Page 1 User Manual Basic Configuration Industrial ETHERNET (Gigabit) Switch RS20/RS30/RS40, MS20/MS30, OCTOPUS, PowerMICE, RSR20/RSR30, MACH 100, MACH 1000, MACH 4000 Basic Configuration Technical Support Release 6.0 07/2010 HAC.Support@Belden.com...
Page 2 In addition, we refer to the conditions of use specified in the license contract. You can get the latest version of this manual on the Internet at the Hirschmann product site (www.hirschmann-ac.de). Printed in Germany Hirschmann Automation and Control GmbH Stuttgarter Str.
Page 3: Table Of Contents
Contents Contents About this Manual Introduction Access to the user interfaces System Monitor Command Line Interface Web-based Interface Entering the IP Parameters IP Parameter Basics 2.1.1 IP address (version 4) 2.1.2 Netmask 2.1.3 Classless Inter-Domain Routing Entering IP parameters via CLI Entering the IP Parameters via HiDiscovery Loading the system configuration from the ACA System configuration via BOOTP...
Page 4 Contents 3.2.2 Saving to a file on URL 3.2.3 Saving to a binary file on the PC 3.2.4 Saving as a script on the PC Loading Software Updates Loading the Software manually from the ACA 4.1.1 Selecting the software to be loaded 4.1.2 Starting the software 4.1.3 Performing a cold start Automatic software update by ACA...
Page 5 8.2.6 Setting GMRP Rate Limiter 8.3.1 Description of the Rate Limiter 8.3.2 Rate Limiter Settings (PowerMICE and MACH 4000) 8.3.3 Rate Limiter settings for RS20/RS30/40, MS20/MS30, RSR20/RSR30, MACH 100, MACH 1000 and OCTOPUS QoS/Priority 8.4.1 Description of Prioritization 8.4.2 VLAN tagging 8.4.3 IP ToS / DiffServ...
Page 6 Contents 8.6.1 VLAN Description 8.6.2 Examples of VLANs Operation Diagnosis Sending Traps 9.1.1 List of SNMP Traps 9.1.2 SNMP Traps during Boot 9.1.3 Configuring Traps Monitoring the Device Status 9.2.1 Configuring the Device Status 9.2.2 Displaying the Device Status Out-of-band Signaling 9.3.1 Controlling the Signal Contact 9.3.2 Monitoring the Device Status via the Signal Contact 9.3.3 Monitoring the Device Functions via the Signal...
Page 7 Contents 9.14 Event Log Setting up the Configuration Environment General Information Index Further Support Basic Configuration Release 6.0 07/2010...
Page 8 Contents Basic Configuration Release 6.0 07/2010...
Page 9: About This Manual
About this Manual About this Manual The “Basic Configuration” user manual contains the information you need to start operating the device. It takes you step by step from the first startup operation through to the basic settings for operation in your environment. The following thematic sequence has proven itself in practice: Set up device access for operation by entering the IP parameters Check the status of the software and update it if necessary...
Page 10: About This Manual
About this Manual The "Command Line Interface" reference manual contains detailed information on using the Command Line Interface to operate the individual functions of the device. The Network Management Software HiVision/Industrial HiVision provides you with additional options for smooth configuration and monitoring: Configuration of multiple devices simultaneously.
Page 11: Key
The designations used in this manual have the following meanings: List Work step Subheading Link Indicates a cross-reference with a stored link Note: A note emphasizes an important fact or draws your attention to a dependency. ASCII representation in user interface Courier Execution in the Web-based Interface user interface Execution in the Command Line Interface user interface...
Page 12 Bridge A random computer Configuration Computer Server PLC - Programmable logic controller I/O - Robot Basic Configuration Release 6.0 07/2010...
Page 13: Introduction
Introduction Introduction The device has been developed for practical application in a harsh industrial environment. Accordingly, the installation process has been kept simple. Thanks to the selected default settings, you only have to enter a few settings before starting to operate the device. Note: The changes you make in the dialogs are copied into the volatile memory of the device when you click on "Set".
Page 14 Introduction Basic Configuration Release 6.0 07/2010...
Page 15: Access To The User Interfaces
Access to the user interfaces 1 Access to the user interfaces The device has 3 user interfaces, which you can access via different interfaces: System monitor via the V.24 interface (out-of-band) Command Line Interface (CLI) via the V.24 connection (out-of-band) as well as Telnet or SSH (in-band) Web-based interface via Ethernet (in-band).
Page 16: System Monitor
Access to the user interfaces 1.1 System Monitor 1.1 System Monitor The system monitor enables you to select the software to be loaded perform a software update start the selected software shut down the system monitor delete the configuration saved and display the boot code information.
Page 17 Access to the user interfaces 1.1 System Monitor < Device Name (Boot) Release: 1.00 Build: 2005-09-17 15:36 > Press <1> to enter System Monitor 1 ... Figure 1: Screen display during the boot process Press the <1> key within one second to start system monitor 1. System Monitor (Selected OS: L3P-01.0.00-K16 (2005-10-31 19:32)) Select Boot Operating System...
Page 18: Command Line Interface
Access to the user interfaces 1.2 Command Line Interface 1.2 Command Line Interface The Command Line Interface enables you to use the functions of the device via a local or remote connection. The Command Line Interface provides IT specialists with a familiar environment for configuring IT devices.
Page 19 Access to the user interfaces 1.2 Command Line Interface Copyright (c) 2004-2009 Hirschmann Automation and Control GmbH All rights reserved PowerMICE Release L3P-05.1.00 (Build date 2009-10-11 12:13) System Name: PowerMICE Mgmt-IP 10.0.1.105 1.Router-IP: 0.0.0.0 Base-MAC 00:80:63:51:74:00 System Time: 2009-10-11 13:14:15...
Page 20 NOTE: Enter '?' for Command Help. Command help displays all options that are valid for the 'normal' and 'no' command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann Product) > Figure 4: CLI screen after login Basic Configuration Release 6.0 07/2010...
Page 21: Web-Based Interface
Access to the user interfaces 1.3 Web-based Interface 1.3 Web-based Interface The user-friendly Web-based interface gives you the option of operating the device from any location in the network via a standard browser such as Mozilla Firefox or Microsoft Internet Explorer. As a universal access tool, the Web browser uses an applet which communicates with the device via the Simple Network Management Protocol (SNMP).
Page 22 Access to the user interfaces 1.3 Web-based Interface Start your Web browser. Check that you have activated JavaScript and Java in your browser settings. Establish the connection by entering the IP address of the device which you want to administer via the Web-based management in the address field of the Web browser.
Page 23 Access to the user interfaces 1.3 Web-based Interface The website of the device appears on the screen. Note: The changes you make in the dialogs are copied to the device when you click "Set". Click "Reload" to update the display. Note: You can block your access to the device by entering an incorrect configuration.
Page 24 Access to the user interfaces 1.3 Web-based Interface Basic Configuration Release 6.0 07/2010...
Page 25: Entering The Ip Parameters
Entering the IP Parameters 2 Entering the IP Parameters The IP parameters must be entered when the device is installed for the first time. The device provides 7 options for entering the IP parameters during the first installation: Entry using the Command Line Interface (CLI). You choose this “out of band”...
Page 26 Entering the IP Parameters Using DHCP Option 82. You choose this “in-band” method if you want to configure the installed device using DHCP Option 82. You need a DHCP server with Option 82 for this. The DHCP server assigns the configuration data to the device using its physical connection (see page 49 “System Configuration via DHCP Option...
Page 27: Ip Parameter Basics
Entering the IP Parameters 2.1 IP Parameter Basics 2.1 IP Parameter Basics 2.1.1 IP address (version 4) The IP addresses consist of 4 bytes. These 4 bytes are written in decimal notation, separated by a decimal point. Since 1992, five classes of IP address have been defined in the RFC 1340. Class Network Host address...
Page 28: Netmask
Entering the IP Parameters 2.1 IP Parameter Basics Net ID - 7 bits Host ID - 24 bits Class A Net ID - 14 bits Host ID - 16 bits Class B Net ID - 21 bits Host ID - 8 bit s Class C Multicast Group ID - 28 bits Class D...
Page 29 Entering the IP Parameters 2.1 IP Parameter Basics Example of a netmask: Decimal notation 255.255.192.0 Binary notation 11111111.11111111.11000000.00000000 Subnetwork mask bits Class B Example of IP addresses with subnetwork assignment when the above subnet mask is applied: Decimal notation 129.218.65.17 128 <...
Page 30 Entering the IP Parameters 2.1 IP Parameter Basics Example of how the network mask is used In a large network it is possible that gateways and routers separate the management agent from its management station. How does addressing work in such a case? Romeo Juliet Lorenzo...
Page 31: Classless Inter-Domain Routing
Entering the IP Parameters 2.1 IP Parameter Basics Lorenzo receives the letter and removes the outer envelope. From the inner envelope he recognizes that the letter is meant for Juliet. He places the inner envelope in a new outer envelope and searches his address list (the ARP table) for Juliet's MAC address.
Page 32 Entering the IP Parameters 2.1 IP Parameter Basics Since 1993, RFC 1519 has been using Classless Inter Domain Routing (CIDR) to provide a solution to get around these problems. CIDR overcomes these class boundaries and supports classless address ranges. With CIDR, you enter the number of bits that designate the IP address range. You represent the IP address range in binary form and count the mask bits that designate the netmask.
Page 33: Entering Ip Parameters Via Cli
Entering the IP Parameters 2.2 Entering IP parameters via CLI 2.2 Entering IP parameters via If you do not configure the system via BOOTP/DHCP, DHCP Option 82, the HiDiscovery protocol or the AutoConfiguration AdapterACA, then you perform the configuration via the V.24 interface using the CLI. Entering IP addresses Connect the PC with terminal program started to the RJ11 socket...
Page 34 NOTE: Enter '?' for Command Help. Command help displays all options that are valid for the 'normal' and 'no' command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann PowerMICE) > Deactivate DHCP. Enter the IP parameters. Local IP address On delivery, the device has the local IP address 0.0.0.0.
Page 35 Entering the IP Parameters 2.2 Entering IP parameters via CLI Switch to the Privileged EXEC mode. enable Deactivate DHCP. network protocol none Assign the device the IP address 10.0.1.23 and network parms 10.0.1.23 the netmask 255.255.255.0. You have the option 255.255.255.0 of also assigning a gateway address.
Page 36: Entering The Ip Parameters Via Hidiscovery
Entering the IP Parameters 2.3 Entering the IP Parameters via Hi- Discovery 2.3 Entering the IP Parameters via HiDiscovery The HiDiscovery protocol enables you to assign IP parameters to the device via the Ethernet. You can easily configure other parameters via the Web-based interface (see the "Web-based Interface"...
Page 37 Entering the IP Parameters 2.3 Entering the IP Parameters via Hi- Discovery Figure 10: HiDiscovery When HiDiscovery is started, it automatically searches the network for those devices which support the HiDiscovery protocol. HiDiscovery uses the first PC network card found. If your computer has several network cards, you can select these in HiDiscovery on the toolbar.
Page 38 Entering the IP Parameters 2.3 Entering the IP Parameters via Hi- Discovery Figure 11: HiDiscovery - assigning IP parameters Note: When the IP address is entered, the device copies the local configuration settings (see on page 53 “Loading/saving settings“). Note: For security reasons, switch off the HiDiscovery function for the device in the Web-based interface, after you have assigned the IP parameters to the device (see on page 50 “Web-based IP...
Page 39: Loading The System Configuration From The Aca
Entering the IP Parameters 2.4 Loading the system configuration from the ACA 2.4 Loading the system configuration from the ACA The AutoConfiguration Adapter (ACA) is a device for storing the configuration data of a device and storing the device software. In the case of a device becoming inoperative, the ACA makes it possible to easily transfer the configuration data by means of a substitute device of the same type.
Page 40 Entering the IP Parameters 2.4 Loading the system configuration from the ACA Figure 12: Flow chart of loading configuration dats from the ACA 1 – Device start-up 2 – ACA plugged-in? 3 – Password in device and ACA identical? 3a – Default password in device? 4 –...
Page 41: System Configuration Via Bootp
Entering the IP Parameters 2.5 System configuration via BOOTP 2.5 System configuration via BOOTP When it is started up via BOOTP (bootstrap protocol), a device receives its configuration data in accordance with the “BOOTP process” flow chart (see fig. 13). Note: In its delivery state, the device gets its configuration data from the DHCP server.
Page 42 Entering the IP Parameters 2.5 System configuration via BOOTP switch_01:ht=ethernet:ha=008063086501:ip=10.1.112.83:tc=.global: switch_02:ht=ethernet:ha=008063086502:ip=10.1.112.84:tc=.global: Lines that start with a ‘#’ character are comment lines. The lines under “.global:” make the configuration of several devices easier. With the template (tc) you allocate the global configuration data (tc=.global:) to each device .
Page 43 Entering the IP Parameters 2.5 System configuration via BOOTP Start-up Load default configuration Device in initalization Device runs with settings from local flash Send DHCP DHCP/ BOOTP BOOTP? Requests Reply from Save IP parameter DHCP/BOOTP and config file URL server? locally initialize IP stack with IP parameters...
Page 44 Entering the IP Parameters 2.5 System configuration via BOOTP Load remote Start tftp process configuration from with config URL of DHCP? file URL of DHCP tftp successful? Load transferred config file Save transferred config file local and set boot configuration to local Loading of configurations data...
Page 45 Entering the IP Parameters 2.5 System configuration via BOOTP Note: The loading process started by DHCP/BOOTP (see on page 218 “Setting up a DHCP/BOOTP Server“) shows the selection of "from URL & save locally" in the "Load" frame. If you get an error message when saving a configuration, this could be due to an active loading process.
Page 46: System Configuration Via Dhcp
Entering the IP Parameters 2.6 System Configuration via DHCP 2.6 System Configuration via DHCP The DHCP (Dynamic Host Configuration Protocol) is a further development of BOOTP, which it has replaced. The DHCP additionally allows the configuration of a DHCP client via a name instead of via the MAC address. For the DHCP, this name is known as the “client identifier”...
Page 47 Entering the IP Parameters 2.6 System Configuration via DHCP Option Meaning Subnet Mask Time Offset Router Time server Host Name Client Identifier TFTP Server Name Bootfile Name Table 3: DHCP options which the device requests The advantage of using DHCP instead of BOOTP is that the DHCP server can restrict the validity of the configuration parameters (“Lease”) to a specific time period (known as dynamic address allocation).
Page 48 Entering the IP Parameters 2.6 System Configuration via DHCP Example of a DHCP configuration file: # /etc/dhcpd.conf for DHCP Daemon subnet 10.1.112.0 netmask 255.255.240.0 { option subnet-mask 255.255.240.0; option routers 10.1.112.96; # Host berta requests IP configuration # with her MAC address host berta { hardware ethernet 00:80:63:08:65:42;...
Page 49: System Configuration Via Dhcp Option
Entering the IP Parameters 2.7 System Configuration via DHCP Option 82 2.7 System Configuration via DHCP Option 82 As with the classic DHCP, on startup an agent receives its configuration data according to the “BOOTP/DHCP process” flow chart (see fig. 13).
Page 50: Web-Based Ip Configuration
Entering the IP Parameters 2.8 Web-based IP Configuration 2.8 Web-based IP Configuration With the Basic Settings:Network dialog you define the source from which the device gets its IP parameters after starting, and you assign the IP parameters and VLAN ID and configure the HiDiscovery access. Figure 16: Network Parameters Dialog Under “Mode”, you enter where the device gets its IP parameters: In the BOOTP mode, the configuration is via a BOOTP or DHCP...
Page 51 Entering the IP Parameters 2.8 Web-based IP Configuration Enter the parameters on the right according to the selected mode. You enter the name applicable to the DHCP protocol in the “Name” line in the system dialog of the Web-based interface. The “VLAN”...
Page 52: Faulty Device Replacement
Entering the IP Parameters 2.9 Faulty Device Replacement 2.9 Faulty Device Replacement The device provides 2 plug-and-play solutions for replacing a faulty device with a device of the same type (faulty device replacement): Configuring the new device using an AutoConfiguration Adapter(see on page 39 “Loading the system configuration from the ACA“) configuration via DHCP Option 82...
Page 53: Loading/Saving Settings
Loading/saving settings 3 Loading/saving settings The device saves settings such as the IP parameters and the port configuration in the temporary memory. These settings are lost when you switch off orreboot the device. The device enables you to load settings from a non-volatile memory into the temporary memory save settings from the temporary memory in a non-volatile memory.
Page 54: Loading Settings
Loading/saving settings 3.1 Loading settings 3.1 Loading settings When it is restarted, the device loads its configuration data from the local non-volatile memory, provided you have not activated BOOTP/DHCP and no ACA is connected to the device. During operation, the device allows you to load settings from the following sources: the local non-volatile memory from the AutoConfiguration Adapter.
Page 55: Loading From The Local Non-Volatile Memory
Loading/saving settings 3.1 Loading settings 3.1.1 Loading from the local non-volatile memory When loading the configuration data locally, the device loads the configuration data from the local non-volatile memory if no ACA is connected to the device. Select the Basics: Load/Save dialog. In the "Load"...
Page 56: Loading From A File
Loading/saving settings 3.1 Loading settings 3.1.3 Loading from a file The device allows you to load the configuration data from a file in the connected network if there is no AutoConfiguration Adapter connected to the device. Select the Basics: Load/Save dialog. In the "Load"...
Page 57 Loading/saving settings 3.1 Loading settings Figure 17: Load/Save dialog Switch to the Privileged EXEC mode. enable The device loads the configuration data from a copy tftp://10.1.112.159/ tftp server in the connected network. switch/config.dat nvram:startup-config Note: The loading process started by DHCP/BOOTP (see on page 41 “System configuration via BOOTP“) shows the selection of "from URL &...
Page 58: Resetting The Configuration To The State On Delivery
Loading/saving settings 3.1 Loading settings 3.1.4 Resetting the configuration to the state on delivery The device enables you to reset the current configuration to the state on delivery. The locally saved configuration is kept. reset the device to the state on delivery. After the next restart, the IP address is also in the state on delivery.
Page 59: Saving Settings
Loading/saving settings 3.2 Saving settings 3.2 Saving settings In the "Save" frame, you have the option to save the current configuration on the device save the current configuration in binary form in a file under the specified URL, or as an editable and readable script save the current configuration in binary form or as an editable and readable script on the PC.
Page 60: Saving To A File On Url
Loading/saving settings 3.2 Saving settings Note: After you have successfully saved the configuration on the device, the device sends an alarm (trap) hmConfigurationSavedTrap together with the information about the AutoConfiguration Adapter (ACA), if one is connected. When you change the configuration for the first time after saving it, the device sends a trap hmConfigurationChangedTrap.
Page 61: Saving To A Binary File On The Pc
Loading/saving settings 3.2 Saving settings Select the Basics: Load/Save dialog. In the “Save” frame, click “to URL (binary)” to receive a binary file, or “to URL (script)” to receive an editable and readable script. In the “URL” frame, enter the path under which you want the device to save the configuration file.
Page 62: Saving As A Script On The Pc
Loading/saving settings 3.2 Saving settings In the save dialog, enter the name of the file in which you want the device to save the configuration file. Click "Save". 3.2.4 Saving as a script on the PC The device allows you to save the current configuration data in an editable and readable file on your PC.
Page 63: Loading Software Updates
Loading Software Updates 4 Loading Software Updates Hirschmann never stops working on improving the performance of its products. So it is possible that you may find a more up to date release of the device software on the Hirschmann Internet site (www.hirschmann.com) than the release saved on your device.
Page 64: Loading The Software
Loading Software Updates Loading the software The device gives you 4 options for loading the software: manually from the ACA 21 USB (out-of-band), automatically from the ACA 21 USB (out-of-band), via TFTP from a tftp server (in-band) and via a file selection dialog from your PC. Note: The existing configuration of the device is still there after the new software is installed.
Page 65: Loading The Software Manually From The Aca
Loading Software Updates 4.1 Loading the Software manually from the ACA 4.1 Loading the Software manually from the ACA You can connect the ACA 21-USB to a USB port of your PC like a conventional USB stick and copy the device software into the main directory of the ACA 12-USB.
Page 66: Selecting The Software To Be Loaded
Loading Software Updates 4.1 Loading the Software manually from the ACA 4.1.1 Selecting the software to be loaded In this menu item of the system monitor, you select one of two possible software releases that you want to load. The following window appears on the screen: Select Operating System Image (Available OS: Selected: 05.0.00 (2009-08-07 06:05), Backup: 04.2.00 (2009-07-06 06:05 (Locally selected: 05.0.00 (2009-08-07 06:05))
Page 67: Starting The Software
Loading Software Updates 4.1 Loading the Software manually from the ACA Test stored images in flash memory Select 3 to check whether the images of the software stored in the flash memory contain valid codes. Test stored images in USB memory Select 4, to check whether the images of the software stored in the ACA 21-USB contain valid codes.
Page 68: Automatic Software Update By Aca
Loading Software Updates 4.2 Automatic software update by 4.2 Automatic software update by ACA For a software update via the ACA, first copy the new device software into the main directory of the AutoConfiguration Adapter. If the version of the software on the ACA is newer or older than the version on the device, the device performs a software update.
Page 69 Loading Software Updates 4.2 Automatic software update by One of the following messages in the log file indicates the result of the update process: S_watson_AUTOMATIC_SWUPDATE_SUCCESSFUL: Update completed successfully. S_watson_AUTOMATIC_SWUPDATE_FAILED_WRONG_FILE: Update failed. Reason: incorrect file. S_watson_AUTOMATIC_SWUPDATE_FAILED_SAVING_FILE: Update failed. Reason: error when saving. In your browser, click on “Reload”...
Page 70: Loading The Software From The Tftp Server
Loading Software Updates 4.3 Loading the software from the tftp server 4.3 Loading the software from the tftp server For a tftp update, you need a tftp server on which the software to be loaded is stored (see on page 228 “TFTP Server for Software Updates“).
Page 71 Loading Software Updates 4.3 Loading the software from the tftp server Enter the path of the device software. Click on "Update" to load the software from the tftp server to the device. Figure 19: Software update dialog After successfully loading it, you activate the new software: Select the dialog Basic Settings:Restart and perform a cold start.
Page 72: Loading The Software Via File Selection
Loading Software Updates 4.4 Loading the Software via File Selection 4.4 Loading the Software via File Selection For an HTTP software update (via a file selection window), the device software must be on a data carrier that you can access via a file selection window from your workstation.
Page 73: Configuring The Ports
Configuring the Ports 5 Configuring the Ports The port configuration consists of: Switching the port on and off Selecting the operating mode Activating the display of connection error messages Configuring Power over ETHERNET. Switching the port on and off In the state on delivery, all the ports are switched on. For a higher level of access security, switch off the ports at which you are not making any connection.
Page 74: Configuring Power Over Ethernet
Configuring the Ports Displaying connection error messages In the state on delivery, the device displays connection errors via the signal contact and the LED display. The device allows you to suppress this display, because you do not want to interpret a switched off device as an interrupted connection, for example.
Page 75 Configuring the Ports Nominal power for MACH 4000: The device provides the nominal power for the sum of all PoE ports plus a surplus. Should the connected devices require more PoE power than is provided, the device then switches PoE off at the ports. Initially, the device switches PoE off at the ports with the lowest PoE priority.
Page 76 Configuring the Ports The difference between the "nominal" and "reserved" power indicates how much power is still available to the free PoE ports. In the “POE on” column, you can enable/disable PoE at this port. The “Status” column indicates the PoE status of the port. In the “Priority”...
Page 77: Protection From Unauthorized Access
Protection from Unauthorized Access 6 Protection from Unauthorized Access The device provides you with the following functions to help you protect it against unauthorized access. Password for SNMP access Telnet/Web/SSH access disabling Restricted management access HiDiscovery function disabling Port access control via IP or MAC address Port authentication according to IEEE 802.1X Basic Configuration Release 6.0 07/2010...
Page 78: Protecting The Device
Protection from Unauthorized Access 6.1 Protecting the device 6.1 Protecting the device If you want to maximize the protection of the device against unauthorized access in just a few steps, you can perform some or all of the following steps on the device: Deactivate SNMPv1 and SNMPv2 and select a password for SNMPv3 access other than the standard password...
Page 79: Password For Snmp Access
Protection from Unauthorized Access 6.2 Password for SNMP access 6.2 Password for SNMP access 6.2.1 Description of password for SNMP access A network management station communicates with the device via the Simple Network Management Protocol (SNMP). Every SNMP packet contains the IP address of the sending computer and the password with which the sender of the packet wants to access the device MIB.
Page 80: Entering The Password For Snmp Access
Protection from Unauthorized Access 6.2 Password for SNMP access 6.2.2 Entering the password for SNMP access Select the Security:Password/SNMP Access dialog. This dialog gives you the option of changing the read and read/write passwords for access to the device via the Web-based interface, via the CLI, and via SNMPv3 (SNMP version 3).
Page 81 Protection from Unauthorized Access 6.2 Password for SNMP access Figure 21: Password/SNMP Access dialog Note: If you do not know a password with “read/write” access, you will not have write access to the device. Note: For security reasons, the device does not display the passwords. Make a note of every change.
Page 82 Protection from Unauthorized Access 6.2 Password for SNMP access Select the Security:SNMPv1/v2 access dialog. With this dialog you can select the access via SNMPv1 or SNMPv2. In the state on delivery, both protocols are activated. You can thus manage the device with HiVision and communicate with earlier versions of SNMP.
Page 83 Protection from Unauthorized Access 6.2 Password for SNMP access Figure 22: SNMPv1/v2 access dialog To create a new line in the table click "Create entry". To delete an entry, select the line in the table and click "Delete". Basic Configuration Release 6.0 07/2010...
Page 84: Telnet/Web/Ssh Access
Protection from Unauthorized Access 6.3 Telnet/Web/SSH Access 6.3 Telnet/Web/SSH Access 6.3.1 Description of Telnet Access The Telnet server of the device allows you to configure the device by using the Command Line Interface (in-band). You can deactivate the Telnet server if you do not want Telnet access to the device.
Page 85: Description Of Ssh Access
Protection from Unauthorized Access 6.3 Telnet/Web/SSH Access After the Web server has been switched off, it is no longer possible to log in via a Web browser. The login in the open browser window remains active. 6.3.3 Description of SSH Access The SSH server of the device allows you to configure the device by using the Command Line Interface (in-band).
Page 86 Protection from Unauthorized Access 6.3 Telnet/Web/SSH Access Switch to the Privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the configuration mode for CLI. lineconfig Enable Telnet server. transport input telnet Disable Telnet server. no transport input telnet Switch to the Configuration mode.
Page 87: Restricted Management Access
Protection from Unauthorized Access 6.4 Restricted Management Access 6.4 Restricted Management Access The device allows you to differentiate the management access to the device based on IP address ranges, and to differentiate these based on management services (http, snmp, telnet, ssh). You thus have the option to set finely differentiated management access rights.
Page 88 Protection from Unauthorized Access 6.4 Restricted Management Access Switch to the Privileged EXEC mode. enable Display the current configuration. show network mgmt-access Create an entry for the IT network. This is given network mgmt-access add the smallest free ID - in the example, 2. Set the IP address of the entry for the IT network.
Page 89: Hidiscovery Access
Protection from Unauthorized Access 6.5 HiDiscovery Access 6.5 HiDiscovery Access 6.5.1 Description of the HiDiscovery Protocol The HiDiscovery protocol allows you to allocate an IP address to the device on the basis of its MAC address (see on page 36 “Entering the IP Parameters HiDiscovery“).
Page 90 Protection from Unauthorized Access 6.5 HiDiscovery Access 6.5.3 Description of the Port Access Control You can configure the device in such a way that it helps to protect every port from unauthorized access. Depending on your selection, the device checks the MAC address or the IP address of the connected device.
Page 91 Protection from Unauthorized Access 6.5 HiDiscovery Access Parameter Value Explanation Allowed IP Addresses 10.0.1.228 The defined users are the device with the 10.0.1.229 IP address 10.0.1.228 and the device with the IP address 10.0.1.229 Action portDisable Disable the port with the corresponding entry in the port configuration table (see on page 73 “Configuring the Ports“)
Page 92 Protection from Unauthorized Access 6.5 HiDiscovery Access Configure the port security. Select the Security:Port Security dialog. In the “Configuration” frame, select “IP-Based Port Security”. In the table, click on the row of the port to be protected, in the “Allowed IP addresses” cell. Enter in sequence: –...
Page 93 Protection from Unauthorized Access 6.5 HiDiscovery Access Save the settings in the non-volatile memory. Select the dialog Basic Settings:Load/Save. In the “Save” frame, select “To Device” for the location and click “Save” to permanently save the configuration in the active configuration.
Page 94: Port Authentication Ieee 802.1X
Protection from Unauthorized Access 6.6 Port Authentication IEEE 802.1X 6.6 Port Authentication IEEE 802.1X 6.6.1 Description of Port Authentication according to IEEE 802.1X The port-based network access control is a method described in the standard IEEE 802.1X to protect IEEE 802 networks from unauthorized access. The protocol controls the access to a port by authenticating and authorizing a device that is connected to this port of the device.
Page 95: Authentication Process According To Ieee 802.1X
Protection from Unauthorized Access 6.6 Port Authentication IEEE 802.1X 6.6.2 Authentication Process according to IEEE 802.1X A supplicant attempts to communicate via a device port. The device requests authentication from the supplicant. At this time, only EAPOL traffic is allowed between the supplicant and the device. The supplicant replies with its identification data.
Page 96: Ieee 802.1X Settings
Protection from Unauthorized Access 6.6 Port Authentication IEEE 802.1X 6.6.4 IEEE 802.1X Settings Configurating the RADIUS Server Select the Security:802.1x Port Authentication:RADIUS Server dialog. This dialog allows you to enter the data for 1, 2 or 3 RADIUS servers. Click "Create entry" to open the dialog window for entering the IP address of a RADIUS server.
Page 97: Synchronizing The System Time In The Network
Synchronizing the System Time in the Network 7 Synchronizing the System Time in the Network The actual meaning of the term “real time” depends on the time requirements of the application. The device provides two options with different levels of accuracy for synchronizing the time in your network.
Page 98: Entering The Time
Synchronizing the System Time in the 7.1 Entering the Time Network 7.1 Entering the Time If no reference clock is available, you have the option of entering the system time in a device and then using it like a reference clock (see on page 102 “Configuring SNTP“),...
Page 99 Synchronizing the System Time in the 7.1 Entering the Time Network With “Set time from PC”, the device takes the PC time as the system time and calculates the IEEE 1588 / SNTP time using the local time difference. “IEEE 1588 / SNTP time” = “System time” - “Local offset” The “Local Offset”...
Page 100: Sntp
Synchronizing the System Time in the 7.2 SNTP Network 7.2 SNTP 7.2.1 Description of SNTP The Simple Network Time Protocol (SNTP) enables you to synchronize the system time in your network. The device supports the SNTP client and the SNTP server function. The SNTP server makes the UTC (Universal Time Coordinated) available.
Page 101: Preparing The Sntp Configuration
Synchronizing the System Time in the 7.2 SNTP Network 7.2.2 Preparing the SNTP Configuration To get an overview of how the time is passed on, draw a network plan with all the devices participating in SNTP. When planning, bear in mind that the accuracy of the time depends on the signal runtime.
Page 102: Configuring Sntp
Synchronizing the System Time in the 7.2 SNTP Network 7.2.3 Configuring SNTP Select the Time:SNTP dialog. Operation In this frame you switch the SNTP function on/off globally. SNTP Status The “Status message” displays statuses of the SNTP client as one or more test messages. Possible messages: Local system clock is synchronized;...
Page 103 Synchronizing the System Time in the 7.2 SNTP Network Configuration SNTP Client In “Client status” you switch the SNTP client of the device on/off. In “External server address” you enter the IP address of the SNTP server from which the device periodically requests the system time.
Page 104 Synchronizing the System Time in the 7.2 SNTP Network Configuration SNTP Server In “Server status” you switch the SNTP server of the device on/ off. In “Anycast destination address” you enter the IP address to which the SNTP server of the device sends its SNTP packets (see table In “VLAN ID”...
Page 105 Synchronizing the System Time in the 7.2 SNTP Network Figure 27: SNTP Dialog Device 192.168.1.1 192.168.1.2 192.168.1.3 Operation Server destination address 0.0.0.0 0.0.0.0 0.0.0.0 Server VLAN ID Send interval Client external server address 192.168.1.0 192.168.1.1 192.168.1.2 Request interval Accept Broadcasts Table 6: Settings for the example (see fig.
Page 106: Precision Time Protocol
Synchronizing the System Time in the 7.3 Precision Time Protocol Network 7.3 Precision Time Protocol 7.3.1 Description of PTP Functions Precise time management is required for running time-critical applications via a LAN. The IEEE 1588 standard with the Precision Time Protocol (PTP) describes a procedure that assumes one clock is the most accurate and thus enables precise synchronization of all clocks in a LAN.
Page 107 Synchronizing the System Time in the 7.3 Precision Time Protocol Network PTPv1 PTPv2 Specification Stratum Clock class number – (priority 1 = For temporary, special purposes, in order to assign a higher accuracy to one clock than to all other clocks in the network. Indicates the reference clock with the highest degree of accuracy.
Page 108 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Reference Local (Master clock) (Slave clock) Delay + Jitter Delay + Jitter Delay + Jitter Precision Time Protocol (Application Layer) UDP User Datagramm Protocol (Transport Layer) Internet Protocol (Network Layer) MAC Media Access Control Physical Layer Figure 28: Delay and jitter for clock synchronization...
Page 109 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Peer-to-Peer (P2P) With P2P, like in E2E, every slave clock measures the delay to its master clock. In addition, in P2P every master clock measures the delay to the slave clock.
Page 110: Preparing The Ptp Configuration
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Independently of the physical communication paths, the PTP provides logical communication paths which you define by setting up PTP subdomains. Subdomains are used to form groups of clocks that are time-independent from the rest of the domain.
Page 111 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Note: Connect all the connections you need to distribute the PTP information to connections with an integrated time stamp unit (RT modules). Devices without a time stamp unit take the information from the PTP and use it to set their clocks.
Page 112: Application Example
Synchronizing the System Time in the 7.3 Precision Time Protocol Network 7.3.3 Application Example PTP is used to synchronize the time in the network. As an SNTP client, the left device (see fig. 31) gets the time from the NTP server via SNTP. The device assigns PTP clock stratum 2 (PTPv1) or clock class 6 (PTPv2) to the time received from an NTP server.
Page 113 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Device 10.0.1.112 10.0.1.116 10.0.1.105 10.0.1.106 PTP Global Operation Clock Mode v1-boundary- v1-boundary- v1-simple-mode v1-simple-mode clock clock Preferred Master true false false false SNTP Operation Client Status External server 10.0.1.2 0.0.0.0 0.0.0.0 0.0.0.0...
Page 114 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Select the Time:SNTP dialog. Activate SNTP globally in the “Operation” frame. Activate the SNTP client (client status) in the “Configuration SNTP Client” frame. In the “Configuration SNTP Client” frame, enter: –...
Page 115 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Switch on PTP globally. ptp operation enable Select PTP version and clock mode. ptp clock-mode v1-boundary- clock In this example, you have chosen the device with the IP address 10.0.1.112 as the PTP reference clock.
Page 116 Synchronizing the System Time in the 7.3 Precision Time Protocol Network Save the settings in the non-volatile memory. Select the Basics: Load/Save dialog. In the “Save” frame, select “To Device” for the location and click “Save” to permanently save the configuration in the active configuration.
Page 117: Interaction Of Ptp And Sntp
Synchronizing the System Time in the 7.4 Interaction of PTP and SNTP Network 7.4 Interaction of PTP and SNTP According to the PTP and SNTP standards, both protocols can exist in parallel in the same network. However, since both protocols affect the system time of the device, situations may occur in which the two protocols compete with each other.
Page 118 Synchronizing the System Time in the 7.4 Interaction of PTP and SNTP Network Device 149.218.112.1 149.218.112.2 149.218.112.3 Operation Clock Mode v1-boundary-clock v1-boundary-clock v1-boundary-clock Preferred Master false false false SNTP Operation Client Status External server address 149.218.112.0 0.0.0.0 0.0.0.0 Server request interval Accept SNTP Broadcasts Server status Anycast destination address...
Page 119: Network Load Control
Network Load Control 8 Network Load Control To optimize the data transmission, the device provides you with the following functions for controlling the network load: Settings for direct packet distribution (MAC address filter) Multicast settings Rate limiter Prioritization - QoS Flow control Virtual LANs (VLANs) Basic Configuration...
Page 120: Direct Packet Distribution
Network Load Control 8.1 Direct Packet Distribution 8.1 Direct Packet Distribution With direct packet distribution, you help protect the device from unnecessary network loads. The device provides you with the following functions for direct packet distribution: Store-and-forward Multi-address capability Aging of learned addresses Static address entries Disabling the direct packet distribution 8.1.1...
Page 121: Aging Of Learned Addresses
Network Load Control 8.1 Direct Packet Distribution in the destination address field are sent to this port. The device enters learned source addresses in its filter table (see on page 122 “Entering Static Addresses“). The device can learn up to 8.000 addresses. This is necessary if more than one terminal device is connected to one or more ports.
Page 122: Entering Static Addresses
Network Load Control 8.1 Direct Packet Distribution 8.1.4 Entering Static Addresses An important function of the device is the filter function. It selects data packets according to defined patterns, known as filters. These patterns are assigned distribution rules. This means that a data packet received by a device at a port is compared with the patterns.
Page 123: Disabling The Direct Packet Distribution
Network Load Control 8.1 Direct Packet Distribution Select the Switching:Filters for MAC Addresses dialog. Each row of the filter table represents one filter. Filters specify the way in which data packets are sent. They are set automatically by the Switch (learned status) or created manually.
Page 124 Network Load Control 8.1 Direct Packet Distribution Select the Switching:Global dialog. UnCheck "Address Learning" to observe the data at all ports. Basic Configuration Release 6.0 07/2010...
Page 125: Multicast Application
Network Load Control 8.2 Multicast Application 8.2 Multicast Application 8.2.1 Description of the Multicast Application The data distribution in the LAN differentiates between 3 distribution classes on the basis of the addressed recipients: Unicast - one recipient Multicast - a group of recipients Broadcast - every recipient that can be reached In the case of a Multicast address, the device forwards all data packets with a Multicast address to all ports.
Page 126: Example Of A Multicast Application
Network Load Control 8.2 Multicast Application 8.2.2 Example of a Multicast Application The cameras for monitoring machines normally transmit their images to monitors located in the machine room and to the control room. In an IP transmission, a camera sends its image data with a Multicast address via the network.
Page 127: Description Of Igmp Snooping
Network Load Control 8.2 Multicast Application 8.2.3 Description of IGMP Snooping The Internet Group Management Protocol (IGMP) describes the distribution of Multicast information between routers and terminal devices on Layer 3. Routers with an active IGMP function periodically send queries to find out which IP Multicast group members are connected to the LAN.
Page 128: Setting Igmp Snooping
Network Load Control 8.2 Multicast Application 8.2.4 Setting IGMP Snooping Select the Switching:Multicast:IGMP dialog. Operation The “Operation” frame allows you to enable/disable IGMP Snooping globally for the entire device. If IGMP Snooping is disabled, then the device does not evaluate Query and Report packets received, it sends (floods) received data packets with a Multicast address as the destination address to all ports.
Page 129 Network Load Control 8.2 Multicast Application IGMP Querier “IGMP Querier active” allows you to enable/disable the Query function. “Protocol version” allow you to select IGMP version 1, 2 or 3. In “Send interval [s]” you specify the interval at which the device sends query packets (valid entries: 2-3,599 s, default setting: 125 s).
Page 130: Parameter Values
Network Load Control 8.2 Multicast Application Parameter Values The parameters – Max. Response Time, – Send Interval and – Group Membership Interval have a relationship to each other: Max. Response Time < Send Interval < Group Membership Interval. If you enter values that contradict this relationship, the device then replaces these values with a default value or with the last valid values.
Page 131 Network Load Control 8.2 Multicast Application Unknown Multicasts In this frame you can determine how the device in IGMP mode sends packets with known and unknown MAC/IP Multicast addresses that were not learned through IGMP Snooping. “Unknown Muilticasts” allows you to specify how the device transmits unknown Multicast packets: “Send to Query Ports”.
Page 132 IGMP queries (disable=default setting). This column allows you to also send IGMP report messages to: other selected ports (enable) or connected Hirschmann devices (automatic). “Learned Query Port” This table column shows you at which ports the device has received IGMP queries, if “disable”...
Page 133: Description Of Gmrp
Network Load Control 8.2 Multicast Application Figure 34: IGMP Snooping dialog 8.2.5 Description of GMRP The GARP Multicast Registration Protocol (GMRP) describes the distribution of data packets with a Multicast address as the destination address on Layer Basic Configuration Release 6.0 07/2010...
Page 134 Network Load Control 8.2 Multicast Application Devices that want to receive data packets with a Multicast address as the destination address use the GMRP to perform the registration of the Multicast address. For a Switch, registration involves entering the Multicast address in the filter table.
Page 135: Setting Gmrp
Network Load Control 8.2 Multicast Application 8.2.6 Setting GMRP Select the Switching:Multicasts:GMRP dialog. Operation The “Operation” frame allows you to enable GMRP globally for the entire device. It GMRP is disabled, then the device does not generate any GMRP packets, does not evaluate any GMRP packets received, and sends (floods) received data packets to all ports.
Page 136 Network Load Control 8.2 Multicast Application Note: If the device is incorporated into a HIPER-Ring, you can use the following settings to quickly reconfigure the network for data packets with registered Multicast destination addresses after the ring is switched: Activate GMRP on the ring ports and globally, and activate “Forward all groups”...
Page 137: Rate Limiter
Network Load Control 8.3 Rate Limiter 8.3 Rate Limiter 8.3.1 Description of the Rate Limiter The device can limit the rate of message traffic during periods of heavy traffic flow. Entering a limit rate for each port specifies the amount of traffic the device is permitted to transmit and receive.
Page 138: Rate Limiter Settings (Powermice And Mach 4000)
Network Load Control 8.3 Rate Limiter 8.3.2 Rate Limiter Settings (PowerMICE and MACH 4000) Select the Switching:Rate Limiter dialog. "Ingress Limiter (kbit/s)" allows you to enable or disable the ingress limiter function for all ports and to select the ingress limitation on all ports (either broadcast packets only or broadcast packets and Multicast packets).
Page 139: Rate Limiter Settings For Rs20/Rs30/40, Ms20/Ms30, Rsr20/Rsr30
Network Load Control 8.3 Rate Limiter 8.3.3 Rate Limiter settings for RS20/RS30/40, MS20/MS30, RSR20/RSR30, MACH 100, MACH 1000 and OCTOPUS Select the Switching:Rate Limiter dialog. "Ingress Limiter (kbit/s)" allows you to enable or disable the input limiting function for all ports.
Page 140 Network Load Control 8.3 Rate Limiter Setting options per port: "Ingress Packet Types" allows you to select the packet type for which the limit is to apply: All, limits the total inbound data volume at this port. BC, limits the broadcast packets received at this port. BC + MC, limits broadcast packets and Multicast packets received at this port.
Page 141: Qos/Priority
Network Load Control 8.4 QoS/Priority 8.4 QoS/Priority 8.4.1 Description of Prioritization This function prevents time-critical data traffic such as language/video or real-time data from being disrupted by less time-critical data traffic during periods of heavy traffic. By assigning high traffic classes for time-critical data and low traffic classes for less time-critical data, this provides optimal data flow for time-critical data traffic.
Page 142: Vlan Tagging
Data packets with VLAN tags containing priority information but no VLAN information (VLAN ID = 0), are known as Priority Tagged Frames. Priority Traffic class for Traffic Class for IEEE 802.1D traffic type entered RS20/RS30/ PowerMICE, RS40, MACH 104/ MACH 1000, MACH 1040 and MS20/MS30,...
Page 143 Network Load Control 8.4 QoS/Priority Note: Network protocols and redundancy mechanisms use the highest traffic classes 3 (RS20/30/40, MS20/30, RSR20/RSR30, MACH 1000, OCTOPUS) or 7 (PowerMICE, MACH 104/MACH 1040, MACH 4000). Therefore, select other traffic classes for application data. 42-1500 Octets min.
Page 144: Ip Tos / Diffserv
Network Load Control 8.4 QoS/Priority When using VLAN prioritizing, note the following special features: End-to-end prioritizing requires the VLAN tags to be transmitted to the entire network, which means that all network components must be VLAN- capable. Routers cannot receive or send packets with VLAN tags via port-based router interfaces.
Page 145: Differentiated Services
Network Load Control 8.4 QoS/Priority Bits (0-2): IP Precedence Defined Bits (3-6): Type of Service Defined Bit (7) 111 - Network Control 0000 - [all normal] 0 - Must be zero 110 - Internetwork Control 1000 - [minimize delay] 101 - CRITIC / ECP 0100 - [maximize throughput] 100 - Flash Override 0010 - [maximize reliability]...
Page 146 Network Load Control 8.4 QoS/Priority Assured Forwarding (AF): Provides a differentiated schema for handling different data traffic (RFC2597). Default Forwarding/Best Effort: No particular prioritizing. The PHB class selector assigns the 7 possible IP precedence values from the old ToS field to specific DSCP values, thus ensuring the downwards compatibility.
Page 147 Network Load Control 8.4 QoS/Priority DSCP value DSCP name Traffic Class for Traffic class for MACH 4000, RS20/RS30/RS40, MACH 104, RSR20/RSR30, MACH 1040, MS20/MS30, PowerMICE OCTOPUS, default setting) MACH1000 (default setting) Best Effort /CS0 9,11,13,15 10,12,14 AF11,AF12,AF13 17,19,21,23 18,20,22 AF21,AF22,AF23...
Page 148: Management Prioritization
Network Load Control 8.4 QoS/Priority 8.4.4 Management prioritization To have full access to the management of the device, even in situations of high network load, the device enables you to prioritize management packets. In prioritizing management packets (SNMP, Telnet, etc.), the device sends the management packets with priority information.
Page 149: Handling Of Traffic Classes
Network Load Control 8.4 QoS/Priority 8.4.6 Handling of Traffic Classes For the handling of traffic classes, the device provides: Strict Priority Description of Strict Priority With the Strict Priority setting, the device first transmits all data packets that have a higher traffic class before transmitting a data packet with the next highest traffic class.
Page 150 Network Load Control 8.4 QoS/Priority Switch to the Interface Configuration mode of interface 1/1 interface 1/1. Assign port priority 3 to interface 1/1. vlan priority 3 Switch to the Configuration mode. exit Assigning the VLAN Priority to the Traffic Classes Select the QOS/Priority:802.1D/p-Mapping dialog.
Page 151 Network Load Control 8.4 QoS/Priority Switch to the privileged EXEC mode. exit Display the trust mode on interface 1/1. show classofservice trust Class of Service Trust Mode: Untrusted Untrusted Traffic Class: 4 Assigning the traffic class to a DSCP Select the QOS/Priority:IP DSCP Mapping dialog.
Page 152 Network Load Control 8.4 QoS/Priority Class of Service Trust Mode: IP DSCP Non-IP Traffic Class: 2 Always assign the DSCP priority to received IP data packets globally Select the QoS/Priority:Global dialog. Select trustIPDSCP in the "Trust Mode" line. Switch to the Privileged EXEC mode. enable Switch to the Configuration mode.
Page 153 Network Load Control 8.4 QoS/Priority System IP Address......10.0.1.116 Subnet Mask........255.255.255.0 Default Gateway........ 10.0.1.200 Burned In MAC Address......00:80:63:51:7A:80 Network Configuration Protocol (BootP/DHCP)..None DHCP Client ID (same as SNMP System Name).."PowerMICE-517A80" Network Configuration Protocol HiDiscovery..Read-Write Management VLAN ID......1 Management VLAN Priority.......
Page 154: Flow Control
Network Load Control 8.5 Flow Control 8.5 Flow Control 8.5.1 Description of Flow Control Flow control is a mechanism which acts as an overload protection for the device. During periods of heavy traffic, it holds off additional traffic from the network.
Page 155 Before the send queue of port 2 overflows, the device sends a request to Workstation 2 to include a small break in the sending transmission. Note: The devices RS20/30/40, MS20/30, Octopus, MACH 100, RSR and MACH 1000 support flow control in full duplex mode only.
Page 156: Setting The Flow Control
Network Load Control 8.5 Flow Control Note: The devices RS20/30/40, MS20/30, Octopus, MACH 100, RSR and MACH 1000 do not support flow control in half duplex mode. 8.5.2 Setting the Flow Control Select the Basics:Port Configuration dialog. In the "Flow Control on" column, you checkmark this port to specify that flow control is active here.
Page 157: Vlans
Network Load Control 8.6 VLANs 8.6 VLANs 8.6.1 VLAN Description In the simplest case, a virtual LAN (VLAN) consists of a group of network participants in one network segment who can communicate with each other as if they belonged to a separate LAN. More complex VLANs span out over multiple network segments and are also based on logical (instead of only physical) connections between network participants.
Page 158: Examples Of Vlans
Network Load Control 8.6 VLANs 8.6.2 Examples of VLANs The following practical examples provide a quick introduction to the structure of a VLAN. Example 1 VLAN VLAN Figure 41: Example of a simple port-based VLAN The example shows a minimal VLAN configuration (port-based VLAN). An administrator has connected multiple terminal devices to a transmission device and assigned them to 2 VLANs.
Page 159 Network Load Control 8.6 VLANs Terminal Port Port VLAN identifier (PVID) Table 16: Ingress table VLANID Port Table 17: Egress table Basic Configuration Release 6.0 07/2010...
Page 160 Network Load Control 8.6 VLANs Proceed as follows to perform the example configuration: Configure VLAN Select the Switching:VLAN:Static dialog. Figure 42: Creating and naming new VLANs Click on “Create Entry” to open a window for entering the VLAN ID. Assign VLAN ID 2 to the VLAN. Click on “OK”.
Page 161 Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the VLAN configuration mode. vlan database Create a new VLAN with the VLAN ID 2. vlan 2 Give the VLAN with the VLAN ID 2 the name vlan name 2 VLAN2 VLAN2.
Page 162 Network Load Control 8.6 VLANs Configuring the ports Figure 43: Defining the VLAN membership of the ports. Assign the ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status.
Page 163 Network Load Control 8.6 VLANs Figure 44: Assign and save Port VLAN ID, Acceptable Frame Types and Ingress Filtering Assign the Port VLAN ID of the related VLANs (2 or 3) to the individual ports - see table. Because terminal devices usually do not send data packets with a tag, you select the admitAll setting for “Acceptable Frame Types”.
Page 164 Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the Interface Configuration mode of interface 1/1 interface 1/1. vlan participation include 2 Port 1/1 becomes member untagged in VLAN 2. Port 1/1 is assigned the port VLAN ID 2.
Page 165 Network Load Control 8.6 VLANs Example 2 Figure 45: Example of a more complex VLAN constellation The second example shows a more complex constellation with 3 VLANs (1 to 3). Along with the Switch from example 1, a second Switch (on the right in the example) is now used.
Page 166 Network Load Control 8.6 VLANs T = with TAG field (T = tagged) U = without TAG field (U = untagged) In this example, tagged frames are used in the communication between the transmission devices (uplink), as frames for different VLANs are differentiated at these ports.
Page 167 Network Load Control 8.6 VLANs The communication relationships here are as follows: terminal devices at ports 1 and 4 of the left device and terminal devices at ports 2 and 4 of the right device are members of VLAN 2 and can thus communicate with each other.
Page 168 Network Load Control 8.6 VLANs Proceed as follows to perform the example configuration: Configure VLAN Select the Switching:VLAN:Static dialog. Figure 46: Creating and naming new VLANs Click on “Create Entry” to open a window for entering the VLAN ID. Assign VLAN ID 2 to the VLAN. You give this VLAN the name VLAN2 by clicking on the name field and entering the name.
Page 169 Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the VLAN configuration mode. vlan database Create a new VLAN with the VLAN ID 2. vlan 2 Give the VLAN with the VLAN ID 2 the name vlan name 2 VLAN2 VLAN2.
Page 170 Network Load Control 8.6 VLANs Configuring the ports Figure 47: Defining the VLAN membership of the ports. Assign the ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status.
Page 171 Network Load Control 8.6 VLANs Figure 48: Assign and save Port VLAN ID, Acceptable Frame Types and Ingress Filtering Assign the ID of the related VLANs (1 to 3) to the individual ports. Because terminal devices usually do not send data packets with a tag, you select the admitAll setting for the terminal device ports.
Page 172 Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the Interface Configuration mode of interface 1/1 interface 1/1. vlan participation include 1 Port 1/1 becomes member untagged in VLAN 1. vlan participation include 2 Port 1/1 becomes member untagged in VLAN 2.
Page 173 Network Load Control 8.6 VLANs For further information on VLANs, see the reference manual and the integrated help function in the program. Basic Configuration Release 6.0 07/2010...
Page 174 Network Load Control 8.6 VLANs Basic Configuration Release 6.0 07/2010...
Page 175: Operation Diagnosis
Operation Diagnosis 9 Operation Diagnosis The device provides you with the following diagnostic tools: Sending traps Monitoring the device status Out-of-band signaling via signal contact Port status indication Event counter at port level Detecting non-matching duplex modes SFP status display TP cable diagnosis Topology Discovery Detecting IP address conflicts...
Page 176: Sending Traps
Operation Diagnosis 9.1 Sending Traps 9.1 Sending Traps If unusual events occur during normal operation of the device, they are reported immediately to the management station. This is done by means of what are called traps ? alarm messages ? that bypass the polling procedure ("Polling"...
Page 177: List Of Snmp Traps
Operation Diagnosis 9.1 Sending Traps 9.1.1 List of SNMP Traps All the possible traps that the device can send are listed in the following table. Trap name Meaning authenticationFailure is sent if a station attempts to access the agent without permission. coldStart is sent for both cold and warm starts during the boot process after successful management initialization.
Page 178: Snmp Traps During Boot
Operation Diagnosis 9.1 Sending Traps Trap name Meaning hmAddressRelearnDetectT is sent when Address Relearn Detection is activated and the threshold for the MAC addresses relearned at different ports has been exceeded. This process very probably indicates a loop situation in the network. hmDuplexMismatchTrap is sent if the device has detected a potential problem with the duplex mode of a port.
Page 179: Configuring Traps
Operation Diagnosis 9.1 Sending Traps 9.1.3 Configuring Traps Select the Diagnostics:Alarms (Traps) dialog. This dialog allows you to determine which events trigger an alarm (trap) and where these alarms should be sent. Select “Create entry”. In the “IP Address” column, enter the IP address of the recipient to whom the traps should be sent.
Page 180 Operation Diagnosis 9.1 Sending Traps The events which can be selected are: Name Meaning Authentication The device has rejected an unauthorized access attempt (see the Access for IP Addresses and Port Security dialog). Link Up/Down At one port of the device, the link to another device has been established/ interrupted.
Page 181: Monitoring The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status 9.2 Monitoring the Device Status The device status provides an overview of the overall condition of the device. Many process visualization systems record the device status for a device in order to present its condition in graphic form. The device enables you to signal the device status out-of-band via a signal contact (see on page 185 “Monitoring the Device Status via the Signal Contact“)
Page 182: Configuring The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status Note: With a non-redundant voltage supply, the device reports the absence of a supply voltage. If you do not want this message to be displayed, feed the supply voltage over both inputs or switch off the monitoring (see on page 185 “Monitoring the Device Status via the Signal Contact“).
Page 183: Displaying The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status 9.2.2 Displaying the Device Status Select the Basics:System dialog. Figure 50: Device status and alarm display 1 - The symbol displays the device status 2 - Cause of the oldest existing alarm 3 - Start of the oldest existing alarm Switch to the privileged EXEC mode.
Page 184: Out-Of-Band Signaling
Operation Diagnosis 9.3 Out-of-band Signaling 9.3 Out-of-band Signaling The signal contact is used to control external devices and monitor the operation of the device. Function monitoring enables you to perform remote diagnostics. The device reports the operating status via a break in the potential-free signal contact (relay contact, closed circuit): Incorrect supply voltage, at least one of the two supply voltages is inoperative,...
Page 185: Controlling The Signal Contact
Operation Diagnosis 9.3 Out-of-band Signaling 9.3.1 Controlling the Signal Contact With this mode you can remotely control every signal contact individually. Application options: Simulation of an error as an input for process control monitoring equipment. Remote control of a device via SNMP, such as switching on a camera. Select the Diagnostics:Signal Contact 1/2) dialog.
Page 186: Monitoring The Device Functions Via The Signal Contact
Operation Diagnosis 9.3 Out-of-band Signaling 9.3.3 Monitoring the Device Functions via the Signal Contact Configuring the operation monitoring Select the Diagnostics:Signal Contact dialog. Select "Monitoring correct operation" in the "Mode signal contact" frame to use the contact for operation monitoring. In the "Monitoring correct operation"...
Page 187: Monitoring The Fan
Operation Diagnosis 9.3 Out-of-band Signaling Figure 51: Signal Contact dialog Switch to the privileged EXEC mode. exit Displays the status of the operation monitoring show signal-contact 1 and the setting for the status determination. 9.3.4 Monitoring the Fan Devices of the Mach 4000 range have a replaceable plug-in fan. This plug-in fan considerably reduces the inner temperature of the device.
Page 188 Operation Diagnosis 9.3 Out-of-band Signaling The device enables you to signal changes to the status of the plug-in fan out-of-band (outside the data flow) via a signal contact (see on page 185 “Monitoring the Device Status via the Signal Contact“) to signal changes to the status of the plug-in fan by sending a trap when the device status changes to detect status changes to the plug-in fan in the Web-based interface on...
Page 189 Operation Diagnosis 9.3 Out-of-band Signaling Proceed as follows to signal changes to the fan status via a signal contact and with an alarm message: Select the Diagnostics:Signal Contact dialog. Select the signal contact you want to use (in the example, signal contact 1) in the corresponding tab page “Signal contact 1”...
Page 190: Port Status Indication
Operation Diagnosis 9.4 Port Status Indication 9.4 Port Status Indication Select the Basics:System dialog. The device view shows the device with the current configuration. The symbols underneath the device view represent the status of the individual ports. Figure 53: Device View Meaning of the symbols: The port (10, 100 Mbit/s, 1, 10 Gbit/s) is enabled and the connection is OK.
Page 191: Event Counter At Port Level
Operation Diagnosis 9.5 Event Counter at Port Level 9.5 Event Counter at Port Level The port statistics table enables experienced network administrators to identify possible detected problems in the network. This table shows you the contents of various event counters. In the Restart menu item, you can reset all the event counters to zero using "Warm start", "Cold start"...
Page 192: Detecting Non-Matching Duplex Modes
Operation Diagnosis 9.5 Event Counter at Port Level Figure 54: Port Statistics dialog 9.5.1 Detecting Non-matching Duplex Modes If the duplex modes of 2 ports directly connected to each other do not match, this can cause problems that are difficult to track down. The automatic detection and reporting of this situation has the benefit of recognizing it before problems occur.
Page 193 Operation Diagnosis 9.5 Event Counter at Port Level The device allows you to detect this situation and report it to the network management station. In the process, the device evaluates the error counters of the port in the context of the port settings. Possible Causes of Port Error Events The following table lists the duplex operating modes for TX ports together with the possible error events.
Page 194 Operation Diagnosis 9.5 Event Counter at Port Level Collisions, late collisions: In full-duplex mode, the port does not count collisions or late collisions. CRC error: The device only evaluates these errors as duplex problems in the manual full duplex mode. No.
Page 195 Operation Diagnosis 9.5 Event Counter at Port Level Activates the detection and reporting of non- bridge duplex-mismatch-detect matching duplex modes. operation enable Deactivates the detection and reporting of non- bridge duplex-mismatch-detect matching duplex modes. operation disable Basic Configuration Release 6.0 07/2010...
Page 196: Displaying The Sfp Status
Operation Diagnosis 9.6 Displaying the SFP Status 9.6 Displaying the SFP Status The SFP status display allows you to look at the current SFP module connections and their properties. The properties include: module type support provided in media module Temperature in ºC Tx Power in mW Receive power in mW Select the Diagnostics:Ports:SFP Modules dialog.
Page 197: Tp Cable Diagnosis
Operation Diagnosis 9.7 TP Cable Diagnosis 9.7 TP Cable Diagnosis The TP cable diagnosis allows you to check the connected cables for short- circuits or interruptions. Note: While the check is running, the data traffic at this port is suspended. The check takes a few seconds.
Page 198: Topology Discovery
Operation Diagnosis 9.8 Topology Discovery 9.8 Topology Discovery 9.8.1 Description of Topology Discovery IEEE 802.1AB describes the Link Layer Discovery Protocol (LLDP). LLDP enables the user to have automatic topology recognition for his LAN. A device with active LLDP sends its own connection and management information to neighboring devices of the shared LAN.
Page 199 To get around this, Hirschmann devices send and receive additional LLDP packets with the Hirschmann Multicast MAC address 01:80:63:2F:FF:0B. Hirschmann devices with the LLDP function are thus also able to exchange LLDP information with each other via devices that are not LLDP-capable.
Page 200: Displaying The Topology Discovery Results
Operation Diagnosis 9.8 Topology Discovery 9.8.2 Displaying the Topology Discovery Results Select the Diagnostics:Topology Discovery dialog. Basic Configuration Release 6.0 07/2010...
Page 201 Operation Diagnosis 9.8 Topology Discovery This dialog allows you to switch on/off the topology discovery function (LLDP). The topology table shows you the collected information for neighboring devices. This information enables the network management station to map the structure of your network. The option "Show LLDP entries exclusively"...
Page 202 Operation Diagnosis 9.8 Topology Discovery If several devices are connected to one port, for example via a hub, the table will contain one line for each connected device. devices with active topology discovery function and devices without active topology discovery function are connected to a port, the topology table hides the devices without active topology discovery.
Page 203: Detecting Ip Address Conflicts
Operation Diagnosis 9.9 Detecting IP Address Conflicts 9.9 Detecting IP Address Conflicts 9.9.1 Description of IP Address Conflicts By definition, each IP address may only be assigned once within a subnetwork. Should two or more devices erroneously share the same IP address within one subnetwork, this will inevitably lead to communication disruptions with devices that have this IP address.
Page 204: Configuring Acd
Operation Diagnosis 9.9 Detecting IP Address Conflicts 9.9.2 Configuring ACD Select the Diagnostics:IP Address Conflict Detection dialog. With "Status" you enable/disable the IP address conflict detection or select the operating mode (see table 27). Basic Configuration Release 6.0 07/2010...
Page 205: Displaying Acd
Operation Diagnosis 9.9 Detecting IP Address Conflicts 9.9.3 Displaying ACD Select the Diagnostics:IP Address Conflict Detection dialog. In the table the device logs IP address conflicts with its IP address. For each conflict the device logs: the time the conflicting IP address the MAC address of the device with which the IP address conflicted.
Page 206: Detecting Loops
Operation Diagnosis 9.10 Detecting Loops 9.10 Detecting Loops Loops in the network, even temporary loops, can cause connection interruptions or data losses. The automatic detection and reporting of this situation allows you to detect it faster and diagnose it more easily. An incorrect configuration can cause a loop, for example, if you deactivate Spanning Tree.
Page 207: Reports
Operation Diagnosis 9.11 Reports 9.11 Reports The following reports and buttons are available for the diagnostics: Log file. The log file is an HTML file in which the device writes all the important device-internal events. System information. The system information is an HTML file containing all system-relevant data.
Page 208 Operation Diagnosis 9.11 Reports Click “Download Switch-Dump”. Select the directory in which you want to save the switch dump. Click “Save”. The device creates the file name of the switch dumps automatically in the format <IP address>_<system name>.zip, e.g. for a device of the type PowerMICE: “10.0.1.112_PowerMICE-517A80.zip”.
Page 209: Monitoring Data Traffic At Ports (Port Mirroring)
Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring) 9.12 Monitoring Data Traffic at Ports (Port Mirroring) The port mirroring function enables you to review the data traffic at up to 8 ports of the device for diagnostic purposes. The device additionally forwards (mirrors) the data for these ports to another port.
Page 210 Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring) Select the Diagnostics:Port Mirroring dialog. This dialog allows you to configure and activate the port mirroring function of the device. Select the source ports whose data traffic you want to review from the list of physical ports by checkmarking the relevant boxes.
Page 211 Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring) The “Reset configuration” button in the dialog allows you to reset all the port mirroring settings of the device to the state on delivery. Note: When port mirroring is active, the specified destination port is used solely for reviewing, and does not participate in the normal data traffic.
Page 212: Syslog
Operation Diagnosis 9.13 Syslog 9.13 Syslog The device enables you to send messages about important device-internal events to up to 8 Syslog servers. Additionally, you can also include SNMP requests to the device as events in the syslog. Note: You will find the actual events that the device has logged in the “Event Log”...
Page 213 Operation Diagnosis 9.13 Syslog “SNMP Logging” frame: Activate “Log SNMP Get Request” if you want to send reading SNMP requests to the device as events to the syslog server. Select the level to report at which the device creates the events from reading SNMP requests.
Page 214 Operation Diagnosis 9.13 Syslog Log SNMP SET requests : enabled Log SNMP SET severity : notice Log SNMP GET requests : enabled Log SNMP GET severity : notice Basic Configuration Release 6.0 07/2010...
Page 215: Event Log
Operation Diagnosis 9.14 Event Log 9.14 Event Log The device allows you to call up a log of the system events. The table of the “Event Log” dialog lists the logged events with a time stamp. Click on “Load” to update the content of the event log. Click on “Delete”...
Page 216 Operation Diagnosis 9.14 Event Log Basic Configuration Release 6.0 07/2010...
Page 217: A Setting Up The Configuration Environment
Setting up the Configuration Environment A Setting up the Configuration Environment Basic Configuration Release 6.0 07/2010...
Page 218 Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment A.1 Setting up a DHCP/BOOTP Server On the CD-ROM supplied with the device you will find the software for a DHCP server from the software development company IT-Consulting Dr. Herbert Hanewinkel. You can test the software for 30 calendar days from the date of the first installation, and then decide whether you want to purchase a license.
Page 219 Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Enter the settings shown in the illustration and click OK. Figure 61: DHCP setting To enter the configuration profiles, select Options:Configuration Profiles in the menu bar. Enter the name of the new configuration profile and click Add. Figure 62: Adding configuration profiles Enter the network mask and click Accept.
Page 220 Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Figure 63: Network mask in the configuration profile Select the Boot tab page. Enter the IP address of your tftp server. Enter the path and the file name for the configuration file. Click Apply and then OK.
Page 221 Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Add a profile for each device type. If devices of the same type have different configurations, then you add a profile for each configuration. To complete the addition of the configuration profiles, click OK. Figure 65: Managing configuration profiles To enter the static addresses, click Static in the main window.
Page 222 Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Figure 67: Adding static addresses Enter the MAC address of the device. Enter the IP address of the device. Select the configuration profile of the device. Click Apply and then OK. Figure 68: Entries for static addresses Add an entry for each device that will get its parameters from the DHCP server.
Page 223 Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Figure 69: DHCP server with entries Basic Configuration Release 6.0 07/2010...
Page 224 Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 A.2 Setting up a DHCP Server with Option 82 On the CD-ROM supplied with the device you will find the software for a DHCP server from the software development company IT-Consulting Dr.
Page 225 Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 Figure 71: DHCP setting To enter the static addresses, click New. Figure 72: Adding static addresses Select Circuit Identifier and Remote Identifier. Basic Configuration Release 6.0 07/2010...
Page 226 ID cl: length of the circuit ID hh: Hirschmann ID: 01 if a Hirschmann device is connected to the port, otherwise 00. vvvv: VLAN ID of the DHCP request (default: 0001 = VLAN 1) ss: socket of device at which the module with that port is located to which the device is connected.
Page 227 Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 Figure 74: Entering the addresses Switch (Option 82) MAC = IP = 00:80:63:10:9a:d7 149.218.112.100 DHCP Server IP = 149.218.112.1 IP = 149.218.112.100 Figure 75: Application example of using Option 82 Basic Configuration Release 6.0 07/2010...
Page 228 Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3 TFTP Server for Software Updates On delivery, the device software is held in the local flash memory. The device boots the software from the flash memory. Software updates can be performed via a tftp server. This presupposes that a tftp server has been installed in the connected network and that it is active.
Page 229 Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3.1 Setting up the tftp Process General prerequisites: The local IP address of the device and the IP address of the tftp server or the gateway are known to the device. The TCP/IP stack with tftp is installed on tftp server.
Page 230 Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates You can obtain additional information about the tftpd daemon tftpd with the UNIX command "man tftpd". Note: The command "ps" does not always show the tftp daemon, although it is actually running. Special steps for HP workstations: During installation on an HP workstation, enter the user tftp in the /etc/passwd file.
Page 231 Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates Checking the tftp process Edit the file e t c i n e t d . c o n f Is tftp* commented out? Delete the comment character »#« from this line Re-initialize inetd.conf by entering k i l l - 1 P I D...
Page 232 Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3.2 Software Access Rights The agent needs read permission for the tftp directory on which the device software is stored. Example of a UNIX tftp Server Once the device software has been installed, the tftp server should have the following directory structure with the stated access rights: File name Access...
Page 233 Setting up the Configuration A.4 Preparing Access via SSH Environment A.4 Preparing Access via SSH To be able to access the device via SSH, you will need: a key to install the key on the device to enable access via SSH on the device and a program for executing the SSH protocol on your computer.
Page 234 Setting up the Configuration A.4 Preparing Access via SSH Environment Figure 77: PuTTY key generator The OpenSSH Suite offers experienced network administrators a further option for generating the key. To generate the key, enter the following command: ssh-keygen(.exe) -q -t rsa1 -f rsa1.key -C '' -N '' A.4.2 Uploading the SSH Host Key The Command Line Interface enables you to upload the SSH key to the device.
Page 235 Setting up the Configuration A.4 Preparing Access via SSH Environment The device loads the key file to its non-volatile copy tftp://10.0.10.1/ memory. device/rsa1.key 10.0.10.1 represents the IP address of the nvram:sshkey-rsa1 tftp server. device represents the directory on the tftp server. rsa1.key represents the file name of the key.
Page 236 Setting up the Configuration A.4 Preparing Access via SSH Environment Figure 78: Security alert prompt for the fingerprint Check the fingerprint to protect yourself from unwelcome guests. Your fingerprint is located in the “Key” frame of the PuTTY key generator (see fig.
Page 237 Setting up the Configuration A.4 Preparing Access via SSH Environment The OpenSSH Suite offers experienced network administrators a further option to access your device via SSH. To set up the connection, enter the following command: ssh admin@10.0.112.53 -cdes admin represents the user name. 10.0.112.53 is the IP address of your device.
Page 238 Setting up the Configuration A.4 Preparing Access via SSH Environment Basic Configuration Release 6.0 07/2010...
Page 239: B General Information
General Information B General Information Basic Configuration Release 6.0 07/2010...
Page 240 General Information B.1 Management Information Base (MIB) B.1 Management Information Base (MIB) The Management Information Base (MIB) is designed in the form of an abstract tree structure. The branching points are the object classes. The "leaves" of the MIB are called generic object classes.
Page 241 Lower (e.g. threshold value) Power supply Power supply System User interface Upper (e.g. threshold value) Vendor = manufacturer (Hirschmann) Definition of the syntax terms used: Integer An integer in the range -2 IP Address xxx.xxx.xxx.xxx (xxx = integer in the range 0-255)
Page 242 16 vacm 7 udp 11 snmp 16 rmon 17 dot1dBridge 26 snmpDot3MauMGT Figure 80: Tree structure of the Hirschmann MIB A complete description of the MIB can be found on the CD-ROM included with the device. Basic Configuration Release 6.0 07/2010...
Page 243 General Information B.2 Abbreviations used B.2 Abbreviations used AutoConfiguration Adapter Access Control List BOOTP Bootstrap Protocol Command Line Interface DHCP Dynamic Host Configuration Protocol Forwarding Database GARP General Attribute Registration Protocol GMRP GARP Multicast Registration Protocol HTTP Hypertext Transfer Protocol ICMP Internet Control Message Protocol IGMP...
Page 244 General Information B.3 Technical Data B.3 Technical Data You will find the technical data in the document „Reference Manual Web- based Interface“. Basic Configuration Release 6.0 07/2010...
Page 245 General Information B.4 Readers’ Comments B.4 Readers’ Comments What is your opinion of this manual? We are always striving to provide as comprehensive a description of our product as possible, as well as important information that will ensure trouble-free operation. Your comments and suggestions help us to further improve the quality of our documentation.
Page 246 Date / Signature: Dear User, Please fill out and return this page as a fax to the number +49 (0)7127/14-1600 or by mail to Hirschmann Automation and Control GmbH Department AED Stuttgarter Str. 45-51 72654 Neckartenzlingen Basic Configuration Release 6.0 07/2010...
Page 247: Index
Index C Index Configuration file 46, 55 39, 54, 65, 67, 180, 180, 180 Connection error Access Access right Access rights Data transfer parameter Access security Destination address 122, 122, 123, 134 Access with Web-based interface, password Destination address field Destination table Device Status 181, 181, 184...
Page 248 Index HaneWin 218, 224 Netmask 28, 34 Hardware address Network address Hardware reset Network Management HiDiscovery 36, 89, 89 Network Management Software HIPER-Ring Network topology HIPER-Ring (source for alarms) 100, 102 HiVision 10, 47 Host address Object classes Object description in-band Object ID Operating mode...
Page 249 Index System Monitor 16, 16 Rate Limiter Settings 138, 139 System Name Read access System name Real time 97, 141 System time 101, 103 Reboot Receiver power status Receiving port TCP/IP stack Redundancy Technical questions Reference clock 98, 101, 106, 111 Telnet Relay contact Time difference...
Page 250 Index Web-based Interface Web-based interface Web-based management Website Winter time Write access Basic Configuration Release 6.0 07/2010...
Page 251: D Further Support
Further Support D Further Support Technical Questions and Training Courses In the event of technical queries, please contact your local Hirschmann distributor or Hirschmann office. You can find the addresses of our distributors on the Internet: www.hirschmann-ac.com. Our support line is also at your disposal: Tel.
Page 253 User Manual Installation Industrial ETHERNET Workgroup Switch MACH 100 Family MACH 102-8TP-F MACH 102-24TP-F MACH 102-8TP + M1-8TP-RJ45 + M1-8MM-SXC MACH 102-8TP + M1-8SM-SXC + M1-8SFP MACH 100 Technical Support Release 07/09 HAC-Support@hirschmann.de...
Page 254 In addition, we refer to the conditions of use specified in the license contract. You can get the latest version of this manual on the Internet at the Hirschmann product site (www.hirschmann-ac.de). Printed in Germany Hirschmann Automation and Control GmbH Stuttgarter Str.
Page 255 Content Safety instructions About this manual Legend Device description Description of the device variants 1.1.1 MACH 100 basic device 1.1.2 MACH 100 media modules 1.1.3 SFP modules Assembly and start-up Installing the device 2.1.1 Unpacking and checking 2.1.2 Installing the media modules 2.1.3 Installing the SFP modules 2.1.4 Signal contact „FAULT“...
Page 256 MACH 100 Release 07/09...
Page 257: Safety Instructions
Safety instructions This documentation contains instructions which must be observed to ensure your own personal safety and to avoid damage to devices and machinery. Certified usage Please observe the following: The device may only be employed for the purposes described in the catalog and technical description, and only in conjunction with external devices and components recommended or approved by the manufacturer.
Page 258 Beware of possible short circuits when connecting a cable section with conductive shielding braiding. Housing Only technicians authorized by Hirschmann are permitted to open the housing. The device is grounded via the voltage supply socket. Make sure that the electrical installation meets local or nationally ap- plicable safety regulations.
Page 259: General Safety Instructions
Qualification requirements for personnel Qualified personnel as understood in this manual and the warning signs, are persons who are familiar with the setup, assembly, startup, and oper- ation of this product and are appropriately qualified for their job. This in- cludes, for example, those persons who have been: trained or directed or authorized to switch on and off, to ground and to label power circuits and devices or systems in accordance with current...
Page 260 In accordance with the above-named EU directives, the EU conformity declaration will be at the disposal of the relevant authorities at the follow- ing address: Hirschmann Automation and Control GmbH Stuttgarter Strasse 45-51 72654 Neckartenzlingen Tel.: +49 1805 141538 The product can be used in living areas (living area, place of business, small business) and in industrial areas.
Page 261 Interference immunity: EN 61000-6-2:2005 Emitted interference: EN 55022:2006 Class A Warning This is a class A device. This device can cause interference in living areas, and in this case the operator may be required to take appropriate measures. The assembly guidelines provided in these instructions must be strictly adhered to in order to observe the EMC threshold values.
Page 262: Legend
About this manual The following manuals are included as PDF files on the enclosed CD ROM: User manual „Installation“ User manual “Basic configuration” User manual “Redundancy configuration” Reference manual “Web-based Interface” and Reference manual “Command Line Interface” The Network Management Software HiVision/Industrial HiVision provides you with additional options for smooth configuration and monitoring: Configuration of multiple devices simultaneously.
Page 263: Device Description
Device description The MACH100 devices are managed Workgroup switches with up to 24 Fast Ethernet and 2 Gigabit Ethernet ports. They consist of a basic device and - depending on the device variant - up to 2 pluggable media modules. They al- low you to construct switched industrial ETHERNET networks that conform to the IEEE 802.3 and 802.3u standards using copper wires or optical fibers in a bus or ring topology.
Page 264: Description Of The Device Variants
802.1x port authentication Real Time Clock The addition, to the MACH 100 family, of the MICE and RS20/RS30/RS40 open rail family switches, the MACH 3000 and MACH 4000 family of back- bone switches, the BAT wireless transmission system, the EAGLE security system, and products for the RSR20/RSR30 and MACH 1000 substation ar- eas, provides continuous communication across all levels of the company.
Page 265 Voltage range: 100 - 240 V AC Temperature range: 0°C to +50 °C Certifications /declarations: CE, cUL508 (pending), cUL60950-1 (pending) Software variant: Professional The devices comply with the specifications of the ISO/IEC standards 8802-3u 100BASE-TX/-1000BASE-T, 8802-3 100BASE-FX and 8802-3 1000BASE-SX/LX. The MACH 100 basic device contains all the function modules, such as: switch function, management function, redundancy function, voltage connec- tion, management connection, slots for media modules (depending on the...
Page 266 1.1 1.1 2.5 2.7 V.24 StandBy R1 R2 FAULT MACH 1000 1.2 1.2 2.2 2.4 2.6 2.8 Figure 1: Overview of interfaces and display and control elements in the MACH 102-8TP and MACH 102-8TP-R 1 - MACH 100 device 2- LED display elements 3 - Signal contact 4 - USB interface 5 - V.24 access for external management...
Page 267 1.1 1.1 2.5 2.7 V.24 StandBy R1 R2 FAULT MACH 1000 1.2 1.2 2.2 2.4 2.6 2.8 Figure 2: Overview of interfaces and display and control elements in the MACH 102-8TP-F and MACH 102-8TP-FR 1 - MACH 100 device 2- LED display elements 3 - Signal contact 4 - USB interface 5 - V.24 access for external management...
Page 268: Mach 100 Media Modules
Gigabit ETHERNET Fast ETHERNET GE ports 1.1 and 1.2 (combo ports) FE ports 2.1 to 2.8, 3.1 to 3.8, 4.1 to 4.8 100/1000 Mbit/s fiber optic, SFP slots 24 * twisted pair TX, RJ45, 10/100 Mbit/s Alternatively connectable: 10/100/1000 Mbit/s twisted pair, RJ45 connectors 1.1.2 MACH 100 media modules...
Page 269 Specific functions of fiber optic interface Link Down monitoring MACH 100 media modules TP ports Fiber optic Fiber optic SFP ports 10/100 Mbit/s ports ports Multimode Module type Multimode Singlemode Singlemode 100 Mbit/s 100 Mbit/s Longhaul 100 Mbit/s M1-8TP-RJ45 8, RJ45 –...
Page 270: Sfp Modules
IEEE 802.3u 100BASE-FX Multimode/Singlemode/Longhaul standard. The optical ports are configured in 100 Mbit/s Fullduplex (FDX) and support FEFI. They are designed as SFP slots for the Hirschmann SFP module types M-FAST SFP-... (see page „Accessories“).
Page 271 0.55 km M-SFP-LX/LC 1330 nm Multimode 0.55 km 1330 nm Singlemode 20 km M-SFP-LH/LC Longhaul 8-72 km M-SFP-LH+/LC Longhaul + 60-120 km Table 2: SFP modules Note: Only use Hirschmann SFP modules (see page 38 „Accessories“). MACH 100 Release 07/09...
Page 272: Assembly And Start-Up
Assembly and start-up The devices have been developed for practical application in a harsh indus- trial environment. The installation process is correspondingly simple. On delivery, the device is ready for operation. The following procedure has been proven to be successful for the assembly of the device: Unpacking and checking Installing the media modules...
Page 273: Installing The Sfp Modules
To attach an SFP module, first remove the protective cap over the socket. Push the SFP module with the lock closed into the socket until it latches audibly in place. Note: Only use Hirschmann SFP modules (see page 38 „Accessories“).
Page 274: Signal Contact „Fault
Figure 11: Installing an SFP module 2.1.4 Signal contact „FAULT“ Figure 12: MACH 100 device, front view 1 - Signal contact The signal contacts are connected via a 2-pin terminal block with screw locking. The signal contact (“FAULT”, for pin assignment see fig.
Page 275: Dimension Drawings
FAULT Figure 13: 2-pin terminal block Note: Please note the electrical ratings for the signal contact (see on page 35 „General technical data“). Note: Relevant for North America: The tightening torque of the terminal block screws is 0,34 Nm (3 lb in). Mount the terminal block for the signal contact on the front of the device using the screw locking.
Page 276: Installing The Device And Grounding
2.1.6 Installing the device and grounding The device can be mounted on a flat surface, in a 19" standard switch cabinet, or on the wall. Consider the following criteria when selecting the location for mounting your device: The installation location should be close to a power outlet. The climatic threshold values listed in the technical data must be adhered The ventilation slits must not be covered so as to ensure free air circula- tion.
Page 277 Warning If the device is installed in a 19" switch cabinet without sliding/ mounting rails, increased vibration can cause damage to the de- vice and/or its modules. For more information on sliding/mounting rails and how to install them, please contact your switch cabinet manufacturer. Install the sliding/mounting rails in the 19"...
Page 278 Warning When installing the device, make sure the ventilation slots re- main unobstructed, as otherwise the device can overheat and be damaged. Note: When operating the device in environments with strong vibrations, the device can be fastened with two additional brackets at the back of the switch cabinet (see on page 38 „Accessories“), not included in the deliv-...
Page 279: Supply Voltage
Grounding The device is grounded via the voltage supply socket ((see fig. 17) (see fig. 18)). 2.1.7 Supply voltage The input voltage range of the MACH 100 basic devices is designed as 100 - 240 VAC. The power supply for the MACH 102-8TP-R, MACH 102-8TP-FR and MACH 102-24TP-FR devices is designed as redundant.
Page 280: Startup Procedure
Figure 18: Connections for the MACH 102-8TP-R, MACH 102-8TP-FR and MACH 102-24TP-FR on the back of the device 1 - MACH 102-8TP-R, MACH 102-8TP-FR or MACH 102-24TP-FR device 2 - Redundant power supply 100 - 240 V AC 3 - Standard power supply 100 - 240 V AC Note: With non-redundant supply of the main voltage, the device reports a loss of power.
Page 281 n.c. n.c. n.c. Figure 19: Pin assignment of a TP/TX interface in MDI-X mode, RJ45 socket 10/100/1000 Mbit/s twisted pair connection 1000 Mbit/s twisted pair ports (RJ45 sockets) facilitate the connection of terminal devices or independent network segments according to the IEEE 802.3-2000 (ISO/IEC 8802-3:2000) 1000BASE-TX standard.
Page 282: Display Elements
Power supply and data cables should not run parallel over longer distances, and ideally they should be installed in separate cable channels. If the inductive coupling has to be reduced, the power supply and data cables should cross at a 90° angle. You may also choose to use shielded cables.
Page 283 V.24 StandBy R1 R2 FAULT MACH 1000 Figure 21: MACH 100 display elements 1 - Displays for device state 2 - Displays for port state 3 - Displays for port state, media module 1 4 - Displays for port state, media module 2 Device state These LEDs provide information about conditions which affect the opera- tion of the whole device.
Page 284: Making Basic Settings
Port state These LEDs display port-related information. LS - data, link status (one green/yellow LED or one green and one yellow LED) Not glowing No valid connection. Glowing green Valid connection. Flashing green (1 time a period) Port is switched to stand-by. Flashing green (3 times a peri- Port is switched off.
Page 285: Usb Interface
USB interface The USB socket has an interface for the local connection of an AutoCon- figuration Adapter (part number ACA 21-USB see on page 38 „Accesso- ries“). It is used for saving/loading the configuration and for loading the software. Figure Function VCC (VBus) - Data...
Page 286: Disassembly
Note: You will find the order number for the terminal cable, which is or- dered separately, in the Technical Data chapter (see on page 35 „Tech- nical data“). Disassembly Disassembling the device To detach the device from the switch cabinet or the wall, remove the screws from the brackets on the device.
Page 287: Technical Data
Technical data General technical data Dimensions MACH 102-... 448 mm x 310 mm x 44 mm (without brackets) W x H x D Weight of devices MACH102- 3.60 kg 8TPMACH102-8TP- 3.85 kg RMACH102-8TP- 3.60 kg FMACH102-8TP- 3.85 kg FRMACH102-24TP- 3.85 kg FMACH102-24TP-FR 4.10 kg Weight of...
Page 288 EMC interference immunity EN 61000-4-5 Voltage surges - Power line, line/line: 1 kV - Power line, line/earth 2 kV - Data line 4 kV EN 61000-4-6 Line-conducted interference voltages 150 kHz - 80 MHz 10 V EMC emitted inter- ference EN 55022 Class A FCC 47 CFR Part 15 Class A...
Page 289 MM = Multimode, SM = Singlemode, LH = Singlemode Longhaul Power consumption/power output, temperature range and order numbers MACH 100 Description Family Basic devices MACH102-8TP Basic device MACH 100 family with 2 x Gigabit ETHERNET combo port, 8 x Fast ETHERNET TX, 2 sockets for media modules for up to 16 additional ports MACH102-8TP-R Basic device MACH 100 family with 2 x Gigabit ETHERNET combo port,...
Page 290: Scope Of Delivery
Interfaces Basic devices MACH102-8TP, V.24 port: external management MACH102-8TP-R, 1 terminal block, 2-pin: each 1 x signal contact, max. 1 A, 24 V MACH102-8TP-F, USB: ACA 21-USB MACH102-8TP-FR, MACH102-24TP-F or MACH102-24TP-FR MACH102-8TP or MACH102- - 2 combo ports (alternatively 100/1000 Mbit/s optical SFP 8TP-R slot or 1000/100/10 Mbit/s RJ45 socket) - 8 x 10/100 Mbit/s twisted pair, RJ45 socket...
Page 291 Name Order number M-SFP-SX/LC 943 014-001 M-SFP-LX/LC 943 015-001 M-SFP-LH/LC 943 042-001 M-SFP-LH+/LC 943 049-001 Pocket Guide 280 710-851 AutoConfiguration Adapter ACA 21-USB 943 271-001 Terminal cable 943 301-001 2-pin terminal block (50 units) 943 845-010 Bracket for fastening the housing 943 943-001 HiVision Network Management software 943 471-100...
Page 292 Table 10: List of IEEE standards Certifications The following table shows the status of the certification of the equipment. Standard cUL 508 / CSA C22.2 No.142 pending cUL 60950-1 pending Table 11: Certifications - for the current status, visit www.hirschmann.com MACH 100 Release 07/09...
Page 293: Weitere Unterstützung
Weitere Unterstützung Technische Fragen und Schulungsangebote Bei technischen Fragen wenden Sie sich bitte an den Hirschmann Vertragspartner in Ihrer Nähe oder direkt an Hirschmann. Die Adressen unserer Vertragspartner finden Sie im Internet unter www.hirschmann-ac.com. Darüber hinaus steht Ihnen unsere Hotline zur Verfügung:...

This manual is also suitable for:

Rs30 Rs40 Ms20 Ms30 Octopus Powermice ... Show all

Hirschmann RS20 User Manual

Table of Contents

Table of Contents

Safety Instructions

Legend

1 Device Description

2 Assembly and Start-Up

3 Technical Data

Weitere Unterstützung

Quick Links

Chapters

Related Manuals for Hirschmann RS20

Summary of Contents for Hirschmann RS20