-
Contents
-
Table of Contents
-
Bookmarks
Quick Links
Reference Manual
Web-based Interface
Industrial ETHERNET Switch
RS20
RM Web L2B
Technical Support
Release 5.0 04/09
HAC-Support@hirschmann.de
Related Manuals for Hirschmann RS20
Summary of Contents for Hirschmann RS20
-
Page 1
Reference Manual Web-based Interface Industrial ETHERNET Switch RS20 RM Web L2B Technical Support Release 5.0 04/09 HAC-Support@hirschmann.de… -
Page 2
In addition, we refer to the conditions of use specified in the license contract. You can find the current version of this manual on the Internet, on the Hirschmann product pages (www.hirschmann-ac.de). Printed in Germany Hirschmann Automation and Control GmbH Stuttgarter Str. -
Page 3: Table Of Contents
Content Content About this Manual Opening the Web-based Interface Basic Settings System Network Software 1.3.1 View the software versions present on the device 1.3.2 Update via file selection 1.3.3 tftp update Port configuration Load/Save 1.5.1 Loading the configuration 1.5.2 Saving the configuration 1.5.3 URL 1.5.4 Deleting a configuration 1.5.5 Using the AutoConfiguration Adapter (ACA)
-
Page 4
Content Switching Switching Global Filters for MAC addresses Multicasts 4.3.1 Global Configuration 4.3.2 Unknown Multicasts 4.3.3 Known Multicasts 4.3.4 Settings per port (table) QoS/Priority Global Port configuration 5.2.1 Entering the port priority 802.1D/p Mapping IP DSCP mapping Redundancy Ring Redundancy 6.1.1 Configuring the HIPER-Ring 6.1.2 Configuring the MRP-Ring Diagnosis… -
Page 5
Content 7.6.3 Device status 7.6.4 Configuring traps Alarms (Traps) Report Self Test Advanced DHCP Relay Agent Appendix Technical Data List of RFCs Based specifications and standards Copyright of integrated software A.4.1 Bouncy Castle Crypto APIs (Java) A.4.2 LVL7 Systems, Inc. Readers’… -
Page 6
Content RM Web L2B Release 5.0 04/09… -
Page 7: About This Manual
About this Manual About this Manual The «Web-based Interface» reference manual contains detailed information on using the Web interface to operate the individual functions of the device. The «Command Line Interface» reference manual contains detailed informa- tion on using the Command Line Interface to operate the individual functions of the device.
-
Page 8
About this Manual RM Web L2B Release 5.0 04/09… -
Page 9: Key
The designations used in this manual have the following meanings: List Work step Subheading Link Indicates a cross-reference with a stored link Note: A note emphasizes an important fact or draws your attention to a dependency. ASCII representation in user interface Courier Symbols used: Router with firewall…
-
Page 10
A random computer Configuration Computer Server PLC — Programmable logic controller I/O — Robot RM Web L2B Release 5.0 04/09… -
Page 11: Opening The Web-Based Interface
Opening the Web-based Interface Opening the Web-based Interface To open the Web-based interface, you will need a Web browser (a program that can read hypertext), for example Mozilla Firefox version 1 or later, or Mi- crosoft Internet Explorer version 6 or later. Note: The Web-based interface uses the Java software version 5 or later (Ja- va™…
-
Page 12
Opening the Web-based Interface Establish the connection by entering the IP address of the device which you want to administer via the Web-based management in the address field of the Web browser. Enter the address in the following form: http://xxx.xxx.xxx.xxx The login window appears on the screen. -
Page 13
Opening the Web-based Interface Note: The changes you make in the dialogs are copied to the device when you click on “Set”. Click on “Load” to update the display. Note: You can block your access to the device by entering an incorrect con- figuration. -
Page 14
Opening the Web-based Interface The menu section displays the menu items. By placing the mouse pointer in the menu section and clicking the right mouse button you can use “Back” to return to a menu item you have already selected, or “Forward” to jump to a menu item you have already selected. -
Page 15: Basic Settings
Basic Settings 1 Basic Settings The basic settings menu contains the dialogs, displays and tables for basic settings configuration: System Network Software Port configuration Load/Save Restart RM Web L2B Release 5.0 04/09…
-
Page 16: System
Basic Settings 1.1 System 1.1 System The „System“ submenu in the basic settings menu is structured as follows: Device status System data Device view Reloading data Figure 4: «System» submenu Device status This section of the website provides information on the device status and the alarm state of the device.
-
Page 17
Basic Settings 1.1 System Figure 5: Device status and alarm display 1 — Symbol indicates the Device Status 2 — Cause of the oldest existing alarm 3 — Time of the oldest existing alarm System data This area of the website displays the system parameters of the device. Here you can change, –… -
Page 18
Basic Settings 1.1 System 1 2 3 Figure 6: Availability of the media modules 1 — Module present 2 — Empty slot 3 — Module was removed. Click this check mark to define this slot as an empty slot. Device view The device view shows the device with the current configuration. -
Page 19
Basic Settings 1.1 System Figure 7: Device view Meaning of the symbols: The port (10, 100 Mbit/s, 1, 10 Gbit/s) is enabled and the connection is OK. The port is disabled by the management and it has a connection. The port is disabled by the management and it has no connection. -
Page 20
Basic Settings 1.1 System Figure 8: Time until update RM Web L2B Release 5.0 04/09… -
Page 21: Network
Basic Settings 1.2 Network 1.2 Network With the Basic Settings:Network dialog you define the source from which the device gets its IP parameters after starting, and you assign the IP parameters and configure the HiDiscovery access. Figure 9: Network parameters dialog Under “Mode”, you enter where the device gets its IP parameters: In the BOOTP mode, the configuration is via a BOOTP or DHCP server on the basis of the MAC address of the device…
-
Page 22
Basic Settings 1.2 Network The HiDiscovery protocol allows you to allocate an IP address to the de- vice on the basis of its MAC address. Activate the HiDiscovery protocol if you want to allocate an IP address to the device from your PC with the en- closed HiDiscovery software (setting on delivery: operation “on”, access “read-write”). -
Page 23: Software
Basic Settings 1.3 Software 1.3 Software The software dialog enables you to view the software versions present on the device and to carry out a software update of the device via tftp or file selec- tion. Figure 10: Software dialog 1.3.1 View the software versions present on the device You can view:…
-
Page 24: Update Via File Selection
Basic Settings 1.3 Software 1.3.2 Update via file selection For an update via a file selection window, the device software must be on a data carrier that you can access via your PC. In the file selection frame, click on “…”. In the file selection window, select the device software (device.bin) and click on “Open”.
-
Page 25: Port Configuration
Basic Settings 1.4 Port configuration 1.4 Port configuration This configuration table allows you to configure every port of the device. In the “Name” column, you can enter a name for every port. In the “Ports on” column, you can switch on the port by selecting it here. In the “Propagate connection error”…
-
Page 26
Basic Settings 1.4 Port configuration Note: The following settings are required for the ring ports in a HIPER-Ring: Bit rate 100 Mbit/s 1000 Mbit/s Autonegotiation (automatic configuration) Port Duplex Full – Table 2: Port settings for ring ports Figure 11: Port Configuration Table dialog RM Web L2B Release 5.0 04/09… -
Page 27: Load/Save
Basic Settings 1.5 Load/Save 1.5 Load/Save With this dialog you can: load a configuration, save a configuration, enter a URL, restore the delivery configuration, use the ACA for configuring, Figure 12: Load/Save dialog RM Web L2B Release 5.0 04/09…
-
Page 28: Loading The Configuration
Basic Settings 1.5 Load/Save 1.5.1 Loading the configuration In the «Load» frame, you have the option to load a configuration saved on the device, load a configuration stored under the specified URL, load a configuration stored on the specified URL and save it on the device, load a configuration saved on a PC in binary format.
-
Page 29: Url
Basic Settings 1.5 Load/Save If you change the current configuration (for example, by switching a port off), the load/save symbol in the menu area changes from a disk symbol into a yellow triangle. After saving the configuration, the load/save symbol changes back into the disk symbol.
-
Page 30: Using The Autoconfiguration Adapter (Aca)
Basic Settings 1.5 Load/Save 1.5.5 Using the AutoConfiguration Adapter (ACA) The ACAs are devices for saving the configuration data of a device. In the case of a device failure, an ACA enables the configuration data to be trans- ferred easily by means of a substitute device of the same type. Note: If you replace a device with DIP switches, please ensure that the DIP switch settings are identical.
-
Page 31
Basic Settings 1.5 Load/Save Status Meaning notPresent No ACA present. The configuration data from the ACA and the device are consistent. removed The ACA has been removed after booting. notInSync The configuration data from the ACA and the device are not consistent. outOfMemory The local configuration data is too extensive to be stored on the ACA. -
Page 32: Restart
Basic Settings 1.6 Restart 1.6 Restart With this dialog you can: Cold start the device. In a cold start, the device reloads the software from the non-volatile memory, restarts, and performs a self-test. Warm start the device. In this case the device checks the software in the volatile memory and restarts.
-
Page 33
Basic Settings 1.6 Restart Figure 13: Restart dialog RM Web L2B Release 5.0 04/09… -
Page 34
Basic Settings 1.6 Restart RM Web L2B Release 5.0 04/09… -
Page 35: Security
Security 2 Security The security menu contains the dialogs, displays and tables for configuring the security settings: Password SNMPv1/v2 access Web access RM Web L2B Release 5.0 04/09…
-
Page 36: Password / Snmp Access
Security 2.1 Password / SNMP Access 2.1 Password / SNMP Access This dialog gives you the option of changing the read and read/write pass- words for access to the device via the Web-based interface/CLI/SNMP. Please note that passwords are case-sensitive. For security reasons, the read password and the read/write password should not be identical.
-
Page 37
Security 2.1 Password / SNMP Access Note: For security reasons, the passwords are not displayed. Make a note of every change! You cannot access the device without a valid password! Note: For security reasons, SNMP version 3 encrypts the password. With the “SNMPv1”… -
Page 38: Snmpv1/V2 Access Settings
Security 2.2 SNMPv1/v2 Access Settings 2.2 SNMPv1/v2 Access Settings With this dialog you can select access via SNMPv1 or SNMPv2. In the state on delivery, both protocols are activated. You can thus manage the device with HiVision and communicate with earlier versions of SNMP.
-
Page 39
Security 2.2 SNMPv1/v2 Access Settings Binary notation of the mask 255.255.255.240: 1111 1111 1111 1111 1111 1111 1111 0000 mask bits Binary notation of the IP address 172.168.23.20: 1010 1100 1010 1000 0001 0111 0001 0100 The binary representation of the mask with the IP address yields an address range of: 1010 1100 1010 1000 0001 0111 0001 0000 bis… -
Page 40
Security 2.2 SNMPv1/v2 Access Settings Figure 15: SNMPv1/v2 access dialog RM Web L2B Release 5.0 04/09… -
Page 41: Web Access
Security 2.3 Web Access 2.3 Web Access This dialog allows you to switch off the Web server on the device. Figure 16: Web access dialog 2.3.1 Description of Web access The Web server of the device allows you to configure the device by using the Web-based interface.
-
Page 42
Security 2.3 Web Access After the Web server has been switched off, it is no longer possible to login via a Web browser. The login in the open browser window remains active. Note: The Command Line Interface and this dialog allow you to reactivate the Telnet server. -
Page 43: Time
Time 3 Time With this dialog you can enter time-related settings independently of the time synchronization protocol selected. The “IEEE/SNTP time” displays the time with reference to Universal Time Coordinated (UTC). The time displayed is the same worldwide. Local time differences are not taken into account.
-
Page 44
Time The PTP reference clock gets its time either via SNTP or from its own clock. All other clocks favor using the PTP time as the source. Figure 17: Time dialog RM Web L2B Release 5.0 04/09… -
Page 45: Sntp Configuration
Time 3.1 SNTP configuration 3.1 SNTP configuration The Simple Network Time Protocol (SNTP) enables you to synchronize the system time in your network. The device supports the SNTP Server and SNTP Client functions. The SNTP server makes the UTC (Universal Time Coordinated) available. UTC is the time relating to the coordinated world time measurement.
-
Page 46
Time 3.1 SNTP configuration Parameter Meaning Anycast destination ad- Enter the IP address to which the SNTP server on the device sends the dress SNTP packets. VLAN ID Enter the VLAN to which the device may periodically send SNTP packets. Anycast send interval Enter the time interval at which the device sends SNTP packets (valid entries: 1 second to 3600 seconds, on delivery: 120 seconds). -
Page 47
Time 3.1 SNTP configuration Note: If you are receiving the system time from an external/redundant server address, you do not accept any SNTP Broadcasts (see “Accept SNTP Broadcasts”). Otherwise you can never distinguish whether the device is displaying the time from the server entered, or that of an SNTP Broadcast packet. -
Page 48: Ptp (Ieee 1588)
Time 3.2 PTP (IEEE 1588) 3.2 PTP (IEEE 1588) Precise time management is required for running time-critical applications via a LAN. The IEEE 1588 standard with the Precision Time Protocol (PTP) describes a procedure that assumes one clock is the most accurate and thus enables precise synchronization of all clocks in an LAN.
-
Page 49: Switching
Switching 4 Switching The switching menu contains the dialogs, displays and tables for configuring the switching settings: Switching Global Filters for MAC Addresses Rate Limiter Multicasts RM Web L2B Release 5.0 04/09…
-
Page 50: Switching Global
Switching 4.1 Switching Global 4.1 Switching Global Variable Meaning Possible values State on delivery MAC address Display the MAC address of the device Aging Time (s) Enter the Aging Time for all dynamic 15-3825 entries in seconds. Table 9: Switching:Global dialog Figure 19: Switching Global RM Web L2B Release 5.0 04/09…
-
Page 51: Filters For Mac Addresses
Switching 4.2 Filters for MAC addresses 4.2 Filters for MAC addresses The filter table for MAC addresses is used to display filters. Each row repre- sents one filter. Filters specify the way in which data packets are sent. They are created automatically by the device (learned status). Data packets whose destination address is entered in the table are sent from the receiving port to the ports marked in the table.
-
Page 52: Multicasts
Switching 4.3 Multicasts 4.3 Multicasts With this dialog you can: activate/deactivate the IGMP protocol, configure the IGMP protocol globally and per port. Figure 21: Multicasts dialog 4.3.1 Global Configuration In this frame you can: activate/deactivate the IGMP protocol. RM Web L2B Release 5.0 04/09…
-
Page 53: Unknown Multicasts
Switching 4.3 Multicasts Parameter Meaning Default setting IGMP Snooping Activate IGMP Snooping globally for the entire device. deselected disabled Deactivate IGMP Snooping globally for the entire device. selected If IGMP Snooping is switched off, then the device does not evaluate Query and Report packets received, and it sends (floods) received data packets with a Multi- cast address as the destination address to all ports.
-
Page 54: Known Multicasts
Switching 4.3 Multicasts 4.3.3 Known Multicasts In this frame you define how the device sends packets with a known MAC/IP Multicast address that was learned through IGMP Snooping. Prerequisite: In the Switching:Multicasts:Global Settings dialog, the IGMP Snooping mode is selected. Parameter Meaning Value range…
-
Page 55
Switching 4.3 Multicasts Parameter Meaning Value range Default setting Module Module number for modular devices, otherwise 1. Port Port to which this entry applies. IGMP on Switch IGMP on/off for each port. on/off Switching IGMP off at a port prevents registration for this port. -
Page 56
Switching 4.3 Multicasts Parameter Meaning Value range Default setting Static Query Port The device sends IGMP report mes- enable, disable sages to the ports at which it receives disable IGMP queries (default setting). This column allows you to also send IGMP report messages to other selected ports (enable). -
Page 57: Qos/Priority
QoS/Priority 5 QoS/Priority The device enables you to set how it evaluates the QoS/prioritizing information of incoming data packets: VLAN priority based on IEEE 802.1Q/ 802.1D (Layer 2) Type of Service (ToS) or DiffServ (DSCP) for IP packets (Layer 3) which QoS/prioritizing information it writes to outgoing data packets (e.g.
-
Page 58: Global
QoS/Priority 5.1 Global 5.1 Global With this dialog you can: enter the IP-DSCP value for management packets in the range 0 to 63 (default setting: 0 (be/cs0)). In order for you to have full access to the management of the device, even when there is a high network load, the device enables you to prioritize management packets.
-
Page 59
QoS/Priority 5.1 Global the IP packets if the packets are to be sent with a VLAN tag. Based on the traffic class to which the IP packet was assigned (see above), the device assigns the new VLAN priority to the IP packet in accordance with table Example: Received IP packet with a DSCP value of 32 (cs4) is… -
Page 60: Port Configuration
QoS/Priority 5.2 Port configuration 5.2 Port configuration This dialog allows you to configure the ports. You can: assign a port priority to a port, Parameter Meaning Module Module of the device on which the port is located. Port Port to which this entry applies. Port priority Enter the port priority.
-
Page 61: Entering The Port Priority
QoS/Priority 5.2 Port configuration 5.2.1 Entering the port priority Double-click on a cell in the “Port priority” column and enter the priority (0- According to the priority entered, the device assigns the data packets that it receives at this port to a traffic class (see table 16).
-
Page 62: D/P Mapping
QoS/Priority 5.3 802.1D/p Mapping 5.3 802.1D/p Mapping The 802.1D/p mapping table allows you to assign a traffic class to every VLAN priority. Figure 24: 802.1D/p mapping table Enter the desired value from 0 to 3 in the Traffic Class field for every VLAN priority.
-
Page 63
QoS/Priority 5.3 802.1D/p Mapping VLAN Traffic class IEEE 802.1D traffic type priority (default setting) Best effort (default) Background Standard Excellent effort (business critical) Controlled load (streaming multimedia) Video, less than 100 milliseconds of latency and jitter Voice, less than 10 milliseconds of latency and jitter Network control reserved traffic Table 17: Assigning the VLAN priority to the four traffic classes Note: Network protocols and redundancy mechanisms use the highest traffic… -
Page 64: Ip Dscp Mapping
QoS/Priority 5.4 IP DSCP mapping 5.4 IP DSCP mapping The IP DSCP mapping table allows you to assign a traffic class to every DSCP value. Enter the desired value from 0 to 3 in the Traffic Class field for every DSCP value (0-63).
-
Page 65
QoS/Priority 5.4 IP DSCP mapping Default Forwarding/Best Effort: No particular prioritizing. DSCP value DSCP name Traffic class (default setting) Best Effort /CS0 9,11,13,15 10,12,14 AF11,AF12,AF13 17,19,21,23 18,20,22 AF21,AF22,AF23 25,27,29,31 26,28,30 AF31,AF32,AF33 33,35,37,39 34,36,38 AF41,AF42,AF43 41,42,43,44,45,47 49-55 57-63 Table 18: Mapping the DSCP values onto the traffic classes RM Web L2B Release 5.0 04/09… -
Page 66
QoS/Priority 5.4 IP DSCP mapping RM Web L2B Release 5.0 04/09… -
Page 67: Redundancy
Redundancy 6 Redundancy Under Redundancy you will find all the dialogs and views for configuring and monitoring the redundancy function: Ring Redundancy RM Web L2B Release 5.0 04/09…
-
Page 68: Ring Redundancy
Within a HIPER-Ring, you can use any combination of the following devices: – RS1 – RS2-./. – RS2-16M – RS2-4R – RS20, RS30, RS40 – RSR20, RSR30 – OCTOPUS – MICE – MS20, MS30 – Power MICE – MACH 100 –…
-
Page 69
Redundancy 6.1 Ring Redundancy Enable/disable the Ring Manager function. Receive Ring information. Delete the Ring Redundancy. Note: Enabled Ring Redundancy methods on a device are mutually exclu- sive at any one time. When changing to another Ring Redundancy method, deactivate the function for the time being. Parameter Meaning Version… -
Page 70: Configuring The Hiper-Ring
Redundancy 6.1 Ring Redundancy 6.1.1 Configuring the HIPER-Ring For the ring ports, select the following basic settings in the Basic Set- tings:Port Configuration dialog: Bit rate 100 Mbit/s 1000 Mbit/s Autonegotiation (automatic configuration) Port Duplex Full – Table 20: Port settings for ring ports Note: Configure all the devices of the HIPER-Ring individually.
-
Page 71: Configuring The Mrp-Ring
Otherwise you activate the advanced Manager mode. (Ring Manag- Note: All Hirschmann devices that support the MRP-Ring also support the ad- vanced mode. Operation When you have configured all the parameters for the MRP-Ring, you switch the operation on here.
-
Page 72
Redundancy 6.1 Ring Redundancy Parameter Meaning VLAN ID If you have configured VLANs, you select VLAN ID 0 here if you do not want to assign the MRP-Ring configuration to a VLAN. Note the VLAN configuration of the ring ports: Select for VLAN ID 1 and VLAN membership U in the static VLAN table for the ring ports. -
Page 73: Diagnosis
Diagnosis 7 Diagnosis The diagnosis menu contains the following tables and dialogs: Event Log Ports (statistics, utilization, SFP modules) Topology Discovery Port Mirroring Device Status Signal Contact Alarms (Traps) Report (log file, system information) IP Address Conflict Detection Self Test In service situations, they provide the technician with the necessary informa- tion for diagnosis.
-
Page 74: Event Log
Diagnosis 7.1 Event log 7.1 Event log The table under Event Log lists all the events with a time stamp. The «Delete» button allows you to delete the contents of the Event Log window. Figure 26: Event log table RM Web L2B Release 5.0 04/09…
-
Page 75: Ports
Diagnosis 7.2 Ports 7.2 Ports The port menu contains displays and tables for the individual ports: Statistics table Utilization SFP Modules 7.2.1 Statistics table This table shows you the contents of various event counters. In the Restart menu item, you can reset all the event counters to zero using «Warm start», «Cold start»…
-
Page 76: Utilization
Diagnosis 7.2 Ports 7.2.2 Utilization This table displays the network load of the individual ports. In the “Upper Threshold[%]” column you enter the top threshold value for net- work load. If this threshold value is exceeded, the device sets a check mark in the “Alarm”…
-
Page 77: Sfp Modules
Diagnosis 7.2 Ports 7.2.3 SFP modules The SFP status display allows you to look at the current SFP module connec- tions and their properties. The properties include: Parameter Meaning Module Module of the device on which the port is located. Port Port to which this entry applies.
-
Page 78: Topology Discovery
Diagnosis 7.3 Topology Discovery 7.3 Topology Discovery This dialog allows you to switch on/off the topology discovery function (LL- DP). The topology table shows you the collected information for neighboring devices. This information enables the network management station to map the structure of your network.
-
Page 79
Diagnosis 7.3 Topology Discovery devices without active topology discovery function are connected to a port, the topology table hides the devices without active topology discovery. only devices without active topology discovery are connected to a port, the table will contain one line for this port to represent all devices. This line contains the number of connected devices MAC addresses of devices that the topology table hides for the sake of clarity, are located in the address table (FDB),… -
Page 80: Port Mirroring
Diagnosis 7.4 Port Mirroring 7.4 Port Mirroring This dialog allows you to configure and activate the port mirroring function of the device. In port mirroring, the valid data packets of one port, the source port, are copied to another, the destination port. The data traffic at the source port is not influenced by port mirroring.
-
Page 81
Diagnosis 7.4 Port Mirroring Figure 31: Port Mirroring dialog RM Web L2B Release 5.0 04/09… -
Page 82: Device Status
Diagnosis 7.5 Device Status 7.5 Device Status The device status provides an overview of the overall condition of the device. Many process visualization systems record the device status for a device in order to present its condition in graphic form. Figure 32: Device State dialog (for power MICE) In the «Monitoring»…
-
Page 83
Diagnosis 7.5 Device Status The events which can be selected are: Name Meaning Power supply … Monitor/ignore supply voltage(s). Temperature Monitor/ignore temperature thresholds set (see on page „System“) temperatures that are too high/too low ACA removal Monitor/ignore the removal of the ACA. Connection error Monitor/ignore the defective link status of at least one port. -
Page 84: Signal Contact
Diagnosis 7.6 Signal contact 7.6 Signal contact The signal contacts are used for controlling external devices by manually setting the signal contacts, monitoring the functions of the device, reporting the device state of the device. 7.6.1 Manual setting Select the tab page «Alarm 1» or «Alarm 2» (for devices with two signal contacts).
-
Page 85
Diagnosis 7.6 Signal contact In the “Mode Signal contact” field, you select the “Monitoring correct op- eration” mode. In this mode the signal contacts monitor the functions of the device, thus enabling remote diagnosis. A break in contact is reported via the potential-free signal contact (relay contact, closed circuit): Voltage supply 1/2 failure or continuous device malfunction (internal volt- age). -
Page 86: Device Status
Diagnosis 7.6 Signal contact 7.6.3 Device status Select the tab page “Alarm 1” or “Alarm 2” (for devices with two signal contacts). In the “Mode Signal Contact” field, you select the “Device status” mode. In this mode, the signal contact is used to monitor the status of the device (see on page 82 „Device Status“)
-
Page 87: Alarms (Traps)
Diagnosis 7.7 Alarms (Traps) 7.7 Alarms (Traps) This dialog allows you to determine which events trigger an alarm (trap) and where these alarms should be sent. Select „Create entry“. In the „Address“ column, enter the IP address of the management station to which the traps should be sent.
-
Page 88
Diagnosis 7.7 Alarms (Traps) Figure 34: Alarms dialog RM Web L2B Release 5.0 04/09… -
Page 89: Report
Diagnosis 7.8 Report 7.8 Report The following reports are available for the diagnostics: file. The log file is an HTML file in which the device writes all the important de- vice-internal events. System information. The system information is an HTML file containing all system-relevant da- RM Web L2B Release 5.0 04/09…
-
Page 90: Self Test
Diagnosis 7.9 Self Test 7.9 Self Test With this dialog you can: activate/deactivate the RAM test for a cold start of the device. Deactivat- ing the RAM test shortens the booting time for a cold start of the device. allow or prevent a restart due to an undefined software state. Figure 35: Self-test dialog RM Web L2B Release 5.0 04/09…
-
Page 91: Advanced
Advanced 8 Advanced The menu contains the dialogs, displays and tables for: DHCP Relay Agent RM Web L2B Release 5.0 04/09…
-
Page 92: Dhcp Relay Agent
This results in the entry for the “Hardware address” in the DHCP server: B306000001000101000600806300061E In the “Option 82 on” column, you can switch this function on/off for each port. In the “Hirschmann Device” column, you mark the ports to which a Hir- schmann device is connected. RM Web L2B Release 5.0 04/09…
-
Page 93
Advanced 8.1 DHCP Relay Agent Figure 36: DHCP Relay Agent dialog RM Web L2B Release 5.0 04/09… -
Page 94
Advanced 8.1 DHCP Relay Agent RM Web L2B Release 5.0 04/09… -
Page 95: A Appendix
Appendix A Appendix RM Web L2B Release 5.0 04/09…
-
Page 96: Technical Data
Appendix A.1 Technical Data A.1 Technical Data Switching Size of MAC address table 8000 (incl. static filters) Max. number of statically configured MAC address filters Max. number of MAC address filters learnable via GMRP/IGMP Snooping Max. length of over-long packets 1632 (from 03.0.00) RM Web L2B…
-
Page 97: List Of Rfcs
Appendix A.2 List of RFCs A.2 List of RFCs RFC 768 (UDP) RFC 783 (TFTP) RFC 791 (IP) RFC 792 (ICMP) RFC 793 (TCP) RFC 826 (ARP) RFC 854 (Telnet) RFC 855 (Telnet Option) RFC 951 (BOOTP) RFC 1112 (IGMPv1) RFC 1157 (SNMPv1) RFC 1155…
-
Page 98
Appendix A.2 List of RFCs RFC 2575 (View Based Access Control Model for SNMP) RFC 2576 (Coexistence between SNMP v1, v2 & v3) RFC 2578 (SMI v2) RFC 2579 (Textual Conventions for SMI v2) RFC 2580 (Conformance statements for SMI v2) RFC 2613 (SMON) RFC 2618… -
Page 99: Based Specifications And Standards
Appendix A.3 Based specifications and standards A.3 Based specifications and standards IEEE 802.1 AB Topology Discovery (LLDP) IEEE 802.1 af Power over Ethernet IEEE 802.1 D Switching, GARP, GMRP, Spanning Tree (Supported via 802.1S implementation) IEEE 802.1 D-1998 Media access control (MAC) bridges (includes IEEE 802.1p Priority and Dynamic Multicast Filtering, GARP, GMRP) IEEE 802.1 Q-1998…
-
Page 100: Copyright Of Integrated Software
Appendix A.4 Copyright of integrated software A.4 Copyright of integrated software A.4.1 Bouncy Castle Crypto APIs (Java) The Legion Of The Bouncy Castle Copyright (c) 2000 — 2004 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the «Software»), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies…
-
Page 101: Lvl7 Systems, Inc
Appendix A.4 Copyright of integrated software A.4.2 LVL7 Systems, Inc. (c) Copyright 1999-2006 LVL7 Systems, Inc. All Rights Reserved. RM Web L2B Release 5.0 04/09…
-
Page 102
Appendix A.4 Copyright of integrated software RM Web L2B Release 5.0 04/09… -
Page 103: B Readers’ Comments
Readers’ comments B Readers’ comments What is your opinion of this manual? We are always striving to provide as comprehensive a description of our product as possible, as well as important information that will ensure trouble-free operation. Your comments and suggestions help us to further improve the quality of our documentation.
-
Page 104
E-mail: Date / Signature: Dear User, Please fill out and return this page as a fax to the number +49 (0)7127/14-1600 or Hirschmann Automation and Control GmbH Department AED Stuttgarter Str. 45-51 72654 Neckartenzlingen RM Web L2B Release 5.0 04/09… -
Page 105: Index
Index C Index 27, 87 Java Runtime Environment Advanced JavaScript Alarm Assured Forwarding LLDP AutoConfiguration Adapter Login Broadcast Media module Multicast Cable crossing Class Selector Network load Network Management Software Clock Cold start Configuring the HIPER-Ring Configuring the MRP-Ring Option 82 Destination port Password 12, 36, 37…
-
Page 106
Index Ring Redundancy Website Ring Redundancy basic configuration Write access Ring structure Ringport RM function RMON probe Security Self-test SFP Module SFP Modules SFP status display Signal contact 84, 87 SNMP SNTP client SNTP request SNTP server Source port Statistics table Supply voltage Switching Switching Global Dialog… -
Page 107: D Further Support
Further support D Further support Technical questions and training courses In the event of technical queries, please contact your local Hirschmann distributor or Hirschmann office. You can find the addresses of our distributors on the Internet: www.hirschmann-ac.com. Our support line is also at your disposal: Tel.
-
Page 1
User Manual Basic Configuration Industrial ETHERNET (Gigabit) Switch RS20/RS30/RS40, MS20/MS30, OCTOPUS, PowerMICE, RSR20/RSR30, MACH 100, MACH 1000, MACH 4000 Basic Configuration Technical Support Release 6.0 07/2010 HAC.Support@Belden.com… -
Page 2
In addition, we refer to the conditions of use specified in the license contract. You can get the latest version of this manual on the Internet at the Hirschmann product site (www.hirschmann-ac.de). Printed in Germany Hirschmann Automation and Control GmbH Stuttgarter Str. -
Page 3: Table Of Contents
Contents Contents About this Manual Introduction Access to the user interfaces System Monitor Command Line Interface Web-based Interface Entering the IP Parameters IP Parameter Basics 2.1.1 IP address (version 4) 2.1.2 Netmask 2.1.3 Classless Inter-Domain Routing Entering IP parameters via CLI Entering the IP Parameters via HiDiscovery Loading the system configuration from the ACA System configuration via BOOTP…
-
Page 4
Contents 3.2.2 Saving to a file on URL 3.2.3 Saving to a binary file on the PC 3.2.4 Saving as a script on the PC Loading Software Updates Loading the Software manually from the ACA 4.1.1 Selecting the software to be loaded 4.1.2 Starting the software 4.1.3 Performing a cold start Automatic software update by ACA… -
Page 5
8.2.6 Setting GMRP Rate Limiter 8.3.1 Description of the Rate Limiter 8.3.2 Rate Limiter Settings (PowerMICE and MACH 4000) 8.3.3 Rate Limiter settings for RS20/RS30/40, MS20/MS30, RSR20/RSR30, MACH 100, MACH 1000 and OCTOPUS QoS/Priority 8.4.1 Description of Prioritization 8.4.2 VLAN tagging 8.4.3 IP ToS / DiffServ… -
Page 6
Contents 8.6.1 VLAN Description 8.6.2 Examples of VLANs Operation Diagnosis Sending Traps 9.1.1 List of SNMP Traps 9.1.2 SNMP Traps during Boot 9.1.3 Configuring Traps Monitoring the Device Status 9.2.1 Configuring the Device Status 9.2.2 Displaying the Device Status Out-of-band Signaling 9.3.1 Controlling the Signal Contact 9.3.2 Monitoring the Device Status via the Signal Contact 9.3.3 Monitoring the Device Functions via the Signal… -
Page 7
Contents 9.14 Event Log Setting up the Configuration Environment General Information Index Further Support Basic Configuration Release 6.0 07/2010… -
Page 8
Contents Basic Configuration Release 6.0 07/2010… -
Page 9: About This Manual
About this Manual About this Manual The “Basic Configuration” user manual contains the information you need to start operating the device. It takes you step by step from the first startup operation through to the basic settings for operation in your environment. The following thematic sequence has proven itself in practice: Set up device access for operation by entering the IP parameters Check the status of the software and update it if necessary…
-
Page 10: About This Manual
About this Manual The «Command Line Interface» reference manual contains detailed information on using the Command Line Interface to operate the individual functions of the device. The Network Management Software HiVision/Industrial HiVision provides you with additional options for smooth configuration and monitoring: Configuration of multiple devices simultaneously.
-
Page 11: Key
The designations used in this manual have the following meanings: List Work step Subheading Link Indicates a cross-reference with a stored link Note: A note emphasizes an important fact or draws your attention to a dependency. ASCII representation in user interface Courier Execution in the Web-based Interface user interface Execution in the Command Line Interface user interface…
-
Page 12
Bridge A random computer Configuration Computer Server PLC — Programmable logic controller I/O — Robot Basic Configuration Release 6.0 07/2010… -
Page 13: Introduction
Introduction Introduction The device has been developed for practical application in a harsh industrial environment. Accordingly, the installation process has been kept simple. Thanks to the selected default settings, you only have to enter a few settings before starting to operate the device. Note: The changes you make in the dialogs are copied into the volatile memory of the device when you click on «Set».
-
Page 14
Introduction Basic Configuration Release 6.0 07/2010… -
Page 15: Access To The User Interfaces
Access to the user interfaces 1 Access to the user interfaces The device has 3 user interfaces, which you can access via different interfaces: System monitor via the V.24 interface (out-of-band) Command Line Interface (CLI) via the V.24 connection (out-of-band) as well as Telnet or SSH (in-band) Web-based interface via Ethernet (in-band).
-
Page 16: System Monitor
Access to the user interfaces 1.1 System Monitor 1.1 System Monitor The system monitor enables you to select the software to be loaded perform a software update start the selected software shut down the system monitor delete the configuration saved and display the boot code information.
-
Page 17
Access to the user interfaces 1.1 System Monitor < Device Name (Boot) Release: 1.00 Build: 2005-09-17 15:36 > Press <1> to enter System Monitor 1 … Figure 1: Screen display during the boot process Press the <1> key within one second to start system monitor 1. System Monitor (Selected OS: L3P-01.0.00-K16 (2005-10-31 19:32)) Select Boot Operating System… -
Page 18: Command Line Interface
Access to the user interfaces 1.2 Command Line Interface 1.2 Command Line Interface The Command Line Interface enables you to use the functions of the device via a local or remote connection. The Command Line Interface provides IT specialists with a familiar environment for configuring IT devices.
-
Page 19
Access to the user interfaces 1.2 Command Line Interface Copyright (c) 2004-2009 Hirschmann Automation and Control GmbH All rights reserved PowerMICE Release L3P-05.1.00 (Build date 2009-10-11 12:13) System Name: PowerMICE Mgmt-IP 10.0.1.105 1.Router-IP: 0.0.0.0 Base-MAC 00:80:63:51:74:00 System Time: 2009-10-11 13:14:15… -
Page 20
NOTE: Enter ‘?’ for Command Help. Command help displays all options that are valid for the ‘normal’ and ‘no’ command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann Product) > Figure 4: CLI screen after login Basic Configuration Release 6.0 07/2010… -
Page 21: Web-Based Interface
Access to the user interfaces 1.3 Web-based Interface 1.3 Web-based Interface The user-friendly Web-based interface gives you the option of operating the device from any location in the network via a standard browser such as Mozilla Firefox or Microsoft Internet Explorer. As a universal access tool, the Web browser uses an applet which communicates with the device via the Simple Network Management Protocol (SNMP).
-
Page 22
Access to the user interfaces 1.3 Web-based Interface Start your Web browser. Check that you have activated JavaScript and Java in your browser settings. Establish the connection by entering the IP address of the device which you want to administer via the Web-based management in the address field of the Web browser. -
Page 23
Access to the user interfaces 1.3 Web-based Interface The website of the device appears on the screen. Note: The changes you make in the dialogs are copied to the device when you click «Set». Click «Reload» to update the display. Note: You can block your access to the device by entering an incorrect configuration. -
Page 24
Access to the user interfaces 1.3 Web-based Interface Basic Configuration Release 6.0 07/2010… -
Page 25: Entering The Ip Parameters
Entering the IP Parameters 2 Entering the IP Parameters The IP parameters must be entered when the device is installed for the first time. The device provides 7 options for entering the IP parameters during the first installation: Entry using the Command Line Interface (CLI). You choose this “out of band”…
-
Page 26
Entering the IP Parameters Using DHCP Option 82. You choose this “in-band” method if you want to configure the installed device using DHCP Option 82. You need a DHCP server with Option 82 for this. The DHCP server assigns the configuration data to the device using its physical connection (see page 49 “System Configuration via DHCP Option… -
Page 27: Ip Parameter Basics
Entering the IP Parameters 2.1 IP Parameter Basics 2.1 IP Parameter Basics 2.1.1 IP address (version 4) The IP addresses consist of 4 bytes. These 4 bytes are written in decimal notation, separated by a decimal point. Since 1992, five classes of IP address have been defined in the RFC 1340. Class Network Host address…
-
Page 28: Netmask
Entering the IP Parameters 2.1 IP Parameter Basics Net ID — 7 bits Host ID — 24 bits Class A Net ID — 14 bits Host ID — 16 bits Class B Net ID — 21 bits Host ID — 8 bit s Class C Multicast Group ID — 28 bits Class D…
-
Page 29
Entering the IP Parameters 2.1 IP Parameter Basics Example of a netmask: Decimal notation 255.255.192.0 Binary notation 11111111.11111111.11000000.00000000 Subnetwork mask bits Class B Example of IP addresses with subnetwork assignment when the above subnet mask is applied: Decimal notation 129.218.65.17 128 <… -
Page 30
Entering the IP Parameters 2.1 IP Parameter Basics Example of how the network mask is used In a large network it is possible that gateways and routers separate the management agent from its management station. How does addressing work in such a case? Romeo Juliet Lorenzo… -
Page 31: Classless Inter-Domain Routing
Entering the IP Parameters 2.1 IP Parameter Basics Lorenzo receives the letter and removes the outer envelope. From the inner envelope he recognizes that the letter is meant for Juliet. He places the inner envelope in a new outer envelope and searches his address list (the ARP table) for Juliet’s MAC address.
-
Page 32
Entering the IP Parameters 2.1 IP Parameter Basics Since 1993, RFC 1519 has been using Classless Inter Domain Routing (CIDR) to provide a solution to get around these problems. CIDR overcomes these class boundaries and supports classless address ranges. With CIDR, you enter the number of bits that designate the IP address range. You represent the IP address range in binary form and count the mask bits that designate the netmask. -
Page 33: Entering Ip Parameters Via Cli
Entering the IP Parameters 2.2 Entering IP parameters via CLI 2.2 Entering IP parameters via If you do not configure the system via BOOTP/DHCP, DHCP Option 82, the HiDiscovery protocol or the AutoConfiguration AdapterACA, then you perform the configuration via the V.24 interface using the CLI. Entering IP addresses Connect the PC with terminal program started to the RJ11 socket…
-
Page 34
NOTE: Enter ‘?’ for Command Help. Command help displays all options that are valid for the ‘normal’ and ‘no’ command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann PowerMICE) > Deactivate DHCP. Enter the IP parameters. Local IP address On delivery, the device has the local IP address 0.0.0.0. -
Page 35
Entering the IP Parameters 2.2 Entering IP parameters via CLI Switch to the Privileged EXEC mode. enable Deactivate DHCP. network protocol none Assign the device the IP address 10.0.1.23 and network parms 10.0.1.23 the netmask 255.255.255.0. You have the option 255.255.255.0 of also assigning a gateway address. -
Page 36: Entering The Ip Parameters Via Hidiscovery
Entering the IP Parameters 2.3 Entering the IP Parameters via Hi- Discovery 2.3 Entering the IP Parameters via HiDiscovery The HiDiscovery protocol enables you to assign IP parameters to the device via the Ethernet. You can easily configure other parameters via the Web-based interface (see the «Web-based Interface»…
-
Page 37
Entering the IP Parameters 2.3 Entering the IP Parameters via Hi- Discovery Figure 10: HiDiscovery When HiDiscovery is started, it automatically searches the network for those devices which support the HiDiscovery protocol. HiDiscovery uses the first PC network card found. If your computer has several network cards, you can select these in HiDiscovery on the toolbar. -
Page 38
Entering the IP Parameters 2.3 Entering the IP Parameters via Hi- Discovery Figure 11: HiDiscovery — assigning IP parameters Note: When the IP address is entered, the device copies the local configuration settings (see on page 53 “Loading/saving settings“). Note: For security reasons, switch off the HiDiscovery function for the device in the Web-based interface, after you have assigned the IP parameters to the device (see on page 50 “Web-based IP… -
Page 39: Loading The System Configuration From The Aca
Entering the IP Parameters 2.4 Loading the system configuration from the ACA 2.4 Loading the system configuration from the ACA The AutoConfiguration Adapter (ACA) is a device for storing the configuration data of a device and storing the device software. In the case of a device becoming inoperative, the ACA makes it possible to easily transfer the configuration data by means of a substitute device of the same type.
-
Page 40
Entering the IP Parameters 2.4 Loading the system configuration from the ACA Figure 12: Flow chart of loading configuration dats from the ACA 1 – Device start-up 2 – ACA plugged-in? 3 – Password in device and ACA identical? 3a – Default password in device? 4 –… -
Page 41: System Configuration Via Bootp
Entering the IP Parameters 2.5 System configuration via BOOTP 2.5 System configuration via BOOTP When it is started up via BOOTP (bootstrap protocol), a device receives its configuration data in accordance with the “BOOTP process” flow chart (see fig. 13). Note: In its delivery state, the device gets its configuration data from the DHCP server.
-
Page 42
Entering the IP Parameters 2.5 System configuration via BOOTP switch_01:ht=ethernet:ha=008063086501:ip=10.1.112.83:tc=.global: switch_02:ht=ethernet:ha=008063086502:ip=10.1.112.84:tc=.global: Lines that start with a ‘#’ character are comment lines. The lines under “.global:” make the configuration of several devices easier. With the template (tc) you allocate the global configuration data (tc=.global:) to each device . -
Page 43
Entering the IP Parameters 2.5 System configuration via BOOTP Start-up Load default configuration Device in initalization Device runs with settings from local flash Send DHCP DHCP/ BOOTP BOOTP? Requests Reply from Save IP parameter DHCP/BOOTP and config file URL server? locally initialize IP stack with IP parameters… -
Page 44
Entering the IP Parameters 2.5 System configuration via BOOTP Load remote Start tftp process configuration from with config URL of DHCP? file URL of DHCP tftp successful? Load transferred config file Save transferred config file local and set boot configuration to local Loading of configurations data… -
Page 45
Entering the IP Parameters 2.5 System configuration via BOOTP Note: The loading process started by DHCP/BOOTP (see on page 218 “Setting up a DHCP/BOOTP Server“) shows the selection of «from URL & save locally» in the «Load» frame. If you get an error message when saving a configuration, this could be due to an active loading process. -
Page 46: System Configuration Via Dhcp
Entering the IP Parameters 2.6 System Configuration via DHCP 2.6 System Configuration via DHCP The DHCP (Dynamic Host Configuration Protocol) is a further development of BOOTP, which it has replaced. The DHCP additionally allows the configuration of a DHCP client via a name instead of via the MAC address. For the DHCP, this name is known as the “client identifier”…
-
Page 47
Entering the IP Parameters 2.6 System Configuration via DHCP Option Meaning Subnet Mask Time Offset Router Time server Host Name Client Identifier TFTP Server Name Bootfile Name Table 3: DHCP options which the device requests The advantage of using DHCP instead of BOOTP is that the DHCP server can restrict the validity of the configuration parameters (“Lease”) to a specific time period (known as dynamic address allocation). -
Page 48
Entering the IP Parameters 2.6 System Configuration via DHCP Example of a DHCP configuration file: # /etc/dhcpd.conf for DHCP Daemon subnet 10.1.112.0 netmask 255.255.240.0 { option subnet-mask 255.255.240.0; option routers 10.1.112.96; # Host berta requests IP configuration # with her MAC address host berta { hardware ethernet 00:80:63:08:65:42;… -
Page 49: System Configuration Via Dhcp Option
Entering the IP Parameters 2.7 System Configuration via DHCP Option 82 2.7 System Configuration via DHCP Option 82 As with the classic DHCP, on startup an agent receives its configuration data according to the “BOOTP/DHCP process” flow chart (see fig. 13).
-
Page 50: Web-Based Ip Configuration
Entering the IP Parameters 2.8 Web-based IP Configuration 2.8 Web-based IP Configuration With the Basic Settings:Network dialog you define the source from which the device gets its IP parameters after starting, and you assign the IP parameters and VLAN ID and configure the HiDiscovery access. Figure 16: Network Parameters Dialog Under “Mode”, you enter where the device gets its IP parameters: In the BOOTP mode, the configuration is via a BOOTP or DHCP…
-
Page 51
Entering the IP Parameters 2.8 Web-based IP Configuration Enter the parameters on the right according to the selected mode. You enter the name applicable to the DHCP protocol in the “Name” line in the system dialog of the Web-based interface. The “VLAN”… -
Page 52: Faulty Device Replacement
Entering the IP Parameters 2.9 Faulty Device Replacement 2.9 Faulty Device Replacement The device provides 2 plug-and-play solutions for replacing a faulty device with a device of the same type (faulty device replacement): Configuring the new device using an AutoConfiguration Adapter(see on page 39 “Loading the system configuration from the ACA“) configuration via DHCP Option 82…
-
Page 53: Loading/Saving Settings
Loading/saving settings 3 Loading/saving settings The device saves settings such as the IP parameters and the port configuration in the temporary memory. These settings are lost when you switch off orreboot the device. The device enables you to load settings from a non-volatile memory into the temporary memory save settings from the temporary memory in a non-volatile memory.
-
Page 54: Loading Settings
Loading/saving settings 3.1 Loading settings 3.1 Loading settings When it is restarted, the device loads its configuration data from the local non-volatile memory, provided you have not activated BOOTP/DHCP and no ACA is connected to the device. During operation, the device allows you to load settings from the following sources: the local non-volatile memory from the AutoConfiguration Adapter.
-
Page 55: Loading From The Local Non-Volatile Memory
Loading/saving settings 3.1 Loading settings 3.1.1 Loading from the local non-volatile memory When loading the configuration data locally, the device loads the configuration data from the local non-volatile memory if no ACA is connected to the device. Select the Basics: Load/Save dialog. In the «Load»…
-
Page 56: Loading From A File
Loading/saving settings 3.1 Loading settings 3.1.3 Loading from a file The device allows you to load the configuration data from a file in the connected network if there is no AutoConfiguration Adapter connected to the device. Select the Basics: Load/Save dialog. In the «Load»…
-
Page 57
Loading/saving settings 3.1 Loading settings Figure 17: Load/Save dialog Switch to the Privileged EXEC mode. enable The device loads the configuration data from a copy tftp://10.1.112.159/ tftp server in the connected network. switch/config.dat nvram:startup-config Note: The loading process started by DHCP/BOOTP (see on page 41 “System configuration via BOOTP“) shows the selection of «from URL &… -
Page 58: Resetting The Configuration To The State On Delivery
Loading/saving settings 3.1 Loading settings 3.1.4 Resetting the configuration to the state on delivery The device enables you to reset the current configuration to the state on delivery. The locally saved configuration is kept. reset the device to the state on delivery. After the next restart, the IP address is also in the state on delivery.
-
Page 59: Saving Settings
Loading/saving settings 3.2 Saving settings 3.2 Saving settings In the «Save» frame, you have the option to save the current configuration on the device save the current configuration in binary form in a file under the specified URL, or as an editable and readable script save the current configuration in binary form or as an editable and readable script on the PC.
-
Page 60: Saving To A File On Url
Loading/saving settings 3.2 Saving settings Note: After you have successfully saved the configuration on the device, the device sends an alarm (trap) hmConfigurationSavedTrap together with the information about the AutoConfiguration Adapter (ACA), if one is connected. When you change the configuration for the first time after saving it, the device sends a trap hmConfigurationChangedTrap.
-
Page 61: Saving To A Binary File On The Pc
Loading/saving settings 3.2 Saving settings Select the Basics: Load/Save dialog. In the “Save” frame, click “to URL (binary)” to receive a binary file, or “to URL (script)” to receive an editable and readable script. In the “URL” frame, enter the path under which you want the device to save the configuration file.
-
Page 62: Saving As A Script On The Pc
Loading/saving settings 3.2 Saving settings In the save dialog, enter the name of the file in which you want the device to save the configuration file. Click «Save». 3.2.4 Saving as a script on the PC The device allows you to save the current configuration data in an editable and readable file on your PC.
-
Page 63: Loading Software Updates
Loading Software Updates 4 Loading Software Updates Hirschmann never stops working on improving the performance of its products. So it is possible that you may find a more up to date release of the device software on the Hirschmann Internet site (www.hirschmann.com) than the release saved on your device.
-
Page 64: Loading The Software
Loading Software Updates Loading the software The device gives you 4 options for loading the software: manually from the ACA 21 USB (out-of-band), automatically from the ACA 21 USB (out-of-band), via TFTP from a tftp server (in-band) and via a file selection dialog from your PC. Note: The existing configuration of the device is still there after the new software is installed.
-
Page 65: Loading The Software Manually From The Aca
Loading Software Updates 4.1 Loading the Software manually from the ACA 4.1 Loading the Software manually from the ACA You can connect the ACA 21-USB to a USB port of your PC like a conventional USB stick and copy the device software into the main directory of the ACA 12-USB.
-
Page 66: Selecting The Software To Be Loaded
Loading Software Updates 4.1 Loading the Software manually from the ACA 4.1.1 Selecting the software to be loaded In this menu item of the system monitor, you select one of two possible software releases that you want to load. The following window appears on the screen: Select Operating System Image (Available OS: Selected: 05.0.00 (2009-08-07 06:05), Backup: 04.2.00 (2009-07-06 06:05 (Locally selected: 05.0.00 (2009-08-07 06:05))
-
Page 67: Starting The Software
Loading Software Updates 4.1 Loading the Software manually from the ACA Test stored images in flash memory Select 3 to check whether the images of the software stored in the flash memory contain valid codes. Test stored images in USB memory Select 4, to check whether the images of the software stored in the ACA 21-USB contain valid codes.
-
Page 68: Automatic Software Update By Aca
Loading Software Updates 4.2 Automatic software update by 4.2 Automatic software update by ACA For a software update via the ACA, first copy the new device software into the main directory of the AutoConfiguration Adapter. If the version of the software on the ACA is newer or older than the version on the device, the device performs a software update.
-
Page 69
Loading Software Updates 4.2 Automatic software update by One of the following messages in the log file indicates the result of the update process: S_watson_AUTOMATIC_SWUPDATE_SUCCESSFUL: Update completed successfully. S_watson_AUTOMATIC_SWUPDATE_FAILED_WRONG_FILE: Update failed. Reason: incorrect file. S_watson_AUTOMATIC_SWUPDATE_FAILED_SAVING_FILE: Update failed. Reason: error when saving. In your browser, click on “Reload”… -
Page 70: Loading The Software From The Tftp Server
Loading Software Updates 4.3 Loading the software from the tftp server 4.3 Loading the software from the tftp server For a tftp update, you need a tftp server on which the software to be loaded is stored (see on page 228 “TFTP Server for Software Updates“).
-
Page 71
Loading Software Updates 4.3 Loading the software from the tftp server Enter the path of the device software. Click on «Update» to load the software from the tftp server to the device. Figure 19: Software update dialog After successfully loading it, you activate the new software: Select the dialog Basic Settings:Restart and perform a cold start. -
Page 72: Loading The Software Via File Selection
Loading Software Updates 4.4 Loading the Software via File Selection 4.4 Loading the Software via File Selection For an HTTP software update (via a file selection window), the device software must be on a data carrier that you can access via a file selection window from your workstation.
-
Page 73: Configuring The Ports
Configuring the Ports 5 Configuring the Ports The port configuration consists of: Switching the port on and off Selecting the operating mode Activating the display of connection error messages Configuring Power over ETHERNET. Switching the port on and off In the state on delivery, all the ports are switched on. For a higher level of access security, switch off the ports at which you are not making any connection.
-
Page 74: Configuring Power Over Ethernet
Configuring the Ports Displaying connection error messages In the state on delivery, the device displays connection errors via the signal contact and the LED display. The device allows you to suppress this display, because you do not want to interpret a switched off device as an interrupted connection, for example.
-
Page 75
Configuring the Ports Nominal power for MACH 4000: The device provides the nominal power for the sum of all PoE ports plus a surplus. Should the connected devices require more PoE power than is provided, the device then switches PoE off at the ports. Initially, the device switches PoE off at the ports with the lowest PoE priority. -
Page 76
Configuring the Ports The difference between the «nominal» and «reserved» power indicates how much power is still available to the free PoE ports. In the “POE on” column, you can enable/disable PoE at this port. The “Status” column indicates the PoE status of the port. In the “Priority”… -
Page 77: Protection From Unauthorized Access
Protection from Unauthorized Access 6 Protection from Unauthorized Access The device provides you with the following functions to help you protect it against unauthorized access. Password for SNMP access Telnet/Web/SSH access disabling Restricted management access HiDiscovery function disabling Port access control via IP or MAC address Port authentication according to IEEE 802.1X Basic Configuration Release 6.0 07/2010…
-
Page 78: Protecting The Device
Protection from Unauthorized Access 6.1 Protecting the device 6.1 Protecting the device If you want to maximize the protection of the device against unauthorized access in just a few steps, you can perform some or all of the following steps on the device: Deactivate SNMPv1 and SNMPv2 and select a password for SNMPv3 access other than the standard password…
-
Page 79: Password For Snmp Access
Protection from Unauthorized Access 6.2 Password for SNMP access 6.2 Password for SNMP access 6.2.1 Description of password for SNMP access A network management station communicates with the device via the Simple Network Management Protocol (SNMP). Every SNMP packet contains the IP address of the sending computer and the password with which the sender of the packet wants to access the device MIB.
-
Page 80: Entering The Password For Snmp Access
Protection from Unauthorized Access 6.2 Password for SNMP access 6.2.2 Entering the password for SNMP access Select the Security:Password/SNMP Access dialog. This dialog gives you the option of changing the read and read/write passwords for access to the device via the Web-based interface, via the CLI, and via SNMPv3 (SNMP version 3).
-
Page 81
Protection from Unauthorized Access 6.2 Password for SNMP access Figure 21: Password/SNMP Access dialog Note: If you do not know a password with “read/write” access, you will not have write access to the device. Note: For security reasons, the device does not display the passwords. Make a note of every change. -
Page 82
Protection from Unauthorized Access 6.2 Password for SNMP access Select the Security:SNMPv1/v2 access dialog. With this dialog you can select the access via SNMPv1 or SNMPv2. In the state on delivery, both protocols are activated. You can thus manage the device with HiVision and communicate with earlier versions of SNMP. -
Page 83
Protection from Unauthorized Access 6.2 Password for SNMP access Figure 22: SNMPv1/v2 access dialog To create a new line in the table click «Create entry». To delete an entry, select the line in the table and click «Delete». Basic Configuration Release 6.0 07/2010… -
Page 84: Telnet/Web/Ssh Access
Protection from Unauthorized Access 6.3 Telnet/Web/SSH Access 6.3 Telnet/Web/SSH Access 6.3.1 Description of Telnet Access The Telnet server of the device allows you to configure the device by using the Command Line Interface (in-band). You can deactivate the Telnet server if you do not want Telnet access to the device.
-
Page 85: Description Of Ssh Access
Protection from Unauthorized Access 6.3 Telnet/Web/SSH Access After the Web server has been switched off, it is no longer possible to log in via a Web browser. The login in the open browser window remains active. 6.3.3 Description of SSH Access The SSH server of the device allows you to configure the device by using the Command Line Interface (in-band).
-
Page 86
Protection from Unauthorized Access 6.3 Telnet/Web/SSH Access Switch to the Privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the configuration mode for CLI. lineconfig Enable Telnet server. transport input telnet Disable Telnet server. no transport input telnet Switch to the Configuration mode. -
Page 87: Restricted Management Access
Protection from Unauthorized Access 6.4 Restricted Management Access 6.4 Restricted Management Access The device allows you to differentiate the management access to the device based on IP address ranges, and to differentiate these based on management services (http, snmp, telnet, ssh). You thus have the option to set finely differentiated management access rights.
-
Page 88
Protection from Unauthorized Access 6.4 Restricted Management Access Switch to the Privileged EXEC mode. enable Display the current configuration. show network mgmt-access Create an entry for the IT network. This is given network mgmt-access add the smallest free ID — in the example, 2. Set the IP address of the entry for the IT network. -
Page 89: Hidiscovery Access
Protection from Unauthorized Access 6.5 HiDiscovery Access 6.5 HiDiscovery Access 6.5.1 Description of the HiDiscovery Protocol The HiDiscovery protocol allows you to allocate an IP address to the device on the basis of its MAC address (see on page 36 “Entering the IP Parameters HiDiscovery“).
-
Page 90
Protection from Unauthorized Access 6.5 HiDiscovery Access 6.5.3 Description of the Port Access Control You can configure the device in such a way that it helps to protect every port from unauthorized access. Depending on your selection, the device checks the MAC address or the IP address of the connected device. -
Page 91
Protection from Unauthorized Access 6.5 HiDiscovery Access Parameter Value Explanation Allowed IP Addresses 10.0.1.228 The defined users are the device with the 10.0.1.229 IP address 10.0.1.228 and the device with the IP address 10.0.1.229 Action portDisable Disable the port with the corresponding entry in the port configuration table (see on page 73 “Configuring the Ports“) -
Page 92
Protection from Unauthorized Access 6.5 HiDiscovery Access Configure the port security. Select the Security:Port Security dialog. In the “Configuration” frame, select “IP-Based Port Security”. In the table, click on the row of the port to be protected, in the “Allowed IP addresses” cell. Enter in sequence: –… -
Page 93
Protection from Unauthorized Access 6.5 HiDiscovery Access Save the settings in the non-volatile memory. Select the dialog Basic Settings:Load/Save. In the “Save” frame, select “To Device” for the location and click “Save” to permanently save the configuration in the active configuration. -
Page 94: Port Authentication Ieee 802.1X
Protection from Unauthorized Access 6.6 Port Authentication IEEE 802.1X 6.6 Port Authentication IEEE 802.1X 6.6.1 Description of Port Authentication according to IEEE 802.1X The port-based network access control is a method described in the standard IEEE 802.1X to protect IEEE 802 networks from unauthorized access. The protocol controls the access to a port by authenticating and authorizing a device that is connected to this port of the device.
-
Page 95: Authentication Process According To Ieee 802.1X
Protection from Unauthorized Access 6.6 Port Authentication IEEE 802.1X 6.6.2 Authentication Process according to IEEE 802.1X A supplicant attempts to communicate via a device port. The device requests authentication from the supplicant. At this time, only EAPOL traffic is allowed between the supplicant and the device. The supplicant replies with its identification data.
-
Page 96: Ieee 802.1X Settings
Protection from Unauthorized Access 6.6 Port Authentication IEEE 802.1X 6.6.4 IEEE 802.1X Settings Configurating the RADIUS Server Select the Security:802.1x Port Authentication:RADIUS Server dialog. This dialog allows you to enter the data for 1, 2 or 3 RADIUS servers. Click «Create entry» to open the dialog window for entering the IP address of a RADIUS server.
-
Page 97: Synchronizing The System Time In The Network
Synchronizing the System Time in the Network 7 Synchronizing the System Time in the Network The actual meaning of the term “real time” depends on the time requirements of the application. The device provides two options with different levels of accuracy for synchronizing the time in your network.
-
Page 98: Entering The Time
Synchronizing the System Time in the 7.1 Entering the Time Network 7.1 Entering the Time If no reference clock is available, you have the option of entering the system time in a device and then using it like a reference clock (see on page 102 “Configuring SNTP“),…
-
Page 99
Synchronizing the System Time in the 7.1 Entering the Time Network With “Set time from PC”, the device takes the PC time as the system time and calculates the IEEE 1588 / SNTP time using the local time difference. “IEEE 1588 / SNTP time” = “System time” — “Local offset” The “Local Offset”… -
Page 100: Sntp
Synchronizing the System Time in the 7.2 SNTP Network 7.2 SNTP 7.2.1 Description of SNTP The Simple Network Time Protocol (SNTP) enables you to synchronize the system time in your network. The device supports the SNTP client and the SNTP server function. The SNTP server makes the UTC (Universal Time Coordinated) available.
-
Page 101: Preparing The Sntp Configuration
Synchronizing the System Time in the 7.2 SNTP Network 7.2.2 Preparing the SNTP Configuration To get an overview of how the time is passed on, draw a network plan with all the devices participating in SNTP. When planning, bear in mind that the accuracy of the time depends on the signal runtime.
-
Page 102: Configuring Sntp
Synchronizing the System Time in the 7.2 SNTP Network 7.2.3 Configuring SNTP Select the Time:SNTP dialog. Operation In this frame you switch the SNTP function on/off globally. SNTP Status The “Status message” displays statuses of the SNTP client as one or more test messages. Possible messages: Local system clock is synchronized;…
-
Page 103
Synchronizing the System Time in the 7.2 SNTP Network Configuration SNTP Client In “Client status” you switch the SNTP client of the device on/off. In “External server address” you enter the IP address of the SNTP server from which the device periodically requests the system time. -
Page 104
Synchronizing the System Time in the 7.2 SNTP Network Configuration SNTP Server In “Server status” you switch the SNTP server of the device on/ off. In “Anycast destination address” you enter the IP address to which the SNTP server of the device sends its SNTP packets (see table In “VLAN ID”… -
Page 105
Synchronizing the System Time in the 7.2 SNTP Network Figure 27: SNTP Dialog Device 192.168.1.1 192.168.1.2 192.168.1.3 Operation Server destination address 0.0.0.0 0.0.0.0 0.0.0.0 Server VLAN ID Send interval Client external server address 192.168.1.0 192.168.1.1 192.168.1.2 Request interval Accept Broadcasts Table 6: Settings for the example (see fig. -
Page 106: Precision Time Protocol
Synchronizing the System Time in the 7.3 Precision Time Protocol Network 7.3 Precision Time Protocol 7.3.1 Description of PTP Functions Precise time management is required for running time-critical applications via a LAN. The IEEE 1588 standard with the Precision Time Protocol (PTP) describes a procedure that assumes one clock is the most accurate and thus enables precise synchronization of all clocks in a LAN.
-
Page 107
Synchronizing the System Time in the 7.3 Precision Time Protocol Network PTPv1 PTPv2 Specification Stratum Clock class number – (priority 1 = For temporary, special purposes, in order to assign a higher accuracy to one clock than to all other clocks in the network. Indicates the reference clock with the highest degree of accuracy. -
Page 108
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Reference Local (Master clock) (Slave clock) Delay + Jitter Delay + Jitter Delay + Jitter Precision Time Protocol (Application Layer) UDP User Datagramm Protocol (Transport Layer) Internet Protocol (Network Layer) MAC Media Access Control Physical Layer Figure 28: Delay and jitter for clock synchronization… -
Page 109
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Peer-to-Peer (P2P) With P2P, like in E2E, every slave clock measures the delay to its master clock. In addition, in P2P every master clock measures the delay to the slave clock. -
Page 110: Preparing The Ptp Configuration
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Independently of the physical communication paths, the PTP provides logical communication paths which you define by setting up PTP subdomains. Subdomains are used to form groups of clocks that are time-independent from the rest of the domain.
-
Page 111
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Note: Connect all the connections you need to distribute the PTP information to connections with an integrated time stamp unit (RT modules). Devices without a time stamp unit take the information from the PTP and use it to set their clocks. -
Page 112: Application Example
Synchronizing the System Time in the 7.3 Precision Time Protocol Network 7.3.3 Application Example PTP is used to synchronize the time in the network. As an SNTP client, the left device (see fig. 31) gets the time from the NTP server via SNTP. The device assigns PTP clock stratum 2 (PTPv1) or clock class 6 (PTPv2) to the time received from an NTP server.
-
Page 113
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Device 10.0.1.112 10.0.1.116 10.0.1.105 10.0.1.106 PTP Global Operation Clock Mode v1-boundary- v1-boundary- v1-simple-mode v1-simple-mode clock clock Preferred Master true false false false SNTP Operation Client Status External server 10.0.1.2 0.0.0.0 0.0.0.0 0.0.0.0… -
Page 114
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Select the Time:SNTP dialog. Activate SNTP globally in the “Operation” frame. Activate the SNTP client (client status) in the “Configuration SNTP Client” frame. In the “Configuration SNTP Client” frame, enter: –… -
Page 115
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Switch on PTP globally. ptp operation enable Select PTP version and clock mode. ptp clock-mode v1-boundary- clock In this example, you have chosen the device with the IP address 10.0.1.112 as the PTP reference clock. -
Page 116
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Save the settings in the non-volatile memory. Select the Basics: Load/Save dialog. In the “Save” frame, select “To Device” for the location and click “Save” to permanently save the configuration in the active configuration. -
Page 117: Interaction Of Ptp And Sntp
Synchronizing the System Time in the 7.4 Interaction of PTP and SNTP Network 7.4 Interaction of PTP and SNTP According to the PTP and SNTP standards, both protocols can exist in parallel in the same network. However, since both protocols affect the system time of the device, situations may occur in which the two protocols compete with each other.
-
Page 118
Synchronizing the System Time in the 7.4 Interaction of PTP and SNTP Network Device 149.218.112.1 149.218.112.2 149.218.112.3 Operation Clock Mode v1-boundary-clock v1-boundary-clock v1-boundary-clock Preferred Master false false false SNTP Operation Client Status External server address 149.218.112.0 0.0.0.0 0.0.0.0 Server request interval Accept SNTP Broadcasts Server status Anycast destination address… -
Page 119: Network Load Control
Network Load Control 8 Network Load Control To optimize the data transmission, the device provides you with the following functions for controlling the network load: Settings for direct packet distribution (MAC address filter) Multicast settings Rate limiter Prioritization — QoS Flow control Virtual LANs (VLANs) Basic Configuration…
-
Page 120: Direct Packet Distribution
Network Load Control 8.1 Direct Packet Distribution 8.1 Direct Packet Distribution With direct packet distribution, you help protect the device from unnecessary network loads. The device provides you with the following functions for direct packet distribution: Store-and-forward Multi-address capability Aging of learned addresses Static address entries Disabling the direct packet distribution 8.1.1…
-
Page 121: Aging Of Learned Addresses
Network Load Control 8.1 Direct Packet Distribution in the destination address field are sent to this port. The device enters learned source addresses in its filter table (see on page 122 “Entering Static Addresses“). The device can learn up to 8.000 addresses. This is necessary if more than one terminal device is connected to one or more ports.
-
Page 122: Entering Static Addresses
Network Load Control 8.1 Direct Packet Distribution 8.1.4 Entering Static Addresses An important function of the device is the filter function. It selects data packets according to defined patterns, known as filters. These patterns are assigned distribution rules. This means that a data packet received by a device at a port is compared with the patterns.
-
Page 123: Disabling The Direct Packet Distribution
Network Load Control 8.1 Direct Packet Distribution Select the Switching:Filters for MAC Addresses dialog. Each row of the filter table represents one filter. Filters specify the way in which data packets are sent. They are set automatically by the Switch (learned status) or created manually.
-
Page 124
Network Load Control 8.1 Direct Packet Distribution Select the Switching:Global dialog. UnCheck «Address Learning» to observe the data at all ports. Basic Configuration Release 6.0 07/2010… -
Page 125: Multicast Application
Network Load Control 8.2 Multicast Application 8.2 Multicast Application 8.2.1 Description of the Multicast Application The data distribution in the LAN differentiates between 3 distribution classes on the basis of the addressed recipients: Unicast — one recipient Multicast — a group of recipients Broadcast — every recipient that can be reached In the case of a Multicast address, the device forwards all data packets with a Multicast address to all ports.
-
Page 126: Example Of A Multicast Application
Network Load Control 8.2 Multicast Application 8.2.2 Example of a Multicast Application The cameras for monitoring machines normally transmit their images to monitors located in the machine room and to the control room. In an IP transmission, a camera sends its image data with a Multicast address via the network.
-
Page 127: Description Of Igmp Snooping
Network Load Control 8.2 Multicast Application 8.2.3 Description of IGMP Snooping The Internet Group Management Protocol (IGMP) describes the distribution of Multicast information between routers and terminal devices on Layer 3. Routers with an active IGMP function periodically send queries to find out which IP Multicast group members are connected to the LAN.
-
Page 128: Setting Igmp Snooping
Network Load Control 8.2 Multicast Application 8.2.4 Setting IGMP Snooping Select the Switching:Multicast:IGMP dialog. Operation The “Operation” frame allows you to enable/disable IGMP Snooping globally for the entire device. If IGMP Snooping is disabled, then the device does not evaluate Query and Report packets received, it sends (floods) received data packets with a Multicast address as the destination address to all ports.
-
Page 129
Network Load Control 8.2 Multicast Application IGMP Querier “IGMP Querier active” allows you to enable/disable the Query function. “Protocol version” allow you to select IGMP version 1, 2 or 3. In “Send interval [s]” you specify the interval at which the device sends query packets (valid entries: 2-3,599 s, default setting: 125 s). -
Page 130: Parameter Values
Network Load Control 8.2 Multicast Application Parameter Values The parameters – Max. Response Time, – Send Interval and – Group Membership Interval have a relationship to each other: Max. Response Time < Send Interval < Group Membership Interval. If you enter values that contradict this relationship, the device then replaces these values with a default value or with the last valid values.
-
Page 131
Network Load Control 8.2 Multicast Application Unknown Multicasts In this frame you can determine how the device in IGMP mode sends packets with known and unknown MAC/IP Multicast addresses that were not learned through IGMP Snooping. “Unknown Muilticasts” allows you to specify how the device transmits unknown Multicast packets: “Send to Query Ports”. -
Page 132
IGMP queries (disable=default setting). This column allows you to also send IGMP report messages to: other selected ports (enable) or connected Hirschmann devices (automatic). “Learned Query Port” This table column shows you at which ports the device has received IGMP queries, if “disable”… -
Page 133: Description Of Gmrp
Network Load Control 8.2 Multicast Application Figure 34: IGMP Snooping dialog 8.2.5 Description of GMRP The GARP Multicast Registration Protocol (GMRP) describes the distribution of data packets with a Multicast address as the destination address on Layer Basic Configuration Release 6.0 07/2010…
-
Page 134
Network Load Control 8.2 Multicast Application Devices that want to receive data packets with a Multicast address as the destination address use the GMRP to perform the registration of the Multicast address. For a Switch, registration involves entering the Multicast address in the filter table. -
Page 135: Setting Gmrp
Network Load Control 8.2 Multicast Application 8.2.6 Setting GMRP Select the Switching:Multicasts:GMRP dialog. Operation The “Operation” frame allows you to enable GMRP globally for the entire device. It GMRP is disabled, then the device does not generate any GMRP packets, does not evaluate any GMRP packets received, and sends (floods) received data packets to all ports.
-
Page 136
Network Load Control 8.2 Multicast Application Note: If the device is incorporated into a HIPER-Ring, you can use the following settings to quickly reconfigure the network for data packets with registered Multicast destination addresses after the ring is switched: Activate GMRP on the ring ports and globally, and activate “Forward all groups”… -
Page 137: Rate Limiter
Network Load Control 8.3 Rate Limiter 8.3 Rate Limiter 8.3.1 Description of the Rate Limiter The device can limit the rate of message traffic during periods of heavy traffic flow. Entering a limit rate for each port specifies the amount of traffic the device is permitted to transmit and receive.
-
Page 138: Rate Limiter Settings (Powermice And Mach 4000)
Network Load Control 8.3 Rate Limiter 8.3.2 Rate Limiter Settings (PowerMICE and MACH 4000) Select the Switching:Rate Limiter dialog. «Ingress Limiter (kbit/s)» allows you to enable or disable the ingress limiter function for all ports and to select the ingress limitation on all ports (either broadcast packets only or broadcast packets and Multicast packets).
-
Page 139: Rate Limiter Settings For Rs20/Rs30/40, Ms20/Ms30, Rsr20/Rsr30
Network Load Control 8.3 Rate Limiter 8.3.3 Rate Limiter settings for RS20/RS30/40, MS20/MS30, RSR20/RSR30, MACH 100, MACH 1000 and OCTOPUS Select the Switching:Rate Limiter dialog. «Ingress Limiter (kbit/s)» allows you to enable or disable the input limiting function for all ports.
-
Page 140
Network Load Control 8.3 Rate Limiter Setting options per port: «Ingress Packet Types» allows you to select the packet type for which the limit is to apply: All, limits the total inbound data volume at this port. BC, limits the broadcast packets received at this port. BC + MC, limits broadcast packets and Multicast packets received at this port. -
Page 141: Qos/Priority
Network Load Control 8.4 QoS/Priority 8.4 QoS/Priority 8.4.1 Description of Prioritization This function prevents time-critical data traffic such as language/video or real-time data from being disrupted by less time-critical data traffic during periods of heavy traffic. By assigning high traffic classes for time-critical data and low traffic classes for less time-critical data, this provides optimal data flow for time-critical data traffic.
-
Page 142: Vlan Tagging
Data packets with VLAN tags containing priority information but no VLAN information (VLAN ID = 0), are known as Priority Tagged Frames. Priority Traffic class for Traffic Class for IEEE 802.1D traffic type entered RS20/RS30/ PowerMICE, RS40, MACH 104/ MACH 1000, MACH 1040 and MS20/MS30,…
-
Page 143
Network Load Control 8.4 QoS/Priority Note: Network protocols and redundancy mechanisms use the highest traffic classes 3 (RS20/30/40, MS20/30, RSR20/RSR30, MACH 1000, OCTOPUS) or 7 (PowerMICE, MACH 104/MACH 1040, MACH 4000). Therefore, select other traffic classes for application data. 42-1500 Octets min. -
Page 144: Ip Tos / Diffserv
Network Load Control 8.4 QoS/Priority When using VLAN prioritizing, note the following special features: End-to-end prioritizing requires the VLAN tags to be transmitted to the entire network, which means that all network components must be VLAN- capable. Routers cannot receive or send packets with VLAN tags via port-based router interfaces.
-
Page 145: Differentiated Services
Network Load Control 8.4 QoS/Priority Bits (0-2): IP Precedence Defined Bits (3-6): Type of Service Defined Bit (7) 111 — Network Control 0000 — [all normal] 0 — Must be zero 110 — Internetwork Control 1000 — [minimize delay] 101 — CRITIC / ECP 0100 — [maximize throughput] 100 — Flash Override 0010 — [maximize reliability]…
-
Page 146
Network Load Control 8.4 QoS/Priority Assured Forwarding (AF): Provides a differentiated schema for handling different data traffic (RFC2597). Default Forwarding/Best Effort: No particular prioritizing. The PHB class selector assigns the 7 possible IP precedence values from the old ToS field to specific DSCP values, thus ensuring the downwards compatibility. -
Page 147
Network Load Control 8.4 QoS/Priority DSCP value DSCP name Traffic Class for Traffic class for MACH 4000, RS20/RS30/RS40, MACH 104, RSR20/RSR30, MACH 1040, MS20/MS30, PowerMICE OCTOPUS, default setting) MACH1000 (default setting) Best Effort /CS0 9,11,13,15 10,12,14 AF11,AF12,AF13 17,19,21,23 18,20,22 AF21,AF22,AF23… -
Page 148: Management Prioritization
Network Load Control 8.4 QoS/Priority 8.4.4 Management prioritization To have full access to the management of the device, even in situations of high network load, the device enables you to prioritize management packets. In prioritizing management packets (SNMP, Telnet, etc.), the device sends the management packets with priority information.
-
Page 149: Handling Of Traffic Classes
Network Load Control 8.4 QoS/Priority 8.4.6 Handling of Traffic Classes For the handling of traffic classes, the device provides: Strict Priority Description of Strict Priority With the Strict Priority setting, the device first transmits all data packets that have a higher traffic class before transmitting a data packet with the next highest traffic class.
-
Page 150
Network Load Control 8.4 QoS/Priority Switch to the Interface Configuration mode of interface 1/1 interface 1/1. Assign port priority 3 to interface 1/1. vlan priority 3 Switch to the Configuration mode. exit Assigning the VLAN Priority to the Traffic Classes Select the QOS/Priority:802.1D/p-Mapping dialog. -
Page 151
Network Load Control 8.4 QoS/Priority Switch to the privileged EXEC mode. exit Display the trust mode on interface 1/1. show classofservice trust Class of Service Trust Mode: Untrusted Untrusted Traffic Class: 4 Assigning the traffic class to a DSCP Select the QOS/Priority:IP DSCP Mapping dialog. -
Page 152
Network Load Control 8.4 QoS/Priority Class of Service Trust Mode: IP DSCP Non-IP Traffic Class: 2 Always assign the DSCP priority to received IP data packets globally Select the QoS/Priority:Global dialog. Select trustIPDSCP in the «Trust Mode» line. Switch to the Privileged EXEC mode. enable Switch to the Configuration mode. -
Page 153
Network Load Control 8.4 QoS/Priority System IP Address……10.0.1.116 Subnet Mask……..255.255.255.0 Default Gateway…….. 10.0.1.200 Burned In MAC Address……00:80:63:51:7A:80 Network Configuration Protocol (BootP/DHCP)..None DHCP Client ID (same as SNMP System Name)..»PowerMICE-517A80″ Network Configuration Protocol HiDiscovery..Read-Write Management VLAN ID……1 Management VLAN Priority……. -
Page 154: Flow Control
Network Load Control 8.5 Flow Control 8.5 Flow Control 8.5.1 Description of Flow Control Flow control is a mechanism which acts as an overload protection for the device. During periods of heavy traffic, it holds off additional traffic from the network.
-
Page 155
Before the send queue of port 2 overflows, the device sends a request to Workstation 2 to include a small break in the sending transmission. Note: The devices RS20/30/40, MS20/30, Octopus, MACH 100, RSR and MACH 1000 support flow control in full duplex mode only. -
Page 156: Setting The Flow Control
Network Load Control 8.5 Flow Control Note: The devices RS20/30/40, MS20/30, Octopus, MACH 100, RSR and MACH 1000 do not support flow control in half duplex mode. 8.5.2 Setting the Flow Control Select the Basics:Port Configuration dialog. In the «Flow Control on» column, you checkmark this port to specify that flow control is active here.
-
Page 157: Vlans
Network Load Control 8.6 VLANs 8.6 VLANs 8.6.1 VLAN Description In the simplest case, a virtual LAN (VLAN) consists of a group of network participants in one network segment who can communicate with each other as if they belonged to a separate LAN. More complex VLANs span out over multiple network segments and are also based on logical (instead of only physical) connections between network participants.
-
Page 158: Examples Of Vlans
Network Load Control 8.6 VLANs 8.6.2 Examples of VLANs The following practical examples provide a quick introduction to the structure of a VLAN. Example 1 VLAN VLAN Figure 41: Example of a simple port-based VLAN The example shows a minimal VLAN configuration (port-based VLAN). An administrator has connected multiple terminal devices to a transmission device and assigned them to 2 VLANs.
-
Page 159
Network Load Control 8.6 VLANs Terminal Port Port VLAN identifier (PVID) Table 16: Ingress table VLANID Port Table 17: Egress table Basic Configuration Release 6.0 07/2010… -
Page 160
Network Load Control 8.6 VLANs Proceed as follows to perform the example configuration: Configure VLAN Select the Switching:VLAN:Static dialog. Figure 42: Creating and naming new VLANs Click on “Create Entry” to open a window for entering the VLAN ID. Assign VLAN ID 2 to the VLAN. Click on “OK”. -
Page 161
Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the VLAN configuration mode. vlan database Create a new VLAN with the VLAN ID 2. vlan 2 Give the VLAN with the VLAN ID 2 the name vlan name 2 VLAN2 VLAN2. -
Page 162
Network Load Control 8.6 VLANs Configuring the ports Figure 43: Defining the VLAN membership of the ports. Assign the ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status. -
Page 163
Network Load Control 8.6 VLANs Figure 44: Assign and save Port VLAN ID, Acceptable Frame Types and Ingress Filtering Assign the Port VLAN ID of the related VLANs (2 or 3) to the individual ports — see table. Because terminal devices usually do not send data packets with a tag, you select the admitAll setting for “Acceptable Frame Types”. -
Page 164
Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the Interface Configuration mode of interface 1/1 interface 1/1. vlan participation include 2 Port 1/1 becomes member untagged in VLAN 2. Port 1/1 is assigned the port VLAN ID 2. -
Page 165
Network Load Control 8.6 VLANs Example 2 Figure 45: Example of a more complex VLAN constellation The second example shows a more complex constellation with 3 VLANs (1 to 3). Along with the Switch from example 1, a second Switch (on the right in the example) is now used. -
Page 166
Network Load Control 8.6 VLANs T = with TAG field (T = tagged) U = without TAG field (U = untagged) In this example, tagged frames are used in the communication between the transmission devices (uplink), as frames for different VLANs are differentiated at these ports. -
Page 167
Network Load Control 8.6 VLANs The communication relationships here are as follows: terminal devices at ports 1 and 4 of the left device and terminal devices at ports 2 and 4 of the right device are members of VLAN 2 and can thus communicate with each other. -
Page 168
Network Load Control 8.6 VLANs Proceed as follows to perform the example configuration: Configure VLAN Select the Switching:VLAN:Static dialog. Figure 46: Creating and naming new VLANs Click on “Create Entry” to open a window for entering the VLAN ID. Assign VLAN ID 2 to the VLAN. You give this VLAN the name VLAN2 by clicking on the name field and entering the name. -
Page 169
Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the VLAN configuration mode. vlan database Create a new VLAN with the VLAN ID 2. vlan 2 Give the VLAN with the VLAN ID 2 the name vlan name 2 VLAN2 VLAN2. -
Page 170
Network Load Control 8.6 VLANs Configuring the ports Figure 47: Defining the VLAN membership of the ports. Assign the ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status. -
Page 171
Network Load Control 8.6 VLANs Figure 48: Assign and save Port VLAN ID, Acceptable Frame Types and Ingress Filtering Assign the ID of the related VLANs (1 to 3) to the individual ports. Because terminal devices usually do not send data packets with a tag, you select the admitAll setting for the terminal device ports. -
Page 172
Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the Interface Configuration mode of interface 1/1 interface 1/1. vlan participation include 1 Port 1/1 becomes member untagged in VLAN 1. vlan participation include 2 Port 1/1 becomes member untagged in VLAN 2. -
Page 173
Network Load Control 8.6 VLANs For further information on VLANs, see the reference manual and the integrated help function in the program. Basic Configuration Release 6.0 07/2010… -
Page 174
Network Load Control 8.6 VLANs Basic Configuration Release 6.0 07/2010… -
Page 175: Operation Diagnosis
Operation Diagnosis 9 Operation Diagnosis The device provides you with the following diagnostic tools: Sending traps Monitoring the device status Out-of-band signaling via signal contact Port status indication Event counter at port level Detecting non-matching duplex modes SFP status display TP cable diagnosis Topology Discovery Detecting IP address conflicts…
-
Page 176: Sending Traps
Operation Diagnosis 9.1 Sending Traps 9.1 Sending Traps If unusual events occur during normal operation of the device, they are reported immediately to the management station. This is done by means of what are called traps ? alarm messages ? that bypass the polling procedure («Polling»…
-
Page 177: List Of Snmp Traps
Operation Diagnosis 9.1 Sending Traps 9.1.1 List of SNMP Traps All the possible traps that the device can send are listed in the following table. Trap name Meaning authenticationFailure is sent if a station attempts to access the agent without permission. coldStart is sent for both cold and warm starts during the boot process after successful management initialization.
-
Page 178: Snmp Traps During Boot
Operation Diagnosis 9.1 Sending Traps Trap name Meaning hmAddressRelearnDetectT is sent when Address Relearn Detection is activated and the threshold for the MAC addresses relearned at different ports has been exceeded. This process very probably indicates a loop situation in the network. hmDuplexMismatchTrap is sent if the device has detected a potential problem with the duplex mode of a port.
-
Page 179: Configuring Traps
Operation Diagnosis 9.1 Sending Traps 9.1.3 Configuring Traps Select the Diagnostics:Alarms (Traps) dialog. This dialog allows you to determine which events trigger an alarm (trap) and where these alarms should be sent. Select “Create entry”. In the “IP Address” column, enter the IP address of the recipient to whom the traps should be sent.
-
Page 180
Operation Diagnosis 9.1 Sending Traps The events which can be selected are: Name Meaning Authentication The device has rejected an unauthorized access attempt (see the Access for IP Addresses and Port Security dialog). Link Up/Down At one port of the device, the link to another device has been established/ interrupted. -
Page 181: Monitoring The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status 9.2 Monitoring the Device Status The device status provides an overview of the overall condition of the device. Many process visualization systems record the device status for a device in order to present its condition in graphic form. The device enables you to signal the device status out-of-band via a signal contact (see on page 185 “Monitoring the Device Status via the Signal Contact“)
-
Page 182: Configuring The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status Note: With a non-redundant voltage supply, the device reports the absence of a supply voltage. If you do not want this message to be displayed, feed the supply voltage over both inputs or switch off the monitoring (see on page 185 “Monitoring the Device Status via the Signal Contact“).
-
Page 183: Displaying The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status 9.2.2 Displaying the Device Status Select the Basics:System dialog. Figure 50: Device status and alarm display 1 — The symbol displays the device status 2 — Cause of the oldest existing alarm 3 — Start of the oldest existing alarm Switch to the privileged EXEC mode.
-
Page 184: Out-Of-Band Signaling
Operation Diagnosis 9.3 Out-of-band Signaling 9.3 Out-of-band Signaling The signal contact is used to control external devices and monitor the operation of the device. Function monitoring enables you to perform remote diagnostics. The device reports the operating status via a break in the potential-free signal contact (relay contact, closed circuit): Incorrect supply voltage, at least one of the two supply voltages is inoperative,…
-
Page 185: Controlling The Signal Contact
Operation Diagnosis 9.3 Out-of-band Signaling 9.3.1 Controlling the Signal Contact With this mode you can remotely control every signal contact individually. Application options: Simulation of an error as an input for process control monitoring equipment. Remote control of a device via SNMP, such as switching on a camera. Select the Diagnostics:Signal Contact 1/2) dialog.
-
Page 186: Monitoring The Device Functions Via The Signal Contact
Operation Diagnosis 9.3 Out-of-band Signaling 9.3.3 Monitoring the Device Functions via the Signal Contact Configuring the operation monitoring Select the Diagnostics:Signal Contact dialog. Select «Monitoring correct operation» in the «Mode signal contact» frame to use the contact for operation monitoring. In the «Monitoring correct operation»…
-
Page 187: Monitoring The Fan
Operation Diagnosis 9.3 Out-of-band Signaling Figure 51: Signal Contact dialog Switch to the privileged EXEC mode. exit Displays the status of the operation monitoring show signal-contact 1 and the setting for the status determination. 9.3.4 Monitoring the Fan Devices of the Mach 4000 range have a replaceable plug-in fan. This plug-in fan considerably reduces the inner temperature of the device.
-
Page 188
Operation Diagnosis 9.3 Out-of-band Signaling The device enables you to signal changes to the status of the plug-in fan out-of-band (outside the data flow) via a signal contact (see on page 185 “Monitoring the Device Status via the Signal Contact“) to signal changes to the status of the plug-in fan by sending a trap when the device status changes to detect status changes to the plug-in fan in the Web-based interface on… -
Page 189
Operation Diagnosis 9.3 Out-of-band Signaling Proceed as follows to signal changes to the fan status via a signal contact and with an alarm message: Select the Diagnostics:Signal Contact dialog. Select the signal contact you want to use (in the example, signal contact 1) in the corresponding tab page “Signal contact 1”… -
Page 190: Port Status Indication
Operation Diagnosis 9.4 Port Status Indication 9.4 Port Status Indication Select the Basics:System dialog. The device view shows the device with the current configuration. The symbols underneath the device view represent the status of the individual ports. Figure 53: Device View Meaning of the symbols: The port (10, 100 Mbit/s, 1, 10 Gbit/s) is enabled and the connection is OK.
-
Page 191: Event Counter At Port Level
Operation Diagnosis 9.5 Event Counter at Port Level 9.5 Event Counter at Port Level The port statistics table enables experienced network administrators to identify possible detected problems in the network. This table shows you the contents of various event counters. In the Restart menu item, you can reset all the event counters to zero using «Warm start», «Cold start»…
-
Page 192: Detecting Non-Matching Duplex Modes
Operation Diagnosis 9.5 Event Counter at Port Level Figure 54: Port Statistics dialog 9.5.1 Detecting Non-matching Duplex Modes If the duplex modes of 2 ports directly connected to each other do not match, this can cause problems that are difficult to track down. The automatic detection and reporting of this situation has the benefit of recognizing it before problems occur.
-
Page 193
Operation Diagnosis 9.5 Event Counter at Port Level The device allows you to detect this situation and report it to the network management station. In the process, the device evaluates the error counters of the port in the context of the port settings. Possible Causes of Port Error Events The following table lists the duplex operating modes for TX ports together with the possible error events. -
Page 194
Operation Diagnosis 9.5 Event Counter at Port Level Collisions, late collisions: In full-duplex mode, the port does not count collisions or late collisions. CRC error: The device only evaluates these errors as duplex problems in the manual full duplex mode. No. -
Page 195
Operation Diagnosis 9.5 Event Counter at Port Level Activates the detection and reporting of non- bridge duplex-mismatch-detect matching duplex modes. operation enable Deactivates the detection and reporting of non- bridge duplex-mismatch-detect matching duplex modes. operation disable Basic Configuration Release 6.0 07/2010… -
Page 196: Displaying The Sfp Status
Operation Diagnosis 9.6 Displaying the SFP Status 9.6 Displaying the SFP Status The SFP status display allows you to look at the current SFP module connections and their properties. The properties include: module type support provided in media module Temperature in ºC Tx Power in mW Receive power in mW Select the Diagnostics:Ports:SFP Modules dialog.
-
Page 197: Tp Cable Diagnosis
Operation Diagnosis 9.7 TP Cable Diagnosis 9.7 TP Cable Diagnosis The TP cable diagnosis allows you to check the connected cables for short- circuits or interruptions. Note: While the check is running, the data traffic at this port is suspended. The check takes a few seconds.
-
Page 198: Topology Discovery
Operation Diagnosis 9.8 Topology Discovery 9.8 Topology Discovery 9.8.1 Description of Topology Discovery IEEE 802.1AB describes the Link Layer Discovery Protocol (LLDP). LLDP enables the user to have automatic topology recognition for his LAN. A device with active LLDP sends its own connection and management information to neighboring devices of the shared LAN.
-
Page 199
To get around this, Hirschmann devices send and receive additional LLDP packets with the Hirschmann Multicast MAC address 01:80:63:2F:FF:0B. Hirschmann devices with the LLDP function are thus also able to exchange LLDP information with each other via devices that are not LLDP-capable. -
Page 200: Displaying The Topology Discovery Results
Operation Diagnosis 9.8 Topology Discovery 9.8.2 Displaying the Topology Discovery Results Select the Diagnostics:Topology Discovery dialog. Basic Configuration Release 6.0 07/2010…
-
Page 201
Operation Diagnosis 9.8 Topology Discovery This dialog allows you to switch on/off the topology discovery function (LLDP). The topology table shows you the collected information for neighboring devices. This information enables the network management station to map the structure of your network. The option «Show LLDP entries exclusively»… -
Page 202
Operation Diagnosis 9.8 Topology Discovery If several devices are connected to one port, for example via a hub, the table will contain one line for each connected device. devices with active topology discovery function and devices without active topology discovery function are connected to a port, the topology table hides the devices without active topology discovery. -
Page 203: Detecting Ip Address Conflicts
Operation Diagnosis 9.9 Detecting IP Address Conflicts 9.9 Detecting IP Address Conflicts 9.9.1 Description of IP Address Conflicts By definition, each IP address may only be assigned once within a subnetwork. Should two or more devices erroneously share the same IP address within one subnetwork, this will inevitably lead to communication disruptions with devices that have this IP address.
-
Page 204: Configuring Acd
Operation Diagnosis 9.9 Detecting IP Address Conflicts 9.9.2 Configuring ACD Select the Diagnostics:IP Address Conflict Detection dialog. With «Status» you enable/disable the IP address conflict detection or select the operating mode (see table 27). Basic Configuration Release 6.0 07/2010…
-
Page 205: Displaying Acd
Operation Diagnosis 9.9 Detecting IP Address Conflicts 9.9.3 Displaying ACD Select the Diagnostics:IP Address Conflict Detection dialog. In the table the device logs IP address conflicts with its IP address. For each conflict the device logs: the time the conflicting IP address the MAC address of the device with which the IP address conflicted.
-
Page 206: Detecting Loops
Operation Diagnosis 9.10 Detecting Loops 9.10 Detecting Loops Loops in the network, even temporary loops, can cause connection interruptions or data losses. The automatic detection and reporting of this situation allows you to detect it faster and diagnose it more easily. An incorrect configuration can cause a loop, for example, if you deactivate Spanning Tree.
-
Page 207: Reports
Operation Diagnosis 9.11 Reports 9.11 Reports The following reports and buttons are available for the diagnostics: Log file. The log file is an HTML file in which the device writes all the important device-internal events. System information. The system information is an HTML file containing all system-relevant data.
-
Page 208
Operation Diagnosis 9.11 Reports Click “Download Switch-Dump”. Select the directory in which you want to save the switch dump. Click “Save”. The device creates the file name of the switch dumps automatically in the format <IP address>_<system name>.zip, e.g. for a device of the type PowerMICE: “10.0.1.112_PowerMICE-517A80.zip”. -
Page 209: Monitoring Data Traffic At Ports (Port Mirroring)
Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring) 9.12 Monitoring Data Traffic at Ports (Port Mirroring) The port mirroring function enables you to review the data traffic at up to 8 ports of the device for diagnostic purposes. The device additionally forwards (mirrors) the data for these ports to another port.
-
Page 210
Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring) Select the Diagnostics:Port Mirroring dialog. This dialog allows you to configure and activate the port mirroring function of the device. Select the source ports whose data traffic you want to review from the list of physical ports by checkmarking the relevant boxes. -
Page 211
Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring) The “Reset configuration” button in the dialog allows you to reset all the port mirroring settings of the device to the state on delivery. Note: When port mirroring is active, the specified destination port is used solely for reviewing, and does not participate in the normal data traffic. -
Page 212: Syslog
Operation Diagnosis 9.13 Syslog 9.13 Syslog The device enables you to send messages about important device-internal events to up to 8 Syslog servers. Additionally, you can also include SNMP requests to the device as events in the syslog. Note: You will find the actual events that the device has logged in the “Event Log”…
-
Page 213
Operation Diagnosis 9.13 Syslog “SNMP Logging” frame: Activate “Log SNMP Get Request” if you want to send reading SNMP requests to the device as events to the syslog server. Select the level to report at which the device creates the events from reading SNMP requests. -
Page 214
Operation Diagnosis 9.13 Syslog Log SNMP SET requests : enabled Log SNMP SET severity : notice Log SNMP GET requests : enabled Log SNMP GET severity : notice Basic Configuration Release 6.0 07/2010… -
Page 215: Event Log
Operation Diagnosis 9.14 Event Log 9.14 Event Log The device allows you to call up a log of the system events. The table of the “Event Log” dialog lists the logged events with a time stamp. Click on “Load” to update the content of the event log. Click on “Delete”…
-
Page 216
Operation Diagnosis 9.14 Event Log Basic Configuration Release 6.0 07/2010… -
Page 217: A Setting Up The Configuration Environment
Setting up the Configuration Environment A Setting up the Configuration Environment Basic Configuration Release 6.0 07/2010…
-
Page 218
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment A.1 Setting up a DHCP/BOOTP Server On the CD-ROM supplied with the device you will find the software for a DHCP server from the software development company IT-Consulting Dr. Herbert Hanewinkel. You can test the software for 30 calendar days from the date of the first installation, and then decide whether you want to purchase a license. -
Page 219
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Enter the settings shown in the illustration and click OK. Figure 61: DHCP setting To enter the configuration profiles, select Options:Configuration Profiles in the menu bar. Enter the name of the new configuration profile and click Add. Figure 62: Adding configuration profiles Enter the network mask and click Accept. -
Page 220
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Figure 63: Network mask in the configuration profile Select the Boot tab page. Enter the IP address of your tftp server. Enter the path and the file name for the configuration file. Click Apply and then OK. -
Page 221
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Add a profile for each device type. If devices of the same type have different configurations, then you add a profile for each configuration. To complete the addition of the configuration profiles, click OK. Figure 65: Managing configuration profiles To enter the static addresses, click Static in the main window. -
Page 222
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Figure 67: Adding static addresses Enter the MAC address of the device. Enter the IP address of the device. Select the configuration profile of the device. Click Apply and then OK. Figure 68: Entries for static addresses Add an entry for each device that will get its parameters from the DHCP server. -
Page 223
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Figure 69: DHCP server with entries Basic Configuration Release 6.0 07/2010… -
Page 224
Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 A.2 Setting up a DHCP Server with Option 82 On the CD-ROM supplied with the device you will find the software for a DHCP server from the software development company IT-Consulting Dr. -
Page 225
Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 Figure 71: DHCP setting To enter the static addresses, click New. Figure 72: Adding static addresses Select Circuit Identifier and Remote Identifier. Basic Configuration Release 6.0 07/2010… -
Page 226
ID cl: length of the circuit ID hh: Hirschmann ID: 01 if a Hirschmann device is connected to the port, otherwise 00. vvvv: VLAN ID of the DHCP request (default: 0001 = VLAN 1) ss: socket of device at which the module with that port is located to which the device is connected. -
Page 227
Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 Figure 74: Entering the addresses Switch (Option 82) MAC = IP = 00:80:63:10:9a:d7 149.218.112.100 DHCP Server IP = 149.218.112.1 IP = 149.218.112.100 Figure 75: Application example of using Option 82 Basic Configuration Release 6.0 07/2010… -
Page 228
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3 TFTP Server for Software Updates On delivery, the device software is held in the local flash memory. The device boots the software from the flash memory. Software updates can be performed via a tftp server. This presupposes that a tftp server has been installed in the connected network and that it is active. -
Page 229
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3.1 Setting up the tftp Process General prerequisites: The local IP address of the device and the IP address of the tftp server or the gateway are known to the device. The TCP/IP stack with tftp is installed on tftp server. -
Page 230
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates You can obtain additional information about the tftpd daemon tftpd with the UNIX command «man tftpd». Note: The command «ps» does not always show the tftp daemon, although it is actually running. Special steps for HP workstations: During installation on an HP workstation, enter the user tftp in the /etc/passwd file. -
Page 231
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates Checking the tftp process Edit the file e t c i n e t d . c o n f Is tftp* commented out? Delete the comment character »#« from this line Re-initialize inetd.conf by entering k i l l — 1 P I D… -
Page 232
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3.2 Software Access Rights The agent needs read permission for the tftp directory on which the device software is stored. Example of a UNIX tftp Server Once the device software has been installed, the tftp server should have the following directory structure with the stated access rights: File name Access… -
Page 233
Setting up the Configuration A.4 Preparing Access via SSH Environment A.4 Preparing Access via SSH To be able to access the device via SSH, you will need: a key to install the key on the device to enable access via SSH on the device and a program for executing the SSH protocol on your computer. -
Page 234
Setting up the Configuration A.4 Preparing Access via SSH Environment Figure 77: PuTTY key generator The OpenSSH Suite offers experienced network administrators a further option for generating the key. To generate the key, enter the following command: ssh-keygen(.exe) -q -t rsa1 -f rsa1.key -C » -N » A.4.2 Uploading the SSH Host Key The Command Line Interface enables you to upload the SSH key to the device. -
Page 235
Setting up the Configuration A.4 Preparing Access via SSH Environment The device loads the key file to its non-volatile copy tftp://10.0.10.1/ memory. device/rsa1.key 10.0.10.1 represents the IP address of the nvram:sshkey-rsa1 tftp server. device represents the directory on the tftp server. rsa1.key represents the file name of the key. -
Page 236
Setting up the Configuration A.4 Preparing Access via SSH Environment Figure 78: Security alert prompt for the fingerprint Check the fingerprint to protect yourself from unwelcome guests. Your fingerprint is located in the “Key” frame of the PuTTY key generator (see fig. -
Page 237
Setting up the Configuration A.4 Preparing Access via SSH Environment The OpenSSH Suite offers experienced network administrators a further option to access your device via SSH. To set up the connection, enter the following command: ssh admin@10.0.112.53 -cdes admin represents the user name. 10.0.112.53 is the IP address of your device. -
Page 238
Setting up the Configuration A.4 Preparing Access via SSH Environment Basic Configuration Release 6.0 07/2010… -
Page 239: B General Information
General Information B General Information Basic Configuration Release 6.0 07/2010…
-
Page 240
General Information B.1 Management Information Base (MIB) B.1 Management Information Base (MIB) The Management Information Base (MIB) is designed in the form of an abstract tree structure. The branching points are the object classes. The «leaves» of the MIB are called generic object classes. -
Page 241
Lower (e.g. threshold value) Power supply Power supply System User interface Upper (e.g. threshold value) Vendor = manufacturer (Hirschmann) Definition of the syntax terms used: Integer An integer in the range -2 IP Address xxx.xxx.xxx.xxx (xxx = integer in the range 0-255) -
Page 242
16 vacm 7 udp 11 snmp 16 rmon 17 dot1dBridge 26 snmpDot3MauMGT Figure 80: Tree structure of the Hirschmann MIB A complete description of the MIB can be found on the CD-ROM included with the device. Basic Configuration Release 6.0 07/2010… -
Page 243
General Information B.2 Abbreviations used B.2 Abbreviations used AutoConfiguration Adapter Access Control List BOOTP Bootstrap Protocol Command Line Interface DHCP Dynamic Host Configuration Protocol Forwarding Database GARP General Attribute Registration Protocol GMRP GARP Multicast Registration Protocol HTTP Hypertext Transfer Protocol ICMP Internet Control Message Protocol IGMP… -
Page 244
General Information B.3 Technical Data B.3 Technical Data You will find the technical data in the document „Reference Manual Web- based Interface“. Basic Configuration Release 6.0 07/2010… -
Page 245
General Information B.4 Readers’ Comments B.4 Readers’ Comments What is your opinion of this manual? We are always striving to provide as comprehensive a description of our product as possible, as well as important information that will ensure trouble-free operation. Your comments and suggestions help us to further improve the quality of our documentation. -
Page 246
Date / Signature: Dear User, Please fill out and return this page as a fax to the number +49 (0)7127/14-1600 or by mail to Hirschmann Automation and Control GmbH Department AED Stuttgarter Str. 45-51 72654 Neckartenzlingen Basic Configuration Release 6.0 07/2010… -
Page 247: Index
Index C Index Configuration file 46, 55 39, 54, 65, 67, 180, 180, 180 Connection error Access Access right Access rights Data transfer parameter Access security Destination address 122, 122, 123, 134 Access with Web-based interface, password Destination address field Destination table Device Status 181, 181, 184…
-
Page 248
Index HaneWin 218, 224 Netmask 28, 34 Hardware address Network address Hardware reset Network Management HiDiscovery 36, 89, 89 Network Management Software HIPER-Ring Network topology HIPER-Ring (source for alarms) 100, 102 HiVision 10, 47 Host address Object classes Object description in-band Object ID Operating mode… -
Page 249
Index System Monitor 16, 16 Rate Limiter Settings 138, 139 System Name Read access System name Real time 97, 141 System time 101, 103 Reboot Receiver power status Receiving port TCP/IP stack Redundancy Technical questions Reference clock 98, 101, 106, 111 Telnet Relay contact Time difference… -
Page 250
Index Web-based Interface Web-based interface Web-based management Website Winter time Write access Basic Configuration Release 6.0 07/2010… -
Page 251: D Further Support
Further Support D Further Support Technical Questions and Training Courses In the event of technical queries, please contact your local Hirschmann distributor or Hirschmann office. You can find the addresses of our distributors on the Internet: www.hirschmann-ac.com. Our support line is also at your disposal: Tel.
-
Page 253
User Manual Installation Industrial ETHERNET Workgroup Switch MACH 100 Family MACH 102-8TP-F MACH 102-24TP-F MACH 102-8TP + M1-8TP-RJ45 + M1-8MM-SXC MACH 102-8TP + M1-8SM-SXC + M1-8SFP MACH 100 Technical Support Release 07/09 HAC-Support@hirschmann.de… -
Page 254
In addition, we refer to the conditions of use specified in the license contract. You can get the latest version of this manual on the Internet at the Hirschmann product site (www.hirschmann-ac.de). Printed in Germany Hirschmann Automation and Control GmbH Stuttgarter Str. -
Page 255
Content Safety instructions About this manual Legend Device description Description of the device variants 1.1.1 MACH 100 basic device 1.1.2 MACH 100 media modules 1.1.3 SFP modules Assembly and start-up Installing the device 2.1.1 Unpacking and checking 2.1.2 Installing the media modules 2.1.3 Installing the SFP modules 2.1.4 Signal contact „FAULT“… -
Page 256
MACH 100 Release 07/09… -
Page 257: Safety Instructions
Safety instructions This documentation contains instructions which must be observed to ensure your own personal safety and to avoid damage to devices and machinery. Certified usage Please observe the following: The device may only be employed for the purposes described in the catalog and technical description, and only in conjunction with external devices and components recommended or approved by the manufacturer.
-
Page 258
Beware of possible short circuits when connecting a cable section with conductive shielding braiding. Housing Only technicians authorized by Hirschmann are permitted to open the housing. The device is grounded via the voltage supply socket. Make sure that the electrical installation meets local or nationally ap- plicable safety regulations. -
Page 259: General Safety Instructions
Qualification requirements for personnel Qualified personnel as understood in this manual and the warning signs, are persons who are familiar with the setup, assembly, startup, and oper- ation of this product and are appropriately qualified for their job. This in- cludes, for example, those persons who have been: trained or directed or authorized to switch on and off, to ground and to label power circuits and devices or systems in accordance with current…
-
Page 260
In accordance with the above-named EU directives, the EU conformity declaration will be at the disposal of the relevant authorities at the follow- ing address: Hirschmann Automation and Control GmbH Stuttgarter Strasse 45-51 72654 Neckartenzlingen Tel.: +49 1805 141538 The product can be used in living areas (living area, place of business, small business) and in industrial areas. -
Page 261
Interference immunity: EN 61000-6-2:2005 Emitted interference: EN 55022:2006 Class A Warning This is a class A device. This device can cause interference in living areas, and in this case the operator may be required to take appropriate measures. The assembly guidelines provided in these instructions must be strictly adhered to in order to observe the EMC threshold values. -
Page 262: Legend
About this manual The following manuals are included as PDF files on the enclosed CD ROM: User manual „Installation“ User manual “Basic configuration” User manual “Redundancy configuration” Reference manual “Web-based Interface” and Reference manual “Command Line Interface” The Network Management Software HiVision/Industrial HiVision provides you with additional options for smooth configuration and monitoring: Configuration of multiple devices simultaneously.
-
Page 263: Device Description
Device description The MACH100 devices are managed Workgroup switches with up to 24 Fast Ethernet and 2 Gigabit Ethernet ports. They consist of a basic device and — depending on the device variant — up to 2 pluggable media modules. They al- low you to construct switched industrial ETHERNET networks that conform to the IEEE 802.3 and 802.3u standards using copper wires or optical fibers in a bus or ring topology.
-
Page 264: Description Of The Device Variants
802.1x port authentication Real Time Clock The addition, to the MACH 100 family, of the MICE and RS20/RS30/RS40 open rail family switches, the MACH 3000 and MACH 4000 family of back- bone switches, the BAT wireless transmission system, the EAGLE security system, and products for the RSR20/RSR30 and MACH 1000 substation ar- eas, provides continuous communication across all levels of the company.
-
Page 265
Voltage range: 100 — 240 V AC Temperature range: 0°C to +50 °C Certifications /declarations: CE, cUL508 (pending), cUL60950-1 (pending) Software variant: Professional The devices comply with the specifications of the ISO/IEC standards 8802-3u 100BASE-TX/-1000BASE-T, 8802-3 100BASE-FX and 8802-3 1000BASE-SX/LX. The MACH 100 basic device contains all the function modules, such as: switch function, management function, redundancy function, voltage connec- tion, management connection, slots for media modules (depending on the… -
Page 266
1.1 1.1 2.5 2.7 V.24 StandBy R1 R2 FAULT MACH 1000 1.2 1.2 2.2 2.4 2.6 2.8 Figure 1: Overview of interfaces and display and control elements in the MACH 102-8TP and MACH 102-8TP-R 1 — MACH 100 device 2- LED display elements 3 — Signal contact 4 — USB interface 5 — V.24 access for external management… -
Page 267
1.1 1.1 2.5 2.7 V.24 StandBy R1 R2 FAULT MACH 1000 1.2 1.2 2.2 2.4 2.6 2.8 Figure 2: Overview of interfaces and display and control elements in the MACH 102-8TP-F and MACH 102-8TP-FR 1 — MACH 100 device 2- LED display elements 3 — Signal contact 4 — USB interface 5 — V.24 access for external management… -
Page 268: Mach 100 Media Modules
Gigabit ETHERNET Fast ETHERNET GE ports 1.1 and 1.2 (combo ports) FE ports 2.1 to 2.8, 3.1 to 3.8, 4.1 to 4.8 100/1000 Mbit/s fiber optic, SFP slots 24 * twisted pair TX, RJ45, 10/100 Mbit/s Alternatively connectable: 10/100/1000 Mbit/s twisted pair, RJ45 connectors 1.1.2 MACH 100 media modules…
-
Page 269
Specific functions of fiber optic interface Link Down monitoring MACH 100 media modules TP ports Fiber optic Fiber optic SFP ports 10/100 Mbit/s ports ports Multimode Module type Multimode Singlemode Singlemode 100 Mbit/s 100 Mbit/s Longhaul 100 Mbit/s M1-8TP-RJ45 8, RJ45 –… -
Page 270: Sfp Modules
IEEE 802.3u 100BASE-FX Multimode/Singlemode/Longhaul standard. The optical ports are configured in 100 Mbit/s Fullduplex (FDX) and support FEFI. They are designed as SFP slots for the Hirschmann SFP module types M-FAST SFP-… (see page „Accessories“).
-
Page 271
0.55 km M-SFP-LX/LC 1330 nm Multimode 0.55 km 1330 nm Singlemode 20 km M-SFP-LH/LC Longhaul 8-72 km M-SFP-LH+/LC Longhaul + 60-120 km Table 2: SFP modules Note: Only use Hirschmann SFP modules (see page 38 „Accessories“). MACH 100 Release 07/09… -
Page 272: Assembly And Start-Up
Assembly and start-up The devices have been developed for practical application in a harsh indus- trial environment. The installation process is correspondingly simple. On delivery, the device is ready for operation. The following procedure has been proven to be successful for the assembly of the device: Unpacking and checking Installing the media modules…
-
Page 273: Installing The Sfp Modules
To attach an SFP module, first remove the protective cap over the socket. Push the SFP module with the lock closed into the socket until it latches audibly in place. Note: Only use Hirschmann SFP modules (see page 38 „Accessories“).
-
Page 274: Signal Contact „Fault
Figure 11: Installing an SFP module 2.1.4 Signal contact „FAULT“ Figure 12: MACH 100 device, front view 1 — Signal contact The signal contacts are connected via a 2-pin terminal block with screw locking. The signal contact (“FAULT”, for pin assignment see fig.
-
Page 275: Dimension Drawings
FAULT Figure 13: 2-pin terminal block Note: Please note the electrical ratings for the signal contact (see on page 35 „General technical data“). Note: Relevant for North America: The tightening torque of the terminal block screws is 0,34 Nm (3 lb in). Mount the terminal block for the signal contact on the front of the device using the screw locking.
-
Page 276: Installing The Device And Grounding
2.1.6 Installing the device and grounding The device can be mounted on a flat surface, in a 19″ standard switch cabinet, or on the wall. Consider the following criteria when selecting the location for mounting your device: The installation location should be close to a power outlet. The climatic threshold values listed in the technical data must be adhered The ventilation slits must not be covered so as to ensure free air circula- tion.
-
Page 277
Warning If the device is installed in a 19″ switch cabinet without sliding/ mounting rails, increased vibration can cause damage to the de- vice and/or its modules. For more information on sliding/mounting rails and how to install them, please contact your switch cabinet manufacturer. Install the sliding/mounting rails in the 19″… -
Page 278
Warning When installing the device, make sure the ventilation slots re- main unobstructed, as otherwise the device can overheat and be damaged. Note: When operating the device in environments with strong vibrations, the device can be fastened with two additional brackets at the back of the switch cabinet (see on page 38 „Accessories“), not included in the deliv-… -
Page 279: Supply Voltage
Grounding The device is grounded via the voltage supply socket ((see fig. 17) (see fig. 18)). 2.1.7 Supply voltage The input voltage range of the MACH 100 basic devices is designed as 100 — 240 VAC. The power supply for the MACH 102-8TP-R, MACH 102-8TP-FR and MACH 102-24TP-FR devices is designed as redundant.
-
Page 280: Startup Procedure
Figure 18: Connections for the MACH 102-8TP-R, MACH 102-8TP-FR and MACH 102-24TP-FR on the back of the device 1 — MACH 102-8TP-R, MACH 102-8TP-FR or MACH 102-24TP-FR device 2 — Redundant power supply 100 — 240 V AC 3 — Standard power supply 100 — 240 V AC Note: With non-redundant supply of the main voltage, the device reports a loss of power.
-
Page 281
n.c. n.c. n.c. Figure 19: Pin assignment of a TP/TX interface in MDI-X mode, RJ45 socket 10/100/1000 Mbit/s twisted pair connection 1000 Mbit/s twisted pair ports (RJ45 sockets) facilitate the connection of terminal devices or independent network segments according to the IEEE 802.3-2000 (ISO/IEC 8802-3:2000) 1000BASE-TX standard. -
Page 282: Display Elements
Power supply and data cables should not run parallel over longer distances, and ideally they should be installed in separate cable channels. If the inductive coupling has to be reduced, the power supply and data cables should cross at a 90° angle. You may also choose to use shielded cables.
-
Page 283
V.24 StandBy R1 R2 FAULT MACH 1000 Figure 21: MACH 100 display elements 1 — Displays for device state 2 — Displays for port state 3 — Displays for port state, media module 1 4 — Displays for port state, media module 2 Device state These LEDs provide information about conditions which affect the opera- tion of the whole device. -
Page 284: Making Basic Settings
Port state These LEDs display port-related information. LS — data, link status (one green/yellow LED or one green and one yellow LED) Not glowing No valid connection. Glowing green Valid connection. Flashing green (1 time a period) Port is switched to stand-by. Flashing green (3 times a peri- Port is switched off.
-
Page 285: Usb Interface
USB interface The USB socket has an interface for the local connection of an AutoCon- figuration Adapter (part number ACA 21-USB see on page 38 „Accesso- ries“). It is used for saving/loading the configuration and for loading the software. Figure Function VCC (VBus) — Data…
-
Page 286: Disassembly
Note: You will find the order number for the terminal cable, which is or- dered separately, in the Technical Data chapter (see on page 35 „Tech- nical data“). Disassembly Disassembling the device To detach the device from the switch cabinet or the wall, remove the screws from the brackets on the device.
-
Page 287: Technical Data
Technical data General technical data Dimensions MACH 102-… 448 mm x 310 mm x 44 mm (without brackets) W x H x D Weight of devices MACH102- 3.60 kg 8TPMACH102-8TP- 3.85 kg RMACH102-8TP- 3.60 kg FMACH102-8TP- 3.85 kg FRMACH102-24TP- 3.85 kg FMACH102-24TP-FR 4.10 kg Weight of…
-
Page 288
EMC interference immunity EN 61000-4-5 Voltage surges — Power line, line/line: 1 kV — Power line, line/earth 2 kV — Data line 4 kV EN 61000-4-6 Line-conducted interference voltages 150 kHz — 80 MHz 10 V EMC emitted inter- ference EN 55022 Class A FCC 47 CFR Part 15 Class A… -
Page 289
MM = Multimode, SM = Singlemode, LH = Singlemode Longhaul Power consumption/power output, temperature range and order numbers MACH 100 Description Family Basic devices MACH102-8TP Basic device MACH 100 family with 2 x Gigabit ETHERNET combo port, 8 x Fast ETHERNET TX, 2 sockets for media modules for up to 16 additional ports MACH102-8TP-R Basic device MACH 100 family with 2 x Gigabit ETHERNET combo port,… -
Page 290: Scope Of Delivery
Interfaces Basic devices MACH102-8TP, V.24 port: external management MACH102-8TP-R, 1 terminal block, 2-pin: each 1 x signal contact, max. 1 A, 24 V MACH102-8TP-F, USB: ACA 21-USB MACH102-8TP-FR, MACH102-24TP-F or MACH102-24TP-FR MACH102-8TP or MACH102- — 2 combo ports (alternatively 100/1000 Mbit/s optical SFP 8TP-R slot or 1000/100/10 Mbit/s RJ45 socket) — 8 x 10/100 Mbit/s twisted pair, RJ45 socket…
-
Page 291
Name Order number M-SFP-SX/LC 943 014-001 M-SFP-LX/LC 943 015-001 M-SFP-LH/LC 943 042-001 M-SFP-LH+/LC 943 049-001 Pocket Guide 280 710-851 AutoConfiguration Adapter ACA 21-USB 943 271-001 Terminal cable 943 301-001 2-pin terminal block (50 units) 943 845-010 Bracket for fastening the housing 943 943-001 HiVision Network Management software 943 471-100… -
Page 292
Table 10: List of IEEE standards Certifications The following table shows the status of the certification of the equipment. Standard cUL 508 / CSA C22.2 No.142 pending cUL 60950-1 pending Table 11: Certifications — for the current status, visit www.hirschmann.com MACH 100 Release 07/09… -
Page 293: Weitere Unterstützung
Weitere Unterstützung Technische Fragen und Schulungsangebote Bei technischen Fragen wenden Sie sich bitte an den Hirschmann Vertragspartner in Ihrer Nähe oder direkt an Hirschmann. Die Adressen unserer Vertragspartner finden Sie im Internet unter www.hirschmann-ac.com. Darüber hinaus steht Ihnen unsere Hotline zur Verfügung:…
Hirschmann RS20 Network Router PDF User Guides and Manuals for Free Download: Found (24) Manuals for Hirschmann RS20 Device Model (Programming Manual, Operation & User’s Manual)
More Switch Device Models:
-
HK Instruments
DPI Series
Copyright HK Instruments 2019 www.hkinstruments. Installaon version 7.0 2019INSTALLATIONINSTRUCTIONSDIFFERENTIAL PRESSURE SWITCHES DPI Series• READ THESE INSTRUCTIONS CAREFULLY BEFORE ATTEMPTING TO INSTALL, OPERATE OR SERVICE THIS DEVICE.• Failuretoobservesafetyinformaonandcomplywi …
DPI Series Relays, 4
-
NEC
EXPRESS5800 N8403-019
()■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■User’s GuideEXPRESS580 …
EXPRESS5800 N8403-019 Server, 182
-
ABB
SACE Emax 2
SACE Emax 2 — Tmax XTXT7 — XT7M — E1.2-E2.2-E4.2-E6.2Ekip T&P — XT2 — XT4 — XT7 — XT7M — E1.2 — E2.2 — E4.2 — E6.212E2.2E4.2E6.2OKOK12 XT72 1E1.2XT7MDoc. N.° 1SDH001000R0517 — ECN000084121 — Rev. BA BXT2XT4 …
SACE Emax 2 Circuit breakers, 4
-
Smart view
IC-712-IAUR
KVM SWITCH (IC-712-IAUR) (IC-714-IAUR) USER MANUAL V1.0 IC-712-IAUR IC-714-IAUR Package Contents – 1 Smart View IC-712-IAUR or IC-714-IAUR KVM Switch 1 User Manual Please contact your vendor if anything is missed. Features Controls PCs with one USB keyboard, USB mouse a …
IC-712-IAUR Switch, 2
Recommended Documentation:
-
Contents
-
Table of Contents
-
Bookmarks
Quick Links
User Manual
Basic Configuration
Industrial ETHERNET (Gigabit) Switch
RS20/RS30/RS40, MS20/MS30, OCTOPUS, PowerMICE,
RSR20/RSR30, MACH 100, MACH 1000, MACH 4000
Basic Configuration
Technical Support
Release 6.0 07/2010
HAC.Support@Belden.com
Related Manuals for Hirschmann RS20
Summary of Contents for Hirschmann RS20
-
Page 1
User Manual Basic Configuration Industrial ETHERNET (Gigabit) Switch RS20/RS30/RS40, MS20/MS30, OCTOPUS, PowerMICE, RSR20/RSR30, MACH 100, MACH 1000, MACH 4000 Basic Configuration Technical Support Release 6.0 07/2010 HAC.Support@Belden.com… -
Page 2
In addition, we refer to the conditions of use specified in the license contract. You can get the latest version of this manual on the Internet at the Hirschmann product site (www.hirschmann-ac.de). Printed in Germany Hirschmann Automation and Control GmbH Stuttgarter Str. -
Page 3: Table Of Contents
Contents Contents About this Manual Introduction Access to the user interfaces System Monitor Command Line Interface Web-based Interface Entering the IP Parameters IP Parameter Basics 2.1.1 IP address (version 4) 2.1.2 Netmask 2.1.3 Classless Inter-Domain Routing Entering IP parameters via CLI Entering the IP Parameters via HiDiscovery Loading the system configuration from the ACA System configuration via BOOTP…
-
Page 4
Contents 3.2.2 Saving to a file on URL 3.2.3 Saving to a binary file on the PC 3.2.4 Saving as a script on the PC Loading Software Updates Loading the Software manually from the ACA 4.1.1 Selecting the software to be loaded 4.1.2 Starting the software 4.1.3 Performing a cold start Automatic software update by ACA… -
Page 5
8.2.6 Setting GMRP Rate Limiter 8.3.1 Description of the Rate Limiter 8.3.2 Rate Limiter Settings (PowerMICE and MACH 4000) 8.3.3 Rate Limiter settings for RS20/RS30/40, MS20/MS30, RSR20/RSR30, MACH 100, MACH 1000 and OCTOPUS QoS/Priority 8.4.1 Description of Prioritization 8.4.2 VLAN tagging 8.4.3 IP ToS / DiffServ… -
Page 6
Contents 8.6.1 VLAN Description 8.6.2 Examples of VLANs Operation Diagnosis Sending Traps 9.1.1 List of SNMP Traps 9.1.2 SNMP Traps during Boot 9.1.3 Configuring Traps Monitoring the Device Status 9.2.1 Configuring the Device Status 9.2.2 Displaying the Device Status Out-of-band Signaling 9.3.1 Controlling the Signal Contact 9.3.2 Monitoring the Device Status via the Signal Contact 9.3.3 Monitoring the Device Functions via the Signal… -
Page 7
Contents 9.14 Event Log Setting up the Configuration Environment General Information Index Further Support Basic Configuration Release 6.0 07/2010… -
Page 8
Contents Basic Configuration Release 6.0 07/2010… -
Page 9: About This Manual
About this Manual About this Manual The “Basic Configuration” user manual contains the information you need to start operating the device. It takes you step by step from the first startup operation through to the basic settings for operation in your environment. The following thematic sequence has proven itself in practice: Set up device access for operation by entering the IP parameters Check the status of the software and update it if necessary…
-
Page 10
About this Manual The «Command Line Interface» reference manual contains detailed information on using the Command Line Interface to operate the individual functions of the device. The Network Management Software HiVision/Industrial HiVision provides you with additional options for smooth configuration and monitoring: Configuration of multiple devices simultaneously. -
Page 11: Key
The designations used in this manual have the following meanings: List Work step Subheading Link Indicates a cross-reference with a stored link Note: A note emphasizes an important fact or draws your attention to a dependency. ASCII representation in user interface Courier Execution in the Web-based Interface user interface Execution in the Command Line Interface user interface…
-
Page 12
Bridge A random computer Configuration Computer Server PLC — Programmable logic controller I/O — Robot Basic Configuration Release 6.0 07/2010… -
Page 13: Introduction
Introduction Introduction The device has been developed for practical application in a harsh industrial environment. Accordingly, the installation process has been kept simple. Thanks to the selected default settings, you only have to enter a few settings before starting to operate the device. Note: The changes you make in the dialogs are copied into the volatile memory of the device when you click on «Set».
-
Page 14
Introduction Basic Configuration Release 6.0 07/2010… -
Page 15: Access To The User Interfaces
Access to the user interfaces 1 Access to the user interfaces The device has 3 user interfaces, which you can access via different interfaces: System monitor via the V.24 interface (out-of-band) Command Line Interface (CLI) via the V.24 connection (out-of-band) as well as Telnet or SSH (in-band) Web-based interface via Ethernet (in-band).
-
Page 16: System Monitor
Access to the user interfaces 1.1 System Monitor 1.1 System Monitor The system monitor enables you to select the software to be loaded perform a software update start the selected software shut down the system monitor delete the configuration saved and display the boot code information.
-
Page 17
Access to the user interfaces 1.1 System Monitor < Device Name (Boot) Release: 1.00 Build: 2005-09-17 15:36 > Press <1> to enter System Monitor 1 … Figure 1: Screen display during the boot process Press the <1> key within one second to start system monitor 1. System Monitor (Selected OS: L3P-01.0.00-K16 (2005-10-31 19:32)) Select Boot Operating System… -
Page 18: Command Line Interface
Access to the user interfaces 1.2 Command Line Interface 1.2 Command Line Interface The Command Line Interface enables you to use the functions of the device via a local or remote connection. The Command Line Interface provides IT specialists with a familiar environment for configuring IT devices.
-
Page 19
Access to the user interfaces 1.2 Command Line Interface Copyright (c) 2004-2009 Hirschmann Automation and Control GmbH All rights reserved PowerMICE Release L3P-05.1.00 (Build date 2009-10-11 12:13) System Name: PowerMICE Mgmt-IP 10.0.1.105 1.Router-IP: 0.0.0.0 Base-MAC 00:80:63:51:74:00 System Time: 2009-10-11 13:14:15… -
Page 20
NOTE: Enter ‘?’ for Command Help. Command help displays all options that are valid for the ‘normal’ and ‘no’ command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann Product) > Figure 4: CLI screen after login Basic Configuration Release 6.0 07/2010… -
Page 21: Web-Based Interface
Access to the user interfaces 1.3 Web-based Interface 1.3 Web-based Interface The user-friendly Web-based interface gives you the option of operating the device from any location in the network via a standard browser such as Mozilla Firefox or Microsoft Internet Explorer. As a universal access tool, the Web browser uses an applet which communicates with the device via the Simple Network Management Protocol (SNMP).
-
Page 22
Access to the user interfaces 1.3 Web-based Interface Start your Web browser. Check that you have activated JavaScript and Java in your browser settings. Establish the connection by entering the IP address of the device which you want to administer via the Web-based management in the address field of the Web browser. -
Page 23
Access to the user interfaces 1.3 Web-based Interface The website of the device appears on the screen. Note: The changes you make in the dialogs are copied to the device when you click «Set». Click «Reload» to update the display. Note: You can block your access to the device by entering an incorrect configuration. -
Page 24
Access to the user interfaces 1.3 Web-based Interface Basic Configuration Release 6.0 07/2010… -
Page 25: Entering The Ip Parameters
Entering the IP Parameters 2 Entering the IP Parameters The IP parameters must be entered when the device is installed for the first time. The device provides 7 options for entering the IP parameters during the first installation: Entry using the Command Line Interface (CLI). You choose this “out of band”…
-
Page 26
Entering the IP Parameters Using DHCP Option 82. You choose this “in-band” method if you want to configure the installed device using DHCP Option 82. You need a DHCP server with Option 82 for this. The DHCP server assigns the configuration data to the device using its physical connection (see page 49 “System Configuration via DHCP Option… -
Page 27: Ip Parameter Basics
Entering the IP Parameters 2.1 IP Parameter Basics 2.1 IP Parameter Basics 2.1.1 IP address (version 4) The IP addresses consist of 4 bytes. These 4 bytes are written in decimal notation, separated by a decimal point. Since 1992, five classes of IP address have been defined in the RFC 1340. Class Network Host address…
-
Page 28: Netmask
Entering the IP Parameters 2.1 IP Parameter Basics Net ID — 7 bits Host ID — 24 bits Class A Net ID — 14 bits Host ID — 16 bits Class B Net ID — 21 bits Host ID — 8 bit s Class C Multicast Group ID — 28 bits Class D…
-
Page 29
Entering the IP Parameters 2.1 IP Parameter Basics Example of a netmask: Decimal notation 255.255.192.0 Binary notation 11111111.11111111.11000000.00000000 Subnetwork mask bits Class B Example of IP addresses with subnetwork assignment when the above subnet mask is applied: Decimal notation 129.218.65.17 128 <… -
Page 30
Entering the IP Parameters 2.1 IP Parameter Basics Example of how the network mask is used In a large network it is possible that gateways and routers separate the management agent from its management station. How does addressing work in such a case? Romeo Juliet Lorenzo… -
Page 31: Classless Inter-Domain Routing
Entering the IP Parameters 2.1 IP Parameter Basics Lorenzo receives the letter and removes the outer envelope. From the inner envelope he recognizes that the letter is meant for Juliet. He places the inner envelope in a new outer envelope and searches his address list (the ARP table) for Juliet’s MAC address.
-
Page 32
Entering the IP Parameters 2.1 IP Parameter Basics Since 1993, RFC 1519 has been using Classless Inter Domain Routing (CIDR) to provide a solution to get around these problems. CIDR overcomes these class boundaries and supports classless address ranges. With CIDR, you enter the number of bits that designate the IP address range. You represent the IP address range in binary form and count the mask bits that designate the netmask. -
Page 33: Entering Ip Parameters Via Cli
Entering the IP Parameters 2.2 Entering IP parameters via CLI 2.2 Entering IP parameters via If you do not configure the system via BOOTP/DHCP, DHCP Option 82, the HiDiscovery protocol or the AutoConfiguration AdapterACA, then you perform the configuration via the V.24 interface using the CLI. Entering IP addresses Connect the PC with terminal program started to the RJ11 socket…
-
Page 34
NOTE: Enter ‘?’ for Command Help. Command help displays all options that are valid for the ‘normal’ and ‘no’ command forms. the syntax of a particular command form, please consult the documentation. (Hirschmann PowerMICE) > Deactivate DHCP. Enter the IP parameters. Local IP address On delivery, the device has the local IP address 0.0.0.0. -
Page 35
Entering the IP Parameters 2.2 Entering IP parameters via CLI Switch to the Privileged EXEC mode. enable Deactivate DHCP. network protocol none Assign the device the IP address 10.0.1.23 and network parms 10.0.1.23 the netmask 255.255.255.0. You have the option 255.255.255.0 of also assigning a gateway address. -
Page 36: Entering The Ip Parameters Via Hidiscovery
Entering the IP Parameters 2.3 Entering the IP Parameters via Hi- Discovery 2.3 Entering the IP Parameters via HiDiscovery The HiDiscovery protocol enables you to assign IP parameters to the device via the Ethernet. You can easily configure other parameters via the Web-based interface (see the «Web-based Interface»…
-
Page 37
Entering the IP Parameters 2.3 Entering the IP Parameters via Hi- Discovery Figure 10: HiDiscovery When HiDiscovery is started, it automatically searches the network for those devices which support the HiDiscovery protocol. HiDiscovery uses the first PC network card found. If your computer has several network cards, you can select these in HiDiscovery on the toolbar. -
Page 38
Entering the IP Parameters 2.3 Entering the IP Parameters via Hi- Discovery Figure 11: HiDiscovery — assigning IP parameters Note: When the IP address is entered, the device copies the local configuration settings (see on page 53 “Loading/saving settings“). Note: For security reasons, switch off the HiDiscovery function for the device in the Web-based interface, after you have assigned the IP parameters to the device (see on page 50 “Web-based IP… -
Page 39: Loading The System Configuration From The Aca
Entering the IP Parameters 2.4 Loading the system configuration from the ACA 2.4 Loading the system configuration from the ACA The AutoConfiguration Adapter (ACA) is a device for storing the configuration data of a device and storing the device software. In the case of a device becoming inoperative, the ACA makes it possible to easily transfer the configuration data by means of a substitute device of the same type.
-
Page 40
Entering the IP Parameters 2.4 Loading the system configuration from the ACA Figure 12: Flow chart of loading configuration dats from the ACA 1 – Device start-up 2 – ACA plugged-in? 3 – Password in device and ACA identical? 3a – Default password in device? 4 –… -
Page 41: System Configuration Via Bootp
Entering the IP Parameters 2.5 System configuration via BOOTP 2.5 System configuration via BOOTP When it is started up via BOOTP (bootstrap protocol), a device receives its configuration data in accordance with the “BOOTP process” flow chart (see fig. 13). Note: In its delivery state, the device gets its configuration data from the DHCP server.
-
Page 42
Entering the IP Parameters 2.5 System configuration via BOOTP switch_01:ht=ethernet:ha=008063086501:ip=10.1.112.83:tc=.global: switch_02:ht=ethernet:ha=008063086502:ip=10.1.112.84:tc=.global: Lines that start with a ‘#’ character are comment lines. The lines under “.global:” make the configuration of several devices easier. With the template (tc) you allocate the global configuration data (tc=.global:) to each device . -
Page 43
Entering the IP Parameters 2.5 System configuration via BOOTP Start-up Load default configuration Device in initalization Device runs with settings from local flash Send DHCP DHCP/ BOOTP BOOTP? Requests Reply from Save IP parameter DHCP/BOOTP and config file URL server? locally initialize IP stack with IP parameters… -
Page 44
Entering the IP Parameters 2.5 System configuration via BOOTP Load remote Start tftp process configuration from with config URL of DHCP? file URL of DHCP tftp successful? Load transferred config file Save transferred config file local and set boot configuration to local Loading of configurations data… -
Page 45
Entering the IP Parameters 2.5 System configuration via BOOTP Note: The loading process started by DHCP/BOOTP (see on page 218 “Setting up a DHCP/BOOTP Server“) shows the selection of «from URL & save locally» in the «Load» frame. If you get an error message when saving a configuration, this could be due to an active loading process. -
Page 46: System Configuration Via Dhcp
Entering the IP Parameters 2.6 System Configuration via DHCP 2.6 System Configuration via DHCP The DHCP (Dynamic Host Configuration Protocol) is a further development of BOOTP, which it has replaced. The DHCP additionally allows the configuration of a DHCP client via a name instead of via the MAC address. For the DHCP, this name is known as the “client identifier”…
-
Page 47
Entering the IP Parameters 2.6 System Configuration via DHCP Option Meaning Subnet Mask Time Offset Router Time server Host Name Client Identifier TFTP Server Name Bootfile Name Table 3: DHCP options which the device requests The advantage of using DHCP instead of BOOTP is that the DHCP server can restrict the validity of the configuration parameters (“Lease”) to a specific time period (known as dynamic address allocation). -
Page 48
Entering the IP Parameters 2.6 System Configuration via DHCP Example of a DHCP configuration file: # /etc/dhcpd.conf for DHCP Daemon subnet 10.1.112.0 netmask 255.255.240.0 { option subnet-mask 255.255.240.0; option routers 10.1.112.96; # Host berta requests IP configuration # with her MAC address host berta { hardware ethernet 00:80:63:08:65:42;… -
Page 49: System Configuration Via Dhcp Option
Entering the IP Parameters 2.7 System Configuration via DHCP Option 82 2.7 System Configuration via DHCP Option 82 As with the classic DHCP, on startup an agent receives its configuration data according to the “BOOTP/DHCP process” flow chart (see fig. 13).
-
Page 50: Web-Based Ip Configuration
Entering the IP Parameters 2.8 Web-based IP Configuration 2.8 Web-based IP Configuration With the Basic Settings:Network dialog you define the source from which the device gets its IP parameters after starting, and you assign the IP parameters and VLAN ID and configure the HiDiscovery access. Figure 16: Network Parameters Dialog Under “Mode”, you enter where the device gets its IP parameters: In the BOOTP mode, the configuration is via a BOOTP or DHCP…
-
Page 51
Entering the IP Parameters 2.8 Web-based IP Configuration Enter the parameters on the right according to the selected mode. You enter the name applicable to the DHCP protocol in the “Name” line in the system dialog of the Web-based interface. The “VLAN”… -
Page 52: Faulty Device Replacement
Entering the IP Parameters 2.9 Faulty Device Replacement 2.9 Faulty Device Replacement The device provides 2 plug-and-play solutions for replacing a faulty device with a device of the same type (faulty device replacement): Configuring the new device using an AutoConfiguration Adapter(see on page 39 “Loading the system configuration from the ACA“) configuration via DHCP Option 82…
-
Page 53: Loading/Saving Settings
Loading/saving settings 3 Loading/saving settings The device saves settings such as the IP parameters and the port configuration in the temporary memory. These settings are lost when you switch off orreboot the device. The device enables you to load settings from a non-volatile memory into the temporary memory save settings from the temporary memory in a non-volatile memory.
-
Page 54: Loading Settings
Loading/saving settings 3.1 Loading settings 3.1 Loading settings When it is restarted, the device loads its configuration data from the local non-volatile memory, provided you have not activated BOOTP/DHCP and no ACA is connected to the device. During operation, the device allows you to load settings from the following sources: the local non-volatile memory from the AutoConfiguration Adapter.
-
Page 55: Loading From The Local Non-Volatile Memory
Loading/saving settings 3.1 Loading settings 3.1.1 Loading from the local non-volatile memory When loading the configuration data locally, the device loads the configuration data from the local non-volatile memory if no ACA is connected to the device. Select the Basics: Load/Save dialog. In the «Load»…
-
Page 56: Loading From A File
Loading/saving settings 3.1 Loading settings 3.1.3 Loading from a file The device allows you to load the configuration data from a file in the connected network if there is no AutoConfiguration Adapter connected to the device. Select the Basics: Load/Save dialog. In the «Load»…
-
Page 57
Loading/saving settings 3.1 Loading settings Figure 17: Load/Save dialog Switch to the Privileged EXEC mode. enable The device loads the configuration data from a copy tftp://10.1.112.159/ tftp server in the connected network. switch/config.dat nvram:startup-config Note: The loading process started by DHCP/BOOTP (see on page 41 “System configuration via BOOTP“) shows the selection of «from URL &… -
Page 58: Resetting The Configuration To The State On Delivery
Loading/saving settings 3.1 Loading settings 3.1.4 Resetting the configuration to the state on delivery The device enables you to reset the current configuration to the state on delivery. The locally saved configuration is kept. reset the device to the state on delivery. After the next restart, the IP address is also in the state on delivery.
-
Page 59: Saving Settings
Loading/saving settings 3.2 Saving settings 3.2 Saving settings In the «Save» frame, you have the option to save the current configuration on the device save the current configuration in binary form in a file under the specified URL, or as an editable and readable script save the current configuration in binary form or as an editable and readable script on the PC.
-
Page 60: Saving To A File On Url
Loading/saving settings 3.2 Saving settings Note: After you have successfully saved the configuration on the device, the device sends an alarm (trap) hmConfigurationSavedTrap together with the information about the AutoConfiguration Adapter (ACA), if one is connected. When you change the configuration for the first time after saving it, the device sends a trap hmConfigurationChangedTrap.
-
Page 61: Saving To A Binary File On The Pc
Loading/saving settings 3.2 Saving settings Select the Basics: Load/Save dialog. In the “Save” frame, click “to URL (binary)” to receive a binary file, or “to URL (script)” to receive an editable and readable script. In the “URL” frame, enter the path under which you want the device to save the configuration file.
-
Page 62: Saving As A Script On The Pc
Loading/saving settings 3.2 Saving settings In the save dialog, enter the name of the file in which you want the device to save the configuration file. Click «Save». 3.2.4 Saving as a script on the PC The device allows you to save the current configuration data in an editable and readable file on your PC.
-
Page 63: Loading Software Updates
Loading Software Updates 4 Loading Software Updates Hirschmann never stops working on improving the performance of its products. So it is possible that you may find a more up to date release of the device software on the Hirschmann Internet site (www.hirschmann.com) than the release saved on your device.
-
Page 64: Loading The Software
Loading Software Updates Loading the software The device gives you 4 options for loading the software: manually from the ACA 21 USB (out-of-band), automatically from the ACA 21 USB (out-of-band), via TFTP from a tftp server (in-band) and via a file selection dialog from your PC. Note: The existing configuration of the device is still there after the new software is installed.
-
Page 65: Loading The Software Manually From The Aca
Loading Software Updates 4.1 Loading the Software manually from the ACA 4.1 Loading the Software manually from the ACA You can connect the ACA 21-USB to a USB port of your PC like a conventional USB stick and copy the device software into the main directory of the ACA 12-USB.
-
Page 66: Selecting The Software To Be Loaded
Loading Software Updates 4.1 Loading the Software manually from the ACA 4.1.1 Selecting the software to be loaded In this menu item of the system monitor, you select one of two possible software releases that you want to load. The following window appears on the screen: Select Operating System Image (Available OS: Selected: 05.0.00 (2009-08-07 06:05), Backup: 04.2.00 (2009-07-06 06:05 (Locally selected: 05.0.00 (2009-08-07 06:05))
-
Page 67: Starting The Software
Loading Software Updates 4.1 Loading the Software manually from the ACA Test stored images in flash memory Select 3 to check whether the images of the software stored in the flash memory contain valid codes. Test stored images in USB memory Select 4, to check whether the images of the software stored in the ACA 21-USB contain valid codes.
-
Page 68: Automatic Software Update By Aca
Loading Software Updates 4.2 Automatic software update by 4.2 Automatic software update by ACA For a software update via the ACA, first copy the new device software into the main directory of the AutoConfiguration Adapter. If the version of the software on the ACA is newer or older than the version on the device, the device performs a software update.
-
Page 69
Loading Software Updates 4.2 Automatic software update by One of the following messages in the log file indicates the result of the update process: S_watson_AUTOMATIC_SWUPDATE_SUCCESSFUL: Update completed successfully. S_watson_AUTOMATIC_SWUPDATE_FAILED_WRONG_FILE: Update failed. Reason: incorrect file. S_watson_AUTOMATIC_SWUPDATE_FAILED_SAVING_FILE: Update failed. Reason: error when saving. In your browser, click on “Reload”… -
Page 70: Loading The Software From The Tftp Server
Loading Software Updates 4.3 Loading the software from the tftp server 4.3 Loading the software from the tftp server For a tftp update, you need a tftp server on which the software to be loaded is stored (see on page 228 “TFTP Server for Software Updates“).
-
Page 71
Loading Software Updates 4.3 Loading the software from the tftp server Enter the path of the device software. Click on «Update» to load the software from the tftp server to the device. Figure 19: Software update dialog After successfully loading it, you activate the new software: Select the dialog Basic Settings:Restart and perform a cold start. -
Page 72: Loading The Software Via File Selection
Loading Software Updates 4.4 Loading the Software via File Selection 4.4 Loading the Software via File Selection For an HTTP software update (via a file selection window), the device software must be on a data carrier that you can access via a file selection window from your workstation.
-
Page 73: Configuring The Ports
Configuring the Ports 5 Configuring the Ports The port configuration consists of: Switching the port on and off Selecting the operating mode Activating the display of connection error messages Configuring Power over ETHERNET. Switching the port on and off In the state on delivery, all the ports are switched on. For a higher level of access security, switch off the ports at which you are not making any connection.
-
Page 74: Configuring Power Over Ethernet
Configuring the Ports Displaying connection error messages In the state on delivery, the device displays connection errors via the signal contact and the LED display. The device allows you to suppress this display, because you do not want to interpret a switched off device as an interrupted connection, for example.
-
Page 75
Configuring the Ports Nominal power for MACH 4000: The device provides the nominal power for the sum of all PoE ports plus a surplus. Should the connected devices require more PoE power than is provided, the device then switches PoE off at the ports. Initially, the device switches PoE off at the ports with the lowest PoE priority. -
Page 76
Configuring the Ports The difference between the «nominal» and «reserved» power indicates how much power is still available to the free PoE ports. In the “POE on” column, you can enable/disable PoE at this port. The “Status” column indicates the PoE status of the port. In the “Priority”… -
Page 77: Protection From Unauthorized Access
Protection from Unauthorized Access 6 Protection from Unauthorized Access The device provides you with the following functions to help you protect it against unauthorized access. Password for SNMP access Telnet/Web/SSH access disabling Restricted management access HiDiscovery function disabling Port access control via IP or MAC address Port authentication according to IEEE 802.1X Basic Configuration Release 6.0 07/2010…
-
Page 78: Protecting The Device
Protection from Unauthorized Access 6.1 Protecting the device 6.1 Protecting the device If you want to maximize the protection of the device against unauthorized access in just a few steps, you can perform some or all of the following steps on the device: Deactivate SNMPv1 and SNMPv2 and select a password for SNMPv3 access other than the standard password…
-
Page 79: Password For Snmp Access
Protection from Unauthorized Access 6.2 Password for SNMP access 6.2 Password for SNMP access 6.2.1 Description of password for SNMP access A network management station communicates with the device via the Simple Network Management Protocol (SNMP). Every SNMP packet contains the IP address of the sending computer and the password with which the sender of the packet wants to access the device MIB.
-
Page 80: Entering The Password For Snmp Access
Protection from Unauthorized Access 6.2 Password for SNMP access 6.2.2 Entering the password for SNMP access Select the Security:Password/SNMP Access dialog. This dialog gives you the option of changing the read and read/write passwords for access to the device via the Web-based interface, via the CLI, and via SNMPv3 (SNMP version 3).
-
Page 81
Protection from Unauthorized Access 6.2 Password for SNMP access Figure 21: Password/SNMP Access dialog Note: If you do not know a password with “read/write” access, you will not have write access to the device. Note: For security reasons, the device does not display the passwords. Make a note of every change. -
Page 82
Protection from Unauthorized Access 6.2 Password for SNMP access Select the Security:SNMPv1/v2 access dialog. With this dialog you can select the access via SNMPv1 or SNMPv2. In the state on delivery, both protocols are activated. You can thus manage the device with HiVision and communicate with earlier versions of SNMP. -
Page 83
Protection from Unauthorized Access 6.2 Password for SNMP access Figure 22: SNMPv1/v2 access dialog To create a new line in the table click «Create entry». To delete an entry, select the line in the table and click «Delete». Basic Configuration Release 6.0 07/2010… -
Page 84: Telnet/Web/Ssh Access
Protection from Unauthorized Access 6.3 Telnet/Web/SSH Access 6.3 Telnet/Web/SSH Access 6.3.1 Description of Telnet Access The Telnet server of the device allows you to configure the device by using the Command Line Interface (in-band). You can deactivate the Telnet server if you do not want Telnet access to the device.
-
Page 85: Description Of Ssh Access
Protection from Unauthorized Access 6.3 Telnet/Web/SSH Access After the Web server has been switched off, it is no longer possible to log in via a Web browser. The login in the open browser window remains active. 6.3.3 Description of SSH Access The SSH server of the device allows you to configure the device by using the Command Line Interface (in-band).
-
Page 86
Protection from Unauthorized Access 6.3 Telnet/Web/SSH Access Switch to the Privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the configuration mode for CLI. lineconfig Enable Telnet server. transport input telnet Disable Telnet server. no transport input telnet Switch to the Configuration mode. -
Page 87: Restricted Management Access
Protection from Unauthorized Access 6.4 Restricted Management Access 6.4 Restricted Management Access The device allows you to differentiate the management access to the device based on IP address ranges, and to differentiate these based on management services (http, snmp, telnet, ssh). You thus have the option to set finely differentiated management access rights.
-
Page 88
Protection from Unauthorized Access 6.4 Restricted Management Access Switch to the Privileged EXEC mode. enable Display the current configuration. show network mgmt-access Create an entry for the IT network. This is given network mgmt-access add the smallest free ID — in the example, 2. Set the IP address of the entry for the IT network. -
Page 89: Hidiscovery Access
Protection from Unauthorized Access 6.5 HiDiscovery Access 6.5 HiDiscovery Access 6.5.1 Description of the HiDiscovery Protocol The HiDiscovery protocol allows you to allocate an IP address to the device on the basis of its MAC address (see on page 36 “Entering the IP Parameters HiDiscovery“).
-
Page 90
Protection from Unauthorized Access 6.5 HiDiscovery Access 6.5.3 Description of the Port Access Control You can configure the device in such a way that it helps to protect every port from unauthorized access. Depending on your selection, the device checks the MAC address or the IP address of the connected device. -
Page 91
Protection from Unauthorized Access 6.5 HiDiscovery Access Parameter Value Explanation Allowed IP Addresses 10.0.1.228 The defined users are the device with the 10.0.1.229 IP address 10.0.1.228 and the device with the IP address 10.0.1.229 Action portDisable Disable the port with the corresponding entry in the port configuration table (see on page 73 “Configuring the Ports“) -
Page 92
Protection from Unauthorized Access 6.5 HiDiscovery Access Configure the port security. Select the Security:Port Security dialog. In the “Configuration” frame, select “IP-Based Port Security”. In the table, click on the row of the port to be protected, in the “Allowed IP addresses” cell. Enter in sequence: –… -
Page 93
Protection from Unauthorized Access 6.5 HiDiscovery Access Save the settings in the non-volatile memory. Select the dialog Basic Settings:Load/Save. In the “Save” frame, select “To Device” for the location and click “Save” to permanently save the configuration in the active configuration. -
Page 94: Port Authentication Ieee 802.1X
Protection from Unauthorized Access 6.6 Port Authentication IEEE 802.1X 6.6 Port Authentication IEEE 802.1X 6.6.1 Description of Port Authentication according to IEEE 802.1X The port-based network access control is a method described in the standard IEEE 802.1X to protect IEEE 802 networks from unauthorized access. The protocol controls the access to a port by authenticating and authorizing a device that is connected to this port of the device.
-
Page 95: Authentication Process According To Ieee 802.1X
Protection from Unauthorized Access 6.6 Port Authentication IEEE 802.1X 6.6.2 Authentication Process according to IEEE 802.1X A supplicant attempts to communicate via a device port. The device requests authentication from the supplicant. At this time, only EAPOL traffic is allowed between the supplicant and the device. The supplicant replies with its identification data.
-
Page 96: Ieee 802.1X Settings
Protection from Unauthorized Access 6.6 Port Authentication IEEE 802.1X 6.6.4 IEEE 802.1X Settings Configurating the RADIUS Server Select the Security:802.1x Port Authentication:RADIUS Server dialog. This dialog allows you to enter the data for 1, 2 or 3 RADIUS servers. Click «Create entry» to open the dialog window for entering the IP address of a RADIUS server.
-
Page 97: Synchronizing The System Time In The Network
Synchronizing the System Time in the Network 7 Synchronizing the System Time in the Network The actual meaning of the term “real time” depends on the time requirements of the application. The device provides two options with different levels of accuracy for synchronizing the time in your network.
-
Page 98: Entering The Time
Synchronizing the System Time in the 7.1 Entering the Time Network 7.1 Entering the Time If no reference clock is available, you have the option of entering the system time in a device and then using it like a reference clock (see on page 102 “Configuring SNTP“),…
-
Page 99
Synchronizing the System Time in the 7.1 Entering the Time Network With “Set time from PC”, the device takes the PC time as the system time and calculates the IEEE 1588 / SNTP time using the local time difference. “IEEE 1588 / SNTP time” = “System time” — “Local offset” The “Local Offset”… -
Page 100: Sntp
Synchronizing the System Time in the 7.2 SNTP Network 7.2 SNTP 7.2.1 Description of SNTP The Simple Network Time Protocol (SNTP) enables you to synchronize the system time in your network. The device supports the SNTP client and the SNTP server function. The SNTP server makes the UTC (Universal Time Coordinated) available.
-
Page 101: Preparing The Sntp Configuration
Synchronizing the System Time in the 7.2 SNTP Network 7.2.2 Preparing the SNTP Configuration To get an overview of how the time is passed on, draw a network plan with all the devices participating in SNTP. When planning, bear in mind that the accuracy of the time depends on the signal runtime.
-
Page 102: Configuring Sntp
Synchronizing the System Time in the 7.2 SNTP Network 7.2.3 Configuring SNTP Select the Time:SNTP dialog. Operation In this frame you switch the SNTP function on/off globally. SNTP Status The “Status message” displays statuses of the SNTP client as one or more test messages. Possible messages: Local system clock is synchronized;…
-
Page 103
Synchronizing the System Time in the 7.2 SNTP Network Configuration SNTP Client In “Client status” you switch the SNTP client of the device on/off. In “External server address” you enter the IP address of the SNTP server from which the device periodically requests the system time. -
Page 104
Synchronizing the System Time in the 7.2 SNTP Network Configuration SNTP Server In “Server status” you switch the SNTP server of the device on/ off. In “Anycast destination address” you enter the IP address to which the SNTP server of the device sends its SNTP packets (see table In “VLAN ID”… -
Page 105
Synchronizing the System Time in the 7.2 SNTP Network Figure 27: SNTP Dialog Device 192.168.1.1 192.168.1.2 192.168.1.3 Operation Server destination address 0.0.0.0 0.0.0.0 0.0.0.0 Server VLAN ID Send interval Client external server address 192.168.1.0 192.168.1.1 192.168.1.2 Request interval Accept Broadcasts Table 6: Settings for the example (see fig. -
Page 106: Precision Time Protocol
Synchronizing the System Time in the 7.3 Precision Time Protocol Network 7.3 Precision Time Protocol 7.3.1 Description of PTP Functions Precise time management is required for running time-critical applications via a LAN. The IEEE 1588 standard with the Precision Time Protocol (PTP) describes a procedure that assumes one clock is the most accurate and thus enables precise synchronization of all clocks in a LAN.
-
Page 107
Synchronizing the System Time in the 7.3 Precision Time Protocol Network PTPv1 PTPv2 Specification Stratum Clock class number – (priority 1 = For temporary, special purposes, in order to assign a higher accuracy to one clock than to all other clocks in the network. Indicates the reference clock with the highest degree of accuracy. -
Page 108
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Reference Local (Master clock) (Slave clock) Delay + Jitter Delay + Jitter Delay + Jitter Precision Time Protocol (Application Layer) UDP User Datagramm Protocol (Transport Layer) Internet Protocol (Network Layer) MAC Media Access Control Physical Layer Figure 28: Delay and jitter for clock synchronization… -
Page 109
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Peer-to-Peer (P2P) With P2P, like in E2E, every slave clock measures the delay to its master clock. In addition, in P2P every master clock measures the delay to the slave clock. -
Page 110: Preparing The Ptp Configuration
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Independently of the physical communication paths, the PTP provides logical communication paths which you define by setting up PTP subdomains. Subdomains are used to form groups of clocks that are time-independent from the rest of the domain.
-
Page 111
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Note: Connect all the connections you need to distribute the PTP information to connections with an integrated time stamp unit (RT modules). Devices without a time stamp unit take the information from the PTP and use it to set their clocks. -
Page 112: Application Example
Synchronizing the System Time in the 7.3 Precision Time Protocol Network 7.3.3 Application Example PTP is used to synchronize the time in the network. As an SNTP client, the left device (see fig. 31) gets the time from the NTP server via SNTP. The device assigns PTP clock stratum 2 (PTPv1) or clock class 6 (PTPv2) to the time received from an NTP server.
-
Page 113
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Device 10.0.1.112 10.0.1.116 10.0.1.105 10.0.1.106 PTP Global Operation Clock Mode v1-boundary- v1-boundary- v1-simple-mode v1-simple-mode clock clock Preferred Master true false false false SNTP Operation Client Status External server 10.0.1.2 0.0.0.0 0.0.0.0 0.0.0.0… -
Page 114
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Select the Time:SNTP dialog. Activate SNTP globally in the “Operation” frame. Activate the SNTP client (client status) in the “Configuration SNTP Client” frame. In the “Configuration SNTP Client” frame, enter: –… -
Page 115
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Switch on PTP globally. ptp operation enable Select PTP version and clock mode. ptp clock-mode v1-boundary- clock In this example, you have chosen the device with the IP address 10.0.1.112 as the PTP reference clock. -
Page 116
Synchronizing the System Time in the 7.3 Precision Time Protocol Network Save the settings in the non-volatile memory. Select the Basics: Load/Save dialog. In the “Save” frame, select “To Device” for the location and click “Save” to permanently save the configuration in the active configuration. -
Page 117: Interaction Of Ptp And Sntp
Synchronizing the System Time in the 7.4 Interaction of PTP and SNTP Network 7.4 Interaction of PTP and SNTP According to the PTP and SNTP standards, both protocols can exist in parallel in the same network. However, since both protocols affect the system time of the device, situations may occur in which the two protocols compete with each other.
-
Page 118
Synchronizing the System Time in the 7.4 Interaction of PTP and SNTP Network Device 149.218.112.1 149.218.112.2 149.218.112.3 Operation Clock Mode v1-boundary-clock v1-boundary-clock v1-boundary-clock Preferred Master false false false SNTP Operation Client Status External server address 149.218.112.0 0.0.0.0 0.0.0.0 Server request interval Accept SNTP Broadcasts Server status Anycast destination address… -
Page 119: Network Load Control
Network Load Control 8 Network Load Control To optimize the data transmission, the device provides you with the following functions for controlling the network load: Settings for direct packet distribution (MAC address filter) Multicast settings Rate limiter Prioritization — QoS Flow control Virtual LANs (VLANs) Basic Configuration…
-
Page 120: Direct Packet Distribution
Network Load Control 8.1 Direct Packet Distribution 8.1 Direct Packet Distribution With direct packet distribution, you help protect the device from unnecessary network loads. The device provides you with the following functions for direct packet distribution: Store-and-forward Multi-address capability Aging of learned addresses Static address entries Disabling the direct packet distribution 8.1.1…
-
Page 121: Aging Of Learned Addresses
Network Load Control 8.1 Direct Packet Distribution in the destination address field are sent to this port. The device enters learned source addresses in its filter table (see on page 122 “Entering Static Addresses“). The device can learn up to 8.000 addresses. This is necessary if more than one terminal device is connected to one or more ports.
-
Page 122: Entering Static Addresses
Network Load Control 8.1 Direct Packet Distribution 8.1.4 Entering Static Addresses An important function of the device is the filter function. It selects data packets according to defined patterns, known as filters. These patterns are assigned distribution rules. This means that a data packet received by a device at a port is compared with the patterns.
-
Page 123: Disabling The Direct Packet Distribution
Network Load Control 8.1 Direct Packet Distribution Select the Switching:Filters for MAC Addresses dialog. Each row of the filter table represents one filter. Filters specify the way in which data packets are sent. They are set automatically by the Switch (learned status) or created manually.
-
Page 124
Network Load Control 8.1 Direct Packet Distribution Select the Switching:Global dialog. UnCheck «Address Learning» to observe the data at all ports. Basic Configuration Release 6.0 07/2010… -
Page 125: Multicast Application
Network Load Control 8.2 Multicast Application 8.2 Multicast Application 8.2.1 Description of the Multicast Application The data distribution in the LAN differentiates between 3 distribution classes on the basis of the addressed recipients: Unicast — one recipient Multicast — a group of recipients Broadcast — every recipient that can be reached In the case of a Multicast address, the device forwards all data packets with a Multicast address to all ports.
-
Page 126: Example Of A Multicast Application
Network Load Control 8.2 Multicast Application 8.2.2 Example of a Multicast Application The cameras for monitoring machines normally transmit their images to monitors located in the machine room and to the control room. In an IP transmission, a camera sends its image data with a Multicast address via the network.
-
Page 127: Description Of Igmp Snooping
Network Load Control 8.2 Multicast Application 8.2.3 Description of IGMP Snooping The Internet Group Management Protocol (IGMP) describes the distribution of Multicast information between routers and terminal devices on Layer 3. Routers with an active IGMP function periodically send queries to find out which IP Multicast group members are connected to the LAN.
-
Page 128: Setting Igmp Snooping
Network Load Control 8.2 Multicast Application 8.2.4 Setting IGMP Snooping Select the Switching:Multicast:IGMP dialog. Operation The “Operation” frame allows you to enable/disable IGMP Snooping globally for the entire device. If IGMP Snooping is disabled, then the device does not evaluate Query and Report packets received, it sends (floods) received data packets with a Multicast address as the destination address to all ports.
-
Page 129
Network Load Control 8.2 Multicast Application IGMP Querier “IGMP Querier active” allows you to enable/disable the Query function. “Protocol version” allow you to select IGMP version 1, 2 or 3. In “Send interval [s]” you specify the interval at which the device sends query packets (valid entries: 2-3,599 s, default setting: 125 s). -
Page 130: Parameter Values
Network Load Control 8.2 Multicast Application Parameter Values The parameters – Max. Response Time, – Send Interval and – Group Membership Interval have a relationship to each other: Max. Response Time < Send Interval < Group Membership Interval. If you enter values that contradict this relationship, the device then replaces these values with a default value or with the last valid values.
-
Page 131
Network Load Control 8.2 Multicast Application Unknown Multicasts In this frame you can determine how the device in IGMP mode sends packets with known and unknown MAC/IP Multicast addresses that were not learned through IGMP Snooping. “Unknown Muilticasts” allows you to specify how the device transmits unknown Multicast packets: “Send to Query Ports”. -
Page 132
IGMP queries (disable=default setting). This column allows you to also send IGMP report messages to: other selected ports (enable) or connected Hirschmann devices (automatic). “Learned Query Port” This table column shows you at which ports the device has received IGMP queries, if “disable”… -
Page 133: Description Of Gmrp
Network Load Control 8.2 Multicast Application Figure 34: IGMP Snooping dialog 8.2.5 Description of GMRP The GARP Multicast Registration Protocol (GMRP) describes the distribution of data packets with a Multicast address as the destination address on Layer Basic Configuration Release 6.0 07/2010…
-
Page 134
Network Load Control 8.2 Multicast Application Devices that want to receive data packets with a Multicast address as the destination address use the GMRP to perform the registration of the Multicast address. For a Switch, registration involves entering the Multicast address in the filter table. -
Page 135: Setting Gmrp
Network Load Control 8.2 Multicast Application 8.2.6 Setting GMRP Select the Switching:Multicasts:GMRP dialog. Operation The “Operation” frame allows you to enable GMRP globally for the entire device. It GMRP is disabled, then the device does not generate any GMRP packets, does not evaluate any GMRP packets received, and sends (floods) received data packets to all ports.
-
Page 136
Network Load Control 8.2 Multicast Application Note: If the device is incorporated into a HIPER-Ring, you can use the following settings to quickly reconfigure the network for data packets with registered Multicast destination addresses after the ring is switched: Activate GMRP on the ring ports and globally, and activate “Forward all groups”… -
Page 137: Rate Limiter
Network Load Control 8.3 Rate Limiter 8.3 Rate Limiter 8.3.1 Description of the Rate Limiter The device can limit the rate of message traffic during periods of heavy traffic flow. Entering a limit rate for each port specifies the amount of traffic the device is permitted to transmit and receive.
-
Page 138: Rate Limiter Settings (Powermice And Mach 4000)
Network Load Control 8.3 Rate Limiter 8.3.2 Rate Limiter Settings (PowerMICE and MACH 4000) Select the Switching:Rate Limiter dialog. «Ingress Limiter (kbit/s)» allows you to enable or disable the ingress limiter function for all ports and to select the ingress limitation on all ports (either broadcast packets only or broadcast packets and Multicast packets).
-
Page 139: Rate Limiter Settings For Rs20/Rs30/40, Ms20/Ms30, Rsr20/Rsr30
Network Load Control 8.3 Rate Limiter 8.3.3 Rate Limiter settings for RS20/RS30/40, MS20/MS30, RSR20/RSR30, MACH 100, MACH 1000 and OCTOPUS Select the Switching:Rate Limiter dialog. «Ingress Limiter (kbit/s)» allows you to enable or disable the input limiting function for all ports.
-
Page 140
Network Load Control 8.3 Rate Limiter Setting options per port: «Ingress Packet Types» allows you to select the packet type for which the limit is to apply: All, limits the total inbound data volume at this port. BC, limits the broadcast packets received at this port. BC + MC, limits broadcast packets and Multicast packets received at this port. -
Page 141: Qos/Priority
Network Load Control 8.4 QoS/Priority 8.4 QoS/Priority 8.4.1 Description of Prioritization This function prevents time-critical data traffic such as language/video or real-time data from being disrupted by less time-critical data traffic during periods of heavy traffic. By assigning high traffic classes for time-critical data and low traffic classes for less time-critical data, this provides optimal data flow for time-critical data traffic.
-
Page 142: Vlan Tagging
Data packets with VLAN tags containing priority information but no VLAN information (VLAN ID = 0), are known as Priority Tagged Frames. Priority Traffic class for Traffic Class for IEEE 802.1D traffic type entered RS20/RS30/ PowerMICE, RS40, MACH 104/ MACH 1000, MACH 1040 and MS20/MS30,…
-
Page 143
Network Load Control 8.4 QoS/Priority Note: Network protocols and redundancy mechanisms use the highest traffic classes 3 (RS20/30/40, MS20/30, RSR20/RSR30, MACH 1000, OCTOPUS) or 7 (PowerMICE, MACH 104/MACH 1040, MACH 4000). Therefore, select other traffic classes for application data. 42-1500 Octets min. -
Page 144: Ip Tos / Diffserv
Network Load Control 8.4 QoS/Priority When using VLAN prioritizing, note the following special features: End-to-end prioritizing requires the VLAN tags to be transmitted to the entire network, which means that all network components must be VLAN- capable. Routers cannot receive or send packets with VLAN tags via port-based router interfaces.
-
Page 145: Differentiated Services
Network Load Control 8.4 QoS/Priority Bits (0-2): IP Precedence Defined Bits (3-6): Type of Service Defined Bit (7) 111 — Network Control 0000 — [all normal] 0 — Must be zero 110 — Internetwork Control 1000 — [minimize delay] 101 — CRITIC / ECP 0100 — [maximize throughput] 100 — Flash Override 0010 — [maximize reliability]…
-
Page 146
Network Load Control 8.4 QoS/Priority Assured Forwarding (AF): Provides a differentiated schema for handling different data traffic (RFC2597). Default Forwarding/Best Effort: No particular prioritizing. The PHB class selector assigns the 7 possible IP precedence values from the old ToS field to specific DSCP values, thus ensuring the downwards compatibility. -
Page 147
Network Load Control 8.4 QoS/Priority DSCP value DSCP name Traffic Class for Traffic class for MACH 4000, RS20/RS30/RS40, MACH 104, RSR20/RSR30, MACH 1040, MS20/MS30, PowerMICE OCTOPUS, default setting) MACH1000 (default setting) Best Effort /CS0 9,11,13,15 10,12,14 AF11,AF12,AF13 17,19,21,23 18,20,22 AF21,AF22,AF23… -
Page 148: Management Prioritization
Network Load Control 8.4 QoS/Priority 8.4.4 Management prioritization To have full access to the management of the device, even in situations of high network load, the device enables you to prioritize management packets. In prioritizing management packets (SNMP, Telnet, etc.), the device sends the management packets with priority information.
-
Page 149: Handling Of Traffic Classes
Network Load Control 8.4 QoS/Priority 8.4.6 Handling of Traffic Classes For the handling of traffic classes, the device provides: Strict Priority Description of Strict Priority With the Strict Priority setting, the device first transmits all data packets that have a higher traffic class before transmitting a data packet with the next highest traffic class.
-
Page 150
Network Load Control 8.4 QoS/Priority Switch to the Interface Configuration mode of interface 1/1 interface 1/1. Assign port priority 3 to interface 1/1. vlan priority 3 Switch to the Configuration mode. exit Assigning the VLAN Priority to the Traffic Classes Select the QOS/Priority:802.1D/p-Mapping dialog. -
Page 151
Network Load Control 8.4 QoS/Priority Switch to the privileged EXEC mode. exit Display the trust mode on interface 1/1. show classofservice trust Class of Service Trust Mode: Untrusted Untrusted Traffic Class: 4 Assigning the traffic class to a DSCP Select the QOS/Priority:IP DSCP Mapping dialog. -
Page 152
Network Load Control 8.4 QoS/Priority Class of Service Trust Mode: IP DSCP Non-IP Traffic Class: 2 Always assign the DSCP priority to received IP data packets globally Select the QoS/Priority:Global dialog. Select trustIPDSCP in the «Trust Mode» line. Switch to the Privileged EXEC mode. enable Switch to the Configuration mode. -
Page 153
Network Load Control 8.4 QoS/Priority System IP Address……10.0.1.116 Subnet Mask……..255.255.255.0 Default Gateway…….. 10.0.1.200 Burned In MAC Address……00:80:63:51:7A:80 Network Configuration Protocol (BootP/DHCP)..None DHCP Client ID (same as SNMP System Name)..»PowerMICE-517A80″ Network Configuration Protocol HiDiscovery..Read-Write Management VLAN ID……1 Management VLAN Priority……. -
Page 154: Flow Control
Network Load Control 8.5 Flow Control 8.5 Flow Control 8.5.1 Description of Flow Control Flow control is a mechanism which acts as an overload protection for the device. During periods of heavy traffic, it holds off additional traffic from the network.
-
Page 155
Before the send queue of port 2 overflows, the device sends a request to Workstation 2 to include a small break in the sending transmission. Note: The devices RS20/30/40, MS20/30, Octopus, MACH 100, RSR and MACH 1000 support flow control in full duplex mode only. -
Page 156: Setting The Flow Control
Network Load Control 8.5 Flow Control Note: The devices RS20/30/40, MS20/30, Octopus, MACH 100, RSR and MACH 1000 do not support flow control in half duplex mode. 8.5.2 Setting the Flow Control Select the Basics:Port Configuration dialog. In the «Flow Control on» column, you checkmark this port to specify that flow control is active here.
-
Page 157: Vlans
Network Load Control 8.6 VLANs 8.6 VLANs 8.6.1 VLAN Description In the simplest case, a virtual LAN (VLAN) consists of a group of network participants in one network segment who can communicate with each other as if they belonged to a separate LAN. More complex VLANs span out over multiple network segments and are also based on logical (instead of only physical) connections between network participants.
-
Page 158: Examples Of Vlans
Network Load Control 8.6 VLANs 8.6.2 Examples of VLANs The following practical examples provide a quick introduction to the structure of a VLAN. Example 1 VLAN VLAN Figure 41: Example of a simple port-based VLAN The example shows a minimal VLAN configuration (port-based VLAN). An administrator has connected multiple terminal devices to a transmission device and assigned them to 2 VLANs.
-
Page 159
Network Load Control 8.6 VLANs Terminal Port Port VLAN identifier (PVID) Table 16: Ingress table VLANID Port Table 17: Egress table Basic Configuration Release 6.0 07/2010… -
Page 160
Network Load Control 8.6 VLANs Proceed as follows to perform the example configuration: Configure VLAN Select the Switching:VLAN:Static dialog. Figure 42: Creating and naming new VLANs Click on “Create Entry” to open a window for entering the VLAN ID. Assign VLAN ID 2 to the VLAN. Click on “OK”. -
Page 161
Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the VLAN configuration mode. vlan database Create a new VLAN with the VLAN ID 2. vlan 2 Give the VLAN with the VLAN ID 2 the name vlan name 2 VLAN2 VLAN2. -
Page 162
Network Load Control 8.6 VLANs Configuring the ports Figure 43: Defining the VLAN membership of the ports. Assign the ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status. -
Page 163
Network Load Control 8.6 VLANs Figure 44: Assign and save Port VLAN ID, Acceptable Frame Types and Ingress Filtering Assign the Port VLAN ID of the related VLANs (2 or 3) to the individual ports — see table. Because terminal devices usually do not send data packets with a tag, you select the admitAll setting for “Acceptable Frame Types”. -
Page 164
Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the Interface Configuration mode of interface 1/1 interface 1/1. vlan participation include 2 Port 1/1 becomes member untagged in VLAN 2. Port 1/1 is assigned the port VLAN ID 2. -
Page 165
Network Load Control 8.6 VLANs Example 2 Figure 45: Example of a more complex VLAN constellation The second example shows a more complex constellation with 3 VLANs (1 to 3). Along with the Switch from example 1, a second Switch (on the right in the example) is now used. -
Page 166
Network Load Control 8.6 VLANs T = with TAG field (T = tagged) U = without TAG field (U = untagged) In this example, tagged frames are used in the communication between the transmission devices (uplink), as frames for different VLANs are differentiated at these ports. -
Page 167
Network Load Control 8.6 VLANs The communication relationships here are as follows: terminal devices at ports 1 and 4 of the left device and terminal devices at ports 2 and 4 of the right device are members of VLAN 2 and can thus communicate with each other. -
Page 168
Network Load Control 8.6 VLANs Proceed as follows to perform the example configuration: Configure VLAN Select the Switching:VLAN:Static dialog. Figure 46: Creating and naming new VLANs Click on “Create Entry” to open a window for entering the VLAN ID. Assign VLAN ID 2 to the VLAN. You give this VLAN the name VLAN2 by clicking on the name field and entering the name. -
Page 169
Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the VLAN configuration mode. vlan database Create a new VLAN with the VLAN ID 2. vlan 2 Give the VLAN with the VLAN ID 2 the name vlan name 2 VLAN2 VLAN2. -
Page 170
Network Load Control 8.6 VLANs Configuring the ports Figure 47: Defining the VLAN membership of the ports. Assign the ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status. -
Page 171
Network Load Control 8.6 VLANs Figure 48: Assign and save Port VLAN ID, Acceptable Frame Types and Ingress Filtering Assign the ID of the related VLANs (1 to 3) to the individual ports. Because terminal devices usually do not send data packets with a tag, you select the admitAll setting for the terminal device ports. -
Page 172
Network Load Control 8.6 VLANs Switch to the Privileged EXEC mode. enable Switch to the Configuration mode. configure Switch to the Interface Configuration mode of interface 1/1 interface 1/1. vlan participation include 1 Port 1/1 becomes member untagged in VLAN 1. vlan participation include 2 Port 1/1 becomes member untagged in VLAN 2. -
Page 173
Network Load Control 8.6 VLANs For further information on VLANs, see the reference manual and the integrated help function in the program. Basic Configuration Release 6.0 07/2010… -
Page 174
Network Load Control 8.6 VLANs Basic Configuration Release 6.0 07/2010… -
Page 175: Operation Diagnosis
Operation Diagnosis 9 Operation Diagnosis The device provides you with the following diagnostic tools: Sending traps Monitoring the device status Out-of-band signaling via signal contact Port status indication Event counter at port level Detecting non-matching duplex modes SFP status display TP cable diagnosis Topology Discovery Detecting IP address conflicts…
-
Page 176: Sending Traps
Operation Diagnosis 9.1 Sending Traps 9.1 Sending Traps If unusual events occur during normal operation of the device, they are reported immediately to the management station. This is done by means of what are called traps ? alarm messages ? that bypass the polling procedure («Polling»…
-
Page 177: List Of Snmp Traps
Operation Diagnosis 9.1 Sending Traps 9.1.1 List of SNMP Traps All the possible traps that the device can send are listed in the following table. Trap name Meaning authenticationFailure is sent if a station attempts to access the agent without permission. coldStart is sent for both cold and warm starts during the boot process after successful management initialization.
-
Page 178: Snmp Traps During Boot
Operation Diagnosis 9.1 Sending Traps Trap name Meaning hmAddressRelearnDetectT is sent when Address Relearn Detection is activated and the threshold for the MAC addresses relearned at different ports has been exceeded. This process very probably indicates a loop situation in the network. hmDuplexMismatchTrap is sent if the device has detected a potential problem with the duplex mode of a port.
-
Page 179: Configuring Traps
Operation Diagnosis 9.1 Sending Traps 9.1.3 Configuring Traps Select the Diagnostics:Alarms (Traps) dialog. This dialog allows you to determine which events trigger an alarm (trap) and where these alarms should be sent. Select “Create entry”. In the “IP Address” column, enter the IP address of the recipient to whom the traps should be sent.
-
Page 180
Operation Diagnosis 9.1 Sending Traps The events which can be selected are: Name Meaning Authentication The device has rejected an unauthorized access attempt (see the Access for IP Addresses and Port Security dialog). Link Up/Down At one port of the device, the link to another device has been established/ interrupted. -
Page 181: Monitoring The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status 9.2 Monitoring the Device Status The device status provides an overview of the overall condition of the device. Many process visualization systems record the device status for a device in order to present its condition in graphic form. The device enables you to signal the device status out-of-band via a signal contact (see on page 185 “Monitoring the Device Status via the Signal Contact“)
-
Page 182: Configuring The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status Note: With a non-redundant voltage supply, the device reports the absence of a supply voltage. If you do not want this message to be displayed, feed the supply voltage over both inputs or switch off the monitoring (see on page 185 “Monitoring the Device Status via the Signal Contact“).
-
Page 183: Displaying The Device Status
Operation Diagnosis 9.2 Monitoring the Device Status 9.2.2 Displaying the Device Status Select the Basics:System dialog. Figure 50: Device status and alarm display 1 — The symbol displays the device status 2 — Cause of the oldest existing alarm 3 — Start of the oldest existing alarm Switch to the privileged EXEC mode.
-
Page 184: Out-Of-Band Signaling
Operation Diagnosis 9.3 Out-of-band Signaling 9.3 Out-of-band Signaling The signal contact is used to control external devices and monitor the operation of the device. Function monitoring enables you to perform remote diagnostics. The device reports the operating status via a break in the potential-free signal contact (relay contact, closed circuit): Incorrect supply voltage, at least one of the two supply voltages is inoperative,…
-
Page 185: Controlling The Signal Contact
Operation Diagnosis 9.3 Out-of-band Signaling 9.3.1 Controlling the Signal Contact With this mode you can remotely control every signal contact individually. Application options: Simulation of an error as an input for process control monitoring equipment. Remote control of a device via SNMP, such as switching on a camera. Select the Diagnostics:Signal Contact 1/2) dialog.
-
Page 186: Monitoring The Device Functions Via The Signal Contact
Operation Diagnosis 9.3 Out-of-band Signaling 9.3.3 Monitoring the Device Functions via the Signal Contact Configuring the operation monitoring Select the Diagnostics:Signal Contact dialog. Select «Monitoring correct operation» in the «Mode signal contact» frame to use the contact for operation monitoring. In the «Monitoring correct operation»…
-
Page 187: Monitoring The Fan
Operation Diagnosis 9.3 Out-of-band Signaling Figure 51: Signal Contact dialog Switch to the privileged EXEC mode. exit Displays the status of the operation monitoring show signal-contact 1 and the setting for the status determination. 9.3.4 Monitoring the Fan Devices of the Mach 4000 range have a replaceable plug-in fan. This plug-in fan considerably reduces the inner temperature of the device.
-
Page 188
Operation Diagnosis 9.3 Out-of-band Signaling The device enables you to signal changes to the status of the plug-in fan out-of-band (outside the data flow) via a signal contact (see on page 185 “Monitoring the Device Status via the Signal Contact“) to signal changes to the status of the plug-in fan by sending a trap when the device status changes to detect status changes to the plug-in fan in the Web-based interface on… -
Page 189
Operation Diagnosis 9.3 Out-of-band Signaling Proceed as follows to signal changes to the fan status via a signal contact and with an alarm message: Select the Diagnostics:Signal Contact dialog. Select the signal contact you want to use (in the example, signal contact 1) in the corresponding tab page “Signal contact 1”… -
Page 190: Port Status Indication
Operation Diagnosis 9.4 Port Status Indication 9.4 Port Status Indication Select the Basics:System dialog. The device view shows the device with the current configuration. The symbols underneath the device view represent the status of the individual ports. Figure 53: Device View Meaning of the symbols: The port (10, 100 Mbit/s, 1, 10 Gbit/s) is enabled and the connection is OK.
-
Page 191: Event Counter At Port Level
Operation Diagnosis 9.5 Event Counter at Port Level 9.5 Event Counter at Port Level The port statistics table enables experienced network administrators to identify possible detected problems in the network. This table shows you the contents of various event counters. In the Restart menu item, you can reset all the event counters to zero using «Warm start», «Cold start»…
-
Page 192: Detecting Non-Matching Duplex Modes
Operation Diagnosis 9.5 Event Counter at Port Level Figure 54: Port Statistics dialog 9.5.1 Detecting Non-matching Duplex Modes If the duplex modes of 2 ports directly connected to each other do not match, this can cause problems that are difficult to track down. The automatic detection and reporting of this situation has the benefit of recognizing it before problems occur.
-
Page 193
Operation Diagnosis 9.5 Event Counter at Port Level The device allows you to detect this situation and report it to the network management station. In the process, the device evaluates the error counters of the port in the context of the port settings. Possible Causes of Port Error Events The following table lists the duplex operating modes for TX ports together with the possible error events. -
Page 194
Operation Diagnosis 9.5 Event Counter at Port Level Collisions, late collisions: In full-duplex mode, the port does not count collisions or late collisions. CRC error: The device only evaluates these errors as duplex problems in the manual full duplex mode. No. -
Page 195
Operation Diagnosis 9.5 Event Counter at Port Level Activates the detection and reporting of non- bridge duplex-mismatch-detect matching duplex modes. operation enable Deactivates the detection and reporting of non- bridge duplex-mismatch-detect matching duplex modes. operation disable Basic Configuration Release 6.0 07/2010… -
Page 196: Displaying The Sfp Status
Operation Diagnosis 9.6 Displaying the SFP Status 9.6 Displaying the SFP Status The SFP status display allows you to look at the current SFP module connections and their properties. The properties include: module type support provided in media module Temperature in ºC Tx Power in mW Receive power in mW Select the Diagnostics:Ports:SFP Modules dialog.
-
Page 197: Tp Cable Diagnosis
Operation Diagnosis 9.7 TP Cable Diagnosis 9.7 TP Cable Diagnosis The TP cable diagnosis allows you to check the connected cables for short- circuits or interruptions. Note: While the check is running, the data traffic at this port is suspended. The check takes a few seconds.
-
Page 198: Topology Discovery
Operation Diagnosis 9.8 Topology Discovery 9.8 Topology Discovery 9.8.1 Description of Topology Discovery IEEE 802.1AB describes the Link Layer Discovery Protocol (LLDP). LLDP enables the user to have automatic topology recognition for his LAN. A device with active LLDP sends its own connection and management information to neighboring devices of the shared LAN.
-
Page 199
To get around this, Hirschmann devices send and receive additional LLDP packets with the Hirschmann Multicast MAC address 01:80:63:2F:FF:0B. Hirschmann devices with the LLDP function are thus also able to exchange LLDP information with each other via devices that are not LLDP-capable. -
Page 200: Displaying The Topology Discovery Results
Operation Diagnosis 9.8 Topology Discovery 9.8.2 Displaying the Topology Discovery Results Select the Diagnostics:Topology Discovery dialog. Basic Configuration Release 6.0 07/2010…
-
Page 201
Operation Diagnosis 9.8 Topology Discovery This dialog allows you to switch on/off the topology discovery function (LLDP). The topology table shows you the collected information for neighboring devices. This information enables the network management station to map the structure of your network. The option «Show LLDP entries exclusively»… -
Page 202
Operation Diagnosis 9.8 Topology Discovery If several devices are connected to one port, for example via a hub, the table will contain one line for each connected device. devices with active topology discovery function and devices without active topology discovery function are connected to a port, the topology table hides the devices without active topology discovery. -
Page 203: Detecting Ip Address Conflicts
Operation Diagnosis 9.9 Detecting IP Address Conflicts 9.9 Detecting IP Address Conflicts 9.9.1 Description of IP Address Conflicts By definition, each IP address may only be assigned once within a subnetwork. Should two or more devices erroneously share the same IP address within one subnetwork, this will inevitably lead to communication disruptions with devices that have this IP address.
-
Page 204: Configuring Acd
Operation Diagnosis 9.9 Detecting IP Address Conflicts 9.9.2 Configuring ACD Select the Diagnostics:IP Address Conflict Detection dialog. With «Status» you enable/disable the IP address conflict detection or select the operating mode (see table 27). Basic Configuration Release 6.0 07/2010…
-
Page 205: Displaying Acd
Operation Diagnosis 9.9 Detecting IP Address Conflicts 9.9.3 Displaying ACD Select the Diagnostics:IP Address Conflict Detection dialog. In the table the device logs IP address conflicts with its IP address. For each conflict the device logs: the time the conflicting IP address the MAC address of the device with which the IP address conflicted.
-
Page 206: Detecting Loops
Operation Diagnosis 9.10 Detecting Loops 9.10 Detecting Loops Loops in the network, even temporary loops, can cause connection interruptions or data losses. The automatic detection and reporting of this situation allows you to detect it faster and diagnose it more easily. An incorrect configuration can cause a loop, for example, if you deactivate Spanning Tree.
-
Page 207: Reports
Operation Diagnosis 9.11 Reports 9.11 Reports The following reports and buttons are available for the diagnostics: Log file. The log file is an HTML file in which the device writes all the important device-internal events. System information. The system information is an HTML file containing all system-relevant data.
-
Page 208
Operation Diagnosis 9.11 Reports Click “Download Switch-Dump”. Select the directory in which you want to save the switch dump. Click “Save”. The device creates the file name of the switch dumps automatically in the format <IP address>_<system name>.zip, e.g. for a device of the type PowerMICE: “10.0.1.112_PowerMICE-517A80.zip”. -
Page 209: Monitoring Data Traffic At Ports (Port Mirroring)
Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring) 9.12 Monitoring Data Traffic at Ports (Port Mirroring) The port mirroring function enables you to review the data traffic at up to 8 ports of the device for diagnostic purposes. The device additionally forwards (mirrors) the data for these ports to another port.
-
Page 210
Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring) Select the Diagnostics:Port Mirroring dialog. This dialog allows you to configure and activate the port mirroring function of the device. Select the source ports whose data traffic you want to review from the list of physical ports by checkmarking the relevant boxes. -
Page 211
Operation Diagnosis 9.12 Monitoring Data Traffic at Ports (Port Mirroring) The “Reset configuration” button in the dialog allows you to reset all the port mirroring settings of the device to the state on delivery. Note: When port mirroring is active, the specified destination port is used solely for reviewing, and does not participate in the normal data traffic. -
Page 212: Syslog
Operation Diagnosis 9.13 Syslog 9.13 Syslog The device enables you to send messages about important device-internal events to up to 8 Syslog servers. Additionally, you can also include SNMP requests to the device as events in the syslog. Note: You will find the actual events that the device has logged in the “Event Log”…
-
Page 213
Operation Diagnosis 9.13 Syslog “SNMP Logging” frame: Activate “Log SNMP Get Request” if you want to send reading SNMP requests to the device as events to the syslog server. Select the level to report at which the device creates the events from reading SNMP requests. -
Page 214
Operation Diagnosis 9.13 Syslog Log SNMP SET requests : enabled Log SNMP SET severity : notice Log SNMP GET requests : enabled Log SNMP GET severity : notice Basic Configuration Release 6.0 07/2010… -
Page 215: Event Log
Operation Diagnosis 9.14 Event Log 9.14 Event Log The device allows you to call up a log of the system events. The table of the “Event Log” dialog lists the logged events with a time stamp. Click on “Load” to update the content of the event log. Click on “Delete”…
-
Page 216
Operation Diagnosis 9.14 Event Log Basic Configuration Release 6.0 07/2010… -
Page 217: A Setting Up The Configuration Environment
Setting up the Configuration Environment A Setting up the Configuration Environment Basic Configuration Release 6.0 07/2010…
-
Page 218
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment A.1 Setting up a DHCP/BOOTP Server On the CD-ROM supplied with the device you will find the software for a DHCP server from the software development company IT-Consulting Dr. Herbert Hanewinkel. You can test the software for 30 calendar days from the date of the first installation, and then decide whether you want to purchase a license. -
Page 219
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Enter the settings shown in the illustration and click OK. Figure 61: DHCP setting To enter the configuration profiles, select Options:Configuration Profiles in the menu bar. Enter the name of the new configuration profile and click Add. Figure 62: Adding configuration profiles Enter the network mask and click Accept. -
Page 220
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Figure 63: Network mask in the configuration profile Select the Boot tab page. Enter the IP address of your tftp server. Enter the path and the file name for the configuration file. Click Apply and then OK. -
Page 221
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Add a profile for each device type. If devices of the same type have different configurations, then you add a profile for each configuration. To complete the addition of the configuration profiles, click OK. Figure 65: Managing configuration profiles To enter the static addresses, click Static in the main window. -
Page 222
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Figure 67: Adding static addresses Enter the MAC address of the device. Enter the IP address of the device. Select the configuration profile of the device. Click Apply and then OK. Figure 68: Entries for static addresses Add an entry for each device that will get its parameters from the DHCP server. -
Page 223
Setting up the Configuration A.1 Setting up a DHCP/BOOTP Ser- Environment Figure 69: DHCP server with entries Basic Configuration Release 6.0 07/2010… -
Page 224
Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 A.2 Setting up a DHCP Server with Option 82 On the CD-ROM supplied with the device you will find the software for a DHCP server from the software development company IT-Consulting Dr. -
Page 225
Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 Figure 71: DHCP setting To enter the static addresses, click New. Figure 72: Adding static addresses Select Circuit Identifier and Remote Identifier. Basic Configuration Release 6.0 07/2010… -
Page 226
ID cl: length of the circuit ID hh: Hirschmann ID: 01 if a Hirschmann device is connected to the port, otherwise 00. vvvv: VLAN ID of the DHCP request (default: 0001 = VLAN 1) ss: socket of device at which the module with that port is located to which the device is connected. -
Page 227
Setting up the Configuration A.2 Setting up a DHCP Server with Environment Option 82 Figure 74: Entering the addresses Switch (Option 82) MAC = IP = 00:80:63:10:9a:d7 149.218.112.100 DHCP Server IP = 149.218.112.1 IP = 149.218.112.100 Figure 75: Application example of using Option 82 Basic Configuration Release 6.0 07/2010… -
Page 228
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3 TFTP Server for Software Updates On delivery, the device software is held in the local flash memory. The device boots the software from the flash memory. Software updates can be performed via a tftp server. This presupposes that a tftp server has been installed in the connected network and that it is active. -
Page 229
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3.1 Setting up the tftp Process General prerequisites: The local IP address of the device and the IP address of the tftp server or the gateway are known to the device. The TCP/IP stack with tftp is installed on tftp server. -
Page 230
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates You can obtain additional information about the tftpd daemon tftpd with the UNIX command «man tftpd». Note: The command «ps» does not always show the tftp daemon, although it is actually running. Special steps for HP workstations: During installation on an HP workstation, enter the user tftp in the /etc/passwd file. -
Page 231
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates Checking the tftp process Edit the file e t c i n e t d . c o n f Is tftp* commented out? Delete the comment character »#« from this line Re-initialize inetd.conf by entering k i l l — 1 P I D… -
Page 232
Setting up the Configuration A.3 TFTP Server for Software Up- Environment dates A.3.2 Software Access Rights The agent needs read permission for the tftp directory on which the device software is stored. Example of a UNIX tftp Server Once the device software has been installed, the tftp server should have the following directory structure with the stated access rights: File name Access… -
Page 233
Setting up the Configuration A.4 Preparing Access via SSH Environment A.4 Preparing Access via SSH To be able to access the device via SSH, you will need: a key to install the key on the device to enable access via SSH on the device and a program for executing the SSH protocol on your computer. -
Page 234
Setting up the Configuration A.4 Preparing Access via SSH Environment Figure 77: PuTTY key generator The OpenSSH Suite offers experienced network administrators a further option for generating the key. To generate the key, enter the following command: ssh-keygen(.exe) -q -t rsa1 -f rsa1.key -C » -N » A.4.2 Uploading the SSH Host Key The Command Line Interface enables you to upload the SSH key to the device. -
Page 235
Setting up the Configuration A.4 Preparing Access via SSH Environment The device loads the key file to its non-volatile copy tftp://10.0.10.1/ memory. device/rsa1.key 10.0.10.1 represents the IP address of the nvram:sshkey-rsa1 tftp server. device represents the directory on the tftp server. rsa1.key represents the file name of the key. -
Page 236
Setting up the Configuration A.4 Preparing Access via SSH Environment Figure 78: Security alert prompt for the fingerprint Check the fingerprint to protect yourself from unwelcome guests. Your fingerprint is located in the “Key” frame of the PuTTY key generator (see fig. -
Page 237
Setting up the Configuration A.4 Preparing Access via SSH Environment The OpenSSH Suite offers experienced network administrators a further option to access your device via SSH. To set up the connection, enter the following command: ssh admin@10.0.112.53 -cdes admin represents the user name. 10.0.112.53 is the IP address of your device. -
Page 238
Setting up the Configuration A.4 Preparing Access via SSH Environment Basic Configuration Release 6.0 07/2010… -
Page 239: B General Information
General Information B General Information Basic Configuration Release 6.0 07/2010…
-
Page 240
General Information B.1 Management Information Base (MIB) B.1 Management Information Base (MIB) The Management Information Base (MIB) is designed in the form of an abstract tree structure. The branching points are the object classes. The «leaves» of the MIB are called generic object classes. -
Page 241
Lower (e.g. threshold value) Power supply Power supply System User interface Upper (e.g. threshold value) Vendor = manufacturer (Hirschmann) Definition of the syntax terms used: Integer An integer in the range -2 IP Address xxx.xxx.xxx.xxx (xxx = integer in the range 0-255) -
Page 242
16 vacm 7 udp 11 snmp 16 rmon 17 dot1dBridge 26 snmpDot3MauMGT Figure 80: Tree structure of the Hirschmann MIB A complete description of the MIB can be found on the CD-ROM included with the device. Basic Configuration Release 6.0 07/2010… -
Page 243
General Information B.2 Abbreviations used B.2 Abbreviations used AutoConfiguration Adapter Access Control List BOOTP Bootstrap Protocol Command Line Interface DHCP Dynamic Host Configuration Protocol Forwarding Database GARP General Attribute Registration Protocol GMRP GARP Multicast Registration Protocol HTTP Hypertext Transfer Protocol ICMP Internet Control Message Protocol IGMP… -
Page 244
General Information B.3 Technical Data B.3 Technical Data You will find the technical data in the document „Reference Manual Web- based Interface“. Basic Configuration Release 6.0 07/2010… -
Page 245
General Information B.4 Readers’ Comments B.4 Readers’ Comments What is your opinion of this manual? We are always striving to provide as comprehensive a description of our product as possible, as well as important information that will ensure trouble-free operation. Your comments and suggestions help us to further improve the quality of our documentation. -
Page 246
Date / Signature: Dear User, Please fill out and return this page as a fax to the number +49 (0)7127/14-1600 or by mail to Hirschmann Automation and Control GmbH Department AED Stuttgarter Str. 45-51 72654 Neckartenzlingen Basic Configuration Release 6.0 07/2010… -
Page 247: Index
Index C Index Configuration file 46, 55 39, 54, 65, 67, 180, 180, 180 Connection error Access Access right Access rights Data transfer parameter Access security Destination address 122, 122, 123, 134 Access with Web-based interface, password Destination address field Destination table Device Status 181, 181, 184…
-
Page 248
Index HaneWin 218, 224 Netmask 28, 34 Hardware address Network address Hardware reset Network Management HiDiscovery 36, 89, 89 Network Management Software HIPER-Ring Network topology HIPER-Ring (source for alarms) 100, 102 HiVision 10, 47 Host address Object classes Object description in-band Object ID Operating mode… -
Page 249
Index System Monitor 16, 16 Rate Limiter Settings 138, 139 System Name Read access System name Real time 97, 141 System time 101, 103 Reboot Receiver power status Receiving port TCP/IP stack Redundancy Technical questions Reference clock 98, 101, 106, 111 Telnet Relay contact Time difference… -
Page 250
Index Web-based Interface Web-based interface Web-based management Website Winter time Write access Basic Configuration Release 6.0 07/2010… -
Page 251: D Further Support
Further Support D Further Support Technical Questions and Training Courses In the event of technical queries, please contact your local Hirschmann distributor or Hirschmann office. You can find the addresses of our distributors on the Internet: www.hirschmann-ac.com. Our support line is also at your disposal: Tel.
-
Page 253
OCTOPUS 16M-2FX OCTOPUS 16M-2FX OCTOPUS 8M OCTOPUS 16M OCTOPUS 8M Train OCTOPUS 16M Train OCTOPUS 16M-8PoE-2FX OCTOPUS 8M-8PoE OCTOPUS 16M-8PoE OCTOPUS 8M-6PoE OCTOPUS 24M OCTOPUS 24M-2FX OCTOPUS 24M OCTOPUS 24M-2FX OCTOPUS 24M Train OCTOPUS 8M/16M/24M Technical support Release 07/2008 HAC-Support@hirschmann.de… -
Page 254
This publication has been created by Hirschmann Automation and Control GmbH according to the best of our knowledge. Hirschmann reserves the right to change the contents of this manual without prior notice. Hirschmann can give no guarantee in respect of the correctness or accuracy of the details in this publication. -
Page 255
Content Safety instructions About this manual Legend Device description Description of the device models 1.1.1 Devices without Power over Ethernet 1.1.2 Devices with Power over Ethernet Assembly and startup procedure Device installation 2.1.1 Unpacking and checking 2.1.2 Connecting the connector for supply voltage and signal contact 2.1.3 Fitting the device, grounding 2.1.4 Connecting the power supply, startup procedure… -
Page 256: Safety Instructions
Hirschmann. The product can only be operated correctly and safely if it is transported, stored, installed and assembled properly and correctly.
-
Page 257
Housing Only technicians authorized by Hirschmann are permitted to open the housing. The device is grounded via the separated ground screw. It is located on the left under the front panel. V Make sure that the electrical installation meets local or nationally ap- plicable safety regulations. -
Page 258: General Safety Instructions
General Safety Instructions This device is electrically operated. Adhere strictly to the safety require- ments relating to voltages applied to the device as described in the ope- rating instructions! Failure to observe the information given in the warnings could result in serious injury and/or major damage.
-
Page 259
Hirschmann Automation and Control GmbH Stuttgarter Straße 45-51 D-72654 Neckartenzlingen Germany Phone ++49 7127 14 1480 The product can be used in living areas (living area, place of business, small business) and in industrial areas. Interference immunity: EN 61000-6-2:2005 Emitted interference: EN 55022:2006, Class A Warning! This is a class A device. -
Page 260: About This Manual
About this manual The following manuals are included as PDF files on the enclosed CD ROM: User manual „Installation“ User manual „Basic configuration“ User manual „Redundancy configuration“ Reference manual „Web-based Interface“ and Reference manual „Command Line Interface“ If you use Network Management Software HiVision you have further opportunities to: have an event logbook.
-
Page 261: Device Description
Device description The OCTOPUS 8M/16M/24M devices are designed for the special requirements of industrial automation. They meet the relevant industry standards, provide very high operational reliability, even under extreme conditions, and also long-term reliability and flexibility. The devices operate without fans and have a redundant voltage supply. The HIPER-Ring redundancy concept enables you to quickly carry out a reconfiguration, and also a simple configuration with only one additional connection.
-
Page 262: Description Of The Device Models
Communication on every level The addition, to the OCTOPUS 8M/16M/24M range, of the RS20/RS30 Open Rail range, the MICE range of switches, the MACH range of backbone switches, the BAT wireless transmission system, the EAGLE security system, and products for the LION control room, provides continuous communication across all levels of the company.
-
Page 263
terminal devices are powered by the twisted-pair cable. The OCTOPUS …PoE… has, depending on the device model, six to eight 10BASE-T/100BASE-TX ports (M12 sockets) for connecting network seg- ments or PoE terminal devices (PD, Powered Device) on all IEEE802.3af power classes up to max. 15.4 W power output. Thereof PoE Gerät Number of FX ports Number of TX ports… -
Page 264: Assembly And Startup Procedure
Connecting the connector for supply voltage and signal contact The supply voltage and the signal contacts are connected via a 5-pole M12 circular connector (A coding, e.g. ELWIKA 5012 PG7 from Hirschmann included in scope of delivery). 24V supply voltage The supply voltage can be connected redundantly.
-
Page 265
PoE supply voltage (optionally) The PoE supply voltage for OCTOPUS …PoE… devices is connected via a 5-pin M12 connector (A coding, e.g. ELWIKA 5012 PG7 from Hirschmann, included in the scope of delivery). The OCTOPUS …PoE… devices (48 V DC safety low voltage) are supplied with PoE power by an external power supply unit. -
Page 266
Note: Do not operate the OCTOPUS …PoE… devices in line. Only connect external power supply units each to one OCTOPUS …PoE… device directly. Pin assignment of the M12 connector Pin Function + 48V DC (1) + 48V DC (2) Fig. 3: Connection of the PoE supply voltage and the signal contact Signal contact The signal contact («FAULT», pin assignment of the connector… -
Page 267: Fitting The Device, Grounding
2.1.3 Fitting the device, grounding To protect the exposed contacts of the components still to be installed from dirt, the individual system components must be connected in a dry and clean area. Ports which are not assigned are to be closed with the covering caps contained in the scope of delivery.
-
Page 268
Fig. 4: Dimensions OCTOPUS 8M, OCTOPUS 8M Train, OCTOPUS 8M-8PoE, OCTOPUS 8M-6PoE OCTOPUS 8M/16M/24M Release 07/2008… -
Page 269
Fig. 5: Dimensions OCTOPUS 16M, OCTOPUS 16M Train, OCTOPUS 16M-2FX, OCTOPUS 16M-8PoE, OCTOPUS 16M-8PoE-2FX OCTOPUS 8M/16M/24M Release 07/2008… -
Page 270
Fig. 6: Dimensions OCTOPUS 24M, OCTOPUS 24M Train, OCTOPUS 24M-2FX OCTOPUS 8M/16M/24M Release 07/2008… -
Page 271: Connecting The Power Supply, Startup Procedure
Ground The chassis is grounded via a separate ground nut (M3). V Use toothed locking washers for a good electrical connection. Note: The shielding ground of the connectable twisted pair lines is connected to the chassis as a conductor. 2.1.4 Connecting the power supply, startup procedure V Mount the connector for the supply voltage and the signal contact on the front of the device.
-
Page 272: Power Over Ethernet Poe
M12 (MDI) M12 (MDI) Shield Shield M12 (MDI) M12 (MDI-X via autocrossing port) Shield Shield M12 (MDI) RJ45, MDI (end device) Shield Shield M12 (MDI) RJ45, MDI-X (switch) Shield Shield M12-4 to M12-4 crossover cable M12-4 to M12-4 straight-through cable M12-4 to RJ45 crossover cable M12-4 to RJ45 straight-through cable Fig.
-
Page 273
Delivery condition: Autonegotiation activated except for the ring ports: 100 Mbit/s, full duplex. The socket housing is electrically connected to the front panel. The PoE voltage is fed in via the pins 1&4 onto the data signal line pairs (phantom supply). Pole Wire color Function PoE(PSE) -
Page 274: Displays
Displays After applying the operating voltage, the software starts and initializes itself. The device then performs a selftest. The process lasts approximately 60 se- conds. OCTOPUS 24M-2FX Port status LEDs (here: for port 1 to 4) Device status LEDs Device status These LEDs provide information about conditions which affect the opera- tion of the whole device.
-
Page 275: Port Status
Port status A green/yellow LEDs on the specific ports display port-related informa- tion. LS/DA (Link status/Data, green/ Meaning yellow LED), not lit no data reception at the specific port, no connection lit green valid connection flashes green (1 time per second) port is switched to stand-by flashes green (3 times per second) port is disabled flashes yellow…
-
Page 276
Pin assignment of the ACA21-12M (M12 socket) Note: The ACA11-M12 AutoConfiguration Adapter, available as an accessory for certain Hirschmann devices, is not designed for applications with OCTOPUS devices. If you wish to apply an AutoConfiguration Adapter to your OCTOPUS device, use the ACA21-M12 (USB socket of the OCTOPUS device (see Fig. -
Page 277
“Technical data” on page Note: The ACA11-M12 AutoConfiguration Adapter, available as an accessory for certain Hirschmann devices, is not designed for applicati- ons with OCTOPUS devices. If you wish to apply an AutoConfiguration Adapter to your OCTOPUS de- vice, use the ACA21-M12 (USB socket of the OCTOPUS device (see Fig. -
Page 278: Technical Data
Technical data General data Dimensions 189 mm x 184 mm x 70 mm OCTOPUS 8M… W x H x D OCTOPUS 16M… 189 mm x 261 mm x 70 mm OCTOPUS 24M… 189 mm x 338 mm x 70 mm Weight OCTOPUS 8M 1310 g…
-
Page 279: Emv And Stability
EMV and stability EMV interference proof EN 61000-4-2 Discharge of static electricity Contact discharge 6 kV Air discharge 8 KV EN 61000-4-3 Electromagnetic fields Test level 3 (80 — 2000 MHz) 20 V/m EN 61000-4-4 Fast transients (burst) — Power line 4 kV — Data line 4 kV…
-
Page 280: Power Consumption/Power Output
Power consumption/power output Maximum Name power Power output consumption OCTOPUS 8M 6.2 W 21.1 Btu (IT)/h OCTOPUS 8M Train 6.2 W 21.1 Btu (IT)/h OCTOPUS 8M-8PoE no PD (powered device) 10.0 W 34.0 Btu (IT)/h 8 x Class0-PD 142.0 W 483.3 Btu (IT)/h OCTOPUS 8M-6PoE no PD (powered device)
-
Page 281: Order Numbers/Product Name
Order numbers/product name Device Order numbers OCTOPUS 8M 943 931-001 OCTOPUS 8M Train 943 983-001 OCTOPUS 8M-8PoE 943 967-001 OCTOPUS 8M-6PoE 943 967-101 OCTOPUS 16M 943 912-001 OCTOPUS 16M Train 943 984-001 OCTOPUS 16M-8PoE 943 960-001 OCTOPUS 16M-2FX 943 912-002 OCTOPUS 16M-8PoE-2FX 943 960-101 OCTOPUS 24M…
-
Page 282: Based Specifications And Standards
OCTOPUS … Train (without PoE) …PoE… cUL 508 / CSA C22.2 No.142 pending German Lloyd pending e1 type approval FCC 47 CFR Part 15:2006 EN 50155 pending EN 50121-4:2000 EN 61131-2:2003 Table 5: Certifications, actual state see www.hirschmann.com OCTOPUS 8M/16M/24M Release 07/2008…
-
Page 283: Further Support
Further support Technical questions and training courses In the event of technical queries, please talk to the Hirschmann contract partner responsible for looking after your account or directly to the Hirschmann office. You can find the addresses of our contract partners on the Internet: http://www.hirschmann-ac.com…
-
J5create JWR2100
Wireless Presentation Systemwith Dual Band AC2100 RouterQuick Installation GuideIf you have any problems withthis product please contact ourtechnical support team beforereturning it to the store .Computer3.48MB Free of 15.9 MBComputerDevices with Removable Storage (1)JWR2100(H:)JWR2100(H:)JWR2100VGAHDMIUSB 2.0DevicesRJ …
JWR2100 Network Router, 2
-
Kajeet SmartBus 900
ABCDEPaddle Antenna (A & B)GPS Antenna (C)Wi-Fi Antenna (D)Kajeet SmartBus™ 900Quick Start GuideSetting Up the RouterNOTE: All SIM cards are pre-installed.1A. Screw in paddle antenna (A) to the MAIN port.B. Screw in second paddle antenna (B) to the AUX port.C. Screw in the GPS antenna (C) to the GPS port (if purc …
SmartBus 900 Network Router, 2
-
D-Link DIR-510L
Wi-Fi AC750 Portable Router and ChargerDIR-510LConnect, share and charge your mobile devices anytime, anywhere, with D-Link’s DIR-510L Wi-Fi AC750 Portable Router and Charger. Share les, stream media and browse the Internet with the reliability and performance provided by Next-Generation Wireless AC technology. Si …
DIR-510L Wireless Router, 3
-
QTech QSR-2920 Series
CONFIGURATION MANUAL www.qtech.ru QSR-2920 Series Router Configuration Manual QSR-2920-04-AC, QSR-2920-04-AC-AC, QSR-2920-14-AC, QSR-2920-14-AC-AC, QSR-2920-14P-AC, QSR-2920-24-AC, QSR-2920-24-AC-AC …
QSR-2920 Series Network Router, 6
-
Billion 7800NX
Billion Electric Co., Ltd. 8F., No. 192, Sec. 2, Zhongxing Road, Xindian Dist., New Taipei City, Taiwan TEL: +886-2-2914-5665 FAX: +866-2-2918-6731,+886-2-2918-2895 E-mail: [email protected] www.billion.com Trip …
7800NX Network Router, 2
-
Nortel Remote Gateway 50
Steps 1 3Before you startSteps 4 10Mounting OptionsSteps 11 13Powering upSteps 14 21Initial Access and Configuration!Perform steps 11 and 12 in the order listed. BES50Business Ethernet Switch 50 SeriesQuick Install GuideYou can download all documents referenced in this Quick Install guide at www.no …
Remote Gateway 50 Switch, 1