7 Setting prioritization Assigning the Port Priority   Select the QoS/Priority:Port Configuration dialog.  In the “Port Priority” column, you can specify the priority (0-7) with which the device sends data packets which it receives without a VLAN tag at this port.
Page 179 Traffic Class ------------- ------------- Always assign port priority to received data packets  (PowerMICE, MACH 104, MACH 1040 and MACH 4000) Always assign port priority to received data packets  Switch to the privileged EXEC mode. enable Switch to the Configuration mode.
Page 180 ------------- ------------- 0(be/cs0) 8(cs1) Always assign DSCP priority per interface to received IP  data packets (PowerMICE, MACH 104, MACH 1040 and MACH 4000) Switch to the privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the interface configuration mode of interface 6/1 interface 6/1.
Page 181: Traffic Shaping
Network Load Control 8.4 QoS/Priority Switch to the privileged EXEC mode. exit Display the trust mode. show classofservice trust Class of Service Trust Mode: IP DSCP Configuration of Weighted Fair Queuing and  Traffic Shaping Switch to the privileged EXEC mode. enable Switch to the Configuration mode.
Page 182 Network Load Control 8.4 QoS/Priority Configuration of Traffic Shaping on an interface  Switch to the privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the interface configuration mode for interface 1/2 interface 1/2. Restricts the maximum bandwidth of traffic-shape 50 interface 1/2 to 50%.
Page 183 Subnet Mask........255.255.255.0 Default Gateway........ 10.0.1.200 Burned In MAC Address......00:80:63:51:7A:80 Network Configuration Protocol (BootP/DHCP)..None DHCP Client ID (same as SNMP System Name).."PowerMICE-517A80" Network Configuration Protocol HiDiscovery..Read-Write Management VLAN ID......1 Management VLAN Priority....... 7 Management IP-DSCP Value....... 0(be/cs0) Web Mode........
Page 184: Flow Control
Network Load Control 8.5 Flow Control 8.5 Flow Control 8.5.1 Description of Flow Control Flow control is a mechanism which acts as an overload protection for the device. During periods of heavy traffic, it holds off additional traffic from the network.
Page 185 Network Load Control 8.5 Flow Control Port 1 Port 4 Switch Port 2 Port 3 Workstation 1 Workstation 2 Workstation 3 Workstation 4 Figure 40: Example of flow control Flow Control with a full duplex link  In the example (see fig.
Page 186: Setting The Flow Control
Network Load Control 8.5 Flow Control Note: The devices RS20/30/40, MS20/30, Octopus, MACH 100, RSR and MACH 1000 do not support flow control in half duplex mode. 8.5.2 Setting the Flow Control  Select the Basics:Port Configuration dialog. In the "Flow Control on" column, you checkmark this port to specify that flow control is active here.
Page 187: Vlans
Network Load Control 8.6 VLANs 8.6 VLANs 8.6.1 VLAN Description In the simplest case, a virtual LAN (VLAN) consists of a group of network participants in one network segment who can communicate with each other as if they belonged to a separate LAN. More complex VLANs span out over multiple network segments and are also based on logical (instead of only physical) connections between network participants.
Page 188: Examples Of Vlans
Network Load Control 8.6 VLANs 8.6.2 Examples of VLANs The following practical examples provide a quick introduction to the structure of a VLAN. Example 1  VLAN VLAN Figure 41: Example of a simple port-based VLAN The example shows a minimal VLAN configuration (port-based VLAN). An administrator has connected multiple terminal devices to a transmission device and assigned them to 2 VLANs.
Page 189 Network Load Control 8.6 VLANs Terminal Port Port VLAN identifier (PVID) Table 17: Ingress table VLANID Port Table 18: Egress table UM Basic Configuration L3P Release 7.1 12/2011...
Page 190 Network Load Control 8.6 VLANs Proceed as follows to perform the example configuration:  Configure VLAN  Select the Switching:VLAN:Static dialog. Figure 42: Creating and naming new VLANs  Click on “Create Entry” to open a window for entering the VLAN ID. ...
Page 191 Network Load Control 8.6 VLANs Switch to the privileged EXEC mode. enable Switch to the VLAN configuration mode. vlan database Create a new VLAN with the VLAN ID 2. vlan 2 Give the VLAN with the VLAN ID 2 the name vlan name 2 VLAN2 VLAN2.
Page 192 Network Load Control 8.6 VLANs Figure 43: Defining the VLAN membership of the ports.  Assign the ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status. The selection options are: ...
Page 193 Network Load Control 8.6 VLANs Figure 44: Assign and save Port VLAN ID, Acceptable Frame Types and Ingress Filtering  Assign the Port VLAN ID of the related VLANs (2 or 3) to the individual ports - see table.  Because terminal devices usually do not send data packets with a tag, you select the admitAll setting for “Acceptable Frame Types”.
Page 194 Network Load Control 8.6 VLANs Switch to the privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the Interface Configuration mode of interface 1/1 interface 1/1. vlan participation include 2 Port 1/1 becomes member untagged in VLAN 2. Port 1/1 is assigned the port VLAN ID 2.
Page 195 Network Load Control 8.6 VLANs Example 2  Figure 45: Example of a more complex VLAN configuration The second example shows a more complex configuration with 3 VLANs (1 to 3). Along with the Switch from example 1, you use a 2nd Switch (on the right in the example).
Page 196 Network Load Control 8.6 VLANs The egress table specifies at which ports the switch may send the frames from this VLAN. Your entry also defines whether the switch marks (tags) the Ethernet frames sent from this port.  T = with tag field (T = tagged, marked) ...
Page 197 Network Load Control 8.6 VLANs The communication relationships here are as follows: terminal devices at ports 1 and 4 of the left device and terminal devices at ports 2 and 4 of the right device are members of VLAN 2 and can thus communicate with each other.
Page 198 Network Load Control 8.6 VLANs Proceed as follows to perform the example configuration:  Configure VLAN  Select the Switching:VLAN:Static dialog. Figure 46: Creating and naming new VLANs  Click on “Create Entry” to open a window for entering the VLAN ID. ...
Page 199 Network Load Control 8.6 VLANs Switch to the privileged EXEC mode. enable Switch to the VLAN configuration mode. vlan database Create a new VLAN with the VLAN ID 2. vlan 2 Give the VLAN with the VLAN ID 2 the name vlan name 2 VLAN2 VLAN2.
Page 200 Network Load Control 8.6 VLANs  Configuring the ports Figure 47: Defining the VLAN membership of the ports.  Assign the ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status.
Page 201 Network Load Control 8.6 VLANs Figure 48: Assign and save Port VLAN ID, Acceptable Frame Types and Ingress Filtering  Assign the ID of the related VLANs (1 to 3) to the individual ports.  Because terminal devices usually do not send data packets with a tag, you select the admitAll setting for the terminal device ports.
Page 202 Network Load Control 8.6 VLANs Switch to the privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the Interface Configuration mode of interface 1/1 interface 1/1. vlan participation include 1 Port 1/1 becomes member untagged in VLAN 1. vlan participation include 2 Port 1/1 becomes member untagged in VLAN 2.
Page 203: Double Vlan Tagging
Network Load Control 8.6 VLANs For further information on VLANs, see the reference manual and the integrated help function in the program. 8.6.3 Double VLAN Tagging For the devices MACH 1040 and MACH 4002-24G/48G. Double VLAN tagging (VLAN tunneling) enables you to transmit from traffic to layer 2.
Page 204 Network Load Control 8.6 VLANs How the VLAN tunnel works  The device assigns the port VLAN ID to the frame when a frame is received at an access port. This is the tunnel VLAN ID. This also applies to frames which have already been tagged. ...
Page 205 Network Load Control 8.6 VLANs Client Service VLAN ID Table 23: Assignment of client networks to service VLANs (VLAN tunnels) On switch 1, ports 1 and 4 are access ports, and port 5 is a core port (port within the provider network). On switch 2, ports 2 and 5 are access ports and port 1 is a core port.
Page 206 Network Load Control 8.6 VLANs Set the sample configuration with the CLI: Switch 1: Switch to the privileged EXEC mode. enable Switch to the VLAN configuration mode. vlan database Create a new VLAN with the VLAN ID 100. vlan 100 Give the VLAN with the VLAN ID 100 the name vlan name 100 KUNDE_A CLIENT_A.
Page 207 Network Load Control 8.6 VLANs Switch 2: Switch to the privileged EXEC mode. enable Switch to the VLAN configuration mode. vlan database Create a new VLAN with the VLAN ID 100. vlan 100 Give the VLAN with the VLAN ID 100 the name vlan name 100 KUNDE_A CLIENT_A.
Page 208 Network Load Control 8.6 VLANs UM Basic Configuration L3P Release 7.1 12/2011...
Page 209: Operation Diagnosis
Operation Diagnosis 9 Operation Diagnosis The device provides you with the following diagnostic tools:  Sending traps  Monitoring the device status  Out-of-band signaling via signal contact  Port status indication  Event counter at port level  Detecting non-matching duplex modes ...
Page 210: Sending Traps
Operation Diagnosis 9.1 Sending Traps 9.1 Sending Traps If unusual events occur during normal operation of the device, they are reported immediately to the management station. This is done by means of what are called traps - alarm messages - that bypass the polling procedure ("Polling"...
Page 211: List Of Snmp Traps
Operation Diagnosis 9.1 Sending Traps 9.1.1 List of SNMP traps The following table shows a list of the traps that can be sent by the device. Trap name Meaning authenticationFailure this is sent if a station attempts to access an agent without authorisation.
Page 212: Snmp Traps During Boot
Operation Diagnosis 9.1 Sending Traps Trap name Meaning hmConfigurationChangedT this is sent if you change the configuration of the device after saving locally for the first time. hmAddressRelearnDetectT this is sent if Address Relearn Detection is active and the relearn threshold for MAC addresses on different ports is exceeded.
Page 213: Configuring Traps
Operation Diagnosis 9.1 Sending Traps 9.1.3 Configuring Traps  Select the Diagnostics:Alarms (Traps) dialog. This dialog allows you to determine which events trigger an alarm (trap) and where these alarms should be sent.  Select “Create”.  In the "IP Address“ column, enter the IP address of the management station to which the traps should be sent.
Page 214 Operation Diagnosis 9.1 Sending Traps The events which can be selected are: Name Meaning Authentication The device has rejected an unauthorized access attempt (see the Access for IP Addresses and Port Security dialog). Link Up/Down At one port of the device, the link to another device has been established/ interrupted.
Page 215: Monitoring The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status 9.2 Monitoring the Device Status The device status provides an overview of the overall condition of the device. Many process visualization systems record the device status for a device in order to present its condition in graphic form. The device displays its current status as “Error”...
Page 216: Configuring The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status Select the corresponding entries to decide which events the device status includes. Note: With a non-redundant voltage supply, the device reports the absence of a supply voltage. If you do not want this message to be displayed, feed the supply voltage over both inputs or switch off the monitoring (see on page 219 “Monitoring the Device Status via the Signal...
Page 217: Displaying The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status 9.2.2 Displaying the Device Status  Select the Basics:System dialog. Figure 51: Device status and alarm display 1 - The symbol displays the device status 2 - Cause of the oldest existing alarm 3 - Start of the oldest existing alarm Switch to the privileged EXEC mode.
Page 218: Out-Of-Band Signaling
Operation Diagnosis 9.3 Out-of-band Signaling 9.3 Out-of-band Signaling The signal contact is used to control external devices and monitor the operation of the device. Function monitoring enables you to perform remote diagnostics. The device reports the operating status via a break in the potential-free signal contact (relay contact, closed circuit): ...
Page 219: Controlling The Signal Contact
Operation Diagnosis 9.3 Out-of-band Signaling 9.3.1 Controlling the Signal Contact With this mode you can remotely control every signal contact individually. Application options:  Simulation of an error as an input for process control monitoring equipment.  Remote control of a device via SNMP, such as switching on a camera. ...
Page 220: Monitoring The Device Functions Via The Signal Contact
Operation Diagnosis 9.3 Out-of-band Signaling 9.3.3 Monitoring the Device Functions via the Signal Contact Configuring the operation monitoring   Select the Diagnostics:Signal Contact dialog.  Select "Monitoring correct operation" in the "Mode signal contact" frame to use the contact for operation monitoring. ...
Page 221 Operation Diagnosis 9.3 Out-of-band Signaling Figure 52: Signal Contact dialog Switch to the privileged EXEC mode. exit Displays the status of the operation monitoring show signal-contact 1 and the setting for the status determination. UM Basic Configuration L3P Release 7.1 12/2011...
Page 222: Monitoring The Fan
Operation Diagnosis 9.3 Out-of-band Signaling 9.3.4 Monitoring the Fan Devices in the Mach 4000 family have a replaceable plug-in fan unit. This plug-in fan helps considerably in reducing the internal temperature of the device. Fans are subject to natural wear. The failure of one or more fans in the plug- in fan can have a negative effect on the operation and life span of the device, or can lead to a total failure of the device.
Page 223 Operation Diagnosis 9.3 Out-of-band Signaling Proceed as follows to signal changes to the fan status via a signal contact and with an alarm message:  Select the Diagnostics:Signal Contact dialog.  Select the signal contact you want to use (in the example, signal contact 1) in the corresponding tab page “Signal contact 1”...
Page 224: Port Status Indication
Operation Diagnosis 9.4 Port Status Indication 9.4 Port Status Indication  Select the Basics:System dialog. The device view shows the device with the current configuration. The status of the individual ports is indicated by one of the symbols listed below. You will get a full description of the port's status by positioning the mouse pointer over the port's symbol.
Page 225 Operation Diagnosis 9.4 Port Status Indication What the symbols mean: The port (10, 100 Mbit/s, 1, 10 Gbit/s) is enabled and connection is OK. The port is blocked by network management and has no connection. The port is blocked by network management and has no connection.
Page 226: Event Counter At Port Level
Operation Diagnosis 9.5 Event Counter at Port Level 9.5 Event Counter at Port Level The port statistics table enables experienced network administrators to identify possible detected problems in the network. This table shows you the contents of various event counters. In the Restart menu item, you can reset all the event counters to zero using "Warm start", "Cold start"...
Page 227 Operation Diagnosis 9.5 Event Counter at Port Level Figure 55: Port Statistics dialog UM Basic Configuration L3P Release 7.1 12/2011...
Page 228: Detecting Non-Matching Duplex Modes
Operation Diagnosis 9.5 Event Counter at Port Level 9.5.1 Detecting Non-matching Duplex Modes If the duplex modes of 2 ports directly connected to each other do not match, this can cause problems that are difficult to track down. The automatic detection and reporting of this situation has the benefit of recognizing it before problems occur.
Page 229 Operation Diagnosis 9.5 Event Counter at Port Level  Collisions, late collisions: In full-duplex mode, the port does not count collisions or late collisions.  CRC error: The device only evaluates these errors as non-matching duplex modes in the manual full duplex mode. No.
Page 230 Operation Diagnosis 9.5 Event Counter at Port Level Activating the detection   Select the Switching:Global dialog.  Select “Enable duplex mismatch detection”. The device then checks whether the duplex mode of a port might not match the remote port. If the device detects a potential mismatch, it creates an entry in the event log and sends an alarm (trap).
Page 231: Displaying The Sfp Status
Operation Diagnosis 9.6 Displaying the SFP Status 9.6 Displaying the SFP Status The SFP status display allows you to look at the current SFP module connections and their properties. The properties include:  module type  support provided in media module ...
Page 232: Tp Cable Diagnosis
Operation Diagnosis 9.7 TP Cable Diagnosis 9.7 TP Cable Diagnosis The TP cable diagnosis allows you to check the connected cables for short- circuits or interruptions. Note: While the check is running, the data traffic at this port is suspended. The check takes a few seconds.
Page 233: Topology Discovery
Operation Diagnosis 9.8 Topology Discovery 9.8 Topology Discovery 9.8.1 Description of Topology-Detection IEEE 802.1AB defines the Link Layer Discovery Protocol (LLDP). LLDP allows the user to automatically detect the LAN network topology. Devices with LLDP active  broadcast their connection and management information to adjacent devices on the shared LAN.
Page 234 LLDP capability, then LLDP information exchanges are prevented between these two devices. To work around this, Hirschmann devices send and receive additional LLDP packets with the Hirschmann Multicast-MAC address 01:80:63:2F:FF:0B. Hirschmann devices with the LLDP function are therefore able to exchange LLDP information with each other even across devices that do not have LLDP capability.
Page 235: Displaying The Topology Discovery Results
Operation Diagnosis 9.8 Topology Discovery 9.8.2 Displaying the Topology Discovery Results  Select the Diagnostics:Topology Discovery dialog. The table on the “LLDP” tab page shows you the collected LLDP information for neighboring devices. This information enables the network management station to map the structure of your network. Activating “Display FDB entries”...
Page 236: Detecting Ip Address Conflicts
Operation Diagnosis 9.9 Detecting IP Address Conflicts 9.9 Detecting IP Address Conflicts 9.9.1 Description of IP Address Conflicts By definition, each IP address may only be assigned once within a subnetwork. Should two or more devices erroneously share the same IP address within one subnetwork, this will inevitably lead to communication disruptions with devices that have this IP address.
Page 237: Configuring Acd
Operation Diagnosis 9.9 Detecting IP Address Conflicts 9.9.2 Configuring ACD  Select the Diagnostics:IP Address Conflict Detection dialog.  With "Status" you enable/disable the IP address conflict detection or select the operating mode (see table 30). 9.9.3 Displaying ACD  Select the Diagnostics:IP Address Conflict Detection dialog.
Page 238: Detecting Loops
Operation Diagnosis 9.10 Detecting Loops 9.10 Detecting Loops Loops in the network, even temporary loops, can cause connection interruptions or data losses. The automatic detection and reporting of this situation allows you to detect it faster and diagnose it more easily. An incorrect configuration can cause a loop, for example, if you deactivate Spanning Tree.
Page 239: Reports
Operation Diagnosis 9.11 Reports 9.11 Reports The following reports and buttons are available for the diagnostics:  Log file. The log file is an HTML file in which the device writes all the important device-internal events.  System information. The system information is an HTML file containing all system-relevant data.
Page 240  Click “Save”. The device creates the file name of the applet automatically in the format <device type><software variant><software version)>_<software revision of applet>.jar, e.g. for a device of type PowerMICE with software variant L3P: “pmL3P06000_00.jar”. UM Basic Configuration L3P Release 7.1 12/2011...
Page 241: Monitoring Data Traffic At Ports (Port Mirroring)
Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring) 9.12 Monitoring Data Traffic at Ports (Port Mirroring) The port mirroring function enables you to review the data traffic at up to 8 ports of the device for diagnostic purposes. The device additionally forwards (mirrors) the data for these ports to another port.
Page 242 Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring)  Select the Diagnostics:Port Mirroring dialog. This dialog allows you to configure and activate the port mirroring function of the device.  Select the source ports whose data traffic you want to review from the list of physical ports by checkmarking the relevant boxes.
Page 243 Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring) The “Reset configuration” button in the dialog allows you to reset all the port mirroring settings of the device to the state on delivery. Note: When port mirroring is active, the specified destination port is used solely for reviewing, and does not participate in the normal data traffic.
Page 244: Syslog
Operation Diagnosis 9.13 Syslog 9.13 Syslog The device enables you to send messages about important device-internal events to one or more syslog servers (up to 8). Additionally, you can also include SNMP requests to the device as events in the syslog. Note: You will find the actual events that the device has logged in the “Event Log”...
Page 245 Operation Diagnosis 9.13 Syslog “SNMP Logging” frame:  Activate “Log SNMP Get Request” if you want to send reading SNMP requests to the device as events to the syslog server.  Select the level to report at which the device creates the events from reading SNMP requests.
Page 246 Operation Diagnosis 9.13 Syslog Log SNMP SET requests : enabled Log SNMP SET severity : notice Log SNMP GET requests : enabled Log SNMP GET severity : notice UM Basic Configuration L3P Release 7.1 12/2011...
Page 247: Event Log
Operation Diagnosis 9.14 Event Log 9.14 Event Log The device allows you to call up a log of the system events. The table of the “Event Log” dialog lists the logged events with a time stamp.  Click on “Load” to update the content of the event log. ...
Page 248 Operation Diagnosis 9.14 Event Log UM Basic Configuration L3P Release 7.1 12/2011...
Page 249: Ethernet/Ip
EtherNet/IP 10 EtherNet/IP EtherNet/IP, which is accepted worldwide, is an industrial communication protocol standardized by the Open DeviceNet Vendor Association (ODVA) on the basis of Ethernet. It is based on the widely used transport protocols TCP/IP and UDP/IP (standard). EtherNet/IP thus provides a wide basis, supported by leading manufacturers, for effective data communication in the industry sector.
Page 250 EtherNet/IP HTTP SNMP BOOTP DHCP IEEE 802.3 Ethernet Figure 61: EtherNet/IP (CIP) in the ISO/OSI reference model In particular, you will find EtherNet/IP in the USA and in conjunction with Rockwell controllers. For detailed information on EtherNet/IP, see the Internet site of ODVA at www.ethernetip.de.
Page 251: Integration Into A Control System
EtherNet/IP 10.1 Integration into a Control System 10.1 Integration into a Control System After installing and connecting the switch, you configure it according to the “Basic Configuration” user manual. Then:  Use the Web-based interface in the Switching:Multicasts:IGMP dialog to check whether the IGMP Snooping is activated.
Page 252 EtherNet/IP 10.1 Integration into a Control System Configuration of a PLC using the example of Rockwell  software  Open the “EDS Hardware Installation Tool” of RSLinx.  Use the “EDS Hardware Installation Tool” to add the EDS file.  Restart the “RSLinx” service so that RSLinx takes over the EDS file of the switch.
Page 253 EtherNet/IP 10.1 Integration into a Control System Figure 62: Integrating a new module into Logix 5000  In the module properties, enter a value of at least 100 ms for the Request Packet Interval (RPI). Figure 63: Module properties for the Request Packet Interval (RPI) UM Basic Configuration L3P Release 7.1 12/2011...
Page 254 On the website http://samplecode.rockwellautomation.com, search for catalog number 9701. This is the catalog number of an example for integrating Hirschmann switches into RS Logix 5000 rel. 16, PLC firmware release 16. UM Basic Configuration L3P Release 7.1 12/2011...
Page 255: Ethernet/Ip Parameters
10.2 EtherNet/IP Parameters 10.2.1 Identity Object The switch supports the identity object (class code 01) of EtherNet/IP. The Hirschmann manufacturer ID is 634. Hirschmann uses the manufacturer- specific ID 149 (95 ) to indicate the product type “Managed Ethernet Switch”.
Page 256: Tcp/Ip Interface Object
EtherNet/IP 10.2 EtherNet/IP Parameters 10.2.2 TCP/IP Interface Object The switch supports an instance (instance 1) of the TCP/IP Interface Object (Class Code F5 , 245) of EtherNet/IP. In the case of write access, the switch stores the complete configuration in its flash memory.
Page 257 EtherNet/IP 10.2 EtherNet/IP Parameters Attribute Access Data type Description rule Status DWORD Interface Status (0: Interface not configured, 1: Interface contains valid config). Interface DWORD Bit 0: BOOTP Client, Capability flags Bit 1: DNS Client, Bit 2: DHCP Client, Bit 3: DHCP-DNS Update, Bit 4: Configuration settable (within CIP).
Page 258: Ethernet Link Object
EtherNet/IP 10.2 EtherNet/IP Parameters 10.2.3 Ethernet Link Object The switch supports at least one instance (Instance 1; the instance of the CPU Ethernet interface) of the Ethernet Link Object (Class Code F6 , 246) of EtherNet/IP. Attribute Access Data type Description rule Interface Speed Get...
Page 259 EtherNet/IP 10.2 EtherNet/IP Parameters Attribute Access Data type Description rule Interface State Get USINT Value 0: Unknown interface state, Value 1: The interface is enabled, Value 2: The interface is disabled, Value 3: The interface is testing, Admin State USINT Value 1: Enable the interface, Value 2: Disable the interface.
Page 260 Description even number of 1 - 10/100 Mbit TX", or "unavailable", Bytes max. 64 Bytes. Table 35: Hirschmann Ethernet Link Object Extensions a. Unit: 1 hundredth of 1%, i.e., 100 corresponds to 1% UM Basic Configuration L3P Release 7.1 12/2011...
Page 261: Ethernet Switch Agent Object
EtherNet/IP 10.2 EtherNet/IP Parameters 10.2.4 Ethernet Switch Agent Object The switch supports the Hirschmann vendor specific Ethernet Switch Agent Object (Class Code 95 149) for the switch configuration and information parameters with one instance (Instance 1). For further information on these parameters and how to adjust them refer to the Reference Manual „GUI“...
Page 262 Flash write in progress Bit 1 Unable to write to flash or write incomplete Table 36: Hirschmann Ethernet switch Agent Object a. RS20/RS30/RS40, MS20/MS30, OCTOPUS, PowerMICE, RSR20/RSR30, MACH 100 and MACH 1000: 32 bit; MACH 4000: 64 bit UM Basic Configuration L3P...
Page 263 EtherNet/IP 10.2 EtherNet/IP Parameters The Hirschmann specific Ethernet Switch Agent Object provides you with the additional vendor specific service, with the Service-Code 35 for saving the switch configuration. The switch replies to the request for saving the configuration, as soon as it saved the configuration in the flash memory.
Page 264: Rstp Bridge Object
RSTP is a layer 2 protocol that enables the use of a redundant Ethernet topology (e.g., a ring topology). RSTP is specified in Chapter 17 of IEEE 802.1D-2004. The switch supports the Hirschmann-specific RSTP Bridge Object (class code 64 100) for the switch configuration and information parameters.
Page 265 For instance 1, it holds the port number of the DRSTP Primary instance‘s outer port.  For instance 2, it holds the port number of the DRSTP Secondary instance‘s outer port. Table 37: Hirschmann RSTP Bridge Object UM Basic Configuration L3P Release 7.1 12/2011...
Page 266: Rstp Port Object
10.2 EtherNet/IP Parameters 10.2.6 RSTP Port Object For the device TCSESM-E. The switch supports the Hirschmann-specific RSTP Port Object (class code 101) for the RSTP port configuration and information parameters with at least one instance. Instance 1 represents the CPU‘s Ethernet Interface, instance 2 represents...
Page 267 (refer to dot1dStpPortState in RFC 4188). 10 Port Role Unknown (0), Alternate/Backup (1), Root (2), Designated (3) (refer to dot1dStpTopChanges in RFC 4188). 100 DRSTP UINT Hirschmann-specific object. True (1), False (2). Table 38: Hirschmann RSTP Port Object UM Basic Configuration L3P Release 7.1 12/2011...
Page 268: I/O Data
Link Admin State Bitmask, one bit per port Output, DWORD 0: Port enabled, 1: Port disabled Table 39: I/O Data a. RS20/RS30/RS40, MS20/MS30, OCTOPUS, PowerMICE, RSR20/RSR30, MACH 100 and MACH 1000: 32 Bit; MACH 4000: 64 Bit UM Basic Configuration L3P...
Page 269: Assignment Of The Ethernet Link Object Instances
The table shows the assignment of the switch ports to the Ethernet Link Object Instances. Ethernet Link RS20/RS30/RS40 MS20/MS30, MACH 4000 Object Instance RSR20/RSR30, PowerMICE, OCTOPUS, MACH 100 MACH 1000 Module 1 / port 1 Module 1 / port 1 Module 1 / port 2 Module 1 / port 2...
Page 270: Supported Services
EtherNet/IP 10.2 EtherNet/IP Parameters 10.2.9 Supported Services The table gives you an overview of the services for the object instances supported by the EtherNet/IP implementation. Service code Identity Object TCP/IP Ethernet Link Switch Agent Interface Object Object Object Get Attribute All All Attributes All Attributes All Attributes...
Page 271: A Setting Up The Configuration Environment
Setting up the Configuration Environment A Setting up the Configuration Environment UM Basic Configuration L3P Release 7.1 12/2011...
Page 272: Setting Up A Dhcp/Bootp Server
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Serv- Environment A.1 Setting up a DHCP/BOOTP Server On the product CD supplied with the device you will find the software for a DHCP server from the software development company IT-Consulting Dr. Herbert Hanewinkel.
Page 273 Setting up the Configuration A.1 Setting up a DHCP/BOOTP Serv- Environment Note: The installation procedure includes a service that is automatically started in the basic configuration when Windows is activated. This service is also active if the program itself has not been started. When started, the service responds to DHCP queries.
Page 274 Setting up the Configuration A.1 Setting up a DHCP/BOOTP Serv- Environment Figure 66: Adding configuration profiles  Enter the network mask and click Accept. Figure 67: Network mask in the configuration profile  Select the Boot tab page.  Enter the IP address of your tftp server. ...
Page 275 Setting up the Configuration A.1 Setting up a DHCP/BOOTP Serv- Environment Figure 68: Configuration file on the tftp server  Add a profile for each device type. If devices of the same type have different configurations, then you add a profile for each configuration.
Page 276 Setting up the Configuration A.1 Setting up a DHCP/BOOTP Serv- Environment Figure 70: Static address input  Click New. Figure 71: Adding static addresses  Enter the MAC address of the device.  Enter the IP address of the device. ...
Page 277 Setting up the Configuration A.1 Setting up a DHCP/BOOTP Serv- Environment Figure 72: Entries for static addresses  Add an entry for each device that will get its parameters from the DHCP server. Figure 73: DHCP server with entries UM Basic Configuration L3P Release 7.1 12/2011...
Page 278: Setting Up A Dhcp Server With Option
Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 A.2 Setting up a DHCP Server with Option 82 On the product CD supplied with the device you will find the software for a DHCP server from the software development company IT-Consulting Dr. Herbert Hanewinkel.
Page 279 Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 Figure 75: DHCP setting  To enter the static addresses, click New. Figure 76: Adding static addresses  Select Circuit Identifier and Remote Identifier. UM Basic Configuration L3P Release 7.1 12/2011...
Page 280 ID  cl: length of the circuit ID  hh: Hirschmann ID: 01 if a Hirschmann device is connected to the port, otherwise 00.  vvvv: VLAN ID of the DHCP request (default: 0001 = VLAN 1) ...
Page 281 Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 Figure 78: Entering the addresses Switch (Option 82) MAC = IP = 00:80:63:10:9a:d7 149.218.112.100 DHCP Server IP = 149.218.112.1 IP = 149.218.112.100 Figure 79: Application example of using Option 82 UM Basic Configuration L3P Release 7.1 12/2011...
Page 282: Tftp Server For Software Updates
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3 TFTP Server for Software Updates On delivery, the device software is held in the local flash memory. The device boots the software from the flash memory. Software updates can be performed via a tftp server. This presupposes that a tftp server has been installed in the connected network and that it is active.
Page 283: Setting Up The Tftp Process
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3.1 Setting up the tftp Process General prerequisites:  The local IP address of the device and the IP address of the tftp server or the gateway are known to the device. ...
Page 284 Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates You can obtain additional information about the tftpd daemon tftpd with the UNIX command "man tftpd". Note: The command "ps" does not always show the tftp daemon, although it is actually running. Special steps for HP workstations: ...
Page 285 Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates Checking the tftp process Edit the file e t c i n e t d . c o n f Is tftp* commented out? Delete the comment character »#« from this line Re-initialize inetd.conf by entering k i l l - 1 P I D...
Page 286: Software Access Rights
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3.2 Software Access Rights The agent needs read permission for the tftp directory on which the device software is stored. Example of a UNIX tftp Server  Once the device software has been installed, the tftp server should have the following directory structure with the stated access rights: File name Access...
Page 287: Preparing Access Via Ssh
Setting up the Configuration A.4 Preparing access via SSH Environment A.4 Preparing access via SSH To access the device through an SSH, follow the steps below:  Generate a key (SSH Host Key).  Install the key on the device. ...
Page 288 Setting up the Configuration A.4 Preparing access via SSH Environment Figure 81: PuTTY key generator For experienced network administrators, another way of creating the key is with the OpenSSH Suite. To generate the key, enter the following command: ssh-keygen(.exe) -q -t rsa1 -f rsa1.key -C '' -N '' UM Basic Configuration L3P Release 7.1 12/2011...
Page 289: Uploading The Key
Setting up the Configuration A.4 Preparing access via SSH Environment A.4.2 Uploading the key You can upload the SSH key to the device using the Command Line Interface.  Place the key file on your FTP server. Switch to the privileged EXEC mode. enable Deactivate the SSH function on the device before no ip ssh...
Page 290: Access Through An Ssh
Setting up the Configuration A.4 Preparing access via SSH Environment A.4.3 Access through an SSH One way of accessing your device through an SSH is by using the PuTTY program. This program is provided on the product-CD.  Start the program by double-clicking on it. ...
Page 291 Setting up the Configuration A.4 Preparing access via SSH Environment Figure 83: Security query at the defined warning threshold  Click on "Yes" in the security alarm message. To suppress this message when establishing subsequent connections, select "SSH" in the "Category" box in the PuTTY program before opening the connection.
Page 292 Setting up the Configuration A.4 Preparing access via SSH Environment UM Basic Configuration L3P Release 7.1 12/2011...
Page 293: B General Information
General Information B General Information UM Basic Configuration L3P Release 7.1 12/2011...
Page 294: Management Information Base (Mib)
General Information B.1 Management Information Base (MIB) B.1 Management Information Base (MIB) The Management Information Base (MIB) is designed in the form of an abstract tree structure. The branching points are the object classes. The "leaves" of the MIB are called generic object classes.
Page 295 Lower (e.g. threshold value) Power supply Power supply System User interface Upper (e.g. threshold value) Vendor = manufacturer (Hirschmann) Definition of the syntax terms used: Integer An integer in the range -2 IP Address xxx.xxx.xxx.xxx (xxx = integer in the range 0-255)
Page 296 11 snmp 16 rmon 17 dot1dBridge 26 snmpDot3MauMGT Figure 84: Tree structure of the Hirschmann MIB A complete description of the MIB can be found on the product CD provided with the device. UM Basic Configuration L3P Release 7.1 12/2011...
Page 297: Abbreviations Used
General Information B.2 Abbreviations used B.2 Abbreviations used AutoConfiguration Adapter Access Control List BOOTP Bootstrap Protocol Command Line Interface DHCP Dynamic Host Configuration Protocol Forwarding Database GARP General Attribute Registration Protocol GMRP GARP Multicast Registration Protocol HTTP Hypertext Transfer Protocol ICMP Internet Control Message Protocol IGMP...
Page 298: Technical Data
General Information B.3 Technical Data B.3 Technical Data You will find the technical data in the document “GUI Reference Manual” (Graphical User Interface / Web-based Interface). UM Basic Configuration L3P Release 7.1 12/2011...
Page 299: Readers' Comments
General Information B.4 Readers’ Comments B.4 Readers’ Comments What is your opinion of this manual? We are always striving to provide as comprehensive a description of our product as possible, as well as important information that will ensure trouble-free operation. Your comments and suggestions help us to further improve the quality of our documentation.
Page 300 Please fill out and return this page  as a fax to the number +49 (0)7127/14-1600 or  per mail to Hirschmann Automation and Control GmbH Department 01RD-NT Stuttgarter Str. 45-51 72654 Neckartenzlingen UM Basic Configuration L3P Release 7.1 12/2011...
Page 301: Index
Index B.4 Readers’ Comments C Index Cold start 39, 56, 71, 73, 214 Command Line Interface Common Industrial Protocol 168, 168 Configuration Configuration changes APNIC Configuration data 41, 49, 58, 64 ARIN Configuration file 46, 61, 61, 61 Connection error ASF Finder Access Access Control List...
Page 302 Index B.4 Readers’ Comments GARP GMRP 153, 162 MAC destination address GMRP per port Gateway 28, 34 Maximum bandwidth Generic Ethernet Module Media module (for mudular devices), source Generic object classes for alarms Grandmaster Message Message URL http://www.hicomcenter.com HIPER-Ring Multicast 128, 150, 153, 155 HIPER-Ring (source for alarms) Multicast address...
Page 303 Index B.4 Readers’ Comments Port priority Precedence Segmentation Precision Time Protocol 121, 131 Service Priority 169, 175 Service provider Priority Queues Signal contact 82, 218 Priority tagged frames Signal contact (source for alarm) Protocol stack Signal runtime Simple Network Time Protocol Software Software release Query...
Page 304 Index B.4 Readers’ Comments Type of Service UDP/IP USB stick Unicast Untrusted Update User name V.24 18, 19 VLAN 169, 175, 187 VLAN Tag VLAN priority VLAN tag 169, 187 VLAN tunnel VLAN-ID (network parameters for the device) VRRP Video VoIP Web-based Interface Web-based interface...
Page 305: D Further Support
Further Support D Further Support Technical Questions  For technical questions, please contact any Hirschmann dealer in your area or Hirschmann directly. You will find the addresses of our partners on the Internet at http://www.beldensolutions.com Contact our support at https://hirschmann-support.belden.eu.com...
Page 306 Further Support With the Hirschmann Competence Center, you have decided against making any compromises. Our client-customized package leaves you free to choose the service components you want to use. Internet: http://www.hicomcenter.com UM Basic Configuration L3P Release 7.1 12/2011...
Page 307 Further Support UM Basic Configuration L3P Release 7.1 12/2011...

This manual is also suitable for:

Mach 4000 Mach 1040

Hirschmann PowerMICE User Manual

1 Access to the User Interfaces

2 Entering the IP Parameters

3 Loading/Saving Settings

4 Loading Software Updates

5 Configuring the Ports

6 Assistance in the Protection from Unauthorized

7 Synchronizing the System Time in the Network

8 Network Load Control

9 Operation Diagnosis

10 Ethernet/Ip

Quick Links

User Manual

Basic Configuration

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Hirschmann PowerMICE

Summary of Contents for Hirschmann PowerMICE