Hirschmann Greyhound GRS1020 Reference Manual
  1. Manuals
  2. Brands
  3. Hirschmann Manuals
  4. Switch
  5. GREYHOUND GRS1020
  6. Reference manual

Hirschmann Greyhound GRS1020 Reference Manual

Hide thumbs Also See for Greyhound GRS1020:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
Table of Contents

Advertisement

Quick Links

See also: User Manual
GRS1020-1030
Reference Manual
Graphical User Interface
User Manual
Configuration
Hirschmann Automation and Control GmbH
HiOS-2S
Rel. 08000

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Greyhound GRS1020 and is the answer not in the manual?

Questions and answers

Related Manuals for Hirschmann Greyhound GRS1020

Summary of Contents for Hirschmann Greyhound GRS1020

  • Page 1 Hirschmann Automation and Control GmbH GRS1020-1030 HiOS-2S Rel. 08000 Reference Manual Graphical User Interface User Manual Configuration...
  • Page 2 Reference Manual Graphical User Interface Greyhound Switch GRS1020-1030 HiOS-2S Technical support RM GUI GRS Release 8.0 09/2019 https://hirschmann-support.belden.com...
  • Page 3 This document was produced by Hirschmann Automation and Control GmbH according to the best of the company's knowledge. Hirschmann reserves the right to change the contents of this document without prior notice. Hirschmann can give no guarantee in respect of the correctness or accuracy of the information in this document.

  • Page 4: Table Of Contents

    Contents Contents Safety instructions............6 About this Manual .
  • Page 5 Contents 4.4.3 RADIUS Accounting Server ........... . 125 4.4.4 RADIUS Authentication Statistics .
  • Page 6 Contents Diagnostics..............232 Status Configuration.

  • Page 7: Safety Instructions

    Safety instructions Safety instructions WARNING UNCONTROLLED MACHINE ACTIONS To avoid uncontrolled machine actions caused by data loss, configure all the data transmission devices individually. Before you start any machine which is controlled via data transmission, be sure to complete the configuration of all data transmission devices.

  • Page 9: About This Manual

    About this Manual About this Manual The “Configuration” user manual contains the information you need to start operating the device. It takes you step by step from the first startup operation through to the basic settings for operation in your environment. The “Installation”...

  • Page 10: Key

    The designations used in this manual have the following meanings: List  Work step  Link Cross-reference with link Note: A note emphasizes a significant fact or draws your attention to a dependency. Representation of a CLI command or field contents in the graphical user interface Courier Execution in the Graphical User Interface Execution in the Command Line Interface...

  • Page 11: Notes On The Graphical User Interface

    Notes on the Graphical User Interface Notes on the Graphical User Interface The Graphical User Interface of the device is divided as follows: Navigation area  Dialog area  Buttons  Navigation area The Navigation area is located on the left side of the Graphical User Interface. The Navigation area contains the following elements: Toolbar ...
  • Page 12 Notes on the Graphical User Interface Clicking the button logs out the current user and displays the login page. Displays the remaining time in seconds until the device automatically logs out an inactive user. Clicking the button opens the Device Security > Management Access > Web dialog.
  • Page 13 Notes on the Graphical User Interface Menu The menu displays the menu items. You have the option of filtering the menu items. See section “Filter”. To display the corresponding dialog in the dialog area, you click the desired menu item. If the selected menu item is a node containing sub-items, then the node expands or collapses while clicking.
  • Page 14 Notes on the Graphical User Interface Working with tables The dialogs display numerous settings in table form. When you modify a table cell, the table cell displays a red mark in its top-left corner. The red mark indicates that your modifications are not yet transfered to the volatile memory (RAM) of the device. You have the option of customizing the look of the tables to fit your needs.
  • Page 15 Notes on the Graphical User Interface Updates the fields with the values that are saved in the volatile memory (RAM) of the device. Transfers the settings from the volatile memory (RAM) into the configuration profile designated as “Selected” in the non-volatile memory (NVM). When in the Basic Settings >...

  • Page 17: Basic Settings

    Basic Settings [ Basic Settings > System ] 1 Basic Settings The menu contains the following dialogs: System  Modules  Network  Software  Load/Save  External Memory  Port  Restart  System [ Basic Settings > System ] In this dialog, you monitor individual operating statuses.
  • Page 18 Basic Settings [ Basic Settings > System ] Security status The fields in this frame display the security status and inform you about alarms that have occurred. When an alarm currently exists, the frame is highlighted. You specify the parameters that the device monitors in the Diagnostics >...
  • Page 19 Basic Settings [ Basic Settings > System ] Possible values: Alphanumeric ASCII character string with 0..255 characters  The following characters are allowed: – 0..9 a..z – – A..Z – !#$%&'()*+,-./:;<=>?@[\\]^_`{}~ – <device name>-<MAC address> (default setting) When creating HTTPS X.509 certificates, the application generating the certificate uses the specified value as the domain name and common name.
  • Page 20 Basic Settings [ Basic Settings > System ] Temperature [°C] Displays the current temperature in the device in °C. You activate the monitoring of the temperature thresholds in the Diagnostics > Status Configuration > Device Status dialog. Upper temp. limit [°C] Specifies the upper temperature threshold in °C.
  • Page 21 Basic Settings [ Basic Settings > System ] Parameters Color Meaning No external memory connected. The external memory is connected, but not ready for operation. The external memory is connected and ready for operation. Port status This frame displays a simplified view of the ports of the device at the time of the last update. The icons represent the status of the individual ports.

  • Page 22: Modules

    Basic Settings [ Basic Settings > Modules ] Modules [ Basic Settings > Modules ] The device lets you install or remove the modules during operation (hot-plug). As long as the Ethernet module status column displays the value configurable you can configure the module and save its preferences.
  • Page 23 Basic Settings [ Basic Settings > Modules ] Table Ethernet module Displays the number of the slot to which the entry refers. Active Activates/deactivates the slot. Possible values: marked (default setting)  The slot is active. The device recognizes a module installed in this slot. unmarked ...
  • Page 24 Basic Settings [ Basic Settings > Modules ] Buttons You find the description of the standard buttons in section “Buttons” on page Remove Ethernet module Removes the selected Ethernet module from the table. RM GUI GRS Release 8.0 09/2019...

  • Page 25: Network

    Basic Settings [ Basic Settings > Network ] Network [ Basic Settings > Network ] This dialog lets you specify the IP, VLAN and HiDiscovery settings required for the access to the device management through the network. Management interface This frame lets you specify the following settings: The source from which the device management receives its IP parameters ...
  • Page 26 This frame lets you specify settings for the access to the device using the HiDiscovery protocol. On a PC, the HiDiscovery software displays the Hirschmann devices that can be accessed in the network on which the HiDiscovery function is enabled. You can access these devices even if they have invalid or no IP parameters assigned.
  • Page 27 Basic Settings [ Basic Settings > Network ] Signal Activates/deactivates the flashing of the port LEDs as does the function of the same name in the HiDiscovery software. The function lets you identify the device in the field. Possible values: marked ...

  • Page 28: Software

    Basic Settings [ Basic Settings > Software ] Software [ Basic Settings > Software ] This dialog lets you update the device software and display information about the device software. You also have the option to restore a backup of the device software saved in the device. Note: Before updating the device software, follow the version-specific notes in the Readme text file.
  • Page 29 Basic Settings [ Basic Settings > Software ] The device gives you the following options for updating the device software: Software update from the PC  When the file is located on your PC or on a network drive, drag and drop the file in the area.
  • Page 30 Basic Settings [ Basic Settings > Software ] For the device software in the flash memory, the index has the following meaning:  Upon restart, the device loads this device software.  The device copied this device software into the backup area during the last software update. File name Displays the device-internal file name of the device software.

  • Page 31: Load/Save

    Basic Settings [ Basic Settings > Load/Save ] Load/Save [ Basic Settings > Load/Save ] This dialog lets you save the device settings permanently in a configuration profile. The device can hold several configuration profiles. When you activate an alternative configuration profile, you change to other device settings.
  • Page 32 Basic Settings [ Basic Settings > Load/Save ] Possible values: marked  The configuration encryption is active. If the configuration profile is encrypted and the password matches the password stored in the device, then the device loads a configuration profile from the non-volatile memory (NVM). unmarked ...
  • Page 33 Basic Settings [ Basic Settings > Load/Save ] Delete Opens the Delete window which helps you to cancel the configuration encryption in the device. In the Old password field, enter the existing password.  To display the password in plain text instead of ***** (asterisks), mark the Display content checkbox.
  • Page 34 Basic Settings [ Basic Settings > Load/Save ] Possible values: Enabled  Backup config on a remote server when saving function is enabled. When you save the configuration profile in the non-volatile memory (NVM), the device automatically backs up the configuration profile on the remote server specified in the field.
  • Page 35 Basic Settings [ Basic Settings > Load/Save ] Undo configuration modifications Operation Enables/disables the Undo configuration modifications function. Using the function, the device continuously checks whether it can still be reached from the IP address of the user’s PC. If the connection is lost, after a specified time period the device loads the “Selected”...
  • Page 36 Basic Settings [ Basic Settings > Load/Save ] Possible values: (volatile memory of the device)  In the volatile memory, the device stores the settings for the current operation. (non-volatile memory of the device)  When applying the function Undo configuration modifications or during a restart, the device loads the “Selected”...
  • Page 37 Basic Settings [ Basic Settings > Load/Save ] Encrypted Displays whether the configuration profile is encrypted. Possible values: marked  The configuration profile is encrypted. unmarked  The configuration profile is unencrypted. You activate/deactivate the encryption of the configuration profile in the Configuration encryption frame.
  • Page 38 Basic Settings [ Basic Settings > Load/Save ] The device verifies the checksum correctly only if the configuration profile has been saved before as follows: • on an identical device • with the same software version, which the device is running Note: This function identifies changes to the settings in the configuration profile.
  • Page 39 Basic Settings [ Basic Settings > Load/Save ] Select Designates the configuration profile highlighted in the table as “Selected”. In the Selected column, the checkbox is then marked. When applying the function Undo configuration modifications or during a restart, the device loads the settings of this configuration profile to the volatile memory (RAM).
  • Page 40 Basic Settings [ Basic Settings > Load/Save ] When External memory is selected above, in the Import profile from external memory frame you  specify the configuration profile file to be imported. In the Profile name drop-down list, select the name of the configuration profile to be imported. In the Destination frame you specify where the device saves the imported configuration profile.
  • Page 41 Basic Settings [ Basic Settings > Load/Save ] Load running-config as script running config Imports a script file which modifies the current configuration profile. The device gives you the following options to import a script file: Import from the PC ...

  • Page 42: External Memory

    Basic Settings [ Basic Settings > External Memory ] External Memory [ Basic Settings > External Memory ] This dialog lets you activate functions that the device automatically executes in combination with the external memory. The dialog also displays the operating state and identifying characteristics of the external memory.
  • Page 43 Basic Settings [ Basic Settings > External Memory ] Status Displays the operating state of the external memory. Possible values: notPresent  No external memory connected. removed  Someone has removed the external memory from the device during operation.  The external memory is connected and ready for operation.
  • Page 44 Basic Settings [ Basic Settings > External Memory ] Possible values: marked (default setting)  The loading of the RSA key is activated. During a restart, the device loads the RSA key from the external memory when the following files are located in the external memory: –...
  • Page 45 Basic Settings [ Basic Settings > External Memory ] Version Displays the version number specified by the memory manufacturer. Name Displays the product name specified by the memory manufacturer. Serial number Displays the serial number specified by the memory manufacturer. Buttons You find the description of the standard buttons in section “Buttons”...

  • Page 46: Port

    Basic Settings [ Basic Settings > Port ] Port [ Basic Settings > Port ] This dialog lets you specify settings for the individual ports. The dialog also displays the operating mode, connection status, bit rate and duplex mode for every port. The dialog contains the following tabs: [Configuration] ...
  • Page 47 Basic Settings [ Basic Settings > Port ] Possible values: marked  The port is physically enabled. unmarked  The port is physically disabled. When the Port on function is active, the Auto-Disable function has disabled the port. You specify the settings of the function in the Auto-Disable Diagnostics >...
  • Page 48 Basic Settings [ Basic Settings > Port ] Possible values: 10 Mbit/s HDX  Half duplex connection 10 Mbit/s FDX  Full duplex connection 100 Mbit/s HDX  Half duplex connection 100 Mbit/s FDX  Full duplex connection 1000 Mbit/s FDX ...
  • Page 49 Basic Settings [ Basic Settings > Port ] Flow control Activates/deactivates the flow control on the port. Possible values: marked (default setting)  The Flow control on the port is active. The sending and evaluating of pause packets (full-duplex operation) or collisions (half-duplex operation) is activated on the port.
  • Page 50 Basic Settings [ Basic Settings > Port ] Possible values: marked  Link monitoring function is active. If the device recognizes an established link, then the port LED illuminates. If the device recognizes that a link has been lost, then the port LED extinguishes. unmarked (default setting) ...
  • Page 51 Basic Settings [ Basic Settings > Port ] To reset the counter for the port statistics in the table to 0, proceed as follows: In the Basic Settings > Port dialog, click the button and then the Clear port statistics item.
  • Page 52 Basic Settings [ Basic Settings > Port ] Control interval [s] Specifies the interval in seconds. Possible values: 1..3600 (default setting: 30)  Alarm Displays the utilization alarm status. Possible values: marked  The utilization of the port is below the value specified in the Lower threshold [%] column or above the value specified in the...

  • Page 53: Restart

    Basic Settings [ Basic Settings > Restart ] Restart [ Basic Settings > Restart ] This dialog lets you restart the device, reset port counters and address tables, and delete log files. Restart Restart in Displays the remaining time until the device restarts. To update the display of the remaining time, click the button.
  • Page 54 Basic Settings [ Basic Settings > Restart ] Reset ARP table Removes the dynamically set up addresses from the ARP table. See the Diagnostics > System > ARP dialog. Clear port statistics Resets the counter for the port statistics to 0. See the dialog, tab.

  • Page 55: Time

    Time [ Time > Basic Settings ] 2 Time The menu contains the following dialogs: Basic Settings  SNTP  Basic Settings [ Time > Basic Settings ] The device is equipped with a buffered hardware clock. This clock maintains the correct time if the power supply fails or you disconnect the device from the power supply.

  • Page 56: Sntp

    Time [ Time > Basic Settings ] Possible values: local  System clock of the device. sntp  SNTP client is activated and the device is synchronized by an SNTP server. Local offset [min] Specifies the difference between the local time and System time (UTC) in minutes: Local offset [min]...
  • Page 57 Time [ Time > Basic Settings ] Summertime begin In the first 3 fields you specify the day for the beginning of summertime, and in the last field the time. When the time in the field reaches the value entered here, the device switches to System time summertime.
  • Page 58 Time [ Time > Basic Settings ] System time Specifies the time. Possible values: <HH:MM> (default setting: 00:00)  Summertime end In the first 3 fields you specify the day for the end of summertime, and in the last field the time. When the time in the System time field reaches the value entered here, the device switches to...

  • Page 59: Sntp Client

    Time [ Time > SNTP ]  June  July  August  September  October  November  December  System time Specifies the time. Possible values: <HH:MM> (default setting: 00:00)  Buttons You find the description of the standard buttons in section “Buttons”...
  • Page 60 Time [ Time > SNTP > Client ] 2.2.1 SNTP Client [ Time > SNTP > Client ] In this dialog, you specify the settings with which the device operates as an SNTP client. As an SNTP client the device obtains the time information from both SNTP servers and servers...
  • Page 61 Time [ Time > SNTP > Client ] Possible values: 128..2048 (default setting: 320)  Disable client after successful sync Activates/deactivates the disabling of the SNTP client after the device has successfully synchronized the time. Possible values: marked  The disabling of the SNTP client is active.
  • Page 62 Time [ Time > SNTP > Client ] After starting, the device sends requests to the SNTP server configured in the first table entry. When the server does not reply, the device sends its requests to the SNTP server configured in the next table entry.
  • Page 63 Time [ Time > SNTP > Client ] serverUnsychronized  SNTP server is not synchronized with either a local or an external reference time source - synchronization failed. versionNotSupported  SNTP versions on the client and the server are incompatible with each other - synchronization failed.

  • Page 64: Sntp Server

    Time [ Time > SNTP > Server ] 2.2.2 SNTP Server [ Time > SNTP > Server ] In this dialog, you specify the settings with which the device operates as an SNTP server. SNTP server provides the Universal Time Coordinated (UTC) without considering local time differences.
  • Page 65 Time [ Time > SNTP > Server ] Possible values: Valid IPv4 address (default setting: 0.0.0.0)  Broadcast and Multicast addresses are permitted. Broadcast UDP port Specifies the number of the UDP port on which the SNTP server sends the SNTP packets in Broadcast mode.
  • Page 66 Time [ Time > SNTP > Server ] Possible values: disabled  SNTP server is disabled. notSynchronized  SNTP server is not synchronized with either a local or an external reference time source. syncToLocal  SNTP server is synchronized with the hardware clock of the device. syncToRefclock ...

  • Page 67: Device Security

    Device Security [ Device Security > User Management ] 3 Device Security The menu contains the following dialogs: User Management  Authentication List  Management Access  Pre-login Banner  User Management [ Device Security > User Management ] If users log in with valid login data, then the device lets them have access to its device management.
  • Page 68 Device Security [ Device Security > User Management ] The device checks the password according to this setting, regardless of the setting for the Policy check checkbox. Possible values: 1..64 (default setting: 6)  Password policy This frame lets you specify the policy for valid passwords. The device checks every new password and password change according to this policy.
  • Page 69 Device Security [ Device Security > User Management ] Table Every user requires an active user account to gain access to the device management. The table lets you set up and manage user accounts. To change settings, click the desired parameter in the table and modify the value. User name Displays the name of the user account.
  • Page 70 Device Security [ Device Security > User Management ] Possible values: unauthorized  The user is blocked, and the device rejects the user log on. Assign this value to temporarily lock the user account. If the device detects an error when another role is being assigned, then the device assigns this role to the user account.
  • Page 71 Device Security [ Device Security > User Management ] Possible values: hmacmd5 (default value)  For this user account, the device uses protocol HMACMD5. hmacsha  For this user account, the device uses protocol HMACSHA. SNMP encryption type Specifies the encryption protocol that the device applies for user access via SNMPv3. Possible values: none ...

  • Page 72: Authentication List

    Device Security [ Device Security > Authentication List ] Authentication List [ Device Security > Authentication List ] In this dialog you manage the authentication lists. In a authentication list you specify which method the device uses for the authentication. You also have the option to assign pre-defined applications to the authentication lists.
  • Page 73 Device Security [ Device Security > Authentication List ] Possible values: local (default setting)  The device authenticates the users by using the local user management. See the Device Security > User Management dialog. You cannot assign this value to the authentication list defaultDot1x8021AuthList. radius ...
  • Page 74 Device Security [ Device Security > Authentication List ] Buttons You find the description of the standard buttons in section “Buttons” on page Allocate applications Opens the Allocate applications window. The left field displays the applications that can be allocated to the highlighted list. ...

  • Page 75: Management Access

    Device Security [ Device Security > Management Access ] Management Access [ Device Security > Management Access ] The menu contains the following dialogs: Server  IP Access Restriction   Command Line Interface  SNMPv1/v2 Community  RM GUI GRS Release 8.0 09/2019...

  • Page 76: Server

    Device Security [ Device Security > Management Access > Server ] 3.3.1 Server [ Device Security > Management Access > Server ] This dialog lets you set up the server services which enable users or applications to access the management of the device. The dialog contains the following tabs: [Information] ...
  • Page 77 Device Security [ Device Security > Management Access > Server ] Possible values: marked  Server service is active. unmarked  Server service is inactive. Telnet server Displays whether the server service is active or inactive, which authorizes access to the device using Telnet.
  • Page 78 Device Security [ Device Security > Management Access > Server ] Buttons You find the description of the standard buttons in section “Buttons” on page [SNMP] This tab lets you specify settings for the SNMP agent of the device and to enable/disable access to the device with different SNMP versions.
  • Page 79 Device Security [ Device Security > Management Access > Server ] UDP port Specifies the number of the UDP port on which the SNMP agent receives requests from clients. Possible values: 1..65535 (default setting: 161)  Exception: Port 2222 is reserved for internal functions. To enable the SNMP agent to use the new port after a change, you proceed as follows: Click the button.
  • Page 80 Device Security [ Device Security > Management Access > Server ] Possible values: (default setting)  The Telnet server is enabled. The access to the device management is possible through the Command Line Interface using an unencrypted Telnet connection.  The Telnet server is disabled.
  • Page 81 Device Security [ Device Security > Management Access > Server ] [SSH] This tab lets you enable/disable the SSH server in the device and specify its settings required for SSH. The server works with SSH version 2. The SSH server enables access to the device management remotely through the Command Line Interface.
  • Page 82 Device Security [ Device Security > Management Access > Server ] Sessions Displays how many SSH connections are currently established to the device. Sessions (max.) Specifies the maximum number of SSH connections to the device that can be set up simultaneously.
  • Page 83 Device Security [ Device Security > Management Access > Server ] Length of the key created: 2048 bit (RSA)  To get the SSH server to use the generated host key, re-enable the SSH server. Alternatively, you have the option to copy your own host key to the device in PEM format. See the Key import frame.
  • Page 84 Device Security [ Device Security > Management Access > Server ] Start Copies the key specified in the field to the device. Buttons You find the description of the standard buttons in section “Buttons” on page [HTTP] This tab lets you enable/disable the HTTP protocol for the web server and specify the settings required for HTTP.
  • Page 85 Device Security [ Device Security > Management Access > Server ] Possible values: 1..65535 (default setting: 80)  Exception: Port 2222 is reserved for internal functions. Buttons You find the description of the standard buttons in section “Buttons” on page [HTTPS] This tab lets you enable/disable the HTTPS protocol for the web server and specify the settings required for HTTPS.
  • Page 86 Device Security [ Device Security > Management Access > Server ] Configuration TCP port Specifies the number of the TCP port on which the web server receives HTTPS requests from clients. Possible values: 1..65535 (default setting: 443)  Exception: Port 2222 is reserved for internal functions.
  • Page 87 Device Security [ Device Security > Management Access > Server ] Create Generates a digital certificate in the device. Until restarting the web server uses the previous certificate. To get the web server to use the newly generated certificate, restart the web server. Restarting the web server is possible only through the Command Line Interface.
  • Page 88 Device Security [ Device Security > Management Access > Server ] The device gives you the following options for copying the certificate to the device: Import from the PC  When the certificate is located on your PC or on a network drive, drag and drop the certificate in the area.

  • Page 89: Ip Access Restriction

    Device Security [ Device Security > Management Access > IP Access Restriction ] 3.3.2 IP Access Restriction [ Device Security > Management Access > IP Access Restriction ] This dialog enables you to restrict the access to the device management to specific IP address ranges and selected IP-based applications.
  • Page 90 Device Security [ Device Security > Management Access > IP Access Restriction ] Possible values: Valid IPv4 address (default setting: 0.0.0.0)  Netmask Specifies the range of the network specified in the Address column. Possible values: Valid netmask (default setting: 0.0.0.0) ...
  • Page 91 Device Security [ Device Security > Management Access > IP Access Restriction ] Possible values: marked (default setting)  Access is activated for the adjacent IP address range. unmarked  Access is deactivated. IEC61850-MMS Activates/deactivates the access to the MMS server. Possible values: marked (default setting)

  • Page 92: Web

    Device Security [ Device Security > Management Access > Web ] 3.3.3 [ Device Security > Management Access > Web ] In this dialog, you specify settings for the Graphical User Interface. Configuration Web interface session timeout [min] Specifies the timeout in minutes. After the device has been inactive for this time it ends the session for the user logged on.

  • Page 93: Command Line Interface

    Device Security [ Device Security > Management Access > CLI ] 3.3.4 Command Line Interface [ Device Security > Management Access > CLI ] In this dialog, you specify settings for the Command Line Interface. You find detailed information about the Command Line Interface in the “Command Line Interface” reference manual. The dialog contains the following tabs: [Global] ...
  • Page 94 Device Security [ Device Security > Management Access > CLI ] Buttons You find the description of the standard buttons in section “Buttons” on page [Login banner] In this tab, you replace the start screen of the Command Line Interface with your own text. In the default setting, the start screen displays information about the device, such as the software version and the device settings.
  • Page 95 Device Security [ Device Security > Management Access > CLI ] Possible values: 1024..0  Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...

  • Page 96: Snmpv1/V2 Community

    Device Security [ Device Security > Management Access > SNMPv1/v2 Community ] 3.3.5 SNMPv1/v2 Community [ Device Security > Management Access > SNMPv1/v2 Community ] In this dialog, you specify the community name for SNMPv1/v2 applications. Applications send requests via SNMPv1/v2 with a community name in the SNMP data packet header.

  • Page 97: Pre-Login Banner

    Device Security [ Device Security > Pre-login Banner ] Pre-login Banner [ Device Security > Pre-login Banner ] This dialog lets you display a greeting or information text to users before they login to the device. The users see this text in the login dialog of the Graphical User Interface and of the Command Line Interface.
  • Page 98 Device Security [ Device Security > Pre-login Banner ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...

  • Page 99: Network Security

    Network Security [ Network Security > Overview ] 4 Network Security The menu contains the following dialogs: Network Security Overview  Port Security  802.1X Port Authentication  RADIUS    Network Security Overview [ Network Security > Overview ] This dialog displays the network security rules used in the device.
  • Page 100 Network Security [ Network Security > Overview ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...

  • Page 101: Port Security

    Network Security [ Network Security > Port Security ] Port Security [ Network Security > Port Security ] The device lets you transmit only data packets from desired senders on one port. When this function is enabled, the device checks the VLAN ID and MAC address of the sender before it transmits a data packet.
  • Page 102 Network Security [ Network Security > Port Security ] Possible values: marked  Auto-Disable function for Port Security is active. Also mark the checkbox in the Auto-disable column for the relevant ports. unmarked (default setting)  Auto-Disable function for Port Security is inactive.
  • Page 103 Network Security [ Network Security > Port Security ] Possible values: marked  If the device discards data packets from a sender that is not allowed on the port, then the device sends an SNMP trap. unmarked (default setting)  The sending of SNMP traps is deactivated.
  • Page 104 Network Security [ Network Security > Port Security ] Static entries Displays the number of senders that are linked with the port. See the Wizard window, Static entries (/) field. Last violating VLAN ID/MAC Displays the VLAN ID and MAC address of an undesired sender whose data packets the device last discarded on this port.
  • Page 105 Network Security [ Network Security > Port Security ] MAC address Specifies the MAC address of the desired source. Possible values: Valid Unicast MAC address  Specify the value in one of the following formats: – without a separator, for example 001122334455 00 11 22 33 44 55 –...

  • Page 106: Port Authentication

    Network Security [ Network Security > 802.1X Port Authentication ] 802.1X Port Authentication [ Network Security > 802.1X Port Authentication ] With the port-based access control according to IEEE 802.1X, the device monitors the access to the network from connected end devices. The device (authenticator) lets an end device (supplicant) have access to the network if it logs in with valid login data.

  • Page 107: Global

    Network Security [ Network Security > 802.1X Port Authentication > Global ] 4.3.1 802.1X Global [ Network Security > 802.1X Port Authentication > Global ] This dialog lets you specify basic settings for the port-based access control. Operation Operation Enables/disables the 802.1X Port Authentication function.
  • Page 108 Network Security [ Network Security > 802.1X Port Authentication > Global ] Monitor mode Activates/deactivates the monitor mode. Possible values: marked  The monitor mode is active. The device monitors the authentication and helps with diagnosing detected errors. If an end device has not logged in successfully, then the device gives the end device access to the network.

  • Page 109: Port Configuration

    Network Security [ Network Security > 802.1X Port Authentication > Port Configuration ] 4.3.2 802.1X Port Configuration [ Network Security > 802.1X Port Authentication > Port Configuration ] This dialog lets you specify the access settings for every port. Table Port Displays the port number.
  • Page 110 Network Security [ Network Security > 802.1X Port Authentication > Port Configuration ] authenticated  aborting  held  forceAuth  forceUnauth  Backend authentication state Displays the current status of the connection to the authentication server (Backend Authentication state). Possible values: request ...
  • Page 111 Network Security [ Network Security > 802.1X Port Authentication > Port Configuration ] Quiet period [s] Specifies the time period in seconds in which the authenticator does not accept any more logins from the end device after an unsuccessful log in attempt (Quiet period [s]).
  • Page 112 Network Security [ Network Security > 802.1X Port Authentication > Port Configuration ] Possible values: notAssigned (default setting)  radius  guestVlan  unauthenticatedVlan  You find the VLAN ID that the authenticator assigned to the ports for a supplicant in the Network Security >...
  • Page 113 Network Security [ Network Security > 802.1X Port Authentication > Port Configuration ] Possible values: 1..300 (default setting: 90)  Unauthenticated VLAN ID Specifies the ID of the VLAN that the authenticator assigns to the port if the end device does not login successfully.

  • Page 114: 802.1X Port Clients

    Network Security [ Network Security > 802.1X Port Authentication > Port Clients ] 4.3.3 802.1X Port Clients [ Network Security > 802.1X Port Authentication > Port Clients ] This dialog displays information on the connected end devices. Table Port Displays the port number. User name Displays the user name with which the end device logged in.
  • Page 115 Network Security [ Network Security > 802.1X Port Authentication > Port Clients ] Possible values: default  reauthenticate  Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...

  • Page 116: Eapol Port Statistics

    Network Security [ Network Security > 802.1X Port Authentication > Statistics ] 4.3.4 802.1X EAPOL Port Statistics [ Network Security > 802.1X Port Authentication > Statistics ] This dialog displays which EAPOL data packets the end device has sent and received for the authentication of the end devices.
  • Page 117 Network Security [ Network Security > 802.1X Port Authentication > Statistics ] Received error packets Displays the number of EAPOL data packets with an invalid packet body length field that the device received on the port. Packet version Displays the protocol version number of the EAPOL data packet that the device last received on the port.

  • Page 118: 802.1X Port Authentication History

    Network Security [ Network Security > 802.1X Port Authentication > Port Authentication History ] 4.3.5 802.1X Port Authentication History [ Network Security > 802.1X Port Authentication > Port Authentication History ] The device registers the authentication process of the end devices that are connected to its ports. This dialog displays the information recorded during the authentication.
  • Page 119 Network Security [ Network Security > 802.1X Port Authentication > Port Authentication History ] Assignment type Displays the type of the VLAN that the authenticator assigned to the port. Possible values: default  radius  unauthenticatedVlan  guestVlan  monitorVlan ...

  • Page 120: 802.1X Integrated Authentication Server

    Network Security [ Network Security > 802.1X Port Authentication > Integrated Authentication Server ] 4.3.6 802.1X Integrated Authentication Server [ Network Security > 802.1X Port Authentication > Integrated Authentication Server ] The Integrated Authentication Server (IAS) lets you authenticate end devices using IEEE 802.1X. Compared to RADIUS, the IAS has a very limited range of functions.

  • Page 121: Radius

    Network Security [ Network Security > RADIUS ] RADIUS [ Network Security > RADIUS ] With its factory settings, the device authenticates users based on the local user management. However, as the size of a network increases, it becomes more difficult to keep the login data of the users consistent across the devices.
  • Page 122 Network Security [ Network Security > RADIUS > Global ] 4.4.1 RADIUS Global [ Network Security > RADIUS > Global ] This dialog lets you specify basic settings for RADIUS. RADIUS configuration Retransmits (max.) Specifies how many times the device retransmits an unanswered request to the authentication server before the device sends the request to an alternative authentication server.
  • Page 123 Network Security [ Network Security > RADIUS > Global ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset Deletes the statistics in the Network Security > RADIUS > Authentication Statistics dialog and in the Network Security >...

  • Page 124: Radius Authentication Server

    Network Security [ Network Security > RADIUS > Authentication Server ] 4.4.2 RADIUS Authentication Server [ Network Security > RADIUS > Authentication Server ] This dialog lets you specify up to 8 authentication servers. An authentication server authenticates and authorizes the users when the device forwards the login data to the server. The device sends the login data to the specified primary authentication server.
  • Page 125 Network Security [ Network Security > RADIUS > Authentication Server ] Primary server Specifies the authentication server as primary or secondary. Possible values: marked  The server is specified as the primary authentication server. The device sends the login data for authenticating the users to this authentication server.

  • Page 126: Radius Accounting Server

    Network Security [ Network Security > RADIUS > Accounting Server ] 4.4.3 RADIUS Accounting Server [ Network Security > RADIUS > Accounting Server ] This dialog lets you specify up to 8 accounting servers. An accounting server records the traffic data that has occurred during the port authentication according to IEEE 802.1X.
  • Page 127 Network Security [ Network Security > RADIUS > Accounting Server ] Active Activates/deactivates the connection to the server. Possible values: marked (default setting)  The connection is active. The device sends traffic data to this server if the preconditions named above are fulfilled.

  • Page 128: Radius Authentication Statistics

    Network Security [ Network Security > RADIUS > Authentication Statistics ] 4.4.4 RADIUS Authentication Statistics [ Network Security > RADIUS > Authentication Statistics ] This dialog displays information about the communication between the device and the authentication server. The table displays the information for each server in a separate row. To delete the statistic, click in the Network Security >...
  • Page 129 Network Security [ Network Security > RADIUS > Authentication Statistics ] Bad authenticators Displays the number of access response data packets with an invalid authenticator that the device received from the server. Pending requests Displays the number of access request data packets that the device sent to the server to which it has not yet received a response from the server.

  • Page 130: Radius Accounting Statistics

    Network Security [ Network Security > RADIUS > Accounting Statistics ] 4.4.5 RADIUS Accounting Statistics [ Network Security > RADIUS > Accounting Statistics ] This dialog displays information about the communication between the device and the accounting server. The table displays the information for each server in a separate row. To delete the statistic, click in the Network Security >...

  • Page 131: Dos

    Network Security [ Network Security > DoS ] Timeouts Displays how many times no response to the server was received before the specified waiting time elapsed. Unknown types Displays the number data packets with an unknown data type that the device received from the server on the accounting port.
  • Page 132 Network Security [ Network Security > DoS > Global ] 4.5.1 DoS Global [ Network Security > DoS > Global ] In this dialog, you specify the DoS settings for the TCP/UDP, IP and ICMP protocols. TCP/UDP A scanner uses port scans to prepare network attacks. The scanner uses different techniques to determine running devices and open ports.
  • Page 133 Network Security [ Network Security > DoS > Global ] Possible values: marked  The filter is active. unmarked (default setting)  The filter is inactive. TCP Offset protection Activates/deactivates the TCP Offset protection. The TCP Offset protection detects incoming TCP data packets whose fragment offset field of the IP header is equal to 1 and discards them.
  • Page 134 Network Security [ Network Security > DoS > Global ] Possible values: marked  The filter is active. unmarked (default setting)  The filter is inactive. Min. TCP header size Displays the minimum size of a valid TCP header. This frame lets you activate or deactivate the Land Attack filter. With the land attack method, the attacking station sends data packets whose source and destination addresses are identical to those of the recipient.

  • Page 135: Acl

    Network Security [ Network Security > ACL ] The filter detects ICMP packets whose payload size exceeds the size specified in the Allowed payload size [byte] field and discards them. Possible values: marked  The filter is active. unmarked (default setting) ...

  • Page 136: Acl Ipv4 Rule

    Network Security [ Network Security > ACL ] The menu contains the following dialogs: ACL IPv4 Rule  ACL MAC Rule  ACL Assignment  RM GUI GRS Release 8.0 09/2019...
  • Page 137 Network Security [ Network Security > ACL > IPv4 Rule ] 4.6.1 ACL IPv4 Rule [ Network Security > ACL > IPv4 Rule ] In this dialog, you specify the rules that the device applies to the IP data packets. An Access Control List (group) contains one or more rules.
  • Page 138 Network Security [ Network Security > ACL > IPv4 Rule ] Possible values: ?.?.?.? (default setting)  The device applies the rule to IP data packets with any source address. Valid IPv4 address  The device applies the rule to IP data packets with the specified source address. You use the character as a wild card.
  • Page 139 Network Security [ Network Security > ACL > IPv4 Rule ] Possible values: (default setting)  The device applies the rule to every IP data packet without considering the source port. 1..65535  The device applies the rule only to IP data packets containing the specified source port. Destination TCP/UDP port Specifies the destination port of the IP data packets to which the device applies the rule.
  • Page 140 Network Security [ Network Security > ACL > IPv4 Rule ] Buttons You find the description of the standard buttons in section “Buttons” on page Opens the Create window to add a new entry to the table. In the Group name field, you specify the name of the Access Control List to which the rule ...

  • Page 141: Acl Mac Rule

    Network Security [ Network Security > ACL > MAC Rule ] 4.6.2 ACL MAC Rule [ Network Security > ACL > MAC Rule ] In this dialog, you specify the rules that the device applies to the MAC data packets. An Access Control List (group) contains one or more rules.
  • Page 142 Network Security [ Network Security > ACL > MAC Rule ] Destination MAC address Specifies the destination address of the MAC data packets to which the device applies the rule. Possible values: ??:??:??:??:??:?? (default setting)  The device applies the rule to MAC data packets with any destination address. Valid MAC address ...
  • Page 143 Network Security [ Network Security > ACL > MAC Rule ] Buttons You find the description of the standard buttons in section “Buttons” on page Opens the Create window to add a new entry to the table. In the Group name field, you specify the name of the Access Control List to which the rule ...

  • Page 144: Acl Assignment

    Network Security [ Network Security > ACL > Assignment ] 4.6.3 ACL Assignment [ Network Security > ACL > Assignment ] This dialog lets you assign one or more Access Control Lists to the ports and VLANs of the device. By assigning a priority you specify the processing sequence, provided you assign one or more Access Control Lists to a port or VLAN.
  • Page 145 Network Security [ Network Security > ACL > Assignment ] Direction Displays that the device applies the Access Control List to received data packets. Priority Displays the priority of the Access Control List. Using the priority, you specify the sequence in which the device applies the Access Control Lists to the data stream.

  • Page 147: Switching

    Switching [ Switching > Global ] 5 Switching The menu contains the following dialogs: Switching Global  Rate Limiter  Filter for MAC Addresses  IGMP Snooping  MRP-IEEE  GARP  QoS/Priority  VLAN  L2-Redundancy  Switching Global [ Switching >...
  • Page 148 Switching [ Switching > Global ] Aging time [s] Specifies the aging time in seconds. Possible values: 10..500000 (default setting: 30)  The device monitors the age of the learned unicast MAC addresses. The device deletes address entries that exceed a particular age (aging time) from its address table. You find the address table in the dialog.
  • Page 149 Switching [ Switching > Global ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...

  • Page 150: Rate Limiter

    Switching [ Switching > Rate Limiter ] Rate Limiter [ Switching > Rate Limiter ] The device lets you limit the traffic on the ports in order to help provide stable operation even with a large traffic volume. If the traffic on a port exceeds the traffic value entered, then the device discards the excess traffic on this port.
  • Page 151 Switching [ Switching > Rate Limiter ] Possible values: percent (default setting)  Specifies the threshold value as a percentage of the data rate of the port.  Specifies the threshold value in data packets per second. Broadcast mode Activates/deactivates the rate limiter function for received broadcast data packets. Possible values: marked ...
  • Page 152 Switching [ Switching > Rate Limiter ] [Egress] In this tab, you specify the egress transmission rate on the port. Table Port Displays the port number. Bandwidth [%] Specifies the egress transmission rate. Possible values: (default setting)  The bandwidth limitation is disabled. 1..100 ...

  • Page 153: Filter For Mac Addresses

    Switching [ Switching > Filter for MAC Addresses ] Filter for MAC Addresses [ Switching > Filter for MAC Addresses ] This dialog lets you display and edit address filters for the address table. Address filters specify the way the data packets are forwarded in the device based on the destination MAC address. Each row in the table represents one filter.
  • Page 154 Switching [ Switching > Filter for MAC Addresses ] Possible values: –  The port does not transmit any data packets to the destination address. learned  The port transmits data packets to the destination address. The device created the filter automatically based on received data packets.

  • Page 155: Igmp Snooping

    Switching [ Switching > IGMP Snooping ] IGMP Snooping [ Switching > IGMP Snooping ] The Internet Group Management Protocol (IGMP) is a protocol for dynamically managing Multicast groups. The protocol describes the distribution of Multicast data packets between routers and end devices on Layer 3.
  • Page 156 Switching [ Switching > IGMP Snooping > Global ] 5.4.1 IGMP Snooping Global [ Switching > IGMP Snooping > Global ] This dialog lets you enable the IGMP Snooping protocol in the device and also configure it for each port and each VLAN. Operation Operation Enables/disables the...
  • Page 157 Switching [ Switching > IGMP Snooping > Global ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset IGMP snooping counters Removes the IGMP Snooping entries and resets the counter in the Information frame to 0. RM GUI GRS Release 8.0 09/2019...

  • Page 158: Igmp Snooping Configuration

    Switching [ Switching > IGMP Snooping > Configuration ] 5.4.2 IGMP Snooping Configuration [ Switching > IGMP Snooping > Configuration ] This dialog lets you enable the IGMP Snooping function in the device and also configure it for each port and each VLAN. The dialog contains the following tabs: [VLAN ID] ...
  • Page 159 Switching [ Switching > IGMP Snooping > Configuration ] Possible values: 1..25 (default setting: 10)  Fast leave admin mode Activates/deactivates the Fast Leave function for this VLAN. Possible values: marked  When the Fast Leave function is active and the device receives an IGMP Leave message from a multicast group, the device immediately removes the entry from its address table.
  • Page 160 Switching [ Switching > IGMP Snooping > Configuration ] Possible values: marked  IGMP Snooping is active on this port. The device includes the port in the multicast data stream. unmarked (default setting)  IGMP Snooping is inactive on this port. The port left the multicast data stream. Group membership interval Specifies the time in seconds for which a port, from a dynamic multicast group, remains entered in the address table when the device does not receive any more report data packets from the port.
  • Page 161 Switching [ Switching > IGMP Snooping > Configuration ] Possible values: marked  Static query port mode is active. The port is a static query port in the VLANs that are set up. unmarked (default setting)  Static query port mode is inactive.

  • Page 162: Igmp Snooping Enhancements

    A user specified the port as Learn by LLDP. With the Link Layer Discovery Protocol (LLDP), the device detects Hirschmann devices connected directly to the port. The device denotes the detected query ports with A. To assign this value, proceed as follows:...
  • Page 163 Switching [ Switching > IGMP Snooping > Snooping Enhancements ] Display categories Enhances the clarity of the display. The table emphasizes the cells which contain the specified value. This helps to analyze and sort the table according to your needs. Learned (L) ...
  • Page 164 Specifies the port as a static query port in the VLANs that are set up. The device transmits IGMP report messages to the ports at which it receives IGMP queries. This lets you also transmit IGMP report messages to other selected ports (enable) or connected Hirschmann devices (Automatic). Learn by LLDP...

  • Page 165: Igmp Snooping Querier

    Switching [ Switching > IGMP Snooping > Querier ] 5.4.4 IGMP Snooping Querier [ Switching > IGMP Snooping > Querier ] The device lets you send a Multicast stream only to those ports to which a Multicast receiver is connected. To determine which ports Multicast receivers are connected to, the device sends query data packets to the ports at a definable interval.
  • Page 166 Switching [ Switching > IGMP Snooping > Querier ] Expiry interval [s] Specifies the time in seconds after which an active querier switches from the passive state back to the active state if it has not received any query packets for longer than specified here. Possible values: 60..300 (default setting: 125)
  • Page 167 Switching [ Switching > IGMP Snooping > Querier ] Possible values:  IGMP v1  IGMP v2  IGMP v3 Max. response time Displays the time in seconds in which the members of a Multicast group should respond to a query data packet.

  • Page 168: Igmp Snooping Multicasts

    Switching [ Switching > IGMP Snooping > Multicasts ] 5.4.5 IGMP Snooping Multicasts [ Switching > IGMP Snooping > Multicasts ] The device lets you specify how it transmits data packets with unknown Multicast addresses: Either the device discards these data packets, floods them to every port, or transmits them only to the ports that previously received query packets.

  • Page 169: Mrp-Ieee

    Switching [ Switching > MRP-IEEE ] Buttons You find the description of the standard buttons in section “Buttons” on page MRP-IEEE [ Switching > MRP-IEEE ] The IEEE 802.1ak amendment to the IEEE 802.1Q standard introduced the Multiple Registration Protocol (MRP) to replace the Generic Attribute Registration Protocol (GARP). The IEEE also modified and replaced the GARP applications, GARP Multicast Registration Protocol (GMRP) and GARP VLAN Registration Protocol (GVRP).
  • Page 170 Switching [ Switching > MRP-IEEE > Configuration ] 5.5.1 MRP-IEEE Configuration [ Switching > MRP-IEEE > Configuration ] This dialog lets you set the various MRP timers. By maintaining a relationship between the various timer values, the protocol operates efficiently and with less likelihood of unnecessary attribute withdraws and re-registration.

  • Page 171: Mrp-Ieee Multiple Mac Registration Protocol

    Switching [ Switching > MRP-IEEE > MMRP ] 5.5.2 MRP-IEEE Multiple MAC Registration Protocol [ Switching > MRP-IEEE > MMRP ] The Multiple MAC Registration Protocol (MMRP) lets end devices and MAC switches register and de-register group membership and individual MAC address information with switches located in the same LAN.
  • Page 172 Switching [ Switching > MRP-IEEE > MMRP ] Possible values:  With MMRP Operation enabled globally, the device transmits MMRP messages in one-second intervals, on MMRP participating ports. (default setting)  Disables the periodic state machine in the device. Table Port Displays the port number.
  • Page 173 Switching [ Switching > MRP-IEEE > MMRP ] Table VLAN ID Displays the ID of the VLAN. <Port number> Specifies the service requirement handling for the port. Possible values:  ForwardAll Specifies the traffic setting on the port. The device forwards traffic destined to MMRP registered multicast MAC addresses on the VLAN.
  • Page 174 Switching [ Switching > MRP-IEEE > MMRP ] Received bad format PDU Displays the number of MMRPDUs with a bad data field that were not transmitted in the device. Transmission failed Displays the number of MMRPDUs not transmitted in the device. Table Port Displays the port number.

  • Page 175: Mrp-Ieee Multiple Vlan Registration Protocol

    Switching [ Switching > MRP-IEEE > MVRP ] 5.5.3 MRP-IEEE Multiple VLAN Registration Protocol [ Switching > MRP-IEEE > MVRP ] The Multiple VLAN Registration Protocol (MVRP) provides a mechanism that lets you distribute VLAN information and configure VLANs dynamically. For example, when you configure a VLAN on an active MVRP port, the device distributes the VLAN information to other MVRP enabled devices.
  • Page 176 Switching [ Switching > MRP-IEEE > MVRP ] Possible values:  The periodic state machine is enabled. With MVRP Operation enabled globally, the device transmits MVRP periodic events in 1 second intervals, on MVRP participating ports. (default setting)  The periodic state machine is disabled. Disables the periodic state machine in the device.
  • Page 177 Switching [ Switching > MRP-IEEE > MVRP ] [Statistics] Devices on a LAN exchange Multiple VLAN Registration Protocol Data Units (MVRPDU) to maintain statuses of VLANs on active ports. This tab lets you monitor the MVRP traffic. Information Transmitted MVRP PDU Displays the number of MVRPDUs transmitted in the device.

  • Page 178: Garp

    Switching [ Switching > GARP ] Transmission failed Displays the number of MVRPDUs that the device blocked on the port. Registrations failed Displays the number of failed registration attempts on the port. Last received MAC address Displays the last MAC address from which the port received MMRPDUs. Buttons You find the description of the standard buttons in section “Buttons”...

  • Page 179: Gmrp

    Switching [ Switching > GARP > GMRP ] 5.6.1 GMRP [ Switching > GARP > GMRP ] The GARP Multicast Registration Protocol (GMRP) is a Generic Attribute Registration Protocol (GARP) that provides a mechanism allowing network devices and end stations to dynamically register group membership.
  • Page 180 Switching [ Switching > GARP > GMRP ] Possible values: marked (default setting)  The port GMRP participation is active. unmarked  The port GMRP participation is inactive. Service requirement Specifies the ports on which multicast forwarding applies. Possible values: Forward all unregistered groups (default setting) ...

  • Page 181: Gvrp

    Switching [ Switching > GARP > GVRP ] 5.6.2 GVRP [ Switching > GARP > GVRP ] The GARP VLAN Registration Protocol (GVRP) or Generic VLAN Registration Protocol is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network. GVRP is a Layer 2 network protocol, used to automatically configure devices in a VLAN network.

  • Page 182: Qos/Priority

    Switching [ Switching > QoS/Priority ] QoS/Priority [ Switching > QoS/Priority ] Communication networks transmit a number of applications at the same time that have different requirements as regards availability, bandwidth and latency periods. QoS (Quality of Service) is a procedure defined in IEEE 802.1D. It is used to distribute resources in the network.
  • Page 183 Switching [ Switching > QoS/Priority > Global ] 5.7.1 QoS/Priority Global [ Switching > QoS/Priority > Global ] The device lets you maintain access to the device management, even in situations with heavy utilization. In this dialog you specify the required QoS/priority settings. Configuration VLAN priority for management packets Specifies the VLAN priority for sending management data packets.

  • Page 184: Qos/Priority Port Configuration

    Switching [ Switching > QoS/Priority > Port Configuration ] 5.7.2 QoS/Priority Port Configuration [ Switching > QoS/Priority > Port Configuration ] In this dialog, you specify for every port how the device processes received data packets based on their QoS/priority information. Table Port Displays the port number.
  • Page 185 Switching [ Switching > QoS/Priority > Port Configuration ] Possible values: 0..7  Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...

  • Page 186: D/P Mapping

    Switching [ Switching > QoS/Priority > 802.1D/p Mapping ] 5.7.3 802.1D/p Mapping [ Switching > QoS/Priority > 802.1D/p Mapping ] The device transmits data packets with a VLAN tag according to the contained QoS/priority information with a higher or lower priority. In this dialog, you assign a traffic class to every VLAN priority.
  • Page 187 Switching [ Switching > QoS/Priority > 802.1D/p Mapping ] VLAN Priority Traffic class Content description according to IEEE 802.1D Video Video transmission with delays and jitter < 100 ms Voice Voice transmission with delays and jitter < 10 ms Network Control Data for network management and redundancy mechanisms RM GUI GRS Release 8.0 09/2019...

  • Page 188: Ip Dscp Mapping

    Switching [ Switching > QoS/Priority > IP DSCP Mapping ] 5.7.4 IP DSCP Mapping [ Switching > QoS/Priority > IP DSCP Mapping ] The device transmits IP data packets according to the DSCP value contained in the data packet with a higher or lower priority. In this dialog, you assign a traffic class to every DSCP value.
  • Page 189 Switching [ Switching > QoS/Priority > IP DSCP Mapping ] DSCP Value DSCP Name Traffic class 41,42,43,44,45,47 49-55 57-63 RM GUI GRS Release 8.0 09/2019...

  • Page 190: Queue Management

    Switching [ Switching > QoS/Priority > Queue Management ] 5.7.5 Queue Management [ Switching > QoS/Priority > Queue Management ] This dialog lets you enable and disable the Strict priority function for the traffic classes. When you disable the Strict priority function, the device processes the priority queues of the ports with "Weighted Fair Queuing".

  • Page 191: Vlan

    Switching [ Switching > VLAN ] Buttons You find the description of the standard buttons in section “Buttons” on page VLAN [ Switching > VLAN ] With VLAN (Virtual Local Area Network) you distribute the data traffic in the physical network to logical subnetworks.
  • Page 192 Switching [ Switching > VLAN > Global ] 5.8.1 VLAN Global [ Switching > VLAN > Global ] This dialog lets you view general VLAN parameters for the device. Configuration Max. VLAN ID Highest ID assignable to a VLAN. See the Switching >...

  • Page 193: Vlan Configuration

    Switching [ Switching > VLAN > Configuration ] 5.8.2 VLAN Configuration [ Switching > VLAN > Configuration ] In this dialog, you manage the VLANs. To set up a VLAN, create a further row in the table. There you specify for each port if it transmits data packets of the respective VLAN and if the data packets contain a VLAN tag.
  • Page 194 Switching [ Switching > VLAN > Configuration ] Creation time Displays the time of VLAN creation. The field displays the time stamp for the operating time (system uptime). Name Specifies the name of the VLAN. Possible values: Alphanumeric ASCII character string with 1..32 characters ...

  • Page 195: Vlan Port

    Switching [ Switching > VLAN > Port ] 5.8.3 VLAN Port [ Switching > VLAN > Port ] In this dialog you specify how the device handles received data packets that have no VLAN tag, or whose VLAN tag differs from the VLAN ID of the port. This dialog lets you assign a VLAN to the ports and thus specify the port VLAN ID.
  • Page 196 Switching [ Switching > VLAN > Port ] Possible values: marked  The ingress filtering is active. The device compares the VLAN ID in the data packet with the VLANs of which the device is a member. See the Switching > VLAN > Configuration dialog.

  • Page 197: Vlan Voice

    Switching [ Switching > VLAN > Voice ] 5.8.4 VLAN Voice [ Switching > VLAN > Voice ] Use the Voice VLAN feature to separate voice and data traffic on a port, by VLAN and/or priority. A primary benefit of Voice VLAN is safeguarding the quality of voice traffic when data traffic on the port is high.
  • Page 198 Switching [ Switching > VLAN > Voice ] vlan  The port filters data packets of the voice VLAN using the vlan tag. dot1p-priority  The port filters data packets of the voice VLAN using the dot1p priority tags. If you select this value, then additionally specify a proper value in the Priority column.

  • Page 199: L2-Redundancy

    Switching [ Switching > L2-Redundancy ] If you deactivate the function and set the value in the Voice VLAN mode column to dot1p-priority, then voice devices require an authentication. Possible values: marked (default setting)  If you activated the function in the Dialog Network Security >...

  • Page 200: Mrp

    The Media Redundancy Protocol (MRP) is a protocol that lets you set up high-availability, ring- shaped network structures. An MRP ring with Hirschmann devices is made up of up to 100 devices that support the MRP protocol according to IEC 62439.
  • Page 201 Activates/deactivates the advanced mode for fast recovery times. Possible values: marked (default setting)  Advanced mode active. MRP-capable Hirschmann devices support this mode. unmarked  Advanced mode inactive. Select this setting if another device in the ring does not support this mode. RM GUI GRS...
  • Page 202 Switching [ Switching > L2-Redundancy > MRP ] Ring recovery Specifies the maximum recovery time in milliseconds for reconfiguration of the ring. This setting is effective if the device operates as a ring manager. Possible values: 500ms  200ms (default setting) ...

  • Page 203: Spanning Tree

    Switching [ Switching > L2-Redundancy > Spanning Tree ] Buttons You find the description of the standard buttons in section “Buttons” on page Delete ring configuration Disables the redundancy function and resets the settings in the dialog to the default setting. 5.9.2 Spanning Tree [ Switching >...
  • Page 204 Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] 5.9.2.1 Spanning Tree Global [ Switching > L2-Redundancy > Spanning Tree > Global ] In this dialog, you enable/disable the Spanning Tree function and specify the bridge settings. Operation Operation Enables/disables the Spanning Tree function in the device.
  • Page 205 Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] Bridge configuration Bridge ID Displays the bridge ID of the device. The device with the lowest bridge ID numerical value takes over the role of the root bridge in the network.
  • Page 206 Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] Forward delay [s] ≥ (Max age/2) + 1 If you enter values in the fields that contradict this relationship, then the device replaces these values with the last valid values or with the default value. Max age Specifies the maximum permitted branch length for example, the number of devices to the root bridge.
  • Page 207 Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] To reset the status of the port to the value forwarding, you proceed as follows: If the port is still receiving BPDUs, then:  – In the Switching > L2-Redundancy > Spanning Tree > Port dialog, CIST tab unmark the checkbox...
  • Page 208 Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] Possible values: <Bridge priority> / <MAC address>  Priority Displays the bridge priority of the current root bridge. Possible values: 0..61440 in steps of 4096  Hello time [s] Displays the time in seconds that the root bridge specifies between the sending of two configuration messages (Hello data packets).
  • Page 209 Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] Possible values: marked  The device currently has the role of the root bridge. unmarked  Another device currently has the role of the root bridge. Root port Displays the number of the port from which the current path leads to the root bridge. If the device takes over the role of the root bridge, then the field displays the value 0.

  • Page 210: 5.9.2.2 Spanning Tree Port

    Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] 5.9.2.2 Spanning Tree Port [ Switching > L2-Redundancy > Spanning Tree > Port ] In this dialog, you activate the Spanning Tree function on the ports, specify edge ports, and specify the settings for various protection functions.
  • Page 211 Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] manualFwd  Spanning Tree function is disabled on the port. The port forwards STP-BPDUs. notParticipate  The port is not participating in STP. Port role Displays the current role of the port in CIST. Possible values: root ...
  • Page 212 Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] Possible values: For ports with the designated role, the device displays the information for the STP-BPDU last  received by the port. This helps to diagnose the possible STP problems in the network. For the alternate, backup, master, and root port roles, in the stationary condition (static...
  • Page 213 Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] Possible values: marked (default setting)  The automatic detection is active. After the installation of the connection and after 1.5 × Hello time [s], the device sets the port to forwarding status (default setting 1.5 ×...
  • Page 214 Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] Possible values: marked  The BPDU filter is active on the port as a result of the following settings: – The checkbox in the Port BPDU filter column is marked. and/or –...
  • Page 215 Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] Possible values: marked  The monitoring of STP-BPDUs is active. – If the port receives an STP-BPDU with better path information to the root bridge, then the device discards the STP-BPDU and sets the status of the port to the value discarding instead of root.
  • Page 216 Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] Possible values: true  The loop state of the port is inconsistent: – The port is not receiving any STP-BPDUs and the Loop guard function is enabled. – The device sets the state of the port to the value discarding. The device thus helps prevent any potential loops.

  • Page 217: Link Aggregation

    Switching [ Switching > L2-Redundancy > Link Aggregation ] 5.9.3 Link Aggregation [ Switching > L2-Redundancy > Link Aggregation ] Link Aggregation function lets you aggregate multiple parallel links. The prerequisite is that the links have the same speed and are full duplex. The advantages compared to conventional connections using a single line are higher availability and a higher transmission bandwidth.
  • Page 218 Switching [ Switching > L2-Redundancy > Link Aggregation ] down (lag/… row)  The LAG interface is down. down  The physical port is disabled. No cable connected or no active link. Active Activates/deactivates the LAG interface. Possible values: marked (default setting) ...
  • Page 219 Switching [ Switching > L2-Redundancy > Link Aggregation ] Possible values: (default setting)   Depending on the hardware:  Type Displays whether the LAG interface is based on the Static link aggregation function or on LACP. Possible values: static ...
  • Page 220 Switching [ Switching > L2-Redundancy > Link Aggregation ] Possible values: active  The LAG interface aggregates the physical port. inactive  The LAG interface does not aggregate the physical port. LACP active Activates/deactivates LACP on the physical port. Possible values: marked (default setting) ...
  • Page 221 Switching [ Switching > L2-Redundancy > Link Aggregation ] Possible values:  (LACP_Activity state) When visible, the link transmits the LACPDUs cyclically, otherwise when requested.  (LACP_Timeout state) When visible, the link transmits the LACPDUs cyclically using the short timeout, otherwise using the long timeout.
  • Page 222 Switching [ Switching > L2-Redundancy > Link Aggregation ]   For further information on the values, see the description of the LACP actor oper state column and the standard IEEE 802.1AX-2014. Buttons You find the description of the standard buttons in section “Buttons”...

  • Page 223: Link Backup

    Switching [ Switching > L2-Redundancy > Link Backup ] 5.9.4 Link Backup [ Switching > L2-Redundancy > Link Backup ] With Link Backup, you configure pairs of redundant links. Each pair has a primary port and a backup port. The primary port forwards traffic until the device detects an error. If the device detects an error on the primary port, then the Link Backup function transfers traffic over to the backup port.
  • Page 224 Switching [ Switching > L2-Redundancy > Link Backup ] Primary port status Displays the status of the primary port for this Link Backup pair. Possible values: forwarding  The link is up, no shutdown, and forwarding traffic. blocking  The link is up, no shutdown, and blocking traffic. down ...

  • Page 225: Fusenet

    Switching [ Switching > L2-Redundancy > FuseNet ] Possible values: 0..3600 (default setting: 30)  When set to 0, immediately after the primary port re-establishes a link, the backup port changes blocking and the primary port changes to forwarding. Furthermore, immediately after you shutdown shutdown, the backup port changes to manually set the admin status of from...

  • Page 226: Sub Ring

    Switching [ Switching > L2-Redundancy > FuseNet ] Use the following table to select the FuseNet coupling protocol to be used in your network: Main Ring Connected Network RSTP HIPER Ring Sub Ring RSTP – – – Explanation: – no suitable coupling protocol with configured on different VLANs The menu contains the following dialogs:...
  • Page 227 Switching [ Switching > L2-Redundancy > FuseNet > Sub Ring ] 5.9.5.1 Sub Ring [ Switching > L2-Redundancy > FuseNet > Sub Ring ] This dialog lets you set up the device as a subring manager. Sub Ring function enables you to easily couple network segments to existing redundancy rings. The subring manager (SRM) couples a subring to an existing ring (base ring).
  • Page 228 Switching [ Switching > L2-Redundancy > FuseNet > Sub Ring ] Table Sub ring ID Displays the unique identifier of this subring. Possible values: 1..2  Name Specifies the optional name of the subring. Possible values: Alphanumeric ASCII character string with 0..255 characters ...
  • Page 229 Switching [ Switching > L2-Redundancy > FuseNet > Sub Ring ] trunkMember  The ring port of the subring manager domain is member of a Link Aggregation connection. sharedVLAN  The subring manager domain is inactive because shared VLAN is active and the main ring also uses the MRP protocol.
  • Page 230 Specifies the MRP domain of the subring manager. Assign the same MRP domain name to every member of a subring. If you only use Hirschmann devices, then you use the default value for the MRP domain; otherwise adjust this value if necessary. With multiple subrings, the function lets you use the same MRP domain name for the subrings.
  • Page 231 Switching [ Switching > L2-Redundancy > FuseNet > Sub Ring ] Possible values: iec-62439-mrp  Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...

  • Page 233: Diagnostics

    Diagnostics [ Diagnostics > Status Configuration ] 6 Diagnostics The menu contains the following dialogs: Status Configuration  System  Syslog  Ports  LLDP  Report  Status Configuration [ Diagnostics > Status Configuration ] The menu contains the following dialogs: Device Status ...
  • Page 234 Diagnostics [ Diagnostics > Status Configuration > Device Status ] 6.1.1 Device Status [ Diagnostics > Status Configuration > Device Status ] The device status provides an overview of the overall condition of the device. Many process visualization systems record the device status for a device in order to present its condition in graphic form.
  • Page 235 Diagnostics [ Diagnostics > Status Configuration > Device Status ] Table Temperature Activates/deactivates the monitoring of the temperature in the device. Possible values: marked (default setting)  Monitoring is active. If the temperature exceeds or falls below the specified limit, then in the Device status frame, the value changes to error.
  • Page 236 Diagnostics [ Diagnostics > Status Configuration > Device Status ] External memory removal Activates/deactivates the monitoring of the active external memory. Possible values: marked  Monitoring is active. If you remove the active external memory from the device, then in the Device status frame, the value changes to error.
  • Page 237 Diagnostics [ Diagnostics > Status Configuration > Device Status ] Buttons You find the description of the standard buttons in section “Buttons” on page [Port] Table Port Displays the port number. Propagate connection error Activates/deactivates the monitoring of the link on the port/interface. Possible values: marked ...
  • Page 238 Diagnostics [ Diagnostics > Status Configuration > Device Status ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...

  • Page 239: Security Status

    Diagnostics [ Diagnostics > Status Configuration > Security Status ] 6.1.2 Security Status [ Diagnostics > Status Configuration > Security Status ] This dialog gives you an overview of the status of the safety-relevant settings in the device. The device displays its current status as error in the Security status...
  • Page 240 Diagnostics [ Diagnostics > Status Configuration > Security Status ] Table Password default settings unchanged user Activates/deactivates the monitoring of the password for the locally set up user accounts admin. Possible values: marked (default setting)  Monitoring is active. user admin If the password is set to the default setting for the user accounts, then in the...
  • Page 241 Diagnostics [ Diagnostics > Status Configuration > Security Status ] Possible values: marked  Monitoring is active. If the Policy check function is inactive for at least 1 user account, then in the Security status frame, the value changes to error. unmarked (default setting) ...
  • Page 242 Diagnostics [ Diagnostics > Status Configuration > Security Status ] Possible values: marked (default setting)  Monitoring is active. If at least one of the following conditions applies, then in the Security status frame, the value changes to error: – function is enabled.
  • Page 243 Diagnostics [ Diagnostics > Status Configuration > Security Status ] Possible values: marked (default setting)  Monitoring is active. If the settings allow the device to load an unencrypted configuration profile from the external memory, then in the Security status frame, the value changes to error.
  • Page 244 Diagnostics [ Diagnostics > Status Configuration > Security Status ] Modbus TCP active Activates/deactivates the monitoring of the Modbus TCP function. Possible values: marked (default setting)  Monitoring is active. If you enable the Modbus TCP function, then in the Security status frame, the value changes to error.

  • Page 245: Signal Contact

    Diagnostics [ Diagnostics > Status Configuration > Signal Contact ] Possible values: marked  Monitoring is active. If the port is enabled (Basic Settings > Port dialog, Configuration tab, Port on checkbox is marked) and the link is down on the port, then in the Security status frame, the value changes to error.
  • Page 246 Diagnostics [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] 6.1.3.1 Signal Contact 1 / Signal Contact 2 [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] In this dialog you specify the trigger conditions for the signal contact. The signal contact gives you the following options: Monitoring the correct operation of the device.
  • Page 247 Diagnostics [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] Possible values: open  The signal contact is opened. close  The signal contact is closed. Signal contact status Signal contact status Displays the current status of the signal contact. Possible values: Opened (error) ...
  • Page 248 Diagnostics [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] Possible values: marked (default setting)  Monitoring is active. If the temperature exceeds / falls below the threshold values, then the signal contact opens. unmarked  Monitoring is inactive.
  • Page 249 Diagnostics [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] Possible values: marked  Monitoring is active. If you remove the active external memory from the device, then the signal contact opens. unmarked (default setting)  Monitoring is inactive.
  • Page 250 Diagnostics [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] [Port] Table Port Displays the port number. Propagate connection error Activates/deactivates the monitoring of the link on the port/interface. Possible values: marked  Monitoring is active. If the link interrupts on the selected port/interface, then the signal contact opens.

  • Page 251: Mac Notification

    Diagnostics [ Diagnostics > Status Configuration > MAC Notification ] 6.1.4 MAC Notification [ Diagnostics > Status Configuration > MAC Notification ] The device lets you track changes in the network using the MAC address of the devices in the network.
  • Page 252 Diagnostics [ Diagnostics > Status Configuration > MAC Notification ] Possible values: marked  MAC Notification function is active on the port. The device sends an SNMP trap in case of one of the following events: – The device learns the MAC address of a newly connected device. –...

  • Page 253: Alarms (Traps)

    Diagnostics [ Diagnostics > Status Configuration > Alarms (Traps) ] 6.1.5 Alarms (Traps) [ Diagnostics > Status Configuration > Alarms (Traps) ] The device lets you send an SNMP trap as a reaction to specific events. In this dialog, you specify the trap destinations to which the device sends the SNMP traps.
  • Page 254 Diagnostics [ Diagnostics > Status Configuration > Alarms (Traps) ] Buttons You find the description of the standard buttons in section “Buttons” on page Opens the Create window to add a new entry to the table. In the Name field you specify a name for the trap destination. ...

  • Page 255: System

    Diagnostics [ Diagnostics > System ] System [ Diagnostics > System ] The menu contains the following dialogs: System Information  Hardware State  Configuration Check  IP Address Conflict Detection   Selftest  RM GUI GRS Release 8.0 09/2019...
  • Page 256 Diagnostics [ Diagnostics > System > System Information ] 6.2.1 System Information [ Diagnostics > System > System Information ] This dialog displays the current operating condition of individual components in the device. The displayed values are a snapshot; they represent the operating condition at the time the dialog was loaded to the page.

  • Page 257: Hardware State

    Diagnostics [ Diagnostics > System > Hardware State ] 6.2.2 Hardware State [ Diagnostics > System > Hardware State ] This dialog provides information about the distribution and state of the flash memory of the device. Information Uptime Displays the total operating time of the device since it was delivered. Possible values: ..d ..h ..m ..s ...

  • Page 258: Configuration Check

    Diagnostics [ Diagnostics > System > Configuration Check ] 6.2.3 Configuration Check [ Diagnostics > System > Configuration Check ] The device lets you compare the settings in the device with the settings in its neighboring devices. For this purpose, the device uses the information that it received from its neighboring devices through topology recognition (LLDP).
  • Page 259 Diagnostics [ Diagnostics > System > Configuration Check ] Level Displays the level of deviation between the settings in this device and the settings in the detected neighboring devices. The device differentiates between the following access statuses: INFORMATION  The performance of the communication between the two devices is not impaired. WARNING ...

  • Page 260: Ip Address Conflict Detection

    Diagnostics [ Diagnostics > System > IP Address Conflict Detection ] 6.2.4 IP Address Conflict Detection [ Diagnostics > System > IP Address Conflict Detection ] Using the IP Address Conflict Detection function the device verifies that its IP address is unique in the network.
  • Page 261 Diagnostics [ Diagnostics > System > IP Address Conflict Detection ] – After the period specified in the Release delay [s] field, the device checks if the address conflict still exists. When the device detects 10 address conflicts one after the other, the device extends the waiting time to 60 s for the next check.
  • Page 262 Diagnostics [ Diagnostics > System > IP Address Conflict Detection ] Protection interval [ms] Specifies the period in milliseconds after which the device sends gratuitous ARP data packets again in the passive detection mode to “defend” its IP address. Possible values: 20..5000 (default setting: 200) ...
  • Page 263 Diagnostics [ Diagnostics > System > IP Address Conflict Detection ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...

  • Page 264: Arp

    Diagnostics [ Diagnostics > System > ARP ] 6.2.5 [ Diagnostics > System > ARP ] This dialog displays the MAC and IP addresses of the neighboring devices connected to the device management. Table Port Displays the port number. IP address Displays the IP address of a device that responded to an ARP query to this device.

  • Page 265: Selftest

    Diagnostics [ Diagnostics > System > Selftest ] 6.2.6 Selftest [ Diagnostics > System > Selftest ] This dialog lets you do the following: Activate/deactivate the RAM test when the device is being started.  Enable/disable the option of entering the system monitor upon the system start. ...
  • Page 266 Diagnostics [ Diagnostics > System > Selftest ] Possible values: marked (default setting)  The device loads the default settings. unmarked  The device interrupts the restart and stops. The access to the device management is possible only using the Command Line Interface through the serial interface. To regain the access to the device through the network, open the system monitor and reset the settings.

  • Page 267: Syslog

    Diagnostics [ Diagnostics > Syslog ] Syslog [ Diagnostics > Syslog ] The device lets you report selected events, independent of the severity of the event, to different syslog servers. In this dialog, you specify the settings for this function and manage up to 8 syslog servers.
  • Page 268 Diagnostics [ Diagnostics > Syslog ] Possible values:  The device sends the events over the UDP port specified in the Destination UDP port column. Min. severity Specifies the minimum severity of the events. The device sends a log entry for events with this severity and with more urgent severities to the syslog server.

  • Page 269: Ports

    Diagnostics [ Diagnostics > Ports ] Ports [ Diagnostics > Ports ] The menu contains the following dialogs:  TP cable diagnosis  Port Monitor  Auto-Disable  Port Mirroring  RM GUI GRS Release 8.0 09/2019...

  • Page 270: Sfp

    Diagnostics [ Diagnostics > Ports > SFP ] 6.4.1 [ Diagnostics > Ports > SFP ] This dialog lets you look at the SFP transceivers currently connected to the device and their properties. Table The table displays valid values if the device is equipped with SFP transceivers. Port Displays the port number.
  • Page 271 Diagnostics [ Diagnostics > Ports > SFP ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...

  • Page 272: Tp Cable Diagnosis

    Diagnostics [ Diagnostics > Ports > TP cable diagnosis ] 6.4.2 TP cable diagnosis [ Diagnostics > Ports > TP cable diagnosis ] This feature tests the cable attached to an interface for short or open circuit. The table displays the cable status and estimated length.
  • Page 273 Diagnostics [ Diagnostics > Ports > TP cable diagnosis ] short  Wires in the cable are touching together causing a short circuit. unknown  The device displays this value for untested cable pairs. The device displays different values than expected in the following cases: •...

  • Page 274: Port Monitor

    Diagnostics [ Diagnostics > Ports > Port Monitor ] 6.4.3 Port Monitor [ Diagnostics > Ports > Port Monitor ] Port Monitor function monitors the adherence to the specified parameters on the ports. If the Port Monitor function detects that the parameters are being exceeded, then the device performs an action.
  • Page 275 Diagnostics [ Diagnostics > Ports > Port Monitor ] Table Port Displays the port number. Link flap on Activates/deactivates the monitoring of link flaps on the port. Possible values: marked  Monitoring is active. – Port Monitor function monitors link flaps on the port. –...
  • Page 276 Diagnostics [ Diagnostics > Ports > Port Monitor ] Possible values: marked  Monitoring is active. – Port Monitor function monitors the data load on the port. – If the device detects a data overload on the port, then the device executes the action specified in the column.
  • Page 277 Diagnostics [ Diagnostics > Ports > Port Monitor ] Possible values: disable port  The device disables the port and sends an SNMP trap. The “Link status” LED for the port flashes 3× per period. – To re-enable the port, highlight the port and click the button and then the Reset item.
  • Page 278 Diagnostics [ Diagnostics > Ports > Port Monitor ] [Auto-disable] In this tab, you activate the Auto-Disable function for the parameters monitored by the Port Monitor function. Table Reason Displays the parameters monitored by the Port Monitor function. Mark the adjacent checkbox so that the Port Monitor function carries out the auto-disable...
  • Page 279 Diagnostics [ Diagnostics > Ports > Port Monitor ] You also see how many link changes the Port Monitor function has detected up to now. Port Monitor function monitors those ports for which the checkbox in the Link flap on column is marked on the Global...
  • Page 280 Diagnostics [ Diagnostics > Ports > Port Monitor ] [CRC/Fragments] In this tab, you specify individually for every port the following settings: The fragment error rate.  The period during which the function monitors a parameter to detect discrepancies. Port Monitor ...
  • Page 281 Diagnostics [ Diagnostics > Ports > Port Monitor ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset Enables the port highlighted in the table again and resets its counter to 0. This affects the counters in the following dialogs: Diagnostics >...
  • Page 282 Diagnostics [ Diagnostics > Ports > Port Monitor ] Possible values: (default setting)  packets per second kbps  kbit per second column = all. The prerequisite is that the value in the Traffic type Lower threshold Specifies the lower threshold value for the data rate. Auto-Disable function enables the port again only when the load on the port is lower than the value specified here.
  • Page 283 Diagnostics [ Diagnostics > Ports > Port Monitor ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset Enables the port highlighted in the table again and resets its counter to 0. This affects the counters in the following dialogs: Diagnostics >...
  • Page 284 Diagnostics [ Diagnostics > Ports > Port Monitor ] Possible values: marked  The port monitor takes into consideration the speed and duplex combination. unmarked  If the port monitor detects the speed and duplex combination on the port, then the device executes the action specified in the Global tab.
  • Page 285 Diagnostics [ Diagnostics > Ports > Port Monitor ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset Enables the port highlighted in the table again and resets its counter to 0. This affects the counters in the following dialogs: Diagnostics >...

  • Page 286: Auto-Disable

    Diagnostics [ Diagnostics > Ports > Auto-Disable ] 6.4.4 Auto-Disable [ Diagnostics > Ports > Auto-Disable ] Auto-Disable function lets you disable monitored ports automatically and enable them again as you desire. For example, the Port Monitor function and selected functions in the Network Security menu use the Auto-Disable...
  • Page 287 Diagnostics [ Diagnostics > Ports > Auto-Disable ] Possible values: PORT_MON  Port Monitor See the Diagnostics > Ports > Port Monitor dialog. PORT_ML  Port Security See the dialog. Network Security > Port Security DOT1S  BPDU guard See the Switching >...
  • Page 288 Diagnostics [ Diagnostics > Ports > Auto-Disable ] [Status] This tab displays the monitored parameters for which the Auto-Disable function is activated. Table Reason Displays the parameters that the device monitors. Mark the adjacent checkbox so that the Auto-Disable function disables and, when applicable, enables the port again if the monitored parameters are exceeded.
  • Page 289 Diagnostics [ Diagnostics > Ports > Auto-Disable ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset Enables the port highlighted in the table again and resets its counter to 0. This affects the counters in the following dialogs: Diagnostics >...

  • Page 290: Port Mirroring

    Diagnostics [ Diagnostics > Ports > Port Mirroring ] 6.4.5 Port Mirroring [ Diagnostics > Ports > Port Mirroring ] Port Mirroring function lets you copy received and sent data packets from selected ports to a destination port. You can watch and process the data stream using an analyzer or an RMON probe, connected to the destination port.
  • Page 291 Diagnostics [ Diagnostics > Ports > Port Mirroring ] The port transmits the same data as the port specified above. Possible values: no Port (default setting)  No destination port selected. <Port number>  Number of the destination port. The device copies the data packets from the source ports to this port.

  • Page 292: Lldp

    Diagnostics [ Diagnostics > LLDP ] Type Specifies which data packets the device copies to the destination port. Possible values: none (default setting)  No data packets.  Data packets that the source port transmits.  Data packets that the source port receives. txrx ...
  • Page 293 Diagnostics [ Diagnostics > LLDP > Configuration ] 6.5.1 LLDP Configuration [ Diagnostics > LLDP > Configuration ] This dialog lets you configure the topology discovery for every port. Operation Operation Enables/disables the LLDP function. Possible values: (default setting)  function is enabled.
  • Page 294 Diagnostics [ Diagnostics > LLDP > Configuration ] Transmit delay [s] Specifies the delay in seconds for transmitting successive LLDP data packets after configuration changes in the device occur. Possible values: 1..8192 (default setting: 2)  The recommended value is between a minimum of and a maximum of a quarter of the value in Transmit interval [s] field.
  • Page 295 Diagnostics [ Diagnostics > LLDP > Configuration ] Transmit port description Activates/deactivates the transmitting of a TLV (Type Length Value) with the port description. Possible values: marked (default setting)  The transmitting of the TLV is active. The device transmits the TLV with the port description. unmarked ...
  • Page 296 Diagnostics [ Diagnostics > LLDP > Configuration ] FDB mode Specifies which function the device uses to record neighboring devices on this port. Possible values: lldpOnly  The device uses only LLDP data packets to record neighboring devices on this port. macOnly ...

  • Page 297: Lldp Topology Discovery

    Diagnostics [ Diagnostics > LLDP > Topology Discovery ] 6.5.2 LLDP Topology Discovery [ Diagnostics > LLDP > Topology Discovery ] Devices in networks send notifications in the form of packets which are also known as "LLDPDU" (LLDP data units). The data that is sent and received via LLDPDU are useful for many reasons. Thus the device detects which devices in the network are neighbors and via which ports they are connected.
  • Page 298 Diagnostics [ Diagnostics > LLDP > Topology Discovery ] Possible values: marked  The connected device does not have active LLDP support. The device uses information from its address table (FDB, Forwarding Database) unmarked (default setting)  The connected device has active LLDP support. Neighbor IP address Displays the IP address with which the access to the neighboring device management is possible.
  • Page 299 Diagnostics [ Diagnostics > LLDP > Topology Discovery ] [LLDP-MED] LLDP for Media Endpoint Devices (LLDP-MED) is an extension to LLDP that operates between endpoint devices and network devices. It specifically provides support for VoIP applications. In this support rule, it provides an additional set of common advertisement, Type Length Value (TLV), messages.

  • Page 300: Report

    Diagnostics [ Diagnostics > Report ] Tagged bit status Displays the tagged bit status. true A value of indicates that the application uses a tagged VLAN.  false A value of indicates that for the specific application the device uses untagged VLAN ...
  • Page 301 Diagnostics [ Diagnostics > Report > Global ] 6.6.1 Report Global [ Diagnostics > Report > Global ] The device lets you log specific events using the following outputs: on the console  on one or more syslog servers  on a connection to the Command Line Interface set up using SSH ...
  • Page 302 Diagnostics [ Diagnostics > Report > Global ] Buffered logging The device buffers logged events in 2 separate storage areas so that the log entries for urgent events are kept. This dialog lets you specify the minimum severity for events that the device buffers in the storage area with a higher priority.
  • Page 303 Diagnostics [ Diagnostics > Report > Global ] Log SNMP set request Enables/disables the logging of SNMP Set requests. Possible values:  The logging is enabled. The device registers SNMP Set requests as events in the syslog. In the Severity set request drop-down list, you select the severity for this event.
  • Page 304 Diagnostics [ Diagnostics > Report > Global ] Possible values:  CLI logging function is enabled. The device logs every command received using the Command Line Interface. (default setting)  CLI logging function is disabled. Buttons You find the description of the standard buttons in section “Buttons”...

  • Page 305: Persistent Logging

    Diagnostics [ Diagnostics > Report > Persistent Logging ] 6.6.2 Persistent Logging [ Diagnostics > Report > Persistent Logging ] The device lets you save log entries permanently in a file in the external memory. Therefore, even after the device is restarted you have access to the log entries. In this dialog, you limit the size of the log file and specify the minimum severity for the events to be saved.
  • Page 306 Diagnostics [ Diagnostics > Report > Persistent Logging ] As soon as the specified maximum number of files has been attained, the device deletes the oldest file and renames the remaining files. Possible values: 0..25 (default setting: 4)  The value deactivates saving of log entries in the log file.
  • Page 307 Diagnostics [ Diagnostics > Report > Persistent Logging ] File size [byte] Displays the size of the log file in the external memory in bytes. Buttons You find the description of the standard buttons in section “Buttons” on page Delete persistent log file Removes the log files from the external memory.

  • Page 308: System Log

    Diagnostics [ Diagnostics > Report > System Log ] 6.6.3 System Log [ Diagnostics > Report > System Log ] The device logs device-internal events in a log file (System Log). This dialog displays the log file (System Log). The dialog lets you save the log file in HTML format on your PC.

  • Page 309: Audit Trail

    Diagnostics [ Diagnostics > Report > Audit Trail ] 6.6.4 Audit Trail [ Diagnostics > Report > Audit Trail ] This dialog displays the log file (Audit Trail). The dialog lets you save the log file as an HTML file on your PC.

  • Page 311: Advanced

    Advanced [ Advanced > DHCP L2 Relay ] 7 Advanced The menu contains the following dialogs: DHCP L2 Relay  DHCP Server  Industrial Protocols  Command Line Interface  DHCP L2 Relay [ Advanced > DHCP L2 Relay ] A network administrator uses the DHCP L2 Relay Agent to add DHCP client information.
  • Page 312 Advanced [ Advanced > DHCP L2 Relay > Configuration ] 7.1.1 DHCP L2 Relay Configuration [ Advanced > DHCP L2 Relay > Configuration ] This dialog lets you activate the relay function on an interface and VLAN. When you activate this function on a port, the device either relays the Option 82 information or drops the information on untrusted ports.
  • Page 313 Advanced [ Advanced > DHCP L2 Relay > Configuration ] Possible values: marked  The device accepts DHCP packets with Option 82 information. unmarked (default setting)  The device discards DHCP packets received on non-secure ports that contain Option 82 information.
  • Page 314 Advanced [ Advanced > DHCP L2 Relay > Configuration ] Possible values:  Specifies the IP address of the device as Remote ID. (default setting)  Specifies the MAC address of the device as Remote ID. client-id  Specifies the system name of the device as Remote ID. other ...

  • Page 315: Dhcp L2 Relay Statistics

    Advanced [ Advanced > DHCP L2 Relay > Statistics ] 7.1.2 DHCP L2 Relay Statistics [ Advanced > DHCP L2 Relay > Statistics ] The device monitors the traffic on the ports and displays the results in tabular form. This table is divided into various categories to aid you in traffic analysis. Table Port Displays the port number.

  • Page 316: Dhcp Server

    Advanced [ Advanced > DHCP Server ] DHCP Server [ Advanced > DHCP Server ] With the DHCP server, you manage a database of available IP addresses and configuration information. When the device receives a request from a client, the DHCP server validates the DHCP client network, and then leases an IP address.
  • Page 317 Advanced [ Advanced > DHCP Server > Global ] 7.2.1 DHCP Server Global [ Advanced > DHCP Server > Global ] Activate the function either globally or per port according to your requirements. Operation Operation Enables/disables the DHCP server function of the device globally. Possible values: ...

  • Page 318: Dhcp Server Pool

    Advanced [ Advanced > DHCP Server > Pool ] 7.2.2 DHCP Server Pool [ Advanced > DHCP Server > Pool ] Assign an IP address to an end device or switch connected to a port or included in a VLAN. The DHCP server provides IP address pools from which it allocates IP addresses to clients.
  • Page 319 Advanced [ Advanced > DHCP Server > Pool ] Last IP address When using dynamic IP address assignment, this value specifies the end of the IP address range. Possible values: Valid IPv4 address  Port Displays the port number. VLAN ID Displays the VLAN to which the table entry relates.
  • Page 320  For the IP address assignment, the server ignores this variable. Hirschmann device Activates/deactivates Hirschmann multicasts. If the device in this IP address range serves only Hirschmann devices, then activate this function. Possible values: marked  In this IP address range, the device serves only Hirschmann devices. Hirschmann multicasts are activated.
  • Page 321 Advanced [ Advanced > DHCP Server > Pool ] Possible values: Valid IPv4 address  Netmask Specifies the mask of the network to which the client belongs. A value of 0.0.0.0 disables the attachment of the option field in the DHCP message. Possible values: Valid IPv4 netmask ...

  • Page 322: Dhcp Server Lease Table

    Advanced [ Advanced > DHCP Server > Lease Table ] 7.2.3 DHCP Server Lease Table [ Advanced > DHCP Server > Lease Table ] This dialog displays the status of IP address leasing on a per port basis. Table Port Displays the port number to which the address is currently being leased.

  • Page 323: Industrial Protocols

    Advanced [ Advanced > Industrial Protocols ] Client ID Displays the client identifier of the device leasing the IP address. Remote ID Displays the remote identifier of the device leasing the IP address. Circuit ID Displays the Circuit ID of the device leasing the IP address. Buttons You find the description of the standard buttons in section “Buttons”...

  • Page 324: Iec61850-Mms

    Advanced [ Advanced > Industrial Protocols > IEC61850-MMS ] 7.3.1 IEC61850-MMS [ Advanced > Industrial Protocols > IEC61850-MMS ] The IEC61850-MMS is a standardized industrial communication protocol from the International Electrotechnical Commission (IEC). For example, automatic switching equipment uses this protocol when communicating with power station equipment.
  • Page 325 Advanced [ Advanced > Industrial Protocols > IEC61850-MMS ] Possible values: marked  The write access to the MMS server is activated. This setting lets you change the device settings using the IEC 61850 MMS protocol. unmarked (default setting)  The write access to the MMS server is deactivated.
  • Page 326 Advanced [ Advanced > Industrial Protocols > IEC61850-MMS ] stopping  halted  error  Active sessions Displays the number of active MMS server connections. Buttons You find the description of the standard buttons in section “Buttons” on page Download Copies the ICD file to your PC.

  • Page 327: Modbus Tcp

    Advanced [ Advanced > Industrial Protocols > Modbus TCP ] 7.3.2 Modbus TCP [ Advanced > Industrial Protocols > Modbus TCP ] Modbus TCP is a protocol used for Supervisory Control and Data Acquisition (SCADA) system integration. Modbus TCP is a vendor-neutral protocol used to monitor and control industrial automation equipment such as Programmable Logic Controllers (PLC), sensors and meters.
  • Page 328 Advanced [ Advanced > Industrial Protocols > Modbus TCP ] Possible values: marked (default setting)  Modbus TCP server read/write access is active. This lets you change the device configuration using the Modbus TCP protocol. unmarked  Modbus TCP server read-only access is active. TCP port Specifies the TCP port number that the Modbus TCP...

  • Page 329: Command Line Interface

    Advanced [ Advanced > CLI ] Command Line Interface [ Advanced > CLI ] This dialog lets you access the device using the Command Line Interface. The prerequisites are: In the device, enable the SSH server in the Device Security > Management Access > Server dialog, ...

  • Page 331: A Index

    Index A Index 802.1D/p mapping ............185 802.1X .
  • Page 332 Index FAQ ..............334 FDB .
  • Page 333 Index MAC address table ............152 MAC flood .
  • Page 334 Index Secure shell ..............80 Security status .

  • Page 335: B Further Support

    The current manuals and operating instructions for Hirschmann products are available at doc.hirschmann.com. Hirschmann Competence Center The Hirschmann Competence Center is ahead of its competitors on three counts with its complete range of innovative services: Consulting incorporates comprehensive technical advice, from system evaluation through ...

  • Page 336: C Readers' Comments

    Readers’ Comments C Readers’ Comments What is your opinion of this manual? We are constantly striving to provide as comprehensive a description of our product as possible, as well as important information to assist you in the operation of this product. Your comments and suggestions help us to further improve the quality of our documentation.
  • Page 337 Dear User, Please fill out and return this page as a fax to the number +49 (0)7127/14-1600 or  per mail to  Hirschmann Automation and Control GmbH Department 01RD-NT Stuttgarter Str. 45-51 72654 Neckartenzlingen Germany RM GUI GRS Release 8.0 09/2019...
  • Page 338 Readers’ Comments RM GUI GRS Release 8.0 09/2019...
  • Page 341 User Manual Configuration Greyhound Switch GRS1020-1030 HiOS-2S Technical support UM Config GRS Release 8.0 09/2019 https://hirschmann-support.belden.com...
  • Page 342 This document was produced by Hirschmann Automation and Control GmbH according to the best of the company's knowledge. Hirschmann reserves the right to change the contents of this document without prior notice. Hirschmann can give no guarantee in respect of the correctness or accuracy of the information in this document.
  • Page 343 Contents Contents Safety instructions............9 About this Manual .
  • Page 344 Contents User management ............59 3.2.1 Access roles.
  • Page 345 Contents ACL ..............101 8.2.1 Creating and editing IPv4 rules .
  • Page 346 Contents 12.2 Media Redundancy Protocol (MRP) ..........151 12.2.1 Network Structure .
  • Page 347 Contents 13.9 Topology discovery ............207 13.9.1 Displaying the Topology discovery results .
  • Page 348 Contents Appendix..............256 Literature references .

  • Page 349: Safety Instructions

    Safety instructions Safety instructions WARNING UNCONTROLLED MACHINE ACTIONS To avoid uncontrolled machine actions caused by data loss, configure all the data transmission devices individually. Before you start any machine which is controlled via data transmission, be sure to complete the configuration of all data transmission devices.

  • Page 351: About This Manual

    About this Manual About this Manual The “Configuration” user manual contains the information you need to start operating the device. It takes you step by step from the first startup operation through to the basic settings for operation in your environment. The “Installation”...

  • Page 352: Key

    The designations used in this manual have the following meanings: List  Work step  Link Cross-reference with link Note: A note emphasizes a significant fact or draws your attention to a dependency. Representation of a CLI command or field contents in the graphical user interface Courier Execution in the Graphical User Interface Execution in the Command Line Interface...

  • Page 353: Introduction

    Introduction Introduction The device has been developed for use in a harsh industrial environment. Accordingly, the installation process has been kept simple. Thanks to the selected default settings, you only have to enter a few settings before starting to operate the device. UM Config GRS Release 8.0 09/2019...

  • Page 355: User Interfaces

    User interfaces 1.1 Graphical User Interface 1 User interfaces The device lets you specify the settings of the device using the following user interfaces. Table 1: User interfaces for accessing the device management User interface Can be reached through … Prerequisite Graphical User Interface Ethernet (In-Band)

  • Page 356: Command Line Interface

    The Command Line Interface provides IT specialists with a familiar environment for configuring IT devices. As an experienced user or administrator, you have knowledge about the basics and about using Hirschmann devices. 1.2.1 Preparing the data connection Information for assembling and starting up your device can be found in the “Installation” user manual.
  • Page 357 User interfaces 1.2 Command Line Interface Telnet connection using PuTTY Proceed as follows: Start the PuTTY program on your computer.  Figure 2: PuTTY input screen In the Host Name (or IP address) field you enter the IP address of your device. ...
  • Page 358 User interfaces 1.2 Command Line Interface Copyright (c) 2011-2019 Hirschmann Automation and Control GmbH All rights reserved GRS1020 Release 8.0 (Build date 2019-02-05 19:17) System Name GRS-ECE555B996DC Management IP : 192.168.1.5 Subnet Mask 255.255.255.0 Base MAC EC:E5:55:01:02:03 System Time 2019-01-01 17:39:01 NOTE: Enter '?' for Command Help.

  • Page 359: Access To The Command Line Interface Using Ssh (Secure Shell)

    User interfaces 1.2 Command Line Interface 1.2.3 Access to the Command Line Interface using SSH (Secure Shell) In the following example we use the PuTTY program. Another option to access your device using SSH is the OpenSSH Suite. Proceed as follows: Start the PuTTY program on your computer.
  • Page 360 User interfaces 1.2 Command Line Interface Click the Open button to set up the data connection to your device.  Depending on the device and the time at which SSH was configured, setting up the connection takes up to a minute. When you first login to your device, towards the end of the connection setup, the PuTTY program...

  • Page 361: Access To The Command Line Interface Using The Serial Interface

    User interfaces 1.2 Command Line Interface login as: admin admin@192.168.1.5’s password: Copyright (c) 2011-2019 Hirschmann Automation and Control GmbH All rights reserved GRS1020 Release 8.0 (Build date 2019-02-05 19:17) System Name GRS-ECE555B996DC Management IP : 192.168.1.5 Subnet Mask 255.255.255.0 Base MAC...
  • Page 362 User interfaces 1.2 Command Line Interface Proceed as follows: Connect the device to a terminal using the serial interface. Alternatively connect the device to a  COM port of your PC using terminal emulation based on VT100 and press any key. Alternatively you set up the serial data connection to the device with the serial interface using ...

  • Page 363: User Rights

    User interfaces 1.2 Command Line Interface Copyright (c) 2011-2019 Hirschmann Automation and Control GmbH All rights reserved GRS1020 Release 8.0 (Build date 2019-02-05 19:17) System Name GRS-ECE555B996DC Management IP : 192.168.1.5 Subnet Mask 255.255.255.0 Base MAC EC:E5:55:01:02:03 System Time 2019-01-01 17:39:01 NOTE: Enter '?' for Command Help.

  • Page 364: Mode-Based Command Hierarchy

    In the Command Line Interface, the commands are grouped in the related modes, according to the type of the command. Every command mode supports specific Hirschmann software commands. The commands available to you as a user depend on your privilege level (administrator, operator, guest, auditor).
  • Page 365 User interfaces 1.2 Command Line Interface The following figure displays the modes of the Command Line Interface. ROOT Login Logout Limited The User Exec User Exec Mode functionality commands are available in Privileged Exec Mode, too. Enable Exit Basic functions, Privileged Exec Mode basic settings Vlan...
  • Page 366 User interfaces 1.2 Command Line Interface Global Config mode  The Global Config mode lets you perform modifications to the current configuration. This mode groups general setup commands. Command prompt: (GRS) (config)# Interface Range mode  The commands in the Interface Range mode affect a specific port, a selected group of multiple ports or all port of the device.

  • Page 367: Executing The Commands

    User interfaces 1.2 Command Line Interface Table 3: Command modes Command mode Access method Quit or start next mode VLAN mode From the Privileged Exec mode, you To end the VLAN mode and return to the enter the command Privileged Exec mode, you enter vlan database exit press Ctrl Z.

  • Page 368: Structure Of A Command

    User interfaces 1.2 Command Line Interface When you enter a command and press the <Enter> key, the Command Line Interface starts the syntax analysis. The Command Line Interface searches the command tree for the desired command. When the command is outside the Command Line Interface command range, a message informs you of the detected error.
  • Page 369 User interfaces 1.2 Command Line Interface Parameters The sequence of the parameters is relevant for the correct syntax of a command. Parameters are required values, optional values, selections, or a combination of these things. The representation indicates the type of the parameter. Table 4: Parameter and command syntax Commands in pointed brackets (...

  • Page 370: Examples Of Commands

    User interfaces 1.2 Command Line Interface Network addresses Network addresses are a requirement for establishing a data connection to a remote work station, a server, or another network. You distinguish between IP addresses and MAC addresses. The IP address is an address allocated by the network administrator. The IP address is unique in one network area.

  • Page 371: Input Prompt

    User interfaces 1.2 Command Line Interface is the command name. radius server timeout The parameter is required. The value range is 1..30 Example 3: radius server auth modify <1..8> Command to set the parameters for RADIUS authentication server 1. (GRS) (config)#radius server auth modify 1 [name] RADIUS authentication server name.
  • Page 372 User interfaces 1.2 Command Line Interface Asterisk, pound sign and exclamation point Asterisk  An asterisk in the first or second position of the input prompt displays you that the settings in the volatile memory and the settings in the non-volatile memory are different. In your configuration, the device has detected modifications which have not been saved.

  • Page 373: Key Combinations

    User interfaces 1.2 Command Line Interface 1.2.11 Key combinations The following key combinations make it easier for you to work with the Command Line Interface: Table 8: Key combinations in the Command Line Interface Key combination Description CTRL + H, Backspace Delete previous character CTRL + A Go to beginning of line...

  • Page 374: Data Entry Elements

    User interfaces 1.2 Command Line Interface (GRS) #help HELP: Special keys: Ctrl-H, BkSp delete previous character Ctrl-A ..go to beginning of line Ctrl-E ..go to end of line Ctrl-F ..go forward one character Ctrl-B ..go backward one character Ctrl-D ..

  • Page 375: Use Cases

    User interfaces 1.2 Command Line Interface Possible commands/parameters You can obtain a list of the commands or the possible parameters by entering , for example help by entering (GRS) >show ? When you enter the command displayed, you get a list of the parameters available for the command show When you enter the command without space character in front of the question mark, the device displays the help text for the command itself:...
  • Page 376 User interfaces 1.2 Command Line Interface Syntax of the „radius server auth add“ command Use this command to add a RADIUS authentication server. Mode: mode  Global Config Privilege Level: Administrator  Format:  radius server auth add <1..8> ip <a.b.c.d> [name <string>] [port <1..65535>] –...

  • Page 377: Service Shell

    User interfaces 1.2 Command Line Interface 1.2.14 Service Shell The Service Shell is for service purposes only. The Service Shell lets users have access to internal functions of the device. When you need assistance with your device, the service personnel use the Service Shell to monitor internal conditions for example, the switch or CPU registers.
  • Page 378 User interfaces 1.2 Command Line Interface Display the Service Shell commands The prerequisite is that you already started the Service Shell. Perform the following steps: Enter and press the <Enter> key.  help /mnt/fastpath # help Built-in commands: ------------------ . : [ [[ alias bg break cd chdir command continue echo eval exec exit export false fg getopts hash help history jobs kill let local pwd read readonly return set shift source test times trap true type ulimit umask unalias unset wait...
  • Page 379 User interfaces 1.2 Command Line Interface Enter and press the <Enter> key.  serviceshell deactivate To reduce the effort when typing: – Enter and press the <Tab> key. – Enter and press the <Tab> key. This step is irreversible!  Press the <Y>...

  • Page 380: System Monitor

    User interfaces 1.3 System monitor System monitor The System Monitor lets you set basic operating parameters before starting the operating system. 1.3.1 Functional scope In the System Monitor, you carry out the following tasks, for example: Managing the operating system and verifying the software image ...
  • Page 381 User interfaces 1.3 System monitor System Monitor 1 (Selected OS: ...-8.0 (2019-02-05 19:17)) Manage operating system Update operating system Start selected operating system Manage configurations Show boot code information End (reset and reboot) sysMon1> Figure 12: System Monitor 1 screen display Select a menu item by entering the number.

  • Page 382: Specifying The Ip Parameters

    Specifying the IP parameters 2.1 IP parameter basics 2 Specifying the IP parameters When you install the device for the first time, enter the IP parameters. The device provides the following options for entering the IP parameters during the first installation: Entry using the Command Line Interface.

  • Page 383: Netmask

    Specifying the IP parameters 2.1 IP parameter basics The first byte of an IP address is the network address. The worldwide leading regulatory board for assigning network addresses is the IANA ("Internet Assigned Numbers Authority"). When you require an IP address block, contact your Internet Service Provider (ISP). Your ISP contacts their local higher-level organization to reserve an IP address block: APNIC (Asia Pacific Network Information Center) ...
  • Page 384 Specifying the IP parameters 2.1 IP parameter basics Example of applying the subnet mask to IP addresses for subnetwork assignment: Decimal notation 129.218.65.17 128 < 129 191 › Class B Binary notation 10000001.11011010.01000001.00010001 Subnetwork 1 Network address Decimal notation 129.218.129.17 128 <...

  • Page 385: Classless Inter-Domain Routing

    Specifying the IP parameters 2.1 IP parameter basics Lorenzo receives the letter, removes the outer envelope and recognizes from the inner envelope that the letter is meant for Juliet. He places the inner envelope in a new outer envelope and searches his address list (the ARP table) for Juliet's MAC address;...

  • Page 386: Specifying The Ip Parameters Using The Command Line Interface

    Specifying the IP parameters 2.2 Specifying the IP parameters using the Command Line Interface Specifying the IP parameters using the Command Line Interface There are several methods you enter the system configuration, either using BOOTP/DHCP, the HiDiscovery protocol, the external memory. You have the option of performing the configuration over the serial interface using the Command Line Interface.
  • Page 387 Specifying the IP parameters 2.2 Specifying the IP parameters using the Command Line Interface Note: If a terminal or PC with terminal emulation is unavailable in the vicinity of the installation location, you can configure the device at your own workstation, then take it to its final installation location.

  • Page 388: Specifying The Ip Parameters Using Hidiscovery

    Specifying the IP parameters 2.3 Specifying the IP parameters using HiDiscovery Specifying the IP parameters using HiDiscovery The HiDiscovery protocol enables you to assign IP parameters to the device using the Ethernet. You easily configure other parameters using the Graphical User Interface. Install the HiDiscovery software on your PC.
  • Page 389 Specifying the IP parameters 2.3 Specifying the IP parameters using HiDiscovery Note: Disable the HiDiscovery function in the device, after you have assigned the IP parameters to the device. Note: Save the settings so that you will still have the entries after a restart. UM Config GRS Release 8.0 09/2019...

  • Page 390: Specifying The Ip Parameters Using The Graphical User Interface

    Specifying the IP parameters 2.4 Specifying the IP parameters using the Graphical User Interface Specifying the IP parameters using the Graphical User Interface Perform the following steps: Open the Basic Settings > Network dialog.  In this dialog you first specify the source from which the device gets its IP parameters after starting.

  • Page 391: Specifying The Ip Parameters Using Bootp

    Specifying the IP parameters 2.5 Specifying the IP parameters using BOOTP Specifying the IP parameters using BOOTP With the BOOTP function activated the device sends a boot request message to the BOOTP server. The boot request message contains the Client ID configured in the Basic Settings >...

  • Page 392: Specifying The Ip Parameters Using Dhcp

    Specifying the IP parameters 2.6 Specifying the IP parameters using DHCP Specifying the IP parameters using DHCP The DHCP (Dynamic Host Configuration Protocol) is a further development of BOOTP, which it has replaced. The DHCP additionally lets the configuration of a DHCP client using a name instead of using the MAC address.
  • Page 393 Specifying the IP parameters 2.6 Specifying the IP parameters using DHCP The appendix contains an example configuration of the BOOTP/DHCP-server. Example of a DHCP-configuration file: # /etc/dhcpd.conf for DHCP Daemon subnet 10.1.112.0 netmask 255.255.240.0 { option subnet-mask 255.255.240.0; option routers 10.1.112.96; # Host berta requests IP configuration # with her MAC address host berta {...

  • Page 394: Management Address Conflict Detection

    Specifying the IP parameters 2.7 Management address conflict detection Management address conflict detection You assign an IP address to the device using several different methods. This function helps the device detect IP address conflicts on a network after boot up and the device also checks periodically during operation.

  • Page 395: Access To The Device

    Access to the device 3.1 Authentication lists 3 Access to the device Authentication lists When a user accesses the device using a specific connection, the device verifies the credentials of the user in an authentication list which contains the policies that the device applies for authentication.

  • Page 396: Managing Authentication Lists

    Access to the device 3.1 Authentication lists 3.1.3 Managing authentication lists You manage the authentication lists in the Graphical User Interface or in the Command Line Interface. Perform the following steps: Open the Device Security > Authentication List dialog.  The dialog displays the authentication lists that are set up.

  • Page 397: Adjust The Settings

    Access to the device 3.1 Authentication lists 3.1.4 Adjust the settings Example: Set up a separate authentication list for the application WebInterface which is by default included in the authentication list defaultLoginAuthList. The device forwards authentication requests to a RADIUS server in the network. As a fall-back solution, the device authenticates users using the local user management.
  • Page 398 Access to the device 3.1 Authentication lists Click the button.  The right column now displays the application WebInterface. Click the button.  The dialog displays the updated settings: – Dedicated applications column of authentication list loginGUI displays the application WebInterface. –...

  • Page 399: User Management

    Access to the device 3.2 User management User management When a user logs in with valid login data, the device lets the user have access to its device management. The device authenticates the users either using the local user management or with a RADIUS server in the network.
  • Page 400 Access to the device 3.2 User management Every user account is linked to an access role that regulates the access to the individual functions of the device. Depending on the planned activity for the respective user, you assign a pre-defined access role to the user.

  • Page 401: Managing User Accounts

    Access to the device 3.2 User management 3.2.2 Managing user accounts You manage the user accounts in the Graphical User Interface or in the Command Line Interface. Perform the following steps: Open the Device Security > User Management dialog.  The dialog displays the user accounts that are set up.

  • Page 402: Changing Default Passwords

    Access to the device 3.2 User management 3.2.4 Changing default passwords To help prevent undesired access, change the password of the default user accounts. Perform the following steps: Change the passwords for the admin user user accounts.  Open the Device Security >...

  • Page 403: Setting Up A New User Account

    Access to the device 3.2 User management 3.2.5 Setting up a new user account Allocate a separate user account to each user that accesses the device management. In this way you can specifically control the authorizations for the access. In the following example, we will set up the user account for a USER user with the role operator.

  • Page 404: Deactivating The User Account

    Access to the device 3.2 User management allocate the password. 3.2.6 Deactivating the user account After a user account is deactivated, the device denies the related user access to the device management. In contrast to completely deleting it, deactivating a user account lets you keep the settings and reuse them in the future.

  • Page 405: Adjusting Policies For Passwords

    Access to the device 3.2 User management 3.2.7 Adjusting policies for passwords The device lets you check whether the passwords for the user accounts adhere to the specified policy. When the passwords adhere to the policy, you obtain a higher level of complexity for the passwords.

  • Page 406: Snmp Access

    Access to the device 3.3 SNMP access SNMP access The SNMP protocol lets you work with a network management system to monitor the device over the network and change its settings. 3.3.1 SNMPv1/v2 access Using SNMPv1 or SNMPv2 the network management system and the device communicate unencrypted.

  • Page 407: Snmpv3 Access

    Access to the device 3.3 SNMP access 3.3.2 SNMPv3 access Using SNMPv3 the network management system and the device communicate encrypted. The network management system authenticates itself with the device using the credentials of a user. The prerequisite for the SNMPv3 access is that in the network management system uses the same settings that are defined in the device.

  • Page 408: Managing Configuration Profiles

    Managing configuration profiles 4.1 Detecting changed settings 4 Managing configuration profiles If you change the settings of the device during operation, then the device stores the changes in its memory (RAM). After a reboot the settings are lost. In order to keep the changes after a reboot, the device lets you save additional settings in a configuration profile in the non-volatile memory (NVM).

  • Page 409: Saving The Settings

    Managing configuration profiles 4.2 Saving the settings Saving the settings 4.2.1 Saving the configuration profile in the device If you change the settings of the device during operation, then the device stores the changes in its memory (RAM). In order to keep the changes after a reboot, save the configuration profile in the non- volatile memory (NVM).
  • Page 410 Managing configuration profiles 4.2 Saving the settings Copying settings to a configuration profile The device lets you store the settings saved in the memory (RAM) in a configuration profile other than the "selected" configuration profile. In this way you create a new configuration profile in the non-volatile memory (NVM) or overwrite an existing one.

  • Page 411: Saving The Configuration Profile In The External Memory

    Managing configuration profiles 4.2 Saving the settings Change to the Configuration mode. configure Identifier of the configuration profile. config profile select nvm 1 Take note of the adjacent name of the configuration profile. Save the settings in the non-volatile memory ( save in the “selected”...

  • Page 412: Exporting A Configuration Profile

    Managing configuration profiles 4.2 Saving the settings Enter the credentials needed to authenticate on the remote server.  In the Operation option list, enable the function.  To save the changes temporarily, click the button.  Change to the Privileged EXEC mode. enable Check status of the function.
  • Page 413 Managing configuration profiles 4.2 Saving the settings To export the configuration profile to a remote server, perform the following steps: Click the button and then the Export... item.  The dialog displays the Export... window. In the field, specify the file URL on the remote server: ...

  • Page 414: Loading Settings

    Managing configuration profiles 4.3 Loading settings Loading settings If you save multiple configuration profiles in the memory, then you have the option to load a different configuration profile. 4.3.1 Activating a configuration profile The non-volatile memory of the device can contain multiple configuration profiles. If you activate a configuration profile stored in the non-volatile memory (NVM), then you immediately change the settings in the device.

  • Page 415: Loading The Configuration Profile From The External Memory

    Managing configuration profiles 4.3 Loading settings 4.3.2 Loading the configuration profile from the external memory If an external memory is connected, then the device loads a configuration profile from the external memory upon restart automatically. The device lets you save these settings in a configuration profile in non-volatile memory.
  • Page 416 Managing configuration profiles 4.3 Loading settings the script with a user-specified name. Save the file with the file extension .cli. Note: Verify that the script saved in the external memory is not empty. If the script is empty, then the device loads the next configuration profile as per the configuration priority settings. After applying the script, the device automatically saves the configuration profile from the script file as an XML file in the external memory.

  • Page 417: Importing A Configuration Profile

    Managing configuration profiles 4.3 Loading settings 4.3.3 Importing a configuration profile The device lets you import from a server a configuration profile saved as an XML file. If you use the Graphical User Interface, then you can import the XML file directly from your PC. Prerequisites: To save the file on a server, you need a configured server on the network.
  • Page 418 Managing configuration profiles 4.3 Loading settings To import the configuration profile from the external memory, perform the following steps: In the Import profile from external memory frame, Profile name drop-down list, select the name  of the configuration profile to be imported. The prerequisite is that the external memory contains an exported configuration profile.

  • Page 419: Reset The Device To The Factory Defaults

    Managing configuration profiles 4.4 Reset the device to the factory defaults Reset the device to the factory defaults If you reset the settings in the device to the delivery state, then the device deletes the configuration profiles in the volatile memory and in the non-volatile memory. If an external memory is connected, then the device also deletes the configuration profiles saved in the external memory.
  • Page 420 Managing configuration profiles 4.4 Reset the device to the factory defaults To load the factory settings, press the <Enter> key.  The device deletes the configuration profiles in the memory (RAM) and in the non-volatile memory (NVM). If an external memory is connected, then the device also deletes the configuration profiles saved in the external memory.

  • Page 421: Loading Software Updates

    Hirschmann is continually working on improving and developing their software. Check regularly whether there is an updated version of the software that provides you with additional benefits. You find information and software downloads on the Hirschmann product pages on the Internet at www.hirschmann.com.

  • Page 422: Software Update From A Server

    Loading software updates 5.2 Software update from a server Software update from a server To update the software using SFTP or SCP you need a server on which the image file of the device software is saved. To update the software using TFTP, SFTP or SCP you need a server on which the image file of the device software is saved.

  • Page 423: Software Update From The External Memory

    Loading software updates 5.3 Software update from the external memory Software update from the external memory 5.3.1 Manually—initiated by the administrator The device lets you update the device software with a few mouse clicks. The prerequisite is that the image file of the device software is located in the external memory. Perform the following steps: Open the Basic Settings >...
  • Page 424 Loading software updates 5.3 Software update from the external memory Check the result of the update procedure. The log file in the Diagnostics > Report > System Log dialog contains one of the following messages: S_watson_AUTOMATIC_SWUPDATE_SUCCESS  Software update completed successfully S_watson_AUTOMATIC_SWUPDATE_ABORTED ...

  • Page 425: Loading A Previous Software Version

    Loading software updates 5.4 Loading a previous software version Loading a previous software version The device lets you replace the device software with a previous version. The basic settings in the device are kept after replacing the device software. Note: Only the settings for functions which are available in the newer device software version are lost.

  • Page 426: Configuring The Ports

    Configuring the ports 6.1 Enabling/disabling the port 6 Configuring the ports The following port configuration functions are available. Enabling/disabling the port  Selecting the operating mode  Enabling/disabling the port In the default setting, every port is enabled. For a higher level of access security, disable unconnected ports.

  • Page 427: Selecting The Operating Mode

    Configuring the ports 6.2 Selecting the operating mode Selecting the operating mode In the default setting, the ports are set to Automatic configuration operating mode. Note: The active automatic configuration has priority over the manual configuration. Perform the following steps: Open the dialog, tab.

  • Page 428: Assistance In The Protection From Unauthorized Access

    Assistance in the protection from unauthorized access 7.1 Changing the SNMPv1/v2 community 7 Assistance in the protection from unauthorized access The device offers functions that help you protect the device against unauthorized access. After you set up the device, carry out the following steps in order to reduce possible unauthorized access to the device.

  • Page 429: Disabling Snmpv1/V2

    Assistance in the protection from unauthorized access 7.2 Disabling SNMPv1/v2 Disabling SNMPv1/v2 If you need SNMPv1 or SNMPv2, then use these protocols only in environments protected from eavesdropping. SNMPv1 and SNMPv2 do not use encryption. The SNMP packets contain the community in clear text.

  • Page 430: Disabling Http

    Assistance in the protection from unauthorized access 7.3 Disabling HTTP Disabling HTTP The web server provides the Graphical User Interface with the protocol HTTP or HTTPS. HTTPS connections are encrypted, while HTTP connections are unencrypted. The HTTP protocol is enabled by default. If you disable HTTP, then no unencrypted access to the Graphical User Interface is possible.

  • Page 431: Disabling Telnet

    Assistance in the protection from unauthorized access 7.4 Disabling Telnet Disabling Telnet The device lets you remotely access the device management using Telnet or SSH. Telnet connections are unencrypted, while SSH connections are encrypted. The Telnet server is enabled in the device by default. If you disable Telnet, then unencrypted remote access to the Command Line Interface is no longer possible.

  • Page 432: Disabling The Hidiscovery Access

    Assistance in the protection from unauthorized access 7.5 Disabling the HiDiscovery access Disabling the HiDiscovery access HiDiscovery lets you assign IP parameters to the device over the network during commissioning. HiDiscovery communicates in the device management VLAN without encryption and authentication.

  • Page 433: Activating The Ip Access Restriction

    Assistance in the protection from unauthorized access 7.6 Activating the IP access restriction Activating the IP access restriction In the default setting, you access the device management from any IP address and with the supported protocols. The IP access restriction lets you restrict access to the device management to selected IP address ranges and selected IP-based protocols.
  • Page 434 Assistance in the protection from unauthorized access 7.6 Activating the IP access restriction Perform the following steps: Open the Device Security > Management Access > IP Access Restriction dialog.  Unmark the checkbox in the Active column for the entry. ...
  • Page 435 Assistance in the protection from unauthorized access 7.6 Activating the IP access restriction Specify the IP address of the mobile phone network management access modify 3 ip 109.237.176.0 network. Specify the netmask of the mobile phone network. network management access modify 3 mask Deactivate SNMP for the address range of the network management access modify 3 snmp disable...

  • Page 436: Adjusting The Session Timeouts

    Assistance in the protection from unauthorized access 7.7 Adjusting the session timeouts Adjusting the session timeouts The device lets you automatically terminate the session upon inactivity of the logged-on user. The session timeout is the period of inactivity after the last user action. You can specify a session timeout for the following applications: Command Line Interface sessions using an SSH connection ...
  • Page 437 Assistance in the protection from unauthorized access 7.7 Adjusting the session timeouts Timeout for Command Line Interface sessions using a serial connection Perform the following steps: Open the dialog, tab. Device Security > Management Access > CLI Global  Specify the timeout period in minutes in the Configuration frame, Serial interface timeout [min]...

  • Page 438: Deactivating The Unused Modules

    Assistance in the protection from unauthorized access 7.8 Deactivating the unused modules Deactivating the unused modules The default settings allow access to the network. To help prevent unauthorized network access, deactivate the unused slots. The module establishes no network connections on a deactivated slot. Perform the following steps: Open the Basic Settings >...

  • Page 439: Controlling The Data Traffic

    Controlling the data traffic 8.1 Helping protect against unauthorized access 8 Controlling the data traffic The device checks the data packets to be forwarded in accordance with defined rules. Data packets to which the rules apply are either forwarded by the device or blocked. If data packets do not correspond to any of the rules, then the device blocks the packets.
  • Page 440 Controlling the data traffic 8.1 Helping protect against unauthorized access ICMP frame offers you 2 filter options for ICMP packets. Fragmentation of incoming ICMP packets is a sign of an attack. If you activate this filter, then the device detects fragmented ICMP packets and discards them.

  • Page 441: Acl

    Controlling the data traffic 8.2 ACL In this menu you can enter the parameters for the Access Control Lists (ACLs). The device uses ACLs to filter data packets received on VLANs or on individual or multiple ports. In a ACL, you specify rules that the device uses to filter data packets. When such a rule applies to a packet, the device applies the actions specified in the rule to the packet.

  • Page 442: Creating And Editing Ipv4 Rules

    Controlling the data traffic 8.2 ACL 8.2.1 Creating and editing IPv4 rules When filtering IPv4 data packets, the device lets you: create new groups and rules  add new rules to existing groups  edit an existing rule  activate and deactivate groups and rules ...

  • Page 443: Creating And Configuring An Ip Acl Using The Command Line Interface

    Controlling the data traffic 8.2 ACL 8.2.2 Creating and configuring an IP ACL using the Command Line Interface In the following example, you configure ACLs to block communications from computers B and C, to computer A via IP (TCP, UDP, etc.). IP: 10.0.1.11/24 IP: 10.0.1.13/24 Port 1...

  • Page 444: Creating And Editing Mac Rules

    Controlling the data traffic 8.2 ACL Leaves the interface mode. exit Displays the assignment of the IP ACL with ID show acl ip assignment 1 Displays the assignment of the IP ACL with ID show acl ip assignment 2 8.2.3 Creating and editing MAC rules When filtering MAC data packets, the device lets you: create new groups and rules...

  • Page 445: Assigning Acls To A Port Or Vlan

    Controlling the data traffic 8.2 ACL Adds a rule to position of the MAC ACL with the mac acl rule add 1 1 deny src any any dst any any etype appletalk rejecting packets with EtherType 0x809B (AppleTalk) Adds a rule to position of the MAC ACL with the mac acl rule add 1 2 deny src any any dst any any etype ipx-old...

  • Page 446: Synchronizing The System Time In The Network

    Synchronizing the system time in the network 9.1 Basic settings 9 Synchronizing the system time in the network Many applications rely on a time that is as correct as possible. The necessary accuracy, and thus the allowable deviation from the actual time, depends on the application area. Examples of application areas include: Log entries ...

  • Page 447: Setting The Time

    Synchronizing the system time in the network 9.1 Basic settings 9.1.1 Setting the time When no reference time source is available to you, you have the option to set the time in the device. After a cold start or reboot, if no real-time clock is available or the real-time clock contains an invalid time, then the device initializes its clock with January 1, 00:00h.

  • Page 448: Automatic Daylight Saving Time Changeover

    Synchronizing the system time in the network 9.1 Basic settings 9.1.2 Automatic daylight saving time changeover When you operate the device in a time zone in which there is a summer time change, you set up the automatic daylight saving time changeover on the Daylight saving time tab.

  • Page 449: Sntp

    Synchronizing the system time in the network 9.2 SNTP SNTP The Simple Network Time Protocol (SNTP) lets you synchronize the system time in your network. The device supports the SNTP client and the SNTP server function. The SNTP server makes the UTC (Universal Time Coordinated) available. UTC is the time relating to the coordinated world time measurement.

  • Page 450: Preparation

    Synchronizing the system time in the network 9.2 SNTP 9.2.1 Preparation Perform the following steps: To get an overview of how the time is passed on, draw a network plan with the devices  participating in SNTP. When planning, bear in mind that the accuracy of the time depends on the delays of the SNTP messages.

  • Page 451: Defining Settings Of The Sntp Client

    Synchronizing the system time in the network 9.2 SNTP 9.2.2 Defining settings of the SNTP client As an SNTP client, the device obtains the time information from SNTP or NTP servers and synchronizes its system clock accordingly. Perform the following steps: Open the Time >...

  • Page 452: Specifying Sntp Server Settings

    Synchronizing the system time in the network 9.2 SNTP 9.2.3 Specifying SNTP server settings When the device operates as an SNTP server, it provides its system time in coordinated world time (UTC) in the network. Perform the following steps: Open the Time >...

  • Page 453: 10 Network Load Control

    Network load control 10.1 Direct packet distribution 10 Network load control The device features a number of functions that reduce the network load: Direct packet distribution  Multicasts  Rate limiter  Prioritization - QoS  Flow control  10.1 Direct packet distribution The device reduces the network load with direct packet distribution.

  • Page 454: Static Address Entries

    Network load control 10.1 Direct packet distribution 10.1.3 Static address entries In addition to learning the sender MAC address, the device also provides the option to set MAC addresses manually. These MAC addresses remain configured and survive resetting of the MAC address table (FDB) as well as rebooting of the device.
  • Page 455 Network load control 10.1 Direct packet distribution Open the dialog. Switching > Filter for MAC Addresses  To disable a static address entry, select the value invalid in the Status column.  To save the changes temporarily, click the button. ...

  • Page 456: Multicasts

    Network load control 10.2 Multicasts 10.2 Multicasts By default, the device floods data packets with a Multicast address, that is, the device forwards the data packets to every port. This leads to an increased network load. The use of IGMP snooping can reduce the network load caused by Multicast data traffic. IGMP snooping lets the device send Multicast data packets only on those ports to which devices “interested”...
  • Page 457 Network load control 10.2 Multicasts The IGMP snooping method also makes it possible for switches to use the IGMP function. A switch stores the MAC addresses derived from IP addresses of the Multicast receivers as recognized Multicast addresses in its MAC address table (FDB). In addition, the switch identifies the ports on which it has received reports for a specific Multicast address.
  • Page 458 (“learned”). Learn by LLDP  A port with this setting automatically discovers other Hirschmann devices using LLDP (Link Layer Discovery Protocol). The device then learns the IGMP query status of this port from these Hirschmann devices and configures the IGMP Snooping Querier function accordingly.
  • Page 459 Network load control 10.2 Multicasts Prerequisite: IGMP Snooping function is enabled globally. Perform the following steps: Open the Switching > IGMP Snooping > Snooping Enhancements dialog.  Double-click the desired port in the desired VLAN.  To activate one or more functions, select the corresponding options. ...
  • Page 460 Network load control 10.2 Multicasts Prerequisite: IGMP Snooping function is enabled globally. Perform the following steps: Open the Switching > IGMP Snooping > Multicasts dialog.  In the Configuration frame, you specify how the device sends data packets to unknown ...

  • Page 461: Rate Limiter

    Network load control 10.3 Rate limiter 10.3 Rate limiter The rate limiter function helps ensure stable operation even with high traffic volumes by limiting traffic on the ports. The rate limitation is performed individually for each port, as well as separately for inbound and outbound traffic.

  • Page 462: Qos/Priority

    Network load control 10.4 QoS/Priority 10.4 QoS/Priority QoS (Quality of Service) is a procedure defined in IEEE 802.1D which is used to distribute resources in the network. QoS lets you prioritize the data of necessary applications. When there is a heavy network load, prioritizing helps prevent data traffic with lower priority from interfering with delay-sensitive data traffic.

  • Page 463: Handling Of Received Priority Information

    Network load control 10.4 QoS/Priority Prioritizing traffic classes For prioritization of traffic classes, the device uses the following methods: Strict  When transmission of data of a higher traffic class is no longer taking place or the relevant data is still in the queue, the device sends data of the corresponding traffic class. If every traffic class is prioritized according to the Strict method, then under high network load the device can...

  • Page 464: Ip Tos (Type Of Service)

    Network load control 10.4 QoS/Priority For data packets with VLAN tags, the device evaluates the following information: Priority information  When VLANs are configured, VLAN tagging  4 Octets Figure 21: Structure of the VLAN tagging Data packets with VLAN tags containing priority information but no VLAN information (VLAN ID = 0), are known as Priority Tagged Frames.

  • Page 465: Handling Of Traffic Classes

    Network load control 10.4 QoS/Priority Table 18: ToS field in the IP header (cont.) Bits (0-2): IP Precedence Defined Bits (3-6): Type of Service Bit (7) Defined 100 - Flash Override 0010 - [maximize reliability] 011 - Flash 0001 - [minimize monetary cost] 010 - Immediate 001 - Priority 000 - Routine...

  • Page 466: Queue Management

    Network load control 10.4 QoS/Priority 10.4.6 Queue management Defining settings for queue management Perform the following steps: Open the Switching > QoS/Priority > Queue Management dialog.  The total assigned bandwidth in the column is 100%. Min. bandwidth [%] To activate Weighted Fair Queuing for Traffic class = 0, proceed as follows: ...

  • Page 467: Management Prioritization

    Network load control 10.4 QoS/Priority 10.4.7 Management prioritization In order for you to constantly have access to the device management, although there is a high network load, the device lets you prioritize management packets. When prioritizing management packets, the device sends the management packets with priority information.
  • Page 468 Network load control 10.4 QoS/Priority Assigning a VLAN priority of to traffic class classofservice dot1p-mapping 1 2 Change to the Privileged EXEC mode. exit Display the assignment. show classofservice dot1p-mapping Assign port priority to received data packets Perform the following steps: Change to the Privileged EXEC mode.
  • Page 469 Network load control 10.4 QoS/Priority Assigning the DSCP value to traffic class classofservice ip-dscp-mapping cs1 1 Displaying the IP DSCP assignments show classofservice ip-dscp-mapping IP DSCP Traffic Class ------------- ------------- (cs1) Assign the DSCP priority to received IP data packets Perform the following steps: Change to the Privileged EXEC mode.
  • Page 470 Network load control 10.4 QoS/Priority Assigning the VLAN priority of to management network management priority dot1p 7 packets. The device sends management packets with the highest priority. Displaying the priority of the VLAN in which the show network parms device management is located. IPv4 Network ------------ Management VLAN priority....7...

  • Page 471: Flow Control

    Network load control 10.5 Flow control 10.5 Flow control If a large number of data packets are received in the priority queue of a port at the same time, then this can cause the port memory to overflow. This happens, for example, when the device receives data on a Gigabit port and forwards it to a port with a lower bandwidth.

  • Page 472: Setting Up The Flow Control

    Network load control 10.5 Flow control Flow Control with a full duplex link In the example, there is a fullduplex link between Workstation 2 and the device. Before the send queue of port 2 overflows, the device sends a request to Workstation 2 to include a small break in the sending transmission.

  • Page 473: 11 Vlans

    VLANs 11 VLANs In the simplest case, a virtual LAN (VLAN) consists of a group of network participants in one network segment who can communicate with each other as though they belonged to a separate LAN. More complex VLANs span out over multiple network segments and are also based on logical (instead of only physical) connections between network participants.

  • Page 474: Examples Of Vlans

    VLANs 11.1 Examples of VLANs 11.1 Examples of VLANs The following practical examples provide a quick introduction to the structure of a VLAN. Note: When configuring VLANs you use an interface for accessing the device management that will remain unchanged. For this example, you use either interface 1/6 or the serial connection to configure the VLANs.
  • Page 475 VLANs 11.1 Examples of VLANs For this example, the status of the TAG field of the data packets has no relevance, so you use the setting U. Table 19: Ingress table Terminal Port Port VLAN identifier (PVID) Table 20: Egress table VLAN ID Port Perform the following steps:...
  • Page 476 VLANs 11.1 Examples of VLANs Change to the Privileged EXEC mode. exit Display the current VLAN configuration. show vlan brief Max. VLAN ID........4042 Max. supported VLANs......128 Number of currently configured VLANs... 3 vlan unaware mode......disabled VLAN ID VLAN Name VLAN Type VLAN Creation Time ---- -------------------------------- --------- ------------------ VLAN1...

  • Page 477: Example 2

    VLANs 11.1 Examples of VLANs The port becomes a member of the VLAN vlan participation include 3 transmits the data packets without a VLAN tag. Assign the port VLAN ID to port vlan pvid 3 Change to the Configuration mode. exit Change to the interface configuration mode of interface 1/4...
  • Page 478 VLANs 11.1 Examples of VLANs Note: In this case, VLAN 1 has no significance for the end device communication, but it is required for the administration of the transmission devices via what is known as the Management VLAN. As in the previous example, uniquely assign the ports with their connected terminal devices to a VLAN.
  • Page 479 VLANs 11.1 Examples of VLANs The communication relationships here are as follows: end devices on ports 1 and 4 of the left device and end devices on ports 2 and 4 of the right device are members of VLAN 2 and can thus communicate with each other.
  • Page 480 VLANs 11.1 Examples of VLANs Here, the devices use VLAN tagging (IEEE 801.1Q) within the VLAN with the ID 1 (Uplink). The letter in the egress table of the ports indicates VLAN tagging. The configuration of the example is the same for the device on the right. Proceed in the same way, using the ingress and egress tables created above to adapt the previously configured left device to the new environment.
  • Page 481 VLANs 11.1 Examples of VLANs Open the dialog. Switching > VLAN > Port  To assign the port to a VLAN, specify the desired value in the corresponding column.  Possible values: = The port is a member of the VLAN. The port transmits tagged data packets. ...
  • Page 482 VLANs 11.1 Examples of VLANs Change to the interface configuration mode of interface 1/3 interface The port becomes a member of the VLAN vlan participation include 3 transmits the data packets without a VLAN tag. Assigning the Port VLAN ID to port vlan pvid 3 Change to the Configuration mode.

  • Page 483: Guest Vlan / Unauthenticated Vlan

    VLANs 11.2 Guest VLAN / Unauthenticated VLAN 11.2 Guest VLAN / Unauthenticated VLAN A Guest VLAN lets a device provide port-based Network Access Control (IEEE 802.1x) to non- 802.1x capable supplicants. This feature provides a mechanism to allow guests to access external networks only.
  • Page 484 VLANs 11.2 Guest VLAN / Unauthenticated VLAN Perform the following steps: Open the Switching > VLAN > Configuration dialog.  Click the button.  The dialog displays the Create window. In the VLAN ID field, specify the value 10.  Click the button.

  • Page 485: Radius Vlan Assignment

    VLANs 11.3 RADIUS VLAN assignment 11.3 RADIUS VLAN assignment The RADIUS VLAN assignment feature makes it possible for a RADIUS VLAN ID attribute to be associated with an authenticated client. When a client authenticates successfully, and the RADIUS server sends a VLAN attribute, the device associates the client with the RADIUS assigned VLAN. As a result, the device adds the physical port as an untagged member to the appropriate VLAN and sets the port VLAN ID (PVID) with the given value.

  • Page 486: Creating A Voice Vlan

    VLANs 11.4 Creating a Voice VLAN 11.4 Creating a Voice VLAN Use the Voice VLAN feature to separate voice and data traffic on a port, by VLAN and/or priority. A primary benefit of using Voice VLAN is to safeguard the sound quality of an IP phone in cases where there is high data traffic on the port.

  • Page 487: Vlan Unaware Mode

    VLANs 11.5 VLAN unaware mode 11.5 VLAN unaware mode VLAN unaware mode defines the operation of the device in a LAN segmented by VLANs. The device accepts packets and processes them according to its inbound rules. Based on the IEEE 802.1Q specifications, the function governs how the device processes VLAN tagged packets.

  • Page 488: 12 Redundancy

    Redundancy 12.1 Network Topology vs. Redundancy Protocols 12 Redundancy 12.1 Network Topology vs. Redundancy Protocols When using Ethernet, a significant prerequisite is that data packets follow a single (unique) path from the sender to the receiver. The following network topologies support this prerequisite: Line topology ...

  • Page 489: Redundancy Protocols

    An MRP-Ring consists of up to 50 devices that support the MRP protocol according to IEC 62439. When you only use Hirschmann devices, up to 100 devices are possible in the MRP-Ring. Subring Ring...

  • Page 490: Combinations Of Redundancies

    Redundancy 12.1 Network Topology vs. Redundancy Protocols 12.1.3 Combinations of Redundancies Table 26: Overview of redundancy protocols RSTP Link Aggreg. Link Backup Subring HIPER Ring ■ RSTP ■ ■ Link Aggreg. ■ ■ ■ Link Backup ■ ■ ■ ■ Subring ■...

  • Page 491: Media Redundancy Protocol (Mrp)

    An MRP-Ring consists of up to 50 devices that support the MRP protocol according to IEC 62439. When you only use Hirschmann devices, up to 100 devices are possible in the MRP-Ring. When you use the fixed MRP redundant port (Fixed Backup) and the primary ring link fails, the Ring Manager forwards data to the secondary ring link.

  • Page 492: Reconfiguration Time

    When the ring participants inform the Ring Manager of interruptions in the ring via link-down notifications, the advanced mode speeds up the link failure recognition. Hirschmann devices support link-down notifications. Therefore, you generally activate the advanced mode in the Ring Manager.

  • Page 493: Example Configuration

    Redundancy 12.2 Media Redundancy Protocol (MRP) 12.2.5 Example Configuration A backbone network contains 3 devices in a line structure. To increase the availability of the network, you convert the line structure to a redundant ring structure. Devices from different manufacturers are used.All devices support MRP. On every device you define ports 1.1 and 1.2 as ring ports.
  • Page 494 Redundancy 12.2 Media Redundancy Protocol (MRP) Note: You configure optical ports without support for autonegotiation (automatic configuration) with 100 Mbit/s full duplex (FDX) or 1000 Mbit/s full duplex (FDX). Note: You configure optical ports without support for autonegotiation (automatic configuration) with 100 Mbit/s full duplex (FDX).
  • Page 495 Redundancy 12.2 Media Redundancy Protocol (MRP) When configuring with the Graphical User Interface, the device uses the default value 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255. Creates a new MRP domain with the ID mrp domain add default-domain default- domain...
  • Page 496 Redundancy 12.2 Media Redundancy Protocol (MRP) Switch the operation of the MRP-Ring on.  To save the changes temporarily, click the button.  Activates the MRP-Ring. mrp domain modify operation enable When every ring participant is configured, close the line to the ring. To do this, you connect the ...
  • Page 497 Redundancy 12.2 Media Redundancy Protocol (MRP) In the field, define the MRP VLAN ID. The MRP VLAN ID determines in which of VLAN ID  the configured VLANs the device transmits the MRP packets. To set the MRP VLAN ID, first configure the VLANs and the corresponding egress rules in the Switching >...

  • Page 498: Spanning Tree

    Redundancy 12.3 Spanning Tree 12.3 Spanning Tree Note: The Spanning Tree Protocol is a protocol for MAC bridges. For this reason, the following description uses the term bridge for the device. Local networks are getting bigger and bigger. This applies to both the geographical expansion and the number of network participants.

  • Page 499: Basics

    Redundancy 12.3 Spanning Tree 12.3.1 Basics Because RSTP is a further development of the STP, every of the following descriptions of the STP also apply to RSTP. The tasks of the STP The Spanning Tree Algorithm reduces network topologies built with bridges and containing ring structures due to redundant links to a tree structure.
  • Page 500 Redundancy 12.3 Spanning Tree Root Path Cost Each path that connects 2 bridges is assigned a cost for the transmission (path cost). The device determines this value based on the transmission speed (see table 28). It assigns a higher path cost to paths with lower transmission speeds.
  • Page 501 Redundancy 12.3 Spanning Tree Max Age and Diameter The “Max Age” and “Diameter” values largely determine the maximum expansion of a Spanning Tree network. Diameter The number of connections between the devices in the network that are furthest removed from each other is known as the network diameter.

  • Page 502: Rules For Creating The Tree Structure

    Redundancy 12.3 Spanning Tree 12.3.2 Rules for Creating the Tree Structure Bridge information To determine the tree structure, the bridges need more detailed information about the other bridges located in the network. To obtain this information, each bridge sends a BPDU (Bridge Protocol Data Unit) to the other bridges.
  • Page 503 Redundancy 12.3 Spanning Tree When there are multiple paths with the same root path costs, the bridge further away from the  root decides which port it blocks. For this purpose, it uses the bridge identifiers of the bridge closer to the root. The bridge blocks the port that leads to the bridge with the numerically higher ID (a numerically higher ID is the logically worse one).

  • Page 504: Examples

    Redundancy 12.3 Spanning Tree 12.3.3 Examples Example of determining the root path You can use the network plan (see figure 37) to follow the flow chart (see figure 36) for determining the root path. The administrator has specified a priority in the bridge identification for each bridge. The bridge with the smallest numerical value for the bridge identification takes on the role of the root bridge, in this case, bridge 1.
  • Page 505 Redundancy 12.3 Spanning Tree Example of manipulating the root path You can use the network plan (see figure 38) to follow the flow chart (see figure 36) for determining the root path. The Administrator has performed the following: • Left the default value of 32768 (8000H) for every bridge apart from bridge 1 and bridge 5, and •...
  • Page 506 Redundancy 12.3 Spanning Tree When the Management Administrator configures bridge 2 as the root bridge, the burden of the control packets on the subnetworks is distributed much more evenly. The result is the configuration shown here (see figure 39). The path costs for most of the bridges to the root bridge have decreased.

  • Page 507: The Rapid Spanning Tree Protocol

    Redundancy 12.4 The Rapid Spanning Tree Protocol 12.4 The Rapid Spanning Tree Protocol The RSTP uses the same algorithm for determining the tree structure as STP. When a link or bridge becomes inoperable, RSTP merely changes parameters, and adds new parameters and mechanisms that speed up the reconfiguration.

  • Page 508: Port States

    Redundancy 12.4 The Rapid Spanning Tree Protocol Backup port  This is a blocked port that serves as a backup in case the connection to the designated port of this network segment (without any RSTP bridges) is lost Disabled port ...

  • Page 509: Spanning Tree Priority Vector

    Redundancy 12.4 The Rapid Spanning Tree Protocol Learning: Address learning active (FDB), no data traffic apart from STP-BPDUs  Forwarding: Address learning active (FDB), sending and receiving of every packet type (not only  STP-BPDUs) 12.4.3 Spanning Tree Priority Vector To assign roles to the ports, the RSTP bridges exchange configuration information with each other.

  • Page 510: Configuring The Device

    Redundancy 12.4 The Rapid Spanning Tree Protocol 12.4.6 Configuring the device RSTP configures the network topology completely independently. The device with the lowest bridge priority automatically becomes the root bridge. However, to define a specific network structure regardless, you specify a device as the root bridge. In general, a device in the backbone takes on this role.
  • Page 511 Redundancy 12.4 The Rapid Spanning Tree Protocol Specifies the delay time for the status change in spanning-tree forward-time <4..30> seconds. Specifies the maximum permissible branch length, spanning-tree max-age <6..40> for example the number of devices to the root bridge. show spanning-tree global Displays the parameters for checking.

  • Page 512: Guards

    Redundancy 12.4 The Rapid Spanning Tree Protocol 12.4.7 Guards The device lets you activate various protection functions (guards) in the device ports. The following protection functions help protect your network from incorrect configurations, loops and attacks with STP-BPDUs: BPDU Guard – for manually specified edge ports (end device ports) ...
  • Page 513 Redundancy 12.4 The Rapid Spanning Tree Protocol TCN Guard – for ports that receive STP-BPDUs with a Topology Change flag  You activate this protection function separately for every device port. Hacker If the protection function is activated, then the device ignores Topology Change flags in received STP-BPDUs.
  • Page 514 Redundancy 12.4 The Rapid Spanning Tree Protocol Open the dialog. Switching > L2-Redundancy > Spanning Tree > Port  Switch to the CIST tab.  For end device ports, mark the checkbox in the Admin edge portcolumn.  To save the changes temporarily, click the button.
  • Page 515 Redundancy 12.4 The Rapid Spanning Tree Protocol Activating Root Guard / TCN Guard / Loop Guard Open the Switching > L2-Redundancy > Spanning Tree > Port dialog.  Switch to the Guards tab.  For designated ports, select the checkbox in the column.

  • Page 516: Link Aggregation

    Redundancy 12.5 Link Aggregation 12.5 Link Aggregation Link Aggregation using the single switch method helps you overcome 2 limitations with ethernet links, namely bandwidth, and redundancy. The Link Aggregation Group (LAG) function helps you overcome bandwidth limitations of individual ports. LAG lets you combine 2 or more links in parallel, creating 1 logical link between 2 devices. The parallel links increase the bandwidth for traffic between the 2 devices.
  • Page 517 Redundancy 12.5 Link Aggregation Use the following steps to setup Switch 1 and 2 in the Graphical User Interface. Open the Switching > L2-Redundancy > Link Aggregation dialog.  Click the button.  The dialog displays the Create window. In the Trunk port drop-down list, select the instance number of the link aggregation group.

  • Page 518: Link Backup

    Redundancy 12.6 Link Backup 12.6 Link Backup Link Backup provides a redundant link for traffic on Layer 2 devices. When the device detects an error on the primary link, the device transfers traffic to the backup link. You typically use Link Backup in service-provider or enterprise networks.
  • Page 519 Redundancy 12.6 Link Backup When port returns to the active state, “no shutdown“, with Fail back activated, and Fail back delay set to 30 seconds. After the timer expires, port first blocks the traffic and then port starts forwarding the traffic. Switch B Switch C Port 1...

  • Page 520: Fusenet

    Note: When you use the Ring/Network Coupling protocol to couple a network to the main ring, verify that the networks contain only Hirschmann devices. Use the following table to select the FuseNet coupling protocol to be used in your network:...

  • Page 521: Subring

    Redundancy 12.8 Subring 12.8 Subring Sub Ring function is an extension of the Media Redundancy Protocol (MRP). This function lets you couple a subring to a main ring using various network structures. The Subring protocol provides redundancy for devices by coupling both ends of an otherwise flat network to a main ring.
  • Page 522 Redundancy 12.8 Subring The following figures display examples of possible subring topologies: SRM 1 SRM 2 SRM 3 SRM 4 Figure 44: Example of an overlapping subring structure SRM 1 SRM 2 SRM 3 Figure 45: Special case: A Subring Manager manages 2 subrings (2 instances). The Subring Manager is capable of managing up to 2 instances.

  • Page 523: Subring Example

    Redundancy 12.8 Subring If you use MRP for the main ring and the subring, then specify the VLAN settings as follows: VLAN for the main ring  – on the ring ports of the main ring participants – on the main ring ports of the Subring Manager VLAN for the Subring ...

  • Page 524: Subring Example Configuration

    – Assign the same MRP domain ID to the main ring and subring devices. When you only use Hirschmann devices, the default values suffice for the MRP domain ID. to 255. The default value Note: The...
  • Page 525 Redundancy 12.8 Subring In the Name column, assign a name to the subring.  For this example enter Test In the SRM mode column, select Subring Manager mode.  You thus specify which port for coupling the subring to the main ring becomes the redundant manager.

  • Page 526: 13 Operation Diagnosis

    Operation diagnosis 13.1 Sending SNMP traps 13 Operation diagnosis The device provides you with the following diagnostic tools: Sending SNMP traps  Monitoring the Device Status  Out-of-Band signaling using the signal contact  Port status indication  Event counter at port level ...

  • Page 527: List Of Snmp Traps

    Operation diagnosis 13.1 Sending SNMP traps 13.1.1 List of SNMP traps The following table displays possible SNMP traps sent by the device. Table 31: Possible SNMP traps Name of the SNMP trap Meaning authenticationFailure When a station attempts to access an agent without authorisation, this trap is sent.

  • Page 528: Snmp Traps For Configuration Activity

    Operation diagnosis 13.1 Sending SNMP traps 13.1.2 SNMP traps for configuration activity After you save a configuration in the memory, the device sends a hm2ConfigurationSavedTrap. This SNMP trap contains both the Non-Volatile Memory (NVM) and External Non-Volatile Memory (ENVM) state variables indicating whether the running configuration is in sync with the NVM, and with the ENVM.

  • Page 529: Monitoring The Device Status

    Operation diagnosis 13.2 Monitoring the Device Status 13.2 Monitoring the Device Status The device status provides an overview of the overall condition of the device. Many process visualization systems record the device status for a device in order to present its condition in graphic form.

  • Page 530: Configuring The Device Status

    Operation diagnosis 13.2 Monitoring the Device Status 13.2.2 Configuring the Device Status Perform the following steps: Open the dialog, tab. Diagnostics > Status Configuration > Device Status Global  For the parameters to be monitored, mark the checkbox in the Monitor column.
  • Page 531 Operation diagnosis 13.2 Monitoring the Device Status Monitors the temperature in the device. When the device-status monitor temperature temperature exceeds or falls below the specified limit, the value in the Device status frame changes to error. Monitors the modules. When you remove a module device-status monitor module-removal from the device, the value in the Device status...

  • Page 532: Displaying The Device Status

    Operation diagnosis 13.2 Monitoring the Device Status 13.2.3 Displaying the Device Status Perform the following steps: Open the dialog. Basic Settings > System  In the EXEC Privilege mode: Displays the device show device-status all status and the setting for the device status determination.

  • Page 533: Security Status

    Operation diagnosis 13.3 Security Status 13.3 Security Status The Security Status provides an overview of the overall security of the device. Many processes aid in system visualization by recording the security status of the device and then presenting its condition in graphic form. The device displays the overall security status in the Basic Settings >...

  • Page 534: Configuring The Security Status

    Operation diagnosis 13.3 Security Status Table 33: Security Status events (cont.) Name Meaning IEC61850-MMS active The device monitors the IEC 61850-MMS protocol activation setting. Modbus TCP active The device monitors the Modbus TCP/IP protocol activation setting. Self-signed HTTPS certificate The device monitors the HTTPS server for self-created digital present certificates.
  • Page 535 Operation diagnosis 13.3 Security Status Monitors the HTTP server. When you enable the security-status monitor http-enabled HTTP server, the value in the Security status frame changes to error. Monitors the SNMP server. security-status monitor snmp-unsecure When at least one of the following conditions applies, the value in the Security status frame...

  • Page 536: Displaying The Security Status

    Operation diagnosis 13.3 Security Status 13.3.3 Displaying the Security Status Perform the following steps: Open the dialog. Basic Settings > System  In the EXEC Privilege mode, display the security show security-status all status and the setting for the security status determination.

  • Page 537: Out-Of-Band Signaling

    Operation diagnosis 13.4 Out-of-Band signaling 13.4 Out-of-Band signaling The device uses the signal contact to control external devices and monitor device functions. Function monitoring enables you to perform remote diagnostics. The device reports the operating status using a break in the potential-free signal contact (relay contact, closed circuit) for the selected mode.

  • Page 538: Monitoring The Device And Security Statuses

    Operation diagnosis 13.4 Out-of-Band signaling Select the manual setting mode for signal contact signal-contact 1 mode manual Open signal contact signal-contact 1 state open Close signal contact signal-contact 1 state closed 13.4.2 Monitoring the Device and Security Statuses In the Configuration field, you specify which events the signal contact indicates.
  • Page 539 Operation diagnosis 13.4 Out-of-Band signaling Monitors the ring redundancy. signal-contact 1 monitor ring- redundancy The signal contact opens in the following situations: • The redundancy function becomes active (loss of redundancy reserve). • The device is a normal ring participant and detects an error in its settings.
  • Page 540 Operation diagnosis 13.4 Out-of-Band signaling Events which can be monitored Table 34: Device Status events Name Meaning Temperature When the temperature exceeds or falls below the value specified. Ring redundancy When ring redundancy is present, enable this function to monitor. Enable this function to monitor every port link event in which the Connection errors Propagate connection error...

  • Page 541: Port Status Indication

    Operation diagnosis 13.5 Port status indication 13.5 Port status indication Perform the following steps: Open the Basic Settings > System dialog.  The dialog displays the device with the current configuration. Furthermore, the dialog indicates the status of the individual ports with a symbol. The following symbols represent the status of the individual ports.

  • Page 542: Port Event Counter

    Operation diagnosis 13.6 Port event counter 13.6 Port event counter The port statistics table lets experienced network administrators identify possible detected problems in the network. This table displays the contents of various event counters. The packet counters add up the events sent and the events received.
  • Page 543 Operation diagnosis 13.6 Port event counter  Electromagnetic interference. Network extension  The network extension is too great, or too many cascading hubs. Collisions, Late Collisions  In full-duplex mode, no incrementation of the port counters for collisions or Late Collisions. CRC Error ...

  • Page 544: Auto-Disable

    Operation diagnosis 13.7 Auto-Disable 13.7 Auto-Disable The device can disable a port due to several configurable reasons. Each reason causes the port to “shut down”. In order to recover the port from the shut down state, you can manually clear the condition which caused the port to shut down or specify a timer to automatically re-enable the port.
  • Page 545 Operation diagnosis 13.7 Auto-Disable In the Action column you can choose how the device reacts to detected errors. In this  example, the device disables port for threshold violations and then automatically re- enables the port. To allow the device to disable and automatically re-enable the port, select the value ...

  • Page 546: Displaying The Sfp Status

    Operation diagnosis 13.8 Displaying the SFP status 13.8 Displaying the SFP status The SFP status display lets you look at the current SFP module connections and their properties. The properties include: module type  serial number of media module  temperature in º...

  • Page 547: Topology Discovery

    Operation diagnosis 13.9 Topology discovery 13.9 Topology discovery IEEE 802.1AB defines the Link Layer Discovery Protocol (LLDP). LLDP lets the user automatically detect the LAN network topology. Devices with LLDP active: broadcast their connection and management information to neighboring devices on the shared ...

  • Page 548: Lldp-Med

    Operation diagnosis 13.9 Topology discovery If you connect the port to devices with the topology discovery function active, then the devices exchange LLDP Data Units (LLDPDU) and the topology table displays these neighboring devices. When a port connects only devices without an active topology discovery, the table contains a line for this port to represent the connected devices.

  • Page 549: Detecting Loops

    Operation diagnosis 13.10 Detecting loops 13.10 Detecting loops Loops in the network cause connection interruptions or data losses. This also applies to temporary loops. The automatic detection and reporting of this situation lets you detect it faster and diagnose it more easily. An incorrect configuration causes loops, for example, deactivating Spanning Tree.

  • Page 550: Reports

    Operation diagnosis 13.11 Reports 13.11 Reports The following lists reports and buttons available for diagnostics: System Log file  The log file is an HTML file in which the device writes device-internal events. Audit Trail  Logs successful commands and user comments. The file also includes SNMP logging. Persistent Logging ...
  • Page 551 Operation diagnosis 13.11 Reports When you activate the logging of SNMP requests, the device logs the requests as events in the Syslog. The Log SNMP get request function logs user requests for device configuration information. Log SNMP set request function logs device configuration events. Specify the minimum level for events that the device logs in the Syslog.

  • Page 552: Syslog

    Operation diagnosis 13.11 Reports 13.11.2 Syslog The device enables you to send messages about device internal events to one or more Syslog servers (up to 8). Additionally, you also include SNMP requests to the device as events in the Syslog. Note: To display the logged events, open the Diagnostics >...

  • Page 553: System Log

    Operation diagnosis 13.11 Reports Server IP Port Max. Severity Type Status ----- -------------- ----- -------------- ---------- ------- 10.0.1.159 error systemlog active Change to the Configuration mode. configure Logs SNMP GET requests. logging snmp-requests get operation The value specifies the severity level of the event logging snmp-requests get severity 5 that the device logs in case of SNMP GET requests.
  • Page 554 Operation diagnosis 13.11 Reports The following list contains log events: changes to configuration parameters  Commands (except commands) using the Command Line Interface  show Command using the Command Line Interface which logs the  logging audit-trail <string> comment Automatic changes to the System Time ...

  • Page 555: Network Analysis With Tcpdump

    Operation diagnosis 13.12 Network analysis with TCPdump 13.12 Network analysis with TCPdump Tcpdump is a packet-sniffing UNIX utility used by network administrators to sniff and analyze traffic on a network. A couple of reasons for sniffing traffic on a network is to verify connectivity between hosts, or to analyze the traffic traversing the network.

  • Page 556: Monitoring The Data Traffic

    Operation diagnosis 13.13 Monitoring the data traffic 13.13 Monitoring the data traffic The device lets you forward data packets that pass through the device to a destination port. There you can monitor and evaluate the data packets. The device provides you with the following options: Port Mirroring ...
  • Page 557 Operation diagnosis 13.13 Monitoring the data traffic Enabling the Port Mirroring function Perform the following steps: Open the dialog. Diagnostics > Ports > Port Mirroring  Specify the source ports.  Mark the checkbox in the Enabled column for the relevant ports. Specify the destination port.

  • Page 558: Self-Test

    Operation diagnosis 13.14 Self-test 13.14 Self-test The device checks its assets during the boot process and occasionally thereafter. The device checks system task availability or termination and the available amount of memory. Furthermore, the device checks for application functionality and any hardware degradation in the chip set. If the device detects a loss in integrity, then the device responds to the degradation with a user- defined action.
  • Page 559 Operation diagnosis 13.14 Self-test Perform the following steps: Open the Diagnostics > System > Selftest dialog.  In the Action column, specify the action to perform for a cause.  To save the changes temporarily, click the button.  Change to the Privileged EXEC mode. enable Change to the Configuration mode.

  • Page 560: Copper Cable Test

    Operation diagnosis 13.15 Copper cable test 13.15 Copper cable test Use this feature to test copper cables attached to an interface for a short or open circuit. The test interrupts traffic flow, when in progress, on this port. The table displays the state and lengths of each individual pair. The device returns a result with the following meaning: normal - indicates that the cable is operating properly ...

  • Page 561: 14 Advanced Functions Of The Device

    Advanced functions of the device 14.1 Using the device as a DHCP server 14 Advanced functions of the device 14.1 Using the device as a DHCP server A DHCP server ("Dynamic Host Configuration Protocol") assigns IP addresses, Gateways, and other networking definitions such as DNS and NTP parameters to clients. The DHCP operations fall into 4 basic phases: IP discovery, IP lease offer, IP request, and IP lease acknowledgment.

  • Page 562: Dhcp Server Static Ip Address Example

    Advanced functions of the device 14.1 Using the device as a DHCP server 14.1.2 DHCP server static IP address example In this example, configure the device to allocate a static IP address to a port. The device recognizes clients with unique hardware identification. The Hardware ID in this case is the client MAC address 00:24:E8:D6:50:51.

  • Page 563: Dhcp Server Dynamic Ip Address Range Example

    Advanced functions of the device 14.1 Using the device as a DHCP server 14.1.3 DHCP server dynamic IP address range example The device lets you create dynamic IP address ranges. Leave the address, Client Remote ID Circuit ID fields empty. To create dynamic IP address ranges with gaps between the ranges add several entries to the table.

  • Page 564: Dhcp L2 Relay

    Advanced functions of the device 14.2 DHCP L2 Relay 14.2 DHCP L2 Relay A network administrator uses the DHCP Layer 2 Relay agent to add DHCP client information. This information is required by Layer 3 Relay agents and DHCP servers to assign an address and configuration to a client.

  • Page 565: Dhcp L2 Relay Configuration

    Advanced functions of the device 14.2 DHCP L2 Relay 14.2.2 DHCP L2 Relay configuration Advanced > DHCP L2 Relay > Configuration dialog lets you activate the function on the active ports and on the VLANs. The device forwards DHCP packets with Option 82 information on those ports for which the checkbox in the DHCP L2 Relay column and in the...
  • Page 566 Advanced functions of the device 14.2 DHCP L2 Relay Verify that VLAN 2 is present then perform the following steps on Switch 1: Configure VLAN 2, and specify port as a member of VLAN 2.  Change to the Privileged EXEC mode. enable Change to the VLAN configuration mode.

  • Page 567: Garp

    Advanced functions of the device 14.3 GARP 14.3 GARP The Generic Attribute Registration Protocol (GARP) is defined by the IEEE to provide a generic framework so switches can register and deregister attribute values, such as VLAN identifiers and Multicast group membership. If an attribute for a participant is registered or deregistered according to the function, then the GARP...

  • Page 568: Configuring Gvrp

    Advanced functions of the device 14.3 GARP 14.3.2 Configuring GVRP You use the GVRP function to allow the device to exchange VLAN configuration information with other GVRP devices. Thus reducing unnecessary Broadcast and unknown Unicast traffic. Besides function dynamically creates and manages VLANs on devices connected through GVRP 802.1Q trunk ports.

  • Page 569: Mrp-Ieee

    Advanced functions of the device 14.4 MRP-IEEE 14.4 MRP-IEEE The IEEE 802.1ak amendment to the IEEE 802.1Q standard introduced the Multiple Registration Protocol (MRP) to replace the Generic Attribute Registration Protocol (GARP). The IEEE also modified and replaced the GARP applications, GARP Multicast Registration Protocol (GMRP) and...

  • Page 570: Mmrp

    Advanced functions of the device 14.4 MRP-IEEE The following list contains various MRP events that the device transmits: Join - Controls the interval for the next Join message transmission  Leave - Controls the length of time that a switch waits in the Leave state before changing to the ...

  • Page 571: Mvrp

    Advanced functions of the device 14.4 MRP-IEEE To enable the MMRP function on the switches, proceed as follows. Perform the following steps: Open the dialog, tab. Switching > MRP-IEEE > MMRP Configuration  To activate port and port MMRP participants, mark the checkbox in the MMRP column ...
  • Page 572 Advanced functions of the device 14.4 MRP-IEEE MVRP example Set up a network comprised of MVRP aware switches (1 - 4) connected in a ring topology with end device groups, A1, A2, B1, and B2 in 2 different VLANs, A and B. With STP enabled on the switches, the ports connecting switch 1 to switch 4 are in the discarding state, helping prevent a loop condition.
  • Page 573 Advanced functions of the device 14.4 MRP-IEEE Enabling the MVRP function on the port. mrp-ieee mvrp operation Change to the interface configuration mode of interface 1/2 interface Enabling the function on the port. mrp-ieee mvrp operation MVRP Change to the Configuration mode. exit Enabling the Periodic state machine...

  • Page 574: 15 Industry Protocols

    With the creation of the first optical LAN to be active worldwide, at the University of Stuttgart in 1984, Hirschmann laid the foundation for industry-compatible office communication devices. Thanks to Hirschmann's initiative with the world's first rail hub in the 1990s, Ethernet transmission devices such as switches, routers and firewalls are now available for the toughest automation conditions.

  • Page 575: Iec 61850/Mms

    Industry Protocols 15.1 IEC 61850/MMS 15.1 IEC 61850/MMS IEC 61850/MMS is an industrial communication protocol standardized by the International Electrotechnical Commission (IEC). The protocol is to be found in substation automation, for example in the control technology of energy suppliers. This protocol, which works in a packet-oriented way, is based on the TCP/IP transport protocol and uses the Manufacturing Messaging Specification (MMS) for the client-server communication.

  • Page 576: Integration Into A Control System

    Industry Protocols 15.1 IEC 61850/MMS Table 38: Classes of the bridge model based on TR IEC61850 90-4 (cont.) Class Description logical node: LN LCCF Channel Communication Filtering Defines the VLAN and Multicast settings for the higher-level Communication Channel LN LBSP logical node: Port Spanning Tree Protocol Defines the Spanning Tree statuses and settings for the respective physical...
  • Page 577 Industry Protocols 15.1 IEC 61850/MMS Monitoring the device The IEC61850/MMS server integrated into the device lets you monitor multiple statuses of the device by means of the Report Control Block (RCB). Up to 5 MMS clients can register for a Report Control Block at the same time.

  • Page 578: Modbus Tcp

    Industry Protocols 15.2 Modbus TCP 15.2 Modbus TCP Modbus TCP is an application layer messaging protocol providing client/server communication between the client and devices connected in Ethernet TCP/IP networks. Modbus TCP function lets you install the device in networks already using Modbus TCP retrieve information saved in the registers in the device.
  • Page 579 Industry Protocols 15.2 Modbus TCP F4: Enumeration - port type  – 0 = Giga - Gigabit Interface Converter (GBIC) – 1 = Copper - Twisted Pair (TP) – 2 = Fiber - 10 Mb/s – 3 = Fiber - 100 Mb/s –...
  • Page 580 Industry Protocols 15.2 Modbus TCP Port Statistics Table 41: Port Statistics Address Description Step Unit Format 0800 Port1 - Number of bytes received 4294967295 0802 Port1 - Number of bytes sent 4294967295 0804 Port1 - Number of frames received 4294967295 0806 Port1 - Number of frames sent 4294967295...

  • Page 581: Example Configuration

    Industry Protocols 15.2 Modbus TCP 15.2.3 Example Configuration In this example, you configure the device to respond to client requests. The prerequisite for this configuration is that the client device is configured with an IP address within the given range. The function remains inactive for this example.
  • Page 582 Industry Protocols 15.2 Modbus TCP Specifies that the device monitors the activation of security-status monitor modbus-tcp- enabled Modbus TCP server. Activates the Modbus TCP server. modbus-tcp operation Specify the TCP port for modbus-tcp port <1..65535> Modbus TCP communication (optionally). The default value is port Display the Modbus TCP...

  • Page 583: A Setting Up The Configuration Environment

    Setting up the configuration environment A.1 Setting up a DHCP/BOOTP server A Setting up the configuration environment Setting up a DHCP/BOOTP server The following example describes the configuration of a DHCP server using the haneWIN DHCP Server software. This shareware software is a product of IT-Consulting Dr. Herbert Hanewinkel. You can download the software from https://www.hanewin.net.
  • Page 584 Setting up the configuration environment A.1 Setting up a DHCP/BOOTP server Figure 56: DHCP setting To enter the configuration profiles, select Options > Configuration Profiles in the menu bar.  Specify the name for the new configuration profile.  Click the button.
  • Page 585 Setting up the configuration environment A.1 Setting up a DHCP/BOOTP server Enter the path and the file name for the configuration file.  Click the Apply button and then the button.  Figure 59: Configuration file on the tftp server Add a profile for each device type.
  • Page 586 Setting up the configuration environment A.1 Setting up a DHCP/BOOTP server Enter the IP address of the device.  Select the configuration profile of the device.  Click the Apply button and then the button.  Figure 63: Entries for static addresses Add an entry for each device that will get its parameters from the DHCP server.

  • Page 587: Setting Up A Dhcp Server With Option 82

    Setting up the configuration environment A.2 Setting up a DHCP server with Option 82 Setting up a DHCP server with Option 82 The following example describes the configuration of a DHCP server using the haneWIN DHCP Server software. This shareware software is a product of IT-Consulting Dr. Herbert Hanewinkel. You can download the software from https://www.hanewin.net.
  • Page 588  Sub-identifier for the type of the Circuit ID  Length of the Circuit ID.  Hirschmann identifier: when a Hirschmann device is connected to the port, otherwise 00. vvvv  VLAN ID of the DHCP request. Default setting: 0001 = VLAN 1 ...
  • Page 589 Setting up the configuration environment A.2 Setting up a DHCP server with Option 82 Switch (Option 82) MAC = IP = 00:80:63:10:9a:d7 192.168.112.100 DHCP Server IP = 192.168.112.1 IP = 192.168.112.100 Figure 70: Application example of using Option 82 UM Config GRS Release 8.0 09/2019...

  • Page 590: Preparing Access Via Ssh

    Setting up the configuration environment A.3 Preparing access via SSH Preparing access via SSH To access the device using SSH, perform the following steps: Generate a key in the device.  Transfer your own key onto the device.  Prepare access to the device in the SSH client program. ...

  • Page 591: Loading Your Own Key Onto The Device

    Setting up the configuration environment A.3 Preparing access via SSH A.3.2 Loading your own key onto the device OpenSSH gives experienced network administrators the option of generating an own key. To generate the key, enter the following commands on your PC: ssh-keygen(.exe) -q -t rsa -f rsa.key -C '' -N '' rsaparam -out rsaparam.pem 2048 The device lets you transfer your own SSH key onto the device.
  • Page 592 Setting up the configuration environment A.3 Preparing access via SSH Figure 71: PuTTY input screen In the Host Name (or IP address) field you enter the IP address of your device.  The IP address (a.b.c.d) consists of 4 decimal numbers with values from to 255.

  • Page 593: Https Certificate

    Setting up the configuration environment A.4 HTTPS certificate HTTPS certificate Your web browser establishes the connection to the device using the HTTPS protocol. The prerequisite is that you enable the HTTPS server function in theDevice Security > Management Access > Server dialog, HTTPS...

  • Page 594: Https Certificate Management

    Setting up the configuration environment A.4 HTTPS certificate A.4.1 HTTPS certificate management A standard certificate according to X.509/PEM (Public Key Infrastructure) is required for encryption. In the default setting, a self-generated certificate is already present in the device. Open the Device Security >...

  • Page 595: Access Through Https

    Setting up the configuration environment A.4 HTTPS certificate A.4.2 Access through HTTPS The default setting for HTTPS data connection is TCP port 443. If you change the number of the HTTPS port, then reboot the device or the HTTPS server. Thus the change becomes effective. Perform the following steps: Open the Device Security >...

  • Page 596: B Appendix

    B Appendix Literature references “Optische Übertragungstechnik in industrieller Praxis”  Christoph Wrobel (ed.) Hüthig Buch Verlag Heidelberg ISBN 3-7785-2262-0 Hirschmann Manual  “Basics of Industrial ETHERNET and TCP/IP” 280 710-834 “TCP/IP Illustrated”, Vol. 1  W.R. Stevens Addison Wesley 1994...

  • Page 597: Maintenance

    Hirschmann is continually working on improving and developing their software. Check regularly whether there is an updated version of the software that provides you with additional benefits. You find information and software downloads on the Hirschmann product pages on the Internet at www.hirschmann.com.

  • Page 598: Management Information Base (Mib)

    Appendix B.3 Management Information Base (MIB) Management Information Base (MIB) The Management Information Base (MIB) is designed in the form of an abstract tree structure. The branching points are the object classes. The "leaves" of the MIB are called generic object classes.
  • Page 599 Appendix B.3 Management Information Base (MIB) Example: The generic object class hm2PSState (OID = 1.3.6.1.4.1.248.11.11.1.1.1.1.2) is the power supply status. However, it is not possible to read description of the abstract information any value from this, as the system does not know which power supply is meant. Specifying the subidentifier maps this abstract information onto reality (instantiates it), thus identifying it as the operating status of power supply 2.
  • Page 600 7 udp 11 snmp 16 rmon 17 dot1dBridge 26 snmpDot3MauMGT Figure 73: Tree structure of the Hirschmann MIB A description of the MIB can be found on the product CD provided with the device. UM Config GRS Release 8.0 09/2019...

  • Page 601: List Of Rfcs

    Appendix B.4 List of RFCs List of RFCs RFC 768 RFC 783 TFTP RFC 791 RFC 792 ICMP RFC 793 RFC 826 RFC 854 Telnet RFC 855 Telnet Option RFC 951 BOOTP RFC 1112 IGMPv1 RFC 1157 SNMPv1 RFC 1155 SMIv1 RFC 1212 Concise MIB Definitions...
  • Page 602 Appendix B.4 List of RFCs RFC 2868 RADIUS Attributes for Tunnel Protocol Support RFC 2869 RADIUS Extensions RFC 2869bis RADIUS support for EAP RFC 2933 IGMP MIB RFC 3164 The BSD Syslog Protocol RFC 3376 IGMPv3 RFC 3410 Introduction and Applicability Statements for Internet Standard Management Framework RFC 3411 An Architecture for Describing Simple Network Management Protocol (SNMP)

  • Page 603: Underlying Ieee Standards

    Appendix B.5 Underlying IEEE Standards Underlying IEEE Standards IEEE 802.1AB Station and Media Access Control Connectivity Discovery IEEE 802.1D MAC Bridges (switching function) IEEE 802.1Q Virtual LANs (VLANs, MRP, Spanning Tree) IEEE 802.1X Port Authentication IEEE 802.3 Ethernet IEEE 802.3ac VLAN Tagging IEEE 802.3x Flow Control...

  • Page 604: Underlying Iec Norms

    Appendix B.6 Underlying IEC Norms Underlying IEC Norms IEC 62439 High availability automation networks MRP – Media Redundancy Protocol based on a ring topology UM Config GRS Release 8.0 09/2019...

  • Page 605: Underlying Ansi Norms

    Appendix B.7 Underlying ANSI Norms Underlying ANSI Norms ANSI/TIA-1057 Link Layer Discovery Protocol for Media Endpoint Devices, April 2006 UM Config GRS Release 8.0 09/2019...

  • Page 606: Technical Data

    Appendix B.8 Technical Data Technical Data Switching Size of the MAC address table 16384 (incl. static filters) Max. number of statically configured MAC address filters Max. number of MAC address filters learnable through IGMP Snooping Max. number of MAC address entries (MMRP) Number of priority queues 8 Queues...

  • Page 607: Copyright Of Integrated Software

    Appendix B.9 Copyright of integrated Software Copyright of integrated Software The product contains, among other things, Open Source Software files developed by third parties and licensed under an Open Source Software license. You can find the license terms in the Graphical User Interface in the Help >...

  • Page 608: Abbreviations Used

    Appendix B.10 Abbreviations used B.10 Abbreviations used Name of the external memory Access Control List BOOTP Bootstrap Protocol Command Line Interface DHCP Dynamic Host Configuration Protocol Forwarding Database Graphical User Interface HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure ICMP Internet Control Message Protocol IEEE...

  • Page 609: C Index

    Index C Index 802.1X ..............55 Access roles .
  • Page 610 Index Edge port ............. . 167, 172 Event log .
  • Page 611 Index Netmask ..............43, 47 Network load .
  • Page 612 Index RADIUS ..............55 RAM (memory) .
  • Page 613 Index Tab Completion ............. . 34 TCN guard .

  • Page 614: D Further Support

    The current manuals and operating instructions for Hirschmann products are available at doc.hirschmann.com. Hirschmann Competence Center The Hirschmann Competence Center is ahead of its competitors on three counts with its complete range of innovative services: Consulting incorporates comprehensive technical advice, from system evaluation through ...

  • Page 615: E Readers' Comments

    Readers’ Comments E Readers’ Comments What is your opinion of this manual? We are constantly striving to provide as comprehensive a description of our product as possible, as well as important information to assist you in the operation of this product. Your comments and suggestions help us to further improve the quality of our documentation.
  • Page 616 Dear User, Please fill out and return this page as a fax to the number +49 (0)7127/14-1600 or  per mail to  Hirschmann Automation and Control GmbH Department 01RD-NT Stuttgarter Str. 45-51 72654 Neckartenzlingen Germany UM Config GRS Release 8.0 09/2019...
  • Page 617 Readers’ Comments UM Config GRS Release 8.0 09/2019...

This manual is also suitable for:

Greyhound grs1030

Table of Contents

Save PDF