Pos: 2 /Do kum enta tion allge mein/Ein ban d/Einba nd Fro ntseit e - H and buch ; CI 2 017; mit D ocVaria blen (Stan dar d) @ 28 \mo d_1 486 4775 029 10_ 0.do cx @ 4053 88 @ @ 1
852-1322
Managed Switch; 8 Port Gb; MACsec
852-1328
Managed Switch; 6 Port Gb; 2FOC; MACsec
1.0.1
Pos: 3 /Alle Se rien (Allge meine Mo dule )/Rec htliches, Allgem eines/ Imp ress um f ür St anda rdh and büch er - allg . Anga ben , Ansch rifte n, T elefo nnu mm ern und E-M ail-Adr essen @ 3\ mo d_12 191 511 182 03_ 21.d ocx @ 210 60 @ @ 1
Page 1
Pos: 2 /Do kum enta tion allge mein/Ein ban d/Einba nd Fro ntseit e - H and buch ; CI 2 017; mit D ocVaria blen (Stan dar d) @ 28 \mo d_1 486 4775 029 10_ 0.do cx @ 4053 88 @ @ 1 852-1322 Managed Switch;...
Page 2
WAGO is a registered trademark of WAGO Verwaltungsgesellschaft mbH. === E nde der Liste für Tex tma rke Ein ban d_vo rne == = Manual 1.0.01...
Reproduction, translation, electronic and phototechnical filing/archiving (e.g., photocopying) as well as any amendments require the written consent of WAGO Kontakttechnik GmbH & Co. KG, Minden, Germany. Non-observance will involve the right to assert damage claims. Pos: 11. 3 /Dok ume ntati on all gem ein/Glie de rung sele ment e/- --Seit enwec hsel- -- @ 3\ mod_ 122 110 804 507 8_0. docx @ 21 810 @ @ 1 Manual 1.0.01...
Notes about this Documentation 852-1322/852-1328 Industrial Managed Switch Pos: 11. 4 /Alle Se rien (Allgem eine Mod ule) /Übe rschri ften /Eben e 2/Sy mbole - Üb ersc hrift 2 @ 13\ mod_ 135 106 804 240 8_2 1.doc x @ 1 052 70 @ 2 @ 1 Symbols Pos: 11.
Page 8
Notes about this Documentation 852-1322/852-1328 Industrial Managed Switch Additional Information: Refers to additional information which is not an integral part of this documentation (e.g., the Internet). Pos: 11. 6 /Dok ume ntati on all gem ein/Glie de rung sele ment e/- --Seit enwec hsel- -- @ 3\ mod_ 122 110 804 507 8_0. docx @ 21 810 @ @ 1 Manual 1.0.01...
2.1.1 Subject to Changes WAGO Kontakttechnik GmbH & Co. KG reserves the right to provide for any alterations or modifications. WAGO Kontakttechnik GmbH & Co. KG owns all rights arising from the granting of patents or from the legal protection of utility patents.
These modules contain no parts that can be serviced or repaired by the user. The following actions will result in the exclusion of liability on the part of WAGO Kontakttechnik GmbH & Co. KG: •...
For industrial use: only install in appropriate housings, cabinets or electrical operation rooms! WAGO's 852 Series ETHERNET Switches are certified to be used in residential and in industrial environments. If the latter, they should be considered as exposed operating components. Therefore, in industrial applications, only install these switches in lockable housings, cabinets or electrical operation rooms.
Page 13
Important Notes 852-1322/852-1328 Industrial Managed Switch Protect the components against materials having seeping and insulating properties! The components are not resistant to materials having seeping and insulating properties such as aerosols, silicones and triglycerides (found in some hand creams). If you cannot exclude that such materials will appear in the component environment, then install the components in an enclosure being resistant to the above-mentioned materials.
Page 14
Important Notes 852-1322/852-1328 Industrial Managed Switch Radio interference in residential areas This is a Class B device, and therefore suitable to be used also in residential areas without specific measures to prevent interference. Pos: 14. 15 /D okum ent ation allge mein/ Gliede run gsele me nte/ ---Sei tenwe chsel --- @ 3\ mod _12 211 080 450 78_ 0.docx @ 2 181 0 @ @ 1 Manual 1.0.01...
And because MACsec encryption is hardware-based, there is no nameable added latency. WAGO’s 852-1322/852-1328 is ideal for adding an extra layer of security in residential and industrial applications that require compact solutions while delivering high network performance up to 97 % of throughput guaranteed with no nameable additional latency.
Device Description 852-1322/852-1328 Industrial Managed Switch 3.1.2 Top View Figure 2: Top View of the Industrial Managed Switch Table 4: Legend for the Figure “Top View of the Industrial Managed Switch” Descrip- Meaning For Details see Section tion “Device Description” >...
Device Description 852-1322/852-1328 Industrial Managed Switch 3.2.3.1 10/100/100BASE-T-Ports The 10/100/1000BASE-T ports support networks speeds of 10 Mbit/s, 100 Mbit/s and 1000 Mbit/s and can be operated in half- and full-duplex transmission modes. These ports also provide automatic crossover detection (Auto-MDI/MDI- X), with plug-and-play capabilities.
Connect Devices 852-1322/852-1328 Industrial Managed Switch 100/1000Base-SX/LX Port, Fiber Optic (Only for SFP model) When connecting a fiber optic cable to a 100/1000Base-X port on the industrial managed switch, make sure to use the right connector type (LC) and SFP module.
Connect Devices 852-1322/852-1328 Industrial Managed Switch 10/100/1000BASE-T Ports The 10/100/1000BASE-T ports (RJ-45 ETHERNET ports) of the industrial managed switch support both autosensing and auto-negotiation. 1. Connect one end of the twisted pair cable of the type Category 3/5/5e to an available RJ-45 port on the industrial managed switch and the other end to the port of the selected network node.
Authentication Server: This server performs the actual authentication .We utilize RADIUS (Remote Authentication Dial-In User Service) as the authentication server. Authenticator: The Authenticator is a network device (i.e. the WAGO • Industrial managed switch) that acts as a proxy between the supplicant and the authentication server.
IEEE MAC security standard provides connectionless user data confidentiality, frame data integrity, and data origin authenticity. MACsec can establish point-to- point security on ETHERNET links between directly connected nodes. WAGO industrial managed switches support this security feature and can be used to transparently secure an IEEE 802 LAN connection to a peer device (such as another switch) that also supports the MACsec.
To open the WBM, launch a Web browser (e.g., Microsoft Edge or Mozilla Firefox or Google Chrome). Enter the IP address of the device (i.e. WAGO 852-1322 or 852-1328). Note that the default IP address is 192.168.1.254. While the device is booting up, it would send the GARP packets to the network.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch If this is the first time that your Web browser access the device, you may see a security warning page as show in Figure “Security Warning Page”. a. Please, click on the red box [Advanced] button and click on [Accept the Risk and Continue] button as shown in Figure “Security Warning...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch Figure 13: Start Page of WBM Select your desired page on the navigation bar at the top of the screen and clicking on corresponding tab on the left hand side of the screen.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch You can access the corresponding WBM pages via the links in the navigation bar: Table 16: Overview – Navigation Links and WBM Pages Navigation Links and WBM Pages [Information] System Information •...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch Login Failure If you failed to login, you will encounter an Error dialog as shown in Figure “Login Failure Dialog”. You will have two options or buttons to choose from which are [Forget it] or [Try again] buttons.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch Figure 16: Login Failure Dialog with only [Forget it] button If you click on the [Forget it] button, the device will randomly ask for a secure code of three characters. The three characters are randomly chosen from the security card.
Figure “Re-direction to Change Password Tab Page”. When you finished changing the new password, click on the [Submit] button. The system will prompt you with the WAGO login page to enter the new password as shown in Figure “WAGO Login Dialog after Resetting Password”.
To help users become familiar with the device, the System Information tab page provides important details of the WAGO’s industrial managed switch. This is also the main welcome screen once the user has logged in. The details make it easier to identify different switches connected to the network.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch 7.3.2 Legal Information This page has two tabs that are WAGO Licenses and Open Source Licenses. They list all information and terms about software license agreement. 7.3.2.1 WAGO Licenses Figure 22: WBM “Information” Page – “Legal Information” – “WAGO Licenses” Tab 7.3.2.2...
Configuration 7.4.1 System Settings Users can assign device’s details to WAGO’s industrial managed switch on this System Settings tab page. By entering unique and relevant system information such as device name, this information can help identifying one specific switch among all other devices in the network. Please click on the [Submit] button to update the information on the switch.
Network Settings In this tab page, users may modify network settings of Internet Protocol version 4 (IPv4) for the WAGO industrial managed switch. The Network Settings tab page is depicted in Figure “WBM “Configuration” Page – “Network Settings” Tab”. Inside the Network Settings box, the user can enable Dynamic Host Configuration Protocol (DHCP) client inside the switch by checking the DHCP box so that the switch can obtain IP address’...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch The description of each parameter and its default value in Network Settings tab page are summarized in Table “WBM “Configuration” Page – “Network Settings” Tab”. Table 19: WBM “Configuration” Page – “System Settings” Tab...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch 7.4.3 Port Settings The user can control the state of each port by either selecting Enable or Disable from the dropdown list as shown in Figure “WBM “Configuration” Page – “Port Settings” Tab”. After finishing any change on the port setting, please click on the [Submit] button.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch The following instruction is applicable for WAGO 852-1328 model only. WAGO 852-1328 model supports two 100/1000BASE-X fiber optic SFP (Small Form-factor Pluggable) slots on the box, which are Port 7 and Port 8. Therefore, the tab in Figure “WBM “Configuration”...
Factory Default Description Ports Fiber port number on the industrial managed switch. For WAGO 852-1328 only Port 7 and Port 8 are fiber ports. The user can click on the dropdown list to select either Port 7 or Port 8. Speed...
7.4.4 Password User name “admin” and password “wago” are set for the device when it is manufactured. The user can modify the device’s user name and password to ensure overall system security. The user name and password can be updated in this tab as shown in Figure “WBM “Configuration”...
7.4.5 Clock WAGO 852-1322 and 852-1328 have internal date and clock which can be set manually as shown in Figure “WBM “Configuration” Page – “Clock” Tab”. The user has options to configure Date on device, Time on device, and Timezone manually.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch Table 23: WBM “Configuration” Page – “Clock” Tab Parameters Factory Default Description Date on Local 01.01.2017 This field displays the current date on the device. Device The user can set a new date for the device by entering the new date in the format of DD.MM.YYYY.
SNMPv3 is enabled. Once SNMPv3 is enabled, the “Communities” of SNMPv1 and v2c have to be unique and cannot be shared. WAGO’s industrial managed switch support SNMP and can be configured in this tab page as shown in Figure “WBM “Diagnostics” Page – “SNMP” Tab”. The...
Note that this simple authentication is considered a weak security mechanism. It is recommended to use SNMP V3, if possible. There are two levels of authentications or permission type in WAGO 852-1322 and 852-1328, which are read-all-only or read-write-all. For example, in our default setting as shown in Figure “SNMP V1/V2c Community Setting”, an SNMP...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch The SNMP V1/V2c Community Setting as shown in Figure “SNMP V1/V2c Community Setting” allows the user to set a community string with a type of permission for authentication or remove existing community string from the list by clicking on the [Remove] button at the end of each community string item.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch 7.5.1.3 SNMP Trap The industrial managed switch provides a trap function that allows the switch to send notification to agents with SNMP traps or inform. The notifications are based on the status changes of the switch such as link up, link down, warm start, and cold start.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch Table 26: WBM “Diagnostics” Page – “SNMP” Tab, SNMP V1/V2c Community Setting Parameters Factory Default Description Trap Mode Trap Choose between Trap mode or Inform mode. Trap server IP Null Enter the IP address of your Trap Server.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch The users can view existing SNMP V3 users’ setting on the list at the upper part of SNMP V3 Auth. Setting as shown in Figure “WBM “Diagnostics” Page – “SNMP Tab”, SNMP V3 Auth.”. The list provides information about user Name, Authentication type, and Data Encryption.
852-1322/852-1328 Industrial Managed Switch 7.5.2 Modbus TCP WAGO’s industrial managed switch can be connected to a Modbus network using Modbus TCP/IP protocol which is an industrial network protocol for controlling automation equipment. The switch’s status and settings can be read through Modbus TCP/IP protocol which operates similar to the Management Information Base (MIB) browser.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch To set a Modbus Address for the industrial managed switch, choose a number from 1 to 247 and enter it in the Modbus Address field. Click [Submit] button to configure it. To enable the Modbus protocol on the industrial managed switch,...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch 7.5.3 System Log 7.5.3.1 Setting The user can enable how the system log (syslog) will be saved and/or delivered to other system in the System Log Setting tab page as show in Figure” WBM “Diagnostics”...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch Table 29: WBM “Diagnostics” Page – “System Log” – “Setting” Tab Parameters Factory Default Description Checked: Saving log event into flash memory. The flash Enable Log Uncheck Event to Flash memory can keep the log event files even if the switch is rebooted.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch button is only visible if cyclic refresh is enabled. The user can set the duration of automatic refresh cycle in seconds by entering the number in the corresponding field. Note that the log records are sorted by date and time Table “WBM Page,...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch Table 30: WBM Page, “Diagnostics” – “System Log” – “Log” Tab Parameters Factory Default Description Read all Selected Activate the display of all log messages. notifications Read only the Activate the display of only the last n messages. The user can last n also specify the number of messages to be displayed.
Monitor” Tab”. It depicts the actual connecting status for all available ports of the WAGO industrial managed switch in this page. The user can see that status whether a port is connected (Link Up/ Green color) or disconnected (Link Down/ Yellow color) or disabled (Black color).
Static SAK Setting Static secure association key (SAK) setting web page is shown in Figure “WBM Page, “Security” – “Static SAK” Tab”. Note that WAGO 852-1322 and 852-1328 support MACSec protocol on port number 7 and 8. To enable secure association mode on industrial managed switch’s port(s), first select one of the two ports from...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch The selected port(s) will use the given static SAK as the secure key to secure all the traffic. If any two switches have the same SCI and SAK, they can securely communicate. If there is any non-secured traffic that uses incorrect SCI and SAK, the traffic will be dropped by the ingress port of the switch.
To disable this secure code mechanism, uncheck the Enable box and click [Submit] button as shown in Figure “WBM “Security” Page – “Secure Code” Tab”. Please refer the WAGO login in Section „Login Failure“ for more detail. Figure 41: Example of Secure Codes Figure 42: WBM “Security”...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch 7.6.3 IEEE 802.1X The 802 1X tab under the Security page is subdivided into three sub tabs which Setting, Parameters Setting, and Port Setting as shown below Figure 43: WBM “Security” Page – “802.1X” Tab Manual 1.0.01...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch 7.6.3.1 IEEE 802 1X Settings The 802 1X security mechanism can be enabled in this tab page as shown in Figure “WBM “Security” Page – “802.1X” – “Setting” Tab. When the user checks...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch Table 34: WBM “Security” Page – “802.1X” – “Setting” Tab Parameters Factory Default Description 802.1x Disabled Choose to Enable/Disable 802.1X for all ports Radius Server IP 0.0.0.0 Set an IP address of the RADIUS server...
The user can configure the 802 1x security mechanism on each port of the WAGO secure switch as shown in Figure “WBM “Security” Page – “802.1X” – “802.1X Port Setting” Tab”. Each port can be set for any of the four authorization...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch Figure 46: WBM “Security” Page – “802.1X” – “802.1X Port Setting” Tab The webpage’s representation is divided into two parts. The upper part of the webpage allows the setting of port(s) to be changed, while the lower part of the...
The user can update the device firmware via web interface as shown in Figure “WBM “Maintenance” Page – “Firmware Upgrade” Tab”. To update the firmware, the user can download a new firmware from WAGO’s website and save it in a local computer. Then, the users can click [Browse…] button and choose the firmware file that is already downloaded.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch 7.7.2 Reset to Default When the switch is not working properly, the user can reset it back to the original factory default setting by clicking on the [Reset] button as shown in Figure “WBM “Maintenance”...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch 7.7.3 Backup/Restore The Backup/Restore tab page allow the user to back up the current configuration of the switch to a file, save the configuration file on the local PC, or upload a new configuration from a previously saved configuration file.
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch 7.7.4 Reboot A simple reboot function is provided in this tab page requiring only one single click on the [Reboot] button as shown in Figure “WBM “Maintenance” Page – “Reboot” Tab”. Figure 51: WBM “Maintenance” Page – “Reboot” Tab Manual 1.0.01...
Configuration in the WBM 852-1322/852-1328 Industrial Managed Switch 7.7.5 Logout For security best practice, the users should logout of the device if they no longer need to modify the system configuration. The logout process is highly recommended to ensure that the correct user settings will not be changed easily by unauthorized access or user.
Appendix 852-1322/852-1328 Industrial Managed Switch Appendix Modbus Memory Map Table 37: Modbus-Register Address Data Type Read/Write Description System Information 0x0020 (32) 1 word Firmware Version = Ex: Version = 1.02 Word 0 Hi byte = 0x01 Word 0 Lo byte = 0x02...
Appendix 852-1322/852-1328 Industrial Managed Switch Table 37: Modbus-Register Address Data Type Read/Write Description Port Status 0x1000 5 words Port Status (4096) 0x0000: Disabled 0x0001: Enabled Word 0 Hi byte = Port 1 Status Word 0 Lo byte = Port 2 Status...