Industrial ethernet rail switch power enhanced (68 pages)
Summary of Contents for Hirschmann Greyhound GRS1020
Page 1
Hirschmann Automation and Control GmbH GRS1020-1030 HiOS-2S Rel. 08000 Reference Manual Graphical User Interface User Manual Configuration...
Page 2
Reference Manual Graphical User Interface Greyhound Switch GRS1020-1030 HiOS-2S Technical support RM GUI GRS Release 8.0 09/2019 https://hirschmann-support.belden.com...
Page 3
This document was produced by Hirschmann Automation and Control GmbH according to the best of the company's knowledge. Hirschmann reserves the right to change the contents of this document without prior notice. Hirschmann can give no guarantee in respect of the correctness or accuracy of the information in this document.
Safety instructions Safety instructions WARNING UNCONTROLLED MACHINE ACTIONS To avoid uncontrolled machine actions caused by data loss, configure all the data transmission devices individually. Before you start any machine which is controlled via data transmission, be sure to complete the configuration of all data transmission devices.
About this Manual About this Manual The “Configuration” user manual contains the information you need to start operating the device. It takes you step by step from the first startup operation through to the basic settings for operation in your environment. The “Installation”...
The designations used in this manual have the following meanings: List Work step Link Cross-reference with link Note: A note emphasizes a significant fact or draws your attention to a dependency. Representation of a CLI command or field contents in the graphical user interface Courier Execution in the Graphical User Interface Execution in the Command Line Interface...
Notes on the Graphical User Interface Notes on the Graphical User Interface The Graphical User Interface of the device is divided as follows: Navigation area Dialog area Buttons Navigation area The Navigation area is located on the left side of the Graphical User Interface. The Navigation area contains the following elements: Toolbar ...
Page 12
Notes on the Graphical User Interface Clicking the button logs out the current user and displays the login page. Displays the remaining time in seconds until the device automatically logs out an inactive user. Clicking the button opens the Device Security > Management Access > Web dialog.
Page 13
Notes on the Graphical User Interface Menu The menu displays the menu items. You have the option of filtering the menu items. See section “Filter”. To display the corresponding dialog in the dialog area, you click the desired menu item. If the selected menu item is a node containing sub-items, then the node expands or collapses while clicking.
Page 14
Notes on the Graphical User Interface Working with tables The dialogs display numerous settings in table form. When you modify a table cell, the table cell displays a red mark in its top-left corner. The red mark indicates that your modifications are not yet transfered to the volatile memory (RAM) of the device. You have the option of customizing the look of the tables to fit your needs.
Page 15
Notes on the Graphical User Interface Updates the fields with the values that are saved in the volatile memory (RAM) of the device. Transfers the settings from the volatile memory (RAM) into the configuration profile designated as “Selected” in the non-volatile memory (NVM). When in the Basic Settings >...
Basic Settings [ Basic Settings > System ] 1 Basic Settings The menu contains the following dialogs: System Modules Network Software Load/Save External Memory Port Restart System [ Basic Settings > System ] In this dialog, you monitor individual operating statuses.
Page 18
Basic Settings [ Basic Settings > System ] Security status The fields in this frame display the security status and inform you about alarms that have occurred. When an alarm currently exists, the frame is highlighted. You specify the parameters that the device monitors in the Diagnostics >...
Page 19
Basic Settings [ Basic Settings > System ] Possible values: Alphanumeric ASCII character string with 0..255 characters The following characters are allowed: – 0..9 a..z – – A..Z – !#$%&'()*+,-./:;<=>?@[\\]^_`{}~ – <device name>-<MAC address> (default setting) When creating HTTPS X.509 certificates, the application generating the certificate uses the specified value as the domain name and common name.
Page 20
Basic Settings [ Basic Settings > System ] Temperature [°C] Displays the current temperature in the device in °C. You activate the monitoring of the temperature thresholds in the Diagnostics > Status Configuration > Device Status dialog. Upper temp. limit [°C] Specifies the upper temperature threshold in °C.
Page 21
Basic Settings [ Basic Settings > System ] Parameters Color Meaning No external memory connected. The external memory is connected, but not ready for operation. The external memory is connected and ready for operation. Port status This frame displays a simplified view of the ports of the device at the time of the last update. The icons represent the status of the individual ports.
Basic Settings [ Basic Settings > Modules ] Modules [ Basic Settings > Modules ] The device lets you install or remove the modules during operation (hot-plug). As long as the Ethernet module status column displays the value configurable you can configure the module and save its preferences.
Page 23
Basic Settings [ Basic Settings > Modules ] Table Ethernet module Displays the number of the slot to which the entry refers. Active Activates/deactivates the slot. Possible values: marked (default setting) The slot is active. The device recognizes a module installed in this slot. unmarked ...
Page 24
Basic Settings [ Basic Settings > Modules ] Buttons You find the description of the standard buttons in section “Buttons” on page Remove Ethernet module Removes the selected Ethernet module from the table. RM GUI GRS Release 8.0 09/2019...
Basic Settings [ Basic Settings > Network ] Network [ Basic Settings > Network ] This dialog lets you specify the IP, VLAN and HiDiscovery settings required for the access to the device management through the network. Management interface This frame lets you specify the following settings: The source from which the device management receives its IP parameters ...
Page 26
This frame lets you specify settings for the access to the device using the HiDiscovery protocol. On a PC, the HiDiscovery software displays the Hirschmann devices that can be accessed in the network on which the HiDiscovery function is enabled. You can access these devices even if they have invalid or no IP parameters assigned.
Page 27
Basic Settings [ Basic Settings > Network ] Signal Activates/deactivates the flashing of the port LEDs as does the function of the same name in the HiDiscovery software. The function lets you identify the device in the field. Possible values: marked ...
Basic Settings [ Basic Settings > Software ] Software [ Basic Settings > Software ] This dialog lets you update the device software and display information about the device software. You also have the option to restore a backup of the device software saved in the device. Note: Before updating the device software, follow the version-specific notes in the Readme text file.
Page 29
Basic Settings [ Basic Settings > Software ] The device gives you the following options for updating the device software: Software update from the PC When the file is located on your PC or on a network drive, drag and drop the file in the area.
Page 30
Basic Settings [ Basic Settings > Software ] For the device software in the flash memory, the index has the following meaning: Upon restart, the device loads this device software. The device copied this device software into the backup area during the last software update. File name Displays the device-internal file name of the device software.
Basic Settings [ Basic Settings > Load/Save ] Load/Save [ Basic Settings > Load/Save ] This dialog lets you save the device settings permanently in a configuration profile. The device can hold several configuration profiles. When you activate an alternative configuration profile, you change to other device settings.
Page 32
Basic Settings [ Basic Settings > Load/Save ] Possible values: marked The configuration encryption is active. If the configuration profile is encrypted and the password matches the password stored in the device, then the device loads a configuration profile from the non-volatile memory (NVM). unmarked ...
Page 33
Basic Settings [ Basic Settings > Load/Save ] Delete Opens the Delete window which helps you to cancel the configuration encryption in the device. In the Old password field, enter the existing password. To display the password in plain text instead of ***** (asterisks), mark the Display content checkbox.
Page 34
Basic Settings [ Basic Settings > Load/Save ] Possible values: Enabled Backup config on a remote server when saving function is enabled. When you save the configuration profile in the non-volatile memory (NVM), the device automatically backs up the configuration profile on the remote server specified in the field.
Page 35
Basic Settings [ Basic Settings > Load/Save ] Undo configuration modifications Operation Enables/disables the Undo configuration modifications function. Using the function, the device continuously checks whether it can still be reached from the IP address of the user’s PC. If the connection is lost, after a specified time period the device loads the “Selected”...
Page 36
Basic Settings [ Basic Settings > Load/Save ] Possible values: (volatile memory of the device) In the volatile memory, the device stores the settings for the current operation. (non-volatile memory of the device) When applying the function Undo configuration modifications or during a restart, the device loads the “Selected”...
Page 37
Basic Settings [ Basic Settings > Load/Save ] Encrypted Displays whether the configuration profile is encrypted. Possible values: marked The configuration profile is encrypted. unmarked The configuration profile is unencrypted. You activate/deactivate the encryption of the configuration profile in the Configuration encryption frame.
Page 38
Basic Settings [ Basic Settings > Load/Save ] The device verifies the checksum correctly only if the configuration profile has been saved before as follows: • on an identical device • with the same software version, which the device is running Note: This function identifies changes to the settings in the configuration profile.
Page 39
Basic Settings [ Basic Settings > Load/Save ] Select Designates the configuration profile highlighted in the table as “Selected”. In the Selected column, the checkbox is then marked. When applying the function Undo configuration modifications or during a restart, the device loads the settings of this configuration profile to the volatile memory (RAM).
Page 40
Basic Settings [ Basic Settings > Load/Save ] When External memory is selected above, in the Import profile from external memory frame you specify the configuration profile file to be imported. In the Profile name drop-down list, select the name of the configuration profile to be imported. In the Destination frame you specify where the device saves the imported configuration profile.
Page 41
Basic Settings [ Basic Settings > Load/Save ] Load running-config as script running config Imports a script file which modifies the current configuration profile. The device gives you the following options to import a script file: Import from the PC ...
Basic Settings [ Basic Settings > External Memory ] External Memory [ Basic Settings > External Memory ] This dialog lets you activate functions that the device automatically executes in combination with the external memory. The dialog also displays the operating state and identifying characteristics of the external memory.
Page 43
Basic Settings [ Basic Settings > External Memory ] Status Displays the operating state of the external memory. Possible values: notPresent No external memory connected. removed Someone has removed the external memory from the device during operation. The external memory is connected and ready for operation.
Page 44
Basic Settings [ Basic Settings > External Memory ] Possible values: marked (default setting) The loading of the RSA key is activated. During a restart, the device loads the RSA key from the external memory when the following files are located in the external memory: –...
Page 45
Basic Settings [ Basic Settings > External Memory ] Version Displays the version number specified by the memory manufacturer. Name Displays the product name specified by the memory manufacturer. Serial number Displays the serial number specified by the memory manufacturer. Buttons You find the description of the standard buttons in section “Buttons”...
Basic Settings [ Basic Settings > Port ] Port [ Basic Settings > Port ] This dialog lets you specify settings for the individual ports. The dialog also displays the operating mode, connection status, bit rate and duplex mode for every port. The dialog contains the following tabs: [Configuration] ...
Page 47
Basic Settings [ Basic Settings > Port ] Possible values: marked The port is physically enabled. unmarked The port is physically disabled. When the Port on function is active, the Auto-Disable function has disabled the port. You specify the settings of the function in the Auto-Disable Diagnostics >...
Page 49
Basic Settings [ Basic Settings > Port ] Flow control Activates/deactivates the flow control on the port. Possible values: marked (default setting) The Flow control on the port is active. The sending and evaluating of pause packets (full-duplex operation) or collisions (half-duplex operation) is activated on the port.
Page 50
Basic Settings [ Basic Settings > Port ] Possible values: marked Link monitoring function is active. If the device recognizes an established link, then the port LED illuminates. If the device recognizes that a link has been lost, then the port LED extinguishes. unmarked (default setting) ...
Page 51
Basic Settings [ Basic Settings > Port ] To reset the counter for the port statistics in the table to 0, proceed as follows: In the Basic Settings > Port dialog, click the button and then the Clear port statistics item.
Page 52
Basic Settings [ Basic Settings > Port ] Control interval [s] Specifies the interval in seconds. Possible values: 1..3600 (default setting: 30) Alarm Displays the utilization alarm status. Possible values: marked The utilization of the port is below the value specified in the Lower threshold [%] column or above the value specified in the...
Basic Settings [ Basic Settings > Restart ] Restart [ Basic Settings > Restart ] This dialog lets you restart the device, reset port counters and address tables, and delete log files. Restart Restart in Displays the remaining time until the device restarts. To update the display of the remaining time, click the button.
Page 54
Basic Settings [ Basic Settings > Restart ] Reset ARP table Removes the dynamically set up addresses from the ARP table. See the Diagnostics > System > ARP dialog. Clear port statistics Resets the counter for the port statistics to 0. See the dialog, tab.
Time [ Time > Basic Settings ] 2 Time The menu contains the following dialogs: Basic Settings SNTP Basic Settings [ Time > Basic Settings ] The device is equipped with a buffered hardware clock. This clock maintains the correct time if the power supply fails or you disconnect the device from the power supply.
Time [ Time > Basic Settings ] Possible values: local System clock of the device. sntp SNTP client is activated and the device is synchronized by an SNTP server. Local offset [min] Specifies the difference between the local time and System time (UTC) in minutes: Local offset [min]...
Page 57
Time [ Time > Basic Settings ] Summertime begin In the first 3 fields you specify the day for the beginning of summertime, and in the last field the time. When the time in the field reaches the value entered here, the device switches to System time summertime.
Page 58
Time [ Time > Basic Settings ] System time Specifies the time. Possible values: <HH:MM> (default setting: 00:00) Summertime end In the first 3 fields you specify the day for the end of summertime, and in the last field the time. When the time in the System time field reaches the value entered here, the device switches to...
Time [ Time > SNTP ] June July August September October November December System time Specifies the time. Possible values: <HH:MM> (default setting: 00:00) Buttons You find the description of the standard buttons in section “Buttons”...
Page 60
Time [ Time > SNTP > Client ] 2.2.1 SNTP Client [ Time > SNTP > Client ] In this dialog, you specify the settings with which the device operates as an SNTP client. As an SNTP client the device obtains the time information from both SNTP servers and servers...
Page 61
Time [ Time > SNTP > Client ] Possible values: 128..2048 (default setting: 320) Disable client after successful sync Activates/deactivates the disabling of the SNTP client after the device has successfully synchronized the time. Possible values: marked The disabling of the SNTP client is active.
Page 62
Time [ Time > SNTP > Client ] After starting, the device sends requests to the SNTP server configured in the first table entry. When the server does not reply, the device sends its requests to the SNTP server configured in the next table entry.
Page 63
Time [ Time > SNTP > Client ] serverUnsychronized SNTP server is not synchronized with either a local or an external reference time source - synchronization failed. versionNotSupported SNTP versions on the client and the server are incompatible with each other - synchronization failed.
Time [ Time > SNTP > Server ] 2.2.2 SNTP Server [ Time > SNTP > Server ] In this dialog, you specify the settings with which the device operates as an SNTP server. SNTP server provides the Universal Time Coordinated (UTC) without considering local time differences.
Page 65
Time [ Time > SNTP > Server ] Possible values: Valid IPv4 address (default setting: 0.0.0.0) Broadcast and Multicast addresses are permitted. Broadcast UDP port Specifies the number of the UDP port on which the SNTP server sends the SNTP packets in Broadcast mode.
Page 66
Time [ Time > SNTP > Server ] Possible values: disabled SNTP server is disabled. notSynchronized SNTP server is not synchronized with either a local or an external reference time source. syncToLocal SNTP server is synchronized with the hardware clock of the device. syncToRefclock ...
Device Security [ Device Security > User Management ] 3 Device Security The menu contains the following dialogs: User Management Authentication List Management Access Pre-login Banner User Management [ Device Security > User Management ] If users log in with valid login data, then the device lets them have access to its device management.
Page 68
Device Security [ Device Security > User Management ] The device checks the password according to this setting, regardless of the setting for the Policy check checkbox. Possible values: 1..64 (default setting: 6) Password policy This frame lets you specify the policy for valid passwords. The device checks every new password and password change according to this policy.
Page 69
Device Security [ Device Security > User Management ] Table Every user requires an active user account to gain access to the device management. The table lets you set up and manage user accounts. To change settings, click the desired parameter in the table and modify the value. User name Displays the name of the user account.
Page 70
Device Security [ Device Security > User Management ] Possible values: unauthorized The user is blocked, and the device rejects the user log on. Assign this value to temporarily lock the user account. If the device detects an error when another role is being assigned, then the device assigns this role to the user account.
Page 71
Device Security [ Device Security > User Management ] Possible values: hmacmd5 (default value) For this user account, the device uses protocol HMACMD5. hmacsha For this user account, the device uses protocol HMACSHA. SNMP encryption type Specifies the encryption protocol that the device applies for user access via SNMPv3. Possible values: none ...
Device Security [ Device Security > Authentication List ] Authentication List [ Device Security > Authentication List ] In this dialog you manage the authentication lists. In a authentication list you specify which method the device uses for the authentication. You also have the option to assign pre-defined applications to the authentication lists.
Page 73
Device Security [ Device Security > Authentication List ] Possible values: local (default setting) The device authenticates the users by using the local user management. See the Device Security > User Management dialog. You cannot assign this value to the authentication list defaultDot1x8021AuthList. radius ...
Page 74
Device Security [ Device Security > Authentication List ] Buttons You find the description of the standard buttons in section “Buttons” on page Allocate applications Opens the Allocate applications window. The left field displays the applications that can be allocated to the highlighted list. ...
Device Security [ Device Security > Management Access > Server ] 3.3.1 Server [ Device Security > Management Access > Server ] This dialog lets you set up the server services which enable users or applications to access the management of the device. The dialog contains the following tabs: [Information] ...
Page 77
Device Security [ Device Security > Management Access > Server ] Possible values: marked Server service is active. unmarked Server service is inactive. Telnet server Displays whether the server service is active or inactive, which authorizes access to the device using Telnet.
Page 78
Device Security [ Device Security > Management Access > Server ] Buttons You find the description of the standard buttons in section “Buttons” on page [SNMP] This tab lets you specify settings for the SNMP agent of the device and to enable/disable access to the device with different SNMP versions.
Page 79
Device Security [ Device Security > Management Access > Server ] UDP port Specifies the number of the UDP port on which the SNMP agent receives requests from clients. Possible values: 1..65535 (default setting: 161) Exception: Port 2222 is reserved for internal functions. To enable the SNMP agent to use the new port after a change, you proceed as follows: Click the button.
Page 80
Device Security [ Device Security > Management Access > Server ] Possible values: (default setting) The Telnet server is enabled. The access to the device management is possible through the Command Line Interface using an unencrypted Telnet connection. The Telnet server is disabled.
Page 81
Device Security [ Device Security > Management Access > Server ] [SSH] This tab lets you enable/disable the SSH server in the device and specify its settings required for SSH. The server works with SSH version 2. The SSH server enables access to the device management remotely through the Command Line Interface.
Page 82
Device Security [ Device Security > Management Access > Server ] Sessions Displays how many SSH connections are currently established to the device. Sessions (max.) Specifies the maximum number of SSH connections to the device that can be set up simultaneously.
Page 83
Device Security [ Device Security > Management Access > Server ] Length of the key created: 2048 bit (RSA) To get the SSH server to use the generated host key, re-enable the SSH server. Alternatively, you have the option to copy your own host key to the device in PEM format. See the Key import frame.
Page 84
Device Security [ Device Security > Management Access > Server ] Start Copies the key specified in the field to the device. Buttons You find the description of the standard buttons in section “Buttons” on page [HTTP] This tab lets you enable/disable the HTTP protocol for the web server and specify the settings required for HTTP.
Page 85
Device Security [ Device Security > Management Access > Server ] Possible values: 1..65535 (default setting: 80) Exception: Port 2222 is reserved for internal functions. Buttons You find the description of the standard buttons in section “Buttons” on page [HTTPS] This tab lets you enable/disable the HTTPS protocol for the web server and specify the settings required for HTTPS.
Page 86
Device Security [ Device Security > Management Access > Server ] Configuration TCP port Specifies the number of the TCP port on which the web server receives HTTPS requests from clients. Possible values: 1..65535 (default setting: 443) Exception: Port 2222 is reserved for internal functions.
Page 87
Device Security [ Device Security > Management Access > Server ] Create Generates a digital certificate in the device. Until restarting the web server uses the previous certificate. To get the web server to use the newly generated certificate, restart the web server. Restarting the web server is possible only through the Command Line Interface.
Page 88
Device Security [ Device Security > Management Access > Server ] The device gives you the following options for copying the certificate to the device: Import from the PC When the certificate is located on your PC or on a network drive, drag and drop the certificate in the area.
Device Security [ Device Security > Management Access > IP Access Restriction ] 3.3.2 IP Access Restriction [ Device Security > Management Access > IP Access Restriction ] This dialog enables you to restrict the access to the device management to specific IP address ranges and selected IP-based applications.
Page 90
Device Security [ Device Security > Management Access > IP Access Restriction ] Possible values: Valid IPv4 address (default setting: 0.0.0.0) Netmask Specifies the range of the network specified in the Address column. Possible values: Valid netmask (default setting: 0.0.0.0) ...
Page 91
Device Security [ Device Security > Management Access > IP Access Restriction ] Possible values: marked (default setting) Access is activated for the adjacent IP address range. unmarked Access is deactivated. IEC61850-MMS Activates/deactivates the access to the MMS server. Possible values: marked (default setting)
Device Security [ Device Security > Management Access > Web ] 3.3.3 [ Device Security > Management Access > Web ] In this dialog, you specify settings for the Graphical User Interface. Configuration Web interface session timeout [min] Specifies the timeout in minutes. After the device has been inactive for this time it ends the session for the user logged on.
Device Security [ Device Security > Management Access > CLI ] 3.3.4 Command Line Interface [ Device Security > Management Access > CLI ] In this dialog, you specify settings for the Command Line Interface. You find detailed information about the Command Line Interface in the “Command Line Interface” reference manual. The dialog contains the following tabs: [Global] ...
Page 94
Device Security [ Device Security > Management Access > CLI ] Buttons You find the description of the standard buttons in section “Buttons” on page [Login banner] In this tab, you replace the start screen of the Command Line Interface with your own text. In the default setting, the start screen displays information about the device, such as the software version and the device settings.
Page 95
Device Security [ Device Security > Management Access > CLI ] Possible values: 1024..0 Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...
Device Security [ Device Security > Management Access > SNMPv1/v2 Community ] 3.3.5 SNMPv1/v2 Community [ Device Security > Management Access > SNMPv1/v2 Community ] In this dialog, you specify the community name for SNMPv1/v2 applications. Applications send requests via SNMPv1/v2 with a community name in the SNMP data packet header.
Device Security [ Device Security > Pre-login Banner ] Pre-login Banner [ Device Security > Pre-login Banner ] This dialog lets you display a greeting or information text to users before they login to the device. The users see this text in the login dialog of the Graphical User Interface and of the Command Line Interface.
Page 98
Device Security [ Device Security > Pre-login Banner ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...
Network Security [ Network Security > Overview ] 4 Network Security The menu contains the following dialogs: Network Security Overview Port Security 802.1X Port Authentication RADIUS Network Security Overview [ Network Security > Overview ] This dialog displays the network security rules used in the device.
Page 100
Network Security [ Network Security > Overview ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...
Network Security [ Network Security > Port Security ] Port Security [ Network Security > Port Security ] The device lets you transmit only data packets from desired senders on one port. When this function is enabled, the device checks the VLAN ID and MAC address of the sender before it transmits a data packet.
Page 102
Network Security [ Network Security > Port Security ] Possible values: marked Auto-Disable function for Port Security is active. Also mark the checkbox in the Auto-disable column for the relevant ports. unmarked (default setting) Auto-Disable function for Port Security is inactive.
Page 103
Network Security [ Network Security > Port Security ] Possible values: marked If the device discards data packets from a sender that is not allowed on the port, then the device sends an SNMP trap. unmarked (default setting) The sending of SNMP traps is deactivated.
Page 104
Network Security [ Network Security > Port Security ] Static entries Displays the number of senders that are linked with the port. See the Wizard window, Static entries (/) field. Last violating VLAN ID/MAC Displays the VLAN ID and MAC address of an undesired sender whose data packets the device last discarded on this port.
Page 105
Network Security [ Network Security > Port Security ] MAC address Specifies the MAC address of the desired source. Possible values: Valid Unicast MAC address Specify the value in one of the following formats: – without a separator, for example 001122334455 00 11 22 33 44 55 –...
Network Security [ Network Security > 802.1X Port Authentication ] 802.1X Port Authentication [ Network Security > 802.1X Port Authentication ] With the port-based access control according to IEEE 802.1X, the device monitors the access to the network from connected end devices. The device (authenticator) lets an end device (supplicant) have access to the network if it logs in with valid login data.
Network Security [ Network Security > 802.1X Port Authentication > Global ] 4.3.1 802.1X Global [ Network Security > 802.1X Port Authentication > Global ] This dialog lets you specify basic settings for the port-based access control. Operation Operation Enables/disables the 802.1X Port Authentication function.
Page 108
Network Security [ Network Security > 802.1X Port Authentication > Global ] Monitor mode Activates/deactivates the monitor mode. Possible values: marked The monitor mode is active. The device monitors the authentication and helps with diagnosing detected errors. If an end device has not logged in successfully, then the device gives the end device access to the network.
Network Security [ Network Security > 802.1X Port Authentication > Port Configuration ] 4.3.2 802.1X Port Configuration [ Network Security > 802.1X Port Authentication > Port Configuration ] This dialog lets you specify the access settings for every port. Table Port Displays the port number.
Page 110
Network Security [ Network Security > 802.1X Port Authentication > Port Configuration ] authenticated aborting held forceAuth forceUnauth Backend authentication state Displays the current status of the connection to the authentication server (Backend Authentication state). Possible values: request ...
Page 111
Network Security [ Network Security > 802.1X Port Authentication > Port Configuration ] Quiet period [s] Specifies the time period in seconds in which the authenticator does not accept any more logins from the end device after an unsuccessful log in attempt (Quiet period [s]).
Page 112
Network Security [ Network Security > 802.1X Port Authentication > Port Configuration ] Possible values: notAssigned (default setting) radius guestVlan unauthenticatedVlan You find the VLAN ID that the authenticator assigned to the ports for a supplicant in the Network Security >...
Page 113
Network Security [ Network Security > 802.1X Port Authentication > Port Configuration ] Possible values: 1..300 (default setting: 90) Unauthenticated VLAN ID Specifies the ID of the VLAN that the authenticator assigns to the port if the end device does not login successfully.
Network Security [ Network Security > 802.1X Port Authentication > Port Clients ] 4.3.3 802.1X Port Clients [ Network Security > 802.1X Port Authentication > Port Clients ] This dialog displays information on the connected end devices. Table Port Displays the port number. User name Displays the user name with which the end device logged in.
Page 115
Network Security [ Network Security > 802.1X Port Authentication > Port Clients ] Possible values: default reauthenticate Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...
Network Security [ Network Security > 802.1X Port Authentication > Statistics ] 4.3.4 802.1X EAPOL Port Statistics [ Network Security > 802.1X Port Authentication > Statistics ] This dialog displays which EAPOL data packets the end device has sent and received for the authentication of the end devices.
Page 117
Network Security [ Network Security > 802.1X Port Authentication > Statistics ] Received error packets Displays the number of EAPOL data packets with an invalid packet body length field that the device received on the port. Packet version Displays the protocol version number of the EAPOL data packet that the device last received on the port.
Network Security [ Network Security > 802.1X Port Authentication > Port Authentication History ] 4.3.5 802.1X Port Authentication History [ Network Security > 802.1X Port Authentication > Port Authentication History ] The device registers the authentication process of the end devices that are connected to its ports. This dialog displays the information recorded during the authentication.
Page 119
Network Security [ Network Security > 802.1X Port Authentication > Port Authentication History ] Assignment type Displays the type of the VLAN that the authenticator assigned to the port. Possible values: default radius unauthenticatedVlan guestVlan monitorVlan ...
Network Security [ Network Security > 802.1X Port Authentication > Integrated Authentication Server ] 4.3.6 802.1X Integrated Authentication Server [ Network Security > 802.1X Port Authentication > Integrated Authentication Server ] The Integrated Authentication Server (IAS) lets you authenticate end devices using IEEE 802.1X. Compared to RADIUS, the IAS has a very limited range of functions.
Network Security [ Network Security > RADIUS ] RADIUS [ Network Security > RADIUS ] With its factory settings, the device authenticates users based on the local user management. However, as the size of a network increases, it becomes more difficult to keep the login data of the users consistent across the devices.
Page 122
Network Security [ Network Security > RADIUS > Global ] 4.4.1 RADIUS Global [ Network Security > RADIUS > Global ] This dialog lets you specify basic settings for RADIUS. RADIUS configuration Retransmits (max.) Specifies how many times the device retransmits an unanswered request to the authentication server before the device sends the request to an alternative authentication server.
Page 123
Network Security [ Network Security > RADIUS > Global ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset Deletes the statistics in the Network Security > RADIUS > Authentication Statistics dialog and in the Network Security >...
Network Security [ Network Security > RADIUS > Authentication Server ] 4.4.2 RADIUS Authentication Server [ Network Security > RADIUS > Authentication Server ] This dialog lets you specify up to 8 authentication servers. An authentication server authenticates and authorizes the users when the device forwards the login data to the server. The device sends the login data to the specified primary authentication server.
Page 125
Network Security [ Network Security > RADIUS > Authentication Server ] Primary server Specifies the authentication server as primary or secondary. Possible values: marked The server is specified as the primary authentication server. The device sends the login data for authenticating the users to this authentication server.
Network Security [ Network Security > RADIUS > Accounting Server ] 4.4.3 RADIUS Accounting Server [ Network Security > RADIUS > Accounting Server ] This dialog lets you specify up to 8 accounting servers. An accounting server records the traffic data that has occurred during the port authentication according to IEEE 802.1X.
Page 127
Network Security [ Network Security > RADIUS > Accounting Server ] Active Activates/deactivates the connection to the server. Possible values: marked (default setting) The connection is active. The device sends traffic data to this server if the preconditions named above are fulfilled.
Network Security [ Network Security > RADIUS > Authentication Statistics ] 4.4.4 RADIUS Authentication Statistics [ Network Security > RADIUS > Authentication Statistics ] This dialog displays information about the communication between the device and the authentication server. The table displays the information for each server in a separate row. To delete the statistic, click in the Network Security >...
Page 129
Network Security [ Network Security > RADIUS > Authentication Statistics ] Bad authenticators Displays the number of access response data packets with an invalid authenticator that the device received from the server. Pending requests Displays the number of access request data packets that the device sent to the server to which it has not yet received a response from the server.
Network Security [ Network Security > RADIUS > Accounting Statistics ] 4.4.5 RADIUS Accounting Statistics [ Network Security > RADIUS > Accounting Statistics ] This dialog displays information about the communication between the device and the accounting server. The table displays the information for each server in a separate row. To delete the statistic, click in the Network Security >...
Network Security [ Network Security > DoS ] Timeouts Displays how many times no response to the server was received before the specified waiting time elapsed. Unknown types Displays the number data packets with an unknown data type that the device received from the server on the accounting port.
Page 132
Network Security [ Network Security > DoS > Global ] 4.5.1 DoS Global [ Network Security > DoS > Global ] In this dialog, you specify the DoS settings for the TCP/UDP, IP and ICMP protocols. TCP/UDP A scanner uses port scans to prepare network attacks. The scanner uses different techniques to determine running devices and open ports.
Page 133
Network Security [ Network Security > DoS > Global ] Possible values: marked The filter is active. unmarked (default setting) The filter is inactive. TCP Offset protection Activates/deactivates the TCP Offset protection. The TCP Offset protection detects incoming TCP data packets whose fragment offset field of the IP header is equal to 1 and discards them.
Page 134
Network Security [ Network Security > DoS > Global ] Possible values: marked The filter is active. unmarked (default setting) The filter is inactive. Min. TCP header size Displays the minimum size of a valid TCP header. This frame lets you activate or deactivate the Land Attack filter. With the land attack method, the attacking station sends data packets whose source and destination addresses are identical to those of the recipient.
Network Security [ Network Security > ACL ] The filter detects ICMP packets whose payload size exceeds the size specified in the Allowed payload size [byte] field and discards them. Possible values: marked The filter is active. unmarked (default setting) ...
Network Security [ Network Security > ACL ] The menu contains the following dialogs: ACL IPv4 Rule ACL MAC Rule ACL Assignment RM GUI GRS Release 8.0 09/2019...
Page 137
Network Security [ Network Security > ACL > IPv4 Rule ] 4.6.1 ACL IPv4 Rule [ Network Security > ACL > IPv4 Rule ] In this dialog, you specify the rules that the device applies to the IP data packets. An Access Control List (group) contains one or more rules.
Page 138
Network Security [ Network Security > ACL > IPv4 Rule ] Possible values: ?.?.?.? (default setting) The device applies the rule to IP data packets with any source address. Valid IPv4 address The device applies the rule to IP data packets with the specified source address. You use the character as a wild card.
Page 139
Network Security [ Network Security > ACL > IPv4 Rule ] Possible values: (default setting) The device applies the rule to every IP data packet without considering the source port. 1..65535 The device applies the rule only to IP data packets containing the specified source port. Destination TCP/UDP port Specifies the destination port of the IP data packets to which the device applies the rule.
Page 140
Network Security [ Network Security > ACL > IPv4 Rule ] Buttons You find the description of the standard buttons in section “Buttons” on page Opens the Create window to add a new entry to the table. In the Group name field, you specify the name of the Access Control List to which the rule ...
Network Security [ Network Security > ACL > MAC Rule ] 4.6.2 ACL MAC Rule [ Network Security > ACL > MAC Rule ] In this dialog, you specify the rules that the device applies to the MAC data packets. An Access Control List (group) contains one or more rules.
Page 142
Network Security [ Network Security > ACL > MAC Rule ] Destination MAC address Specifies the destination address of the MAC data packets to which the device applies the rule. Possible values: ??:??:??:??:??:?? (default setting) The device applies the rule to MAC data packets with any destination address. Valid MAC address ...
Page 143
Network Security [ Network Security > ACL > MAC Rule ] Buttons You find the description of the standard buttons in section “Buttons” on page Opens the Create window to add a new entry to the table. In the Group name field, you specify the name of the Access Control List to which the rule ...
Network Security [ Network Security > ACL > Assignment ] 4.6.3 ACL Assignment [ Network Security > ACL > Assignment ] This dialog lets you assign one or more Access Control Lists to the ports and VLANs of the device. By assigning a priority you specify the processing sequence, provided you assign one or more Access Control Lists to a port or VLAN.
Page 145
Network Security [ Network Security > ACL > Assignment ] Direction Displays that the device applies the Access Control List to received data packets. Priority Displays the priority of the Access Control List. Using the priority, you specify the sequence in which the device applies the Access Control Lists to the data stream.
Switching [ Switching > Global ] 5 Switching The menu contains the following dialogs: Switching Global Rate Limiter Filter for MAC Addresses IGMP Snooping MRP-IEEE GARP QoS/Priority VLAN L2-Redundancy Switching Global [ Switching >...
Page 148
Switching [ Switching > Global ] Aging time [s] Specifies the aging time in seconds. Possible values: 10..500000 (default setting: 30) The device monitors the age of the learned unicast MAC addresses. The device deletes address entries that exceed a particular age (aging time) from its address table. You find the address table in the dialog.
Page 149
Switching [ Switching > Global ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...
Switching [ Switching > Rate Limiter ] Rate Limiter [ Switching > Rate Limiter ] The device lets you limit the traffic on the ports in order to help provide stable operation even with a large traffic volume. If the traffic on a port exceeds the traffic value entered, then the device discards the excess traffic on this port.
Page 151
Switching [ Switching > Rate Limiter ] Possible values: percent (default setting) Specifies the threshold value as a percentage of the data rate of the port. Specifies the threshold value in data packets per second. Broadcast mode Activates/deactivates the rate limiter function for received broadcast data packets. Possible values: marked ...
Page 152
Switching [ Switching > Rate Limiter ] [Egress] In this tab, you specify the egress transmission rate on the port. Table Port Displays the port number. Bandwidth [%] Specifies the egress transmission rate. Possible values: (default setting) The bandwidth limitation is disabled. 1..100 ...
Switching [ Switching > Filter for MAC Addresses ] Filter for MAC Addresses [ Switching > Filter for MAC Addresses ] This dialog lets you display and edit address filters for the address table. Address filters specify the way the data packets are forwarded in the device based on the destination MAC address. Each row in the table represents one filter.
Page 154
Switching [ Switching > Filter for MAC Addresses ] Possible values: – The port does not transmit any data packets to the destination address. learned The port transmits data packets to the destination address. The device created the filter automatically based on received data packets.
Switching [ Switching > IGMP Snooping ] IGMP Snooping [ Switching > IGMP Snooping ] The Internet Group Management Protocol (IGMP) is a protocol for dynamically managing Multicast groups. The protocol describes the distribution of Multicast data packets between routers and end devices on Layer 3.
Page 156
Switching [ Switching > IGMP Snooping > Global ] 5.4.1 IGMP Snooping Global [ Switching > IGMP Snooping > Global ] This dialog lets you enable the IGMP Snooping protocol in the device and also configure it for each port and each VLAN. Operation Operation Enables/disables the...
Page 157
Switching [ Switching > IGMP Snooping > Global ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset IGMP snooping counters Removes the IGMP Snooping entries and resets the counter in the Information frame to 0. RM GUI GRS Release 8.0 09/2019...
Switching [ Switching > IGMP Snooping > Configuration ] 5.4.2 IGMP Snooping Configuration [ Switching > IGMP Snooping > Configuration ] This dialog lets you enable the IGMP Snooping function in the device and also configure it for each port and each VLAN. The dialog contains the following tabs: [VLAN ID] ...
Page 159
Switching [ Switching > IGMP Snooping > Configuration ] Possible values: 1..25 (default setting: 10) Fast leave admin mode Activates/deactivates the Fast Leave function for this VLAN. Possible values: marked When the Fast Leave function is active and the device receives an IGMP Leave message from a multicast group, the device immediately removes the entry from its address table.
Page 160
Switching [ Switching > IGMP Snooping > Configuration ] Possible values: marked IGMP Snooping is active on this port. The device includes the port in the multicast data stream. unmarked (default setting) IGMP Snooping is inactive on this port. The port left the multicast data stream. Group membership interval Specifies the time in seconds for which a port, from a dynamic multicast group, remains entered in the address table when the device does not receive any more report data packets from the port.
Page 161
Switching [ Switching > IGMP Snooping > Configuration ] Possible values: marked Static query port mode is active. The port is a static query port in the VLANs that are set up. unmarked (default setting) Static query port mode is inactive.
A user specified the port as Learn by LLDP. With the Link Layer Discovery Protocol (LLDP), the device detects Hirschmann devices connected directly to the port. The device denotes the detected query ports with A. To assign this value, proceed as follows:...
Page 163
Switching [ Switching > IGMP Snooping > Snooping Enhancements ] Display categories Enhances the clarity of the display. The table emphasizes the cells which contain the specified value. This helps to analyze and sort the table according to your needs. Learned (L) ...
Page 164
Specifies the port as a static query port in the VLANs that are set up. The device transmits IGMP report messages to the ports at which it receives IGMP queries. This lets you also transmit IGMP report messages to other selected ports (enable) or connected Hirschmann devices (Automatic). Learn by LLDP...
Switching [ Switching > IGMP Snooping > Querier ] 5.4.4 IGMP Snooping Querier [ Switching > IGMP Snooping > Querier ] The device lets you send a Multicast stream only to those ports to which a Multicast receiver is connected. To determine which ports Multicast receivers are connected to, the device sends query data packets to the ports at a definable interval.
Page 166
Switching [ Switching > IGMP Snooping > Querier ] Expiry interval [s] Specifies the time in seconds after which an active querier switches from the passive state back to the active state if it has not received any query packets for longer than specified here. Possible values: 60..300 (default setting: 125)
Page 167
Switching [ Switching > IGMP Snooping > Querier ] Possible values: IGMP v1 IGMP v2 IGMP v3 Max. response time Displays the time in seconds in which the members of a Multicast group should respond to a query data packet.
Switching [ Switching > IGMP Snooping > Multicasts ] 5.4.5 IGMP Snooping Multicasts [ Switching > IGMP Snooping > Multicasts ] The device lets you specify how it transmits data packets with unknown Multicast addresses: Either the device discards these data packets, floods them to every port, or transmits them only to the ports that previously received query packets.
Switching [ Switching > MRP-IEEE ] Buttons You find the description of the standard buttons in section “Buttons” on page MRP-IEEE [ Switching > MRP-IEEE ] The IEEE 802.1ak amendment to the IEEE 802.1Q standard introduced the Multiple Registration Protocol (MRP) to replace the Generic Attribute Registration Protocol (GARP). The IEEE also modified and replaced the GARP applications, GARP Multicast Registration Protocol (GMRP) and GARP VLAN Registration Protocol (GVRP).
Page 170
Switching [ Switching > MRP-IEEE > Configuration ] 5.5.1 MRP-IEEE Configuration [ Switching > MRP-IEEE > Configuration ] This dialog lets you set the various MRP timers. By maintaining a relationship between the various timer values, the protocol operates efficiently and with less likelihood of unnecessary attribute withdraws and re-registration.
Switching [ Switching > MRP-IEEE > MMRP ] 5.5.2 MRP-IEEE Multiple MAC Registration Protocol [ Switching > MRP-IEEE > MMRP ] The Multiple MAC Registration Protocol (MMRP) lets end devices and MAC switches register and de-register group membership and individual MAC address information with switches located in the same LAN.
Page 172
Switching [ Switching > MRP-IEEE > MMRP ] Possible values: With MMRP Operation enabled globally, the device transmits MMRP messages in one-second intervals, on MMRP participating ports. (default setting) Disables the periodic state machine in the device. Table Port Displays the port number.
Page 173
Switching [ Switching > MRP-IEEE > MMRP ] Table VLAN ID Displays the ID of the VLAN. <Port number> Specifies the service requirement handling for the port. Possible values: ForwardAll Specifies the traffic setting on the port. The device forwards traffic destined to MMRP registered multicast MAC addresses on the VLAN.
Page 174
Switching [ Switching > MRP-IEEE > MMRP ] Received bad format PDU Displays the number of MMRPDUs with a bad data field that were not transmitted in the device. Transmission failed Displays the number of MMRPDUs not transmitted in the device. Table Port Displays the port number.
Switching [ Switching > MRP-IEEE > MVRP ] 5.5.3 MRP-IEEE Multiple VLAN Registration Protocol [ Switching > MRP-IEEE > MVRP ] The Multiple VLAN Registration Protocol (MVRP) provides a mechanism that lets you distribute VLAN information and configure VLANs dynamically. For example, when you configure a VLAN on an active MVRP port, the device distributes the VLAN information to other MVRP enabled devices.
Page 176
Switching [ Switching > MRP-IEEE > MVRP ] Possible values: The periodic state machine is enabled. With MVRP Operation enabled globally, the device transmits MVRP periodic events in 1 second intervals, on MVRP participating ports. (default setting) The periodic state machine is disabled. Disables the periodic state machine in the device.
Page 177
Switching [ Switching > MRP-IEEE > MVRP ] [Statistics] Devices on a LAN exchange Multiple VLAN Registration Protocol Data Units (MVRPDU) to maintain statuses of VLANs on active ports. This tab lets you monitor the MVRP traffic. Information Transmitted MVRP PDU Displays the number of MVRPDUs transmitted in the device.
Switching [ Switching > GARP ] Transmission failed Displays the number of MVRPDUs that the device blocked on the port. Registrations failed Displays the number of failed registration attempts on the port. Last received MAC address Displays the last MAC address from which the port received MMRPDUs. Buttons You find the description of the standard buttons in section “Buttons”...
Switching [ Switching > GARP > GMRP ] 5.6.1 GMRP [ Switching > GARP > GMRP ] The GARP Multicast Registration Protocol (GMRP) is a Generic Attribute Registration Protocol (GARP) that provides a mechanism allowing network devices and end stations to dynamically register group membership.
Page 180
Switching [ Switching > GARP > GMRP ] Possible values: marked (default setting) The port GMRP participation is active. unmarked The port GMRP participation is inactive. Service requirement Specifies the ports on which multicast forwarding applies. Possible values: Forward all unregistered groups (default setting) ...
Switching [ Switching > GARP > GVRP ] 5.6.2 GVRP [ Switching > GARP > GVRP ] The GARP VLAN Registration Protocol (GVRP) or Generic VLAN Registration Protocol is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network. GVRP is a Layer 2 network protocol, used to automatically configure devices in a VLAN network.
Switching [ Switching > QoS/Priority ] QoS/Priority [ Switching > QoS/Priority ] Communication networks transmit a number of applications at the same time that have different requirements as regards availability, bandwidth and latency periods. QoS (Quality of Service) is a procedure defined in IEEE 802.1D. It is used to distribute resources in the network.
Page 183
Switching [ Switching > QoS/Priority > Global ] 5.7.1 QoS/Priority Global [ Switching > QoS/Priority > Global ] The device lets you maintain access to the device management, even in situations with heavy utilization. In this dialog you specify the required QoS/priority settings. Configuration VLAN priority for management packets Specifies the VLAN priority for sending management data packets.
Switching [ Switching > QoS/Priority > Port Configuration ] 5.7.2 QoS/Priority Port Configuration [ Switching > QoS/Priority > Port Configuration ] In this dialog, you specify for every port how the device processes received data packets based on their QoS/priority information. Table Port Displays the port number.
Page 185
Switching [ Switching > QoS/Priority > Port Configuration ] Possible values: 0..7 Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...
Switching [ Switching > QoS/Priority > 802.1D/p Mapping ] 5.7.3 802.1D/p Mapping [ Switching > QoS/Priority > 802.1D/p Mapping ] The device transmits data packets with a VLAN tag according to the contained QoS/priority information with a higher or lower priority. In this dialog, you assign a traffic class to every VLAN priority.
Page 187
Switching [ Switching > QoS/Priority > 802.1D/p Mapping ] VLAN Priority Traffic class Content description according to IEEE 802.1D Video Video transmission with delays and jitter < 100 ms Voice Voice transmission with delays and jitter < 10 ms Network Control Data for network management and redundancy mechanisms RM GUI GRS Release 8.0 09/2019...
Switching [ Switching > QoS/Priority > IP DSCP Mapping ] 5.7.4 IP DSCP Mapping [ Switching > QoS/Priority > IP DSCP Mapping ] The device transmits IP data packets according to the DSCP value contained in the data packet with a higher or lower priority. In this dialog, you assign a traffic class to every DSCP value.
Page 189
Switching [ Switching > QoS/Priority > IP DSCP Mapping ] DSCP Value DSCP Name Traffic class 41,42,43,44,45,47 49-55 57-63 RM GUI GRS Release 8.0 09/2019...
Switching [ Switching > QoS/Priority > Queue Management ] 5.7.5 Queue Management [ Switching > QoS/Priority > Queue Management ] This dialog lets you enable and disable the Strict priority function for the traffic classes. When you disable the Strict priority function, the device processes the priority queues of the ports with "Weighted Fair Queuing".
Switching [ Switching > VLAN ] Buttons You find the description of the standard buttons in section “Buttons” on page VLAN [ Switching > VLAN ] With VLAN (Virtual Local Area Network) you distribute the data traffic in the physical network to logical subnetworks.
Page 192
Switching [ Switching > VLAN > Global ] 5.8.1 VLAN Global [ Switching > VLAN > Global ] This dialog lets you view general VLAN parameters for the device. Configuration Max. VLAN ID Highest ID assignable to a VLAN. See the Switching >...
Switching [ Switching > VLAN > Configuration ] 5.8.2 VLAN Configuration [ Switching > VLAN > Configuration ] In this dialog, you manage the VLANs. To set up a VLAN, create a further row in the table. There you specify for each port if it transmits data packets of the respective VLAN and if the data packets contain a VLAN tag.
Page 194
Switching [ Switching > VLAN > Configuration ] Creation time Displays the time of VLAN creation. The field displays the time stamp for the operating time (system uptime). Name Specifies the name of the VLAN. Possible values: Alphanumeric ASCII character string with 1..32 characters ...
Switching [ Switching > VLAN > Port ] 5.8.3 VLAN Port [ Switching > VLAN > Port ] In this dialog you specify how the device handles received data packets that have no VLAN tag, or whose VLAN tag differs from the VLAN ID of the port. This dialog lets you assign a VLAN to the ports and thus specify the port VLAN ID.
Page 196
Switching [ Switching > VLAN > Port ] Possible values: marked The ingress filtering is active. The device compares the VLAN ID in the data packet with the VLANs of which the device is a member. See the Switching > VLAN > Configuration dialog.
Switching [ Switching > VLAN > Voice ] 5.8.4 VLAN Voice [ Switching > VLAN > Voice ] Use the Voice VLAN feature to separate voice and data traffic on a port, by VLAN and/or priority. A primary benefit of Voice VLAN is safeguarding the quality of voice traffic when data traffic on the port is high.
Page 198
Switching [ Switching > VLAN > Voice ] vlan The port filters data packets of the voice VLAN using the vlan tag. dot1p-priority The port filters data packets of the voice VLAN using the dot1p priority tags. If you select this value, then additionally specify a proper value in the Priority column.
Switching [ Switching > L2-Redundancy ] If you deactivate the function and set the value in the Voice VLAN mode column to dot1p-priority, then voice devices require an authentication. Possible values: marked (default setting) If you activated the function in the Dialog Network Security >...
The Media Redundancy Protocol (MRP) is a protocol that lets you set up high-availability, ring- shaped network structures. An MRP ring with Hirschmann devices is made up of up to 100 devices that support the MRP protocol according to IEC 62439.
Page 201
Activates/deactivates the advanced mode for fast recovery times. Possible values: marked (default setting) Advanced mode active. MRP-capable Hirschmann devices support this mode. unmarked Advanced mode inactive. Select this setting if another device in the ring does not support this mode. RM GUI GRS...
Page 202
Switching [ Switching > L2-Redundancy > MRP ] Ring recovery Specifies the maximum recovery time in milliseconds for reconfiguration of the ring. This setting is effective if the device operates as a ring manager. Possible values: 500ms 200ms (default setting) ...
Switching [ Switching > L2-Redundancy > Spanning Tree ] Buttons You find the description of the standard buttons in section “Buttons” on page Delete ring configuration Disables the redundancy function and resets the settings in the dialog to the default setting. 5.9.2 Spanning Tree [ Switching >...
Page 204
Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] 5.9.2.1 Spanning Tree Global [ Switching > L2-Redundancy > Spanning Tree > Global ] In this dialog, you enable/disable the Spanning Tree function and specify the bridge settings. Operation Operation Enables/disables the Spanning Tree function in the device.
Page 205
Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] Bridge configuration Bridge ID Displays the bridge ID of the device. The device with the lowest bridge ID numerical value takes over the role of the root bridge in the network.
Page 206
Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] Forward delay [s] ≥ (Max age/2) + 1 If you enter values in the fields that contradict this relationship, then the device replaces these values with the last valid values or with the default value. Max age Specifies the maximum permitted branch length for example, the number of devices to the root bridge.
Page 207
Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] To reset the status of the port to the value forwarding, you proceed as follows: If the port is still receiving BPDUs, then: – In the Switching > L2-Redundancy > Spanning Tree > Port dialog, CIST tab unmark the checkbox...
Page 208
Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] Possible values: <Bridge priority> / <MAC address> Priority Displays the bridge priority of the current root bridge. Possible values: 0..61440 in steps of 4096 Hello time [s] Displays the time in seconds that the root bridge specifies between the sending of two configuration messages (Hello data packets).
Page 209
Switching [ Switching > L2-Redundancy > Spanning Tree > Global ] Possible values: marked The device currently has the role of the root bridge. unmarked Another device currently has the role of the root bridge. Root port Displays the number of the port from which the current path leads to the root bridge. If the device takes over the role of the root bridge, then the field displays the value 0.
Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] 5.9.2.2 Spanning Tree Port [ Switching > L2-Redundancy > Spanning Tree > Port ] In this dialog, you activate the Spanning Tree function on the ports, specify edge ports, and specify the settings for various protection functions.
Page 211
Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] manualFwd Spanning Tree function is disabled on the port. The port forwards STP-BPDUs. notParticipate The port is not participating in STP. Port role Displays the current role of the port in CIST. Possible values: root ...
Page 212
Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] Possible values: For ports with the designated role, the device displays the information for the STP-BPDU last received by the port. This helps to diagnose the possible STP problems in the network. For the alternate, backup, master, and root port roles, in the stationary condition (static...
Page 213
Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] Possible values: marked (default setting) The automatic detection is active. After the installation of the connection and after 1.5 × Hello time [s], the device sets the port to forwarding status (default setting 1.5 ×...
Page 214
Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] Possible values: marked The BPDU filter is active on the port as a result of the following settings: – The checkbox in the Port BPDU filter column is marked. and/or –...
Page 215
Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] Possible values: marked The monitoring of STP-BPDUs is active. – If the port receives an STP-BPDU with better path information to the root bridge, then the device discards the STP-BPDU and sets the status of the port to the value discarding instead of root.
Page 216
Switching [ Switching > L2-Redundancy > Spanning Tree > Port ] Possible values: true The loop state of the port is inconsistent: – The port is not receiving any STP-BPDUs and the Loop guard function is enabled. – The device sets the state of the port to the value discarding. The device thus helps prevent any potential loops.
Switching [ Switching > L2-Redundancy > Link Aggregation ] 5.9.3 Link Aggregation [ Switching > L2-Redundancy > Link Aggregation ] Link Aggregation function lets you aggregate multiple parallel links. The prerequisite is that the links have the same speed and are full duplex. The advantages compared to conventional connections using a single line are higher availability and a higher transmission bandwidth.
Page 218
Switching [ Switching > L2-Redundancy > Link Aggregation ] down (lag/… row) The LAG interface is down. down The physical port is disabled. No cable connected or no active link. Active Activates/deactivates the LAG interface. Possible values: marked (default setting) ...
Page 219
Switching [ Switching > L2-Redundancy > Link Aggregation ] Possible values: (default setting) Depending on the hardware: Type Displays whether the LAG interface is based on the Static link aggregation function or on LACP. Possible values: static ...
Page 220
Switching [ Switching > L2-Redundancy > Link Aggregation ] Possible values: active The LAG interface aggregates the physical port. inactive The LAG interface does not aggregate the physical port. LACP active Activates/deactivates LACP on the physical port. Possible values: marked (default setting) ...
Page 221
Switching [ Switching > L2-Redundancy > Link Aggregation ] Possible values: (LACP_Activity state) When visible, the link transmits the LACPDUs cyclically, otherwise when requested. (LACP_Timeout state) When visible, the link transmits the LACPDUs cyclically using the short timeout, otherwise using the long timeout.
Page 222
Switching [ Switching > L2-Redundancy > Link Aggregation ] For further information on the values, see the description of the LACP actor oper state column and the standard IEEE 802.1AX-2014. Buttons You find the description of the standard buttons in section “Buttons”...
Switching [ Switching > L2-Redundancy > Link Backup ] 5.9.4 Link Backup [ Switching > L2-Redundancy > Link Backup ] With Link Backup, you configure pairs of redundant links. Each pair has a primary port and a backup port. The primary port forwards traffic until the device detects an error. If the device detects an error on the primary port, then the Link Backup function transfers traffic over to the backup port.
Page 224
Switching [ Switching > L2-Redundancy > Link Backup ] Primary port status Displays the status of the primary port for this Link Backup pair. Possible values: forwarding The link is up, no shutdown, and forwarding traffic. blocking The link is up, no shutdown, and blocking traffic. down ...
Switching [ Switching > L2-Redundancy > FuseNet ] Possible values: 0..3600 (default setting: 30) When set to 0, immediately after the primary port re-establishes a link, the backup port changes blocking and the primary port changes to forwarding. Furthermore, immediately after you shutdown shutdown, the backup port changes to manually set the admin status of from...
Switching [ Switching > L2-Redundancy > FuseNet ] Use the following table to select the FuseNet coupling protocol to be used in your network: Main Ring Connected Network RSTP HIPER Ring Sub Ring RSTP – – – Explanation: – no suitable coupling protocol with configured on different VLANs The menu contains the following dialogs:...
Page 227
Switching [ Switching > L2-Redundancy > FuseNet > Sub Ring ] 5.9.5.1 Sub Ring [ Switching > L2-Redundancy > FuseNet > Sub Ring ] This dialog lets you set up the device as a subring manager. Sub Ring function enables you to easily couple network segments to existing redundancy rings. The subring manager (SRM) couples a subring to an existing ring (base ring).
Page 228
Switching [ Switching > L2-Redundancy > FuseNet > Sub Ring ] Table Sub ring ID Displays the unique identifier of this subring. Possible values: 1..2 Name Specifies the optional name of the subring. Possible values: Alphanumeric ASCII character string with 0..255 characters ...
Page 229
Switching [ Switching > L2-Redundancy > FuseNet > Sub Ring ] trunkMember The ring port of the subring manager domain is member of a Link Aggregation connection. sharedVLAN The subring manager domain is inactive because shared VLAN is active and the main ring also uses the MRP protocol.
Page 230
Specifies the MRP domain of the subring manager. Assign the same MRP domain name to every member of a subring. If you only use Hirschmann devices, then you use the default value for the MRP domain; otherwise adjust this value if necessary. With multiple subrings, the function lets you use the same MRP domain name for the subrings.
Page 231
Switching [ Switching > L2-Redundancy > FuseNet > Sub Ring ] Possible values: iec-62439-mrp Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...
Diagnostics [ Diagnostics > Status Configuration ] 6 Diagnostics The menu contains the following dialogs: Status Configuration System Syslog Ports LLDP Report Status Configuration [ Diagnostics > Status Configuration ] The menu contains the following dialogs: Device Status ...
Page 234
Diagnostics [ Diagnostics > Status Configuration > Device Status ] 6.1.1 Device Status [ Diagnostics > Status Configuration > Device Status ] The device status provides an overview of the overall condition of the device. Many process visualization systems record the device status for a device in order to present its condition in graphic form.
Page 235
Diagnostics [ Diagnostics > Status Configuration > Device Status ] Table Temperature Activates/deactivates the monitoring of the temperature in the device. Possible values: marked (default setting) Monitoring is active. If the temperature exceeds or falls below the specified limit, then in the Device status frame, the value changes to error.
Page 236
Diagnostics [ Diagnostics > Status Configuration > Device Status ] External memory removal Activates/deactivates the monitoring of the active external memory. Possible values: marked Monitoring is active. If you remove the active external memory from the device, then in the Device status frame, the value changes to error.
Page 237
Diagnostics [ Diagnostics > Status Configuration > Device Status ] Buttons You find the description of the standard buttons in section “Buttons” on page [Port] Table Port Displays the port number. Propagate connection error Activates/deactivates the monitoring of the link on the port/interface. Possible values: marked ...
Page 238
Diagnostics [ Diagnostics > Status Configuration > Device Status ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...
Diagnostics [ Diagnostics > Status Configuration > Security Status ] 6.1.2 Security Status [ Diagnostics > Status Configuration > Security Status ] This dialog gives you an overview of the status of the safety-relevant settings in the device. The device displays its current status as error in the Security status...
Page 240
Diagnostics [ Diagnostics > Status Configuration > Security Status ] Table Password default settings unchanged user Activates/deactivates the monitoring of the password for the locally set up user accounts admin. Possible values: marked (default setting) Monitoring is active. user admin If the password is set to the default setting for the user accounts, then in the...
Page 241
Diagnostics [ Diagnostics > Status Configuration > Security Status ] Possible values: marked Monitoring is active. If the Policy check function is inactive for at least 1 user account, then in the Security status frame, the value changes to error. unmarked (default setting) ...
Page 242
Diagnostics [ Diagnostics > Status Configuration > Security Status ] Possible values: marked (default setting) Monitoring is active. If at least one of the following conditions applies, then in the Security status frame, the value changes to error: – function is enabled.
Page 243
Diagnostics [ Diagnostics > Status Configuration > Security Status ] Possible values: marked (default setting) Monitoring is active. If the settings allow the device to load an unencrypted configuration profile from the external memory, then in the Security status frame, the value changes to error.
Page 244
Diagnostics [ Diagnostics > Status Configuration > Security Status ] Modbus TCP active Activates/deactivates the monitoring of the Modbus TCP function. Possible values: marked (default setting) Monitoring is active. If you enable the Modbus TCP function, then in the Security status frame, the value changes to error.
Diagnostics [ Diagnostics > Status Configuration > Signal Contact ] Possible values: marked Monitoring is active. If the port is enabled (Basic Settings > Port dialog, Configuration tab, Port on checkbox is marked) and the link is down on the port, then in the Security status frame, the value changes to error.
Page 246
Diagnostics [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] 6.1.3.1 Signal Contact 1 / Signal Contact 2 [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] In this dialog you specify the trigger conditions for the signal contact. The signal contact gives you the following options: Monitoring the correct operation of the device.
Page 247
Diagnostics [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] Possible values: open The signal contact is opened. close The signal contact is closed. Signal contact status Signal contact status Displays the current status of the signal contact. Possible values: Opened (error) ...
Page 248
Diagnostics [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] Possible values: marked (default setting) Monitoring is active. If the temperature exceeds / falls below the threshold values, then the signal contact opens. unmarked Monitoring is inactive.
Page 249
Diagnostics [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] Possible values: marked Monitoring is active. If you remove the active external memory from the device, then the signal contact opens. unmarked (default setting) Monitoring is inactive.
Page 250
Diagnostics [ Diagnostics > Status Configuration > Signal Contact > Signal Contact 1 ] [Port] Table Port Displays the port number. Propagate connection error Activates/deactivates the monitoring of the link on the port/interface. Possible values: marked Monitoring is active. If the link interrupts on the selected port/interface, then the signal contact opens.
Diagnostics [ Diagnostics > Status Configuration > MAC Notification ] 6.1.4 MAC Notification [ Diagnostics > Status Configuration > MAC Notification ] The device lets you track changes in the network using the MAC address of the devices in the network.
Page 252
Diagnostics [ Diagnostics > Status Configuration > MAC Notification ] Possible values: marked MAC Notification function is active on the port. The device sends an SNMP trap in case of one of the following events: – The device learns the MAC address of a newly connected device. –...
Diagnostics [ Diagnostics > Status Configuration > Alarms (Traps) ] 6.1.5 Alarms (Traps) [ Diagnostics > Status Configuration > Alarms (Traps) ] The device lets you send an SNMP trap as a reaction to specific events. In this dialog, you specify the trap destinations to which the device sends the SNMP traps.
Page 254
Diagnostics [ Diagnostics > Status Configuration > Alarms (Traps) ] Buttons You find the description of the standard buttons in section “Buttons” on page Opens the Create window to add a new entry to the table. In the Name field you specify a name for the trap destination. ...
Diagnostics [ Diagnostics > System ] System [ Diagnostics > System ] The menu contains the following dialogs: System Information Hardware State Configuration Check IP Address Conflict Detection Selftest RM GUI GRS Release 8.0 09/2019...
Page 256
Diagnostics [ Diagnostics > System > System Information ] 6.2.1 System Information [ Diagnostics > System > System Information ] This dialog displays the current operating condition of individual components in the device. The displayed values are a snapshot; they represent the operating condition at the time the dialog was loaded to the page.
Diagnostics [ Diagnostics > System > Hardware State ] 6.2.2 Hardware State [ Diagnostics > System > Hardware State ] This dialog provides information about the distribution and state of the flash memory of the device. Information Uptime Displays the total operating time of the device since it was delivered. Possible values: ..d ..h ..m ..s ...
Diagnostics [ Diagnostics > System > Configuration Check ] 6.2.3 Configuration Check [ Diagnostics > System > Configuration Check ] The device lets you compare the settings in the device with the settings in its neighboring devices. For this purpose, the device uses the information that it received from its neighboring devices through topology recognition (LLDP).
Page 259
Diagnostics [ Diagnostics > System > Configuration Check ] Level Displays the level of deviation between the settings in this device and the settings in the detected neighboring devices. The device differentiates between the following access statuses: INFORMATION The performance of the communication between the two devices is not impaired. WARNING ...
Diagnostics [ Diagnostics > System > IP Address Conflict Detection ] 6.2.4 IP Address Conflict Detection [ Diagnostics > System > IP Address Conflict Detection ] Using the IP Address Conflict Detection function the device verifies that its IP address is unique in the network.
Page 261
Diagnostics [ Diagnostics > System > IP Address Conflict Detection ] – After the period specified in the Release delay [s] field, the device checks if the address conflict still exists. When the device detects 10 address conflicts one after the other, the device extends the waiting time to 60 s for the next check.
Page 262
Diagnostics [ Diagnostics > System > IP Address Conflict Detection ] Protection interval [ms] Specifies the period in milliseconds after which the device sends gratuitous ARP data packets again in the passive detection mode to “defend” its IP address. Possible values: 20..5000 (default setting: 200) ...
Page 263
Diagnostics [ Diagnostics > System > IP Address Conflict Detection ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...
Diagnostics [ Diagnostics > System > ARP ] 6.2.5 [ Diagnostics > System > ARP ] This dialog displays the MAC and IP addresses of the neighboring devices connected to the device management. Table Port Displays the port number. IP address Displays the IP address of a device that responded to an ARP query to this device.
Diagnostics [ Diagnostics > System > Selftest ] 6.2.6 Selftest [ Diagnostics > System > Selftest ] This dialog lets you do the following: Activate/deactivate the RAM test when the device is being started. Enable/disable the option of entering the system monitor upon the system start. ...
Page 266
Diagnostics [ Diagnostics > System > Selftest ] Possible values: marked (default setting) The device loads the default settings. unmarked The device interrupts the restart and stops. The access to the device management is possible only using the Command Line Interface through the serial interface. To regain the access to the device through the network, open the system monitor and reset the settings.
Diagnostics [ Diagnostics > Syslog ] Syslog [ Diagnostics > Syslog ] The device lets you report selected events, independent of the severity of the event, to different syslog servers. In this dialog, you specify the settings for this function and manage up to 8 syslog servers.
Page 268
Diagnostics [ Diagnostics > Syslog ] Possible values: The device sends the events over the UDP port specified in the Destination UDP port column. Min. severity Specifies the minimum severity of the events. The device sends a log entry for events with this severity and with more urgent severities to the syslog server.
Diagnostics [ Diagnostics > Ports > SFP ] 6.4.1 [ Diagnostics > Ports > SFP ] This dialog lets you look at the SFP transceivers currently connected to the device and their properties. Table The table displays valid values if the device is equipped with SFP transceivers. Port Displays the port number.
Page 271
Diagnostics [ Diagnostics > Ports > SFP ] Buttons You find the description of the standard buttons in section “Buttons” on page RM GUI GRS Release 8.0 09/2019...
Diagnostics [ Diagnostics > Ports > TP cable diagnosis ] 6.4.2 TP cable diagnosis [ Diagnostics > Ports > TP cable diagnosis ] This feature tests the cable attached to an interface for short or open circuit. The table displays the cable status and estimated length.
Page 273
Diagnostics [ Diagnostics > Ports > TP cable diagnosis ] short Wires in the cable are touching together causing a short circuit. unknown The device displays this value for untested cable pairs. The device displays different values than expected in the following cases: •...
Diagnostics [ Diagnostics > Ports > Port Monitor ] 6.4.3 Port Monitor [ Diagnostics > Ports > Port Monitor ] Port Monitor function monitors the adherence to the specified parameters on the ports. If the Port Monitor function detects that the parameters are being exceeded, then the device performs an action.
Page 275
Diagnostics [ Diagnostics > Ports > Port Monitor ] Table Port Displays the port number. Link flap on Activates/deactivates the monitoring of link flaps on the port. Possible values: marked Monitoring is active. – Port Monitor function monitors link flaps on the port. –...
Page 276
Diagnostics [ Diagnostics > Ports > Port Monitor ] Possible values: marked Monitoring is active. – Port Monitor function monitors the data load on the port. – If the device detects a data overload on the port, then the device executes the action specified in the column.
Page 277
Diagnostics [ Diagnostics > Ports > Port Monitor ] Possible values: disable port The device disables the port and sends an SNMP trap. The “Link status” LED for the port flashes 3× per period. – To re-enable the port, highlight the port and click the button and then the Reset item.
Page 278
Diagnostics [ Diagnostics > Ports > Port Monitor ] [Auto-disable] In this tab, you activate the Auto-Disable function for the parameters monitored by the Port Monitor function. Table Reason Displays the parameters monitored by the Port Monitor function. Mark the adjacent checkbox so that the Port Monitor function carries out the auto-disable...
Page 279
Diagnostics [ Diagnostics > Ports > Port Monitor ] You also see how many link changes the Port Monitor function has detected up to now. Port Monitor function monitors those ports for which the checkbox in the Link flap on column is marked on the Global...
Page 280
Diagnostics [ Diagnostics > Ports > Port Monitor ] [CRC/Fragments] In this tab, you specify individually for every port the following settings: The fragment error rate. The period during which the function monitors a parameter to detect discrepancies. Port Monitor ...
Page 281
Diagnostics [ Diagnostics > Ports > Port Monitor ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset Enables the port highlighted in the table again and resets its counter to 0. This affects the counters in the following dialogs: Diagnostics >...
Page 282
Diagnostics [ Diagnostics > Ports > Port Monitor ] Possible values: (default setting) packets per second kbps kbit per second column = all. The prerequisite is that the value in the Traffic type Lower threshold Specifies the lower threshold value for the data rate. Auto-Disable function enables the port again only when the load on the port is lower than the value specified here.
Page 283
Diagnostics [ Diagnostics > Ports > Port Monitor ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset Enables the port highlighted in the table again and resets its counter to 0. This affects the counters in the following dialogs: Diagnostics >...
Page 284
Diagnostics [ Diagnostics > Ports > Port Monitor ] Possible values: marked The port monitor takes into consideration the speed and duplex combination. unmarked If the port monitor detects the speed and duplex combination on the port, then the device executes the action specified in the Global tab.
Page 285
Diagnostics [ Diagnostics > Ports > Port Monitor ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset Enables the port highlighted in the table again and resets its counter to 0. This affects the counters in the following dialogs: Diagnostics >...
Diagnostics [ Diagnostics > Ports > Auto-Disable ] 6.4.4 Auto-Disable [ Diagnostics > Ports > Auto-Disable ] Auto-Disable function lets you disable monitored ports automatically and enable them again as you desire. For example, the Port Monitor function and selected functions in the Network Security menu use the Auto-Disable...
Page 287
Diagnostics [ Diagnostics > Ports > Auto-Disable ] Possible values: PORT_MON Port Monitor See the Diagnostics > Ports > Port Monitor dialog. PORT_ML Port Security See the dialog. Network Security > Port Security DOT1S BPDU guard See the Switching >...
Page 288
Diagnostics [ Diagnostics > Ports > Auto-Disable ] [Status] This tab displays the monitored parameters for which the Auto-Disable function is activated. Table Reason Displays the parameters that the device monitors. Mark the adjacent checkbox so that the Auto-Disable function disables and, when applicable, enables the port again if the monitored parameters are exceeded.
Page 289
Diagnostics [ Diagnostics > Ports > Auto-Disable ] Buttons You find the description of the standard buttons in section “Buttons” on page Reset Enables the port highlighted in the table again and resets its counter to 0. This affects the counters in the following dialogs: Diagnostics >...
Diagnostics [ Diagnostics > Ports > Port Mirroring ] 6.4.5 Port Mirroring [ Diagnostics > Ports > Port Mirroring ] Port Mirroring function lets you copy received and sent data packets from selected ports to a destination port. You can watch and process the data stream using an analyzer or an RMON probe, connected to the destination port.
Page 291
Diagnostics [ Diagnostics > Ports > Port Mirroring ] The port transmits the same data as the port specified above. Possible values: no Port (default setting) No destination port selected. <Port number> Number of the destination port. The device copies the data packets from the source ports to this port.
Diagnostics [ Diagnostics > LLDP ] Type Specifies which data packets the device copies to the destination port. Possible values: none (default setting) No data packets. Data packets that the source port transmits. Data packets that the source port receives. txrx ...
Page 293
Diagnostics [ Diagnostics > LLDP > Configuration ] 6.5.1 LLDP Configuration [ Diagnostics > LLDP > Configuration ] This dialog lets you configure the topology discovery for every port. Operation Operation Enables/disables the LLDP function. Possible values: (default setting) function is enabled.
Page 294
Diagnostics [ Diagnostics > LLDP > Configuration ] Transmit delay [s] Specifies the delay in seconds for transmitting successive LLDP data packets after configuration changes in the device occur. Possible values: 1..8192 (default setting: 2) The recommended value is between a minimum of and a maximum of a quarter of the value in Transmit interval [s] field.
Page 295
Diagnostics [ Diagnostics > LLDP > Configuration ] Transmit port description Activates/deactivates the transmitting of a TLV (Type Length Value) with the port description. Possible values: marked (default setting) The transmitting of the TLV is active. The device transmits the TLV with the port description. unmarked ...
Page 296
Diagnostics [ Diagnostics > LLDP > Configuration ] FDB mode Specifies which function the device uses to record neighboring devices on this port. Possible values: lldpOnly The device uses only LLDP data packets to record neighboring devices on this port. macOnly ...
Diagnostics [ Diagnostics > LLDP > Topology Discovery ] 6.5.2 LLDP Topology Discovery [ Diagnostics > LLDP > Topology Discovery ] Devices in networks send notifications in the form of packets which are also known as "LLDPDU" (LLDP data units). The data that is sent and received via LLDPDU are useful for many reasons. Thus the device detects which devices in the network are neighbors and via which ports they are connected.
Page 298
Diagnostics [ Diagnostics > LLDP > Topology Discovery ] Possible values: marked The connected device does not have active LLDP support. The device uses information from its address table (FDB, Forwarding Database) unmarked (default setting) The connected device has active LLDP support. Neighbor IP address Displays the IP address with which the access to the neighboring device management is possible.
Page 299
Diagnostics [ Diagnostics > LLDP > Topology Discovery ] [LLDP-MED] LLDP for Media Endpoint Devices (LLDP-MED) is an extension to LLDP that operates between endpoint devices and network devices. It specifically provides support for VoIP applications. In this support rule, it provides an additional set of common advertisement, Type Length Value (TLV), messages.
Diagnostics [ Diagnostics > Report ] Tagged bit status Displays the tagged bit status. true A value of indicates that the application uses a tagged VLAN. false A value of indicates that for the specific application the device uses untagged VLAN ...
Page 301
Diagnostics [ Diagnostics > Report > Global ] 6.6.1 Report Global [ Diagnostics > Report > Global ] The device lets you log specific events using the following outputs: on the console on one or more syslog servers on a connection to the Command Line Interface set up using SSH ...
Page 302
Diagnostics [ Diagnostics > Report > Global ] Buffered logging The device buffers logged events in 2 separate storage areas so that the log entries for urgent events are kept. This dialog lets you specify the minimum severity for events that the device buffers in the storage area with a higher priority.
Page 303
Diagnostics [ Diagnostics > Report > Global ] Log SNMP set request Enables/disables the logging of SNMP Set requests. Possible values: The logging is enabled. The device registers SNMP Set requests as events in the syslog. In the Severity set request drop-down list, you select the severity for this event.
Page 304
Diagnostics [ Diagnostics > Report > Global ] Possible values: CLI logging function is enabled. The device logs every command received using the Command Line Interface. (default setting) CLI logging function is disabled. Buttons You find the description of the standard buttons in section “Buttons”...
Diagnostics [ Diagnostics > Report > Persistent Logging ] 6.6.2 Persistent Logging [ Diagnostics > Report > Persistent Logging ] The device lets you save log entries permanently in a file in the external memory. Therefore, even after the device is restarted you have access to the log entries. In this dialog, you limit the size of the log file and specify the minimum severity for the events to be saved.
Page 306
Diagnostics [ Diagnostics > Report > Persistent Logging ] As soon as the specified maximum number of files has been attained, the device deletes the oldest file and renames the remaining files. Possible values: 0..25 (default setting: 4) The value deactivates saving of log entries in the log file.
Page 307
Diagnostics [ Diagnostics > Report > Persistent Logging ] File size [byte] Displays the size of the log file in the external memory in bytes. Buttons You find the description of the standard buttons in section “Buttons” on page Delete persistent log file Removes the log files from the external memory.
Diagnostics [ Diagnostics > Report > System Log ] 6.6.3 System Log [ Diagnostics > Report > System Log ] The device logs device-internal events in a log file (System Log). This dialog displays the log file (System Log). The dialog lets you save the log file in HTML format on your PC.
Diagnostics [ Diagnostics > Report > Audit Trail ] 6.6.4 Audit Trail [ Diagnostics > Report > Audit Trail ] This dialog displays the log file (Audit Trail). The dialog lets you save the log file as an HTML file on your PC.
Advanced [ Advanced > DHCP L2 Relay ] 7 Advanced The menu contains the following dialogs: DHCP L2 Relay DHCP Server Industrial Protocols Command Line Interface DHCP L2 Relay [ Advanced > DHCP L2 Relay ] A network administrator uses the DHCP L2 Relay Agent to add DHCP client information.
Page 312
Advanced [ Advanced > DHCP L2 Relay > Configuration ] 7.1.1 DHCP L2 Relay Configuration [ Advanced > DHCP L2 Relay > Configuration ] This dialog lets you activate the relay function on an interface and VLAN. When you activate this function on a port, the device either relays the Option 82 information or drops the information on untrusted ports.
Page 313
Advanced [ Advanced > DHCP L2 Relay > Configuration ] Possible values: marked The device accepts DHCP packets with Option 82 information. unmarked (default setting) The device discards DHCP packets received on non-secure ports that contain Option 82 information.
Page 314
Advanced [ Advanced > DHCP L2 Relay > Configuration ] Possible values: Specifies the IP address of the device as Remote ID. (default setting) Specifies the MAC address of the device as Remote ID. client-id Specifies the system name of the device as Remote ID. other ...
Advanced [ Advanced > DHCP L2 Relay > Statistics ] 7.1.2 DHCP L2 Relay Statistics [ Advanced > DHCP L2 Relay > Statistics ] The device monitors the traffic on the ports and displays the results in tabular form. This table is divided into various categories to aid you in traffic analysis. Table Port Displays the port number.
Advanced [ Advanced > DHCP Server ] DHCP Server [ Advanced > DHCP Server ] With the DHCP server, you manage a database of available IP addresses and configuration information. When the device receives a request from a client, the DHCP server validates the DHCP client network, and then leases an IP address.
Page 317
Advanced [ Advanced > DHCP Server > Global ] 7.2.1 DHCP Server Global [ Advanced > DHCP Server > Global ] Activate the function either globally or per port according to your requirements. Operation Operation Enables/disables the DHCP server function of the device globally. Possible values: ...
Advanced [ Advanced > DHCP Server > Pool ] 7.2.2 DHCP Server Pool [ Advanced > DHCP Server > Pool ] Assign an IP address to an end device or switch connected to a port or included in a VLAN. The DHCP server provides IP address pools from which it allocates IP addresses to clients.
Page 319
Advanced [ Advanced > DHCP Server > Pool ] Last IP address When using dynamic IP address assignment, this value specifies the end of the IP address range. Possible values: Valid IPv4 address Port Displays the port number. VLAN ID Displays the VLAN to which the table entry relates.
Page 320
For the IP address assignment, the server ignores this variable. Hirschmann device Activates/deactivates Hirschmann multicasts. If the device in this IP address range serves only Hirschmann devices, then activate this function. Possible values: marked In this IP address range, the device serves only Hirschmann devices. Hirschmann multicasts are activated.
Page 321
Advanced [ Advanced > DHCP Server > Pool ] Possible values: Valid IPv4 address Netmask Specifies the mask of the network to which the client belongs. A value of 0.0.0.0 disables the attachment of the option field in the DHCP message. Possible values: Valid IPv4 netmask ...
Advanced [ Advanced > DHCP Server > Lease Table ] 7.2.3 DHCP Server Lease Table [ Advanced > DHCP Server > Lease Table ] This dialog displays the status of IP address leasing on a per port basis. Table Port Displays the port number to which the address is currently being leased.
Advanced [ Advanced > Industrial Protocols ] Client ID Displays the client identifier of the device leasing the IP address. Remote ID Displays the remote identifier of the device leasing the IP address. Circuit ID Displays the Circuit ID of the device leasing the IP address. Buttons You find the description of the standard buttons in section “Buttons”...
Advanced [ Advanced > Industrial Protocols > IEC61850-MMS ] 7.3.1 IEC61850-MMS [ Advanced > Industrial Protocols > IEC61850-MMS ] The IEC61850-MMS is a standardized industrial communication protocol from the International Electrotechnical Commission (IEC). For example, automatic switching equipment uses this protocol when communicating with power station equipment.
Page 325
Advanced [ Advanced > Industrial Protocols > IEC61850-MMS ] Possible values: marked The write access to the MMS server is activated. This setting lets you change the device settings using the IEC 61850 MMS protocol. unmarked (default setting) The write access to the MMS server is deactivated.
Page 326
Advanced [ Advanced > Industrial Protocols > IEC61850-MMS ] stopping halted error Active sessions Displays the number of active MMS server connections. Buttons You find the description of the standard buttons in section “Buttons” on page Download Copies the ICD file to your PC.
Advanced [ Advanced > Industrial Protocols > Modbus TCP ] 7.3.2 Modbus TCP [ Advanced > Industrial Protocols > Modbus TCP ] Modbus TCP is a protocol used for Supervisory Control and Data Acquisition (SCADA) system integration. Modbus TCP is a vendor-neutral protocol used to monitor and control industrial automation equipment such as Programmable Logic Controllers (PLC), sensors and meters.
Page 328
Advanced [ Advanced > Industrial Protocols > Modbus TCP ] Possible values: marked (default setting) Modbus TCP server read/write access is active. This lets you change the device configuration using the Modbus TCP protocol. unmarked Modbus TCP server read-only access is active. TCP port Specifies the TCP port number that the Modbus TCP...
Advanced [ Advanced > CLI ] Command Line Interface [ Advanced > CLI ] This dialog lets you access the device using the Command Line Interface. The prerequisites are: In the device, enable the SSH server in the Device Security > Management Access > Server dialog, ...
The current manuals and operating instructions for Hirschmann products are available at doc.hirschmann.com. Hirschmann Competence Center The Hirschmann Competence Center is ahead of its competitors on three counts with its complete range of innovative services: Consulting incorporates comprehensive technical advice, from system evaluation through ...
Readers’ Comments C Readers’ Comments What is your opinion of this manual? We are constantly striving to provide as comprehensive a description of our product as possible, as well as important information to assist you in the operation of this product. Your comments and suggestions help us to further improve the quality of our documentation.
Page 337
Dear User, Please fill out and return this page as a fax to the number +49 (0)7127/14-1600 or per mail to Hirschmann Automation and Control GmbH Department 01RD-NT Stuttgarter Str. 45-51 72654 Neckartenzlingen Germany RM GUI GRS Release 8.0 09/2019...
Page 341
User Manual Configuration Greyhound Switch GRS1020-1030 HiOS-2S Technical support UM Config GRS Release 8.0 09/2019 https://hirschmann-support.belden.com...
Page 342
This document was produced by Hirschmann Automation and Control GmbH according to the best of the company's knowledge. Hirschmann reserves the right to change the contents of this document without prior notice. Hirschmann can give no guarantee in respect of the correctness or accuracy of the information in this document.
Page 343
Contents Contents Safety instructions............9 About this Manual .
Page 344
Contents User management ............59 3.2.1 Access roles.
Safety instructions Safety instructions WARNING UNCONTROLLED MACHINE ACTIONS To avoid uncontrolled machine actions caused by data loss, configure all the data transmission devices individually. Before you start any machine which is controlled via data transmission, be sure to complete the configuration of all data transmission devices.
About this Manual About this Manual The “Configuration” user manual contains the information you need to start operating the device. It takes you step by step from the first startup operation through to the basic settings for operation in your environment. The “Installation”...
The designations used in this manual have the following meanings: List Work step Link Cross-reference with link Note: A note emphasizes a significant fact or draws your attention to a dependency. Representation of a CLI command or field contents in the graphical user interface Courier Execution in the Graphical User Interface Execution in the Command Line Interface...
Introduction Introduction The device has been developed for use in a harsh industrial environment. Accordingly, the installation process has been kept simple. Thanks to the selected default settings, you only have to enter a few settings before starting to operate the device. UM Config GRS Release 8.0 09/2019...
User interfaces 1.1 Graphical User Interface 1 User interfaces The device lets you specify the settings of the device using the following user interfaces. Table 1: User interfaces for accessing the device management User interface Can be reached through … Prerequisite Graphical User Interface Ethernet (In-Band)
The Command Line Interface provides IT specialists with a familiar environment for configuring IT devices. As an experienced user or administrator, you have knowledge about the basics and about using Hirschmann devices. 1.2.1 Preparing the data connection Information for assembling and starting up your device can be found in the “Installation” user manual.
Page 357
User interfaces 1.2 Command Line Interface Telnet connection using PuTTY Proceed as follows: Start the PuTTY program on your computer. Figure 2: PuTTY input screen In the Host Name (or IP address) field you enter the IP address of your device. ...
Page 358
User interfaces 1.2 Command Line Interface Copyright (c) 2011-2019 Hirschmann Automation and Control GmbH All rights reserved GRS1020 Release 8.0 (Build date 2019-02-05 19:17) System Name GRS-ECE555B996DC Management IP : 192.168.1.5 Subnet Mask 255.255.255.0 Base MAC EC:E5:55:01:02:03 System Time 2019-01-01 17:39:01 NOTE: Enter '?' for Command Help.
User interfaces 1.2 Command Line Interface 1.2.3 Access to the Command Line Interface using SSH (Secure Shell) In the following example we use the PuTTY program. Another option to access your device using SSH is the OpenSSH Suite. Proceed as follows: Start the PuTTY program on your computer.
Page 360
User interfaces 1.2 Command Line Interface Click the Open button to set up the data connection to your device. Depending on the device and the time at which SSH was configured, setting up the connection takes up to a minute. When you first login to your device, towards the end of the connection setup, the PuTTY program...
User interfaces 1.2 Command Line Interface login as: admin admin@192.168.1.5’s password: Copyright (c) 2011-2019 Hirschmann Automation and Control GmbH All rights reserved GRS1020 Release 8.0 (Build date 2019-02-05 19:17) System Name GRS-ECE555B996DC Management IP : 192.168.1.5 Subnet Mask 255.255.255.0 Base MAC...
Page 362
User interfaces 1.2 Command Line Interface Proceed as follows: Connect the device to a terminal using the serial interface. Alternatively connect the device to a COM port of your PC using terminal emulation based on VT100 and press any key. Alternatively you set up the serial data connection to the device with the serial interface using ...
User interfaces 1.2 Command Line Interface Copyright (c) 2011-2019 Hirschmann Automation and Control GmbH All rights reserved GRS1020 Release 8.0 (Build date 2019-02-05 19:17) System Name GRS-ECE555B996DC Management IP : 192.168.1.5 Subnet Mask 255.255.255.0 Base MAC EC:E5:55:01:02:03 System Time 2019-01-01 17:39:01 NOTE: Enter '?' for Command Help.
In the Command Line Interface, the commands are grouped in the related modes, according to the type of the command. Every command mode supports specific Hirschmann software commands. The commands available to you as a user depend on your privilege level (administrator, operator, guest, auditor).
Page 365
User interfaces 1.2 Command Line Interface The following figure displays the modes of the Command Line Interface. ROOT Login Logout Limited The User Exec User Exec Mode functionality commands are available in Privileged Exec Mode, too. Enable Exit Basic functions, Privileged Exec Mode basic settings Vlan...
Page 366
User interfaces 1.2 Command Line Interface Global Config mode The Global Config mode lets you perform modifications to the current configuration. This mode groups general setup commands. Command prompt: (GRS) (config)# Interface Range mode The commands in the Interface Range mode affect a specific port, a selected group of multiple ports or all port of the device.
User interfaces 1.2 Command Line Interface Table 3: Command modes Command mode Access method Quit or start next mode VLAN mode From the Privileged Exec mode, you To end the VLAN mode and return to the enter the command Privileged Exec mode, you enter vlan database exit press Ctrl Z.
User interfaces 1.2 Command Line Interface When you enter a command and press the <Enter> key, the Command Line Interface starts the syntax analysis. The Command Line Interface searches the command tree for the desired command. When the command is outside the Command Line Interface command range, a message informs you of the detected error.
Page 369
User interfaces 1.2 Command Line Interface Parameters The sequence of the parameters is relevant for the correct syntax of a command. Parameters are required values, optional values, selections, or a combination of these things. The representation indicates the type of the parameter. Table 4: Parameter and command syntax Commands in pointed brackets (...
User interfaces 1.2 Command Line Interface Network addresses Network addresses are a requirement for establishing a data connection to a remote work station, a server, or another network. You distinguish between IP addresses and MAC addresses. The IP address is an address allocated by the network administrator. The IP address is unique in one network area.
User interfaces 1.2 Command Line Interface is the command name. radius server timeout The parameter is required. The value range is 1..30 Example 3: radius server auth modify <1..8> Command to set the parameters for RADIUS authentication server 1. (GRS) (config)#radius server auth modify 1 [name] RADIUS authentication server name.
Page 372
User interfaces 1.2 Command Line Interface Asterisk, pound sign and exclamation point Asterisk An asterisk in the first or second position of the input prompt displays you that the settings in the volatile memory and the settings in the non-volatile memory are different. In your configuration, the device has detected modifications which have not been saved.
User interfaces 1.2 Command Line Interface 1.2.11 Key combinations The following key combinations make it easier for you to work with the Command Line Interface: Table 8: Key combinations in the Command Line Interface Key combination Description CTRL + H, Backspace Delete previous character CTRL + A Go to beginning of line...
User interfaces 1.2 Command Line Interface (GRS) #help HELP: Special keys: Ctrl-H, BkSp delete previous character Ctrl-A ..go to beginning of line Ctrl-E ..go to end of line Ctrl-F ..go forward one character Ctrl-B ..go backward one character Ctrl-D ..
User interfaces 1.2 Command Line Interface Possible commands/parameters You can obtain a list of the commands or the possible parameters by entering , for example help by entering (GRS) >show ? When you enter the command displayed, you get a list of the parameters available for the command show When you enter the command without space character in front of the question mark, the device displays the help text for the command itself:...
Page 376
User interfaces 1.2 Command Line Interface Syntax of the „radius server auth add“ command Use this command to add a RADIUS authentication server. Mode: mode Global Config Privilege Level: Administrator Format: radius server auth add <1..8> ip <a.b.c.d> [name <string>] [port <1..65535>] –...
User interfaces 1.2 Command Line Interface 1.2.14 Service Shell The Service Shell is for service purposes only. The Service Shell lets users have access to internal functions of the device. When you need assistance with your device, the service personnel use the Service Shell to monitor internal conditions for example, the switch or CPU registers.
Page 378
User interfaces 1.2 Command Line Interface Display the Service Shell commands The prerequisite is that you already started the Service Shell. Perform the following steps: Enter and press the <Enter> key. help /mnt/fastpath # help Built-in commands: ------------------ . : [ [[ alias bg break cd chdir command continue echo eval exec exit export false fg getopts hash help history jobs kill let local pwd read readonly return set shift source test times trap true type ulimit umask unalias unset wait...
Page 379
User interfaces 1.2 Command Line Interface Enter and press the <Enter> key. serviceshell deactivate To reduce the effort when typing: – Enter and press the <Tab> key. – Enter and press the <Tab> key. This step is irreversible! Press the <Y>...
User interfaces 1.3 System monitor System monitor The System Monitor lets you set basic operating parameters before starting the operating system. 1.3.1 Functional scope In the System Monitor, you carry out the following tasks, for example: Managing the operating system and verifying the software image ...
Page 381
User interfaces 1.3 System monitor System Monitor 1 (Selected OS: ...-8.0 (2019-02-05 19:17)) Manage operating system Update operating system Start selected operating system Manage configurations Show boot code information End (reset and reboot) sysMon1> Figure 12: System Monitor 1 screen display Select a menu item by entering the number.
Specifying the IP parameters 2.1 IP parameter basics 2 Specifying the IP parameters When you install the device for the first time, enter the IP parameters. The device provides the following options for entering the IP parameters during the first installation: Entry using the Command Line Interface.
Specifying the IP parameters 2.1 IP parameter basics The first byte of an IP address is the network address. The worldwide leading regulatory board for assigning network addresses is the IANA ("Internet Assigned Numbers Authority"). When you require an IP address block, contact your Internet Service Provider (ISP). Your ISP contacts their local higher-level organization to reserve an IP address block: APNIC (Asia Pacific Network Information Center) ...
Page 384
Specifying the IP parameters 2.1 IP parameter basics Example of applying the subnet mask to IP addresses for subnetwork assignment: Decimal notation 129.218.65.17 128 < 129 191 › Class B Binary notation 10000001.11011010.01000001.00010001 Subnetwork 1 Network address Decimal notation 129.218.129.17 128 <...
Specifying the IP parameters 2.1 IP parameter basics Lorenzo receives the letter, removes the outer envelope and recognizes from the inner envelope that the letter is meant for Juliet. He places the inner envelope in a new outer envelope and searches his address list (the ARP table) for Juliet's MAC address;...
Specifying the IP parameters 2.2 Specifying the IP parameters using the Command Line Interface Specifying the IP parameters using the Command Line Interface There are several methods you enter the system configuration, either using BOOTP/DHCP, the HiDiscovery protocol, the external memory. You have the option of performing the configuration over the serial interface using the Command Line Interface.
Page 387
Specifying the IP parameters 2.2 Specifying the IP parameters using the Command Line Interface Note: If a terminal or PC with terminal emulation is unavailable in the vicinity of the installation location, you can configure the device at your own workstation, then take it to its final installation location.
Specifying the IP parameters 2.3 Specifying the IP parameters using HiDiscovery Specifying the IP parameters using HiDiscovery The HiDiscovery protocol enables you to assign IP parameters to the device using the Ethernet. You easily configure other parameters using the Graphical User Interface. Install the HiDiscovery software on your PC.
Page 389
Specifying the IP parameters 2.3 Specifying the IP parameters using HiDiscovery Note: Disable the HiDiscovery function in the device, after you have assigned the IP parameters to the device. Note: Save the settings so that you will still have the entries after a restart. UM Config GRS Release 8.0 09/2019...
Specifying the IP parameters 2.4 Specifying the IP parameters using the Graphical User Interface Specifying the IP parameters using the Graphical User Interface Perform the following steps: Open the Basic Settings > Network dialog. In this dialog you first specify the source from which the device gets its IP parameters after starting.
Specifying the IP parameters 2.5 Specifying the IP parameters using BOOTP Specifying the IP parameters using BOOTP With the BOOTP function activated the device sends a boot request message to the BOOTP server. The boot request message contains the Client ID configured in the Basic Settings >...
Specifying the IP parameters 2.6 Specifying the IP parameters using DHCP Specifying the IP parameters using DHCP The DHCP (Dynamic Host Configuration Protocol) is a further development of BOOTP, which it has replaced. The DHCP additionally lets the configuration of a DHCP client using a name instead of using the MAC address.
Page 393
Specifying the IP parameters 2.6 Specifying the IP parameters using DHCP The appendix contains an example configuration of the BOOTP/DHCP-server. Example of a DHCP-configuration file: # /etc/dhcpd.conf for DHCP Daemon subnet 10.1.112.0 netmask 255.255.240.0 { option subnet-mask 255.255.240.0; option routers 10.1.112.96; # Host berta requests IP configuration # with her MAC address host berta {...
Specifying the IP parameters 2.7 Management address conflict detection Management address conflict detection You assign an IP address to the device using several different methods. This function helps the device detect IP address conflicts on a network after boot up and the device also checks periodically during operation.
Access to the device 3.1 Authentication lists 3 Access to the device Authentication lists When a user accesses the device using a specific connection, the device verifies the credentials of the user in an authentication list which contains the policies that the device applies for authentication.
Access to the device 3.1 Authentication lists 3.1.3 Managing authentication lists You manage the authentication lists in the Graphical User Interface or in the Command Line Interface. Perform the following steps: Open the Device Security > Authentication List dialog. The dialog displays the authentication lists that are set up.
Access to the device 3.1 Authentication lists 3.1.4 Adjust the settings Example: Set up a separate authentication list for the application WebInterface which is by default included in the authentication list defaultLoginAuthList. The device forwards authentication requests to a RADIUS server in the network. As a fall-back solution, the device authenticates users using the local user management.
Page 398
Access to the device 3.1 Authentication lists Click the button. The right column now displays the application WebInterface. Click the button. The dialog displays the updated settings: – Dedicated applications column of authentication list loginGUI displays the application WebInterface. –...
Access to the device 3.2 User management User management When a user logs in with valid login data, the device lets the user have access to its device management. The device authenticates the users either using the local user management or with a RADIUS server in the network.
Page 400
Access to the device 3.2 User management Every user account is linked to an access role that regulates the access to the individual functions of the device. Depending on the planned activity for the respective user, you assign a pre-defined access role to the user.
Access to the device 3.2 User management 3.2.2 Managing user accounts You manage the user accounts in the Graphical User Interface or in the Command Line Interface. Perform the following steps: Open the Device Security > User Management dialog. The dialog displays the user accounts that are set up.
Access to the device 3.2 User management 3.2.4 Changing default passwords To help prevent undesired access, change the password of the default user accounts. Perform the following steps: Change the passwords for the admin user user accounts. Open the Device Security >...
Access to the device 3.2 User management 3.2.5 Setting up a new user account Allocate a separate user account to each user that accesses the device management. In this way you can specifically control the authorizations for the access. In the following example, we will set up the user account for a USER user with the role operator.
Access to the device 3.2 User management allocate the password. 3.2.6 Deactivating the user account After a user account is deactivated, the device denies the related user access to the device management. In contrast to completely deleting it, deactivating a user account lets you keep the settings and reuse them in the future.
Access to the device 3.2 User management 3.2.7 Adjusting policies for passwords The device lets you check whether the passwords for the user accounts adhere to the specified policy. When the passwords adhere to the policy, you obtain a higher level of complexity for the passwords.
Access to the device 3.3 SNMP access SNMP access The SNMP protocol lets you work with a network management system to monitor the device over the network and change its settings. 3.3.1 SNMPv1/v2 access Using SNMPv1 or SNMPv2 the network management system and the device communicate unencrypted.
Access to the device 3.3 SNMP access 3.3.2 SNMPv3 access Using SNMPv3 the network management system and the device communicate encrypted. The network management system authenticates itself with the device using the credentials of a user. The prerequisite for the SNMPv3 access is that in the network management system uses the same settings that are defined in the device.
Managing configuration profiles 4.1 Detecting changed settings 4 Managing configuration profiles If you change the settings of the device during operation, then the device stores the changes in its memory (RAM). After a reboot the settings are lost. In order to keep the changes after a reboot, the device lets you save additional settings in a configuration profile in the non-volatile memory (NVM).
Managing configuration profiles 4.2 Saving the settings Saving the settings 4.2.1 Saving the configuration profile in the device If you change the settings of the device during operation, then the device stores the changes in its memory (RAM). In order to keep the changes after a reboot, save the configuration profile in the non- volatile memory (NVM).
Page 410
Managing configuration profiles 4.2 Saving the settings Copying settings to a configuration profile The device lets you store the settings saved in the memory (RAM) in a configuration profile other than the "selected" configuration profile. In this way you create a new configuration profile in the non-volatile memory (NVM) or overwrite an existing one.
Managing configuration profiles 4.2 Saving the settings Change to the Configuration mode. configure Identifier of the configuration profile. config profile select nvm 1 Take note of the adjacent name of the configuration profile. Save the settings in the non-volatile memory ( save in the “selected”...
Managing configuration profiles 4.2 Saving the settings Enter the credentials needed to authenticate on the remote server. In the Operation option list, enable the function. To save the changes temporarily, click the button. Change to the Privileged EXEC mode. enable Check status of the function.
Page 413
Managing configuration profiles 4.2 Saving the settings To export the configuration profile to a remote server, perform the following steps: Click the button and then the Export... item. The dialog displays the Export... window. In the field, specify the file URL on the remote server: ...
Managing configuration profiles 4.3 Loading settings Loading settings If you save multiple configuration profiles in the memory, then you have the option to load a different configuration profile. 4.3.1 Activating a configuration profile The non-volatile memory of the device can contain multiple configuration profiles. If you activate a configuration profile stored in the non-volatile memory (NVM), then you immediately change the settings in the device.
Managing configuration profiles 4.3 Loading settings 4.3.2 Loading the configuration profile from the external memory If an external memory is connected, then the device loads a configuration profile from the external memory upon restart automatically. The device lets you save these settings in a configuration profile in non-volatile memory.
Page 416
Managing configuration profiles 4.3 Loading settings the script with a user-specified name. Save the file with the file extension .cli. Note: Verify that the script saved in the external memory is not empty. If the script is empty, then the device loads the next configuration profile as per the configuration priority settings. After applying the script, the device automatically saves the configuration profile from the script file as an XML file in the external memory.
Managing configuration profiles 4.3 Loading settings 4.3.3 Importing a configuration profile The device lets you import from a server a configuration profile saved as an XML file. If you use the Graphical User Interface, then you can import the XML file directly from your PC. Prerequisites: To save the file on a server, you need a configured server on the network.
Page 418
Managing configuration profiles 4.3 Loading settings To import the configuration profile from the external memory, perform the following steps: In the Import profile from external memory frame, Profile name drop-down list, select the name of the configuration profile to be imported. The prerequisite is that the external memory contains an exported configuration profile.
Managing configuration profiles 4.4 Reset the device to the factory defaults Reset the device to the factory defaults If you reset the settings in the device to the delivery state, then the device deletes the configuration profiles in the volatile memory and in the non-volatile memory. If an external memory is connected, then the device also deletes the configuration profiles saved in the external memory.
Page 420
Managing configuration profiles 4.4 Reset the device to the factory defaults To load the factory settings, press the <Enter> key. The device deletes the configuration profiles in the memory (RAM) and in the non-volatile memory (NVM). If an external memory is connected, then the device also deletes the configuration profiles saved in the external memory.
Hirschmann is continually working on improving and developing their software. Check regularly whether there is an updated version of the software that provides you with additional benefits. You find information and software downloads on the Hirschmann product pages on the Internet at www.hirschmann.com.
Loading software updates 5.2 Software update from a server Software update from a server To update the software using SFTP or SCP you need a server on which the image file of the device software is saved. To update the software using TFTP, SFTP or SCP you need a server on which the image file of the device software is saved.
Loading software updates 5.3 Software update from the external memory Software update from the external memory 5.3.1 Manually—initiated by the administrator The device lets you update the device software with a few mouse clicks. The prerequisite is that the image file of the device software is located in the external memory. Perform the following steps: Open the Basic Settings >...
Page 424
Loading software updates 5.3 Software update from the external memory Check the result of the update procedure. The log file in the Diagnostics > Report > System Log dialog contains one of the following messages: S_watson_AUTOMATIC_SWUPDATE_SUCCESS Software update completed successfully S_watson_AUTOMATIC_SWUPDATE_ABORTED ...
Loading software updates 5.4 Loading a previous software version Loading a previous software version The device lets you replace the device software with a previous version. The basic settings in the device are kept after replacing the device software. Note: Only the settings for functions which are available in the newer device software version are lost.
Configuring the ports 6.1 Enabling/disabling the port 6 Configuring the ports The following port configuration functions are available. Enabling/disabling the port Selecting the operating mode Enabling/disabling the port In the default setting, every port is enabled. For a higher level of access security, disable unconnected ports.
Configuring the ports 6.2 Selecting the operating mode Selecting the operating mode In the default setting, the ports are set to Automatic configuration operating mode. Note: The active automatic configuration has priority over the manual configuration. Perform the following steps: Open the dialog, tab.
Assistance in the protection from unauthorized access 7.1 Changing the SNMPv1/v2 community 7 Assistance in the protection from unauthorized access The device offers functions that help you protect the device against unauthorized access. After you set up the device, carry out the following steps in order to reduce possible unauthorized access to the device.
Assistance in the protection from unauthorized access 7.2 Disabling SNMPv1/v2 Disabling SNMPv1/v2 If you need SNMPv1 or SNMPv2, then use these protocols only in environments protected from eavesdropping. SNMPv1 and SNMPv2 do not use encryption. The SNMP packets contain the community in clear text.
Assistance in the protection from unauthorized access 7.3 Disabling HTTP Disabling HTTP The web server provides the Graphical User Interface with the protocol HTTP or HTTPS. HTTPS connections are encrypted, while HTTP connections are unencrypted. The HTTP protocol is enabled by default. If you disable HTTP, then no unencrypted access to the Graphical User Interface is possible.
Assistance in the protection from unauthorized access 7.4 Disabling Telnet Disabling Telnet The device lets you remotely access the device management using Telnet or SSH. Telnet connections are unencrypted, while SSH connections are encrypted. The Telnet server is enabled in the device by default. If you disable Telnet, then unencrypted remote access to the Command Line Interface is no longer possible.
Assistance in the protection from unauthorized access 7.5 Disabling the HiDiscovery access Disabling the HiDiscovery access HiDiscovery lets you assign IP parameters to the device over the network during commissioning. HiDiscovery communicates in the device management VLAN without encryption and authentication.
Assistance in the protection from unauthorized access 7.6 Activating the IP access restriction Activating the IP access restriction In the default setting, you access the device management from any IP address and with the supported protocols. The IP access restriction lets you restrict access to the device management to selected IP address ranges and selected IP-based protocols.
Page 434
Assistance in the protection from unauthorized access 7.6 Activating the IP access restriction Perform the following steps: Open the Device Security > Management Access > IP Access Restriction dialog. Unmark the checkbox in the Active column for the entry. ...
Page 435
Assistance in the protection from unauthorized access 7.6 Activating the IP access restriction Specify the IP address of the mobile phone network management access modify 3 ip 109.237.176.0 network. Specify the netmask of the mobile phone network. network management access modify 3 mask Deactivate SNMP for the address range of the network management access modify 3 snmp disable...
Assistance in the protection from unauthorized access 7.7 Adjusting the session timeouts Adjusting the session timeouts The device lets you automatically terminate the session upon inactivity of the logged-on user. The session timeout is the period of inactivity after the last user action. You can specify a session timeout for the following applications: Command Line Interface sessions using an SSH connection ...
Page 437
Assistance in the protection from unauthorized access 7.7 Adjusting the session timeouts Timeout for Command Line Interface sessions using a serial connection Perform the following steps: Open the dialog, tab. Device Security > Management Access > CLI Global Specify the timeout period in minutes in the Configuration frame, Serial interface timeout [min]...
Assistance in the protection from unauthorized access 7.8 Deactivating the unused modules Deactivating the unused modules The default settings allow access to the network. To help prevent unauthorized network access, deactivate the unused slots. The module establishes no network connections on a deactivated slot. Perform the following steps: Open the Basic Settings >...
Controlling the data traffic 8.1 Helping protect against unauthorized access 8 Controlling the data traffic The device checks the data packets to be forwarded in accordance with defined rules. Data packets to which the rules apply are either forwarded by the device or blocked. If data packets do not correspond to any of the rules, then the device blocks the packets.
Page 440
Controlling the data traffic 8.1 Helping protect against unauthorized access ICMP frame offers you 2 filter options for ICMP packets. Fragmentation of incoming ICMP packets is a sign of an attack. If you activate this filter, then the device detects fragmented ICMP packets and discards them.
Controlling the data traffic 8.2 ACL In this menu you can enter the parameters for the Access Control Lists (ACLs). The device uses ACLs to filter data packets received on VLANs or on individual or multiple ports. In a ACL, you specify rules that the device uses to filter data packets. When such a rule applies to a packet, the device applies the actions specified in the rule to the packet.
Controlling the data traffic 8.2 ACL 8.2.1 Creating and editing IPv4 rules When filtering IPv4 data packets, the device lets you: create new groups and rules add new rules to existing groups edit an existing rule activate and deactivate groups and rules ...
Controlling the data traffic 8.2 ACL 8.2.2 Creating and configuring an IP ACL using the Command Line Interface In the following example, you configure ACLs to block communications from computers B and C, to computer A via IP (TCP, UDP, etc.). IP: 10.0.1.11/24 IP: 10.0.1.13/24 Port 1...
Controlling the data traffic 8.2 ACL Leaves the interface mode. exit Displays the assignment of the IP ACL with ID show acl ip assignment 1 Displays the assignment of the IP ACL with ID show acl ip assignment 2 8.2.3 Creating and editing MAC rules When filtering MAC data packets, the device lets you: create new groups and rules...
Controlling the data traffic 8.2 ACL Adds a rule to position of the MAC ACL with the mac acl rule add 1 1 deny src any any dst any any etype appletalk rejecting packets with EtherType 0x809B (AppleTalk) Adds a rule to position of the MAC ACL with the mac acl rule add 1 2 deny src any any dst any any etype ipx-old...
Synchronizing the system time in the network 9.1 Basic settings 9 Synchronizing the system time in the network Many applications rely on a time that is as correct as possible. The necessary accuracy, and thus the allowable deviation from the actual time, depends on the application area. Examples of application areas include: Log entries ...
Synchronizing the system time in the network 9.1 Basic settings 9.1.1 Setting the time When no reference time source is available to you, you have the option to set the time in the device. After a cold start or reboot, if no real-time clock is available or the real-time clock contains an invalid time, then the device initializes its clock with January 1, 00:00h.
Synchronizing the system time in the network 9.1 Basic settings 9.1.2 Automatic daylight saving time changeover When you operate the device in a time zone in which there is a summer time change, you set up the automatic daylight saving time changeover on the Daylight saving time tab.
Synchronizing the system time in the network 9.2 SNTP SNTP The Simple Network Time Protocol (SNTP) lets you synchronize the system time in your network. The device supports the SNTP client and the SNTP server function. The SNTP server makes the UTC (Universal Time Coordinated) available. UTC is the time relating to the coordinated world time measurement.
Synchronizing the system time in the network 9.2 SNTP 9.2.1 Preparation Perform the following steps: To get an overview of how the time is passed on, draw a network plan with the devices participating in SNTP. When planning, bear in mind that the accuracy of the time depends on the delays of the SNTP messages.
Synchronizing the system time in the network 9.2 SNTP 9.2.2 Defining settings of the SNTP client As an SNTP client, the device obtains the time information from SNTP or NTP servers and synchronizes its system clock accordingly. Perform the following steps: Open the Time >...
Synchronizing the system time in the network 9.2 SNTP 9.2.3 Specifying SNTP server settings When the device operates as an SNTP server, it provides its system time in coordinated world time (UTC) in the network. Perform the following steps: Open the Time >...
Network load control 10.1 Direct packet distribution 10 Network load control The device features a number of functions that reduce the network load: Direct packet distribution Multicasts Rate limiter Prioritization - QoS Flow control 10.1 Direct packet distribution The device reduces the network load with direct packet distribution.
Network load control 10.1 Direct packet distribution 10.1.3 Static address entries In addition to learning the sender MAC address, the device also provides the option to set MAC addresses manually. These MAC addresses remain configured and survive resetting of the MAC address table (FDB) as well as rebooting of the device.
Page 455
Network load control 10.1 Direct packet distribution Open the dialog. Switching > Filter for MAC Addresses To disable a static address entry, select the value invalid in the Status column. To save the changes temporarily, click the button. ...
Network load control 10.2 Multicasts 10.2 Multicasts By default, the device floods data packets with a Multicast address, that is, the device forwards the data packets to every port. This leads to an increased network load. The use of IGMP snooping can reduce the network load caused by Multicast data traffic. IGMP snooping lets the device send Multicast data packets only on those ports to which devices “interested”...
Page 457
Network load control 10.2 Multicasts The IGMP snooping method also makes it possible for switches to use the IGMP function. A switch stores the MAC addresses derived from IP addresses of the Multicast receivers as recognized Multicast addresses in its MAC address table (FDB). In addition, the switch identifies the ports on which it has received reports for a specific Multicast address.
Page 458
(“learned”). Learn by LLDP A port with this setting automatically discovers other Hirschmann devices using LLDP (Link Layer Discovery Protocol). The device then learns the IGMP query status of this port from these Hirschmann devices and configures the IGMP Snooping Querier function accordingly.
Page 459
Network load control 10.2 Multicasts Prerequisite: IGMP Snooping function is enabled globally. Perform the following steps: Open the Switching > IGMP Snooping > Snooping Enhancements dialog. Double-click the desired port in the desired VLAN. To activate one or more functions, select the corresponding options. ...
Page 460
Network load control 10.2 Multicasts Prerequisite: IGMP Snooping function is enabled globally. Perform the following steps: Open the Switching > IGMP Snooping > Multicasts dialog. In the Configuration frame, you specify how the device sends data packets to unknown ...
Network load control 10.3 Rate limiter 10.3 Rate limiter The rate limiter function helps ensure stable operation even with high traffic volumes by limiting traffic on the ports. The rate limitation is performed individually for each port, as well as separately for inbound and outbound traffic.
Network load control 10.4 QoS/Priority 10.4 QoS/Priority QoS (Quality of Service) is a procedure defined in IEEE 802.1D which is used to distribute resources in the network. QoS lets you prioritize the data of necessary applications. When there is a heavy network load, prioritizing helps prevent data traffic with lower priority from interfering with delay-sensitive data traffic.
Network load control 10.4 QoS/Priority Prioritizing traffic classes For prioritization of traffic classes, the device uses the following methods: Strict When transmission of data of a higher traffic class is no longer taking place or the relevant data is still in the queue, the device sends data of the corresponding traffic class. If every traffic class is prioritized according to the Strict method, then under high network load the device can...
Network load control 10.4 QoS/Priority For data packets with VLAN tags, the device evaluates the following information: Priority information When VLANs are configured, VLAN tagging 4 Octets Figure 21: Structure of the VLAN tagging Data packets with VLAN tags containing priority information but no VLAN information (VLAN ID = 0), are known as Priority Tagged Frames.
Network load control 10.4 QoS/Priority Table 18: ToS field in the IP header (cont.) Bits (0-2): IP Precedence Defined Bits (3-6): Type of Service Bit (7) Defined 100 - Flash Override 0010 - [maximize reliability] 011 - Flash 0001 - [minimize monetary cost] 010 - Immediate 001 - Priority 000 - Routine...
Network load control 10.4 QoS/Priority 10.4.6 Queue management Defining settings for queue management Perform the following steps: Open the Switching > QoS/Priority > Queue Management dialog. The total assigned bandwidth in the column is 100%. Min. bandwidth [%] To activate Weighted Fair Queuing for Traffic class = 0, proceed as follows: ...
Network load control 10.4 QoS/Priority 10.4.7 Management prioritization In order for you to constantly have access to the device management, although there is a high network load, the device lets you prioritize management packets. When prioritizing management packets, the device sends the management packets with priority information.
Page 468
Network load control 10.4 QoS/Priority Assigning a VLAN priority of to traffic class classofservice dot1p-mapping 1 2 Change to the Privileged EXEC mode. exit Display the assignment. show classofservice dot1p-mapping Assign port priority to received data packets Perform the following steps: Change to the Privileged EXEC mode.
Page 469
Network load control 10.4 QoS/Priority Assigning the DSCP value to traffic class classofservice ip-dscp-mapping cs1 1 Displaying the IP DSCP assignments show classofservice ip-dscp-mapping IP DSCP Traffic Class ------------- ------------- (cs1) Assign the DSCP priority to received IP data packets Perform the following steps: Change to the Privileged EXEC mode.
Page 470
Network load control 10.4 QoS/Priority Assigning the VLAN priority of to management network management priority dot1p 7 packets. The device sends management packets with the highest priority. Displaying the priority of the VLAN in which the show network parms device management is located. IPv4 Network ------------ Management VLAN priority....7...
Network load control 10.5 Flow control 10.5 Flow control If a large number of data packets are received in the priority queue of a port at the same time, then this can cause the port memory to overflow. This happens, for example, when the device receives data on a Gigabit port and forwards it to a port with a lower bandwidth.
Network load control 10.5 Flow control Flow Control with a full duplex link In the example, there is a fullduplex link between Workstation 2 and the device. Before the send queue of port 2 overflows, the device sends a request to Workstation 2 to include a small break in the sending transmission.
VLANs 11 VLANs In the simplest case, a virtual LAN (VLAN) consists of a group of network participants in one network segment who can communicate with each other as though they belonged to a separate LAN. More complex VLANs span out over multiple network segments and are also based on logical (instead of only physical) connections between network participants.
VLANs 11.1 Examples of VLANs 11.1 Examples of VLANs The following practical examples provide a quick introduction to the structure of a VLAN. Note: When configuring VLANs you use an interface for accessing the device management that will remain unchanged. For this example, you use either interface 1/6 or the serial connection to configure the VLANs.
Page 475
VLANs 11.1 Examples of VLANs For this example, the status of the TAG field of the data packets has no relevance, so you use the setting U. Table 19: Ingress table Terminal Port Port VLAN identifier (PVID) Table 20: Egress table VLAN ID Port Perform the following steps:...
Page 476
VLANs 11.1 Examples of VLANs Change to the Privileged EXEC mode. exit Display the current VLAN configuration. show vlan brief Max. VLAN ID........4042 Max. supported VLANs......128 Number of currently configured VLANs... 3 vlan unaware mode......disabled VLAN ID VLAN Name VLAN Type VLAN Creation Time ---- -------------------------------- --------- ------------------ VLAN1...
VLANs 11.1 Examples of VLANs The port becomes a member of the VLAN vlan participation include 3 transmits the data packets without a VLAN tag. Assign the port VLAN ID to port vlan pvid 3 Change to the Configuration mode. exit Change to the interface configuration mode of interface 1/4...
Page 478
VLANs 11.1 Examples of VLANs Note: In this case, VLAN 1 has no significance for the end device communication, but it is required for the administration of the transmission devices via what is known as the Management VLAN. As in the previous example, uniquely assign the ports with their connected terminal devices to a VLAN.
Page 479
VLANs 11.1 Examples of VLANs The communication relationships here are as follows: end devices on ports 1 and 4 of the left device and end devices on ports 2 and 4 of the right device are members of VLAN 2 and can thus communicate with each other.
Page 480
VLANs 11.1 Examples of VLANs Here, the devices use VLAN tagging (IEEE 801.1Q) within the VLAN with the ID 1 (Uplink). The letter in the egress table of the ports indicates VLAN tagging. The configuration of the example is the same for the device on the right. Proceed in the same way, using the ingress and egress tables created above to adapt the previously configured left device to the new environment.
Page 481
VLANs 11.1 Examples of VLANs Open the dialog. Switching > VLAN > Port To assign the port to a VLAN, specify the desired value in the corresponding column. Possible values: = The port is a member of the VLAN. The port transmits tagged data packets. ...
Page 482
VLANs 11.1 Examples of VLANs Change to the interface configuration mode of interface 1/3 interface The port becomes a member of the VLAN vlan participation include 3 transmits the data packets without a VLAN tag. Assigning the Port VLAN ID to port vlan pvid 3 Change to the Configuration mode.
VLANs 11.2 Guest VLAN / Unauthenticated VLAN 11.2 Guest VLAN / Unauthenticated VLAN A Guest VLAN lets a device provide port-based Network Access Control (IEEE 802.1x) to non- 802.1x capable supplicants. This feature provides a mechanism to allow guests to access external networks only.
Page 484
VLANs 11.2 Guest VLAN / Unauthenticated VLAN Perform the following steps: Open the Switching > VLAN > Configuration dialog. Click the button. The dialog displays the Create window. In the VLAN ID field, specify the value 10. Click the button.
VLANs 11.3 RADIUS VLAN assignment 11.3 RADIUS VLAN assignment The RADIUS VLAN assignment feature makes it possible for a RADIUS VLAN ID attribute to be associated with an authenticated client. When a client authenticates successfully, and the RADIUS server sends a VLAN attribute, the device associates the client with the RADIUS assigned VLAN. As a result, the device adds the physical port as an untagged member to the appropriate VLAN and sets the port VLAN ID (PVID) with the given value.
VLANs 11.4 Creating a Voice VLAN 11.4 Creating a Voice VLAN Use the Voice VLAN feature to separate voice and data traffic on a port, by VLAN and/or priority. A primary benefit of using Voice VLAN is to safeguard the sound quality of an IP phone in cases where there is high data traffic on the port.
VLANs 11.5 VLAN unaware mode 11.5 VLAN unaware mode VLAN unaware mode defines the operation of the device in a LAN segmented by VLANs. The device accepts packets and processes them according to its inbound rules. Based on the IEEE 802.1Q specifications, the function governs how the device processes VLAN tagged packets.
Redundancy 12.1 Network Topology vs. Redundancy Protocols 12 Redundancy 12.1 Network Topology vs. Redundancy Protocols When using Ethernet, a significant prerequisite is that data packets follow a single (unique) path from the sender to the receiver. The following network topologies support this prerequisite: Line topology ...
An MRP-Ring consists of up to 50 devices that support the MRP protocol according to IEC 62439. When you only use Hirschmann devices, up to 100 devices are possible in the MRP-Ring. Subring Ring...
An MRP-Ring consists of up to 50 devices that support the MRP protocol according to IEC 62439. When you only use Hirschmann devices, up to 100 devices are possible in the MRP-Ring. When you use the fixed MRP redundant port (Fixed Backup) and the primary ring link fails, the Ring Manager forwards data to the secondary ring link.
When the ring participants inform the Ring Manager of interruptions in the ring via link-down notifications, the advanced mode speeds up the link failure recognition. Hirschmann devices support link-down notifications. Therefore, you generally activate the advanced mode in the Ring Manager.
Redundancy 12.2 Media Redundancy Protocol (MRP) 12.2.5 Example Configuration A backbone network contains 3 devices in a line structure. To increase the availability of the network, you convert the line structure to a redundant ring structure. Devices from different manufacturers are used.All devices support MRP. On every device you define ports 1.1 and 1.2 as ring ports.
Page 494
Redundancy 12.2 Media Redundancy Protocol (MRP) Note: You configure optical ports without support for autonegotiation (automatic configuration) with 100 Mbit/s full duplex (FDX) or 1000 Mbit/s full duplex (FDX). Note: You configure optical ports without support for autonegotiation (automatic configuration) with 100 Mbit/s full duplex (FDX).
Page 495
Redundancy 12.2 Media Redundancy Protocol (MRP) When configuring with the Graphical User Interface, the device uses the default value 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255. Creates a new MRP domain with the ID mrp domain add default-domain default- domain...
Page 496
Redundancy 12.2 Media Redundancy Protocol (MRP) Switch the operation of the MRP-Ring on. To save the changes temporarily, click the button. Activates the MRP-Ring. mrp domain modify operation enable When every ring participant is configured, close the line to the ring. To do this, you connect the ...
Page 497
Redundancy 12.2 Media Redundancy Protocol (MRP) In the field, define the MRP VLAN ID. The MRP VLAN ID determines in which of VLAN ID the configured VLANs the device transmits the MRP packets. To set the MRP VLAN ID, first configure the VLANs and the corresponding egress rules in the Switching >...
Redundancy 12.3 Spanning Tree 12.3 Spanning Tree Note: The Spanning Tree Protocol is a protocol for MAC bridges. For this reason, the following description uses the term bridge for the device. Local networks are getting bigger and bigger. This applies to both the geographical expansion and the number of network participants.
Redundancy 12.3 Spanning Tree 12.3.1 Basics Because RSTP is a further development of the STP, every of the following descriptions of the STP also apply to RSTP. The tasks of the STP The Spanning Tree Algorithm reduces network topologies built with bridges and containing ring structures due to redundant links to a tree structure.
Page 500
Redundancy 12.3 Spanning Tree Root Path Cost Each path that connects 2 bridges is assigned a cost for the transmission (path cost). The device determines this value based on the transmission speed (see table 28). It assigns a higher path cost to paths with lower transmission speeds.
Page 501
Redundancy 12.3 Spanning Tree Max Age and Diameter The “Max Age” and “Diameter” values largely determine the maximum expansion of a Spanning Tree network. Diameter The number of connections between the devices in the network that are furthest removed from each other is known as the network diameter.
Redundancy 12.3 Spanning Tree 12.3.2 Rules for Creating the Tree Structure Bridge information To determine the tree structure, the bridges need more detailed information about the other bridges located in the network. To obtain this information, each bridge sends a BPDU (Bridge Protocol Data Unit) to the other bridges.
Page 503
Redundancy 12.3 Spanning Tree When there are multiple paths with the same root path costs, the bridge further away from the root decides which port it blocks. For this purpose, it uses the bridge identifiers of the bridge closer to the root. The bridge blocks the port that leads to the bridge with the numerically higher ID (a numerically higher ID is the logically worse one).
Redundancy 12.3 Spanning Tree 12.3.3 Examples Example of determining the root path You can use the network plan (see figure 37) to follow the flow chart (see figure 36) for determining the root path. The administrator has specified a priority in the bridge identification for each bridge. The bridge with the smallest numerical value for the bridge identification takes on the role of the root bridge, in this case, bridge 1.
Page 505
Redundancy 12.3 Spanning Tree Example of manipulating the root path You can use the network plan (see figure 38) to follow the flow chart (see figure 36) for determining the root path. The Administrator has performed the following: • Left the default value of 32768 (8000H) for every bridge apart from bridge 1 and bridge 5, and •...
Page 506
Redundancy 12.3 Spanning Tree When the Management Administrator configures bridge 2 as the root bridge, the burden of the control packets on the subnetworks is distributed much more evenly. The result is the configuration shown here (see figure 39). The path costs for most of the bridges to the root bridge have decreased.
Redundancy 12.4 The Rapid Spanning Tree Protocol 12.4 The Rapid Spanning Tree Protocol The RSTP uses the same algorithm for determining the tree structure as STP. When a link or bridge becomes inoperable, RSTP merely changes parameters, and adds new parameters and mechanisms that speed up the reconfiguration.
Redundancy 12.4 The Rapid Spanning Tree Protocol Backup port This is a blocked port that serves as a backup in case the connection to the designated port of this network segment (without any RSTP bridges) is lost Disabled port ...
Redundancy 12.4 The Rapid Spanning Tree Protocol Learning: Address learning active (FDB), no data traffic apart from STP-BPDUs Forwarding: Address learning active (FDB), sending and receiving of every packet type (not only STP-BPDUs) 12.4.3 Spanning Tree Priority Vector To assign roles to the ports, the RSTP bridges exchange configuration information with each other.
Redundancy 12.4 The Rapid Spanning Tree Protocol 12.4.6 Configuring the device RSTP configures the network topology completely independently. The device with the lowest bridge priority automatically becomes the root bridge. However, to define a specific network structure regardless, you specify a device as the root bridge. In general, a device in the backbone takes on this role.
Page 511
Redundancy 12.4 The Rapid Spanning Tree Protocol Specifies the delay time for the status change in spanning-tree forward-time <4..30> seconds. Specifies the maximum permissible branch length, spanning-tree max-age <6..40> for example the number of devices to the root bridge. show spanning-tree global Displays the parameters for checking.
Redundancy 12.4 The Rapid Spanning Tree Protocol 12.4.7 Guards The device lets you activate various protection functions (guards) in the device ports. The following protection functions help protect your network from incorrect configurations, loops and attacks with STP-BPDUs: BPDU Guard – for manually specified edge ports (end device ports) ...
Page 513
Redundancy 12.4 The Rapid Spanning Tree Protocol TCN Guard – for ports that receive STP-BPDUs with a Topology Change flag You activate this protection function separately for every device port. Hacker If the protection function is activated, then the device ignores Topology Change flags in received STP-BPDUs.
Page 514
Redundancy 12.4 The Rapid Spanning Tree Protocol Open the dialog. Switching > L2-Redundancy > Spanning Tree > Port Switch to the CIST tab. For end device ports, mark the checkbox in the Admin edge portcolumn. To save the changes temporarily, click the button.
Page 515
Redundancy 12.4 The Rapid Spanning Tree Protocol Activating Root Guard / TCN Guard / Loop Guard Open the Switching > L2-Redundancy > Spanning Tree > Port dialog. Switch to the Guards tab. For designated ports, select the checkbox in the column.
Redundancy 12.5 Link Aggregation 12.5 Link Aggregation Link Aggregation using the single switch method helps you overcome 2 limitations with ethernet links, namely bandwidth, and redundancy. The Link Aggregation Group (LAG) function helps you overcome bandwidth limitations of individual ports. LAG lets you combine 2 or more links in parallel, creating 1 logical link between 2 devices. The parallel links increase the bandwidth for traffic between the 2 devices.
Page 517
Redundancy 12.5 Link Aggregation Use the following steps to setup Switch 1 and 2 in the Graphical User Interface. Open the Switching > L2-Redundancy > Link Aggregation dialog. Click the button. The dialog displays the Create window. In the Trunk port drop-down list, select the instance number of the link aggregation group.
Redundancy 12.6 Link Backup 12.6 Link Backup Link Backup provides a redundant link for traffic on Layer 2 devices. When the device detects an error on the primary link, the device transfers traffic to the backup link. You typically use Link Backup in service-provider or enterprise networks.
Page 519
Redundancy 12.6 Link Backup When port returns to the active state, “no shutdown“, with Fail back activated, and Fail back delay set to 30 seconds. After the timer expires, port first blocks the traffic and then port starts forwarding the traffic. Switch B Switch C Port 1...
Note: When you use the Ring/Network Coupling protocol to couple a network to the main ring, verify that the networks contain only Hirschmann devices. Use the following table to select the FuseNet coupling protocol to be used in your network:...
Redundancy 12.8 Subring 12.8 Subring Sub Ring function is an extension of the Media Redundancy Protocol (MRP). This function lets you couple a subring to a main ring using various network structures. The Subring protocol provides redundancy for devices by coupling both ends of an otherwise flat network to a main ring.
Page 522
Redundancy 12.8 Subring The following figures display examples of possible subring topologies: SRM 1 SRM 2 SRM 3 SRM 4 Figure 44: Example of an overlapping subring structure SRM 1 SRM 2 SRM 3 Figure 45: Special case: A Subring Manager manages 2 subrings (2 instances). The Subring Manager is capable of managing up to 2 instances.
Redundancy 12.8 Subring If you use MRP for the main ring and the subring, then specify the VLAN settings as follows: VLAN for the main ring – on the ring ports of the main ring participants – on the main ring ports of the Subring Manager VLAN for the Subring ...
– Assign the same MRP domain ID to the main ring and subring devices. When you only use Hirschmann devices, the default values suffice for the MRP domain ID. to 255. The default value Note: The...
Page 525
Redundancy 12.8 Subring In the Name column, assign a name to the subring. For this example enter Test In the SRM mode column, select Subring Manager mode. You thus specify which port for coupling the subring to the main ring becomes the redundant manager.
Operation diagnosis 13.1 Sending SNMP traps 13 Operation diagnosis The device provides you with the following diagnostic tools: Sending SNMP traps Monitoring the Device Status Out-of-Band signaling using the signal contact Port status indication Event counter at port level ...
Operation diagnosis 13.1 Sending SNMP traps 13.1.1 List of SNMP traps The following table displays possible SNMP traps sent by the device. Table 31: Possible SNMP traps Name of the SNMP trap Meaning authenticationFailure When a station attempts to access an agent without authorisation, this trap is sent.
Operation diagnosis 13.1 Sending SNMP traps 13.1.2 SNMP traps for configuration activity After you save a configuration in the memory, the device sends a hm2ConfigurationSavedTrap. This SNMP trap contains both the Non-Volatile Memory (NVM) and External Non-Volatile Memory (ENVM) state variables indicating whether the running configuration is in sync with the NVM, and with the ENVM.
Operation diagnosis 13.2 Monitoring the Device Status 13.2 Monitoring the Device Status The device status provides an overview of the overall condition of the device. Many process visualization systems record the device status for a device in order to present its condition in graphic form.
Operation diagnosis 13.2 Monitoring the Device Status 13.2.2 Configuring the Device Status Perform the following steps: Open the dialog, tab. Diagnostics > Status Configuration > Device Status Global For the parameters to be monitored, mark the checkbox in the Monitor column.
Page 531
Operation diagnosis 13.2 Monitoring the Device Status Monitors the temperature in the device. When the device-status monitor temperature temperature exceeds or falls below the specified limit, the value in the Device status frame changes to error. Monitors the modules. When you remove a module device-status monitor module-removal from the device, the value in the Device status...
Operation diagnosis 13.2 Monitoring the Device Status 13.2.3 Displaying the Device Status Perform the following steps: Open the dialog. Basic Settings > System In the EXEC Privilege mode: Displays the device show device-status all status and the setting for the device status determination.
Operation diagnosis 13.3 Security Status 13.3 Security Status The Security Status provides an overview of the overall security of the device. Many processes aid in system visualization by recording the security status of the device and then presenting its condition in graphic form. The device displays the overall security status in the Basic Settings >...
Operation diagnosis 13.3 Security Status Table 33: Security Status events (cont.) Name Meaning IEC61850-MMS active The device monitors the IEC 61850-MMS protocol activation setting. Modbus TCP active The device monitors the Modbus TCP/IP protocol activation setting. Self-signed HTTPS certificate The device monitors the HTTPS server for self-created digital present certificates.
Page 535
Operation diagnosis 13.3 Security Status Monitors the HTTP server. When you enable the security-status monitor http-enabled HTTP server, the value in the Security status frame changes to error. Monitors the SNMP server. security-status monitor snmp-unsecure When at least one of the following conditions applies, the value in the Security status frame...
Operation diagnosis 13.3 Security Status 13.3.3 Displaying the Security Status Perform the following steps: Open the dialog. Basic Settings > System In the EXEC Privilege mode, display the security show security-status all status and the setting for the security status determination.
Operation diagnosis 13.4 Out-of-Band signaling 13.4 Out-of-Band signaling The device uses the signal contact to control external devices and monitor device functions. Function monitoring enables you to perform remote diagnostics. The device reports the operating status using a break in the potential-free signal contact (relay contact, closed circuit) for the selected mode.
Operation diagnosis 13.4 Out-of-Band signaling Select the manual setting mode for signal contact signal-contact 1 mode manual Open signal contact signal-contact 1 state open Close signal contact signal-contact 1 state closed 13.4.2 Monitoring the Device and Security Statuses In the Configuration field, you specify which events the signal contact indicates.
Page 539
Operation diagnosis 13.4 Out-of-Band signaling Monitors the ring redundancy. signal-contact 1 monitor ring- redundancy The signal contact opens in the following situations: • The redundancy function becomes active (loss of redundancy reserve). • The device is a normal ring participant and detects an error in its settings.
Page 540
Operation diagnosis 13.4 Out-of-Band signaling Events which can be monitored Table 34: Device Status events Name Meaning Temperature When the temperature exceeds or falls below the value specified. Ring redundancy When ring redundancy is present, enable this function to monitor. Enable this function to monitor every port link event in which the Connection errors Propagate connection error...
Operation diagnosis 13.5 Port status indication 13.5 Port status indication Perform the following steps: Open the Basic Settings > System dialog. The dialog displays the device with the current configuration. Furthermore, the dialog indicates the status of the individual ports with a symbol. The following symbols represent the status of the individual ports.
Operation diagnosis 13.6 Port event counter 13.6 Port event counter The port statistics table lets experienced network administrators identify possible detected problems in the network. This table displays the contents of various event counters. The packet counters add up the events sent and the events received.
Page 543
Operation diagnosis 13.6 Port event counter Electromagnetic interference. Network extension The network extension is too great, or too many cascading hubs. Collisions, Late Collisions In full-duplex mode, no incrementation of the port counters for collisions or Late Collisions. CRC Error ...
Operation diagnosis 13.7 Auto-Disable 13.7 Auto-Disable The device can disable a port due to several configurable reasons. Each reason causes the port to “shut down”. In order to recover the port from the shut down state, you can manually clear the condition which caused the port to shut down or specify a timer to automatically re-enable the port.
Page 545
Operation diagnosis 13.7 Auto-Disable In the Action column you can choose how the device reacts to detected errors. In this example, the device disables port for threshold violations and then automatically re- enables the port. To allow the device to disable and automatically re-enable the port, select the value ...
Operation diagnosis 13.8 Displaying the SFP status 13.8 Displaying the SFP status The SFP status display lets you look at the current SFP module connections and their properties. The properties include: module type serial number of media module temperature in º...
Operation diagnosis 13.9 Topology discovery 13.9 Topology discovery IEEE 802.1AB defines the Link Layer Discovery Protocol (LLDP). LLDP lets the user automatically detect the LAN network topology. Devices with LLDP active: broadcast their connection and management information to neighboring devices on the shared ...
Operation diagnosis 13.9 Topology discovery If you connect the port to devices with the topology discovery function active, then the devices exchange LLDP Data Units (LLDPDU) and the topology table displays these neighboring devices. When a port connects only devices without an active topology discovery, the table contains a line for this port to represent the connected devices.
Operation diagnosis 13.10 Detecting loops 13.10 Detecting loops Loops in the network cause connection interruptions or data losses. This also applies to temporary loops. The automatic detection and reporting of this situation lets you detect it faster and diagnose it more easily. An incorrect configuration causes loops, for example, deactivating Spanning Tree.
Operation diagnosis 13.11 Reports 13.11 Reports The following lists reports and buttons available for diagnostics: System Log file The log file is an HTML file in which the device writes device-internal events. Audit Trail Logs successful commands and user comments. The file also includes SNMP logging. Persistent Logging ...
Page 551
Operation diagnosis 13.11 Reports When you activate the logging of SNMP requests, the device logs the requests as events in the Syslog. The Log SNMP get request function logs user requests for device configuration information. Log SNMP set request function logs device configuration events. Specify the minimum level for events that the device logs in the Syslog.
Operation diagnosis 13.11 Reports 13.11.2 Syslog The device enables you to send messages about device internal events to one or more Syslog servers (up to 8). Additionally, you also include SNMP requests to the device as events in the Syslog. Note: To display the logged events, open the Diagnostics >...
Operation diagnosis 13.11 Reports Server IP Port Max. Severity Type Status ----- -------------- ----- -------------- ---------- ------- 10.0.1.159 error systemlog active Change to the Configuration mode. configure Logs SNMP GET requests. logging snmp-requests get operation The value specifies the severity level of the event logging snmp-requests get severity 5 that the device logs in case of SNMP GET requests.
Page 554
Operation diagnosis 13.11 Reports The following list contains log events: changes to configuration parameters Commands (except commands) using the Command Line Interface show Command using the Command Line Interface which logs the logging audit-trail <string> comment Automatic changes to the System Time ...
Operation diagnosis 13.12 Network analysis with TCPdump 13.12 Network analysis with TCPdump Tcpdump is a packet-sniffing UNIX utility used by network administrators to sniff and analyze traffic on a network. A couple of reasons for sniffing traffic on a network is to verify connectivity between hosts, or to analyze the traffic traversing the network.
Operation diagnosis 13.13 Monitoring the data traffic 13.13 Monitoring the data traffic The device lets you forward data packets that pass through the device to a destination port. There you can monitor and evaluate the data packets. The device provides you with the following options: Port Mirroring ...
Page 557
Operation diagnosis 13.13 Monitoring the data traffic Enabling the Port Mirroring function Perform the following steps: Open the dialog. Diagnostics > Ports > Port Mirroring Specify the source ports. Mark the checkbox in the Enabled column for the relevant ports. Specify the destination port.
Operation diagnosis 13.14 Self-test 13.14 Self-test The device checks its assets during the boot process and occasionally thereafter. The device checks system task availability or termination and the available amount of memory. Furthermore, the device checks for application functionality and any hardware degradation in the chip set. If the device detects a loss in integrity, then the device responds to the degradation with a user- defined action.
Page 559
Operation diagnosis 13.14 Self-test Perform the following steps: Open the Diagnostics > System > Selftest dialog. In the Action column, specify the action to perform for a cause. To save the changes temporarily, click the button. Change to the Privileged EXEC mode. enable Change to the Configuration mode.
Operation diagnosis 13.15 Copper cable test 13.15 Copper cable test Use this feature to test copper cables attached to an interface for a short or open circuit. The test interrupts traffic flow, when in progress, on this port. The table displays the state and lengths of each individual pair. The device returns a result with the following meaning: normal - indicates that the cable is operating properly ...
Advanced functions of the device 14.1 Using the device as a DHCP server 14 Advanced functions of the device 14.1 Using the device as a DHCP server A DHCP server ("Dynamic Host Configuration Protocol") assigns IP addresses, Gateways, and other networking definitions such as DNS and NTP parameters to clients. The DHCP operations fall into 4 basic phases: IP discovery, IP lease offer, IP request, and IP lease acknowledgment.
Advanced functions of the device 14.1 Using the device as a DHCP server 14.1.2 DHCP server static IP address example In this example, configure the device to allocate a static IP address to a port. The device recognizes clients with unique hardware identification. The Hardware ID in this case is the client MAC address 00:24:E8:D6:50:51.
Advanced functions of the device 14.1 Using the device as a DHCP server 14.1.3 DHCP server dynamic IP address range example The device lets you create dynamic IP address ranges. Leave the address, Client Remote ID Circuit ID fields empty. To create dynamic IP address ranges with gaps between the ranges add several entries to the table.
Advanced functions of the device 14.2 DHCP L2 Relay 14.2 DHCP L2 Relay A network administrator uses the DHCP Layer 2 Relay agent to add DHCP client information. This information is required by Layer 3 Relay agents and DHCP servers to assign an address and configuration to a client.
Advanced functions of the device 14.2 DHCP L2 Relay 14.2.2 DHCP L2 Relay configuration Advanced > DHCP L2 Relay > Configuration dialog lets you activate the function on the active ports and on the VLANs. The device forwards DHCP packets with Option 82 information on those ports for which the checkbox in the DHCP L2 Relay column and in the...
Page 566
Advanced functions of the device 14.2 DHCP L2 Relay Verify that VLAN 2 is present then perform the following steps on Switch 1: Configure VLAN 2, and specify port as a member of VLAN 2. Change to the Privileged EXEC mode. enable Change to the VLAN configuration mode.
Advanced functions of the device 14.3 GARP 14.3 GARP The Generic Attribute Registration Protocol (GARP) is defined by the IEEE to provide a generic framework so switches can register and deregister attribute values, such as VLAN identifiers and Multicast group membership. If an attribute for a participant is registered or deregistered according to the function, then the GARP...
Advanced functions of the device 14.3 GARP 14.3.2 Configuring GVRP You use the GVRP function to allow the device to exchange VLAN configuration information with other GVRP devices. Thus reducing unnecessary Broadcast and unknown Unicast traffic. Besides function dynamically creates and manages VLANs on devices connected through GVRP 802.1Q trunk ports.
Advanced functions of the device 14.4 MRP-IEEE 14.4 MRP-IEEE The IEEE 802.1ak amendment to the IEEE 802.1Q standard introduced the Multiple Registration Protocol (MRP) to replace the Generic Attribute Registration Protocol (GARP). The IEEE also modified and replaced the GARP applications, GARP Multicast Registration Protocol (GMRP) and...
Advanced functions of the device 14.4 MRP-IEEE The following list contains various MRP events that the device transmits: Join - Controls the interval for the next Join message transmission Leave - Controls the length of time that a switch waits in the Leave state before changing to the ...
Advanced functions of the device 14.4 MRP-IEEE To enable the MMRP function on the switches, proceed as follows. Perform the following steps: Open the dialog, tab. Switching > MRP-IEEE > MMRP Configuration To activate port and port MMRP participants, mark the checkbox in the MMRP column ...
Page 572
Advanced functions of the device 14.4 MRP-IEEE MVRP example Set up a network comprised of MVRP aware switches (1 - 4) connected in a ring topology with end device groups, A1, A2, B1, and B2 in 2 different VLANs, A and B. With STP enabled on the switches, the ports connecting switch 1 to switch 4 are in the discarding state, helping prevent a loop condition.
Page 573
Advanced functions of the device 14.4 MRP-IEEE Enabling the MVRP function on the port. mrp-ieee mvrp operation Change to the interface configuration mode of interface 1/2 interface Enabling the function on the port. mrp-ieee mvrp operation MVRP Change to the Configuration mode. exit Enabling the Periodic state machine...
With the creation of the first optical LAN to be active worldwide, at the University of Stuttgart in 1984, Hirschmann laid the foundation for industry-compatible office communication devices. Thanks to Hirschmann's initiative with the world's first rail hub in the 1990s, Ethernet transmission devices such as switches, routers and firewalls are now available for the toughest automation conditions.
Industry Protocols 15.1 IEC 61850/MMS 15.1 IEC 61850/MMS IEC 61850/MMS is an industrial communication protocol standardized by the International Electrotechnical Commission (IEC). The protocol is to be found in substation automation, for example in the control technology of energy suppliers. This protocol, which works in a packet-oriented way, is based on the TCP/IP transport protocol and uses the Manufacturing Messaging Specification (MMS) for the client-server communication.
Industry Protocols 15.1 IEC 61850/MMS Table 38: Classes of the bridge model based on TR IEC61850 90-4 (cont.) Class Description logical node: LN LCCF Channel Communication Filtering Defines the VLAN and Multicast settings for the higher-level Communication Channel LN LBSP logical node: Port Spanning Tree Protocol Defines the Spanning Tree statuses and settings for the respective physical...
Page 577
Industry Protocols 15.1 IEC 61850/MMS Monitoring the device The IEC61850/MMS server integrated into the device lets you monitor multiple statuses of the device by means of the Report Control Block (RCB). Up to 5 MMS clients can register for a Report Control Block at the same time.
Industry Protocols 15.2 Modbus TCP 15.2 Modbus TCP Modbus TCP is an application layer messaging protocol providing client/server communication between the client and devices connected in Ethernet TCP/IP networks. Modbus TCP function lets you install the device in networks already using Modbus TCP retrieve information saved in the registers in the device.
Page 580
Industry Protocols 15.2 Modbus TCP Port Statistics Table 41: Port Statistics Address Description Step Unit Format 0800 Port1 - Number of bytes received 4294967295 0802 Port1 - Number of bytes sent 4294967295 0804 Port1 - Number of frames received 4294967295 0806 Port1 - Number of frames sent 4294967295...
Industry Protocols 15.2 Modbus TCP 15.2.3 Example Configuration In this example, you configure the device to respond to client requests. The prerequisite for this configuration is that the client device is configured with an IP address within the given range. The function remains inactive for this example.
Page 582
Industry Protocols 15.2 Modbus TCP Specifies that the device monitors the activation of security-status monitor modbus-tcp- enabled Modbus TCP server. Activates the Modbus TCP server. modbus-tcp operation Specify the TCP port for modbus-tcp port <1..65535> Modbus TCP communication (optionally). The default value is port Display the Modbus TCP...
Setting up the configuration environment A.1 Setting up a DHCP/BOOTP server A Setting up the configuration environment Setting up a DHCP/BOOTP server The following example describes the configuration of a DHCP server using the haneWIN DHCP Server software. This shareware software is a product of IT-Consulting Dr. Herbert Hanewinkel. You can download the software from https://www.hanewin.net.
Page 584
Setting up the configuration environment A.1 Setting up a DHCP/BOOTP server Figure 56: DHCP setting To enter the configuration profiles, select Options > Configuration Profiles in the menu bar. Specify the name for the new configuration profile. Click the button.
Page 585
Setting up the configuration environment A.1 Setting up a DHCP/BOOTP server Enter the path and the file name for the configuration file. Click the Apply button and then the button. Figure 59: Configuration file on the tftp server Add a profile for each device type.
Page 586
Setting up the configuration environment A.1 Setting up a DHCP/BOOTP server Enter the IP address of the device. Select the configuration profile of the device. Click the Apply button and then the button. Figure 63: Entries for static addresses Add an entry for each device that will get its parameters from the DHCP server.
Setting up the configuration environment A.2 Setting up a DHCP server with Option 82 Setting up a DHCP server with Option 82 The following example describes the configuration of a DHCP server using the haneWIN DHCP Server software. This shareware software is a product of IT-Consulting Dr. Herbert Hanewinkel. You can download the software from https://www.hanewin.net.
Page 588
Sub-identifier for the type of the Circuit ID Length of the Circuit ID. Hirschmann identifier: when a Hirschmann device is connected to the port, otherwise 00. vvvv VLAN ID of the DHCP request. Default setting: 0001 = VLAN 1 ...
Page 589
Setting up the configuration environment A.2 Setting up a DHCP server with Option 82 Switch (Option 82) MAC = IP = 00:80:63:10:9a:d7 192.168.112.100 DHCP Server IP = 192.168.112.1 IP = 192.168.112.100 Figure 70: Application example of using Option 82 UM Config GRS Release 8.0 09/2019...
Setting up the configuration environment A.3 Preparing access via SSH Preparing access via SSH To access the device using SSH, perform the following steps: Generate a key in the device. Transfer your own key onto the device. Prepare access to the device in the SSH client program. ...
Setting up the configuration environment A.3 Preparing access via SSH A.3.2 Loading your own key onto the device OpenSSH gives experienced network administrators the option of generating an own key. To generate the key, enter the following commands on your PC: ssh-keygen(.exe) -q -t rsa -f rsa.key -C '' -N '' rsaparam -out rsaparam.pem 2048 The device lets you transfer your own SSH key onto the device.
Page 592
Setting up the configuration environment A.3 Preparing access via SSH Figure 71: PuTTY input screen In the Host Name (or IP address) field you enter the IP address of your device. The IP address (a.b.c.d) consists of 4 decimal numbers with values from to 255.
Setting up the configuration environment A.4 HTTPS certificate HTTPS certificate Your web browser establishes the connection to the device using the HTTPS protocol. The prerequisite is that you enable the HTTPS server function in theDevice Security > Management Access > Server dialog, HTTPS...
Setting up the configuration environment A.4 HTTPS certificate A.4.1 HTTPS certificate management A standard certificate according to X.509/PEM (Public Key Infrastructure) is required for encryption. In the default setting, a self-generated certificate is already present in the device. Open the Device Security >...
Setting up the configuration environment A.4 HTTPS certificate A.4.2 Access through HTTPS The default setting for HTTPS data connection is TCP port 443. If you change the number of the HTTPS port, then reboot the device or the HTTPS server. Thus the change becomes effective. Perform the following steps: Open the Device Security >...
B Appendix Literature references “Optische Übertragungstechnik in industrieller Praxis” Christoph Wrobel (ed.) Hüthig Buch Verlag Heidelberg ISBN 3-7785-2262-0 Hirschmann Manual “Basics of Industrial ETHERNET and TCP/IP” 280 710-834 “TCP/IP Illustrated”, Vol. 1 W.R. Stevens Addison Wesley 1994...
Hirschmann is continually working on improving and developing their software. Check regularly whether there is an updated version of the software that provides you with additional benefits. You find information and software downloads on the Hirschmann product pages on the Internet at www.hirschmann.com.
Appendix B.3 Management Information Base (MIB) Management Information Base (MIB) The Management Information Base (MIB) is designed in the form of an abstract tree structure. The branching points are the object classes. The "leaves" of the MIB are called generic object classes.
Page 599
Appendix B.3 Management Information Base (MIB) Example: The generic object class hm2PSState (OID = 1.3.6.1.4.1.248.11.11.1.1.1.1.2) is the power supply status. However, it is not possible to read description of the abstract information any value from this, as the system does not know which power supply is meant. Specifying the subidentifier maps this abstract information onto reality (instantiates it), thus identifying it as the operating status of power supply 2.
Page 600
7 udp 11 snmp 16 rmon 17 dot1dBridge 26 snmpDot3MauMGT Figure 73: Tree structure of the Hirschmann MIB A description of the MIB can be found on the product CD provided with the device. UM Config GRS Release 8.0 09/2019...
Page 602
Appendix B.4 List of RFCs RFC 2868 RADIUS Attributes for Tunnel Protocol Support RFC 2869 RADIUS Extensions RFC 2869bis RADIUS support for EAP RFC 2933 IGMP MIB RFC 3164 The BSD Syslog Protocol RFC 3376 IGMPv3 RFC 3410 Introduction and Applicability Statements for Internet Standard Management Framework RFC 3411 An Architecture for Describing Simple Network Management Protocol (SNMP)
Appendix B.6 Underlying IEC Norms Underlying IEC Norms IEC 62439 High availability automation networks MRP – Media Redundancy Protocol based on a ring topology UM Config GRS Release 8.0 09/2019...
Appendix B.7 Underlying ANSI Norms Underlying ANSI Norms ANSI/TIA-1057 Link Layer Discovery Protocol for Media Endpoint Devices, April 2006 UM Config GRS Release 8.0 09/2019...
Appendix B.8 Technical Data Technical Data Switching Size of the MAC address table 16384 (incl. static filters) Max. number of statically configured MAC address filters Max. number of MAC address filters learnable through IGMP Snooping Max. number of MAC address entries (MMRP) Number of priority queues 8 Queues...
Appendix B.9 Copyright of integrated Software Copyright of integrated Software The product contains, among other things, Open Source Software files developed by third parties and licensed under an Open Source Software license. You can find the license terms in the Graphical User Interface in the Help >...
Appendix B.10 Abbreviations used B.10 Abbreviations used Name of the external memory Access Control List BOOTP Bootstrap Protocol Command Line Interface DHCP Dynamic Host Configuration Protocol Forwarding Database Graphical User Interface HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure ICMP Internet Control Message Protocol IEEE...
The current manuals and operating instructions for Hirschmann products are available at doc.hirschmann.com. Hirschmann Competence Center The Hirschmann Competence Center is ahead of its competitors on three counts with its complete range of innovative services: Consulting incorporates comprehensive technical advice, from system evaluation through ...
Readers’ Comments E Readers’ Comments What is your opinion of this manual? We are constantly striving to provide as comprehensive a description of our product as possible, as well as important information to assist you in the operation of this product. Your comments and suggestions help us to further improve the quality of our documentation.
Page 616
Dear User, Please fill out and return this page as a fax to the number +49 (0)7127/14-1600 or per mail to Hirschmann Automation and Control GmbH Department 01RD-NT Stuttgarter Str. 45-51 72654 Neckartenzlingen Germany UM Config GRS Release 8.0 09/2019...
Page 617
Readers’ Comments UM Config GRS Release 8.0 09/2019...
Need help?
Do you have a question about the Greyhound GRS1020 and is the answer not in the manual?
Questions and answers