Basic Configuration: MICE Switch Power (MSP)
Contents
1. enable Switch to the privileged EXEC mode configure Switch to the Configuration mode dhcp server pool add 1 static Creates index 1 and assigns the IP address 192 168 23 42 192 168 23 42 statically dhcp server pool modify 1 Assigns the static address in index 1 to port 1 1 mode interface 1 1 dhcp server pool modify 1 Assigns the IP address in index 1 to the device mode mac 00 24 E8 D6 50 51 with the MAC address 00 24 E8 D6 50 51 dhcp server pool mode 1 Enables the index 1 pool entry dhcp server pool modify 1 Modifies index 1 to allocate the IP address to the leasetime infinite client infinitely dhcp server operation Enables the DHCP server interface 1 1 Switch to the Interface Configuration mode of interface 1 1 dhcp server operation Enables the DHCP server operation on this port UM BasicConfig MSP 246 Release 2 0 02 2013 Advanced functions of the device 9 1 Using the device as a DHCP Server 9 1 3 DHCP server dynamic IP address range example The device allows you to create dynamic IP address ranges Leave the MAC Address Client ID Remote ID and Circuit ID fields blank To create dynamic IP address ranges with gaps between the ranges add several entries to the table LI Open the Advanced DHCP Server Pool dialog O To add a new entry to the table click Create L Enter 192 168 23 92 in IP Address for the first IP address of the range and enter 192 1682. enable Switch to the privileged EXEC mode vlan database Switch to the VLAN mode dhep 1l2relay circuit id 2 This commands enables setting the Option 82 Circuit ID in the DHCP messages to an interface descriptor dhcp 1l2relay mode remote id This commands sets the Option 82 Remote ID to ip 2 the management IP address of device dhcp l2relay mode 2 Enable the DHCP Layer 2 Relay function on VLAN 2 exit Switch to the privileged EXEC mode configure Switch to the Configuration mode interface 1 1 Switch to the Interface Configuration mode of interface 1 1 dhcp 1l2relay mode Enable the DHCP Layer 2 Relay function on the interface exit Switch to the Configuration mode interface 1 2 Switch to the interface configuration mode for port 1 2 dhcep 12relay trust To forward the DHCP Option 82 information configure the interface as trusted UM BasicConfig MSP 238 Release 2 0 02 2013 Operation Diagnosis 8 15 DHCP L2 Relay dhcp l2relay mode Enable the DHCP Layer 2 Relay function on the interface exit Switch to the Configuration mode dhcp l2relay mode Enable the DHCP Layer 2 Relay function globally Perform the following steps on Switch 2 enable Switch to the privileged EXEC mode configure Switch to the Configuration mode interface 1 1 Switch to the Interface Configuration mode of interface 1 1 dhcp l2relay trust To forward the DHCP Option 82 information configure the interfa
3. Function Con off Period to undo while Connection is lost s 600 Watchdog IP Address 0 0 0 0 4 7 Encryption Software Fingerprint Storage Type ore Modification Date Selected Encrypted Fingerprint Verified RAM ru onfig gt 02 0 00 VM 3 6 PM i w D 0 E 7 h 0 t Set Reload Save Activate Delete Select w O Hep Figure 48 Basic Settings Load Save dialog show config profiles nvm Displays the configuration profiles contained in non volatile memory NVM enable Switch to the privileged EXEC mode copy config nvm profile Activate the configuration profile config3 in config3 running config non volatile memory NVM The device copies the settings into memory RAM and disconnects the CLI connection The device immediately uses the settings of the configuration profile config3 on the fly UM BasicConfig MSP 102 Release 2 0 02 2013 Managing configuration profiles 4 3 Loading settings 4 3 2 Loading the configuration profile from the external memory Upon reboot the device automatically loads a configuration profile from the external memory ENV if the external memory is connected The device offers you the option of saving these settings in a configuration profile in non volatile memory NVM If the external memory contains the configuration profile of an identical device this allows you to transfer the settings from one device to another Perform the following work s
4. Saving the configuration profile in the device on page 90 With CLI the device offers the option of copying the settings from the external memory ENVM directly into non volatile memory NVM show config profiles nvm Displays the configuration profiles contained in non volatile memory NVM enable Switch to the privileged EXEC mode copy config envm profile Copy the configuration profile config3 from the config3 nvm external memory ENVM to the non volatile memory NVM UM BasicConfig MSP Release 2 0 02 2013 105 Managing configuration profiles 4 3 Loading settings 4 3 3 Importing a configuration profile The device allows you to import from a server a configuration profile saved as an XML file If you use the graphical user interface you have the option to import the XML file directly from your PC Prerequisite To save the file on a server you need a configured server on the network To save the file to an SCP or SFTP Server you also need the username and password for accessing this server Perform the following work steps L Open the Basic Settings Load Save dialog External Memory Configuration Encryption Information Selected ENVM SD Active 7 Set Password Delete NYM synchron to running config IV Status lok ENYM synchron to NYM Vv Undo Modifications of Configuration Function Co off Period to undo while Connection is lost s 600 Watchdog IP Address 0 0 0 0 3 3 Encryption Softw
5. 2 Help Figure 26 Security Authentication List dialog enable Switch to the privileged EXEC mode configure Switch to the Configuration mode authlists add loginGUI Creates the loginGUT list authlists enable loginGUI Activates the 1oginGUT list authlists set policy Allocates the methods to the loginGUI list loginGUI radius local reject according to the example reject reject show authlists Shows the lists that are set up UM BasicConfig MSP Release 2 0 02 2013 61 Access to the device 3 1 Authentication lists L Connect the list with an application L Inthe Ssecurity Authentication List dialog select the desired list by clicking the Name field L Click Allocate Applications The dialog shows the Allocate Applications window Dedicated Applications active is edicated Applications Set Reload Create i Remove i Aione Aplications rer Figure 27 Allocate Applications window in the Security Authentication List dialog O Inthe Possible Applications column select the application that you are allocating to the list gt For access using the graphical user interface GUI select Web Interface gt For access using the CLI via SSH select SSH For access using the CLI via Telnet select Telnet O Click gt The Dedicated Applications column now shows the application O Click OK UM BasicConfig MSP 62 Release 2 0 02 2013 Access to the device 3 1 Authe
6. selftest action task log To send a message to the event log when a task is only unsuccessful selftest action resource To send a flag to the manamgement station when send trap there is a lack of resources selftest action software To send a flag to the manamgement station when send trap there is a loss of software integrity selftest action hardware To reboot the device when hardware degradation reboot occurs UM BasicConfig MSP 232 Release 2 0 02 2013 Operation Diagnosis 8 13 Cause and Action management during Selftest Disabling these functions lets you decrease the time required to reboot the device after a cold start You find these options in the Diagnostics System Selftest dialog located in the Configuration frame RAM Test to enable or disable the ramtest function during a cold start Activate SysMon1 to enable or disable the System Monitor function during a cold start Reload default config on error to enable or disable the reloading of the standard device configuration if no readable configuration is available during a restart Note Device access is in jeopardy when you disable the System Monitor 1 for example misplacement or misconfiguration of the administrator password selftest ramtest no selftest ramtest selftest system monitor no selftest system monitor show selftest action show selftest settings UM BasicConfi
7. 256 c sflow pol ow sampler maxheadersize ler receiver linterval 400 8 16 Network Monitoring with sFlow To assign the sFlow sampler on the port to the previously configured receiver with a sampling rate of 300 To configure the maximum header size of the sFlow sampler to 256 To assign the sFlow poller to the previously configured receiver and to sample data for 400 s UM BasicConfig MSP Release 2 0 02 2013 Advanced functions of the device 9 Advanced functions of the device UM BasicConfig MSP Release 2 0 02 2013 243 Advanced functions of the device 9 1 Using the device as a DHCP Server 9 1 Using the device as a DHCP Server A Dynamic Host Configuration Protocol DHCP server assigns IP addresses gateways and other networking definitions such as DNS and NTP parameters to clients The DHCP operations fall into 4 basic phases IP discovery IP lease offer IP request and IP lease acknowledgment Use the acronym DORA which stands for Discovery Offer Request and Acknowledgement to help remember the phases The server receives client data on UDP port 67 and sends data to the client on UDP port 68 The DHCP server provides an IP address pool or pool from which it allocates IP addresses to clients The pool consists of a list of entries An entry defines either a specific IP address or an IP address range The device allows you to activate the DHCP server globally and per inte
8. Monitor active Port without link control box for connected ports to send an alarm when link is down O To send a trap to the management station active the Generate Trap control box located in the Trap Configuration frame LI Configure at least one SNMP Manager in the Diagnostics Status Configuration Alarms Traps dialog OO enable Switch to the privileged EXEC mode configure Switch to the Configuration mode security status monitor Sets the monitoring of default password change pwd change for user and Admin security status monitor Sets the monitoring of minimum length of the pwd min length password smaller 8 security status monitor To monitor the password minimum strength pwd str not config check configuration security status monitor To monitor whether at least one user is able to bypass pwd strength bypass strength check security status monitor Sets the monitoring of the activation of telnet on telnet enabled the switch security status monitor Sets the monitoring of the activation of http on the http enabled switch security status monitor To monitor SNMP security snmp unsecure When enabling SNMPv1 v2 or disabling v3 encryption security status monitor To monitor the activation of System Monitor 1 on sysmon enabled the device security status monitor To monitor the activation of the external non extnvm upd enabled vola
9. Port 1 4 becomes member untagged in VLAN 2 Port 1 4 is assigned the port VLAN ID 2 Switch to the Configuration mode Switch to the interface configuration mode for port 1 5 Port 1 5 becomes member untagged in VLAN 3 Port 1 5 is assigned the port VLAN ID 3 Switch to the Configuration mode Switch to the privileged EXEC mode Show details for VLAN 3 VLAN3 Static 0 days 00 07 47 System Uptime disabled Configured Tagging nclude Tagged Autodetect Untagged Include Untagged Autodetect Untagged Include Untagged For further information on VLANs see the reference manual and the integrated help function in the program 184 UM BasicConfig MSP Release 2 0 02 2013 VLANs 7 2 Guest Unauthenticated VLAN 7 2 Guest Unauthenticated VLAN The guest VLAN function allows a device to provide port based Network Access Control IEEE 802 1x to non 802 1x capable supplicants This feature provides a mechanism to allow guests to access external networks exclusively When you connect non 802 1x capable supplicants to an active unauthorized 802 1x port the supplicants send no responds to 802 1x requests Since the supplicants send no responses the port remains in the unauthorized state and the supplicants have no access to external networks The guest VLAN supplicant function is a per port basis configuration When you configure a port as a guest VLAN and connect non 802 1x capable supplicant
10. UM BasicConfig MSP Release 2 0 02 2013 127 Synchronizing the System Time in the 5 3 PTP Network 5 3 2 Best Master Clock algorithm The devices participating in PTP designate a device in the network as a reference time source Grandmaster Here the Best Master Clock algorithm is used which determines the accuracy of the clocks available in the network The Best Master Clock algorithm evaluates the following criteria Priority 1 Class Clock Accuracy Clock Variance Priority 2 The algorithm first evaluates priority 1 of the participating devices The device with the smallest value for priority 1 becomes the reference time source Grandmaster If the value is the same for multiple devices the algorithm takes the next criterion and if this is also the same it takes the next criterion after this one If all the values are the same for multiple devices the smallest value in the Clock Identifier field decides which device becomes the reference time source Grandmaster The device offers you the option in the settings of the boundary clock to individually define the values for Priority 1 and Priority 2 This allows you to influence which device will be the reference time source Grandmaster in the network UM BasicConfig MSP 128 Release 2 0 02 2013 Synchronizing the System Time in the 5 3 PTP Network 5 3 3 Delay measurement The delay of the synchronization messages between the devices affects the a
11. e g 1 3 6 1 1 4 1 248 Octet string ASCII character string PSID Power supply identifier number of the power supply unit UM BasicConfig MSP 268 Release 2 0 02 2013 General Information B 1 Management Information Base MIB Definition of the syntax terms used TimeTicks Stopwatch Elapsed time in seconds numerical value 100 Numerical value integer in range 0 232 1 Timeout Time value in hundredths of a second Time value integer in range 0 2321 Type field 4 digit hexadecimal number in accordance with ISO IEC 8802 3 Counter Integer 0 2 whose value is increased by 1 when certain events occur 7 dotidBridoe B 26 snmpDoiaMeuMGT ma Figure 104 Tree structure of the Hirschmann MIB UM BasicConfig MSP Release 2 0 02 2013 269 General Information B 1 Management Information Base MIB A description of the MIB can be found on the product CD provided with the device UM BasicConfig MSP 270 Release 2 0 02 2013 General Information B 2 Abbreviations used B 2 Abbreviations used AutoConfiguration Adapter ACA31 ACL Access Control List BOOTP CLI Bootstrap Protocol Command Line Interface DHCP Dynamic Host Configuration Protocol FDB GUI Forwarding Database Graphical User Interface HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure ICMP IEEE Internet Control Message Protocol Institute of Electric
12. low 5 3 1 Types of clocks PTP defines the roles of master and slave for the clocks in the network A master clock reference time source distributes its time A slave clock synchronizes itself with the timing signal received from the master clock UM BasicConfig MSP 126 Release 2 0 02 2013 Synchronizing the System Time in the 5 3 PTP Network Boundary clock The transmission time latency in routers and switches has a measurable effect on the precision of the time transmission To correct such inaccuracies PTP defines what are known as boundary clocks In a network segment a boundary clock is the reference time source master clock to which the subordinate slave clocks synchronize Typically routers and switches take on the role of boundary clock The boundary clock in turn obtains the time from a higher level reference time source Grandmaster GPS Reference ae Grandmaster Clock Slave Master Boundary Clock Figure 56 Position of the boundary clock in a network Transparent clock Switches typically take on the role of transparent clock to enable high accuracy across the cascades The transparent clock is a slave clock that corrects its own transmission time when forwarding synchronization messages received Ordinary clock PTP designates the clock in a terminal device as an ordinary clock An ordinary clock functions either as a master clock or slave clock
13. the device NVM in the selected configuration profile UM BasicConfig MSP Release 2 0 02 2013 91 Managing configuration profiles 4 2 Saving settings E Copying settings to a configuration profile The device allows you to store the settings saved in memory RAM ina configuration profile other than the selected configuration profile In this way you create a new configuration profile in non volatile memory NVM or overwrite an existing one Perform the following work steps LI Open the Basic Settings Load Save dialog External Memory Configuration Encryption Information Selected ENVM SD emod Sees Dera NYM synchron to running config IV Status lok ENYM synchron to NYM K r Undo Modifications of Configuration Function Con off Period to undo while Connection is lost s 600 Watchdog IP Address 0 0 0 0 ATOPA Encryption Software 5 j Fingerprint Storage Type onee Modification Date Selected Encrypted Fingerprint nning config 0 10 nti Jal 0137 2 AM 02 0 00 338 94416 5941 l Jal J i BF Set Reload Save Activate Delete Select Ww Figure 40 Basic Settings Load Save dialog L Click the _ button then Save As The dialog shows the Save As window ST xi Contiguration Profile Name config z cme Figure 41 Save As window in the Basic Settings Load Save dialog L In the Name field change the name of the configuration pr
14. the highest traffic class of Weighted Fair Queuing is lower than the lowest traffic class of Strict Priority When you combine Weighted Fair Queuing with Strict Priority a high Strict Priority network load can significantly reduce the bandwidth available for Weighted Fair Queuing 6 4 6 Management prioritization In order for you to have full access to the management of the device even when there is a high network load the device allows you to prioritize management packets When prioritizing management packets the device sends the management packets with priority information On Layer 2 the device modifies the VLAN priority in the VLAN tag For this function to be useful the configuration of the corresponding ports must permit the sending of packets with a VLAN tag On Layer 3 the device modifies the IP DSCP value UM BasicConfig MSP 160 Release 2 0 02 2013 Network Load Control 6 4 QoS Priority 6 4 7 Setting prioritization Assigning the Port Priority L Open the QoS Priority Port Configuration dialog LI In the Port Priority column you define the priority with which the device sends the data packets received on this port without a VLAN tag LI In the Trust Mode column you define the criteria the device uses to assign a traffic class to data packets received LI To temporarily save the configuration click Set enable Switch to the privileged EXEC mode configure Switch to the Configuration mode interf
15. 10 1 3 5 index 1 dns client adminstate Activates the DNS client function Configure the DNS client to map static hosts with IP addresses LI Open the Advanced DNS Server Static Hosts dialog O To add a new entry to the table click Create L Inthe Name cell enter example com which is a name of a device in the network L In the IP Address cell enter 10 1 3 9 UM BasicConfig MSP 250 Release 2 0 02 2013 Advanced functions of the device 9 2 Using the device as a DNS client O To enable the entry click Active index Name Adress 1 example com 10 1 3 9 M Set Reload Create Remove O Hep Figure 87 Table in the Advanced DNS Server Static Hosts dialog enable Switch to the privileged EXEC mode configure Switch to the Configuration mode dns client host add 1 name Adds example com as a static host with an IP example com ip 10 1 3 9 address of 10 1 3 9 dns client adminstate Activates the DNS client function UM BasicConfig MSP Release 2 0 02 2013 251 Advanced functions of the device 9 3 Digital I O Module 9 3 Digital I O Module Use this function to monitor remote contacts A cyclic application is running for both inputs and outputs which polls the values of the configured inputs on remote or local I O modules and mirror these values to the outputs The device also polls the local inputs to set their state When enabled the device generates event log entries and SNMP tr
16. 4 2 Monitoring the Device Status via the Signal Contact Port Status Indication Event Counter at Port Level 8 6 1 Detecting Non matching Duplex Modes Displaying the SFP Status Topology Discovery 8 8 1 Displaying the Topology Discovery Results 8 8 2 LLDP Med 171 172 172 178 185 187 188 189 190 191 192 193 194 195 196 197 198 199 200 200 202 203 204 205 206 207 208 209 211 212 213 215 216 217 218 UM BasicConfig MSP Release 2 0 02 2013 Contents 8 9 8 10 8 11 8 12 8 13 8 14 8 15 8 16 9 1 9 2 9 3 9 4 A 1 A 2 Detecting Loops Reports 8 10 1 Global Settings 10 2 E Mail Logging 10 3 Syslog 10 4 System Log 10 5 Audit Trail Network Analysis with TC PDump Ooo 00 CO CO Monitoring Data Traffic on the Ports Port Mirroring Cause and Action management during Selftest Copper Cable Test DHCP L2 Relay 8 15 1 Circuit and Remote IDs 8 15 2 DHCP L2 Relay Configuration Network Monitoring with sFlow Advanced functions of the device Using the device as a DHCP Server 9 1 1 IP Addresses assigned per port or per VLAN 9 1 2 DHCP server static IP address example 9 1 3 DHCP server dynamic IP address range example Using the device as a DNS client 9 2 1 Configuring a DNS server example Digital I O Module 9 3 1 Managing Digital I O Signals Telnet Client Setting up the Configuration Environment Setting up a DHCP BOOTP Server Setting up
17. 6 2 Multicasts E Setting IGMP Snooping Perform the following work steps L Open the switching IGMP Snooping dialog L Under Admin Status you turn the IGMP snooping function of the device on or off globally When the IGMP snooping function is off the device behaves as follows gt The device ignores the received query and report messages gt The device sends floods received data packets with a multicast address as the destination address on all ports O To temporarily save the configuration click Set Under the global activation option of the IGMP snooping function you define individual settings for ports Interface tab or VLANs VLAN tab These settings are only effective if the IGMP snooping function is enabled globally for the device LI Setting the IGMP snooping settings for a port L Open the Interface tab Operation Information on off Multicast Control Frames Processed fo Interface VLAN Port Active Group Membership Interval Max Response Time MRP Expiration Time Fast Leave Admin Mode Static Query Port VLAN IDs 2M Iv 260 10 260 Iv iv 1 260 260 260 Set Reload Hep Figure 62 Interface tab in the Switching IGMP Snooping dialog UM BasicConfig MSP 144 Release 2 0 02 2013 Network Load Control 6 2 Multicasts LI To enable IGMP snooping on a particular port select the Active checkbox on the line of the desired port LI To
18. 7 1 Examples of VLANs Proceed as follows to perform the example configuration O Configure VLAN LI Open the switching VLAN Static dialog Create VLAN ID fs Set Reigad Create Remove QO rey Figure 72 Creating and naming new VLANs LI To add a new VLAN to the table click Create LI The Create window opens Enter the new VLAN ID number for example 2 in the text box L Click OK LI You give this VLAN the name VLAN2 by clicking on the field and entering the name Also change the name for VLAN 1 from Default to VLAN1 Repeat the previous steps and create another VLAN with the VLAN ID 3 and the name VLAN3 CI enable Switch to the privileged EXEC mode vlan database Switch to the VLAN configuration mode vlan add 2 Create a new VLAN with the VLAN ID 2 name 2 VLAN2 Give the VLAN with the VLAN ID 2 the name VLAN2 UM BasicConfig MSP 174 Release 2 0 02 2013 VLANs 7 1 Examples of VLANs vlan add 3 Create a new VLAN with the VLAN ID 3 name 3 VLAN3 Give the VLAN with the VLAN ID 3 the name VLANS name 1 VLAN1 Give the VLAN with the VLAN ID 1 the name VLAN1 exit Leave the VLAN configuration mode show vlan brief Display the current VLAN configuration LI Configuring the ports VLAN ID VLANI 2 VLAN2_ U 3 vean Set Reload Create Remove Help Figure 73 Defining the VLAN membership of the ports E 0O O O Assign the
19. Client ID configured in the Basic Settings Network Global dialog The BOOTP server enters the Client ID into a database and assigns an IP address The server answers with a boot reply message The boot reply message contains the assigned IP address UM BasicConfig MSP Release 2 0 02 2013 49 Entering IP Parameters 2 6 Entering IP Parameters per DHCP 2 6 Entering IP Parameters per DHCP The DHCP Dynamic Host Configuration Protocol is a further development of BOOTP which it has replaced The DHCP additionally allows the configuration of a DHCP client via a name instead of via the MAC address For the DHCP this name is known as the client identifier in accordance with RFC 2131 The device uses the name entered under sysName in the system group of the MIB II as the client identifier You can enter this system name directly via SNMP the Web based management See Basic Settings System dialog or the Command Line Interface The device sends its system name to the DHCP server The DHCP server then uses the system name to allocate an IP address as an alternative to the MAC address In addition to the IP address the DHCP server sends the netmask the default gateway if available the tftp URL of the configuration file if available The device applies the configuration data to the appropriate parameters When the DHCP Sever assigns the IP address the device permanently saves the configuration data in non volatile memory Opti
20. Enable the Syslog function exit Switch to the privileged EXEC mode show logging host Display the syslog host settings No Server IP Port Max Severity Type Status 1 10s0 1 159 514 error systemlog active 226 UM BasicConfig MSP Release 2 0 02 2013 Operation Diagnosis 8 10 Reports configure Switch to the Configuration mode logging snmp requests get Create log events from reading SNMP requests operation logging snmp requests get The 5 indicates the seriousness of the message severity 5 that the device allocates to messages from reading SNMP requests 5 means note logging snmp requests set Create log events from writing SNMP requests operation logging snmp requests set The 5 indicates the seriousness of the message severity 5 that the device allocates to messages from writing SNMP requests 5 means notice exit Switch to the privileged EXEC mode show logging snmp Display the SNMP logging settings Log SNMP GET requests enabled Log SNMP GET severity notice Log SNMP SET requests enabled Log SNMP SET severity notice 8 10 4 System Log The device allows you to call up a log of the system events The table in the Diagnostics Report System Log dialog lists the logged events O To update the content of the log click Reload LI To search the content of the log for a key word click Search L To archive the content of the log as
21. Fair Queuing LI Open the Port Priority Queue Management dialog Traffic Class Strict Priority Min Bandwidth 9 o 90 1 0 E al WIV gqq 97 6 Set Reload Otelp Figure 69 Port Priority Queue Management dialog CO To activate Weighted Fair Queuing for a traffic class proceed as follows gt Deselect the checkbox in the Strict Priority column gt Inthe Min Bandwidth column set a value between 1 and 100 O To temporarily save the configuration click Set enable Switch to the privileged EXEC mode configure Switch to the Configuration mode UM BasicConfig MSP 164 Release 2 0 02 2013 Network Load Control 6 4 QoS Priority cos queue weighted 0 Turn on Weighted Fair Queuing for traffic class 0 cos queue min bandwidth 0 Assign a weight of 90 to traffic class 0 90 Queue Id Min bandwidth Scheduler type 0 90 weighted 1 0 Strict 2 0 strict 3 0 strict 4 0 strict 5 0 Strict 6 0 Strict 7 0 Strict Configuring Traffic Shaping on a port enable Switch to the privileged EXEC mode configure Switch to the Configuration mode interface 1 2 Switch to the interface configuration mode for port 1 2 traffic shape bw 50 Limit the maximum bandwidth of port 1 2 to 50 exit Switch to the Configuration mode exit Switch to the privileged EXEC mode show traffic shape Display the traffic shaping configuration nterface Shaping ra
22. H HIRSCHMANN A BELDEN BRAND User Manual Basic Configuration MICE Switch Power MSP UM BasicConfig MSP Technical Support Release 2 0 02 2013 https hirschmann support belden eu com The naming of copyrighted trademarks in this manual even when not specially indicated should not be taken to mean that these names may be considered as free in the sense of the trademark and tradename protection law and hence that they may be freely used by anyone 2013 Hirschmann Automation and Control GmbH Manuals and software are protected by copyright All rights reserved The copying reproduction translation conversion into any electronic medium or machine scannable form is not permitted either in whole or in part An exception is the preparation of a backup copy of the software for your own use For devices with embedded software the end user license agreement on the enclosed CD DVD applies The performance features described here are binding only if they have been expressly agreed when the contract was made This document was produced by Hirschmann Automation and Control GmbH according to the best of the company s knowledge Hirschmann reserves the right to change the contents of this document without prior notice Hirschmann can give no guarantee in respect of the correctness or accuracy of the information in this document Hirschmann can accept no responsibility for damages resulting from the use of the network components or the associa
23. Offset from PC button The device calculates the local time difference from UTC and enters the difference into the Local Offset min field Note The device provides the option to obtain the local offset from a DHCP server UM BasicConfig MSP Release 2 0 02 2013 115 Synchronizing the System Time in the 5 1 Basic settings Network O To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings Load Save dialog and click Save enable Switch to the privileged EXEC mode configure Switch to the Configuration mode clock set lt YYYY MM DD gt Set the system time of the device lt HH MM SS gt clock timezone offset Enter the time difference between the local time lt 780 840 gt and the received UTC time in minutes save Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 5 1 2 Automatic daylight saving time changeover If you operate the device in a time zone in which there is a Summer time change you set up the automatic daylight saving time changeover on the Daylight Saving Time tab When daylight saving time is enabled the device sets the local system time forward by 1 hour at the beginning of daylight saving time At the end of daylight saving time the device sets the local system time back again by 1 hour Perform the following work steps LI Open the Time Basic Settings dialog tab Daylight Savin
24. Passwort Berechtigung poraze Geel den SNMP Authentifizierung SNMP Yerschl sselung gesperrt berpr fen admir M m administrator T mj hmacmd5 des iser M m guest m L hmacmds des iser M saath operator m L hmacmd5 des Schreiben Laden L schen Erzeugen Hilfe Figure 38 Securi ty User Management dialog L Click the row of the relevant user account in the SNMP Auth Type field Select the desired setting Click the row of the relevant user account in the SNMP Encryption Type field Select the desired setting C L To temporarily save the changes click Set CI To permanently save the changes you open the Basic Settings Load Save dialog and click Save UM BasicConfig MSP Release 2 0 02 2013 85 Access to the device 86 enable configure users snmpv3 authentication lt user gt md5 shal users snmpv3 encryption lt user gt des aescfb128 none show users save 3 3 SNMP Access Switch to the privileged EXEC mode Switch to the Configuration mode Allocates the HMAC MD5 or HMAC SHA protocol for authentication requests to the lt user gt user account Allocates the DES or AES 128 algorithm to the lt user gt user account With this algorithm the device encrypts authentication requests The value none removes the encryption Shows the user accounts that are set up Saves the settings in the non volatile memory of the device NVM in the selected configuration p
25. Switch to the privileged EXEC mode Switch to the VLAN mode Create VLAN 10 Create VLAN 20 Rename VLAN 10 to Guest Rename VLAN 20 to Unauth Switch to the privileged EXEC mode Switch to the Configuration mode Enable the 802 1X function globally Enable port control on port 1 4 Switch to the Interface Configuration mode of interface 1 4 Assign the guest vlan to port 1 4 Assign the unauthorized vlan to port 1 4 Switch to the Configuration mode UM BasicConfig MSP Release 2 0 02 2013 VLANs 7 3 RADIUS VLAN assignment 7 3 RADIUS VLAN assignment The RADIUS VLAN assignment feature allows fora RADIUS VLAN ID attribute to be associated with an authenticated client When a client authenticates successfully and the RADIUS server sends a VLAN attribute the device associates the client with the RADIUS assigned VLAN As a result the device adds the physical port as an untagged member to the appropriate VLAN and sets the port VLAN ID PVID with the given value UM BasicConfig MSP Release 2 0 02 2013 187 VLANs 7 4 Creating a Voice VLAN 7 4 Creating a Voice VLAN Use the Voice VLAN feature to separate voice and data traffic on a port by VLAN and or priority A primary benefit of using Voice VLAN is to safeguard the sound quality of an IP phone when the data traffic on the port is high The device uses the source MAC address to identify and prioritize the voice data flow Using a MAC address to identify devices helps
26. This service is also active if the program itself has not been started When started the service responds to DHCP queries UM BasicConfig MSP 262 Release 2 0 02 2013 Setting up the Configuration Environ A 2 Setting up a DHCP Server with ment Option 82 Preferences 21x General Language DHCP Interfaces TFTP TFTP Options ause as long as another Server is detected I Send DHCP BOOTP replies as unicast messages F Disable Client Auto Configuration Option 116 I Respond to DHCP requests only I Vary dynamic IP address of clients I Check that a selected dynamic IP address is not in use Abbrechen Ubemetmen Figure 99 DHCP setting L To enter the static addresses click New haneWIN DHCP Server 2 1 2 File Options Window Help Observed MAC addresses Id 2 4 J static dynamic ignored Listening on Port 6 Figure 100 Adding static addresses O Select Circuit Identifier and Remote Identifier UM BasicConfig MSP Release 2 0 02 2013 263 Setting up the Configuration Environ A 2 Setting up a DHCP Server with ment Option 82 Add static entries With static entries you can assign clients with known hardware address or identifier a fixed IP address and configuration profile The assigned IP addresses must not overlap with the dynamic address ranges Identifiers or hardware addresses must be specified byte by byte in hexadecimal notation For MAC hardwar
27. a he n SNMP Authentifizierung SNMP Yerschllisselung gesperrt berpr fen M liana administrator mj E hmacmads des iser M am guest mj m hmacmd5 des m m operator m m hmacma5 des Schreiben Laden L schen Erzeugen Hite Figure 34 Securi ty User Management dialog L In the row for the relevant user account remove the selection from the Active checkbox O To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings Load Save dialog and click Save UM BasicConfig MSP 76 Release 2 0 02 2013 Access to the device 3 2 User Management enable Switch to the privileged EXEC mode configure Switch to the Configuration mode users disable lt user gt To disable user account show users Shows the user accounts that are set up save Saves the settings in the non volatile memory of the device NVM in the selected configuration profile L To permanently deactivate the user account settings you delete the user account O Select the relevant user and click Clear L To permanently save the changes you open the Basic Settings Load Save dialog and click Save users delete lt user gt Deletes the lt user gt user account show users Shows the user accounts that are set up save Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 3 2 7 Adjusting policies for passwords
28. after a reboot save the configuration profile in non volatile memory NVM Saving a configuration profile The device always stores the settings in the selected configuration profile in non volatile memory NVM Perform the following work steps UM BasicConfig MSP 90 Release 2 0 02 2013 Managing configuration profiles 4 2 Saving settings L Open the Basic Settings Load Save dialog External Memory Information Selected ENVM SD Contiguration Encryption Active 7 Set Password Delete NVM synchron to running config 4 Status lok ENVM synchron to NVM Vv Undo Modifications of Configuration Function Con off Period to undo while Connection is lost s 600 Watchdog IP Address Storage Type o Modification Date Selected Encrypted ati Fingerprint Peele running config 0 7 10 32 amp i F3387FF304 4 9441621997B00B0D44359 i i 1621 3 Set Reload Save Activate Delete Select x Figure 39 Basic Settings Load Save dialog LI Make sure that the desired configuration profile is selected You can recognize the selected configuration profile by the fact that the checkbox is selected in the Selected column O Click the Save button show config profiles nvm Displays the configuration profiles contained in non volatile memory NVM enable Switch to the privileged EXEC mode save Saves the settings in the non volatile memory of
29. and downloads on the product pages of the Hirschmann website UM BasicConfig MSP Release 2 0 02 2013 273 General Information B 5 Readers Comments B 5 Readers Comments What is your opinion of this manual We are constantly striving to provide as comprehensive a description of our product as possible as well as important information to assist you in the operation of this product Your comments and suggestions help us to further improve the quality of our documentation Your assessment of this manual Very Good Satisfactory Mediocre Poor Good Precise description O O O O O Readability O O O O O Understandability O O O O O Examples O O O O O Structure O O O O O Comprehensive O O O O O Graphics O O O O O Drawings O O O O O Tables O O O O O Did you discover any errors in this manual If so on what page UM BasicConfig MSP 274 Release 2 0 02 2013 General Information B 5 Readers Comments Suggestions for improvement and additional information General comments Sender Company Department Name Telephone number Street Zip code City E mail Date Signature Dear User Please fill out and return this page as a fax to the number 49 0 7127 14 1600 or per mail to Hirschmann Automation and Control GmbH Department 01RD NT Stuttgarter Str 45 51 72654 Neckartenzlingen UM BasicConfig MSP Release 2 0 02 2013 275 General Information B 5 Readers Comments UM BasicConfig MSP 276 Rel
30. basis and are broken down by type of traffic gt Received broadcast data packets Received multicasts Received unicast data packets with an unknown destination address To turn on the outbound rate limitation on a port configure and activate the limitation for at least one category In the Threshold Unit column you choose whether you define the threshold values in percent of the inbound bandwidth of the port or in data packets per second The threshold value 0 turns off rate limitation On the Egress tab you configure the rate limitation for outbound data traffic This setting is disabled by default value 0 To enable the rate limitation of the outbound traffic on one port set a value between 1 and 100 in the Bandwidth column The percentage refers to the outbound bandwidth of the port LI To temporarily save the configuration click Set UM BasicConfig MSP Release 2 0 02 2013 151 Network Load Control 6 4 QoS Priority 6 4 QoS Priority QoS Quality of Service is a procedure defined in IEEE 802 1D It is used to distribute resources in the network QoS allows you to prioritize the data of important applications Prioritizing prevents data traffic with lower priority from interfering with delay sensitive data traffic especially when there is a heavy network load Delay sensitive data traffic includes for example voice video and real time data UM BasicConfig MSP 152 Release 2 0 02 2013 Network Load Cont
31. broadcast The device waits for broadcast messages from SNTP servers on the network LI To synchronize the time only once select the checkbox Disable Client after successful Synchronization After synchronization the device switches the SNTP client function back off again gt The table shows the SNTP server to which the SNTP client sends a request in unicast operation mode The table contains up to four SNTP server definitions L To add an SNTP server click Create Enter the connection data of the SNTP server O To activate the SNTP client function select the On value in the Admin Status frame O To temporarily save the changes click Set UM BasicConfig MSP 122 Release 2 0 02 2013 Synchronizing the System Time in the 5 2 SNTP Network The Status field shows the current status of the SNTP client function L To permanently save the changes you open the Basic Settings Load Save dialog and click Save Device 192 168 1 1 192 168 1 2 192 168 1 3 192 168 1 11 192 168 1 12 SNTP client function Off On On On On Configuration Mode unicast unicast unicast unicast unicast Request interval 30 30 30 30 30 SNTP server 192 168 1 1 192 168 1 2 192 168 1 2 192 168 1 3 address es 192 168 1 1 192 168 1 1 192 168 1 2 192 168 1 1 Table 7 SNTP client settings for the example UM BasicConfig MSP Release 2 0 02 2013 123 Synchronizing the System Time in the 5 2 SNTP Network 5 2 3 Specifying SNTP server settings Wh
32. click Set L To permanently save the changes you open the Basic Settings Load Save dialog and click Save enable configure users password policy check lt user gt enable Switch to the privileged EXEC mode Switch to the Configuration mode Activates the checking of the password for the lt user gt user account based on the specified policy In this way you obtain a higher level of complexity for the password Note The password check may lead to a message when you display the security status show security status a 11 You specify the settings that cause this message with the command security status monitor bypass pwd strength users password lt user gt SE CR save ET Specifies the password SECRET for the lt user gt user account Enter at least 6 characters Saves the settings in the non volatile memory of the device NVM in the selected configuration profile UM BasicConfig MSP Release 2 0 02 2013 Access to the device 3 2 User Management 3 2 5 Setting up a new user account Allocate a separate user account to each user that accesses the device management In this way you can specifically control the authorizations for the access In the following example we will set up the user account for an lt operator gt user The lt operator gt user is authorized to monitor and configure the device with the exception of security related settings Prerequisite U
33. collector is 10 10 10 10 XYZ requires a sample of the first 256 bytes of every 300th packet Furthermore XYZ requires counter polling every 400 s Open the Advanced SFlow Receiver dialog For the name of the person or organization controlling the receiver enter XYZ in the Name cell For the remote server IP Address on which the sFlow collector software runs enter 10 10 10 10 in the IP Address cell Open the Sampler tab in the Advanced SFlow Configuration dialog Select the index number of the receiver configured in the previous steps from the Receiver pull down menu For the number of packets the device receives before the agent samples a packet enter 300 in the Sampling Rate cell For the number of bytes to sample from a packet enter 256 in the Maximum Header Size cell Open the Poller tab in the Advanced SFlow Configuration dialog Select the index number of the receiver configured the previous steps from the Receiver pull down menu For the time in seconds between samples enter 400 in the Interval s cell d 00 0 0 0 0 0 Bee enable Switch to the privileged EXEC mode configure Switch to the Configuration mode sflow receiver 1 owner XYZ Configure an sFlow receiver ip 10 10 10 10 interface 1 1 Switch to the Interface Configuration mode of interface 1 1 UM BasicConfig MSP Release 2 0 02 2013 241 Operation Diagnosis 242 sflow sampler receiver 1 rate 300 c S
34. contains information for using the HiView GUI application This application allows you to use the graphical user interface of Hirschmann devices with management independently of other applications such as a browser UM BasicConfig MSP Release 2 0 02 2013 9 About this Manual The Industrial HiVision Network Management Software provides you with additional options for smooth configuration and monitoring 10 Simultaneous configuration of multiple devices Graphical user interface with network layout Auto topology discovery Event log Event handling Client server structure Browser interface ActiveX control for SCADA integration SNMP OPC gateway UM BasicConfig MSP Release 2 0 02 2013 Key Key The designations used in this manual have the following meanings List O Work step Subheading Link Cross reference with link Note A note emphasizes an important fact or draws your attention to a dependency Courier ASCII representation in user interface CJ Execution in the Graphical User Interface Execution in the Command Line Interface Symbols used WLAN access point p Router with firewall Switch with firewall Li Router lt Switch x UM BasicConfig MSP Release 2 0 02 2013 11 A ey PY cS BO i e 12 Bridge Hub A random computer Configuration Computer Server PLC Programmable logic controller I O Robot UM BasicConfig MSP Releas
35. enabled SNMPv3 enabled Port Number 161 SNMPover802 enabled J Set Reload Help Figure 37 SNMP tab in the Securi ty Management Access Server dialog LI To deactivate the SNMPvi1 protocol you remove the selection from the SNMPv1 enabled checkbox LI To deactivate the SNMPv2 protocol you remove the selection from the SNMPv2 enabled checkbox UM BasicConfig MSP 82 Release 2 0 02 2013 Access to the device 3 3 SNMP Access O To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings Load Save dialog and click Save enable configure no snmp access version vl no snmp access version v2 show snmp access save UM BasicConfig MSP Release 2 0 02 2013 Switch to the privileged EXEC mode Switch to the Configuration mode Deactivates the SNMPv1 protocol Deactivates the SNMPv2 protocol Shows the settings of the SNMP server Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 83 Access to the device 3 3 SNMP Access 3 3 2 SNMPv3 access The SNMP protocol allows you to monitor and configure the device via the network with a network management system NMS When the NMS accesses the device via SNMPv3 the NMS authenticates itself with a user s login data The prerequisite for network management access is that the same SNMPv3 parameters are specified in the device and in the NMS When a new
36. ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status The selection options are gt currently not a member of this VLAN GVRP allowed T member of VLAN send data packets with tag U Member of the VLAN send data packets without tag F not a member of the VLAN also disabled for GVRP Because terminal devices usually interpret untagged data packets exclusivly you select the U setting here To temporarily save the configuration click Set Open the Switching VLAN Port dialog Assign the Port VLAN ID of the related VLANs 2 or 3 to the individual ports see table UM BasicConfig MSP Release 2 0 02 2013 175 VLANs 7 1 Examples of VLANs 176 sen armen ee Dals Frame Types Filtering 141 2 admitAll Vv 3 admitail V 3 admitAll Vv 114 2 admitalll F m Set Reload Help Figure 74 Assigning and saving Port VLAN ID Acceptable Frame Types and Ingress Filtering Because terminal devices usually send data packets as untagged you select the admi tA11 setting for the Acceptable Frame Types The setting for Ingress Filtering has no affect on how this example functions To temporarily save the configuration click Set Open the Basic Settings External Memory dialog To save the configuration permanently in the external memory activate the Auto save config on envm checkbox and click
37. responsible for the uniqueness of the assigned IP addresses 2 1 2 Netmask Routers and gateways subdivide large networks into subnetworks The netmask asssigns the IP addresses of the individual devices to a particular subnetwork You perform subnetwork division using the netmask in much the same way as the division of the network addresses net id into classes A to C Set the bits of the host address host id that represent the mask to one Set the remaining host address bits to zero see the following examples UM BasicConfig MSP Release 2 0 02 2013 37 Entering IP Parameters 2 1 IP Parameter Basics Example of a subnet mask Decimal notation 255 255 192 0 Binary notation 11111111 11111111 11000000 00000000 Loo Subnetwork mask bits Class B Example of IP addresses with subnetwork assignment when applying the subnet mask Decimal notation 129 218 65 17 128 lt 129 191 gt Class B Binary notation 10000001 11011010 01000001 00010001 Loo Subnetwork 1 Network address Decimal notation 129 218 129 17 128 lt 129 191 gt Class B Binary notation 10000001 11011010 10000001 00010001 Loo Subnetwork 2 Network address UM BasicConfig MSP 38 Release 2 0 02 2013 Entering IP Parameters 2 1 IP Parameter Basics Example of how the network mask is used In a large network it is possible that gateways and routers separate the management agent from its management station How does addressing wor
38. tagging if VLANs are configured UM BasicConfig MSP Release 2 0 02 2013 155 Network Load Control 6 4 QoS Priority x x amp S amp AG RS Re D 3 v lt S K amp amp Re 0 N CN N 9 KO 7 Pos AV Y q N t 4 Octets Figure 67 Structure of the VLAN tagging Data packets with VLAN tags containing priority information but no VLAN information VLAN ID 0 are known as Priority Tagged Frames Note Network protocols and redundancy mechanisms use the highest traffic class For this reason you should select lower traffic classes for application data When using VLAN prioritizing consider the following special features End to end prioritization requires universal transmission of VLAN tags in the entire network This requires that each participating network component is VLAN capable Routers are not able to send and receive packets with VLAN tags through port based router interfaces UM BasicConfig MSP 156 Release 2 0 02 2013 Network Load Control 6 4 QoS Priority 6 4 4 IP ToS DiffServ Type of Service The Type of Service field ToS in the IP header was already part of the IP protocol from the start and is used to differentiate different services in IP networks Even back then there were ideas about differentiated treatment of IP packets due to the limited bandwidth available and the unreliable connection paths Because of the continuous increase in the available bandwidth there was no need to use t
39. the checkbox in the Auto save config on ENVM column L To turn off the function remove the checkmark from the checkbox in the Auto save config on ENVM column To temporarily save the changes click Set To permanently save the changes you open the Basic Settings Load Save dialog and click Save OO UM BasicConfig MSP 96 Release 2 0 02 2013 Managing configuration profiles enable configure Py config envm config save sd no config envm config save sd Save UM BasicConfig MSP Release 2 0 02 2013 4 2 Saving settings Switch to the privileged EXEC mode Switch to the Configuration mode Turn on the function When you save a configuration profile the device creates a copy in external memory ACA31 Turn off the function The device does not create a copy in external memory ACA31 Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 97 Managing configuration profiles 4 2 Saving settings 4 2 3 Exporting a configuration profile The device offers you the option of saving a configuration profile to a server as an XML file If you use the graphical user interface you have the option to save the XML file directly to your PC Prerequisite To save the file on a server you need a configured server on the network To save the file to an SCP or SFTP server you also need the username and password for accessing this server Perform the follow
40. the table click OK UM BasicConfig MSP Release 2 0 02 2013 185 VLANs clicking Configu BEBE EE EE se EME g On ration dialog 7 2 Guest Unauthenticated VLAN Edit the name of the new VLAN by double clicking on the Name cell of the new entry and entering Guest To add a new VLAN to the table click Create The Create window opens In the VLAN ID text box enter 20 To close the Create window and add the new VLAN to the table click OK Edit the name of the new VLAN by double clicking on the Name cell of the new entry and entering Unauth Open the Security 802 1X Port Authentication Global dialog Activate the 802 1x global function in the Operation frame by Open the Security 802 1X Port Authentication Port In the port 1 4 Port Control cell select auto In the port 1 4 Guest VLAN ID cell enter 10 In the port 1 4 Unauthenticated VLAN ID cell enter 20 To temporarily save the configuration click Set Open the Basic Settings External Memory dialog To save the configuration permanently in the external memory activate the Auto save config on envm checkbox and click Set enable vlan database vlan add 10 vlan add 20 name 10 Guest name 20 Unauth exit configure dotlx system auth control enable dotlx port control auto interface 1 4 dotlx guest t vlan 10 dotlx unaut vlan 20 exit 186 thenticated
41. to a port This is sent if the status of the signal contact changes in the operation monitoring This is sent if the status of the signal contact changes in the operation monitoring This is sent if the sending agent becomes the new root of the spanning tree This is sent when the port changes from blocking to forwarding or from forwarding to blocking This is sent if the RMON input exceeds its upper threshold This is sent if the RMON input goes below its lower threshold This is sent if an MAC address detected on this port does not correspond to the current settings for hm2AgentPortSecurityEntry This is sent when a supported or unsupported SFP device is inserted or removed This trap is sent if a selftest action is performed as configured for the four categories task resource software and hardware This is sent if the configuration of the MRP Ring changes This is sent if the interface threshold exceds the configured upper or lower limits This is sent when the audittrail has filled one sector and starts a new one This is sent if Ptp synchronization status is changed This is sent after the device has successfully saved its configuration locally This is sent if you change the configuration of the device after saving locally for the first time 195 Operation Diagnosis 8 1 Sending Traps Trap name Meaning hm2PlatformStpInstance This is sent if this port in this STP instance enters loop inconsistent
42. to detect it faster and diagnose it more easily An incorrect configuration causes loops for example if you deactivate Spanning Tree The device allows you to detect the effects typically caused by loops and report this situation automatically to the network management station You have the option here to specify the magnitude of the loop effects that trigger the device to send a report BPDU frames sent from the designated port and received on either a different port of the same device or the same port within a short time is a typical effect of a loop UM BasicConfig MSP Release 2 0 02 2013 219 Operation Diagnosis 8 10 Reports 8 10 Reports The following lists reports and buttons available for diagnostics System Log file The log file is an HTML file in which the device writes every important device internal event Audit Trail Logs successful CLI commands and user comments The file also includes SNMP logging Persistent Logging The device saves log entries in a file in the external memory when present These files are available after power down The maximum size maximum number of retainable files and the severity of logged events are configurable After obtaining the user defined maximum size or maximum number of retainable files the device archives the entries and starts a new file The device deletes the oldest file and renames the other files to maintain the configured number of files To review these files use the C
43. to use commands and functions from the same authorization profile or a lower one The device uses the authorization profiles on all applications with which the management functions can be accessed UM BasicConfig MSP 66 Release 2 0 02 2013 Access to the device 3 2 User Management Every user account is linked to an authorization profile that regulates the access to the individual functions of the device Depending on the planned activity for the respective user you assign a predefined authorization profile to the user The device differentiates between the following authorization profiles Authorization Description Authorized for the following activities Administrator The user is authorized to All activities with read write access including monitor and administer the the following activities reserved for an device administrator Add modify or delete user accounts Activate deactivate or unlock user accounts Change all passwords Configure password management Set or change system time Load files to the device e g device configurations certificates or software images Reset settings and security related settings to the state on delivery Configure RADIUS server and authentication lists Apply CLI scripts Switch CLI logging and SNMP logging on and off External memory activation and deactivation System monitor activation and deactivation Switch the services for the management access e g SNMP on and off Configure access re
44. user account select the Active checkbox L Click Set and back The dialog shows the user accounts that are set up Konfiguration Passwort Richtlinien Anzahl Login Versuche fo Mindestlange des Passwortes fe Mindestanzahl Grofsbuchstaben fo Mindestanzahl Kleinbuchstaben ho Mindestanzahl Zahlen fi Mindestanzahl Sonderzeichen fi z 4 Benutzer Richtlinien oe x Benutzername Aktiv Passwort Berechtigung gesperrt berpr fen SNMP Authentifizierung SNMP Yerschl sselung admir M mm administrator a m hmacmd5 des iser mM o m guest T m hmacmd5 _des se Vv sane operator mj m hmacmd5 des Schreiben Laden L schen Erzeugen Hilfe Figure 33 Securi ty User Management dialog L To permanently save the changes you open the Basic Settings Load Save dialog and click Save UM BasicConfig MSP 74 Release 2 0 02 2013 Access to the device enable configure users add lt operator gt users password policy check lt operator gt enable users password lt operator gt SECRET users access role lt operator gt operator nabl show users users lt operator gt Save UM BasicConfig MSP Release 2 0 02 2013 3 2 User Management Switch to the privileged EXEC mode Switch to the Configuration mode Creates the lt operator gt user account Activates the checking of the password for the lt operator gt user account based on the specified policy In this way you obtain a high
45. user account is being set up in the device the default settings for the SNMP Auth Type and SNMP Encryption Type parameters are such that the Industrial HiVision network management software can access the device with it immediately To monitor or configure the device with a different NMS you adjust the following parameters in the relevant user account to match the settings in your NMS SNMP Auth Type parameter hmacmdd5 Authentication with HMAC MD5 hmacsha Authentication with HMAC SHA SNMP Encryption Type parameter none Authentication unencrypted des Authentication encrypted with DES aesCfb128 Authentication encrypted with AES 128 in Cipher Feedback mode UM BasicConfig MSP 84 Release 2 0 02 2013 Access to the device 3 3 SNMP Access The device allows you to specify the SNMP Auth Type and SNMP Encryption Type parameters individually in each user account Prerequisite User account with authorization profile administrator Perform the following work steps L Adjust the SNMPv3 parameters in the user account to match the settings in your NMS L Open the Security User Management dialog The dialog shows the user accounts that are set up Konfiguration Passwort Richtlinien Anzahl Login Versuche pb Mindestl nge des Passwortes b Mindestanzahl Gro buchstaben ho Mindestanzahl Kleinbuchstaben h Mindestanzahl Zahlen ho Mindestanzahl Sonderzeichen 1 Benutzername Aktiv
46. 0 0 0 L Save the configuration entered using copy config running config nvm enable Switch to the privileged EXEC mode network protocol none Deactivate DHCP network parms 10 0 1 23 Assign the device the IP address 10 0 1 23 and 255 255 255 0 the netmask 255 255 255 0 You have the option of also assigning a gateway address copy config running config Save the current configuration to the non volatile nvm memory After entering the IP parameters you easily configure the device via the graphical user interface see the GUI reference manual UM BasicConfig MSP 44 Release 2 0 02 2013 Entering IP Parameters 2 3 Entering the IP Parameters via HiDiscovery 2 3 Entering the IP Parameters via HiDiscovery The HiDiscovery protocol enables you to assign IP parameters to the device via the Ethernet You easily configure other parameters via the web based interface see the GUI reference manual Install the HiDiscovery software on your PC The software is on the CD supplied with the device O To install it you start the installation program on the CD O Start the HiDiscovery program File Edit Options j Z 2 B8 v 3 Signal Properties Www Telnet Ping Rescan Preferences MAC Address Net Mask Default Gateway Product Name m 255 i 1 00 80 63 44 CC 00 10 115 0 76 255 224 0 10 115 03 QUESIEAISISOOT 10 115 0 33 255 255 224 0 10 115 0 3 300 80 63 A3 40 00 4 00 80 63 96
47. 05 03 06 05 14 23 22 00 80 63 10 9a d7 MICE102 149 218 112 102 03 06 05 14 03 58 00 80 63 14 db d3 RS2_16M101 149 218 112 101 00 80 63 0f 1d b0 RS2_7_103 149 218 112 103 gt ITFTP New i static dynamic ignored Listening on Port 67 Figure 97 DHCP server with entries UM BasicConfig MSP Release 2 0 02 2013 261 Setting up the Configuration Environ A 2 Setting up a DHCP Server with ment Option 82 A 2 Setting up a DHCP Server with Option 82 On the product CD supplied with the device you will find the software for a DHCP server from the software development company IT Consulting Dr Herbert Hanewinkel You can test the software for 30 calendar days from the date of the first installation and then decide whether you want to purchase a license O To install the DHCP servers on your PC put the product CD in the CD drive of your PC and under Additional Software select haneWIN DHCP Server To carry out the installation follow the installation assistant O Start the DHCP Server program haneWIN DHCP Server 2 1 2 File Options window Help Observed MAC addresses Id 2 4 MAC Addhess ld IP Address TFTP New J static dynamic j ignored Listening on Port 67 ZA Figure 98 Start window of the DHCP server Note The installation procedure includes a service that is automatically started in the basic configuration when Windows is activated
48. 1 45 35 as the IP address of the mail server in the IP Address cell Using the pull down menu select t1sv1 in the Security cell Enter John Doe as the user name in the User ID cell To authenticate the user enter 12345678 as the associated password in the Password cell To enable the entry click Active Active the function globally in the Operation frame by clicking On Meaning of the severities for events Severity Meaning emergency Device not ready for operation alert Immediate user intervention required critical Critical status error Error status warning Warning notice Significant normal status informational Informal message debug Debug message Table 24 Meaning of the severities for events After you configure the SMTP server configure an email client 224 E L L L L Open the Diagnostics Report Email Logging Address dialog To add a new entry to the table click Create Using the pull down menu in Message Type select non urgent as the type of message to send Enter destination example com as the destination email address in Address To enable the entry click Active enable Switch to the privileged EXEC mode configure Switch to the Configuration mode logging email from addr Configure mail address used by device to send source example com email alert UM BasicConfig MSP Release 2 0 02 2013 Operation Diagnosis logging email duration 30 logging email severit
49. 13 141 Network Load Control 6 2 Multicasts 6 2 2 IGMP snooping The Internet Group Management Protocol IGMP describes the distribution of multicast information between routers and connected receivers on Layer 3 IGMP snooping describes the function of a switch of continuously monitoring IGMP traffic and optimizing its own transmission settings for this data traffic The IGMP snooping function in the device operates according to RFC 4541 Considerations for Internet Group Management Protocol IGMP and Multicast Listener Discovery MLD Snooping Switches Multicast routers with an active IGMP function periodically request query registration of multicast streams in order to determine the associated IP multicast group members IP multicast group members reply with a Report message This Report message contains all the parameters required by IGMP The multicast router enters the IP multicast group address from the Report message in its routing table This causes it to forward data packets with this IP multicast group in the destination address field according to its routing table Receivers log out with a Leave message when leaving a multicast group IGMP version 2 and higher and do not send any more Report messages The multicast router removes the routing table entry of a receiver if it does not receive any more Report messages from this receiver within a certain time aging time If several IGMP multicast routers are in t
50. 14 00 5 00 80 63 96 E4 00 10 115 0 70 255 255 224 0 to 115 0 3 10 115 0 17 255 255 224 0 10 115 0 3 0 0 0 0 0 0 0 0 192 168 2 181 255 255 255 0 192 168 2 1 f10 115 0 59 255 255 224 0 10 115 0 3 10 115 0 81 255 255 224 0 10 115 0 3 192 168 2 174 255 255 255 0 192 168 2 1 192 168 2 170 255 255 255 0 192 168 2 1 10 115 0 66 255 255 224 0 10 115 0 3 ft0 115 0 80 255 255 224 0 10 115 0 3 192 168 2 176 255 255 255 0 192 168 2 1 10 115 0 22 255 255 224 0 10 115 0 3 192 168 2 40 255 255 255 0 192 168 2 1 192 168 2 178 255 255 255 0 192 168 2 1 10 115 0 72 255 255 224 0 10 115 0 3 fto 115 0 40 255 255 224 0 10 115 0 3 192 168 110 92 255 255 255 0 0 0 0 0 10 115 0 35 255 255 224 0 10 115 0 3 10 115 0 77 255 255 224 0 10 115 0 3 10 115 0 13 255 255 224 0 10 115 0 3 192 168 2 164 255 255 255 0 192 168 2 1 10 115 5 130 255 255 224 0 110 115 0 3 6 00 80 63 46 00 06 7 00 80 63 3 40 40 IANA 00 80 63 6E 38 4E 00 80 63 15 2A 61 00 80 63 43 40 80 00 80 63 44 CC 80 00 80 63 61 AC 81 00 80 63 98 10 95 00 30 63 61 4C 4B 00 80 63 3B 5C BD 00 80 63 43 40 C0 00 80 63 8F 2C BE 00 80 63 88 38 EC 00 80 63 98 11 00 00 80 63 44 CD 00 00 80 63 99 41 08 23 00 80 63 17 35 08 24 00 80 63 44 19 2E DV SV ogag anana aa 9 1 9 4 4 Figure 20 HiDiscovery UM BasicConfig MSP Release 2 0 02 2013 45 Entering IP Parameters 2 3 Enteri
51. 2 Command Line Interface You will find information for configuring your MSP device in the Configuration user manual L Connect your Switch with the network The network parameters must be set correctly for the connection to be successful You can access the user interface of the Command Line Interface with the freeware program PuTTY L Install PuTTY on your computer 1 2 2 CLI access via telnet Telnet connection via Windows Note Telnet is only installed as standard in Windows versions before Windows Vista Start screen L Open the Windows start screen on your computer with Start gt Run LI In the Open input field you enter the command telnet a b c d a b c d is the IP address of your MSP Click OK to set up the telnet connection to the MSP UM BasicConfig MSP 20 Release 2 0 02 2013 User interfaces 1 2 Command Line Interface Run Type the name of a program folder document or Internet resource and Windows will open it for you Open telnet 10 115 10 100 amp This task will be created with administrative privileges oK Cancel Browse Figure 2 Setting up the telnet connection to the MSP via the Windows entry screen Command prompt L With Start gt Programs gt Accessories gt Command Prompt you start the DOS command line interpreter on your computer L Enter the command telnet a b c d a b c d is the IP address of your MSP Press the Enter key to set up the telnet con
52. 23 142 in Last IP Address for the last IP address of the range C The default setting for Lease Time s is 60 days Set this value for the appropriate interval LI Select 1 2 from the Port pull down menu LI To enable the entry click Active L Open the Advanced DHCP Server Global dialog L Activate port 1 2 in the DHCP Server active column L Active the function globally in the Operation frame by clicking On Index Active Vv 192 168 23 42 0 0 0 0 2 M 192 168 23 92 192 168 23142 1 2 3 M 192 168 235 172 IP Address Last IP Address VLAN ID MAC Address Gateway ClientID RemoteID Circuit ld Configuration URL Lease Time s 00 24 E8 D6 50 51 4294967295 fe 86400 192 168 23 180 1 2 n 86400 o Set Reload Create Remove Hep m Figure 85 Table in the Advanced DHCP Server Pool dialog UM BasicConfig MSP Release 2 0 02 2013 247 Advanced functions of the device 248 enable configure dhcp server pool add 2 dynamic 192 198 23 92 192 168 23 142 dhcp server pool modify 2 leasetime seconds infinite dhcp server pool add 3 dynamic 192 198 23 172 192 168 23 180 dhcp server pool modify 3 leasetime seconds infinite dhcp server pool mode 2 dhcp server pool mode 3 dhcp server operation interface 2 1 dhcp server operation 9 1 Using the device as a DHCP
53. 8 6 Event Counter at Port Level The port statistics table enables experienced network administrators to identify possible detected problems in the network This table shows you the contents of various event counters In the Basic Settings Restart dialog you can reset the event counters to zero using Cold start or Reset port counters The packet counters add up the events sent and the events received The event counters may be obseverd by selecting the Diagnostics Ports Statistics Table dialog Counter Indication of known possible weakness Received fragments Non functioning controller of the connected device Electromagnetic interference in the transmission medium CRC error Non functioning controller of the connected device Electromagnetic interference in the transmission medium Inoperable component in the network Collisions Non functioning controller of the connected device Network over extended lines too long Collision or a detected fault with a data packet Table 22 Examples indicating known weaknesses O To reset the counters click on Reset port counters in the Basic Settings Restart dialog L To monitor the current status of the event counters open the Diagnostics Ports Statistics Table dialog and click the Reload button UM BasicConfig MSP 212 Release 2 0 02 2013 Operation Diagnosis 8 6 Event Counter at Port Level 8 6 1 Detecting Non matching Duplex Modes Problems occur w
54. AN 3 lan tagging 3 enable Port 1 1 becomes member tagged in VLAN 3 lan pvid 1 Port 1 1 is assigned the port VLAN ID 1 casas S UM BasicConfig MSP Release 2 0 02 2013 183 VLANs vlan ingressfilter vlan acceptframe vlanonly exit interface 1 2 vlan participation include 2 vlan pvid 2 exit interface 1 3 vlan participation include 3 vlan pvid 3 exit interface 1 4 vlan participation include 2 vlan pvid 2 exit interface 1 5 pvid 3 exit show vlan id 3 participation include 3 MEAN EDE e eueut eee ae tine a to iss e a gs LAN Name 2 cece eee wees LAN TYDG 2 a00 eae oe oe ee ae eae VLAN Creation Time nterface Current 1 1 Include 1 2 173 Include 1 4 17 5 Include LAN ROUTING cecer ee eea ees 7 1 Examples of VLANs Port 1 1 ingress filtering is activated Port 1 1 only forwards frames with a VLAN tag Switch to the Configuration mode Switch to the interface configuration mode for port 1 2 Port 1 2 becomes member untagged in VLAN 2 Port 1 2 is assigned the port VLAN ID 2 Switch to the Configuration mode Switch to the Interface Configuration mode of Interface 1 3 Port 1 3 becomes member untagged in VLAN 3 Port 1 3 is assigned the port VLAN ID 3 Switch to the Configuration mode Switch to the interface configuration mode of interface 1 4
55. ANA Internet Assigned Numbers Authority If you require an IP address block contact your Internet Service Provider ISP Your ISP contacts their local higher level organization to reserve an IP address block APNIC Asia Pacific Network Information Center Asia Pacific Region ARIN American Registry for Internet Numbers Americas and Sub Sahara Africa LACNIC Regional Latin American and Caribbean IP Address Registry Latin America and some Caribbean Islands RIPE NCC R seaux IP Europ ens Europe and Surrounding Regions UM BasicConfig MSP 36 Release 2 0 02 2013 Entering IP Parameters 2 1 IP Parameter Basics Net ID 7 bits Host ID 24 bits Class A Net ID 14 bits Host ID 16 bits Class B Net ID 21 bits Host ID 8 bits Class C Multicast Group ID 28 bits Class D reserved for future use 28 b its Class E Figure 17 Bit representation of the IP address The IP addresses belong to class A when their first bit is a zero for example the first octet is less than 128 The IP address belongs to class B if the first bit is a one and the second bit is a zero for example the first octet is between 128 and 191 The IP address belongs to class C when the first 2 bits are a one for example the first octet is higher than 191 Assigning the host address host ID is the responsibility of the network operator The network operator alone is
56. ANs 7 5 MAC based VLANs 7 5 MAC based VLANs Use the MAC based VLAN to forward traffic based on the source MAC address associated with the VLAN A MAC based VLAN defines the filtering criteria for untagged or priority tagged packets Define a MAC based VLAN filter by assigning a specific source address to a MAC based VLAN The device forwards untagged frames received with the source MAC address on the MAC based VLAN ID The other untagged packets are subject to normal VLAN classification rules UM BasicConfig MSP Release 2 0 02 2013 189 VLANs 7 6 IP subnet based VLANs 7 6 IP subnet based VLANs In an IP subnet based VLAN the device forwards traffic based on the source IP address and subnet mask associated with the VLAN User defined filters determine whether a packet belongs to a particular VLAN Use the IP subnet based VLAN to define the filtering criteria for untagged or priority tagged packets For example assign a specific subnet address to an IP subnet based VLAN When the device receives untagged packets from the subnet address it forwards them to the IP subnet based VLAN Other untagged packets are subject to normal VLAN classification rules To configure an IP subnet based VLAN define an IP address a subnet mask and the associated VLAN ID In case of multiple matching entries the device associates the VLAN ID to the entry with the longer prefix first UM BasicConfig MSP 190 Release 2 0 02 2013 VLANs 7 7 Protocol base
57. BasicConfig MSP 280 Release 2 0 02 2013 Further Support UM BasicConfig MSP Release 2 0 02 2013 281 fh HIRSCHMANN A BELDEN BRAND
58. C Start your Web browser O Activate Java in the security settings of your Web browser CI Write the IP address of the device in the address field of the Web browser Use the following form https xxx xxx xXxxX XXX The Web browser sets up the connection to the device and shows the login window Rh HIRSCHMANN MICE Security Switch Software Version HiOS 02 0 00 Language Engish x Figure 1 Login window C Select the user name and enter the password C Select the language in which you want to use the graphical user interface L Click on OK The window with the graphical user interface will appear on the screen UM BasicConfig MSP 18 Release 2 0 02 2013 User interfaces 1 2 Command Line Interface 1 2 Command Line Interface The Command Line Interface enables you to use the functions of the device through a local or remote connection The Command Line Interface provides IT specialists with a familiar environment for configuring IT devices As an experienced user or administrator you have knowledge about the basics and about using MICE Switch Power devices The Command Line Interface reference manual gives you step by step information on using the Command Line Interface CLI and its commands 1 2 1 Preparing the connection Information for assembling and starting up your MSP device can be found in the Installation user manual UM BasicConfig MSP Release 2 0 02 2013 19 User interfaces 1
59. C mode Switch to the Configuration mode 1 mode manual _ Select the manual setting mode for signal contact 1 Cac 1 state open Open signal contact 1 Cac 1 state closed Close signal contact 1 UM BasicConfig MSP Release 2 0 02 2013 Operation Diagnosis 8 4 Out of band Signalling 8 4 2 Monitoring the Device Status via the Signal Contact The Device Status option enables you like in the function monitoring to monitor the device status via the signal contact Configuring the operation monitoring L Open the Diagnostics Status Configuration Signal Contact dialog LI Select the Monitoring Correct Operation option in the Signal Contact Mode frame to use the signal contact to monitor the device functions LI Select the Monitoring option in the Monitoring Correct Operation frame for the events to be monitored LI You define the temperature thresholds for the temperature monitoring in the Basics Settings System dialog enable Switch to the privileged EXEC mode configure Switch to the Configuration mode signal contact 1 monitor Sets the monitoring of synchronization between envm not in sync the external non volatile memory and the current configuration signal contact 1 monitor Sets the monitoring of the external non volatile envm removal memory device removal signal contact 1 monitor Sets the monitoring of the network connection lin
60. DB If the MAC address of the sender is unknown the device generates a new entry The device then compares the destination MAC address of the data packet with the entries stored in the MAC address table FDB The device sends packets with a known destination MAC address directly to ports that have already received data packets from this MAC address The device floods data packets with unknown destination addresses that is the device forwards these data packets to all ports 6 1 2 Aging of learned MAC addresses Addresses that have not been detected by the device for an adjustable period of time aging time are deleted from the MAC address table FDB by the device A reboot or resetting of the MAC address table deletes the entries in the MAC address table FDB UM BasicConfig MSP Release 2 0 02 2013 135 Network Load Control 6 1 Direct Packet Distribution 6 1 3 Static address entries In addition to learning the sender MAC address the device also provides the option to set MAC addresses manually These MAC addresses remain configured and survive resetting of the MAC address table FDB as well as rebooting of the device Static address entries allow the device to forward data packets directly to selected device ports If you do not specify a destination port the device discards the corresponding data packets You manage the static address entries in the graphical user interface GUI or in the CLI Prerequisite User account w
61. Diagnostics Report Audit Trail dialog or the Diagnostics Report System Log dialog 225 Operation Diagnosis 8 10 Reports d Bae Open the Diagnostics Report Syslog dialog Activate the syslog function in the Operation frame Click on Create Enter the IP address of the syslog server in the IP Address column Enter the UDP port on which the syslog server receives log entries in the Port column Enter the minimum seriousness level an event must attain for the device to send a log entry to this syslog server in the Minimum Severity column To enable the syslog server entry to which the device sends the logs select the Active control box Configure the following settings for read and write SNMP requests in the SNMP Logging frame L Select the Diagnostics Report Global dialog LI Activate Log SNMP Get Request if you want to send reading SNMP requests to the device as events to the syslog server LI Activate Log SNMP Set Request if you want to send writing SNMP requests to the device as events to the syslog server L Choose the desired severity level for the get and set requests enable Switch to the privileged EXEC mode configure Switch to the Configuration mode logging host add 1 addr Add a new recipient of the log messages The 3 10 0 1 159 severity 3 indicates the seriousness of the message sent by the device 3 means error logging syslog operation
62. GMP query messages If that is the case the entry shows L learned Learn by LLDP A port with this setting automatically discovers other Hirschmann devices via LLDP Link Layer Discovery Protocol The device then learns the IGMP query status of this port from these Hirschmann devices and configures the IGMP query function accordingly The ALA entry indicates that the Learn by LLDP function is enabled If the device has found another Hirschmann device on this port in this VLAN the entry also shows an A Automatic Forward All With this setting the device sends the data packets addressed to a multicast address on this port The setting is suitable in the following situations for example For diagnostic purposes For devices in an MRP ring After the ring is switched the Forward All function allows rapid reconfiguration of the network for data packets with registered multicast destination addresses Activate the Forward All function on all ring ports UM BasicConfig MSP Release 2 0 02 2013 147 Network Load Control 6 2 Multicasts Prerequisite The IGMP snooping function is activated globally L To configure enhanced IGMP snooping settings proceed as follows E Open the Switching IGMP Snooping Enhancements dialog O Double click the desired port in the desired VLAN O To activate one or more functions select the corresponding options O Click the OK button LI To temporarily save the configurati
63. IN DHCP Server 2 73 File Options Window Help Observed MAC addresses Id 2 4 MAC Addiess id IP Addess m J static dynamic ignored Listening on Port 6 Figure 95 Adding static addresses L Enter the MAC address of the device L Enter the IP address of the device LI Select the configuration profile of the device O Click Apply and then OK UM BasicConfig MSP 260 Release 2 0 02 2013 Setting up the Configuration Environ A 1 Setting up a DHCP BOOTP ment Server Add static entries With static entries you can assign clients with known hardware address or identifier a fixed IP address and configuration profile The assigned IP addresses must not overlap with the dynamic address ranges Identifiers or hardware addresses must be specified byte by byte in hexadecimal notation For MAC hardware addresses the bytes must be separated by a dash or colon F Glert dentfier T Circuit Identitier I Remoteidentitier or Hardware address 00 80 63 51 74 00 IP Address fi 49 218 112 105 Optional Configuration Profile Powers 1CE105 X Remark I Redundant entry allow entry with an existing IP address OK Cancel Figure 96 Entries for static addresses L Add an entry for each device that will get its parameters from the DHCP server i re haneWIN DHCP Server Eie Options Window Help J Observed MAC addresses Id 2 4 00 80 63 51 74 00 PowerMICE105 149 218 112 1
64. Interface The device monitors the following security statuses Default passwords unchanged Configured minimum password length Password strength incorrect Password strength check inactive Telnet Enabled HTTP Enabled Unsecure SNMP Configuration SysMon active Active Port without link HiDiscovery Enabled Config load from external NVM unsecure Select the events which the device includes in the security status alert by activating the Monitor radio button in the Monitoring frame UM BasicConfig MSP Release 2 0 02 2013 203 Operation Diagnosis 8 3 Security Status DEVMON 8 3 1 Events which can be monitored Name Default Password not changed Configured min password length lt 8 Password strength not configured Password strength check inactive Telnet Enabled HTTP Enabled Unsecure SNMP Configuration SysMon active External NVM Update possible Active Port without link HiDiscovery Enabled Config load from external NVM unsecure Meaning After installation change the passwords to increase security The device monitors if the default passwords remain unchanged hm2DevSecSensePasswordChange Create passwords more than 8 characters long to maintain a high security posture When active the device monitors the Minimum Password Length setting hm2DevSecSensePasswordMinLenght The device monitors the settings located in the Security User Management dialog for password strength requiremen
65. LAN Note When configuring VLANs you use an interface for management that will remain unchanged For this example you use either interface 1 6 or the V 24 serial connection to configure the VLANs 7 1 1 Example 1 VEN Figure 71 Example of a simple port based VLAN UM BasicConfig MSP 172 Release 2 0 02 2013 VLANs 7 1 Examples of VLANs The example shows a minimal VLAN configuration port based VLAN An administrator has connected multiple terminal devices to a transmission device and assigned them to 2 VLANs This effectively prohibits any data transmission between the VLANs whose members communicate only within their own VLANs When setting up the VLANs you create communication rules for every port which you enter in incoming ingress and outgoing egress tables The ingress table specifies which VLAN ID a port assigns to the incoming data packets Hereby you use the port address of the terminal device to assign it to a VLAN The egress table specifies on which ports the device sends the frames from this VLAN T with tag field T tagged marked U without tag field U untagged not marked For this example the status of the TAG field of the data packets has no relevance so you set it to U Terminal Port Port VLAN identifier PVID A 1 2 B 2 3 C 3 3 D 4 2 5 1 Table 12 Ingress table VLANID Port 1 U 2 U U 3 U U Table 13 Egress table UM BasicConfig MSP Release 2 0 02 2013 173 VLANs
66. LI or copy them to an external server for future reference System information The system information is an HTML file containing the system relevant data Download Support Information This button allows you to download system information as files in a ZIP archive In service situations these reports provide the technician with the necessary information UM BasicConfig MSP 220 Release 2 0 02 2013 Operation Diagnosis 8 10 Reports 8 10 1 Global Settings Using this dialog you enable or disable where the device sends reports For example to a Console a Syslog Server or a CLI connection You also set at which severity level the device writes events into the reports L Open the Diagnostics Report Global dialog LI To send a report to the console configure the desired level in the Console Logging frame Severity text box using the pull down menu LI To enable the operation click On The device buffers logged events in 2 separate storage areas so that the device keeps log entries for urgent events Define the minimum severity for events that the device logs to the buffered storage area with a higher priority LI To send events to the buffer configure the desired level in the Buffered Logging frame Severity text box using the pull down menu When you activate the logging of SNMP requests the device logs the requests as events in the syslog SNMP Get requests log a user requests for device configuration information S
67. Load Control 6 5 Flow Control UM BasicConfig MSP 170 Release 2 0 02 2013 VLANs 7 VLANs In the simplest case a virtual LAN VLAN consists of a group of network participants in one network segment who can communicate with each other as if they belonged to a separate LAN More complex VLANs span out over multiple network segments and are also based on logical instead of only physical connections between network participants VLANs are an element of flexible network design It is easier to reconfiguring logical connections centrally than cable connections The device supports independent VLAN learning in accordance with the IEEE 802 1Q standard which defines the VLAN function Although there are many benefits of using VLANs the following lists the top benefits Network load limiting VLANs reduce the network load considerably as the devices transmit broadcast multicast and unicast packets with unknown unlearned destination addresses exclusively inside the virtual LAN The rest of the data network forwards traffic as normal Flexibility You have the option of forming user groups based on the function of the participants apart from their physical location or medium Clarity VLANs give networks a clear structure and make maintenance easier UM BasicConfig MSP Release 2 0 02 2013 171 VLANs 7 1 Examples of VLANs 7 1 Examples of VLANs The following practical examples provide a quick introduction to the structure of a V
68. LoopInconsistentStartTrap state hm2PlatformStpInstance This is sent if this port in this STP instance exits loop inconsistent LoopInconsistentEndTrap state upon reception of a BPDU Table 18 Possible traps cont 8 1 2 Traps for configuration activity After you save a configuration in memory the device sends a hm2ConfigurationSavedTrap This trap contains both the Non Volatile Memory NVM and External Non Volatile Memory ENVM state variables indicating whether the running configuration is in sync with the NVM and with the ENVM You also trigger this trap by copying a config file to the device replacing the active saved configuration Furthermore the device sends a hm2ConfigurationChangedTrap whenever you change the local configuration indicating a mismatch between the running and saved configuration UM BasicConfig MSP 196 Release 2 0 02 2013 Operation Diagnosis 8 1 Sending Traps 8 1 3 Configuring Traps id L Open the Diagnostics Status Configuration Alarms Traps dialog This dialog allows you to determine which events trigger a trap and where the device sends these messages Click on Create In the Name frame you enter the name that the device uses to identify itself as the source of the trap In the Address frame enter the IP address of the management station to which the device sends traps In the Active column you select the entries that the device should take into account when the device sen
69. NMP Set requests log device configuration events Define the minimum level for events that the device logs in the syslog LI Activate Log SNMP Get Request if you want to send reading SNMP requests to the device as events to the syslog server LI Activate Log SNMP Set Request if you want to send writing SNMP requests to the device as events to the syslog server L Choose the desired severity level for the get and set requests When active the device logs configuration changes made using the CLI commands to the audit trail This feature is based on the IEEE 1686 standard for Substation Intelligent Electronic Devices L Open the Diagnostics Report Global dialog LI To activate the function in the CLI Logging frame click On UM BasicConfig MSP Release 2 0 02 2013 221 Operation Diagnosis 8 10 Reports The Download JAR File button allows you to save a Java Applet of the graphic user interface GUI on your PC as a JAR file This applet allows you have the option of administering the device even if its HTTP server is switched off for security reasons The device creates the file name of the applet automatically in the format lt device type gt lt software version gt _ lt software revision of applet gt jar LI Click on Download JAR File LI Select the directory in which you want to save the applet L Click Save The Download Support Information button allows you to save the following system information d
70. ON probe monitors the data traffic on the source ports in the sending and receiving directions a LI Select the Diagnostics Port Port Mirroring dialog This dialog allows you to configure and activate the port mirroring function of the device The device displays unavailable ports as inactive For example the port currently in use as the destination port or if you have already selected the maximum number of ports LI Select the source ports whose data traffic you want to review from the list of physical ports by checkmarking the relevant boxes O Select the destination port to which you have connected your management tool from the drop down list in the Destination Port frame The device displays the ports that are available in the drop down list The device omits ports currently used as source ports EJ L To enable the function activate On in the Operation frame UM BasicConfig MSP 230 Release 2 0 02 2013 Operation Diagnosis 8 12 Monitoring Data Traffic on the Ports Port Mirroring The Reset configuration button in the dialog allows you to reset the port mirroring settings of the device to the delivery state Note When port mirroring is active the device uses the specified destination port solely for reviewing data in this state the port blocks normal data traffic Switch PLC a RMON Probe a PEES Figure 82 Port mirroring UM BasicConfig MSP Release 2 0 02 2013 231 Operatio
71. SNTP packets in broadcast operation mode L Inthe Broadcast Send Interval s field you define the interval in which the SNTP server sends the SNTP packets in broadcast operation mode O To temporarily save the changes click Set The Status field displays the current status of the SNTP server function L To permanently save the changes you open the Basic Settings Load Save dialog and click Save Device 192 168 1 1 192 168 1 2 192 168 1 3 192 168 1 11 192 168 1 12 SNTP Server Function On On On Off Off Listen UDP Port 123 123 123 123 123 Broadcast Admin Mode Not selected Not selected Not selected Not selected Not selected Broadcast Destination 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Address Broadcast Port 123 123 123 123 123 Broadcast VLAN ID 1 1 1 1 1 Broadcast Send Interval 128 128 128 128 128 Disable Server at local Not selected Not selected Not selected Not selected Not selected Time Source Table 8 SNTP server settings for the example UM BasicConfig MSP Release 2 0 02 2013 125 Synchronizing the System Time in the 5 3 PTP Network 5 3 PTP In order for LAN controlled applications to work without latency precise time management is required With PTP Precision Time Protocol IEEE 1588 describes a method that enables precise synchronization of clocks in the network PTP enables synchronization with an accuracy of a few 100 ns PTP uses multicast for the synchronization messages which keeps the network load
72. Server Switch to the privileged EXEC mode Switch to the Configuration mode Adds a dynamic pool with an IP range from 192 168 23 92 to 192 168 23 142 Enters the lease time in seconds or infinite Creates index 3 and assigns the IP address range from 192 168 23 172 to 192 168 23 180 A dynamic pool consists of a range of IP addresses Enters the lease time in seconds or infinite Enables the index 2 pool entry Enables the index 3 pool entry Enables the DHCP server Switch to the interface configuration mode Enables the DHCP server operation on this port UM BasicConfig MSP Release 2 0 02 2013 Advanced functions of the device 9 2 Using the device as a DNS client 9 2 Using the device as a DNS client The Domain Name System DNS client queries DNS servers to resolve host names and IP addresses of network devices Much like a telephone book the DNS client converts names of devices into IP addresses When the DNS client receives a request to resolve a new name it first queries its internal static database then the assigned DNS servers for the information The DNS client saves the queried information in a cache for future requests The device offers the possibility to configure the DNS client from the DHCP server using the management VLAN The device also offers you the possibility to assign host names to IP addresses statically The DNS client provides the following user functions DNS server list with space for 4 do
73. Set OOO oO enable Switch to the privileged EXEC mode configure Switch to the Configuration mode interface 1 1 Switch to the Interface Configuration mode of interface 1 1 vlan participation include 2 Port 1 1 becomes member untagged in VLAN 2 vlan pvid 2 Port 1 1 is assigned the port VLAN ID 2 exit Switch to the Configuration mode interface 1 2 Switch to the interface configuration mode for port 1 2 vlan participation include 3 Port 1 2 becomes member untagged in VLAN 3 vlan pvid 3 Port 1 2 is assigned the port VLAN ID 3 UM BasicConfig MSP Release 2 0 02 2013 VLAN S exit interface 1 3 VvV VvV exit lan pvid 3 interface 1 4 vl vl exi exi an an lan participation include 3 participation include 2 pvid 2 show vlan id 3 VLAN ID LAN Name LAN Type VLAN Creation Time Interface Current 1 1 1 2 Include 1 3 Include 1 4 1 5 UM BasicConfig MSP Release 2 0 02 2013 7 3 VLAN S tat 0 da Co Au In 7 1 Examples of VLANs Switch to the Configuration mode Switch to the Interface Configuration mode of Interface 1 3 Port 1 3 becomes member untagged in VLAN 3 Port 1 3 is assigned the port VLAN ID 3 Switch to the Configuration mode Switch to the interface configuration mode of interface 1 4 Port 1 4 becomes member untagged in VLAN 2 Port 1 4 is assigned the port VLAN ID 2 Swit
74. St f loginTelnet radius local reject reject reject Telnet reject 8021 M Set Reload Create Remove Allocate Applications Help Figure 29 Security Authentication List dialog L To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings Load Save dialog and click Save UM BasicConfig MSP 64 Release 2 0 02 2013 Access to the device authlists disable loginTelnet save UM BasicConfig MSP Release 2 0 02 2013 3 1 Authentication lists Deactivates the loginTelnet list Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 65 Access to the device 3 2 User Management 3 2 User Management The device allows users to access its management functions when they log in with valid login data The device authenticates the users either using the local user management or with a RADIUS server in the network To get the device to use the user management allocate the 1ocal method to an authentication list see the Security Authentication List dialog In the local user management you manage the user accounts One user account is usually allocated to each user 3 2 1 Privilege Levels The device allows you to use a role based authorization model to specifically control the access to the management functions Users to whom a specific authorization profile is allocated are allowed
75. The device allows you to check whether the passwords for the user accounts adhere to the specified policy You obtain a higher level of complexity for the passwords when they adhere to the policy The user management of the device allows you to activate or deactivate the check separately in each user account When the check is activated the device accepts a changed password only if it fulfills the requirements of the policy UM BasicConfig MSP Release 2 0 02 2013 TT Access to the device 3 2 User Management In the default settings practical values for the policy are set up on the device You have the option of adjusting the policy to meet your requirements Prerequisite User account with authorization profile administrator Perform the following work steps LI Adjust the policy for passwords to meet your requirements L Open the Security User Management dialog The dialog shows the policy set up in the Password Policy frame Konfiguration Passwort Richtlinien Anzahl Login Versuche 0 Mindestl nge des Passwortes 5 Mindestanzahl Grofbuchstaben fi Mindestanzahl Kleinbuchstaben 1 Mindestanzahl Zahlen fi Mindestanzahl Sonderzeichen fi Benutzername Aktiv Passwort Berechtigung Garii eirs n SNMP Authentifizierung SNMP Yerschl sselung gesperrt berpr fen admir M m administrator m m hmacmd5 des iser Mojo m guest m m hmacmd5 des iser M n operator CC hma
76. Workstation 4 Figure 70 Example of flow control 6 5 1 Halfduplex or fullduplex link E Flow Control with a half duplex link In the example there is a halfduplex link between Workstation 2 and the device Before the send queue of port 2 overflows the device sends data back to Workstation 2 Workstation 2 detects a collision and stops transmitting UM BasicConfig MSP 168 Release 2 0 02 2013 Network Load Control 6 5 Flow Control Flow Control with a full duplex link In the example there is a fullduplex link between Workstation 2 and the device Before the send queue of port 2 overflows the device sends a request to Workstation 2 to include a small break in the sending transmission 6 5 2 Setting the Flow Control Perform the following work steps Open the switching Global dialog Select the Activate Flow Control checkbox With this setting you activate flow control in the device Open the Basic Settings Port Configuration dialog To turn on the flow control on a port select the Flow Control option on the corresponding table line To temporarily save the configuration click Set Oo OO OO Note When you are using a redundancy function you deactivate the flow control on the participating device ports If the flow control and the redundancy function are active at the same time there is a risk that the redundancy function will not operate as intended UM BasicConfig MSP Release 2 0 02 2013 169 Network
77. a DHCP Server with Option 82 UM BasicConfig MSP Release 2 0 02 2013 219 220 221 222 225 227 228 229 230 232 234 235 236 237 240 243 244 244 245 247 249 249 252 252 254 255 256 262 Contents B 1 B 2 B 3 B 4 B 5 General Information Management Information Base MIB Abbreviations used Technical Data Maintenance Readers Comments Index Further Support 267 268 271 272 273 274 277 279 UM BasicConfig MSP Release 2 0 02 2013 About this Manual About this Manual The Basic Configuration user manual contains the information you need to start operating the device It takes you step by step from the first startup operation through to the basic settings for operation in your environment The Installation user manual contains a device description safety instructions a description of the display and the other information that you need to install the device The GUI reference manual contains detailed information on using the graphical interface to operate the individual functions of the device The Command Line Interface reference manual contains detailed information on using the Command Line Interface to operate the individual functions of the device The Redundancy Configuration user manual document contains the information you require to select the suitable redundancy procedure and configure it The HiView user manual
78. ace 1 1 Switch to the Interface Configuration mode of interface 1 1 vlan priority 3 Assigns port priority 3 to interface 1 1 exit Switch to the Configuration mode Assigning VLAN priority to a traffic class LI Open the QoS Priority 802 1D p Mapping dialog O To assign a traffic class to a VLAN priority insert the associated value in the Traffic Class column LI To temporarily save the configuration click Set enable Switch to the privileged EXEC mode configure Switch to the Configuration mode classofservice Assign traffic class 2 to VLAN priority 0 dotlip mapping 0 2 classofservice Also assign traffic class 2 to VLAN priority 1 dotip mapping 1 2 exit Switch to the privileged EXEC mode show classofservice Display the assignment dotlp mapping UM BasicConfig MSP Release 2 0 02 2013 161 Network Load Control 6 4 QoS Priority Assign port priority to received data packets enable configure interface 1 1 service trust trusted E classo service tlp mapping 0 2 sofservice tlp mapping 1 2 Q L09 1 Q ni a ol Cla ol a n priority 1 show classofservice trust Interface Trust Mode 1 1 untrusted ad Q O chock ick ch et r OS S ro ro Mie Switch to the privileged EXEC mode Switch to the Configuration mode Switch to the Interface Configuration mode of interface 1 1 Assign the untru
79. actory defaults 4 4 Resetting the device to the factory defaults If you reset the settings in the device to the factory defaults the device deletes the configuration profile in the memory RAM and in the non volatile memory NVM If external memory is connected the device also deletes the configuration profiles saved in the external memory ENVM The device then reboots and loads the factory settings 4 4 1 With the graphical user interface or CLI Prerequisite User account with authorization profile administrator Perform the following work steps UM BasicConfig MSP Release 2 0 02 2013 109 Managing configuration profiles 4 4 Resetting the device to the factory 110 defaults LI Open the Basic Settings Load Save dialog External Memory r Configuration Encryption Information Selected ENVM SD Active 7 Set Password Delete NVM synchron to running config V Status lok ENYM synchron to NYM Vv Undo Modifications of Configuration Function On off Period to undo while Connection is lost s 600 Watchdog IP Address poso Storage Type aO Encryption Software 7 Fingerprint ome ara inane aii aan aici running contig 02 0 00 confi Jan 30 2013 7 10 32 A 02 F3041326F 494416219 0B0D4435941 N Jal L It i E 0l Set Reload Save Activate Delete Select y Figure 52 Basic Settings Load Save dialog LI Click the _ button then Ba
80. al and Electronics Engineers IGMP Internet Group Management Protocol IP LED Internet Protocol Light Emitting Diode LLDP Link Layer Discovery Protocol F O MAC Optical Fiber Media Access Control MIB Management Information Base MSTP Multiple Spanning Tree Protocol NMS NTP Network Management System Network Time Protocol PC PTP Personal Computer Precision Time Protocol Qos RFC Quality of Service Request For Comment RM RSTP Redundancy Manager Rapid Spanning Tree Protocol SCP SFP Secure Copy Small Form factor Pluggable SFTP SNMP SSH File Transfer Protocol Simple Network Management Protocol SNTP Simple Network Time Protocol TCP TFTP Transmission Control Protocol Trivial File Transfer Protocol TP UDP Twisted Pair User Datagramm Protocol URL UTC Uniform Resource Locator Coordinated Universal Time VLAN Virtual Local Area Network UM BasicConfig MSP Release 2 0 02 2013 271 General Information B 3 Technical Data B 3 Technical Data You will find the technical data in the document GUI Reference Manual UM BasicConfig MSP 272 Release 2 0 02 2013 General Information B 4 Maintenance B 4 Maintenance Hirschmann is continually working to improve and develop our software You should regularly check whether there is a new version of the software that provides you with additional benefits You will find software information
81. an html file click Save Note You have the option to also send the logged events to one or more syslog servers UM BasicConfig MSP Release 2 0 02 2013 227 Operation Diagnosis 8 10 Reports 8 10 5 Audit Trail The Diagnostics Report Audit Trail dialog containssystem information and changes to the device configuration using CLI and SNMP In the case of device configuration changes the dialog displays Who changed What and When To log changes to the device configuration use the SNMP Get Request and SNMP Set Request functions located in the Diagnostics Report Global dialog The Diagnostics Report Syslog dialog allows you to configure up to 8 Syslog servers to which the device sends the Audit Trail The following list contains log events changes to configuration parameters CLI commands except show commands automatic changes to the System Time watchdog events locking a user after several unsuccessful login attempts special CLI command logging audit trail lt string gt which logs the comment user login either locally or remote via CLI manual user initiated logout timed logout after a user defined period of CLI inactivity file transfer operation including a Firmware Update configuration changes via HiDiscovery automatic configuration or firmware updates via the external memory blocked management access due to invalid login rebooting opening and closing SNMP over HTTPS tunnels detected power failures UM Ba
82. aps for input and output value changes 9 3 1 Managing Digital I O Signals The Digital IO module provides the following user functions controllable inputs on the power supply module mirroring an output to an input 1 1 mirroring the same input to different outputs 1 N mirroring configurable refresh interval for both inputs and outputs for a status update the device sends SNMP requests to obtain the state of remote or local inputs UM BasicConfig MSP 252 Release 2 0 02 2013 Advanced functions of the device 9 3 Digital 1 O Module Example An illuminated lamp in a control room indicates that a cabinet door is open The IP address of the cabinet device is 192 168 0 11 Input 1 on an IO module in slot 3 forwards the state of the cabinet door contact Output 4 on an lO module in slot 2 of the control room device receives the state of the contact and illuminates a lamp when the door is open The state of the door contact is an input and is available for other devices To configure the cabinet device to receive the signal from the door contact perform the following steps LI Open the IO Input tab of the Advanced Digital IO Module dialog O Activate the function in the Operation frame by clicking On enable Switch to the privileged EXEC mode configure Switch to the Configuration mode digital input admin state Enables the input operation on the device On the control room device enable input and output operation and mirror in
83. are n A Fingerprint Storage Type ve Modification Date Selected Encrypted Fingerprint Verified nning config 02 0 00 i jal 13 7 10 32 AM 87FF3041326F49441621997B00B 5941 J C F i ii 4 Set Reload Save Activate Delete Select mf Figure 50 Basic Settings Load Save dialog LI Click the _ button then Import The dialog shows the Import window UM BasicConfig MSP 106 Release 2 0 02 2013 Managing configuration profiles 4 3 Loading settings Import a x Source URL ah Destination Storage Type jnvm Y Configuration Profile Name i Cancel Figure 51 Import window in the Basic Settings Load Save dialog L In the Source frame specify the storage location and file name L To import the file from your PC click the button and select the storage location and file name O To import the file from a TFTP server specify the storage location and file name in the following form tftp lt IP address gt lt path gt lt file name gt O To import the file from an SCP or SFTP server specify the storage location and file name in the following form scp orsftp lt user gt lt password gt lt IP address gt lt path gt lt file name gt LI Inthe Destination frame specify the memory into which the device copies settings during import LI In the Name field change the name of the configuration profile If you keep the proposed name the device will overwrite an ex
84. arily save the changes click Set To permanently save the changes you open the Basic Settings Load Save dialog and click Save enable Switch to the privileged EXEC mode configure Switch to the Configuration mode mac filter lt MAC address gt Create the MAC address filter consisting of a lt VLAN ID gt MAC address and VLAN ID interface 1 1 Select interface 1 port 1 mac filter lt MAC address gt Assign the port to a previously created MAC lt VLAN ID gt address filter save Saves the settings in the non volatile memory of the device NVM in the selected configuration profile UM BasicConfig MSP Release 2 0 02 2013 137 Network Load Control 6 1 Direct Packet Distribution O Convert a learned MAC address into a static address entry CI Open the switching Filter for MAC addresses dialog mas Sais vwo an 22 28 20 eana 00 13 3b 00 01 8a _jlearned a0 _ learned a4 learned 1 1 ned 1 learned 1 1 1 1 learned learned 0 mgmt Set Reload Create Edit Entry Hep Figure 60 Switching Filter for MAC Addresses dialog O To convert a learned MAC address into a static address entry select the value permanent in the Status column L To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings Load Save dialog and click Save UM BasicConfig MSP 138 R
85. at the bottom of the table allows you to display devices without active LLDP support in the table In this case the device also includes information from its FDB forwarding database If you connect the port to devices with the topology discovery function active and devices with the topology discovery function inactive the topology table hides the devices without an active topology discovery When a port connects devices without an active topology discovery exclusively the table contains a line for this port to represent the connected devices This line contains the number of connected devices The FDB address table contains MAC addresses of devices that the topology table hides for the sake of clarity UM BasicConfig MSP Release 2 0 02 2013 217 Operation Diagnosis 8 8 Topology Discovery 8 8 2 LLDP Med LLDP for Media Endpoint Devices L_LDP MED is an extension to LLDP that operates between endpoint devices Endpoints include devices such as IP phones or other Voice over IP VoIP devices or servers and network devices such as switches It specifically provides support for VoIP applications LLDP MED provides this support using an additional set of common type length value TLV advertisement messages for capabilities discovery network policy Power over Ethernet inventory management and location information The device supports the following TLV messages capabilities TLV Allows LLDP MED endpoints to determine the capabilitie
86. ata in one ZIP file on your PC System log systemlog html System information systeminfo html Audit trail audittrail html Support information supportinfo html Running configuration runningconfig xml Default configuration defaultconfig xml The device creates the file name of the support information automatically in the format lt IP address gt _ lt system name gt zip LI Click on Download Support Information LI Select the directory in which you want to save the support information LI Click on Save 8 10 2 E Mail Logging The device provides an Email Logging function that allows you to send log messages using SMTP Simple Mail Transfer Protocol to one or more configured email address UM BasicConfig MSP 222 Release 2 0 02 2013 Operation Diagnosis 8 10 Reports The device sends email log messages in accordance with the following user defined parameters According to classification Classifying events as urgent or non urgent allows you to decide whether the device sends the email immediately or periodically According to severity level urgent messages unusual events equal to or greater than the configured urgent severity level The device sends urgent messages to the mail server immediately non urgent messages unusual events equal to or greater than the configured non urgent severity level and lower than the configured urgent severity level The device saves non urgent messages in a buffer a
87. ate with each other LI To temporarily save the configuration click Set CI Open the switching VLAN Port dialog C Assign the ID of the related VLANs 1 to 3 to the individual ports UM BasicConfig MSP 182 Release 2 0 02 2013 VLANs 7 1 Examples of VLANs eee Reta Ese Ae Frame Types Filtering admitAll 2 3 acimit 3 adit ll 2 1 1 kakaku admitAll Set Reload Help Figure 78 Assigning and saving Port VLAN ID Acceptable Frame Types and Ingress Filtering O Because terminal devices usually send data packets as untagged you select the admitA11 setting for the terminal device ports Configure the uplink port with admit only VLAN tags To evaluate the VLAN tag on this port activate Ingress Filtering on the uplink port To temporarily save the configuration click Set Open the Basic Settings External Memory dialog To save the configuration permanently in the external memory activate the Auto save config on envm checkbox and click Set OOO 0 enable Switch to the privileged EXEC mode configure Switch to the Configuration mode interface 1 1 Switch to the Interface Configuration mode of interface 1 1 lan participation include 1 Port 1 1 becomes member untagged in VLAN 1 lan participation include 2 Port 1 1 becomes member untagged in VLAN 2 tagging 2 enable Port 1 1 becomes member tagged in VLAN 2 lan participation include 3 Port 1 1 becomes member untagged in VL
88. ation Environ A 2 Setting up a DHCP Server with ment Option 82 Add static entries With static entries you can assign clients with known hardware address or identifier a fixed IP address and configuration profile The assigned IP addresses must not overlap with the dynamic address ranges Identifiers or hardware addresses must be specified byte by byte in hexadecimal notation For MAC hardware addresses the bytes must be separated by a dash or colon P Ceni centier M Circuit Identifier IV Remote Identifier or Hardware address foooon 040080631 09ad 7 IP Address figg 21 8 112 100 Optional Configuration Profile I v Remark T Redundant entry allow entry with an existing IP address OK Cancel Figure 102 Entering the addresses PLC Switch gt Option 82 IP 149 218 112 100 DHCP Server ae z P 149 218 112 1 amp IP 149 218 112 100 Figure 103 Application example of using Option 82 UM BasicConfig MSP Release 2 0 02 2013 265 Setting up the Configuration Environ A 2 Setting up a DHCP Server with ment Option 82 UM BasicConfig MSP 266 Release 2 0 02 2013 General Information B General Information UM BasicConfig MSP Release 2 0 02 2013 267 General Information B 1 Management Information Base MIB B 1 Management Information Base MIB The Management Information Base MIB is designed in the form of an abs
89. ave Activate Delete Select v 2 Help a Figure 43 Basic Settings Load Save dialog show config profiles nvm enable configure config profile select nvm lt 1 20 gt save UM BasicConfig MSP Release 2 0 02 2013 Displays the configuration profiles contained in non volatile memory NVM Switch to the privileged EXEC mode Switch to the Configuration mode Identifier of the configuration profile Take note of the adjacent name of the configuration profile Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 95 Managing configuration profiles 4 2 Saving settings 4 2 2 Saving the configuration profile in external memory When you save a configuration profile the device automatically creates a copy in external memory ENVM when the external memory is connected In the state on delivery of the device this function is turned on This function can be turned on or off as follows Perform the following work steps L Open the Basic Settings External Memory dialog Enable Automatic Config Auto save Type Status Writable Manufacturer ID Product Name Version Serial Number Software Update Priority contig on ENVM Set Reload Hep Loading data ok Figure 44 Basic Settings External Memory dialog LI In order to cause the device to automatically generate a copy in external memory during the saving process select
90. bsence of a supply voltage To disable this message feed the supply voltage over both inputs or ignore the monitoring 8 2 1 Events which can be monitored Name Meaning Temperature If the temperature exceeds or falls below the value specified Connection error Enable this functioin to monitor every port link event in which the Propagate Connection Error checkbox is active ENVM removal Enable this functioin to monitor the presence of an external memory storage device ENVM not in Sync The device monitors sychronization between the device configuration and the configuration stored on the ENVM Ring redundancy Enable this function to monitor the connected ports for a possible ring Power Supply Select the Propagate State check box to monitor the power supply Table 19 Device Status events 8 2 2 Configuring the Device Status L Select the Diagnostics Status Configuration Device Status dialog LI In the Monitoring field you select the events you want to monitor LI To monitor the temperature you also set the temperature thresholds inthe Basic Settings System dialog at the bottom of the System Data frame UM BasicConfig MSP 200 Release 2 0 02 2013 Operation Diagnosis 8 2 Monitoring the Device Status L Select the check box in the Trap Configuration frame LI Configure at least one SNMP Manager in the Diagnostics Status Configuration Alarms Traps dialog enable configure device status monitor e
91. c Settings Restart dialog and click Reset MAC Address Table there clear mac addr table Delete the learned MAC addresses from the MAC address table FDB UM BasicConfig MSP 140 Release 2 0 02 2013 Network Load Control 6 2 Multicasts 6 2 Multicasts By default the device floods data packets with a multicast address that is the device forwards the data packets to all ports This leads to an increased network load The use of IGMP snooping can reduce the network load caused by multicast data traffic IGMP snooping allows the device to send multicast data packets only on those ports to which devices interested in multicast are connected 6 2 1 Example of a Multicast Application Surveillance cameras transmit images to monitors in the machine room and in the monitoring room With an IP multicast transmission the cameras transmit their graphic data over the network in multicast packets The Internet Group Management Protocol IGMP organizes the multicast data traffic between the multicast routers and the monitors The switches in the network between the multicast routers and the monitors monitor the IGMP data traffic continuously IGMP snooping Switches register logins for receiving a multicast stream IGMP report The device then creates an entry in the MAC address table FDB and forwards multicast packets only to the ports on which it has previously received IGMP reports UM BasicConfig MSP Release 2 0 02 20
92. ccuracy The delay measurement allows the devices to take into account the average delay PTP version 2 offers the following methods for delay measurement End to End E2E The slave clock measures the delay of synchronization messages to the master clock End to End optimized E2E optimized The slave clock measures the delay of synchronization messages to the master clock This method is available only for transparent clocks The device sends the synchronization messages sent via multicast only to the master clock keeping the network load low If the device receives a synchronization message from another master clock it sends the synchronization messages only to this new port If the device knows no master clock it sends synchronization messages to all device ports Peer to Peer P2P The slave clock measures the delay of synchronization messages to the master clock In addition the master clock measures the delay to each slave clock even across blocked ports This requires that the master and slave clock support Peer to Peer P2P In case of interruption of a redundant ring for example the slave clock becomes the master clock and the master clock becomes the slave clock This switch occurs without loss of precision because the clocks already know the delay in the other direction UM BasicConfig MSP Release 2 0 02 2013 129 Synchronizing the System Time in the 5 3 PTP Network 5 3 4 PTP domains The device transmits synchroniza
93. ce LI Enter a user name The default setting for the user name is admin Press the Enter key O Enter the password The default setting for the password is private Press the Enter key You can change the user name and the password later in the Command Line Interface These entries are case sensitive The device displays the CLI start screen Note This device is a security product Change the password during the first startup procedure UM BasicConfig MSP 28 Release 2 0 02 2013 User interfaces 1 2 Command Line Interface Copyright c 2011 2013 Hirschmann Automation and Control GmbH All rights reserved MSP Release HiOS 2A 02 0 00 Build date 2013 02 20 20 20 System Name MSP ECE555F63600 Management IP 10 115 45 104 Subnet Mask 1 255 255 224 0 Base MAC 2 BC2hSs552F6 3 62 0 0 System Time 2013 02 11 11 14 35 NOTE Enter for Command Help Command help displays all options that are valid for the particular mode For the syntax of a particular command form please consult the documentation MSP gt Figure 11 Start screen of CLI 1 2 4 CLI via the V 24 port A serial interface is provided on the V 24 interface for the local connection of an external management station VT100 terminal or PC with terminal emulation This enables you to set up a connection to the Command Line Interface CLI and to the System Monitor VT 100 t
94. ce as trusted dhcp 12relay mode Enable the DHCP Layer 2 Relay function on the interface exit Switch to the Configuration mode interface 1 2 Switch to the interface configuration mode for port 1 2 dhcp l2relay trust To forward the DHCP Option 82 information configure the interface as trusted dhcp 12relay mode Enable the DHCP Layer 2 Relay function on the interface exit Switch to the Configuration mode dhcp l2relay mode Enable the DHCP Layer 2 Relay function globally UM BasicConfig MSP Release 2 0 02 2013 239 Operation Diagnosis 8 16 Network Monitoring with sFlow 8 16 Network Monitoring with sFlow sFlow is a standard protocol for monitoring networks The device provides this function for visibility into network activity enabling effective management and control of network resources The sFlow monitoring system consists of an sFlow agent embedded in the device and a central sFlow collector The agent uses sampling technology to capture traffic statistics sFlow instances associated with individual data sources within the agent perform packet flow and counter sampling Using sFlow datagrams the agent forwards the sampled traffic statistics to an sFlow collector for analysis The agent uses 2 forms of sampling a statistical packet based sampling of packet flows and a timed based sampling of counters An sFlow datagram contains both types of samples Packet flow sampling based on a sampling rate sends a steady but rando
95. ch to the Configuration mode Switch to the privileged EXEC mode Show details for VLAN 3 In Au Au 3 ic ys 02 52 26 System Uptime nfigured Tagging todetect Tagged clude Untagged clude Untagged todetect Tagged todetect Tagged 177 VLANs 7 1 Examples of VLANs 7 1 2 Example 2 Management Station optional Figure 75 Example of a more complex VLAN configuration The second example shows a more complex configuration with 3 VLANs 1 to 3 Along with the Switch from example 1 you use a 2nd Switch on the right in the example The simple network divides the terminal devices A H of the individual VLANs over 2 transmission devices Switches VLANs configured in this manner are distributed VLANs When configured correctly the VLANs allow the optional Management Station to access the network components Note In this case VLAN 1 has no significance for the terminal device communication but it is required for the administration of the transmission devices via what is known as the Management VLAN As in the previous example uniquely assign the ports with their connected terminal devices to a VLAN With the direct connection between the 2 transmission devices uplink the ports transport packets for both VLANs To differentiate these uplinks you use VLAN tagging which handles the frames accordingly Thus you maintain the assignment
96. ck to factory defaults The dialog displays a warning message L Click the OK button The device deletes the configuration profiles in the memory RAM and in the non volatile memory NVM If external memory is connected the device also deletes the configuration profiles saved in the external memory ENVM After a brief period the device restarts and loads the factory settings enable Switch to the privileged EXEC mode clear factory Delete the configuration profiles in the memory RAM and in non volatile memory NvM If external memory is connected the device also deletes the configuration profiles saved in the external memory ENVM After a brief period the device reboots and loads the factory settings UM BasicConfig MSP Release 2 0 02 2013 Managing configuration profiles 4 4 Resetting the device to the factory defaults 4 4 2 In the System Monitor Prerequisite Your PC is connected via terminal cable with the V 24 connection of the device Perform the following work steps L L Restart the device To switch to the System Monitor press 1 within 3 seconds when prompted during reboot The device loads the System Monitor To switch from the main menu to the Manage configurations menu press 4 To execute the Clear configs and boot params command press Tr To load the factory settings press the Enter key The device deletes the configuration profiles in the memory RAM and in the non volatile
97. cmd5 des Schreiben Laden L schen Erzeugen Hilfe Figure 35 Securi ty User Management dialog L Adjust the values to meet your requirements gt Values in the range 1 16 are allowed The value 0 deactivates the relevant policy gt The Minimum Password Length field allows values in the range 6 64 O To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings Load Save dialog and click Save UM BasicConfig MSP 78 Release 2 0 02 2013 Access to the device enable configure passwords min lenght lt 6 64 gt passwords min lowercase chars lt 1 16 gt pa m passwords sswords i s min special chars lt 1 16 gt s i n numeric chars lt 1 16 gt swords n uppercase chars lt 1 16 gt pa m show passwords save UM BasicConfig MSP Release 2 0 02 2013 3 2 User Management Switch to the privileged EXEC mode Switch to the Configuration mode Specifies the policy for the minimum length of the password Specifies the policy for the minimum number of lower case letters in the password Specifies the policy for the minimum number of digits in the password Specifies the policy for the minimum number of special characters in the password Specifies the policy for the minimum number of upper case letters in the password Shows the policies that are set up Saves the settings in the non volatile memory of th
98. d SNTP server If this request is also unsuccessful it sends the request to the 3rd and finally the 4th SNTP server If none of these SNTP servers responds the SNTP client loses its synchronization The SNTP client periodically sends requests to each SNTP server until a server delivers a valid time Note The device provides the option of obtaining a list of SNTP server IP addresses from a DHCP server L If no reference time source is available to you determine a device with an SNTP server as a reference time source Adjust its system time at regular intervals 5 2 2 Defining settings of the SNTP client As an SNTP client the device obtains the time information from SNTP or NTP servers and synchronizes its system clock accordingly Perform the following work steps UM BasicConfig MSP Release 2 0 02 2013 121 Synchronizing the System Time in the 5 2 SNTP Network LI Open the Time SNTP Client dialog Operation Configuration State Mode unicast x notSynchronizea on off Request Interval s 30 Disable Client after successful Synchronization r index Target UDP Port ene ea a 1 NTP Server 192 168 1 0 123 Success Set Reload Create Remove Help Figure 54 Time SNTP Client dialog L Set the SNTP operation mode In the Configuration frame select one of the following values in the aoe field gt unicast The device sends requests to an SNTP server and expects a response from this server
99. d VLAN 7 7 Protocol based VLAN In a protocol based VLAN the device bridges traffic through specified ports based on the protocol associated with the VLAN User defined packet filters determine whether a packet belongs to a particular VLAN Configure protocol based VLANs using the Ethertype field as the filtering criteria for untagged packets For example assign a specific protocol to a protocol based VLAN When the device receives untagged packets with the protocol it forwards them to the protocol based VLAN The device assigns the other untagged packets to the port VLAN ID UM BasicConfig MSP Release 2 0 02 2013 191 VLANs 7 8 VLAN unaware mode 7 8 VLAN unaware mode The VLAN unaware function defines the operation of the device in a LAN segmented by VLANs The device accepts packets and frames and processes them according to its inbound rules Based on the IEEE 802 1Q specifications the function governs how the device processes VLAN tagged frames or packets Use the VLAN aware mode to apply the user defined VLAN topology configured by the network administrator The device uses VLAN tagging in combination with the IP or Ethernet address when forwarding packets or frames The device processes inbound and outbound frames or packets according to the defined rules VLAN configuration is a manual process Use the VLAN unaware mode to forward traffic as received without any modification For example the device transmits tagged packe
100. d a Remote ID The Circuit ID and Remote ID provide information about the circuit and port number connected to the client The device adds this information as suboptions in the DHCP Option 82 packet The device removes this information from frames that it relays from the Layer 3 Relay agent and DHCP server to the clients In addition to the type length and multicast fields the circuit identifier includes the VLAN ID unit number slot number and port number for the connected client The Remote ID consists of a type and length field and either a MAC address IP address client identifier or a user defined device description A client identifier is the user defined system name for the device UM BasicConfig MSP 236 Release 2 0 02 2013 Operation Diagnosis 8 15 DHCP L2 Relay 8 15 2 DHCP L2 Relay Configuration This dialog allows you to activate the DHCP Layer 2 Relay function globally on an interface and on a VLAN The device relays packets with Option 82 information on active trusted ports Activate trusted ports for interfaces on the path between the DHCP Layer 2 Relay and DHCP server The device drops frames containing Option 82 information on active untrusted ports Activate the ports exclusively for interfaces connected to terminal devices DHCP Client Figure 83 DHCP Layer 2 Example Network Verify that VLAN 2 is present and available before perform the following steps on Switch 1 Open the Advanced DHCP L2 Relay Con
101. d file name in the following form scp orsftp lt user gt lt password gt lt IP address gt lt path gt lt file name gt LI Click the OK button The configuration profile is now saved as an XML file in the specified location show config profiles nvm Displays the configuration profiles contained in non volatile memory NVM enable Switch to the privileged EXEC mode copy config running config Save the configuration profile in memory RAM on remote tftp lt IP Adresse gt a TFTP server lt Pfad gt lt Dateiname gt copy config nvm Save the selected configuration profile in non remote tftp lt IP Adresse gt volatile memory NVM on a TFTP server lt Pfad gt lt Dateiname gt copy config nvm Save the configuration profile config3 in non profile config3 volatile memory NVM on a TFTP server remote tftp lt IP Adresse gt lt Pfad gt lt Dateiname gt UM BasicConfig MSP Release 2 0 02 2013 99 Managing configuration profiles 4 3 Loading settings 4 3 Loading settings Through loading of settings the device allows you to quickly switch to other settings if required Prerequisite User account with authorization profile administrator 4 3 1 Activating a configuration profile The non volatile memory of the device can accommodate several configuration profiles If you activate a configuration profile stored there you change the settings on the device on the fly without rebooting P
102. ds traps Oo O OO The device generates traps for changes selected in the dialogs Diagnostics Status Configuration Device Status and Diagnostics Status Configuration Security Status Create at lease one SNMP Manager to receive the traps Note You need read write access for this dialog UM BasicConfig MSP Release 2 0 02 2013 197 Operation Diagnosis 8 1 Sending Traps Operation on oft Set Reload Create Remove Help Figure 79 Alarms dialog 8 1 4 ICMP Messaging The device allows you to use the Internet Control Message Protocol ICMP for diagnostic applications for example ping and trace route The device also uses ICMP for time to live and discarding messages in which the device forwards an ICMP message back to the packet source device Use the ping network tool to test the path to a particular host across an IP network The traceroute diagnostic tool displays paths and transit delays of packets across a network The CLI handbook contains a description of the ping and traceroute tools UM BasicConfig MSP 198 Release 2 0 02 2013 Operation Diagnosis 8 2 Monitoring the Device Status 8 2 Monitoring the Device Status The device status provides an overview of the overall condition of the device Many process visualization systems record the device status for a device in order to present its condition in graphic form The device displays its current status as Error or OK in the De
103. e addresses the bytes must be separated by a dash or colon T Cleat Identite Circuit Identifier Re ier or a Hardware address IP Address Optional Configuration Profile Remark T Redundant entry fallow entry with an existing IP address ox w coe Figure 101 Default setting for the fixed address assignment C Inthe Hardware address field you enter the Circuit Identifier and the Remote Identifier see DHCP Relay Agent in the Web based Interface reference manual With Hardware address you Identify the device and the port to which that device is connected to which you want the assign the IP address in the line below it The hardware address is in the following form ciclhhvvvvssmmpprirlxxxxxxXxXXxXXX 264 ci sub identifier for the type of the circuit ID cl length of the circuit ID hh Hirschmann ID 01 if a Hirschmann device is connected to the port otherwise 00 vvvv VLAN ID of the DHCP request default 0001 VLAN 1 ss socket of device at which the module with that port is located to which the device is connected Enter the value 00 mm module with the port to which the device is connected pp port to which the device is connected ri sub identifier for the type of the remote ID rl length of the remote ID XXXXXXXXXXXX remote ID of the device e g MAC address to which a device is connected UM BasicConfig MSP Release 2 0 02 2013 Setting up the Configur
104. e detection enabled the device polls the network to determine whether there is an address conflict After resolving an address conflict or after expired release delay time the device reconnects to the network Following 10 detected conflicts if the configured release delay interval is less than 60 s then the device sets the release delay interval to 60 s After the device performs active detection or you disable the active detection function with passive detection enabled the device listens on the network for other devices using the same IP address If the device detects a duplicate IP address it initially defends its address by employing the ACD mechanism in the passive detection mode and sends out gratuitous ARPs The number of protections that the device sends and the protection interval are configurable To resolve conflicts if the remote device remains connected to the network the network interface of the local device disconnects from the network When a DHCP server assigns an IP address to the device the device returns a DHCP decline message when an address conflict occurs The device uses the ARP probe method which has the following advantages ARP caches on other devices remain unchanged the method is robust through multiple ARP probe transmissions UM BasicConfig MSP 54 Release 2 0 02 2013 Access to the device 3 Access to the device UM BasicConfig MSP Release 2 0 02 2013 55 Access to the device 3 1 Authentication li
105. e device activates the new mode immediately after the Write button is pressed LI In the VLAN ID field you enter the ID of the VLAN in which the device management can be accessed via the network O Note here that you can only access the management via device ports that are members of the relevant VLAN The MAC address field shows the MAC address of the device with which you access the device via the network L In the HiDiscovery Protocol frame you define the settings for accessing the device via the HiDiscovery software LI The HiDiscovery protocol allows you to allocate an IP address to the device on the basis of its MAC address Activate the HiDiscovery protocol if you want to allocate an IP address to the device from your PC with the supplied HiDiscovery software default setting Admin Status On Access read write LI If required you can manually enter the IP address the netmask and the gateway in the IP Parameter frame O To temporarily save the changes click Set Note Um die Konfiguration auch nach einem Neustart noch verfugbar zu haben speichern Sie die Einstellungen permanent ber den Dialog Grundeinstellungen Laden Speichern UM BasicConfig MSP 48 Release 2 0 02 2013 Entering IP Parameters 2 5 Entering IP Parameters per BOOTP 2 9 Entering IP Parameters per BOOTP With the BOOTP function activated the device sends a boot request message to the BOOTP server The boot request message contains the
106. e 2 0 02 2013 Introduction Introduction The device has been developed for use in a harsh industrial environment Accordingly the installation process has been kept simple Thanks to the selected default settings you only have to enter a few settings before starting to operate the device Note The changes you make in the dialogs are copied into the volatile memory of the device when you click on Set To save the changes to the device into permanent memory select the saving location in the Basic Settings Load Save dialog box and click on Save UM BasicConfig MSP Release 2 0 02 2013 13 Introduction UM BasicConfig MSP 14 Release 2 0 02 2013 User interfaces 1 User interfaces The device allows you to specify the settings of the device using the following user interfaces User interface Can be reached through Graphical user interface GUI Ethernet in band Command Line Interface CLI Ethernet in band V 24 out of band System Monitor V 24 out of band Prerequisite HiView or Web browser and Java Terminal emulation software Terminal emulation software Table 1 User interfaces for accessing the management of the device UM BasicConfig MSP Release 2 0 02 2013 15 User interfaces 1 1 Graphical user interface GUI 1 1 Graphical user interface GUI The graphical user Interface GUI allows you to conveniently define and monitor the settings of the device from a computer on the networ
107. e SFP status display allows you to look at the current SFP module connections and their properties The properties include module type serial number of media module temperature in C transmission power in mW receive power in mW ii LI Open the Diagnostics Ports SFP dialog UM BasicConfig MSP Release 2 0 02 2013 215 Operation Diagnosis 8 8 Topology Discovery 8 8 Topology Discovery IEEE 802 1AB defines the Link Layer Discovery Protocol LLDP LLDP allows the user to automatically detect the LAN network topology Devices with LLDP active broadcast their connection and management information to neighboring devices on the shared LAN Evaluation of the devices occur when the receiving device has its LLDP function active receive connection and management information from neighbor devices on the shared LAN provided these adjacent devices also have LLDP active build a management information database and object definitions for storing information about adjacent devices with LLDP active As the main element the connection information contains an exact unique identifier for the connection end point MAC Service Access Point This is made up of a device identifier which is unique on the entire network and a unique port identifier for this device Content of the connection and management information Chassis identifier its MAC address Port identifier its port MAC address Description of port System name System de
108. e device NVM in the selected configuration profile 79 Access to the device 3 3 SNMP Access 3 3 SNMP Access 3 3 1 SNMPv1 v2 Community The SNMP protocol allows you to monitor and configure the device via the network with a network management system NMS When the NMS accesses the device via SNMPv1 or SNMPv2 the NMS authenticates itself with the community With the default settings you access the device via the public read access and private read write access communities The community is contained in every SNMP packet When it receives a packet the device compares this community with the communities specified in the device If the communities match the device accepts the SNMP packet and grants access Make the following basic provisions to make undesired access to the device more difficult L Change the community for read write access Treat this community confidentially Everyone who knows the community has the option to change the settings for the device L Specify a different community for read write access than for read access L Use SNMPv1 or SNMPv2 only in environments protected from eavesdropping The protocols do not use encryption The SNMP packets contain the community in clear text We recommend using SNMPv3 and deactivating the access via SNMPv1 and SNMPvz2 in the device UM BasicConfig MSP 80 Release 2 0 02 2013 Access to the device 3 3 SNMP Access Prerequisite User account with authoriza
109. e dialog shows the user accounts that are set up Configuration Password Policy Number of Login Attempts fo Minimum Password Length f Minimum Upper Cases fi Minimum Lower Cases fi Minimum Numbers fi Minimum Special Charactes fi l J 7 User Policy User Name Active Password Access Role sched Check SNMP Auth Type SNMP Encyrption Type Mo administrator D O hinaemasi des Iv sarak guest m m hmacmd5 des Set Reload Remove Create Help Figure 31 Securi ty User Management dialog O To obtain a higher level of complexity for the password select the Policy Check checkbox Before saving it the device checks the password according to the policy defined in the Password Policy frame Note The password check may lead to a message in the Basic Settings System dialog Security Status frame You specify the settings that cause this message in the Diagnostics Status Configuration Security Status dialog UM BasicConfig MSP Release 2 0 02 2013 71 Access to the device 72 3 2 User Management L Click the row of the relevant user account in the Password field Enter a password of at least 6 characters Up to 64 alphanumeric characters are allowed The device differentiates between upper and lower case The minimum length of the password is defined in the Password Policy frame The device always checks the minimum length of the password L To temporarily save the changes
110. ease 2 0 02 2013 Index C Index A AF 158 Aging time 142 Alarm 197 Alarm messages 194 APNIC 36 ARIN 36 ARP 40 Assured Forwarding 158 Authorization profiles 67 B Bandwidth 167 Best Master Clock algorithm 128 BOOTP 35 50 Boundary clock PTP 127 Cc CD ROM 256 262 Classless Inter Domain Routing 40 Class Selector 158 Closed circuit 207 Command Line Interface 19 Configuration changes 194 Configuration file 50 D Daylight saving time 116 Delay measurement PTP 129 Delay PTP 129 Destination table 194 Device Status 199 DHCP 35 DHCP client 50 DHCP L2 Relay 235 DHCP server 115 121 256 262 Differentiated services 158 DiffServ 153 DiffServ Codepoint 158 DSCP 153 158 163 E EF 158 Events 224 Event Log 227 Expedited Forwarding 158 UM BasicConfig MSP Release 2 0 02 2013 F FAQ First installation Flow control G Gateway Generic object classes Grandmaster PTP H HaneWin Hardware reset HiDiscovery HiView HiVision Host address l IANA IEEE MAC Address IGMP snooping Industrial HiVision Installation GUI Instantiation IP Address IP header ISO OSI layer model J Java Runtime Environment L LACNIC Leave message Link monitoring Login window M MAC address filter MAC destination address Memory RAM Message Multicast 279 167 37 44 268 128 256 262 194 45 51 37 36 43 50 153 157 158 40 17 36 142 199 207 18 277 Index N Net
111. ed the host key or you have actually connected to another computer pretending to be the server The new rsa key Fingerprint is 1024 4 62 99 32 56 07 26 10 c5 39 55 e4 65 a9 F9 6e IF you were expecting this change and trust the new key hit Yes to update PuTTY s cache and continue connecting IF you want to carry on connecting but without updating the cache hit No IF you want to abandon the connection completely hit Cancel Hitting Cancel is the ONLY guaranteed safe choice Figure 9 Security alert prompt for the fingerprint LI Check the fingerprint to help protect yourself from unwelcome guests LI If the fingerprint matches that of the device key click Yes You can read the fingerprints of the device key with the CLI command show login or in the Web interface in the SSH access dialog Note The OpenSSH Suite offers experienced network administrators a further option to access your device via SSH To set up the connection enter the following command ssh admin 10 149 112 53 admin represents the user name 10 149 112 53 is the IP address of your device UM BasicConfig MSP Release 2 0 02 2013 27 User interfaces 1 2 Command Line Interface CLI appears on the screen with a window for entering the user name Up to five users can access the Command Line Interface at the same time login as admin admin a b c d s password Figure 10 Login window in CLI a b c d is the IP address of your devi
112. elease 2 0 02 2013 Network Load Control 6 1 Direct Packet Distribution O Disable a static address entry CI Open the switching Filter for MAC addresses dialog 00 13 0 01 8a learned a0 jlearned learned learned Address status van n 22 20 24 learned z 0 jlearned 0 mgmt 1 1 1 1 1 1 1 Set Reload Create Edit Entry Hep Figure 61 Switching Filter for MAC Addresses dialog O To disable a static address entry select the value invalid in the Status column L To temporarily save the changes click Set enable configure interface 1 1 Switch to the privileged EXEC mode Switch to the Configuration mode Select interface 1 port 1 no mac filter lt MAC address gt Cancel the assignment of the MAC address filter lt VLAN exit UM BasicConfig MSP ID gt Release 2 0 02 2013 on the port Switch to the Configuration mode 139 Network Load Control 6 1 Direct Packet Distribution no mac filter lt MAC address gt Delete the MAC address filter consisting of a lt VLAN ID gt MAC address and VLAN ID Switch to the privileged EXEC mode Saves the settings in the non volatile memory of the device NVM in the selected configuration profile exit save L Delete learned MAC addresses L To delete the learned addresses from the MAC address table FDB open the Basi
113. en the device operates as an SNTP server it provides its system time in coordinated world time UTC in the network Perform the following work steps LI Open the Time SNTP Server dialog Operation on off Configuration Listen UDP Port 123 Broadcast Admin Mode L Broadcast Destination Address 0 0 0 0 ba Broadcast Port 123 Broadcast VLAN ID pooo Broadcast Send Interval s 128 Disable Server at local Time Source L T aries fyncTooca tti lt Cs sS Set Reload Help Figure 55 Time SNTP Server dialog L To activate the SNTP server function select the On value in the Admin Status frame UM BasicConfig MSP 124 Release 2 0 02 2013 Synchronizing the System Time in the 5 2 SNTP Network L To turn on broadcast operation mode select the checkbox Broadcast Admin Mode in the Configuration frame In the broadcast operation mode the SNTP server sends SNTP messages to the network in defined intervals The SNTP server also responds to the requests from SNTP clients in unicast operation mode L Inthe Broadcast Destination Address field you set the IP address to which the SNTP server sends the SNTP packets Set a broadcast address or a multicast address L In the Broadcast Port field you enter the number of the UDP port to which the SNTP server sends the SNTP packets in broadcast operation mode L Inthe Broadcast VLAN ID field you enter the ID of the VLAN in which the SNTP server sends the
114. er level of complexity for the password Specifies the password SECRET for the lt operator gt user account Enter at least 6 characters Allocates the operator authorization profile to the lt operator gt user account Activates the lt operator gt user account Shows the user accounts that are set up Saves the settings in the non volatile memory of the device NVM in the selected configuration profile Note Remember to allocate the password when you are setting up a new user account in the CLI 15 Access to the device 3 2 User Management 3 2 6 Deactivating the user account After a user account is deactivated the device denies the related user access to the management functions In contrast to completely deleting it deactivating a user account allows you to keep the settings and reuse them in the future Prerequisite User account with authorization profile administrator Perform the following work steps O To keep the user account settings and reuse them in the future you temporarily deactivate the user account L Open the Security User Management dialog The dialog shows the user accounts that are set up Konfiguration Passwort Richtlinien Anzahl Login Versuche fo Mindestlange des Passwortes fe Mindestanzahl Grofsbuchstaben fo Mindestanzahl Kleinbuchstaben ho Mindestanzahl Zahlen fo Mindestanzahl Sonderzeichen fi Benutz Richtlini Benutzername Aktiv Passwort Berechtigung pikea
115. erform the following work steps UM BasicConfig MSP 100 Release 2 0 02 2013 Managing configuration profiles 4 3 Loading settings L Open the Basic Settings Load Save dialog External Memory Selected ENVM SD Configuration Encryption Active Set Password Delete Information NYM synchron to running config 14 Status lok ENVM synchron to NVM Vv Undo Modifications of Configuration Function Con off Period to undo while Connection is lost s 600 Watchdog IP Address 0 0 0 0 Fingerprint Verified E ga Set Reload Save Activate Delete Select v Hep Figure 47 Basic Settings Load Save dialog LI Select the line of the desired configuration profile L Click the Activate button The device copies the settings to memory RAM and disconnects from the graphical user interface The device immediately uses the settings of the configuration profile on the fly L Reload the graphical user interface LI Login again UM BasicConfig MSP Release 2 0 02 2013 101 Managing configuration profiles 4 3 Loading settings In the Selected column the checkbox of the configuration profile that was just activated is selected External Memory Selected ENVM so Configuration Encryption Active 7 Set Password Delete Information NVM synchron to running contig IV Status fox ENVM synchron to NVM Vv Undo Modifications of Configuration
116. erier dialog L In the Admin Status frame turn the IGMP querier function of the device on or off globally LI To enable the IGMP querier function for a specific VLAN select the Active checkbox on the line of the desired VLAN When the device recognizes another multicast querier in the corresponding VLAN when Election Participate Mode is activated it carries out a simple selection process If the IP source address of the other multicast querier is lower than its own the device switches to the passive state in which it does not send out any more query requests UM BasicConfig MSP 146 Release 2 0 02 2013 Network Load Control 6 2 Multicasts Under Address you specify the IP multicast address that the device inserts as the sender address in generated query requests You use the address of the multicast router O To temporarily save the configuration click Set IGMP Snooping Enhancements Table The Switching IGMP Snooping Enhancements dialog gives you access to enhanced settings for the IGMP snooping function You enable or disable the settings on a per port basis in a VLAN The following settings are possible Static Use this setting to set the port as a static query port The device sends all IGMP messages on a static query port even if it has previously received no IGMP query messages on this port If the static option is disabled the device sends IGMP messages on this port only if it has previously received I
117. erminal settings Speed 9 600 Baud Data 8 bit Stopbit 1 bit Handshake off Parity none UM BasicConfig MSP Release 2 0 02 2013 29 User interfaces 1 2 Command Line Interface The socket housing is electrically connected to the housing of the device Pin Pin n c TX RJ11 6 1 CTS GND RX RTS 1 2 3 4 5 6 DB9 ooo0oo0o0 oo0oo0o0 a a WN Figure 12 Pin assignment of the V 24 interface and the DB9 connector L Connect the device to a terminal via V 24 or to a COM port of your PC using terminal emulation based on VT100 and press any key L Or you set up the serial connection to the MSP via V 24 with PuTTY see Fig 13 Press the Enter key IR PuTTY Configuration a x Figure 13 Serial connection via V 24 with PuTTY About Category El Session Logging E Terminal Keyboard Bell Features E Window Appearance Behaviour Translation Selection Colours Connection Data Proxy Telnet login SSH Serial Basic options for your PuTTY session Specify the destination you want to connect to Serial line Speed coms 9600 Connection type C Raw C Telnet C Rlogin C SSH Serial Load save or delete a stored session Saved Sessions rd z Load Save Delete Close window on exit C Always C Never Only on clean exit coc After the connection has been made successfully the device display
118. ery time The appendix contains an example configuration of the BOOTP DHCP server Example of a DHCP configuration file etc dhcpd conf for DHCP Daemon subnet 10 1 112 0 netmask 255 255 240 0 option subnet mask 255 255 240 0 option routers 10 1 112 96 UM BasicConfig MSP Release 2 0 02 2013 51 Entering IP Parameters 2 6 Entering IP Parameters per DHCP Host berta requests IP configuration with her MAC address host berta hardware ethernet 00 80 63 08 65 42 fixed address 10 1 112 82 Host hugo requests IP configuration with his client identifier host hugo option dhcp client identifier hugo option dhcp client identifier 00 68 75 67 6f fixed address 10 1 112 83 server name 10 1 112 11 filename agent config dat Lines that begin with the character contain comments The lines that precede the individual devices indicate settings that apply to the following device The fixed address line assigns a fixed IP address to the device Please refer to your DHCP Server manual for more details UM BasicConfig MSP 52 Release 2 0 02 2013 Entering IP Parameters 2 7 Management Address Conflict Detection 2 Management Address Conflict Detection You assign an IP address to the device using several different methods This function helps t
119. eter using the web based interface 2 4 Enter the IP Parameter using the web based interface To configure the global parameters use the following steps L Open the Basic Settings Network Global dialog In this dialog you first define the source from which the device gets its IP parameters after starting You also define the VLAN in which the device management can be accessed configure the HiDiscovery access and allocate manual IP parameters Management Interface IP Address Assignment C BooTP DHCP C Local VLAN ID 1 MAC Address EC E5 55 F5 C2 00 HiDiscovery Protocol BOOTP DHCP Operation On Off Client ID JMSP ECE555F5C200 Access jreadyVrite v IP Parameter IP Address fi 0115 45 104 Netmask fess 255 224 0 Gateway address fi 0115323 Set Reload Hep Figure 22 Basic Settings Network Global dialog LI In the Management Interface frame you first define where the device gets its IP parameters from UM BasicConfig MSP Release 2 0 02 2013 47 Entering IP Parameters 2 4 Enter the IP Parameter using the web based interface In the BOOTP mode the configuration is viaa BOOTP or DHCP server on the basis of the MAC address of the device In the DHCP mode the configuration is viaa DHCP server on the basis of the MAC address or the name of the device In the Local mode the device uses the network parameters from the internal device memory Note When you change the allocation mode of the IP address th
120. figuration dialog Open the Interface tab Enable port 1 1 as an untrusted port by clicking the Active control box Allow the device to send and receive Option 82 information on port 1 2 by clicking the Trusted Port control box To enable the function on the port click the Active control box Open the VLAN tab H0 ee UM BasicConfig MSP Release 2 0 02 2013 237 Operation Diagnosis 8 15 DHCP L2 Relay L To add the VLAN 2 circuit identifier to the frame click the Circuit ID control box LI Define the VLAN 2 remote identifier as the IP address of the device by selecting ip from Remote ID Type pull down menu L To enable the function on the port click the Active control box LI Active the function globally in the Operation frame by clicking On Perform the following steps on Switch 2 Open the Advanced DHCP L2 Relay Configuration dialog Open the Interface tab To allow the device to send and receive Option 82 information on the port 1 1 click the Trusted Port control box To enable the function on the port click the Active control box To allow the device to send and receive Option 82 information on the port 1 2 click the Trusted Port control box To enable the function on the port click the Active control box Active the function globally in the Operation frame by clicking On OO OO OOO Verify that VLAN 2 is present then perform the following steps on Switch 1
121. g show authlists Shows the lists that are set up UM BasicConfig MSP 58 Release 2 0 02 2013 Access to the device 3 1 Authentication lists 3 1 5 Adjusting the settings The device allows you to allocate a separate policy for the authentication to every application with which someone accesses the device In the following example we will set up a separate list for each of the applications included in the default list defaultLoginAuthList Prerequisite User account with authorization profile administrator Perform the following work steps O Create new lists LI Open the Security Authentication List dialog O Click Create The dialog shows the New Entry frame New entry Name ft Policy 1 jlocal Na Policy 2 reject ad Policy 3 jreject ai Policy 4 fet xl Policy 5 reject v Active F Set Set and back Back Hep Figure 24 New Entry frame in the Security Authentication List dialog LI Enter a meaningful name in the Name field In this example we give the list the following names loginGUI for access using the graphical user interface GUI loginSSH for access using the CLI via SSH loginSSH for access using the CLI via Telnet UM BasicConfig MSP Release 2 0 02 2013 59 Access to the device 3 1 Authentication lists LI Select the desired method in the fields Policy 1 to Policy 5 O Select radius for the device to forward authentication requests to a RADIUS server in the net
122. g BOOTP You need a BOOTP server for this method The BOOTP server assigns the configuration data to the device using its MAC address The DHCP mode is the default mode for the configuration data reference set the parameter to the BOOTP mode for this method Configuration via DHCP You choose this in band method to configure the installed device using DHCP You need a DHCP server for this method The DHCP server assigns the configuration data to the device using its MAC address or its system name Configuration via the web based interface If the device already has an IP address and is reachable via the network then the web based interface provides you with another option for configuring the IP parameters UM BasicConfig MSP Release 2 0 02 2013 35 Entering IP Parameters 2 1 IP Parameter Basics 2 1 IP Parameter Basics 2 1 1 IP Address Version 4 The IP addresses consist of 4 bytes Write these 4 bytes in decimal notation separated by a decimal point RFC 1340 written in 1992 defines 5 classes of IP address Class Network Host address Address range address A 1 byte 3 bytes 0 0 0 0 to 127 255 255 255 B 2 bytes 2 bytes 128 0 0 0 to 191 255 255 255 C 3 bytes 1 byte 192 0 0 0 to 223 255 255 255 D 224 0 0 0 to 239 255 255 255 E 240 0 0 0 to 255 255 255 255 Table 2 IP address classes The first byte of an IP address is the network address The worldwide leading regulatory board for assigning network addresses is the I
123. g MSP Release 2 0 02 2013 Enable RAM selftest on cold start Switch off the ramtest function Enable the SysMon1 function Switch off the SysMon1 function Show status of the actions to be taken in the event of device degradation Show ramtest and sysmon settings in event of a cold start 233 Operation Diagnosis 8 14 Copper Cable Test 8 14 Copper Cable Test Use this feature to test copper cables attached to an interface for a short or open circuit The test interrupts traffic flow when in progress on this port The table displays the state and lengths of each individual pair The device returns a result with the following meaning normal indicates that the cable is operating properly open indicates an interruption in the cable short circuit indicates a short circuit in the cable untested indicates an untested cable Unknown cable unplugged UM BasicConfig MSP 234 Release 2 0 02 2013 Operation Diagnosis 8 15 DHCP L2 Relay 8 15 DHCP L2 Relay A network administrator uses the DHCP Layer 2 Relay agent to add DHCP client information required by Layer 3 Relay agents and DHCP servers to assign an address and configuration to a client When a DHCP client and server are in the same IP subnet they exchange IP address requests and replies directly However having a DHCP server on each subnet is expensive and often impractical An alternative to having a DHCP server in every subnet is to use the networ
124. g Time L To select a preset profile for the start and end of daylight saving time click the Profile button in the Admin Status frame UM BasicConfig MSP 116 Release 2 0 02 2013 Synchronizing the System Time in the 5 1 Basic settings Network LI If no matching daylight saving time profile is available you can define the changeover times in the fields Summertime Begin und Summertime End For both time points you define the month the week within this month the weekday and the time of day O To enable automatic changeover to daylight saving time select the On value in the Admin Status frame O To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings Load Save dialog and click Save enable Switch to the privileged EXEC mode configure Switch to the Configuration mode clock summer time mod Configure the automatic daylight saving time lt disable recurring eu usa gt changeover turn on or off or activate with a profile clock summer time recurring Enter the start time for the changeover start clock summer time recurring Enter the end time for the changeover end save Saves the settings in the non volatile memory of the device NVM in the selected configuration profile UM BasicConfig MSP Release 2 0 02 2013 117 Synchronizing the System Time in the 5 2 SNTP Network 5 2 SNTP The Simple Network Time Protocol SNTP allows
125. ghted Round Robin 159 UM BasicConfig MSP Release 2 0 02 2013 Further Support D Further Support Technical Questions For technical questions please contact any Hirschmann dealer in your area or Hirschmann directly You will find the addresses of our partners on the Internet at http Awww hirschmann com Contact our support at https hirschmann support belden eu com You can contact us in the EMEA region at Tel 49 0 1805 14 1538 E mail hac support belden com in the America region at Tel 1 717 217 2270 E mail inet support us belden com in the Asia Pacific region at Tel 65 6854 9860 E mail inet ap belden com Hirschmann Competence Center The Hirschmann Competence Center is ahead of its competitors Consulting incorporates comprehensive technical advice from system evaluation through network planning to project planning Training offers you an introduction to the basics product briefing and user training with certification The current technology and product training courses can be found at http www hicomcenter com Support ranges from the first installation through the standby service to maintenance concepts UM BasicConfig MSP Release 2 0 02 2013 279 Further Support With the Hirschmann Competence Center you have decided against making any compromises Our client customized package leaves you free to choose the service components you want to use Internet http www hicomcenter com UM
126. he CLI mode UM BasicConfig MSP 32 Release 2 0 02 2013 User interfaces 1 3 System Monitor 1 3 System Monitor The System Monitor allows you to set basic operating parameters before starting the operating system 1 3 1 Functional scope In the System Monitor you carry out the following tasks for example Managing the operating system and verifying the software image Updating the operating system Starting the operating system Deleting configuration profiles resetting the device to the factory defaults Checking boot code information 1 3 2 Starting the System Monitor Prerequisites Terminal cable for connecting the device to your PC available as an optional accessory PC with VT100 terminal emulation such as PuTTY or serial terminal Perform the following work steps L Use the terminal cable to connect the V 24 port of the device with the COM port of the PC LI Start the VT100 terminal emulation on the PC LI Define the following transmission parameters Speed 9600 Baud Data 8 bit UM BasicConfig MSP Release 2 0 02 2013 33 User interfaces 1 3 System Monitor Parity None Stopbit 1 bit Flow control None L Set up a connection to the device LI Switch on the device If the device is already on reboot it The screen displays the following message after rebooting Press lt 1 gt to enter System Monitor 1 L Press 1 within 3 seconds The device starts the System Monitor The screen disp
127. he ToS field Only with the real time requirements of today s networks has the ToS field become significant again Selecting the ToS byte of the IP header enables you to differentiate between different services However this field is not widely used in practice Bits Bits 0 2 IP Precedence Defined Bits 3 6 Type of Service Defined Bit 7 111 Network Control 0000 all normal 0 Must be zero 110 Internetwork Control 1000 minimize delay 101 CRITIC ECP 0100 maximize throughput 100 Flash Override 0010 maximize reliability 011 Flash 0001 minimize monetary cost 010 Immidiate 001 Priority 000 Routine Table 10 ToS field in the IP header UM BasicConfig MSP Release 2 0 02 2013 157 Network Load Control 6 4 QoS Priority Differentiated Services RFC 2474 redefined the Differentiated Services field in the IP header see fig 68 This field is also called DiffServ Codepoint or DSCP The DSCP field is used for classification of packets into different quality classes The DSCP field replaces the ToS field The first 3 bits of the DSCP field are used to divide the packets into classes The next 3 bits are used to further subdivide the classes on the basis of different criteria This results in up to 64 different service classes Bits 0 1 2 3 4 5 6 T Explicit Congestion Notification ECN Figure 68 Differentiated Services field in the IP header The different DSCP va
128. he device detect IP address conflicts on a network after boot up and the device also checks periodically during operation This function is described in RFC 5227 When enabled the device sends an SNMP trap informing you that it detected an IP address conflict The follow list contains the default settings for this function Operation setting Operation Enabled Configuration settings Detection Mode Active and Passive Send Periodic ARP Probes Enabled Detection Delay ms 200 Release Delay s 15 Number of Address Protections 3 Protection Interval ms 200 Send Trap Enabled 2 7 1 Active and Passive detection Actively checking the network helps prevent the device from connecting to the network with a duplicate IP address After connecting the device to a network or after configuring the IP address the device immediately checks whether its IP address exists within the network To check the network for address conflicts the device sends 4 ARP probes with the detection delay of 200 ms into the network If the IP address exists the device returns to the previous configuration if possible and makes another check after the configured release delay time UM BasicConfig MSP Release 2 0 02 2013 53 Entering IP Parameters 2 7 Management Address Conflict Detection When you disable active detection the device sends 2 gratuitous APR announcements in 2 s intervals Using the ARP announcements with passiv
129. he same network then the device with the smaller IP address takes over the query function If there are no multicast routers on the network then you have the option to turn on the query function in an appropriately equipped switch A switch that connects one multicast receiver with a multicast router analyzes the IGMP information with the IGMP snooping method The IGMP snooping method also makes it possible for switches to use the IGMP function A switch stores the MAC addresses derived from IP addresses of the multicast receivers as recognized multicast addresses in its MAC address table FDB In addition the switch identifies the ports on which it has received reports for a specific multicast address In this way the switch transmits multicast packets exclusively on ports to which multicast receivers are connected The other ports do not receive these packets UM BasicConfig MSP 142 Release 2 0 02 2013 Network Load Control 6 2 Multicasts A special feature of the device is the possibility of determining the processing of data packets with unknown multicast addresses Depending on the setting the device discards these data packets or forwards them to all ports By default the device transmits the data packets only to ports with connected devices which in turn receive query packets You also have the option of additionally sending known multicast packets to query ports UM BasicConfig MSP Release 2 0 02 2013 143 Network Load Control
130. hen 2 ports directly connected to each other have mismatching duplex modes These problems are difficult to track down The automatic detection and reporting of this situation has the benefit of recognizing mismatching duplex modes before problems occur This situation arises from an incorrect configuration for example if you deactivate the automatic configuration on the remote port A typical effect of this non matching is that at a low data rate the connection seems to be functioning but at a higher bi directional traffic level the local device records a lot of CRC errors and the connection falls significantly below its nominal capacity The device allows you to detect this situation and report it to the network management station In the process the device evaluates the error counters of the port in the context of the port settings Possible causes of port error events The following table lists the duplex operating modes for TX ports with the possible fault events The meanings of terms used in the table are as follows Collisions In half duplex mode collisions mean normal operation Duplex problem Mismatching duplex modes EMI Electromagnetic interference Network extension The network extension is too great or too many cascading hubs Collisions late collisions In full duplex mode no incremation of the port counters for collisions or late collisions CRC error The device evaluates these errors as non matching duple
131. ified signal contact UM BasicConfig MSP 210 Release 2 0 02 2013 Operation Diagnosis 8 5 Port Status Indication 8 5 Port Status Indication L Open the Basic Settings System dialog The dialog displays the device with the current configuration Furthermore the dialog indicates the status of the individual ports with a symbol The following symbols represent the status of the individual device ports In some situations some of these symbols interfere with one another You get a detailed description of the port status when you position the mouse pointer over the port symbol Criterion Symbol Bandwidth of the 10 Mbit s device port Port activated connection okay full duplex mode 2 100 Mbit s Port activated connection okay full duplex mode 1000 Mbit s Port activated connection okay full duplex mode Operating mode PD Half duplex mode activated See the Basic Settings Port Configuration dialog Automatic Configuration checkbox Autonegotiation Autonegotiation activated Seethe Basic Settings Port Configuration dialog Automatic Configuration checkbox AdminLink Port is deactivated connection okay Uu Port is deactivated no connection set up See Basic Settings Port Configuration dialog Port on checkbox and Link Current Settings field u Table 21 Symbols identifying the status of the device ports UM BasicConfig MSP Release 2 0 02 2013 211 Operation Diagnosis 8 6 Event Counter at Port Level
132. igure 19 Flow chart for entering IP addresses UM BasicConfig MSP 42 Release 2 0 02 2013 Entering IP Parameters 2 2 Entering IP parameters via CLI Note If a terminal or PC with terminal emulation is unavailable in the vicinity of the installation location you can configure the device at your own workstation then take it to its final installation location L Set up a connection to the device The start screen appears NOTE Enter for Command Help Command help displays all options that are valid for the normal and no command forms For the syntax of a particular command form please consult the documentation MSP gt O Deactivate DHCP L Enter the IP parameters Local IP address On delivery the device has the local IP address 0 0 0 0 Netmask If you divided your network into subnetworks and if these are identified with a netmask then enter the netmask here UM BasicConfig MSP Release 2 0 02 2013 43 Entering IP Parameters 2 2 Entering IP parameters via CLI The default setting of the netmask is 0 0 0 0 IP address of the gateway You require this entry when installing the device in a different subnetwork as the management station or TFTP server see page 39 Example of how the network mask is used Enter the IP address of the gateway between the subnetwork with the device and the path to the management station The default setting of the IP address is 0
133. ing work steps L Open the Basic Settings Load Save dialog p External Memory Configuration Encryption Information Selected ENVM SD Active 7 Set Password Delete NYM synchron to running config IV Status lok ENYM synchron to NYM Vv Undo Modifications of Configuration Function Con off Period to undo while Connection is lost s 600 Watchdog IP Address 0 0 0 0 eae Encryption Software n 5 Fingerprint Storage Type ve Modification Date Selected Encrypted Fingerprint Verified N nning config 02 0 00 i jal 13 7 10 32 AM J S7FF3041 326F 494416219 5941 C F i Set Reload Save Activate Delete Select x Figure 45 Basic Settings Load Save dialog LI Select the line of the desired configuration profile LI Click the _ button then Save As The dialog shows the Export window UM BasicConfig MSP 98 Release 2 0 02 2013 Managing configuration profiles 4 2 Saving settings bx Destination utf a i Cancel Figure 46 Export window in the Basic Settings Load Save dialog L You set the storage location and file name in the Destination frame O To save the file on your PC click the button and specify the storage location and file name O To save a file toa TFTP server specify the storage location and file name in the following form tftp lt IP address gt lt path gt lt file name gt L To save the file to an SCP or SFTP server specify the storage location an
134. ion mode UM BasicConfig MSP Release 2 0 02 2013 119 Synchronizing the System Time in the 5 2 SNTP Network 5 2 1 Preparation Perform the following work steps LI To get an overview of how the time is passed on draw a network plan with the devices participating in SNTP When planning bear in mind that the accuracy of the time depends on the delays of the SNTP messages To minimize delays and their variance place an SNTP server in each network segment Each of these SNTP servers synchronizes its own system time as an SNTP client with its parent SNTP server SNTP cascade The highest SNTP server in the SNTP cascade has the most direct access to a reference time source GES PLC SNTP client 192 168 1 11 P SNTP server SNTP client BE 192 168 1 1 192 168 1 12 Switch SNTP SNTP SNTP SNTP client Server client server 192 168 1 2 192 168 1 3 Figure 53 Example of SNTP cascade UM BasicConfig MSP 120 Release 2 0 02 2013 Synchronizing the System Time in the 5 2 SNTP Network Note For precise time distribution between SNTP servers and SNTP clients you preferably use network components routers and switches that forward the SNTP packets with a low and uniform transmission time latency An SNTP client sends its requests to up to 4 configured SNTP servers If there is no response from the 1st SNTP server the SNTP client sends its requests to the 2n
135. irst and last IP addresses for the IP address range leaving the MAC Address Client ID Remote ID and Circuit ID fields empty Creating multiple pool entries allows you to have IP address ranges that contain gaps 9 1 2 DHCP server static IP address example In this example configure the device to allocate a static IP address to a port The device recognizes clients with unique hardware identification The hardware ID in this case is the client MAC address 00 24 E8 D6 50 51 Open the Advanced DHCP Server Pool dialog To add a new entry to the table click Create Enter 192 168 23 42 in IP Address Select 1 1 from the Port pull down menu Enter 00 24 E8 D6 50 51 in MAC Address To assign the IP address to the client infinitely enter 4294967295 in Lease Time s To enable the entry click Active Open the Advanced DHCP Server Global dialog Verify that port 1 1 is active in the DHCP Server active column OEE He eae UM BasicConfig MSP Release 2 0 02 2013 245 Advanced functions of the device 9 1 Using the device as a DHCP Server Q Active the function globally in the Operation frame by clicking On IP Address Last IP Address VLAN ID MAC Address Client ID Remote ID Circuit Id Configuration URL Lease Time s i iv 192 168 2342 0 0 0 0 00 24 E8 D6 50 51 4294967295 JE hi Set Reload Create Remove Hep Figure 84 Table in the Advanced DHCP Server Pool dialog
136. isting configuration profile of the same name LI Click the OK button The device copies the settings into the specified memory If you specified the value ram in the Destination frame the device disconnects the graphical user interface and uses the settings immediately on the fly enable Switch to the privileged EXEC mode UM BasicConfig MSP Release 2 0 02 2013 107 Managing configuration profiles copy config remote tftp lt IP Adresse gt lt Pfad gt lt Dateiname gt running config copy config remote sftp lt Benutzername gt lt Pass wort gt lt IP Adresse gt lt pfad gt lt Dateiname gt running config copy config remote tftp lt IP Adresse gt lt Pfad gt lt Dateiname gt nvm profile config3 108 4 3 Loading settings Import a configuration profile from a TFTP server into memory RAM The device copies the settings into memory RAM and disconnects the CLI connection The device immediately uses these settings on the fly Import a configuration profile from an SFTP server to memory RAM The device copies the settings into memory RAM and disconnects the CLI connection The device immediately uses these settings on the fly Import a configuration profile from a TFTP server save in non volatile memory NVM as configuration profile config3 UM BasicConfig MSP Release 2 0 02 2013 Managing configuration profiles 4 4 Resetting the device to the f
137. ith authorization profile administrator or operator Perform the following work steps L Create a static address entry L Open the switching Filter for MAC addresses dialog Address Status VLANID 2 2 2 23 2 4 U 900 01 earned 0 34 earned D earne 01 8a _ learne d 1 z a0 I learne l I t Set Reload Create Edit Entry Hep Figure 58 Switching Filter for MAC Addresses dialog UM BasicConfig MSP 136 Release 2 0 02 2013 Network Load Control 6 1 Direct Packet Distribution E To add a user configurable MAC address click the Create button Create VLAN ID Address EE cma Figure 59 Create window in the Switching Filter for MAC Addresses dialog E E OOO In the VLAN ID field specify the VLAN to which the table entry applies In the Address field define the destination MAC address to which the table entry applies In the Possible Ports field select the device ports to which the device sends data packets with the specified destination MAC address in the specified VLAN O Select exactly one device port if you have defined a unicast MAC address in the Address field O Select one or more device ports if you have defined a multicast MAC address in the Address field O Do not select any device port if you want the device to discard data packets with the destination MAC address Click the OK button To tempor
138. ith each other The behavior is the same for the terminal devices on ports 2 and 3 of the left device and the terminal devices on ports 3 and 5 of the right device These belong to VLAN 3 The terminal devices see their respective part of the network Participants outside this VLAN cannot be reached The device also sends broadcast multicast and unicast packets with unknown unlearned destination addresses exclusively inside a VLAN Here the devices use VLAN tagging IEEE 801 1Q within the VLAN with the ID 1 Uplink The letter T in the egress table of the ports indicates VLAN tagging The configuration of the example is the same for the device on the right Proceed in the same way using the ingress and egress tables created above to adapt the previously configured left device to the new environment UM BasicConfig MSP 180 Release 2 0 02 2013 VLANs 7 1 Examples of VLANs Proceed as follows to perform the example configuration O Configure VLAN LI Open the switching VLAN Static dialog Create VLAN ID 3 Set i Reload Creste Remove Q ver Figure 76 Creating and naming new VLANs O To add a new VLAN to the table click Create L The Create window opens Enter the new VLAN ID number for example 2 in the text box LI You give this VLAN the name VLAN2 by clicking on the field and entering the name Also change the name for VLAN 1 from Default to VLAN1 L Repeat the previous step
139. k You reach the graphical user interface GUI with the following programs HiView Web browser 1 1 1 HiView HiView is a stand alone application HiView thus allows you to use the graphical user interface of Hirschmann Ethernet devices with management independently of other applications such as a browser The portability of HiView enables you to store HiView on a portable storage medium and start it on other computers in your data network You will find a detailed description of the HiView GUI application in the HiView user manual UM BasicConfig MSP 16 Release 2 0 02 2013 User interfaces 1 1 Graphical user interface GUI 1 1 2 Web browser System requirements To open the graphical user interface you need a Web browser for example Mozilla Firefox version 3 5 or later or Microsoft Internet Explorer version 6 or later Installation Note The graphical user interface uses Java 6 or Java 7 Install the software from the enclosed CD ROM To do this you go to Additional Software select Java Runtime Environment and click on Installation UM BasicConfig MSP Release 2 0 02 2013 17 User interfaces 1 1 Graphical user interface GUI E Starting the graphical user interface The prerequisite for starting the graphical user interface first configure the IP parameters of the device correctly The Basic Configuration user manual contains detailed information that you need to define the IP parameters
140. k devices to relay packets between a DHCP client and a DHCP server located in a different subnet A Layer 3 Relay agent is generally a router that has IP interfaces in both the client and server subnets and routes traffic between them However in Layer 2 switched networks there are one or more network devices switches for example between the client and the Layer 3 Relay agent or DHCP server In this case this device provides a Layer 2 Relay agent to add the information that the Layer 3 Relay agent and DHCP server require to perform their roles in address and configuration assignment The follow list contains the default settings for this function Global setting Active setting disable Interface settings Active setting disable Trusted Port disable VLAN settings Active setting disable Circuit ID enable Remote ID Type mac Remote ID blank On the device s front panel you will find the following label UM BasicConfig MSP Release 2 0 02 2013 235 Operation Diagnosis 8 15 DHCP L2 Relay A WARNING UNINTENDED OPERATION Do not change cable positions if DHCP Option 82 is enabled Check the Basic Configuration user manual before servicing refer to DHCP OPTION 82 topic Non adherence to these instructions can lead to death serious physical injury or material damage 8 15 1 Circuit and Remote IDs Before the device forwards DHCP requests from clients to a DCHP server it adds a Circuit ID an
141. k failure signal contact 1 monitor Sets the monitoring of the power supply power supply signal contact 1 monitor Sets the monitoring of the ring redundancy ring rundancy signal contact 1 monitor Sets the monitoring of the device temperature temperature signal contact 1 monitor Sets the monitoring of the device temperature temperature signal contact 1 trap Enables the device to send a trap the status of the operation monitoring changes no signal contact 1 trap Disables a trap messaging UM BasicConfig MSP Release 2 0 02 2013 209 Operation Diagnosis 8 4 Out of band Signalling E Displaying the signal contact s status The device gives you additional options for displaying the status of the signal contact display in the Web based interface query in the Command Line Interface Signal Contact 1 Signal Contact Mode SEN A Propagate Propagate Monitoring Correct Operation Manual Setting Device Status faeces enya State Trap Configuration r Generate Trap B mi r Monitoring correct Operation m Contact Opened Error Closed 0K O 4 m Temperature Montor C Ignore Connection Error C Monitor Ignore ENVM removal C Montor Ignore ENYM not in Syne Monitor Ignore Set Reload Help Loading data ok ca Figure 81 Signal Contact dialog exit Switch to the privileged EXEC mode show signal contact 1 all Displays signal contact settings for the spec
142. k in such a case Romeo Lorenzo Figure 18 Management agent that is separated from its management station by a router The management station Romeo wants to send data to the management agent Juliet Romeo knows Juliet s IP address and also knows that the router Lorenzo knows the way to Juliet Romeo therefore puts his message in an envelope and writes Juliet s IP address as the destination address For the source address he writes his own IP address on the envelope Romeo then places this envelope in a second one with Lorenzo s MAC address as the destination and his own MAC address as the source This process is comparable to going from layer 3 to layer 2 of the ISO OSI base reference model Finally Romeo puts the entire data packet into the mailbox This is comparable to going from layer 2 to layer 1 i e to sending the data packet over the Ethernet UM BasicConfig MSP Release 2 0 02 2013 39 Entering IP Parameters 2 1 IP Parameter Basics Lorenzo receives the letter and removes the outer envelope From the inner envelope he recognizes that the letter is meant for Juliet He places the inner envelope in a new outer envelope and searches his address list the ARP table for Juliet s MAC address He writes her MAC address on the outer envelope as the destination address and his own MAC address as the source address He then places the entire data packet in the mail box Julie
143. larm display 1 Start of the oldest existing device alarm 2 The symbol displays the security status 3 Start of the oldest existing security alarm 4 Cause of the oldest existing security alarm 5 Cause of the oldest existing device alarm 6 The symbol displays the device status show device status all In the EXEC Privilege mode display the device status and the setting for the device status determination UM BasicConfig MSP 202 Release 2 0 02 2013 Operation Diagnosis 8 3 Security Status DEVMON 8 3 Security Status DEVMON The Security Status provides an overview of the overall security of the device Many processes aid in system visualization by recording the security status of the device and then presenting its condition in graphic form The device displays the overall security status in the Basic Settings System dialog Security Status frame In the Diagnostics Status Configuration Security Status dialog the device displays its current status as Error or Ok in the Security Status frame The device determines this status from the individual monitoring results The device enables you to configure the following functions signal the device security status out of band via a signal contact signal the device security status by sending a trap when the device status changes detect the device security status in the Web based interface in the Basic Settings System dialog query the security status in the Command Line
144. lays the following view System Monitor 1 Selected OS HIOS 02 0 00 2013 01 20 11 12 Manage operating system Update operating system Start selected operating system Manage configurations Show boot code information End reset and reboot OQuortPwNnrdeF sysMon1 gt Figure 16 System Monitor 1 screen display L Select a menu item by entering the number O To leave a submenu and return to the main menu of system monitor 1 press the lt ESC gt key UM BasicConfig MSP 34 Release 2 0 02 2013 Entering IP Parameters 2 Entering IP Parameters When you install the device for the first time enter the IP parameters The device provides the following options for entering the IP parameters during the first installation Entry using the Command Line Interface CLI You choose this out of band method if you preconfigure your device outside its operating environment or you restore network access in band to the device Entry using the HiDiscovery protocol You choose this in band method on a previously installed network device or if you have another Ethernet connection between your PC and the device Configuration using the external memory You choose this method if you are replacing a device with a device of the same type and have already saved the configuration in the external memory Using BOOTP You choose this in band method to configure the installed device usin
145. lues get the device to employ a different forwarding behavior what is known as Per Hop Behavior PHB The following PHB classes are defined Class Selector CSO CS7 For backward compatibility the Class Selector PHB assigns the 7 possible IP precedence values from the previous ToS field to specific DSCP values see table 11 Expedited Forwarding EF For applications with high priority The Expedited Forwarding PHB reduces delays latency jitter and packet loss RFC 2598 Assured Forwarding AF The Assured Forwarding PHB provides a differentiated schema for handling different data traffic RFC 2597 gt Default Forwarding Best Effort This PHB stands for dispensing with a specific prioritization ToS Meaning Precedence Value Assigned DSCP Network Control 111 CS7 111000 Internetwork Control 110 CS6 110000 Critical 101 CS5 101000 Table 11 Assigning the IP precedence values to the DSCP value UM BasicConfig MSP 158 Release 2 0 02 2013 Network Load Control 6 4 QoS Priority ToS Meaning Precedence Value Assigned DSCP Flash Override 100 CS4 100000 Flash 011 CS3 011000 Immediate 010 CS2 010000 Priority 001 CS1 001000 Routine 000 CSO 000000 Table 11 Assigning the IP precedence values to the DSCP value 6 4 5 Handling of traffic classes The device provides the following options for handling traffic classes Strict Priority Weighted Fair Queuing Strict Prio
146. m stream of datagrams to the collector For time based sampling the agent polls the counters at set intervals to fill the datagrams The device implements datagram version 5 for the sFlow agent The user defined sFlow functions are Sampler configuration packet flow sampling data source port number to sample physical ports receiver index associated with the sampler sampling rate the device counts the packets of received data when the count reaches the user defined number the agent samples the packet 0 disable range 256 65535 header size in bytes to sample range 20 256 Poller configuration counter sampling data source port number available for physical ports receiver index associated with the poller interval in seconds between samples range 0 86400 Receiver configuration up to 8 entries owner name to claim an sFlow entry timeout in seconds until sampling is stopped and the device releases the receiver along with the sampler and the poller UM BasicConfig MSP 240 Release 2 0 02 2013 Operation Diagnosis 8 16 Network Monitoring with sFlow datagram size IP address port number To configure the sFlow agent for a monitoring session first configure an available receiver Then configure a sampling rate to perform packet flow sampling and configure a polling interval for counter sampling For example Company XYZ wishes to monitor data flow on a device The IP address for the remote server containing the sFlow
147. main name server IP addresses static hostname to IP address mapping with space for 64 configurable static hosts host cache with space for 128 entries 9 2 1 Configuring a DNS server example Name the DNS client and configure it to query a DNS server to resolve host names Open the Advanced DNS Server Static dialog In the Configuration frame select user from the Configuration Source pull down menu Enter devicel for a unique device name in the Domain Name text box To add a new entry to the table click Create Enter 10 1 3 5 fora DNS server in Address To enable the entry click Active Open the Advanced DNS Global dialog OOOO OO UM BasicConfig MSP Release 2 0 02 2013 249 Advanced functions of the device 9 2 Using the device as a DNS client C Active the function globally in the Operation frame by clicking On Configuration Configuration Source hsr o Domain Name fev Request Timeout s fs Request Retransmits ttsti SCisSY Index Address Active 1 1013 9 M Set Reload Create Remove Hep Figure 86 Advanced DNS Server Static dialog enable Switch to the privileged EXEC mode configure Switch to the Configuration mode dns client source user Sets the function to user to manually configure the DNS client dns client domain name Enters device as a unique domain name for the devicel device dns client servers add 1 ip Adds a DNS server with IP address of 10 1 3 5 as
148. mand Line Interface These entries are case sensitive The device displays the CLI start screen Copyright c 2011 2013 Hirschmann Automation and Control GmbH All rights reserved MSP Release HiOS 2A 02 0 00 Build date 2013 02 20 20 20 System Name MSP ECE555F63600 Management IP 10 115 45 104 Subnet Mask z 2559729572240 Base MAC 2 BOLH55 524 6 7316 2 0 0 System Time 2013 02 11 11 14 35 User admin Password x x NOTE Enter for Command Help Command help displays all options that are valid for the particular mode For the syntax of a particular command form please consult the documentation MSP gt Figure 7 Start screen of CLI Your MSP appears with the command prompt RSPL gt UM BasicConfig MSP 24 Release 2 0 02 2013 User interfaces 1 2 Command Line Interface 1 2 3 CLI via SSH Secure Shell LJ Start the PuTTY program on your computer PuTTY appears with the login screen UM BasicConfig MSP Release 2 0 02 2013 25 User interfaces iS PuTTY Configuration Category Session Logging Terminal Keyboard Bell Features window Appearance Behaviour Translation Selection Colours Connection Data Proxy Telnet Rlogin SSH Serial o About Help 1 2 Command Line Interface Basic options for your PuTTY session fa
149. mask 37 44 Network Management 51 Non volatile memory NVM 87 NVM non volatile memory 87 O Object classes 268 Object description 268 Object ID 268 OpenSSH Suite 27 Operation monitoring 207 Option 82 262 Ordinary clock PTP 127 P Password 24 28 31 PHB 158 Polling 194 Port Mirroring 230 Port Priority 162 Precedence 158 Priority 156 Priority Tagged Frames 156 PTP 113 PTP domain 130 PuTTY 20 Q QoS 154 Query 142 Queue 159 R RAM memory 87 Real time 152 Redundancy 9 Reference time source 114 121 128 Relay contact 207 Remote diagnostics 207 Report 220 Report message 142 RIPE NCC 36 RMON probe 230 Router 37 Secure Shell 20 25 Secure Shell 19 Security Status 203 Segmentation 194 Service 220 Setting the time 114 Severity for events 224 278 SFP module 215 Signal contact 207 SNMP 16 194 SNMPv1 v2 80 SNTP 113 SSH 19 20 25 Starting the graphical user interface GUI 18 Store and forward 134 Strict Priority 159 Subidentifier 268 Subnet 44 Symbol 11 System Monitor 33 System Name 50 System requirements GUI 17 T Technical Questions 279 Tos 153 157 158 Traffic class 159 162 Traffic Shaping 165 Training Courses 279 Transmission reliability 194 Transparent clock PTP 127 Trap 194 197 Trap Destination Table 194 Type of Service 157 U Update 33 User name 24 28 31 v Video 159 VLAN 171 VLAN priority 161 VLAN tag 171 VolP 159 VT100 30 V 24 19 29 WwW Weighted Fair Queuing 159 Wei
150. memory NVM If external memory is connected the device also deletes the configuration profiles saved in the external memory ENVM To switch to the main menu press q To reboot the device with factory settings press q UM BasicConfig MSP Release 2 0 02 2013 111 Managing configuration profiles 4 4 Resetting the device to the factory defaults UM BasicConfig MSP 112 Release 2 0 02 2013 Synchronizing the System Time in the Network 5 Synchronizing the System Time in the Network Many applications rely on a time that is as correct as possible The necessary accuracy and thus the allowable deviation from the actual time depends on the application area Examples of application areas include Log entries Time stamping of production data Process control The device offers the following options for synchronizing the time on the network The Simple Network Time Protocol SNTP is a simple solution for low accuracy requirements Under ideal conditions SNTP achieves an accuracy in the millisecond range The accuracy depends on the signal delay IEEE 1588 with the Precision Time Protocol PTP achieves accuracies on the order of fractions of microseconds This method is suitable even for demanding applications up to and including process control PTP is always the better choice if the involved devices support this protocol PTP is more accurate has advanced methods of error correction and causes a low network load The im
151. mum Password Length e Minimum Upper Cases k Minimum Lower Cases fh Minimum Numbers fi Minimum Special Charactes fi A User Policy r ee eae T admin M sanna administrator D m hmacmd5 des user M guest D O hmacmd5 des Set Reload Remove Create Help Figure 30 Securi ty User Management dialog show users Shows the user accounts that are set up UM BasicConfig MSP Release 2 0 02 2013 69 Access to the device 3 2 User Management 3 2 3 Default setting In the state on delivery the user accounts admin and user are set up on the device Parameters Value in the state on delivery User Name admin user Password private public Authorization administrator guest User locked off GFE Policy Check off off SNMP Auth Type hmacmd5 hmacmd5 SNMP Encryption des des Type Table 5 Default settings for the factory setting user accounts Note Change the password for the admin user account before making the device available in the network 3 2 4 Changing standard passwords To prevent undesired access change the password in the default settings of the user accounts UM BasicConfig MSP 70 Release 2 0 02 2013 Access to the device 3 2 User Management Prerequisite User account with authorization profile administrator Perform the following work steps LI Change the passwords for the admin and user user accounts CI Open the Security User Management dialog Th
152. n Diagnosis 8 13 Cause and Action management during Selftest 8 13 Cause and Action management during Selftest The device checks its assets during the boot process and occasionally thereafter The device checks system task availability or termination and the available amount of memory Furthermore the device checks for application functionality and if there is any hardware degradation in the chip set When the device detects a loss in integrity the device responds to the degradation with a user defined action The following categories are available for configuration Task action to be taken when a task is unsuccessful Resources action to be taken due to the lack of resources Software action taken for loss of software integrity For example code segment checksum or access violations Hardware action taken due to hardware degradation Configure each category to produce an action when the device detects a loss in integrity The following actions are available for configuration log only this action writes a message to the logging file send trap a trap will be sent to the management station reboot an error in the category when activated will cause the device to reboot L Open the Diagnostics System Selftest dialog L Select the action to perform for a cause in the Action column enable Switch to the privileged EXEC mode configure Switch to the Configuration mode
153. n Routing CIDR to provide a solution CIDR overcomes these class boundaries and supports classless address ranges With CIDR you enter the number of bits that designate the IP address range You represent the IP address range in binary form and count the mask bits that designate the netmask The mask bits equal the number of bits used for the subnet in a given IP address range Example IP address decimal Network mask IP address binary decimal 149 218 112 1 255 255 255 128 10010101 11011010 01110000 00000001 149 218 112 127 10010101 11011010 01110000 01111111 ______ 25 mask bits e CIDR notation 149 218 112 0 25 Mask bits The term supernetting refers to combing a number of class C address ranges Supernetting enables you to subdivide class B address ranges to a fine degree UM BasicConfig MSP Release 2 0 02 2013 41 Entering IP Parameters 2 2 Entering IP parameters via CLI 2 2 Entering IP parameters via CLI There are several methods you enter the system configuration either via BOOTP DHCP the HiDiscovery protocol the AutoConfiguration Adapter ACA31 You have the possibility to perform the configuration via the V 24 interface using the CLI Entering IP addresses Connect the PC with terminal program started to the RJ11 socket Command Line Interface starts after key press Log in and change to the Privileged EXEC Mode Enter and save IP parameters End of entering IP addresses F
154. nd sends them to the mail server at the configured time interval As a test message The device allows you to generate and send a test email to verify the email address E L Open the Diagnostics Report Email Logging Global dialog The Information frame contains the following statistics the number of emails sent successfully since the last reset the number of failed emails since the last reset the local time at which the device sent the last email successfully O To identify the device as the originator of the email message enter source example com in the Configuration frame Sender text box O Enter 30 minutes as an interval for sending non urgent emails in the Sending Interval text box O Enter critical for the level at or above which the device immediately sends an email message in the Urgent frame Severity text box O Enterexample critical as the text to appear on the subject line of the email in the Subject text box L Enter notice as the level at or above which the device sends an email message at the user defined interval in the Non Urgent frame Severity text box O Enter example notice as the text to appear on the subject line of the email in the Subject text box L To add a new entry to the table click Create UM BasicConfig MSP Release 2 0 02 2013 223 Operation Diagnosis 8 10 Reports OO OOO o OU Enter Device xxx as the name of the mail server in the Description cell Enter 10
155. nection to the MSP EA Administrator Command Prompt lo amp lt Microsoft Windows Version 6 1 76611 a Copyright c gt 2689 Microsoft Corporation All rights reserved h gt telnet 10 115 10 100 Figure 3 Setting up the telnet connection to the MSP via the DOS command line UM BasicConfig MSP Release 2 0 02 2013 21 User interfaces 1 2 Command Line Interface E Telnet connection via PuTTY C Start the PuTTY program on your computer PuTTY appears with the login screen Set up the serial configuration parameters of the terminal emulation program as follows XS PuTTY Configuration E x Category Session Options controlling local serial lines i Logging M Select a serial line Terminal Keyboard Serial line to connect to com Bell Features M Configure the serial line E Window Speed baud 3600 Appearance Data bits Booo Behaviour Translation Stop bits fi Selection R Colours Parity None Connection Flow control ON OFF Data Proxy Telnet Rlogin Figure 4 Configuring the serial connection via PuTTY UM BasicConfig MSP 22 Release 2 0 02 2013 User interfaces S PuTTY Configuration x Category 1 2 Command Line Interface E Session Basic options for your PuTTY session Logging M Specify the destination you want to connect t
156. nfigured on a largely automatic basis LO Turn on PTP on the terminal devices O In order to influence which device in the network will become the reference time source Grandmaster change the default value for Priority 1 and Priority 2 for the boundary clock UM BasicConfig MSP Release 2 0 02 2013 131 Synchronizing the System Time in the 5 3 PTP Network UM BasicConfig MSP 132 Release 2 0 02 2013 Network Load Control 6 Network Load Control The device features a number of functions that reduce the network load Direct packet distribution Multicasts Rate limiter Prioritization QoS Flow control UM BasicConfig MSP Release 2 0 02 2013 133 Network Load Control 6 1 Direct Packet Distribution 6 1 Direct Packet Distribution The device reduces the network load with direct packet distribution On each of its ports the device learns the sender MAC address of received data packets The device stores the combination port and MAC address in its MAC address table FDB By applying the store and forward method the device buffers data received and checks it for validity before forwarding it The device rejects invalid and defective data packets UM BasicConfig MSP 134 Release 2 0 02 2013 Network Load Control 6 1 Direct Packet Distribution 6 1 1 Learning MAC addresses If the device receives a data packet it checks whether the MAC address of the sender is already stored in the MAC address table F
157. ng the IP Parameters via HiDiscovery When you start HiDiscovery it automatically searches the network for those devices which support the HiDiscovery protocol HiDiscovery uses the first network interface found for the PC If your computer has several network cards you select the one you desire in the HiDiscovery toolbar HiDiscovery displays a line for every device that reacts to the HiDiscovery protocol HiDiscovery enables you to identify the devices displayed O Select a device line LI Click the Signal symbol on the tool bar to set the LEDs for the selected device to flashing on To switch off the flashing click on the symbol again LI By double clicking a line you open a window in which you enter the device name and the IP parameters Properties xi MAC Address 00 80 63 43 40 00 Name Power Unit 1 Switch 2 IP Configuration IP Address 10 fais r fo A 70 Set Default Net Mask 255 c 255 f 224 5 EE Set Default Default Gateway 10 h us 6 fo s s Set Default Save As Default Ok Cancel Figure 21 HiDiscovery assigning IP parameters Note For security reasons switch off the HiDiscovery function for the device in the Web based interface after you have assigned the IP parameters to the device Note Save the settings so that you will still have the entries after a restart UM BasicConfig MSP 46 Release 2 0 02 2013 Entering IP Parameters 2 4 Enter the IP Param
158. ntication lists The dialog shows the updated settings Name Policy 3 Active dete hList radius reject reject reject reject 8021 A L local reject reject reject reject Vv local reject reject reject reject M radius local reject reject reject M radius local reject reject reject SSH Vv loginTelnet radius local reject reject reject T M Set Reload Create Remove Allocate Applications Help Figure 28 Security Authentication List dialog LI Repeat these work steps to allocate an application to the other lists L To temporarily save the changes click Set show appllists Shows the applications and the allocated lists appllists set authlist Allocates the LoginGUI list to the Web WebInterface loginGUI Interface application UM BasicConfig MSP Release 2 0 02 2013 63 Access to the device 3 1 Authentication lists L Deactivate the list for those applications by means of which no access to the device is performed In this example we assume that no access using the CLI via Telnet is performed Therefore we remove the selection from the Active checkbox for the LoginTelnet list O To deactivate a list you remove the selection from the Active checkbox radius reject t local reject reject reject reject local reject reject reject reject Cor radius local reject reject reject Vel de List 24 race o S radius local reject reject reject S
159. ntries Multicasts 6 2 1 Example of a Multicast Application 6 2 2 IGMP snooping Rate limiter QoS Priority 6 4 1 Description of Prioritization Handling of Received Priority Information VLAN tagging IP ToS DiffServ Handling of traffic classes Management prioritization Setting prioritization Control Halfduplex or fullduplex link Setting the Flow Control OOM DADA DOA ang AAHBRAHASB KE NoonRwnos UM BasicConfig MSP Release 2 0 02 2013 113 114 114 116 118 120 121 124 126 126 128 129 130 131 133 134 135 135 136 141 141 142 150 152 153 154 155 157 159 160 161 167 168 169 Contents 7 2 7 3 7 4 7 5 7 6 71 7 8 8 1 8 2 8 3 8 4 8 5 8 6 8 7 8 8 VLANs Examples of VLANs 7 1 1 Example 1 7 1 2 Example 2 Guest Unauthenticated VLAN RADIUS VLAN assignment Creating a Voice VLAN MAC based VLANs IP subnet based VLANs Protocol based VLAN VLAN unaware mode Operation Diagnosis Sending Traps 8 1 1 List of SNMP traps 8 1 2 Traps for configuration activity 8 1 3 Configuring Traps 4 ICMP Messaging nitoring the Device Status Events which can be monitored Configuring the Device Status Displaying the Device Status 1 2 3 curity Status DEVMON 1 Events which can be monitored 2 Configuring the Security Status 3 Displaying the Security Status CO vvo woz w BE w w w D NNNO t of band Signalling Controlling the Signal Contact 8
160. nvm not in sync device status monitor envm remova device statu link failur monitor 1 device status monitor ring redundancy device statu power suppl anK_M NON FN device status monitor temperature device status trap Switch to the privileged EXEC mode Switch to the Configuration mode Sets the monitoring of whether the external non volatile memory and the current configuration match Sets the monitoring of the external non volatile memory device removal Sets the monitoring of the network connection Sets the monitoring of the power supply unit s Sets the monitoring of the ring redundancy Sets the monitoring of the device temperature Enable a trap to be sent if the device status changes Note The above CLI commands activate monitoring and trapping for the supported components If you want to activate or deactivate monitoring for individual components you will find the corresponding syntax in the CLI manual or in the help of the CLI console Enter a question mark for the CLI prompt UM BasicConfig MSP Release 2 0 02 2013 201 Operation Diagnosis 8 2 Monitoring the Device Status 8 2 3 Displaying the Device Status L Open the Basic Settings System dialog Device Status nen Status J p ene Mey 2 201220201 PMN Me eneritz Mey 2 20121 58 09PM Alarm Reason RUN PERSW H5 HEU GHBAGEG lyin E Reason 6 5 4 Figure 80 Device status and a
161. o Terminal Keyboard Host Name or IP address Port Bell 10 100 10 100 23 Features Connection type B Window C Raw ienet C Rlogin SSH C Serial Appearance x Behaviour M Load save or delete a stored session Translation Saved Sessions Selection Colours Default Settin gs E Connection ta Data Save Proxy sae Telnet Delete Rlogin SSH Serial Close window on exit C Always Never Only on clean exit About Figure 5 PuTTY input screen L Inthe Host Name or IP address input field you enter the IP address of your device The IP address a b c d consists of four decimal numbers with values from 0 to 255 The four decimal numbers are separated by points LI To select the connection type click on Telnet under Connection type L Click on Open to set up the connection to your device CLI appears on the screen with a window for entering the user name Up to five users can access the Command Line Interface at the same time User admin Password x x Figure 6 Login window in CLI UM BasicConfig MSP Release 2 0 02 2013 23 User interfaces 1 2 Command Line Interface Note Change the password during the first startup procedure L Enter a user name The default setting for the user name is admin Press the Enter key O Enter the password The default setting for the password is private Press the Enter key You can change the user name and the password later in the Com
162. of a packet containing information about an unusual event The device sends traps to those hosts entered in the trap destination table The device allows you to configure the trap destination table with the management station via SNMP UM BasicConfig MSP 194 Release 2 0 02 2013 Operation Diagnosis 8 1 1 8 1 Sending Traps List of SNMP traps The following table shows a list of possible traps sent by the device Trap name authenticationFailure coldStart hm2DevMonSenseExt NvmRemoval linkDown linkUp This is sent if the temperature exceeds the set threshold limits This is sent if the power supply status changes hm2SigConStateChange hm2SigConStateChange newRoot topologyChange alarmRising Threshold alarmFalling Threshold hm2AgentPortSecurity Violation hm2SfpChangeTrap hm2DiagSelftestAction Trap hm2MrpReconfig hm2DiaglfaceUtilization Trap hm2LogAuditStartNext Sector hm2PtpSynchronization Change hm2ConfigurationSaved Trap hm2ConfigurationChanged Trap Table 18 Possible traps UM BasicConfig MSP Release 2 0 02 2013 Meaning This is sent if a station attempts to access an agent without authorisation This is sent during the boot phase for both cold starts after successful initialisation of the network management This is sent when the AutoConfiguration Adapter has been removed This is sent if the connection to a port is interrupted This is sent when connection is established
163. of link connection s Configure at least one port for this feature In the Propagate Connection Error frame you define which ports the device signals if the connection is down On delivery there is no link monitoring The removal of the external memory The configuration on the external memory does not match that in the device Select the corresponding entries to decide which events the device status includes Note With a non redundant voltage supply the device reports the absence of a supply voltage To disable this message feed the supply voltage over both inputs or ignore the monitoring UM BasicConfig MSP Release 2 0 02 2013 207 Operation Diagnosis 8 4 Out of band Signalling 8 4 1 Controlling the Signal Contact With this mode you control this signal contact remotely Application options Simulation of an error detected during SPS error monitoring Remote control of a device via SNMP such as switching on a camera L Open the dialog To activate the signal contact manually you select the Manual Setting option in the Signal Contact Mode frame Diagnostics Status Configuration Signal Contact Manual Setting frame C L To open the signal contact you select the Opened option in the E To close the signal contact you select the Closed option in the Manual Setting frame enable configure signal con signal signal 208 L con L Con Cac Switch to the privileged EXE
164. ofile If you keep the proposed name the device will overwrite an existing configuration profile of the same name UM BasicConfig MSP 92 Release 2 0 02 2013 Managing configuration profiles E O Click the OK button 4 2 Saving settings The new configuration profile is marked as selected show config profiles nvm enable copy config running config nvm profile lt string gt UM BasicConfig MSP Release 2 0 02 2013 Displays the configuration profiles contained in non volatile memory NVM Switch to the privileged EXEC mode Save the current settings in the configuration profile named lt string gt in non volatile memory NVM If present the device overwrites a configuration profile of the same name The new configuration profile is marked as selected 93 Managing configuration profiles 4 2 Saving settings E Selecting a configuration profile If the non volatile memory NVM contains several configuration profiles you have the option to select any configuration profile there The device always stores the settings in the selected configuration profile Upon reboot the device loads the settings of the selected configuration profile into memory RAM Perform the following work steps LI Open the Basic Settings Load Save dialog External Memory Configuration Encryption Information Selected ENVM fo Active 7 Set Password Delete NYM synchron to running config 7 Status lok ENVM synchron
165. on click Set enable Switch to the privileged EXEC mode vlan database Switch to the VLAN mode igmp snooping vlan id 1 Activate the Forward All function for slot 1 port 1 forward all 1 1 in VLAN 1 Configuring multicasts The device allows you to configure the exchange of multicast data packets The device provides different options depending on whether the data packets are to be sent to unknown or known multicast receivers The settings for unknown multicast addresses are global for the entire device The following options can be selected The device discards unknown multicasts The device sends unknown multicasts on all ports The device sends unknown multicasts exclusively on ports that have previously received query messages query ports Note The exchange settings for unknown multicast addresses also apply to the reserved IP addresses from the Local Network Control Block 224 0 0 0 224 0 0 255 This behavior may affect higher level routing protocols UM BasicConfig MSP 148 Release 2 0 02 2013 Network Load Control 6 2 Multicasts For each VLAN you define the sending of multicast packets to known multicast addresses individually The following options can be selected The device sends known multicasts on the ports that have previously received query messages query ports and to the registered ports Registered ports are po rts with multicast receivers registered with the corresponding multica
166. on Environ A 1 Setting up a DHCP BOOTP ment Server A 1 Setting up a DHCP BOOTP Server On the product CD supplied with the device you will find the software for a DHCP server from the software development company IT Consulting Dr Herbert Hanewinkel You can test the software for 30 calendar days from the date of the first installation and then decide whether you want to purchase a license O To install the DHCP servers on your PC put the product CD in the CD drive of your PC and under Additional Software select haneWIN DHCP Server To carry out the installation follow the installation assistant O Start the DHCP Server program haneWIN DHCP Server 2 1 2 File Options window Help Observed MAC addresses Id 2 4 MAC Addhess ld IP Address E TFTP New J static dynamic ignored Listening on Port 67 ZA Figure 88 Start window of the DHCP server UM BasicConfig MSP 256 Release 2 0 02 2013 Setting up the Configuration Environ A 1 Setting up a DHCP BOOTP ment Server Note The installation procedure includes a service that is automatically started in the basic configuration when Windows is activated This service is also active if the program itself has not been started When started the service responds to DHCP queries L Open the window for the program settings in the menu bar Options Preferences and select the DHCP tab page LI Enter the settings shown in the ill
167. on Meaning 1 Subnet Mask 2 Time Offset 3 Router 4 Time server 12 Host Name 42 NTP server 61 Client Identifier Table 3 DHCP options which the device requests UM BasicConfig MSP 50 Release 2 0 02 2013 Entering IP Parameters 2 6 Entering IP Parameters per DHCP Option Meaning 66 TFTP Server Name 67 Bootfile Name Table 3 DHCP options which the device requests The advantage of using DHCP instead of BOOTP is that the DHCP server can restrict the validity of the configuration parameters Lease to a specific time period known as dynamic address allocation Before this period Lease Duration elapses the DHCP client can attempt to renew this lease Alternatively the client can negotiate a new lease The DHCP server then allocates a random free address To help avoid this DHCP servers provide the explicit configuration option of assigning a specific client the same IP address based on a unique hardware ID known as static address allocation On delivery DHCP is activated As long as DHCP is activated the device attempts to obtain an IP address If it cannot find a DHCP server after restarting it will not have an IP address Activate or deactivate DHCP in the Basic Settings Network Global dialog See Enter the IP Parameter using the web based interface on page 47 Note When using Industrial HiVision network management the user checks to see that DHCP allocates the original IP address to each device ev
168. ormation Crust Dot Tp The device assigns VLAN tagged data packets to the different traffic classes according to their VLAN priorities The corresponding allocation is configurable The device assigns the priority of the receiving port to data packets it receives without a VLAN tag trustIpDscp The device assigns the IP packets to the different traffic classes according to the DSCP value in the IP header even if the packet was also VLAN tagged The corresponding allocation is configurable The device prioritizes non IP packets according to the priority of the receiving port untrusted The device ignores the priority information in the data packets and assigns the priority of the receiving port to them UM BasicConfig MSP 154 Release 2 0 02 2013 Network Load Control 6 4 QoS Priority 6 4 3 VLAN tagging For the VLAN and prioritizing functions the IEEE 802 1Q standard provides for integrating a MAC frame in the VLAN tag The VLAN tag consists of 4 bytes and is between the source address field Source Address Field and type field Length Type Field Os NAG a my x X NO E amp wo OP lt w C CS A g DO VE TRC A we Fs ont Bi on KX lt CK CF S lt A lt RS Qe GP e KAW oo S Qh Fv a Het otal ars00 octets i min 64 max 1522 Octets Figure 66 Ethernet data packet with tag For data packets with VLAN tags the device evaluates the following information Priority information VLAN
169. plementation of PTP is comparatively easy Note According to the PTP and SNTP standards both protocols function in parallel in the same network However since both protocols influence the system time of the device situations may occur in which the two protocols conflict with each other UM BasicConfig MSP Release 2 0 02 2013 113 Synchronizing the System Time in the 5 1 Basic settings Network 5 1 Basic settings In the Time Basic Settings dialog you define general settings for the time 5 1 1 Setting the time If no reference time source is available to you you have the option to set the time in the device After a cold start or reboot if no real time clock is available or if the real time clock contains an invalid time the device initializes its clock with January 1 00 00h After the power supply is switched off the device buffers the settings of the real time clock up to 24 hours Alternatively you configure the settings in the device so that it automatically obtains the current time from a PTP clock or from an SNTP server UM BasicConfig MSP 114 Release 2 0 02 2013 Synchronizing the System Time in the 5 1 Basic settings Network Perform the following work steps L Open the Time Basic Settings dialog The System Time UTC field shows the current UTC Universal Time Coordinated of the device UTC is the time relating to the coordinated world time measurement UTC is the same worldwide and does not take local
170. prevent a rogue client from connecting to the same port causing the voice traffic to deteriorate Another benefit of the Voice VLAN feature is that a VoIP phone obtains a VLAN ID or priority information using LLDP MED As a result the VoIP phone sends voice data as tagged priority tagged or untagged depending on the Voice VLAN Interface configuration The following Voice VLAN interface modes are possible The first 3 methods segregate and prioritize voice and data traffic Traffic segregation results in an increased voice traffic quality during high traffic periods Configuring the port to using the vlan mode allows the device to tag the voice data coming from a VOIP phone with the user defined voice VLAN ID The device assigns regular data to the port default PVID Configuring the port to use the dotlp priority mode allows the device to tag the data coming from a VOIP phone with VLAN 0 and the user defined priority The device assigns the default priority of the port to regular data Configure both the voice VLAN ID and the priority using the vlan dotip priority mode In this mode the VOIP phone sends voice data with the user defined voice VLAN ID and priority information The device assigns the default PVID and priority of the port to regular data When configured as untagged the phone sends untagged frames When configured as none the phone uses its own configuration to send voice traffic UM BasicConfig MSP 188 Release 2 0 02 2013 VL
171. put 1 on module 3 of the cabinet device to output 4 on the IO module in slot 2 LI Open the IO Input tab of the Advanced Digital IO Module dialog O Activate the function in the Operation frame by clicking On LI Open the IO Output tab of the Advanced Digital IO Module dialog O Enter 192 168 0 11 in Source IP L Select 3 1 from the Input ID pull down menu of the Output ID 2 4 entry O Activate the function in the Operation frame by clicking On enable Switch to the privileged EXEC mode configure Switch to the Configuration mode digital output mirror io 2 4 Mirrors module 3 input 1 of the cabinet device to 192 168 0 11 161 3 1 slot 2 output 4 digital output admin state Enables the output operation on the device digital input admin state To enable the input operation on the device UM BasicConfig MSP Release 2 0 02 2013 253 Advanced functions of the device 9 4 Telnet Client 9 4 Telnet Client The device supports a Telnet client that directly opens a connection to the Telnet server using TCP Port 23 The Telnet client allows you to configure the device using CLI commands For detailed information on CLI commands review the Command Line Interface reference manual UM BasicConfig MSP 254 Release 2 0 02 2013 Setting up the Configuration Environ ment A Setting up the Configuration Environment UM BasicConfig MSP Release 2 0 02 2013 255 Setting up the Configurati
172. rface 9 1 1 IP Addresses assigned per port or per VLAN The DHCP server assigns a static IP address or dynamic range of IP addresses to a client connected to a port or a VLAN The device allows you to create entries for either a port or a VLAN When creating an entry to assigning IP addresses to a VLAN the port entry grays out When creating an entry to assigning IP addresses to a port the VLAN entry grays out Static allocation means that the DHCP server assigns the same IP address to a specific client The DHCP server identifies the client using a unique hardware ID A static address entry contains 1 IP address and applies it to a port or VLAN on which the server receives a request from a specific client For static allocation create a pool entry for the ports or one specific port UM BasicConfig MSP 244 Release 2 0 02 2013 Advanced functions of the device 9 1 Using the device as a DHCP Server enter the IP address and leave the Last IP Address field empty Enter a hardware ID with which the DHCP server uniquely identifies the client This ID is either a MAC address a client ID a remote ID or a circuit ID If a client contacts the server with the configured hardware ID the DHCP server allocates the static IP address The device also allows you to assign a dynamic IP address range to ports or VLANs from which the DHCP server allocates a free IP address from a pool To create a dynamic pool entry for the ports or VLANs enter the f
173. rity combined with Weighted Fair Queuing Description of Strict Priority With the Strict Priority setting the device first transmits all data packets that have a higher traffic class higher priority before transmitting a data packet with the next highest traffic class The device transmits a data packet with the lowest traffic class lowest priority only when there are no other data packets remaining in the queue In unfortunate cases the device never sends packets with a low priority if there is a high volume of high priority traffic waiting to be sent on this port In delay sensitive applications such as VoIP or video Strict Priority allows Strict Priority data to be sent immediately Description of Weighted Fair Queuing With Waited Fair Queuing also called WeightedRoundRobin WRR the user assigns a minimum or reserved bandwidth to each traffic class This ensures that data packets with a lower priority are also sent when the network is very busy UM BasicConfig MSP Release 2 0 02 2013 159 Network Load Control 6 4 QoS Priority The weighting values range from 0 to 100 of the available bandwidth in steps of 1 A weighting of 0 is equivalent to a no bandwidth setting The sum of the individual bandwidths may add up to 100 If you assign Weighted Fair Queuing to all traffic classes the entire bandwidth of the corresponding port is available to you When combining Weighted Fair Queuing with Strict Priority ensure that
174. rofile UM BasicConfig MSP Release 2 0 02 2013 Managing configuration profiles 4 Managing configuration profiles If you change the settings of the device during operation the device stores the changes in its memory RAM After a reboot the settings are lost In order to keep the changes after a reboot the device offers the possibility of saving additional settings in a configuration profile in the non volatile memory NVM In order to make it possible to quickly switch to other settings the non volatile memory offers storage space for multiple configuration profiles If external memory ENVM is connected the device automatically generates a copy in the external memory when saving a configuration profile This function can be deactivated UM BasicConfig MSP Release 2 0 02 2013 87 Managing configuration profiles 4 1 Detecting changed settings 4 1 Detecting changed settings Changes made to settings during operation are stored by the device in its memory RAM The configuration profile in non volatile memory NVM remains unchanged until you explicitly save it Until then the configuration profiles in memory and non volatile memory differ This device helps you recognize changed settings If the configuration profile in the memory RAM differs from the selected configuration profile in the non volatile memory NVM you can recognize the difference based on the following criteria The status bar at the top of the men
175. rol 6 4 QoS Priority 6 4 1 Description of Prioritization For data traffic prioritization traffic classes are defined in the device The device prioritizes higher traffic classes over lower traffic classes The number of traffic classes depends on the device type To provide for optimal data flow for delay sensitive data you assign higher traffic classes to this data You assign lower traffic classes to data that is less sensitive to delay Assigning traffic classes to the data The device automatically assigns traffic classes to inbound data traffic classification The device takes the following classification criteria into account Methods according to which the device carries out assignment of received data packets to traffic classes trustDoti1p The device uses the priority of the data packet contained in the VLAN tag trustIpDscp The device uses the QoS information contained in the IP header ToS DiffServ untrusted The device ignores possible priority information within the data packets and uses the priority of the receiving port directly The priority assigned to the receiving port Both classification criteria are configurable During traffic classification the device uses the following rules When the receiving port is set to trustDot1p state on delivery the device uses the data packet priority contained in the VLAN tag When the data packets do not contain a VLAN tag the device is guided by the priority of the recei
176. s a window for entering the user name 30 UM BasicConfig MSP Release 2 0 02 2013 User interfaces 1 2 Command Line Interface Copyright c 2011 2013 Hirschmann Automation and Control GmbH All rights reserved MSP Release HiOS 2A 02 0 00 Build date 2013 02 20 20 20 System Name MSP ECE555F63600 Management IP 10 115 45 104 Subnet Mask 255 255 224 0 Base MAC X RCs hoe DOS EO 3600 System Time 2013 02 11 11 14 35 MSP gt User admin Password x x x Figure 14 Logging in to the Command Line Interface program L Enter a user name The default setting for the user name is admin Press the Enter key O Enter the password The default setting for the password is private Press the Enter key You can change the user name and the password later in the Command Line Interface These entries are case sensitive The device displays the CLI start screen UM BasicConfig MSP Release 2 0 02 2013 31 User interfaces 1 2 Command Line Interface NOTE Enter for Command Help Command help displays all options that are valid for the particular mode For the syntax of a particular command form please consult the documentation RSPL gt Figure 15 CLI screen after login Note You can configure the V 24 interface as a terminal CLI interface Press any key on your terminal keyboard a number of times until the login screen indicates t
177. s and create another VLAN with the VLAN ID 3 and the name VLAN3 enable Switch to the privileged EXEC mode vlan database Switch to the VLAN configuration mode vlan add 2 Create a new VLAN with the VLAN ID 2 name 2 VLAN2 Give the VLAN with the VLAN ID 2 the name VLAN2 vlan add 3 Create a new VLAN with the VLAN ID 3 UM BasicConfig MSP Release 2 0 02 2013 181 VLANs 7 1 Examples of VLANs name 3 VLAN3 Give the VLAN with the VLAN ID 3 the name VLANS name 1 VLAN1 Give the VLAN with the VLAN ID 1 the name VLAN1 exit Switch to the privileged EXEC mode show vlan brief Display the current VLAN configuration LI Configuring the ports Acceptable Ingress PortVLAN ID Port SEA Frame Types Filtering 2 admitAll M 3 admita M 3l admitall M 2 1 fx 1 lt I admitAll M i Set Reload Help Figure 77 Defining the VLAN membership of the ports L Assign the ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status The selection options are gt currently not a member of this VLAN GVRP allowed T member of VLAN send data packets with tag uU Member of the VLAN send data packets without tag F not a member of the VLAN also disabled for GVRP Because terminal devices usually interpret untagged data packets you select the U setting You select the Tsetting on the uplink port on which the VLANs communic
178. s that the connected device supports and what capabilities the device has enabled Network policy TLV Allows both network connectivity devices and endpoints to advertise VLAN configurations and associated attributes for the specific application on that port For example the device notifies a phone of the VLAN number The phone connects to a switch obtain its VLAN number and then starts communicating with the call control LLDP MED provides the following functions Network policy discovery including VLAN ID 802 1p priority and Diffserv code point DSCP Device location and topology discovery based on LAN level MAC port information Endpoint move detection notification from network connectivity device to the associated VolP management application Extended device identification for inventory management Identification of endpoint network connectivity capabilities for example multi port IP Phone with embedded switch or bridge capability Application level interactions with the LLDP protocol elements to provide timely startup of LLDP to support rapid availability of an Emergency Call Service Applicability of LLDP MED to Wireless LAN environments support for Voice over Wireless LAN UM BasicConfig MSP 218 Release 2 0 02 2013 Operation Diagnosis 8 9 Detecting Loops 8 9 Detecting Loops Loops in the network even temporary loops cause connection interruptions or data losses The automatic detection and reporting of this situation allows you
179. s to this port the device assigns the supplicants to the guest VLAN Adding supplicants to a guest VLAN causes the port to change to the authorized state allowing the supplicants to access to external networks The Unauthenticated VLAN function allows the device to provide service to 802 1x capable supplicants which authenticate incorrectly This function allows the unauthorized supplicants to have access to limited services When you configure an unauthenticated VLAN on a port with 802 1x port authentication and the global operation enabled the device places the port in an unauthenticated VLAN When a 802 1x capable supplicant incorrectly authenticates on the port the device adds the supplicant to the unauthenticated VLAN If you also configure a guest VLAN on the port then non 802 1x capable supplicants use the guest VLAN The reauthentication timer counts down when the port has an unauthenticated VLAN assigned The unauthenticated VLAN reauthenticates when the Reauthentication Period expires and supplicants are present on the port If no supplicants are present the device places the port in the configured guest VLAN The following example explains how to create a Guest VLAN Create an Unauthorized VLAN in the same manner LI Open the switching VLAN Static dialog LI To add a new VLAN to the table click Create LI The Create window opens In the VLAN ID text box enter 10 O To close the Create window and add the new VLAN to
180. scription Supported system capabilities System capabilities currently active Interface ID of the management address VLAN ID of the port Auto negotiation status at the port Medium half full duplex setting and port speed setting Information about the VLANs installed in the device VLAN ID and VLAN name irrespective of whether the port is a VLAN participant A network management station querys this information from devices that have LLDP active This information allows the network management station to form a description of the network topology UM BasicConfig MSP 216 Release 2 0 02 2013 Operation Diagnosis 8 8 Topology Discovery 802 1d devices normally block the special multicast LLDP IEEE MAC address used for information exchange Non LLDP devices therefore discard LLDP packets When positioning a non LLDP capable device between 2 LLDP capable devices the non LLDP capable device prohibits information exchanges between the 2 LLDP capable devices The Management Information Base MIB for a device with LLDP capability holds the LLDP information in the Ildp MIB and in the private hmLLDPInterfaceTable 8 8 1 Displaying the Topology Discovery Results To show the topology of the network F L Open the LLDP tab in the Diagnostics LLDP Topology Discovery dialog If you use a port to connect several devices for example via a hub the table contains a line for each connected device Activating Display FDB Entries
181. ser account with authorization profile administrator Perform the following work steps L Create a new user account L Open the Security User Management dialog L Click Create The dialog shows the New Entry frame New entry User Name Active L Password Display Password _ Access Role guest pi User locked L Policy Check r SNMP Auth Type hmacmdS SNMP Encryption Type des v Set Set and back Back Hep Figure 32 New Entry frame in the Security User Management dialog L Enter the name in the User Name field In this example we give the user account the name lt operator gt UM BasicConfig MSP Release 2 0 02 2013 73 Access to the device 3 2 User Management LI To obtain a higher level of complexity for the password select the Policy Check checkbox Before saving it the device checks the password according to the policy defined in the Password Policy frame O In the Password field enter a password of at least 6 characters Up to 64 alphanumeric characters are allowed O To make the password visible when it is being input select the Display Password checkbox The device differentiates between upper and lower case The minimum length of the password is defined in the Password Policy frame The device always checks the minimum length of the password LI Select the authorization profile in the Access Role field In this example we select the operator authorization profile L To activate the
182. sicConfig MSP 228 Release 2 0 02 2013 Operation Diagnosis 8 11 Network Analysis with TC PDump 8 11 Network Analysis with TCPDump Tcpdump is a packet sniffing UNIX utility used by network administrators to sniff and analyze traffic on a network A couple of reasons for sniffing traffic on a network is to verify connectivity between hosts or to analyze the traffic traversing the network Tcpdump on the device provides the possibility to decode or capture packets received and transmitted by the Management CPU This function is available using the debug CLI command Refer to the CLI Handbook for further information about the Tcpdump function UM BasicConfig MSP Release 2 0 02 2013 229 Operation Diagnosis 8 12 Monitoring Data Traffic on the Ports Port Mirroring 8 12 Monitoring Data Traffic on the Ports Port Mirroring The port mirroring function enables you to copy the data traffic from several ports to a single port of the device for diagnostic purposes The ports from which the device copies data are source ports The port to which the device copies the data are destination port the device uses physical ports as source or destination ports In port mirroring the device copies valid incoming and outgoing data packets of the source port to the destination port The feature has no affect on the data traffic copied from the source ports during port mirroring A management tool connected on the destination port for example an RM
183. sicConfig MSP 258 Release 2 0 02 2013 Setting up the Configuration Environ A 1 Setting up a DHCP BOOTP ment Server Basic Profile DNS NetBios Server Boot Other p Boot Server Next Server IP Address I 149 218 112 159 switch03confiadtt Boot File Size in 512 byte blocks I Always use option 66 67 for Name and File I Alternate File if Vendor Class ld is File a Boot File Size in 512 byte blocks Root Path Substitutions in File and Root Path ZN host name ZA P address Abbrechen Ubemetmen Figure 92 Configuration file on the TFTP server L Add a profile for each device type If devices of the same type have different configurations then you add a profile for each configuration To conclude the addition of the configuration profiles click OK Configuration profiles x Profile Default Client Profile PowerMICE 105 Ps2 7103 a Edt Remove Figure 93 Managing configuration profiles L To enter the static addresses click Static in the main window UM BasicConfig MSP Release 2 0 02 2013 259 Setting up the Configuration Environ A 1 Setting up a DHCP BOOTP ment Server rs haneWIN DHCP Server 9 1 2 File Options Window Help Observed MAC addresses Id 2 4 MAC Address id IP Address w TFTP New ignored Listening on Port 67 Wi Figure 94 Static address input Q Click New r haneW
184. st group This option ensures that the transfer works with basic applications without further configuration The device sends out known multicasts only on the registered ports The advantage of this s optimally through direct Prerequisite The IGMP sn etting is that it uses the available bandwidth distribution ooping function is activated globally L To configure multicasts proceed as follows L Open the switching 1 GMP Multicasts dialog LI In the Configuration frame you specify how the device sends data packets to unknown multicast addresses Send to Query Ports The device sends packets with unknown multicast address to all query ports Send to All Ports The device sends data packets with an unknown multicast address to all ports Discard The device discards all packets with an unknown multicast address L Inthe Known Multicasts column you specify how the device sends data packets to known multicast addresses in the corresponding VLAN Click the relevant field and select the desired option LI To temporarily save the configuration click Set UM BasicConfig MSP Release 2 0 02 2013 149 Network Load Control 6 3 Rate limiter 6 3 Rate limiter The rate limiter function allows you to limit the data traffic on the ports in order to ensure stable operation even when there is a high level of traffic The rate limitation is performed individually for each port as well as separately for inbo
185. sted mode to the interface Also assign traffic class 2 to VLAN priority 1 Also assign traffic class 2 to VLAN priority 1 Set the port priority to 1 Switch to the Configuration mode Switch to the privileged EXEC mode Display the trust mode Assigning DSCP to a traffic class LI Open the Qos Priority I P DSCP Mapping dialog LI Enter the desired value in the Traffic Class column LI To temporarily save the configuration click Set enable configure E z classofservice ip dscp mapping cs1 1 show classofservice ip dscp mapping 162 Switch to the privileged EXEC mode Switch to the Configuration mode Assign traffic class 1 to DSCP CS1 Show the IP DSCP assignments UM BasicConfig MSP Release 2 0 02 2013 Network Load Control 6 4 QoS Priority P DSCP Traffic Class be 2 1 2 cs1 1 Assign the DSCP priority to received IP data packets enable configure interface 1 1 classofservice trust ip dscp exit show classofservice trust nterface Trust Mode 1 ip dscp 2 dotlp 3 dotlp UM BasicConfig MSP Release 2 0 02 2013 Switch to the privileged EXEC mode Switch to the Configuration mode Switch to the Interface Configuration mode of interface 1 1 Assign the trust ip dscp mode globally Switch to the Configuration mode Display the trust mode 163 Network Load Control 6 4 QoS Priority E Defining settings for Weighted
186. sting the settings O annan er Management 1 Privilege Levels 2 Managing user accounts 3 Default setting 4 Changing standard passwords 5 Setting up a new user account 6 Deactivating the user account 7 Adjusting policies for passwords M 1 2 P Access SNMPv1 v2 Community SNMPv3 access WWY WWWWWWWE WWWWW wwZ NNMNNNNND Managing configuration profiles Detecting changed settings Saving settings 4 2 1 Saving the configuration profile in the device 4 2 2 Saving the configuration profile in external memory 4 2 3 Exporting a configuration profile Loading settings 4 3 1 Activating a configuration profile 4 3 2 Loading the configuration profile from the external memory 4 3 3 Importing a configuration profile Resetting the device to the factory defaults 4 4 1 With the graphical user interface or CLI 4 4 2 Inthe System Monitor UM BasicConfig MSP Release 2 0 02 2013 Contents 5 2 5 3 6 2 6 3 6 4 6 5 Synchronizing the System Time in the Network Basic settings 5 1 1 Setting the time 5 1 2 Automatic daylight saving time changeover Defining settings of the SNTP client TP 1 Preparation 2 3 Specifying SNTP server settings 3 1 Types of clocks 3 2 Best Master Clock algorithm 3 3 Delay measurement 3 4 PTP domains 3 5 Using PTP AAAAGAY TA Network Load Control Direct Packet Distribution 6 1 1 Learning MAC addresses 6 1 2 Aging of learned MAC addresses 6 1 3 Static address e
187. strictions to the user interfaces or the CLI based on the IP addresses Operator The user is authorized to All activities with read write access with the monitor and configure the exception of the above named activities device with the exception which are reserved for an administrator of security related settings Table 4 Authorization profiles for user accounts UM BasicConfig MSP Release 2 0 02 2013 67 Access to the device 3 2 User Management Authorization Description Authorized for the following activities Guest The user is authorized to Monitoring activtities with read access monitor the device with the exception of security related settings Unauthorized No access to the device No activities allowed possible As an administrator you assign this authorization to temporarily lock a user account The device assigns this authorization to a user account if an error occurs when assigning a different authorization profile Table 4 Authorization profiles for user accounts cont 3 2 2 Managing user accounts You manage the user accounts in the graphical user interface GUI or in the CLI Prerequisite User account with authorization profile administrator L Open the Security User Management dialog UM BasicConfig MSP 68 Release 2 0 02 2013 Access to the device 3 2 User Management The dialog shows the user accounts that are set up Configuration gt Password Policy Number of Login attempts 0 Mini
188. sts 3 1 Authentication lists The device allows you to use authentication lists to specify which method it uses for the authentication For every application with which someone accesses the device a separate policy is possible 3 1 1 Applications The device supports the following applications with which the device management can be accessed Access using CLI via a serial connection Access using CLI via SSH Access using CLI via Telnet Access using the graphical user interface GUI The device also controls the access to the network from connected terminal devices using port based access control IEEE802 1x 3 1 2 Methods When users login the device uses one of the following methods for the authentication local The device authenticates the users by using the local user management see the Security User Management dialog radius The device forwards authentication requests to a RADIUS server in the network UM BasicConfig MSP 56 Release 2 0 02 2013 Access to the device 3 1 Authentication lists When terminal devices login to access the network using IEEE802 1X the device uses one of the following methods for the authentication radius The device forwards authentication requests to a RADIUS server in the network ias The device authenticates the terminal devices with the integrated authentication server IAS implemented in the device The IAS manages the login data in a separate database see the Security 802 1X Por
189. t Authentication Integrated Authentication Server dialog 3 1 3 Default setting In the default settings of the device the following lists are already set up and active defaultDot1x8021AuthList This list specifies the methods for the authentication of connected terminal devices using IEEE 802 1X The 8021x application is allocated to the list defaultLoginAuthList This list specifies the methods for the authentication for users that log in using the graphical user interface GUI or using the CLI via SSH or Telnet The SSH Telnet and Web Interface applications are allocated to the list defaultVv24AuthList This list specifies the methods for the authentication for users that log in using the CLI via a serial connection The Console V 24 application is allocated to the list UM BasicConfig MSP Release 2 0 02 2013 57 Access to the device 3 1 Authentication lists 3 1 4 Managing authentication lists You manage the authentication lists in the graphical user interface GUI or in the CLI Prerequisite User account with authorization profile administrator C Open the Ssecurity Authentication List dialog The dialog shows the lists that are set up J _radius reject reject _ reject reject 5 local reject reject reject reject SSH Te local reject reject reject reject Console V 24 Set Reload Create Remove Allocate Applications Hep Figure 23 Security Authentication List dialo
190. t at the same time this can cause the port memory to overflow This happens for example when the device receives data on a Gigabit port and forwards it to a port with a lower bandwidth The device discards surplus data packets The flow control mechanism described in standard IEEE 802 3 ensures that no data packets are lost due to a port memory overflowing Shortly before a port memory is completely full the device signals to the connected devices that it is not accepting any more data packets from them In full duplex mode the device sends a pause data packet In half duplex mode the device simulates a collision The following figure shows how flow control works Workstations 1 2 and 3 want to simultaneously transmit a large amount of data to Workstation 4 The combined bandwidth of Workstations 1 2 and 3 is greater than the bandwidth of Workstation 4 This causes an overflow on the receive queue of port 4 The left funnel symbolizes this status If the flow control function on ports 1 2 and 3 of the device is turned on The device reacts before the funnel overflows The funnel on the right illustrates ports 1 2 and 3 sending a message to the transmitting devices to control the transmition speed This results in the receiving port no longer being overwhelmed and is able to process the incoming traffic UM BasicConfig MSP Release 2 0 02 2013 167 Network Load Control 6 5 Flow Control Workstation 1 Workstation 2 Workstation 3
191. t receives the letter and removes the outer envelope She finds the inner envelope with Romeo s IP address Opening the inner envelope and reading its contents corresponds to transferring the message to the higher protocol layers of the SO OSI layer model Juliet would now like to send a reply to Romeo She places her reply in an envelope with Romeo s IP address as destination and her own IP address as source But where is she to send the answer For she did not receive Romeo s MAC address It was lost when Lorenzo replaced the outer envelope In the MIB Juliet finds Lorenzo listed under the variable hmNetGatewaylPAddr as a means of communicating with Romeo She therefore puts the envelope with the IP addresses in a further envelope with Lorenzo s MAC destination address The letter now travels back to Romeo via Lorenzo the same way the first letter traveled from Romeo to Juliet 2 1 3 Classless Inter Domain Routing Class C with a maximum of 254 addresses was too small and class B with a maximum of 65 534 addresses was too large for most users Resulting in an ineffective usage of the available class B addresses Class D contains reserved multicast addresses Class E is for experimental purposes A non participating gateway ignores experimental datagrams with these destination addresses UM BasicConfig MSP 40 Release 2 0 02 2013 Entering IP Parameters 2 1 IP Parameter Basics Since 1993 RFC 1519 has been using Classless Inter Domai
192. te pl 0 3 2 50 3 0 3 4 0O 3 Configuring Layer 2 management priority L Open the Qos Priority Global dialog LI In the VLAN Priority for Management packets field set the VLAN priority with which the device sends management data packets LI To temporarily save the configuration click Set UM BasicConfig MSP Release 2 0 02 2013 165 Network Load Control 6 4 QoS Priority enable Switch to the privileged EXEC mode network management priority Assign the VLAN priority of 7 to management dotlp 7 packets The device sends management packets with the highest priority show network parms Displays the management VLAN priority IPv4 Network Configuring Layer 3 management priority L L Open the QoS Priority Global dialog In the IP DSCP Value for Management packets field set the DSCP value with which the device sends management data packets LI To temporarily save the configuration click Set enable Switch to the privileged EXEC mode network management priority Assign the DSCP value of 56 to management ip dscp 56 packets The device sends management packets with the highest priority show network parms Displays the management VLAN priority IPv4 Network Management IP DSCP value 6 56 166 UM BasicConfig MSP Release 2 0 02 2013 Network Load Control 6 5 Flow Control 6 5 Flow Control If a large number of data packets are received in the sending queue of a por
193. ted operating software In addition we refer to the conditions of use specified in the license contract You can get the latest version of this manual on the Internet at the Hirschmann product site www hirschmann com Printed in Germany Hirschmann Automation and Control GmbH Stuttgarter Str 45 51 72654 Neckartenzlingen Germany Tel 49 1805 141538 Rel 2 0 02 2013 21 02 2013 Contents Contents 1 1 1 2 1 3 2 2 2 3 2 4 2 5 2 6 2 1 About this Manual Key Introduction User interfaces Graphical user interface GUI 1 1 1 HiView 1 1 2 Web browser Command Line Interface 1 2 1 Preparing the connection 2 2 CLI access via telnet 2 3 CLI via SSH Secure Shell 2 4 CLI via the V 24 port 1 1 1 System Monitor 1 3 1 Functional scope 1 3 2 Starting the System Monitor Entering IP Parameters IP Parameter Basics 2 1 1 IP Address Version 4 2 1 2 Netmask 2 1 3 Classless Inter Domain Routing Entering IP parameters via CLI Entering the IP Parameters via HiDiscovery Enter the IP Parameter using the web based interface Entering IP Parameters per BOOTP Entering IP Parameters per DHCP Management Address Conflict Detection 2 7 1 Active and Passive detection UM BasicConfig MSP Release 2 0 02 2013 Contents 3 2 3 3 4 1 4 2 4 3 4 4 Access to the device Authentication lists 1 1 Applications 2 Methods 3 Default setting 4 Managing authentication lists 5 Adju
194. temporarily save the configuration click Set LI Setting the IGMP snooping settings for a VLAN L Open the VLAN tab Operation Information On Off Multicast Control Frames Processed fo Interface VLAN VLAN ID Group Membership Interval Max Response Time Fast Leave Admin Mode MRP Expiration Time cd 260 0 Iv 260 Set Reload Hep Figure 63 VLAN tab in the switching IGMP Snooping dialog L To enable IGMP snooping for a specific VLAN select the Active checkbox on the table line of the desired VLAN LI To temporarily save the configuration click Set UM BasicConfig MSP Release 2 0 02 2013 145 Network Load Control 6 2 Multicasts Setting the IGMP querier function The device itself optionally sends active query messages alternatively it responds to query messages or detects other multicast queriers in the network IGMP querier function Prerequisite The IGMP snooping function is activated globally Perform the following work steps LI Define the settings for the IGMP querier function C Select switching IGMP Querier Operation Configuration Protocol Version C1 2 C3 on oft Query Interval s 60 Expiry Interval s 125 VLAN ID Current State Election Participate Mode Protocol Version Max Response Time Last Querier Address Last Querier Yersion M E M 0000 2 NIA 0 0 0 0 WA Set Reload Hep Figure 64 switching IGMP Qu
195. teps L Make sure that the device loads a configuration profile from the external memory ENV upon reboot In the state on delivery of the device this function is turned on If the function is turned off turn it on again as follows UM BasicConfig MSP Release 2 0 02 2013 103 Managing configuration profiles 4 3 Loading settings LI Open the Basic Settings External Memory dialog P 3 t Enable Automatic Config Auto save sas Writable Manufacturer ID Product Name Serial Number Software Update contig on ENVM ok F 09 ACA31 1 0 26c12a64 Vv Set Reload Hep Loading data ok Figure 49 Basic Settings External Memory dialog LI In the Config Priority column select the value first O To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings Load Save dialog and click Save enable Switch to the privileged EXEC mode configure Switch to the Configuration mode config envm load priority sd Turn on the function first Upon reboot the device loads a configuration profile from external memory ACA31 show config envm settings Displays the settings of the external memory ENVM Type Status Auto Update Save Config Config Load Prio sd ok x x first UM BasicConfig MSP 104 Release 2 0 02 2013 Managing configuration profiles 4 3 Loading settings L Save the settings of the device in a configuration profile in non volatile memory NVM See
196. tile memory update security status monitor Sets the monitoring of no link detection no link enabled interface 1 1 Select interface 1 port 1 security status Sets the monitoring of no link detection status of no link interface 1 port 1 security status trap Enable the device to send a trap if the device status changes UM BasicConfig MSP Release 2 0 02 2013 205 Operation Diagnosis 8 3 Security Status DEVMON 8 3 3 Displaying the Security Status Ei L Open the Basic Settings System dialog show security status all In the EXEC Privilege mode display the device status and the setting for the device status determination UM BasicConfig MSP 206 Release 2 0 02 2013 Operation Diagnosis 8 4 Out of band Signalling 8 4 Out of band Signalling The device uses the signal contact to control external devices and monitor device functions Function monitoring enables you to perform remote diagnostics The device reports the operating status via a break in the potential free signal contact relay contact closed circuit The device monitors the following functions Incorrect supply voltage at least one of the 2 supply voltages is not operating the internal supply voltage is not operating When the device is operating outside of the user defined temperature threshold Event in the ring redundancy Loss of the redundancy in ring manager mode On delivery there is no ring redundancy monitoring The interruption
197. time shifts into account The time in the System Time field comes from the System Time UTC plus the Local Offset min value and a possible shift due to daylight saving time Note PTP sends the International Atomic Time TAI The TAI time is 35 s ahead of UTC as of July 1 2012 If the PTP reference time source of the UTC offset is set correctly the device automatically corrects this difference on the display in the System Time UTC field L In order to cause the device to apply the time of your PC to the System Time field click the Set Time from PC button Based on the value in the Local Offset min field the device calculates the time in the System Time UTC field The System Time UTC comes from the System Time minus the Local Offset min value and a possible shift due to daylight saving time The Time Source field indicates the origin of the time data The device automatically selects the source with the greatest accuracy The source is initially local If PTP is activated and if the device receives a valid PTP message the device sets its time source to ptp If SNTP is activated and if the device receives a valid SNTP packet the device sets its time source to sntp The device prioritizes PTP ahead of SNTP The Local Offset min value specifies the time difference between the local time and the System Time UTC L In order to cause the device to determine the time zone on your PC click the Set
198. tion messages only from and to devices in the same PTP domain The device allows you to set the domain for the boundary clock and for the transparent clock individually GPS ane D Ordinary Clock Reference EQ Grandmaster Clock Switch PTP Subdomain 1 NSS a Boundary j Clock a a m a Z E BEA Figure 57 Example of PTP domains UM BasicConfig MSP 130 Release 2 0 02 2013 Synchronizing the System Time in the 5 3 PTP Network 5 3 5 Using PTP In order to synchronize the clocks precisely with PTP only use switches with a boundary clock or transparent clock as nodes Perform the following work steps L To gain an overview of the distribution of clocks draw a network plan with the devices involved in PTP L Define the role for each participating switch boundary clock or transparent clock In the device this setting is called PTP Mode PTP mode Application v2 boundary clock As a boundary clock the device distributes synchronization messages to the slave clocks in the subordinate network segment The boundary clock in turn obtains the time from a higher level reference time source Grandmaster v2 transparent clock As a transparent clock the device forwards received synchronization messages after they have been corrected by the delay of the transparent clock Table 9 Possible settings for PTP mode LI Turn on PTP on each participating switch PTP is then co
199. tion profile administrator Perform the following work steps L Change the community for read write access CI Open the Ssecurity Management Access SNMPvl v2 Community dialog The dialog shows the communities that are set up private public Reac Set Reload Help Loading data ok Figure 36 Securi ty Management Access SNMPv1 v2 Community dialog LI Inthe row for the Write community click the Name field Enter the community Up to 32 alphanumeric characters are allowed The device differentiates between upper and lower case Specify a different community than for read access O To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings Load Save dialog and click Save UM BasicConfig MSP Release 2 0 02 2013 81 Access to the device 3 3 SNMP Access enable Switch to the privileged EXEC mode configure Switch to the Configuration mode snmp community rw Specifies the community for read write access lt community name gt show snmp community Shows the communities that are set up save Saves the settings in the non volatile memory of the device NVM in the selected configuration profile O Deactivate the access via SNMPv1 or SNMPv2 in the device L Open the Security Management Access Server dialog SNMP tab The dialog shows the settings of the SNMP server SNMP Tenet HTTP HTTPS ssH Configuration SNMP 1 enabled SNMPv2
200. to NYM Vv Undo Modifications of Configuration Function on off Period to undo while Connection is lost s 600 Watchdog IP Address boo gt Fingerprint Verified Storage Type Set Reload Save Activate Delete Select v Hep Figure 42 Basic Settings Load Save dialog The table shows the configuration profiles present in the device You can recognize the selected configuration profile by the fact that the checkbox is selected in the Selected column LI Select the line of the desired configuration profile stored in non volatile memory NVM LI Click the Select button UM BasicConfig MSP 94 Release 2 0 02 2013 Managing configuration profiles 4 2 Saving settings In the Selected column the checkbox of the configuration profile is now selected External Memory J Selected ENM SD Status ok Configuration Encryption Active I Set Password Delete Information NVM synchron to running contig I7 ENVM synchron to NVM Vv Undo Modifications of Configuration Function Period to undo while Connection is lost s Watchdog IP Address Con off 600 0 0 0 0 Storage Type anni runnin nti co ene Encryption Software z A Fingerprint Modification Date Selected Fingerprint Verified E E 02 0 00 a Feb 11 2013 12 35 16 PM f E 497 E iv y A ENS v 02 0 00 Vv ENYM E Set Reload S
201. to the respective VLANs UM BasicConfig MSP 178 Release 2 0 02 2013 VLANs 7 1 Examples of VLANs Proceed as follows to perform the example configuration L Add Uplink Port 5 to the ingress and egress tables from example 1 O Create new ingress and egress tables for the right switch as described in the first example The egress table specifies on which ports the device sends the frames from this VLAN T with tag field T tagged marked U without tag field U untagged not marked In this example the devices use tagged frames in the communication between the transmission devices uplink the ports differentiate the frames for different VLANs Terminal Port Port VLAN identifier PVID A 1 2 B 2 3 C 3 3 D 4 2 Uplink 5 1 Table 14 Ingress table for device on left Terminal Port Port VLAN identifier PVID Uplink 1 1 E 2 2 F 3 3 G 4 2 H 5 3 Table 15 Ingress table for device on right VLAN ID Port 1 253 A S 1 U Table 16 Egress table for device on left UM BasicConfig MSP Release 2 0 02 2013 179 VLANs 7 1 Examples of VLANs VLAN ID Port 2 U U T 3 U U T Table 16 Egress table for device on left VLAN ID Port A a E 1 U 2 T U U rr a ee Table 17 Egress table for device on right The communication relationships here are as follows terminal devices on ports 1 and 4 of the left device and terminal devices on ports 2 and 4 of the right device are members of VLAN 2 and can thus communicate w
202. tract tree structure The branching points are the object classes The leaves of the MIB are called generic object classes If this is required for unique identification the generic object classes are instantiated i e the abstract structure is mapped onto reality by specifying the port or the source address Values integers time ticks counters or octet strings are assigned to these instances these values can be read and in some cases modified The object description or object ID OID identifies the object class The subidentifier SID is used to instantiate them Example The generic object class hm2PSState OID 1 326 1 4 1 248 11 11 1 1 1 182 is the description of the abstract information power supply status However it is not possible to read any information from this as the system does not know which power supply is meant Specifying the subidentifier 2 maps this abstract information onto reality instantiates it thus indicating the operating status of power supply 2 A value is assigned to this instance and can then be read The instance get 1 3 6 1 4 1 248 11 11 1 1 1 1 2 1 returns the response 1 which means that the power supply is ready for operation Definition of the syntax terms used Integer An integer in the range 2 2 1 IP Address XXX XXX XXX XXX xxx integer in the range 0 255 MAC Address 12 digit hexadecimal number in accordance with ISO IEC 8802 3 Object identifier X X X X
203. ts hm2DevSecSensePasswordStrengthNotConfigured The device monitors the settings of the Policy Check control box when inactive the device sends a trap hm2DevSecSenseBypassPasswordStrength The device monitors when you enable the Telnet function hm2DevSecSenseTelnetEnabled The device monitors when you enable the HTTP connection function hm2DevSecSenseHTTPEnabled The device monitors when you enable the SNMPv1 or v2 connection function hm2DevSecSenseSnmpUnsecure The device monitors the System Monitor status hm2DevSecSenseSysmonEnabled The device monitors the possibility to save configurations to the External non volatile Memory hm2DevSecSenseExtNvmUpdateEnabled The device monitors the link status of active ports hm2DevSecSenseNoLinkEnabled The device monitors when you enable the HiDiscovery read write access function hm2DevSecSenseHiDiscoveryEnabled The device monitors the security settings for loading the configuration from the external NVM hm2DevSecSenseExtNvmConfigLoadUnsecure Table 20 Security Status events 204 UM BasicConfig MSP Release 2 0 02 2013 Operation Diagnosis 8 3 Security Status DEVMON 8 3 2 Configuring the Security Status O Select the Diagnostics Status Configuration Security Status dialog In the Monitoring frame you select the events you want to monitor The Active port without link status allows you to monitor link up down status for enabled ports Place a check mark in the
204. ts when received as tagged and transmits untagged packets when received as untagged Regardless of VLAN assignment mechanisms the device assigns packets to VLAN ID 1 and to a multicast group indicating that the packet flood domain is according to the VLAN UM BasicConfig MSP 192 Release 2 0 02 2013 Operation Diagnosis 8 Operation Diagnosis The device provides you with the following diagnostic tools Sending traps Monitoring the device status Out of band signaling via signal contact Port status indication Event counter at port level Detecting non matching duplex modes SFP status display Topology Discovery Detecting IP address conflicts Detecting loops Reports Monitoring data traffic on a port port mirroring Syslog Event log Cause and Action management during Selftest UM BasicConfig MSP Release 2 0 02 2013 193 Operation Diagnosis 8 1 Sending Traps 8 1 Sending Traps The device reports unusual events which occur during normal operation immediately to the management station This is done by messages called traps that bypass the polling procedure Polling means querying the data stations at regular intervals Traps make it possible to react quickly to unusual events Examples of such events are a hardware reset changes to the configuration segmentation of a port The device sends traps to various hosts to increase the transmission reliability for the messages The unacknowleged trap message consists
205. u displays the icon If the configuration profiles match the icon is hidden In the Basic Settings Load Save dialog Information frame the checkbox is not selected If the configuration profiles match the checkbox is selected Information NVM synchron to running contig I show config status Configuration Storage sync State FUNNEMG CONL TG Co INV ose ce dic occ we deg ce se eee add de ate uo Steve out of sync UM BasicConfig MSP 88 Release 2 0 02 2013 Managing configuration profiles 4 1 Detecting changed settings If the copy in the external memory ENV differs from the configuration profile in the non volatile memory NVM you can see the difference based on the following criteria In the Basic Settings Load Save dialog Information frame the checkbox is not selected If the configuration profiles match the checkbox is selected Information NVM synchron to running contig IV ENYM synchron to NVM i show config status Configuration Storage sync State NV TO ACAS bues cosa a la aa taal aw aad aa alah out of sync UM BasicConfig MSP Release 2 0 02 2013 89 Managing configuration profiles 4 2 Saving settings 4 2 Saving settings Prerequisite User account with authorization profile administrator 4 2 1 Saving the configuration profile in the device If you change the settings of the device during operation the device stores the changes in its memory RAM In order to keep the changes
206. und and outbound traffic If the data rate on a port exceeds the defined limit the device discards the overload on this port Rate limitation occurs entirely on layer 2 In the process the rate limiter function ignores protocol information on higher levels such as IP or TCP This may affect the TCP traffic To minimize these effects use the following options Limit the rate limitation to certain frame types for example broadcasts multicasts and unicasts with unknown destination addresses Limit the outbound data traffic instead of the inbound traffic The outbound rate limitation works better with TCP flow control due to device internal buffering of the data packets Increase the aging time for learned unicast addresses See on page 135 Aging of learned MAC addresses LI To configure the rate limiter function proceed as follows UM BasicConfig MSP 150 Release 2 0 02 2013 Network Load Control LI Select the Sswitching Rate Limiter dialog Ingress Egress 6 3 Rate limiter 0 0 0 Threshold Broadcast Multicast 4 Unknown Unicast a Badea Broadcast Threshold Multicast Threshold Unicast Threshold 2H percent Iv Iv E 212 m m 0 it nt ercent al nt Set Reload Hep Figure 65 Switching Rate Limiter dialog gt On the Input tab you configure the load limitation for inbound data traffic Turn the rate limiter on or off and set limits for the data rate The settings apply on a per port
207. ustration and click OK Preferences 27 x General Language DHCP Interfaces TFTP TFTP Options IV Pause as long as another Server is detected M Bend DHCP A Accept DHCP Client Identifier Option 61 I Accept Relay Agent Information Option 82 Disable Client Auto Configuration Option 116 I Respond to DHCP requests only I Vary dynamic IP address of clients Check that a selected dynamic IP address is not in use Abbrechen bemehmen Figure 89 DHCP setting LI To enter the configuration profiles select Options Configuration Profiles in the menu bar LI Enter the name of the new configuration profile and click Add UM BasicConfig MSP Release 2 0 02 2013 257 Setting up the Configuration Environ A 1 Setting up a DHCP BOOTP ment Server Profile Typ Default Client Profile Edit Bemove a Figure 90 Adding configuration profiles L Enter the network mask and click Accept RS2_7_103 21x Basic Profile DNS NetBios Server Boot Other r Dynamic IP Addresses From Until Lease time s 36000 Subnet mask 255 255 255 0 Gateway Address Backup Gateway 1 Backup Gateway 2 Abbrechen Ubemetimen Figure 91 Network mask in the configuration profile L Select the Boot tab page O Enter the IP address of your TFTP server L Enter the path and the file name for the configuration file O Click Apply and then OK UM Ba
208. ved Connection type C Raw Telnet Rlogin M Specify the destination you want to connect to ost Name or IP address Port _ M Load save or delete a stored session Saved Sessions Default Settings ss SSH Serial Load Save dag Delete Close window on exit C Always Never Only on clean exit Figure 8 PuTTY input screen L Inthe Host Name CI N or IP address input field you enter the IP address of your device The IP address a b c d consists of four decimal numbers with values from 0 to 255 The four decimal numbers are separated by points To select a connection type click on SSH under Connection type After selecting and setting the required parameters you can set up the connection via SSH Click Open to set up the connection to your device Depending on the device and the time at which SSH was configured it can take up to a minute to set up the connection When you first login to your device towards the end of the connection setup PuTTY displays a security alert message and gives you the option of 26 UM BasicConfig MSP Release 2 0 02 2013 User interfaces 1 2 Command Line Interface checking the fingerprint of the key PuTTY Security Alert x A WARNING POTENTIAL SECURITY BREACH The server s host key does not match the one PuTTY has cached in the registry This means that either the server administrator has chang
209. vice Status frame The device determines this status from the individual monitoring results The device enables you to signal the out of band device status via a signal contact signal the device status by sending a trap when the device status changes detect the device status in the Web based interface in the Basic Settings System dialog query the device status in the Command Line Interface The Diagnostics Status Configuration Device Status dialog allows you to configure the device to send a trap to the management station for the following events Incorrect supply voltage at least one of the 2 supply voltages is not operating the internal supply voltage is not operating When the device is operating outside of the user defined temperature threshold Loss of the redundancy in ring manager mode The interruption of link connection s Configure at least one port for this feature In the Diagnostics Status Configuration Device Status Propagate Connection Error column you define which ports the device signals if the connection is down The removal of the external memory The configuration in the external memory is out of sync with the configuration in the device Select the corresponding entries to decide which events the device status includes UM BasicConfig MSP Release 2 0 02 2013 199 Operation Diagnosis 8 2 Monitoring the Device Status Note With a non redundant voltage supply the device reports the a
210. ving port When the receiving port is set to trustIpDscp the device uses the QoS information ToS DiffServ in the IP header When the data packets do not contain IP packets the device is guided by the priority of the receiving port When the receiving port is set to unt rusted the device is guided by the priority of the receiving port UM BasicConfig MSP Release 2 0 02 2013 153 Network Load Control 6 4 QoS Priority Prioritizing traffic classes For prioritization of traffic classes the device uses the following methods Strict When transmission of data of a higher traffic class is no longer taking place or the relevant data is still in the queue the device sends data of the corresponding traffic class If all traffic classes are prioritized according to the strict method under high network load the device may permanently block the data of lower traffic classes Weighted Fair Queuing The traffic class is assigned a guaranteed bandwidth This ensures that the device sends the data traffic of this traffic class even if there is a great deal of data traffic in higher traffic classes 6 4 2 Handling of Received Priority Information Applications label data packets with the following prioritization information VLAN priority based on IEEE 802 1Q 802 1D Layer 2 Type of Service ToS or DiffServ DSCP for VLAN Management IP packets Layer 3 The device offers the following options for evaluating this priority inf
211. work O Select Local for the device to authenticate users using the local user management O Select reject for the device to reject authentication requests This prevents the user from being granted access to the device The device gives you the option of a fall back solution For this you specify one other method in each of the Policy 2 to Policy 5 fields If the authentication with the specified method is not successful the device uses the next policy In this example we select the following methods gt radius inthe Policy 1 field local in the Policy 2 field reject in the fields Policy 3 to Policy 5 New entry Name floginGUI Policy 4 radius 7 Policy 2 local v Policy 3 freject v Policy 4 reject z Policy 5 jreject 7 Active E Set Set and back Back Hep Figure 25 Basic Settings Network Global dialog O To activate the list select the Active checkbox O Click Set and back UM BasicConfig MSP 60 Release 2 0 02 2013 Access to the device 3 1 Authentication lists L Repeat these work steps to create another list The dialog shows the lists that are set up radius rejer rejer rejer reject 802 M as nae SS oa sme e 5 local reject reject reject M radius local reject reject M radius local reject reject Vv radius local reject reject Vv Set Reload Create Remove Allocate Applications
212. x modes in the manual full duplex mode No Automatic Current Detected error Duplex modes Possible causes configuration duplex events 2 10 mode after link up 1 On Half duplex None OK 2 On Half duplex Collisions OK Table 23 Evaluation of non matching of the duplex mode UM BasicConfig MSP Release 2 0 02 2013 213 Operation Diagnosis No Automatic configuration 3 On 4 On 5 On 6 On 7 On 8 On 9 Off 10 Off 11 Off 12 off 13 Off 14 off 15 Off 16 Off Table 23 214 Current duplex mode Half duplex Half duplex Full duplex Full duplex Full duplex Full duplex Half duplex Half duplex Half duplex Half duplex Full duplex Full duplex Full duplex Full duplex Detected error events 2 10 after link up Late collisions CRC error None Collisions Late collisions CRC error None Collisions Late collisions CRC error None Collisions Late collisions CRC error 8 6 Event Counter at Port Level Duplex modes Possible causes Duplex problem Duplex problem EMI detected network extension OK EMI OK OK EMI OK EMI OK EMI OK OK Duplex problem Duplex problem EMI detected network extension OK EMI OK OK EMI OK EMI Duplex problem Duplex problem EMI detected Evaluation of non matching of the duplex mode cont UM BasicConfig MSP Release 2 0 02 2013 Operation Diagnosis 8 7 Displaying the SFP Status 8 7 Displaying the SFP Status Th
213. y urgent critical logging email subject add urgent example critical logging email severity non urgent notice logging email subject add non urgent example notice logging email mail server add 1 10 1 45 35 security tlsvl username JohnDoe password 12345678 port 25 logging email operation logging email to addr add 1 addr destination example com msgtype non urgent 8 10 Reports Configure the periodic timer to send an email containing the non urgent buffer every 30 minutes Urgent severity level Create an email subject for the urgent entry Non urgent severity level Create an email subject for the non urgent entry Create an server entry in SMTP server table Use the syntax lt index gt addr lt server addr gt Security lt security gt username lt username gt password lt password gt port lt port no gt Enable logging email alert globally Create an email address entry in email alert list Use the syntax lt index gt addr lt to address gt msgtype lt msgtype gt Note Use quotation marks when the entry contains spaces for example John Doe 8 10 3 Syslog The device enables you to send messages about important device internal events to one or more syslog servers up to 8 Additionally you also include SNMP requests to the device as events in the syslog Note To view the actual logged events open the UM BasicConfig MSP Release 2 0 02 2013
214. you to synchronize the system time in your network The device supports the SNTP client and the SNTP server function The SNTP server makes the UTC Universal Time Coordinated available UTC is the time relating to the coordinated world time measurement The UTC is the same worldwide and ignores local time shifts SNTP is a simplified version of NTP Network Time Protocol The data packets are identical with SNTP and NTP Accordingly both NTP and SNTP servers serve as a time source for SNTP clients Note Statements in this chapter relating to external SNTP servers also apply to NTP servers SNTP knows the following operation modes for the transmission of time Unicast In unicast operation mode an SNTP client sends requests to an SNTP server and expects a response from this server Broadcast In broadcast operation mode an SNTP server sends SNTP messages to the network in defined intervals SNTP clients receive these SNTP messages and evaluate them IP destination address Send SNTP packets to 0 0 0 0 Nobody 224 0 1 1 Multicast address for SNTP messages 255 255 255 255 Broadcast address Table 6 Target address classes for broadcast operation mode UM BasicConfig MSP 118 Release 2 0 02 2013 Synchronizing the System Time in the 5 2 SNTP Network Note An SNTP server in broadcast operation mode also responds to direct requests via unicast from SNTP clients In contrast SNTP clients work in either unicast or broadcast operat
Download Pdf Manuals
Related Search