Basic Configuration: Rail Switch Power Enhanced (HiOS
Contents
1. End of entering IP addresses Figure 19 Flow chart for entering IP addresses UM BasicConfig HiOS 2S 2A 3S RSPE 42 Release 4 0 07 2014 Entering IP Parameters 2 2 Entering IP parameters using the CLI Note If a terminal or PC with terminal emulation is unavailable in the vicinity of the installation location you can configure the device at your own worksta tion then take it to its final installation location L Set up a connection to the device The start screen appears O Deactivate DHCP L Enter the IP parameters Local IP address On delivery the device has the local IP address 0 0 0 0 Netmask If you divided your network into subnetworks and if these are identi fied with a netmask then enter the netmask here UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 43 Entering IP Parameters 2 2 Entering IP parameters using the CLI The default setting of the netmask is 0 0 0 0 IP address of the gateway You require this entry when installing the device in a different subnet work as the management station or TFTP server See on page 39 Example of how the network mask is used Enter the IP address of the gateway between the subnetwork with the device and the path to the management station The default setting of the IP address is 0 0 0 0 L Save the configuration entered using copy config running config nvm enable Switch to the privileged EXEC mode network protocol none Dea2. External Memory r Configuration Encryption r Information Selected ENVM so Ades TT Set Password Delete NVM synchron to running contig 7 Status fok ENVM synchron to NVM F Undo Modifications of ER Function Co Cof Period to undo while Connection is lost s 600 Watchdog IP Address 0 0 0 0 ru E E a fe i T D 0 CB Zi BE I iE E 02 0 00 13EFE616 32BF Vv ENVM 13 Feb 11 20131 ui F E 02 0 00 Vv ENVM config Feb 1 2013 1 12 52 PM E E F 02 0 00 v Set Reload Save Activate Delete Select v 2 Help Figure 48 Basic Settings gt Load Save dialog show config profiles nvm Displays the configuration profiles contained in non volatile memory NVM enable Switch to the privileged EXEC mode copy config nvm profile Activate the configuration profile config3 in config3 running config non volatile memory NVM The device copies the settings into memory RAM and disconnects the CLI connection The device immediately uses the settings of the configuration profile config3 on the fly UM BasicConfig HiOS 2S 2A 3S RSPE 102 Release 4 0 07 2014 Managing configuration profiles 4 3 Loading settings 4 3 2 Loading the configuration profile from the external memory If an external memory is connected the device loads a configuration profile from the external memory upon restart automatically The device allows you to save these settings in a configuration profile in non volatile memory If the
3. 7 4 6 Queue Management Queue Shaping Queue shaping throttles the rate at which queues transmit packets For example using queue shaping you rate limit a higher strict priority queue so that it allows a lower strict priority queue to send packets even though higher priority packets are still available for transmission The device allows you to setup queue shaping for any queue You specify queue shaping as the maximum rate at which traffic passes through a queue by assigning a percentage of the available bandwidth Defining settings for Queue Management WO Open the switching gt QoS Priority gt Queue Management dialog UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 167 Network Load Control 7 4 QoS Priority Traffic Class Strict Priority Min Bandwidth Max Bandwidth 0 5 0 1 20 2 30 20 10 5 aoj lolol lololo z se eas Sie Figure 68 Switching gt QoS Priority gt Queue Management dialog The total assigned bandwidth in the Min Bandwidth column is 100 O To activate Weighted Fair Queuing for Traffic Class 0 proceed as follows gt Unmark the Strict Priority checkbox for the class gt Inthe Min Bandwidth column enter 5 O To activate Weighted Fair Queuing for Traffic Class 1 proceed as follows gt Unmark the Strict Priority checkbox for the class gt Inthe Min Bandwidth column enter 20 O To activate Weighted
4. EA 192 168 23 42 i 0 0 0 0 VLAN ID MAC Address 00 24 E8 D6 50 51 10 1 Using the device as a DHCP Server Client ID Remote ID Circuit ld Configuration URL Lease Time s 4294967295 JE i gt Set Reload Create Remove Hep ioe Figure 85 Table in the Advanced gt DHCP Server gt Pool dialog enable configure dhcp server pool add 1 static 192 168 23 42 dhcp server pool modify 1 mode interface 1 1 dhcp server pool modify 1 mode mac 00 24 E8 D6 50 51 dhep server pool mode 1 dhcep server pool modify 1 leasetime infinite dhcp server operation interface 1 1 dhcp server operation 260 Switch to the privileged EXEC mode Switch to the Configuration mode Creates index 1 and assigns the IP address 192 168 23 42 statically Assigns the static address in index 1 to port 1 1 Assigns the IP address in index 1 to the device with the MAC address 00 24 E8 D6 50 51 Enables the index 1 pool entry Modifies index 1 to allocate the IP address to the client infinitely Enables the DHCP server Change to the Interface Configuration mode of port 1 1 Enables the DHCP server operation on this port UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Advanced functions of the device 10 1 Using the device as a DHCP Server 10 1 3 DHCP server dynamic IP address range example The device allows you to create
5. Perform the following work steps L Open the Basic Settings gt Load Save dialog External Memory Configuration Encryption Information Selected ENVM SD Iama i science acral Delete NVM synchron to running contig 17 Status ok ENVM synchron to NVM Vv r Undo Modifications of Configuration Function Con off Period to undo while Connection is lost s 600 Watchdog IP Address 0 0 0 0 ATOPA Encryption Software 5 j Fingerprint Storage Type onee Modification Date Selected Encrypted Fingerprint nning config 02 0 00 nfi ja 0137 gt AM 02 0 00 338 94416219 5941 l Jal J i BF J Set Reload Save Activate Delete Select bd Figure 40 Basic Settings gt Load Save dialog L Click the _ button then Save As The dialog shows the Save As window ST xi r Configuration Profile Name config z cme Figure 41 Save As window in the Basic Settings gt Load Save dialog L In the Name field change the name of the configuration profile If you keep the proposed name the device will overwrite an existing configuration profile of the same name LI Click the OK button UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Managing configuration profiles 4 2 Saving settings I The new configuration profile is marked as selected show config profiles nvm enable copy config running config nvm profile lt string gt UM B
6. Saving the configuration profile in the device on page 90 The device allows you via CLI to copy the settings from the external memory directly into non volatile memory show config profiles nvm Displays the configuration profiles contained in non volatile memory NVM enable Switch to the privileged EXEC mode copy config envm profile Copy the configuration profile config3 from the config3 nvm external memory ENvy to the non volatile memory NVM UM BasicConfig HiOS 2S 2A 3S RSPE 104 Release 4 0 07 2014 Managing configuration profiles 4 3 Loading settings 4 3 3 Importing a configuration profile The device allows you to import from a server a configuration profile saved as an XML file If you use the graphical user interface you have the option to import the XML file directly from your PC Prerequisite gt To save the file on a server you need a configured server on the network To save the file to an SCP or SFTP server you also need the username and password for accessing this server Perform the following work steps C Open the Basic Settings gt Load Save dialog External Memory Configuration Encryption Information Selected ENVM SD Active 7 Set Password Delete NYM synchron to running contig IV Status ok ENYM synchron to NYM v Undo Modifications of Configuration Function Con Cott Period to undo while Connection is lost s 600 Watchdog IP Address foooo ee Encryption Softwa
7. Help Cancel Figure 8 PuTTY input screen L Inthe Host Name or IP address input field you enter the IP address of your device The IP address a b c d consists of 4 decimal numbers with values from 0 to 255 The 4 decimal numbers are separated by points O To select a connection type click on SSH under Connection type L After selecting and setting the required parameters the device enables UM BasicConfig HiOS 2S 2A 3S RSPE 26 Release 4 0 07 2014 User interfaces 1 2 Command Line Interface you to set up the data connection via SSH Click Open to set up the data connection to your device Depending on the device and the time at which SSH was configured setting up the connection takes up to a minute When you first login to your device towards the end of the connection setup PuTTY displays a security alert message and gives you the option of checking the fingerprint of the key PuTTY Security Alert x aN WARNING POTENTIAL SECURITY BREACH The server s hast key does not match the one PuTTY has cached in the registry This means that either the server administrator has changed the host key or you have actually connected to another computer pretending to be the server The new rsa key Fingerprint is 1024 42 62 99 32 56 07 26 1 0 c5 39 55 e4 65 a9 F9 6e IF you were expecting this change and trust the new key hit Yes to update PuTTY s cache and continue connecting IF you want to carry on c
8. Release 4 0 07 2014 209 Operation Diagnosis 9 1 Sending Traps Trap name Meaning hm2PlatformStpInstance This is sent if this port in this STP instance enters loop inconsistent LoopInconsistentStartTrap state hm2PlatformStpInstance This is sent if this port in this STP instance exits loop inconsistent LoopInconsistentEndTrap state upon reception of a BPDU Table 18 Possible traps cont 9 1 2 Traps for configuration activity After you save a configuration in memory the device sends a hm2Configu rationSavedTrap This trap contains both the Non Volatile Memory NVM and External Non Volatile Memory ENVM state variables indicating whether the running configuration is in sync with the NVM and with the ENVM You also trigger this trap by copying a config file to the device replacing the active saved configuration Furthermore the device sends a hm2ConfigurationChangedTrap whenever you change the local configuration indicating a mismatch between the running and saved configuration UM BasicConfig HiOS 2S 2A 3S RSPE 210 Release 4 0 07 2014 Operation Diagnosis 9 1 Sending Traps 9 1 3 Configuring Traps LI Open the Diagnostics gt Status Configuration gt Alarms Traps dialog This dialog allows you to determine which events trigger a trap and where the device sends these messages Click Create In the Name column you enter the name that the device uses to identify itself as the source of the trap In the A
9. To monitor SNMP security When enabling SNMPv1 v2 or disabling v3 encryption To monitor the activation of System Monitor 1 on the device To monitor the activation of the external non vola tile memory update To monitor the activation of the IEC 61850 MMS protocol Enable the device to send a trap if the device status changes In order to enable the device to monitor an active link without a connection first enable the global function then enable the individual ports L Open the Global tab of the Diagnostics gt Status Configuration gt Security Status dialog In the Monitor column activate the Link interrupted on enabled device ports function Device Status dialog C L Open the Port tab of the Diagnostics gt Status Configuration gt C In the Link interrupted on enabled device ports row you select the ports to monitor 220 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Operation Diagnosis 9 3 Security Status DEVMON enable Switch to the privileged EXEC mode configure Switch to the Configuration mode security status monitor Sets the monitoring of no link detection no link enabled interface 1 1 Select interface 1 port 1 security status Sets the monitoring of no link detection status of no link interface 1 port 1 9 3 3 Displaying the Security Status L Open the Basic Settings gt System dialog 1 2 3 4 5 Device Status Security Status Relay Status Alarm C
10. UNCONTROLLED MACHINE ACTIONS To avoid uncontrolled machine actions caused by data loss configure all the data transmission devices individually Before you start any machine which is controlled via data transmission be sure to complete the configuration of all data transmission devices Failure to follow these instructions can result in death serious injury or equipment damage UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 9 Safety instructions UM BasicConfig HiOS 2S 2A 3S RSPE 10 Release 4 0 07 2014 About this Manual About this Manual The Basic Configuration user manual contains the information you need to start operating the device It takes you step by step from the first startup oper ation through to the basic settings for operation in your environment The Installation user manual contains a device description safety instruc tions a description of the display and the other information that you need to install the device The GUI reference manual contains detailed information on using the graphical interface to operate the individual functions of the device The Command Line Interface reference manual contains detailed informa tion on using the Command Line Interface to operate the individual functions of the device The Redundancy Configuration user manual document contains the infor mation you require to select the suitable redundancy procedure and configure it
11. 9 3 Security Status DEVMON Meaning The device monitors the settings located in the Device Security gt User Management dialog for password policy requirements The device monitors the settings of the Policy Check checkbox When Policy Check is inactive the device sends a trap The device monitors when you enable the Telnet function The device monitors when you enable the HTTP connection func tion The device monitors when you enable the SNMPv1 or v2 connec tion function The device monitors the System Monitor status The device monitors the possibility to save configurations to the external non volatile memory The device monitors the link status of active ports The device monitors when you enable the HiDiscovery read write access function The device monitors the security settings for loading the configu ration from the external NVM The device monitors the IEC 61850 MMS protocol activation setting Table 20 Security Status events cont 9 3 2 Configuring the Security Status Oo OO O Configuration Open the Global tab of the Diagnostics gt Status Configuration gt Security Status dialog In the Monitor column you select the events to monitor To send a trap to the management station activate the Generate Trap function in the Trap Configuration frame Configure at least one SNMP Manager in the Diagnostics gt Status gt Alarms Traps dialog UM BasicConfig HiOS 2S 2A 3S R
12. C Set up the VLAN 2 and specify port 1 1 as a member of VLAN 2 L Open the Advanced gt DHCP L2 Relay gt Configuration dialog Interface tab L Specify the settings for port 1 1 as follows Mark the Active checkbox L Specify the settings for port 1 2 as follows Mark the Active checkbox Mark the Trusted Port checkbox Open the VLAN tab Specify the settings for VLAN 2 as follows Mark the Active checkbox Mark the Circuit ID checkbox To use the IP address of the device as the Remote ID in the Remote ID Type field select the value ip L To enable the function select in the Operation frame the On radio button To temporarily save the changes click Set To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save OO OO Perform the following work steps on Switch 2 L Open the Advanced gt DHCP L2 Relay gt Configuration dialog Interface tab UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 265 Advanced functions of the device 10 2 DHCP L2 Relay CI Specify the settings for port 1 1 and port 1 2 as follows Mark the Active checkbox Mark the Trusted Port checkbox L To enable the function select in the Operation frame the On radio button O To temporarily save the changes click Set O To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save Ve
13. MSTP NMS NTP PC PTP QoS RFC RM RSTP SCP SFP SFTP SNMP SNTP TCP TFTP TP UDP URL Abbreviations used AutoConfiguration Adapter Access Control List Bootstrap Protocol Command Line Interface Dynamic Host Configuration Protocol Forwarding Database Graphical User Interface Hypertext Transfer Protocol Hypertext Transfer Protocol Secure Internet Control Message Protocol Institute of Electrical and Electronics Engineers Internet Group Management Protocol Internet Protocol Light Emitting Diode Link Layer Discovery Protocol Optical Fiber Media Access Control Management Information Base Media Redundancy Protocol Multiple Spanning Tree Protocol Network Management System Network Time Protocol Personal Computer Precision Time Protocol Quality of Service Request For Comment Redundancy Manager Rapid Spanning Tree Protocol Secure Copy Small Form factor Pluggable SSH File Transfer Protocol Simple Network Management Protocol Simple Network Time Protocol Transmission Control Protocol Trivial File Transfer Protocol Twisted Pair User Datagramm Protocol Uniform Resource Locator UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 293 General Information B 2 Abbreviations used UTC Coordinated Universal Time VLAN Virtual Local Area Network UM BasicConfig HiOS 2S 2A 3S RSPE 294 Release 4 0 07 2014 General Information B 3 Technical Data B 3 Technical Data You will find the technical data in the
14. The Best Master Clock algorithm evaluates the following criteria Priority 1 Class Clock Accuracy Clock Variance Priority 2 The algorithm first evaluates priority 1 of the participating devices The device with the smallest value for priority 1 becomes the reference time source Grandmaster If the value is the same for multiple devices the algo rithm takes the next criterion and if this is also the same it takes the next criterion after this one If all the values are the same for multiple devices the smallest value in the Clock Identifier field decides which device becomes the reference time source Grandmaster The device offers you the option in the settings of the boundary clock to indi vidually define the values for Priority 1 and Priority 2 This allows you to influence which device will be the reference time source Grandmaster in the network UM BasicConfig HiOS 2S 2A 3S RSPE 136 Release 4 0 07 2014 Synchronizing the System Time in the 6 3 PTP Network 6 3 3 Delay measurement The delay of the synchronization messages between the devices affects the accuracy The delay measurement allows the devices to take into account the average delay PTP version 2 offers the following methods for delay measurement End to End 25 The slave clock measures the delay of synchronization messages to the master clock End to End optimized E2E opt imized The slave clock measures the delay of synchronization
15. The network extension is too great or too many cascading hubs Collisions late collisions In full duplex mode no incrementation of the port counters for collisions or late collisions CRC error The device evaluates these errors as non matching duplex modes in the manual full duplex mode No Automatic Current Detected error Duplex modes Possible causes configuration duplex events 2 10 mode after link up 1 On Half duplex None OK 2 On Half duplex Collisions OK Table 24 Evaluation of non matching of the duplex mode UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 229 Operation Diagnosis No Automatic configuration 3 On 4 on 5 On 6 On 7 On 8 On 9 Off 10 Off 11 off 12 off 13 off 14 off 15 off 16 off Table 24 230 Current duplex mode Half duplex Half duplex Full duplex Full duplex Full duplex Full duplex Half duplex Half duplex Half duplex Half duplex Full duplex Full duplex Full duplex Full duplex Detected error events 2 10 after link up Late collisions CRC error None Collisions Late collisions CRC error None Collisions Late collisions CRC error None Collisions Late collisions CRC error 9 6 Port Event Counter Duplex modes Possible causes Duplex problem detected OK OK OK OK OK OK OK Duplex problem detected OK OK OK OK Duplex problem detected Duplex problem EMI network extension EMI EMI
16. gt Load Save dialog and click Save users delete lt user gt Deletes the lt user gt user account show users Shows the user accounts that are set up save Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 3 2 7 Adjusting policies for passwords The device allows you to check whether the passwords for the user accounts adhere to the specified policy You obtain a higher level of complexity for the passwords when they adhere to the policy The user management of the device allows you to activate or deactivate the check separately in each user account When the check is activated the device accepts a changed password only if it fulfills the requirements of the policy In the default settings practical values for the policy are set up on the device You have the option of adjusting the policy to meet your requirements Prerequisite User account with authorization profile administrator Perform the following work steps L Adjust the policy for passwords to meet your requirements L Open the Device Security gt User Management dialog UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 TT Access to the device 3 2 User Management Configuration Password Policy Number of Login Attempts 0 Minimum Upper Cases 1 Minimum Password Length 5 Minimum Lower Cases 1 Minimum Numbers 1 Minimum Special Charactes 1 UserName Active
17. parameter none Authentication unencrypted des UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 83 Access to the device 3 3 SNMP Access Authentication encrypted with DES aesCfb128 Authentication encrypted with AES 128 in Cipher Feedback mode The device allows you to specify the SNMP Auth Type and SNMP Encryp tion Type parameters individually in each user account Prerequisite User account with authorization profile administrator Perform the following work steps L Adjust the SNMPv3 parameters in the user account to match the settings in your NMS L Open the Device Security gt User Management dialog The dialog shows the user accounts that are set up Configuration Passwort d Policy Number of Login Attempts 0 Minimum Upper Cases 1 Minimum Passwort d Length 6 linimum Lower Cases 1 Minimum Numbers 1 Minimum Special Charactes 1 el Policy i User Name ess RS Check SNMP Auth Type SNMP Encryption Type admir M m administrat m m hmacmd5 des Vv guest Cr m hmacmas des Iv perat mj m hmacmd5 Set Reload Create Remove Help Figure 38 Device Security gt User Management dialog L Click the row of the relevant user account in the SNMP Auth Type field Select the desired setting L Click the row of the relevant user account in the SNMP Encryption Type field Select the desired setting L To temporarily save the changes click Set UM BasicConfig HiOS
18. passwords min lenght 6 passwords m in lowercase chars 1 passwords m passwords m pa m in numeric chars 1 in special chars 1 sswords in uppercase chars 1 sh ow passwords save UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 3 2 User Management Switch to the privileged EXEC mode Switch to the Configuration mode Specifies the policy for the minimum length of the password Specifies the policy for the minimum number of lower case letters in the password Specifies the policy for the minimum number of digits in the password Specifies the policy for the minimum number of special characters in the password Specifies the policy for the minimum number of upper case letters in the password Shows the policies that are set up Saves the settings in the non volatile memory of the device NvM in the selected configuration profile 79 Access to the device 3 3 SNMP Access 3 3 SNMP Access 3 3 1 SNMPvi fv2 Community The SNMP protocol allows you to monitor and configure the device via the network with a network management system NMS When the NMS accesses the device via SNMPv1 or SNMPv2 the NMS authenticates itself with the community With the default settings you access the device via the public read access and private read write access communities The community is contained in every SNMP packet When it receives a packet the device compare
19. to login to the server O To start the update procedure click the Update button The device copies the currently running device software into the backup memory As soon as the update procedure is completed successfully the device displays the message Firmware successfully loaded onto the device Upon restart the device loads the installed device software enable Change to the Privileged EXEC mode copy firmware remote Transfer the product bin file to the device from the tftp 10 0 1 159 product b TFTP server with the IP address 10 0 1 159 in system UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 115 Loading Software Updates 5 3 Software update from the external memory 5 3 Software update from the external memory 5 3 1 Manually initiated by the administrator The device allows you to update the device software with just a few mouse clicks The prerequisite is that the image file of the device software is located in the external memory Perform the following work steps LI Open the Basic Settings gt Software dialog L In the table mark the row which displays the name of the desired image file on the external memory LI Right click to display the context menu LI To start the update procedure click in the context menu the Update entry Software Update File _ Update The device copies the currently running device software into the backup memory As soon as t
20. 0 07 2014 195 VLANs 8 1 Examples of VLANs show vlan brief Display the current VLAN configuration Maxa VEAN TED ans var aah aahcar dalton Ge E acd alsa le adele ce arta te E E ts 4042 Max supported VLANS ee eee ee eee ee eee 256 Number of currently configured VLANS 3 vlan unaware Mode eee ce we we wee eee ee eee disabled VLAN ID VLAN Name VLAN Type VLAN Creation Time 1 VLAN1 default 0 days 00 00 05 2 VLAN2 static 0 days 02 44 29 3 VLAN3 static 0 days 02 52 26 LI Configuring the ports seq Ropero tease WEES Frame Types Filtering 141 2 admita M 142 3 admitAl 3 3 admita kakak 114 2 admitAll i admit Al jacmit All admitOnlyVlanTag Set Reload Help Figure 77 Defining the VLAN membership of the ports L Assign the ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status The selection options are gt currently not a member of this VLAN GVRP allowed gt T member of VLAN send data packets with tag gt u Member of the VLAN send data packets without tag gt F not a member of the VLAN also disabled for GVRP Because terminal devices usually interpret untagged data packets you select the U setting You select the Tsetting on the uplink port on which the VLANs communicate with each other LI To temporarily save the configuration click Set
21. 2014 Contents 6 2 6 3 7 2 7 3 7 4 7 5 7 6 Synchronizing the System Time in the Network Basic settings 6 1 1 Setting the time 6 1 2 Automatic daylight saving time changeover Defining settings of the SNTP client TP 1 Preparation 2 3 Specifying SNTP server settings 3 1 Types of clocks 3 2 Best Master Clock algorithm 3 3 Delay measurement 3 4 PTP domains 3 5 Using PTP DDDDDU SO OD etwork Load Control irect Packet Distribution 1 Learning MAC addresses 2 Aging of learned MAC addresses 3 Static address entries Iticasts 1 Example of a Multicast Application 7 2 2 IGMP snooping Rate limiter QoS Priority 7 4 1 Description of Prioritization NE NNNOU Z NC gt 4 2 Handling of Received Priority Information 4 3 VLAN tagging 44 IP ToS 4 5 Handling of traffic classes 4 6 Queue Management 4 7 Management prioritization 4 8 Pewna pron panon Halfduplex or fullduplex link 1 w Control 1 2 Setting the Flow Control VLANs UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 121 122 122 124 126 128 130 132 134 134 136 137 138 139 141 142 143 143 144 149 149 150 158 160 161 162 163 165 166 167 171 172 177 178 182 183 184 185 Contents 8 1 8 2 8 3 8 4 8 5 8 6 8 7 8 8 9 1 9 2 9 3 9 4 9 5 9 6 9 7 9 8 9 9 Examples of VLANs 8 1 1 Example 1 8 1 2 Example 2 Guest Unauthenticated VL
22. 2S 2A 3S RSPE 84 Release 4 0 07 2014 Access to the device 3 3 SNMP Access L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save enable configure users snmpv3 authentication lt user gt md5 shal users snmpv3 encryption lt user gt des aescfb128 none show users save UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Switch to the privileged EXEC mode Switch to the Configuration mode Allocates the HMAC MD5 or HMAC SHA protocol for authentication requests to the lt user gt user account Allocates the DES or AES 128 algorithm to the lt user gt user account With this algorithm the device encrypts authentication requests The value none removes the encryption Shows the user accounts that are set up Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 85 Access to the device 3 3 SNMP Access UM BasicConfig HiOS 2S 2A 3S RSPE 86 Release 4 0 07 2014 Managing configuration profiles 4 Managing configuration profiles If you change the settings of the device during operation the device stores the changes in its memory RAM After a reboot the settings are lost In order to keep the changes after a reboot the device offers the possibility of saving additional settings in a configuration profile in the non volatile memory NVM In order to make it possible to quickly switch to other s
23. B General Information UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 289 General Information B 1 Management Information Base MIB B 1 Management Information Base MIB The Management Information Base MIB is designed in the form of an abstract tree structure The branching points are the object classes The leaves of the MIB are called generic object classes If this is required for unique identification the generic object classes are instantiated i e the abstract structure is mapped onto reality by specifying the port or the source address Values integers time ticks counters or octet strings are assigned to these instances these values can be read and in some cases modified The object description or object ID OID identifies the object class The subiden tifier SID is used to instantiate them Example The generic object class hm2PSState OID 1 3 6 1 4 1 248 11 11 1 1 1 1 2 is the description of the abstract information power supply status However it is not possible to read any information from this as the system does not know which power supply is meant Specifying the subidentifier 2 maps this abstract information onto reality instantiates it thus indicating the operating status of power supply 2 A value is assigned to this instance and can then be read The instance get 1 3 6 1 4 1 248 11 11 1 1 1 1 2 1 returns the response 1 which means that the power supply is ready for operatio
24. BasicConfig HiOS 2S 2A 3S RSPE 160 Release 4 0 07 2014 Network Load Control 7 4 QoS Priority 7 4 1 Description of Prioritization For data traffic prioritization traffic classes are defined in the device The device prioritizes higher traffic classes over lower traffic classes The number of traffic classes depends on the device type To provide for optimal data flow for delay sensitive data you assign higher traffic classes to this data You assign lower traffic classes to data that is less sensitive to delay Assigning traffic classes to the data The device automatically assigns traffic classes to inbound data traffic classification The device takes the following classification criteria into account Methods according to which the device carries out assignment of received data packets to traffic classes trustDot1p The device uses the priority of the data packet contained in the VLAN tag trustIpDscp The device uses the QoS information contained in the IP header ToS DiffServ unt rusted The device ignores possible priority information within the data packets and uses the priority of the receiving port directly The priority assigned to the receiving port Both classification criteria are configurable During traffic classification the device uses the following rules When the receiving port is set to trustDot1p state on delivery the device uses the data packet priority contained in the VLAN tag When the data packets
25. Device 192 168 1 1 192 168 1 2 192 168 1 3 192 168 1 11 192 168 1 12 SNTP Server Function On On On Off Off Listen UDP Port 123 123 123 123 123 Broadcast Admin Mode Not selected Not selected Not selected Not selected Not selected Broadcast Destination 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Address Broadcast Port 123 123 123 123 123 Broadcast VLAN ID 1 1 1 1 1 Broadcast Send Interval 128 128 128 128 128 Disable Server at local Not selected Not selected Not selected Not selected Not selected Time Source Table 8 SNTP server settings for the example UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 133 Synchronizing the System Time in the 6 3 PTP Network 6 3 PTP In order for LAN controlled applications to work without latency precise time management is required With PTP Precision Time Protocol IEEE 1588 describes a method that enables precise synchronization of clocks in the network PTP enables synchronization with an accuracy of a few 100 ns PTP uses multicast for the synchronization messages which keeps the network load low 6 3 1 Types of clocks PTP defines the roles of master and slave for the clocks in the network A master clock reference time source distributes its time A slave clock synchronizes itself with the timing signal received from the master clock UM BasicConfig HiOS 2S 2A 3S RSPE 134 Release 4 0 07 2014 Synchronizing the System Time in the 6 3 PTP Network Boundary clock T
26. Fair Queuing for Traffic Class 2 proceed as follows gt Unmark the Strict Priority checkbox for the class gt Inthe Min Bandwidth column enter 30 O To activate Weighted Fair Queuing for Traffic Class 3 proceed as follows gt Unmark the Strict Priority checkbox for the class gt Inthe Min Bandwidth column enter 20 UM BasicConfig HiOS 2S 2A 3S RSPE 168 Release 4 0 07 2014 Network Load Control 7 4 QoS Priority L To combine Weight Fair Queuing and Queue Shaping for Traffic Class 4 proceed as fllowos Unmark the Strict Priority checkbox for the class In the Min Bandwidth column enter 10 In the Max Bandwidth column enter 10 When using a weighted fair queuing and queue shaping combination for a specific traffic class set the Max Bandwidth to a value that is higher than the value set in Min Bandwidth O To activate Weighted Fair Queuing for Traffic Class 5 proceed as follows Unmark the Strict Priority checkbox for the class In the Min Bandwidth column enter 5 O To activate Weighted Fair Queuing for Traffic Class 6 proceed as follows Unmark the Strict Priority checkbox for the class In the Min Bandwidth column enter 10 L To combine Strict Priority Queuing and Queue Shaping for Traffic Class 7 proceed as follows Mark the Strict Priority checkbox for the class In the Max Bandwidth column enter 10 LI To temporarily save the con
27. Querier dialog L In the Admin Status frame turn the IGMP querier function of the device on or off globally LI To enable the IGMP querier function for a specific VLAN select the Active checkbox on the line of the desired VLAN When the device recognizes another multicast querier in the corre sponding VLAN when Election Participate Mode is activated it carries out a simple selection process If the IP source address of the other multicast querier is lower than its own the device switches to the passive state in which it does not send out any more query requests UM BasicConfig HiOS 2S 2A 3S RSPE 154 Release 4 0 07 2014 Network Load Control 7 2 Multicasts Under Address you specify the IP multicast address that the device inserts as the sender address in generated query requests You use the address of the multicast router L To temporarily save the configuration click Set IGMP Snooping Enhancements Table The Switching gt IGMP Snooping gt Snooping Enhancements dialog provides you access to enhanced settings for the IGMP snooping func tion You activate or deactivate the settings on a per port basis ina VLAN The following settings are possible Static Use this setting to set the port as a static query port The device sends all IGMP messages on a static query port even if it has previously received no IGMP query messages on this port If the static option is disabled the device sends IGMP messages on th
28. RSPE Release 4 0 07 2014 173 Network Load Control gE classofservice ip dscp mapping csl 1 show classofservice ip dscp mapping 7 4 QoS Priority Assign traffic class 1 to DSCP CS1 Show the IP DSCP assignments IP DSCP Traffic Class be 2 1 2 cs1 1 Assign the DSCP priority to received IP data packets enable configure interface 1 1 classofservice trust ip dscp exit show classofservice trust Interface Trust Mode 1 1 ip dscp 1 2 dotip 1 3 dotip 1 5 dotip Switch to the privileged EXEC mode Switch to the Configuration mode Switch to the Interface Configuration mode of interface 1 1 Assign the trust ip dscp mode globally Switch to the Configuration mode Display the trust mode Configuring Traffic Shaping on a port 174 enable configure interface 1 2 traffic shape bw 50 exit exit show traffic shape Switch to the privileged EXEC mode Switch to the Configuration mode Switch to the interface configuration mode for interface 1 2 Limit the maximum bandwidth of port 1 2 to 50 Switch to the Configuration mode Switch to the privileged EXEC mode Display the traffic shaping configuration UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Network Load Control 7 4 QoS Priority Interface Shaping rate 1 1 0 amp 1 2 50 1 3 0 amp 1 4 0 Configuring Layer 2 management priority L Open the L QoS
29. To load the factory settings press the Enter key The device deletes the configuration profiles in the memory RAM and in the non volatile memory NVM If an external memory is connected the device also deletes the configu ration profiles saved on the external memory To switch to the main menu press q To reboot the device with factory settings press q UM BasicConfig HiOS 2S 2A 3S RSPE 110 Release 4 0 07 2014 Managing configuration profiles 4 5 Service Shell 4 5 Service Shell When you need assistance with your device then the service personnel use the Service Shell function to monitor internal conditions for example switch or CPU registers Note When you deactivate the Service Shell then you are still able to configure the device but you limit the service personnel to system diagnos tics In order to reactivate the Service Shell function the device requires disassembly by the manufacturer UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 111 Managing configuration profiles 4 5 Service Shell UM BasicConfig HiOS 2S 2A 3S RSPE 112 Release 4 0 07 2014 Loading Software Updates 5 Loading Software Updates Hirschmann are continually working on improving and developing their soft ware Check regularly whether there is an updated version of the software that provides you with additional benefits You find information and software downloads on the Hirschmann product pages on the Internet http www hirsch
30. UM BasicConfig HiOS 2S 2A 3S RSPE 196 Release 4 0 07 2014 VLANs 8 1 Examples of VLANs L Open the switching gt VLAN gt Port dialog O Assign the ID of the related VLANs 1 to 3 to the individual ports ee Papua ee Lhe ce Frame Types Filtering admitAll 2 3 admitAll 3 admitAll 2 1 1 qaqa Set Reload Help Figure 78 Assigning and saving Port VLAN ID Acceptable Frame Types and Ingress Filtering O Because terminal devices usually send data packets as untagged you select the admitAl11 setting for the terminal device ports Configure the uplink port with admit only VLAN tags L To evaluate the VLAN tag on this port activate Ingress Filtering on the uplink port LI To temporarily save the configuration click Set L Open the Basic Settings gt External Memory dialog LI To save the configuration permanently in the external memory acti vate the Auto save config on envm checkbox and click Set enable Switch to the privileged EXEC mode configure Switch to the Configuration mode interface 1 1 Switch to the Interface Configuration mode of interface 1 1 lan participation include 1 Port 1 1 becomes member untagged in VLAN 1 vlan participation include 2 Port 1 1 becomes member untagged in VLAN 2 vlan tagging 2 enable Port 1 1 becomes member tagged in VLAN 2 lt UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 197 VLANs participat
31. a port declares interest periodically Every MMRP enabled device on a LAN maintains a filtering database and forwards traffic having the group MAC addresses to listed participants MMRP Example In this example Host A intends to listen to traffic destined to group G1 Switch A processes the MMRP Join request received from Host A and sends the request to both of the neighboring switches The devices on the LAN now recognize that there is a host interested in receiving traffic destined for group G1 When Host B starts transmitting data destined for group G1 the data flows on the path of registrations and Host A receives it UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 275 Advanced functions of the device 10 5 MRP IEEE Switch 1 Switch 2 Switch 3 MMRP Join G1 Request Multicast Traffic for G1 gt Host A Host B Figure 90 MMRP Network for MAC address Registration To enable MMRP on the switches proceed as follows 0 0 be E Open the Switching gt MRP IEEE gt MMRP dialog Configuration tab To activate ports 1 and 2 as MMRP participants mark Active for ports 1 and 2 on switch 1 To activate ports 3 and 4 as MMRP participants mark Active for ports 3 and 4 on switch 2 To activate ports 5 and 6 as MMRP participants mark Active for ports 5 and 6 on switch 3 To send periodic events allowing the switch to maintain the registra tion of the MAC address group enable the Periodic State Ma
32. been using Classless Inter Domain Routing CIDR to provide a solution CIDR overcomes these class boundaries and supports classless address ranges With CIDR you enter the number of bits that designate the IP address range You represent the IP address range in binary form and count the mask bits that designate the netmask The mask bits equal the number of bits used for the subnet in a given IP address range Example IP address decimal Network mask IP address binary decimal 149 218 112 1 255 255 255 128 10010101 11011010 01110000 00000001 149 218 112 127 10010101 11011010 01110000 01111111 L 25 mask bits _ CIDR notation 149 218 112 0 25 Mask bits The term supernetting refers to combing a number of class C address ranges Supernetting enables you to subdivide class B address ranges to a fine degree UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 41 Entering IP Parameters 2 2 Entering IP parameters using the CLI 2 2 Entering IP parameters using the CLI There are several methods you enter the system configuration either via BOOTP DHCP the HiDiscovery protocol the external memory You have the option of performing the configuration via the V 24 interface using the CLI Entering IP addresses Connect the PC with terminal program started to the RJ11 socket Command Line Interface starts after key press Log in and change to the Privileged EXEC Mode Enter and save IP parameters
33. button The configuration profile is now saved as an XML file in the specified location show config profiles nvm enable copy config running config remote tftp lt IP Adresse gt lt Pfad gt lt Dateiname gt copy config nvm remote tftp lt IP Adresse gt lt Pfad gt lt Dateiname gt copy config nvm profile config3 remote tftp lt IP Adresse gt lt Pfad gt lt Dateiname gt UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Displays the configuration profiles contained in non volatile memory NVM Switch to the privileged EXEC mode Save the configuration profile in memory RAM on a TFTP server Save the selected configuration profile in non volatile memory NVM on a TFTP server Save the configuration profile config3 in non volatile memory NVM on a TFTP server 99 Managing configuration profiles 4 3 Loading settings 4 3 Loading settings Through loading of settings the device allows you to quickly switch to other settings if required Prerequisite User account with authorization profile administrator 4 3 1 Activating a configuration profile The non volatile memory of the device can accommodate several configura tion profiles If you activate a configuration profile stored there you change the settings on the device on the fly without rebooting Perform the following work steps UM BasicConfig HiOS 2S 2A 3S RSPE 100 Release 4 0 07 2014 Managing
34. configure the V 24 interface as a terminal CLI interface Press any key on your terminal keyboard a number of times until the login screen indicates the CLI mode UM BasicConfig HiOS 2S 2A 3S RSPE 32 Release 4 0 07 2014 User interfaces 1 3 System Monitor 1 3 System Monitor The System Monitor allows you to set basic operating parameters before starting the operating system 1 3 1 Functional scope In the System Monitor you carry out the following tasks for example Managing the operating system and verifying the software image Updating the operating system Starting the operating system Deleting configuration profiles resetting the device to the factory defaults Checking boot code information 1 3 2 Starting the System Monitor Prerequisites Terminal cable for connecting the device to your PC available as an optional accessory PC with VT100 terminal emulation such as PuTTY or serial terminal Perform the following work steps L Use the terminal cable to connect the V 24 interface of the device with the COM port of the PC L Start the VT100 terminal emulation on the PC LI Specify the following transmission parameters Speed 9 600 baud Stopbit 8 bit UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 33 User interfaces 1 3 System Monitor Parity none Stopbit 1 bit Flow control none L Set up a connection to the device LI Switch on the device If the device is already on reboot
35. contains the MAC address the IP address the system name or a user defined character string Using it the participating devices identify the relay agent that received the request of the client The device and other relay agents use this information to re direct the answer from the DHCP relay agent to the original client The DHCP server is able to analyze this data e g to assign the client an IP address from a specific address pool Also the replay packet of the DHCP server contains the Circuit ID and the Remote ID Before forwarding the answer to the client the device removes the information from the Option 82 field 10 2 2 DHCP L2 Relay Configuration The Advanced gt DHCP L2 Relay gt Configuration dialog allows you to acti vate the function on the active ports and on the VLANs The ports on which the DHCP Layer 2 Relay function is active and are marked as Trusted Port the device forwards DHCP packets with Option 82 information Typically these are ports in the network of the DHCP server The ports to which the DHCP clients are connected you activate the DHCP Layer 2 Relay function but leave the Trusted Port checkbox unmarked On these ports the device discards DHCP packets with Option 82 information UM BasicConfig HiOS 2S 2A 3S RSPE 264 Release 4 0 07 2014 Advanced functions of the device 10 2 DHCP L2 Relay DHCP Client Figure 87 DHCP Layer 2 Example Network Perform the following work steps on Switch 1
36. dynamic IP address ranges Leave the MAC Address Client ID Remote ID and Circuit ID fields blank To create dynamic IP address ranges with gaps between the ranges add several entries to the table L Open the Advanced gt DHCP Server gt Pool dialog O To add a new entry to the table click Create LI Enter 192 168 23 92 in IP Address for the first IP address of the range and enter 192 168 23 142 in Last IP Address for the last IP address of the range The default setting for Lease Time s is 60 days Set this value for the appropriate interval Select 1 2 from the Port pull down menu To enable the entry click Active Open the Advanced gt DHCP Server gt Global dialog Activate port 1 2 in the DHCP Server active column To enable the function select in the Operation frame the On radio button Eva ep 0 Index IP Address Last IP Address VLAN ID MAC Address Gateway ClientID Remote ID Circuitld Configuration URL Lease Time s i M 192 168 23 42 4294967295 2 M 1921682392 19216823142 12 E a _ S 86400 a MW __ 192 168 2372 192 168 23180 172 al 86400 0 0 0 0 00 24 E8 D6 50 51 G S gt Set Reload Create Remove Hep Figure 86 Table in the Advanced gt DHCP Server gt Pool dialog UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 261 Advanced functions of the device 262 enable configu
37. email messages use the following steps LI Specifying the sender address LI Specifying the the triggering events LI Specifying the receivers LI Specifying the mail server O Enabling disabling of the function LI Sending of a test message 9 10 1 Specifying the sender address The sender address is the email address that indicates the device which sent the email message In the device the value switch hirschmann com is preset To change the preset value perform the following work steps C Open the Diagnostics gt Email Notification gt Global dialog LI In the Sender frame change the value in the Address field Add a valid email address O Click the Set button enable Switch to the privileged EXEC mode configure Switch to the Configuration mode logging email from addr Changes the sender address lt user doma in gt UM BasicConfig HiOS 2S 2A 3S RSPE 236 Release 4 0 07 2014 Operation Diagnosis 9 10 Email Notification HiOS 2A HiOS 3S 9 10 2 Specifying the the triggering events The device differentiates between the following severities Severity Meaning emergency Device not ready for operation alert Immediate user intervention required critical Critical status error Error status warning Warning notice Significant normal status informational Informal message debug Debug message Table 25 Meaning of the severities for events You have the option of specifying the events of which the devi
38. empty JoinMt message with the appropriate attributes The switch then floods the JoinMt to the participating ports and to the neighboring switches The neigh boring switches flood the message to their participating port and so on establishing a path for the group traffic MRP Timers The default timer settings help prevent unnecessary attribute declarations and withdraws The timer settings allow the participants to receive and process MRP messages before the Leave or LeaveAll timers expire Maintain the following relationships when you reconfigure the timers To allow for re registration after a Leave or LeaveAll event even if there is a lost message set the LeaveTime to 2 2x JoinTime 60 in 1 100 s To minimize the volume of rejoining traffic generated following a LeaveAll set the value chosen for the LeaveAll timer larger than the LeaveTime The following list contains various MRP events that the device transmits Join Controls the interval for the next Join message transmission Leave Controls the length of time that a switch waits in the Leave state before changing to the withdraw state LeaveAll Controls the frequency with which the switch generates LeaveAll messages The Periodic timer when expired initiates a Join request MRP message that the switch sends to participants on the LAN The switches use this message to prevent unnecessary withdraws UM BasicConfig HiOS 2S 2A 3S RSPE 274 Release 4 0 07 2014 Advan
39. external memory contains the configuration profile of an identical device this allows you to transfer the settings from one device to another Perform the following work steps LI Verify that the device loads a configuration profile from the external memory upon restart In the state on delivery of the device this function is turned on If the func tion is turned off turn it on again as follows L Open the Basic Settings gt External Memory dialog Set Reload Gel Loading data ok 29 Figure 49 Basic Settings gt External Memory dialog L In the Config Priority column select the value first L To temporarily save the changes click Set UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 103 Managing configuration profiles 4 3 Loading settings L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save enable Switch to the privileged EXEC mode configure Switch to the Configuration mode config envm load priority Enable the function sdiush first Upon reboot the device loads a configuration profile from the external memory sd External SD memory usb External USB memory show config envm settings Displays the settings of the external memory ENVM Type Status Auto Update Save Config Config Load Prio sd ok x x first usb ok x x second L Save the settings of the device in a configuration profile in non volatile memory See
40. fh HIRSCHMANN A BELDEN BRAND User Manual Basic Configuration Rail Switch Power Enhanced HiOS 2S 2A 3S RSPE UM BasicConfig HiOS 2S 2A 3S RSPE Technical Support Release 4 0 07 2014 https hirschmann support belden eu com The naming of copyrighted trademarks in this manual even when not specially indicated should not be taken to mean that these names may be considered as free in the sense of the trademark and tradename protection law and hence that they may be freely used by anyone 2014 Hirschmann Automation and Control GmbH Manuals and software are protected by copyright All rights reserved The copying reproduction translation conversion into any electronic medium or machine scannable form is not permitted either in whole or in part An exception is the preparation of a backup copy of the software for your own use For devices with embedded software the end user license agreement on the enclosed CD DVD applies The performance features described here are binding only if they have been expressly agreed when the contract was made This document was produced by Hirschmann Automation and Control GmbH according to the best of the company s knowledge Hirschmann reserves the right to change the contents of this document without prior notice Hirschmann can give no guarantee in respect of the correctness or accuracy of the information in this document Hirschmann can accept no responsibility for damages resulting from the use o
41. it The screen displays the following message after rebooting Press lt l gt to enter System Monitor 1 L Press 1 within 3 seconds The device starts the System Monitor The screen displays the following view Figure 16 Screen display of system monitor 1 L Select a menu item by entering the number O To leave a submenu and return to the main menu of system monitor 1 press the lt ESC gt key UM BasicConfig HiOS 2S 2A 3S RSPE 34 Release 4 0 07 2014 Entering IP Parameters 2 Entering IP Parameters When you install the device for the first time enter the IP parameters The device provides the following options for entering the IP parameters during the first installation Entry using the Command Line Interface CLI You choose this out of band method if you preconfigure your device outside its operating environment or you restore network access in band to the device Entry using the HiDiscovery protocol You choose this in band method on a previously installed network device or if you have another Ethernet connection between your PC and the device Configuration using the external memory You choose this method if you are replacing a device with a device of the same type and have already saved the configuration in the external memory Using BOOTP You choose this in band method to configure the installed device using BOOTP You need a BOOTP server for this method The BOOTP server assign
42. not a member of the VLAN also disabled for GVRP Because terminal devices usually interpret untagged data packets exclusivly you select the U setting here L To temporarily save the configuration click Set CI Open the switching gt VLAN gt Port dialog LI Assign the Port VLAN ID of the related VLANs 2 or 3 to the individual ports see table Port Port VLAN ID Acceptable Ingress Frame Types Filtering admitAll Set Reload Help Figure 74 Assigning and saving Port VLAN ID Acceptable Frame Types and Ingress Filtering Because terminal devices usually send data packets as untagged you select the admitA11 setting for the Acceptable Frame Types The setting for Ingress Filtering has no affect on how this example functions To temporarily save the configuration click Set Open the Basic Settings gt External Memory dialog To save the configuration permanently in the external memory acti vate the Auto save config on envm checkbox and click Set OOO oO UM BasicConfig HiOS 2S 2A 3S RSPE 190 Release 4 0 07 2014 VLANs enable configure interface 1 1 vlan participation include vlan pvid 2 exit interface 1 2 vlan participation include vlan pvid 3 exit interface 1 3 vlan participation vlan pvid 3 exit interface 1 4 vlan participation include include vlan pvid 2 8 1 Examples of VLANs Switch to t
43. options L Click the OK button LI To temporarily save the configuration click Set enable Switch to the privileged EXEC mode vlan database Switch to the VLAN mode igmp snooping vlan id 1 Activate the Forward All function for slot 1 port 1 forward all 1 1 in VLAN 1 Configuring multicasts The device allows you to configure the exchange of multicast data packets The device provides different options depending on whether the data packets are to be sent to unknown or known multicast receivers The settings for unknown multicast addresses are global for the entire device The following options can be selected The device discards unknown multicasts The device sends unknown multicasts on all ports The device sends unknown multicasts exclusively on ports that have previously received query messages query ports Note The exchange settings for unknown multicast addresses also apply to the reserved IP addresses from the Local Network Control Block 224 0 0 0 224 0 0 255 This behavior may affect higher level routing protocols UM BasicConfig HiOS 2S 2A 3S RSPE 156 Release 4 0 07 2014 Network Load Control 7 2 Multicasts For each VLAN you define the sending of multicast packets to known multicast addresses individually The following options can be selected The device sends known multicasts on the ports that have previously received query messages query ports and to the registered ports Registered p
44. other Voice over IP VoIP devices or servers and network devices such as switches It specifically provides support for VoIP applica tions LLDP MED provides this support using an additional set of common type length value TLV advertisement messages for capabilities discovery network policy Power over Ethernet inventory management and location information The device supports the following TLV messages capabilities TLV Allows LLDP MED endpoints to determine the capabilities that the connected device supports and what capabilities the device has enabled Network policy TLV Allows both network connectivity devices and endpoints to advertise VLAN configurations and associated attributes for the specific application on that port For example the device notifies a phone of the VLAN number The phone connects to a switch obtain its VLAN number and then starts communicating with the call control LLDP MED provides the following functions Network policy discovery including VLAN ID 802 1p priority and Diffserv code point DSCP Device location and topology discovery based on LAN level MAC port information Endpoint move detection notification from network connectivity device to the associated VolP management application Extended device identification for inventory management Identification of endpoint network connectivity capabilities for example multi port IP Phone with embedded switch or bridge capability Application level interactions
45. reject reject reject reject local reject reject reject reject Cor radius local reject reject reject e de List 24 race o SH radius local reject reject reject 5S5H T loginTelnet radius local reject reject reject Telnet Set Reload Create Remove Allocate Applications Help Figure 29 Device Security gt Authentication List dialog L To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save UM BasicConfig HiOS 2S 2A 3S RSPE 64 Release 4 0 07 2014 Access to the device authlists disable loginTelnet Save UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 3 1 Authentication lists Deactivates the loginTelnet list Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 65 Access to the device 3 2 User Management 3 2 User Management The device allows users to access its management functions when they log in with valid login data The device authenticates the users either using the local user management or with a RADIUS server in the network To get the device to use the user management assign the local method to an authen tication list see the Device Security gt Authentication List dialog In the local user management you manage the user accounts One user account is usually allocated to each user 3 2
46. such a case Romeo Lorenzo Figure 18 Management agent that is separated from its management station by a router The management station Romeo wants to send data to the manage ment agent Juliet Romeo knows Juliet s IP address and also knows that the router Lorenzo knows the way to Juliet Romeo therefore puts his message in an envelope and writes Juliet s IP address as the destination address For the source address he writes his own IP address on the envelope Romeo then places this envelope in a second one with Lorenzo s MAC address as the destination and his own MAC address as the source This process is comparable to going from layer 3 to layer 2 of the ISO OSI base reference model Finally Romeo puts the entire data packet into the mailbox This is comparable to going from layer 2 to layer 1 i e to sending the data packet over the Ethernet UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 39 Entering IP Parameters 2 1 IP Parameter Basics 40 Lorenzo receives the letter and removes the outer envelope From the inner envelope he recognizes that the letter is meant for Juliet He places the inner envelope in a new outer envelope and searches his address list the ARP table for Juliet s MAC address He writes her MAC address on the outer envelope as the destination address and his own MAC address as the source address He then places the entire data packet in the
47. the assigned IP addresses 2 1 2 Netmask Routers and gateways subdivide large networks into subnetworks The netmask asssigns the IP addresses of the individual devices to a particular subnetwork You perform subnetwork division using the netmask in much the same way as the division of the network addresses net id into classes A to C Set the bits of the host address host id that represent the mask to one Set the remaining host address bits to zero see the following examples UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 37 Entering IP Parameters 2 1 IP Parameter Basics Example of a subnet mask Decimal notation 255 255 192 0 Binary notation 11111111 11111111 11000000 00000000 Loo Subnetwork mask bits Class B Example of IP addresses with subnetwork assignment when applying the subnet mask Decimal notation 129 218 65 17 128 lt 129 191 gt Class B Binary notation 10000001 11011010 01000001 00010001 Loo Subnetwork 1 Network address Decimal notation 129 218 129 17 128 lt 129 191 gt Class B Binary notation 10000001 11011010 10000001 00010001 Loo Subnetwork 2 Network address UM BasicConfig HiOS 2S 2A 3S RSPE 38 Release 4 0 07 2014 Entering IP Parameters 2 1 IP Parameter Basics Example of how the network mask is used In a large network it is possible that gateways and routers separate the management agent from its management station How does addressing work in
48. the possibility to change the user name and the pass word later in the Command Line Interface These entries are case sensitive The device displays the CLI start screen Note This device is a security relevant product Change the password during the first startup procedure UM BasicConfig HiOS 2S 2A 3S RSPE 28 Release 4 0 07 2014 User interfaces 1 2 Command Line Interface Figure 11 Start screen of CLI 1 2 4 CLI via the V 24 port The V 24 interface is a serial interface for the local connection of an external management station VT100 terminal or PC with terminal emulation The interface allows you to set up a data connection to the Command Line Inter face CLI and to the system monitor VT 100 terminal settings Speed 9 600 Baud Data 8 bit Stopbit 1 bit Handshake off Parity none UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 29 User interfaces 1 2 Command Line Interface The socket housing is electrically connected to the housing of the device RJ11 DB9 RJ11 DB9 O 00000 0000 oO AQais xZXO o OnkRWNH ol N Figure 12 Pin assignment of the V 24 interface and the DB9 connector L Connect the device to a terminal via V 24 Alternatively connect the device to a COM port of your PC using terminal emulation based on VT100 and press any key L Alternatively you set up the serial data connection to the device via V 24 with PuTTY see figure 13 Press the Enter key X PuTTY Confi
49. with the LLDP protocol elements to provide timely startup of LLDP to support rapid availability of an Emergency Call Service Applicability of LLDP MED to Wireless LAN environments support for Voice over Wireless LAN UM BasicConfig HiOS 2S 2A 3S RSPE 234 Release 4 0 07 2014 Operation Diagnosis 9 9 Detecting Loops 9 9 Detecting Loops Loops in the network even temporary loops cause connection interruptions or data losses The automatic detection and reporting of this situation allows you to detect it faster and diagnose it more easily An incorrect configuration causes loops for example if you deactivate Spanning Tree The device allows you to detect the effects typically caused by loops and report this situation automatically to the network management station You have the option here to specify the magnitude of the loop effects that trigger the device to send a report BPDU frames sent from the designated port and received on either a different port of the same device or the same port within a short time is a typical effect of a loop UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 235 Operation Diagnosis 9 10 Email Notification HiOS 2A HiOS 3S 9 10 Email Notification HiOS 2A HiOS 3S The device allows you to inform users by email about events that have occurred Prerequisite is that a mail server is available through the network on which the device transfers the email messages To setup the device to send
50. 0 192 168 2 181 255 255 255 0 192 168 2 1 f10 115 0 59 255 255 224 0 10 115 0 3 ft0 115 0 81 255 255 224 0 10 115 0 3 192 168 2 174 255 255 255 0 192 168 2 1 192 168 2 170 255 255 255 0 192 168 2 1 10 115 0 66 255 255 224 0 10 115 0 3 10 115 0 80 255 255 224 0 110 115 0 3 192 168 2 176 255 255 255 0 192 168 2 1 10 115 0 22 255 255 224 0 10 115 0 3 192 168 2 40 255 255 255 0 192 168 2 1 192 168 2 178 255 255 255 0 192 168 2 1 10 115 0 72 255 255 224 0 10 115 0 3 10 115 0 40 255 255 224 0 10 115 0 3 192 168 110 92 255 255 255 0 0 0 0 0 10 115 0 35 255 255 224 0 10 115 0 3 10 115 0 77 255 255 224 0 10 115 0 3 10 115 0 13 255 255 224 0 10 115 0 3 192 168 2 164 255 255 255 0 192 168 2 1 10 115 5 130 255 255 224 0 10 115 0 3 00 80 63 98 10 95 00 80 63 61 4C AB 00 80 63 38 5C BD 00 80 63 43 40 C0 00 80 63 8F 2C BE 00 80 63 88 38 EC 00 80 63 98 11 00 00 80 63 44 CD 00 00 80 63 99 41 08 00 80 63 17 35 08 00 80 63 44 19 2E aagnoaanaaaaaaaaaa aaa aa Figure 20 HiDiscovery UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 45 Entering IP Parameters 2 3 Entering the IP Parameters via HiDiscovery When HiDiscovery is started HiDiscovery automatically searches the network for those devices which support the HiDiscovery protocol HiDiscovery uses the first network interface found for the PC If your computer has se
51. 0 01 earned D 34 learned D earne 004 8a _ learne d 1 a0 I learne l I t Set Reload Create Edit Entry Hep Figure 58 Switching gt Filter for MAC Addresses dialog UM BasicConfig HiOS 2S 2A 3S RSPE 144 Release 4 0 07 2014 Network Load Control 7 1 Direct Packet Distribution O To add a user configurable MAC address click the Create button Create VLAN ID Address EE cma Figure 59 Create window in the Switching gt Filter for MAC Addresses dialog LI In the VLAN ID field specify the VLAN to which the table entry applies LI In the Address field define the destination MAC address to which the table entry applies L In the Possible Ports field select the device ports to which the device sends data packets with the specified destination MAC address in the specified VLAN O Select exactly one device port if you have defined a unicast MAC address in the Address field O Select one or more device ports if you have defined a multicast MAC address in the Address field O Do not select any device port if you want the device to discard data packets with the destination MAC address LI Click the OK button O To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save enable Switch to the privileged EXEC mode configure Swit
52. 1 1 Click OK To save the change on the device click Set Step 4 Enable the function globally OOO Open the switching gt QoS Priority gt DiffServ gt Global dialog To activate the function globally in the Operation frame click On To save the change on the device click Set Note In the Switching gt QoS Priority gt DiffServ gt Assignment dialog the status of the previously created assignment is up solely if the link on port 1 1 is up enable configure class map match all classl class map name class protocol tcp class map name classi srcip 10 20 10 11 255 255 255 0 class map name classl match srcl4port http match match policy map create policyl in policy map name pol class add classl policy map name pol class name cl 1 1 interface icy icy lassl drop service pol 180 icy in policyl Switch to the privileged EXEC mode Switch to the Configuration mode Create a DiffServ class named class1 Add the TCP protocol as a match condition based on the IP protocol field Add the source IP address 10 20 10 11 as a match condition based on the source IP address Add http which is TCP port 80 as a match condi tion based on the layer 4 source port Create a DiffServ policy named policy1 with the traffic direction in Add class1 to policy1 To drop packets with the ab
53. 1 Access Roles The device allows you to use a role based authorization model to specifically control the access to the management functions Users to whom a specific authorization profile is allocated are allowed to use commands and functions from the same authorization profile or a lower one The device uses the authorization profiles on all applications with which the management functions can be accessed UM BasicConfig HiOS 2S 2A 3S RSPE 66 Release 4 0 07 2014 Access to the device 3 2 User Management Every user account is linked to an access role that regulates the access to the individual functions of the device Depending on the planned activity for the respective user you assign a predefined access role to the user The device differentiates between the following access roles Access Role Description Authorized for the following activities Administrator The user is authorized to All activities with read write access including monitor and administer the the following activities reserved for an device administrator Add modify or delete user accounts Activate deactivate or unlock user accounts Change all passwords Configure password management Set or change system time Load files to the device e g device configurations certificates or software images Reset settings and security related settings to the state on delivery Configure RADIUS server and authenti cation lists Apply CLI scripts Switch CLI logging and
54. 1311 N za E ooo t E616CBCF5CBB F61B2BF cA Set Reload Save Activate Delete Select v 2 Help Figure 42 Basic Settings gt Load Save dialog The table shows the configuration profiles present in the device You can recognize the selected configuration profile by the fact that the checkbox is selected in the Selected column LI Select the line of the desired configuration profile stored in non vola tile memory NVM LI Click the Select button UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Managing configuration profiles 4 2 Saving settings In the Selected column the checkbox of the configuration profile is now selected External Memory r Configuration Encryption Information Selected ENVM SD aao e Mise Password Delete NYM synchron te running contig I7 Status ok ENYM synchron to NYM d Undo Modifications of Configuration o Function Con off Period to undo while Connection is lost s 600 Watchdog IP Address 0 0 0 0 SE Encryption Software z A Fingerprint Feb 11 20131 7 fv Hn E IBE gd Feb 1 20131 1252PM_ E E E e 312 d E E K 134 E E E d sa Reload seve Activate Delete Select IE Hep Figure 43 Basic Settings gt Load Save dialog enable show config profiles nvm configure config profile select nvm save UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Switch to the privileged EXEC mode Displays the configuration
55. 33 35 36 37 41 42 45 47 49 50 53 53 55 56 Contents 3 2 3 3 4 1 4 2 4 3 4 4 4 5 5 1 5 2 5 3 5 4 1 Applications 2 Methods 3 Default setting 4 Managing authentication lists 5 Adjusting the settings O os or or rv er Management 1 Access Roles 2 Managing user accounts 3 Default setting 4 Changing standard passwords 5 Setting up a new user account 6 Deactivating the user account 7 Adjusting policies for passwords M 1 2 P Access SNMPv1 v2 Community SNMPv3 access WW WWWWWWWE WWWWW ww zZ NNMNNNNND Managing configuration profiles Detecting changed settings Saving settings 4 2 1 Saving the configuration profile in the device 4 2 2 Saving the configuration profile in external memory 4 2 3 Exporting a configuration profile Loading settings 4 3 1 Activating a configuration profile 4 3 2 Loading the configuration profile from the external memory 4 3 3 Importing a configuration profile Resetting the device to the factory defaults 4 4 1 With the graphical user interface or CLI 4 4 2 Inthe System Monitor Service Shell Loading Software Updates Software update from the PC Software update from a server Software update from the external memory 5 3 1 Manually initiated by the administrator 5 3 2 Automatically initiated by the device Loading an older software 113 114 115 116 116 117 119 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07
56. 3S RSPE 148 Release 4 0 07 2014 Network Load Control 7 2 Multicasts 7 2 Multicasts By default the device floods data packets with a multicast address that is the device forwards the data packets to all ports This leads to an increased network load The use of IGMP snooping can reduce the network load caused by multicast data traffic IGMP snooping allows the device to send multicast data packets only on those ports to which devices interested in multicast are connected 7 2 1 Example of a Multicast Application Surveillance cameras transmit images to monitors in the machine room and in the monitoring room With an IP multicast transmission the cameras transmit their graphic data over the network in multicast packets The Internet Group Management Protocol IGMP organizes the multicast data traffic between the multicast routers and the monitors The switches in the network between the multicast routers and the monitors monitor the IGMP data traffic continuously IGMP snooping Switches register logins for receiving a multicast stream IGMP report The device then creates an entry in the MAC address table FDB and forwards multicast packets only to the ports on which it has previously received IGMP reports UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 149 Network Load Control 7 2 Multicasts 7 2 2 IGMP snooping The Internet Group Management Protocol IGMP describes the distribution of multicast info
57. 4 0 07 2014 Managing configuration profiles enable configure E config envm config save sd usb no config envm config save sd usb Save UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 4 2 Saving settings Switch to the privileged EXEC mode Switch to the Configuration mode Enable the function When you save a configura tion profile the device creates a copy in the external memory sd External SD memory usb External USB memory Disable the function The device does not create a copy in the external memory sd External SD memory usb External USB memory Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 97 Managing configuration profiles 4 2 Saving settings 4 2 3 Exporting a configuration profile The device offers you the option of saving a configuration profile to a server as an XML file If you use the graphical user interface you have the option to save the XML file directly to your PC Prerequisite gt To save the file on a server you need a configured server on the network To save the file to an SCP or SFTP server you also need the username and password for accessing this server Perform the following work steps L Open the Basic Settings gt Load Save dialog External Memory Configuration Encryption Information Selected ENVM SD Active 7 Set Password Delete NYM synchron to running config V Status l
58. 8 Technical Questions 301 ToS 161 165 177 Traffic class 166 173 Traffic Shaping 174 Training Courses 301 Transmission reliability 208 Transparent clock PTP 135 Trap 208 211 Trap target table 208 Type of Service 165 U Update 33 User name 25 28 31 V V 24 20 29 Video 166 VLAN 185 VLAN priority 172 VLAN tag 164 185 VolP 166 VT100 30 W Weighted Fair Queuing 166 Weighted Round Robin 166 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Further Support D Further Support Technical Questions For technical questions please contact any Hirschmann dealer in your area or Hirschmann directly You will find the addresses of our partners on the Internet at http Awww hirschmann com Contact our support at https hirschmann support belden eu com You can contact us in the EMEA region at Tel 49 0 1805 14 1538 E mail hac support belden com in the America region at Tel 1 717 217 2270 E mail inet support us belden com in the Asia Pacific region at Tel 65 6854 9860 E mail inet ap belden com Hirschmann Competence Center The Hirschmann Competence Center is ahead of its competitors Consulting incorporates comprehensive technical advice from system evaluation through network planning to project planning Training offers you an introduction to the basics product briefing and user training with certification The current technology and product training courses can be found at http www hic
59. AN RADIUS VLAN assignment Creating a Voice VLAN MAC based VLANs IP subnet based VLANs Protocol based VLAN VLAN unaware mode Operation Diagnosis Sending Traps 9 1 1 List of SNMP traps 9 1 2 Traps for configuration activity 9 1 3 Configuring Traps 4 ICMP Messaging nitoring the Device Status Events which can be monitored Configuring the Device Status Displaying the Device Status 1 2 3 curity Status DEVMON 1 Events which can be monitored 2 Configuring the Security Status 3 Displaying the Security Status t of band Signalling 1 Controlling the Signal Contact 9 4 2 Monitoring the Device and Security Statuses OCF ooon ooz wor eS w w w D NNNO Port Status Indication Port Event Counter 9 6 1 Detecting Non matching Duplex Modes Displaying the SFP Status Topology Discovery 9 8 1 Displaying the Topology Discovery Results 9 8 2 LLDP Med Detecting Loops 9 10 Email Notification 186 186 192 199 201 202 203 204 205 206 207 208 209 210 211 212 213 214 214 217 218 218 219 221 222 223 223 227 228 229 231 232 233 234 235 236 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Contents 9 11 9 12 9 13 9 14 9 15 10 10 1 10 2 10 3 10 4 10 5 10 6 A A 1 B B 1 10 1 Specifying the sender address 10 2 Specifying the the triggering events 10 3 Changing the send interval 10 4 Specifying the receivers 10 5 Specify
60. C Address IGMP snooping Instantiation IP Address IP header ISO OSI layer model L LACNIC Leave message Link monitoring Login window M MAC address filter MAC destination address Mail notification Memory RAM Message Multicast N Netmask Network Management Non volatile memory NVM NVM non volatile memory Object classes 247 177 301 35 182 37 44 290 136 282 208 37 36 233 149 150 290 36 43 50 161 165 177 40 36 150 213 222 19 290 299 Index Object description 290 Object ID 290 OpenSSH Suite 28 Operation monitoring 222 Ordinary clock PTP 135 P Password 25 28 31 PHB 177 Polling 208 Port Mirroring 250 Port Priority 173 Precedence 177 Priority 164 Priority tagged frames 164 PTP 121 PTP domain 138 PuTTY 20 Q QoS 162 Query 150 Queue 166 R RAM memory 87 Real time 160 Redundancy 11 Reference time source 122 129 136 Relay contact 222 Remote diagnostics 222 Report 243 Report message 150 RIPE NCC 36 RMON probe 250 Router 11 37 Secure Shell 21 26 Secure Shell 20 Segmentation 208 Service 243 Service Shell Reactivation 111 Setting the time 122 SFP module 231 Signal contact 222 SNMP 18 208 SNMPv1 v2 80 SNTP 121 Software version 113 SSH 20 21 26 Starting the graphical user interface GUI 18 Store and forward 142 Strict Priority 166 300 Subidentifier 290 Subnet 44 Symbol 13 System requirements GUI 18 T Target table 20
61. Diagnostics gt Status Configuration gt Signal Contact dialog L Select the Monitoring Correct Operation option from the Mode pull down menu in the Configuration frame to use the signal contact to monitor the device functions L In the Monitor column you select the events to monitor LI You specify the temperature thresholds for the temperature moni toring inthe Basic Settings gt System dialog LI To send a trap to the management station activate the Generate Trap function in the Trap Configuration frame LI Configure at least one SNMP Manager in the Diagnostics gt Status Configuration gt Alarms Traps dialog LI To save the configuration in the non volatile memory click Set LI To display the current status click Reload enable Switch to the privileged EXEC mode configure Switch to the Configuration mode signal contact 1 monitor Sets the monitoring of the device temperature temperature signal contact 1 monitor Sets the monitoring of the ring redundancy ring rundancy signal contact 1 monitor Enables the monitoring of the network connec link failure tion signal contact 1 monitor Sets the monitoring of the external non volatile envm removal memory device removal signal contact 1 monitor Sets the monitoring of synchronization between nvm not in syn the external non volatile memory and the current configuration signal contact 1 monitor Sets the monitoring of the power supply power su
62. EMI EMI Duplex problem EMI network extension EMI EMI EMI Duplex problem EMI Evaluation of non matching of the duplex mode cont UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Operation Diagnosis 9 7 Displaying the SFP Status 9 7 Displaying the SFP Status The SFP status display allows you to look at the current SFP module connec tions and their properties The properties include gt module type gt serial number of media module temperature in C transmission power in mW gt receive power in mW L Open the Diagnostics gt Ports gt SFP dialog Module Temperature Tx Power Rx Power Tx Power Rx Power Rx Power Port type Serial Number Supported in Celsius nmw in oy in dBm nan State D Figure 83 SFP Modules dialog UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 231 Operation Diagnosis 9 8 Topology Discovery 9 8 Topology Discovery IEEE 802 1AB defines the Link Layer Discovery Protocol LLDP LLDP allows the user to automatically detect the LAN network topology Devices with LLDP active broadcast their connection and management information to neighboring devices on the shared LAN Evaluation of the devices occur when the receiving device has its LLDP function active receive connection and management information from neighbor devices on the shared LAN provided these adjacent devices also have LLDP active build a management information database and object de
63. HCP server allo cates the static IP address The device also allows you to assign a dynamic IP address range to ports or VLANs from which the DHCP server allocates a free IP address from a pool To create a dynamic pool entry for the ports or VLANs enter the first and last IP addresses for the IP address range leaving the MAC Address Client ID Remote ID and Circuit ID fields empty Creating multiple pool entries allows you to have IP address ranges that contain gaps 10 1 2 DHCP server static IP address example In this example configure the device to allocate a static IP address to a port The device recognizes clients with unique hardware identification The hard ware ID in this case is the client MAC address 00 24 E8 D6 50 51 Open the Advanced gt DHCP Server gt Pool dialog To add a new entry to the table click Create Enter 192 168 23 42 in IP Address Select 1 1 from the Port pull down menu Enter 00 24 E8 D6 50 51 in MAC Address To assign the IP address to the client infinitely enter 4294967295 in Lease Time s To enable the entry click Active Open the Advanced gt DHCP Server gt Global dialog Verify that port 1 1 is active in the DHCP Server active column To enable the function select in the Operation frame the On radio button gouad agado UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 259 Advanced functions of the device Active IP Address Last IP Address
64. Note Change the password during the first startup procedure O Enter a user name The default setting for the user name is admin Press the Enter key O Enter the password The default setting for the password is private Press the Enter key The device offers the possibility to change the user name and the password later in the Command Line Interface These entries are case sensitive The device displays the CLI start screen Figure 7 Start screen of CLI Your HiOS 2S 2A 3S RSPE appears with the command prompt RSPE gt UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 25 User interfaces 1 2 Command Line Interface 1 2 3 CLI via SSH Secure Shell L Start the PuTTY program on your computer PuTTY appears with the login screen XS PuTTY Configuration E zi xi Category Session Basic options for your PuTTY session Logging Specify the destination you want to connect to Terminal IP add Port Keyboard Jost Name for IP address or Bell fabcd 22 Features Connection type Window C Raw Telnet C Rlogin ssH SSH Serial Appearance M Load save or delete a stored session Behaviour Translation Saved Sessions Selection Co n Default Settings Pe Connection Data ages Proxy Telnet Delete Rlogin SSH Serial Close window on exit C Always Never Only on clean exit About
65. Password AccessRole oo Prey SNMP Auth Type SNMP Encryption Type admir M m administrator E m hmacmd5 des iser M saran guest E E hmacmd5 des iser Iv sane operator m m hmacmd5 des Set Reload Create Remove Help Figure 35 Device Security gt User Management dialog In the Configuration frame you define the number user login attempts before the device locks out the user You also define the minimum number of characters that defines a password LI Specify the values to meet your requirements You specify the number of times that a user attempts to log on to the device in the Number of Login Attempts field The field allows you to define this value in the range from 0 through 5 In the above example the value 0 deactivates the function The Minimum Password Length field allows values in the range from 6 through 64 The dialog shows the policy set up in the Password Policy frame L Adjust the values to meet your requirements gt Values in the range 1 through 16 are allowed The value 0 deactivates the relevant policy To apply the entries specified in the Configuration and Password Policy frames mark the Policy Check checkbox for a particular user O To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save UM BasicConfig HiOS 2S 2A 3S RSPE 78 Release 4 0 07 2014 Access to the device enable configure
66. Priority Global LI dialog LI In the VLAN Priority for Management packets field set the VLAN priority with which the device sends management data packets LI To temporarily save the configuration click Set enable Switch to the privileged EXEC mode network management priority Assign the VLAN priority of 7 to management dotip 7 packets The device sends management packets with the highest priority show network parms Displays the management VLAN priority IPv4 Network Management VLAN priority 2 20 7 Configuring Layer 3 management priority L Open the L QoS Priority Global LI dialog LI Inthe IP DSCP Value for Management packets field set the DSCP value with which the device sends management data packets LI To temporarily save the configuration click Set UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 175 Network Load Control 7 4 QoS Priority enable Switch to the privileged EXEC mode network management priority Assign the DSCP value of 56 to management ip dscp 56 packets The device sends management packets with the highest priority show network parms Displays the management VLAN priority IPv4 Network DSCP Wale k ccinsnd Sheed edie Saran 3 56 Management IP UM BasicConfig HiOS 2S 2A 3S RSPE 176 Release 4 0 07 2014 Network Load Control 7 5 Differentiated Services 7 5 Differentiated Services RFC 2474 defines the Differentiated Services field
67. RSPE 202 Release 4 0 07 2014 VLANs 8 5 MAC based VLANs HiOS 2A HiOS 3S 8 5 MAC based VLANs HiOS 2A HiOS 3S Use the MAC based VLAN to forward traffic based on the source MAC address associated with the VLAN A MAC based VLAN defines the filtering criteria for untagged or priority tagged packets Define a MAC based VLAN filter by assigning a specific source address to a MAC based VLAN The device forwards untagged frames received with the source MAC address on the MAC based VLAN ID The other untagged packets are subject to normal VLAN classification rules UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 203 VLANs 8 6 IP subnet based VLANs HiOS 2A HiOS 3S 8 6 IP subnet based VLANS HiOS 2A HiOS 3S In an IP subnet based VLAN the device forwards traffic based on the source IP address and subnet mask associated with the VLAN User defined filters determine whether a packet belongs to a particular VLAN Use the IP subnet based VLAN to define the filtering criteria for untagged or priority tagged packets For example assign a specific subnet address to an IP subnet based VLAN When the device receives untagged packets from the subnet address it forwards them to the IP subnet based VLAN Other untagged packets are subject to normal VLAN classification rules To configure an IP subnet based VLAN define an IP address a subnet mask and the associated VLAN ID In case of multiple matching entries the device associate
68. SNMP logging on and off External memory activation and deacti vation System monitor activation and deactiva tion Switch the services for the management access e g SNMP on and off Configure access restrictions to the user interfaces or the CLI based on the IP addresses Operator The user is authorized to All activities with read write access with the monitor and configure the exception of the above named activities device with the exception which are reserved for an administrator of security related settings Auditor The user is authorized to Monitoring activtities with read access monitor the device and to save the log file in the Diagnostics gt Report gt Audit Trail dialog Table 4 Access roles for user accounts UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 67 Access to the device 3 2 User Management Access Role Description Authorized for the following activities Guest The user is authorized to Monitoring activtities with read access monitor the device with the exception of security related settings Unauthorized No access to the device No activities allowed possible As an administrator you assign this access role to temporarily lock a user account The device assigns this access role to a user account if an error occurs when assigning a different access role Table 4 Access roles for user accounts cont 3 2 2 Managing user accounts You manage the user accounts in the graphical u
69. SPE Release 4 0 07 2014 219 Operation Diagnosis enable configure security status mon pwd change security status mon pwd min length security status mon pwd policy config security status mon pwd policy inactiv security status mon telnet enabled security status mon http enabled security status mon snmp unsecure security status mon sysmon enabled security status mon extnvm upd enabled security status mon iec61850 mms enabl itor te Ore ICO itor e IEOR LEOT itor Veo itor itor d security status tra P 9 3 Security Status DEVMON Switch to the privileged EXEC mode Switch to the Configuration mode Sets the monitoring of default password change for user and Admin Sets the monitoring of minimum length of the password smaller 8 To monitor the password policy configuration The device changes the security status to the value error if the value for at least one of the following password policies is 0 minimum upper cases minimum lower cases minimum numbers minimum special characters Sets the monitoring whether at least one user is configured with inactive policy check The device changes the security status to the value error if the function policy check is inactive for at least one user account Sets the monitoring of the activation of telnet on the switch Sets the monitoring of the activation of http on the switch
70. Switch to the Configuration mode exit Switch to the privileged EXEC mode show vlan id 3 Show details for VLAN 3 MEAN Dies eae e lavas ase la E ie Gar ieee R 3 VLAN NAMG sse eada coded ada deci es VLAN3 VLAN Type eee eee eee eee ee Static VLAN Creation Time 0 days 00 07 47 System Uptime VLAN Routing 6 disabled Interface Current Configured Tagging 1 1 Include Include Tagged 1 2 E Autodetect Untagged 1 3 Include Include Untagged 1 4 E Autodetect Untagged 175 Include Include Untagged For further information on VLANs see the reference manual and the inte grated help function in the program 198 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 VLANs 8 2 Guest Unauthenticated VLAN 8 2 Guest Unauthenticated VLAN The guest VLAN function allows a device to provide port based Network Access Control IEEE 802 1x to non 802 1x capable supplicants This feature provides a mechanism to allow guests to access external networks exclusively When you connect non 802 1x capable supplicants to an active unauthorized 802 1x port the supplicants send no responds to 802 1x requests Since the supplicants send no responses the port remains in the unauthorized state and the supplicants have no access to external networks The guest VLAN supplicant function is a per port basis configuration When you configure a port as a guest VLAN and connect non 802 1x capable supplicants to thi
71. The Routing Configuration User Manual document contains the information you need to start operating the routing function It takes you step by step from a small router application through to the router configuration of a complex network The manual enables you to configure your router by following the examples The document HiView User Manual contains information about the GUI application HiView This application offers you the possibility to use the graphical user interface without other applications such as a Web browser or an installed Java Runtime Environment JRE UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 11 About this Manual The Industrial HiVision network management software provides you with additional options for smooth configuration and monitoring ActiveX control for SCADA integration Auto topology discovery Browser interface Client server structure Event handling Event log Simultaneous configuration of multiple devices Graphical user interface with network layout SNMP OPC gateway UM BasicConfig HiOS 2S 2A 3S RSPE 12 Release 4 0 07 2014 Key Key The designations used in this manual have the following meanings List O Work step Subheading Link Cross reference with link Note A note emphasizes an important fact or draws your attention to a dependency Courier ASCII representation in the graphical user interface Execution in the Graphical User Interface Execution in the Command Line Interf
72. ace Symbols used WLAN access point p Router with firewall Switch with firewall Li Router lt Switch x UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 13 A ey PY cS BO i e 14 Bridge Hub A random computer Configuration Computer Server PLC Programmable logic controller I O Robot UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Introduction Introduction The device has been developed for use in a harsh industrial environment Accordingly the installation process has been kept simple Thanks to the selected default settings you only have to enter a few settings before starting to operate the device Note The changes you make in the dialogs are copied into the volatile memory of the device when you click on Set To save the changes to the device into permanent memory select the saving location in the Basic Settings Load Save dialog box and click on Save UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 15 Introduction UM BasicConfig HiOS 2S 2A 3S RSPE 16 Release 4 0 07 2014 User interfaces 1 User interfaces The device allows you to specify the settings of the device using the following user interfaces User interface Can be reached through Graphical User Interface GUI Ethernet in band Command Line Interface CLI Ethernet in band V 24 out of band System Monitor V 24 out o
73. ach those members The main purpose of MVRP is to allow switches to discover some of the VLAN information that you otherwise manually set up Discovering this infor mation allows switches to overcome the limitations of bandwidth consump tion and convergence time in large VLAN networks MVRP Example Set up a network comprised of MVRP aware switches 1 4 connected in aring topology with end device groups A1 A2 B1 and B2 in 2 different VLANs A and B With STP enabled on the switches the ports connecting switch 1 to switch 4 are in the discarding state preventing a loop condi tion UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 277 Advanced functions of the device 10 5 MRP IEEE gt Switch 1 Port 8 VLAN A Registrations VLAN A Join Requests VLAN B Registrations VLAN B Join AES d Figure 91 MVRP Example Network for VLAN Registration In the MVRP example network the LANs first send a Join request to the switches The switch enters the VLAN registration in the forwarding data base for the port receiving the frames The switch then propagates the request to the other ports and sends the request to the neighboring LANs and switches This process continues until the switches have registered the VLANs in the forwarding database of the receive port To enable MVRP on the switches use the following work steps Open the switching gt MRP IEEE gt MVRP dialog Configuration tab To a
74. agement Information Base MIB for a device with LLDP capability holds the LLDP information in the LLDP MIB and in the private HM2 LLDP EXT HM MIB and HM2 LLDP MIB 9 8 1 Displaying the Topology Discovery Results To show the topology of the network L Open the Diagnostics gt LLDP gt Topology Discovery dialog LLDP tab If you use a port to connect several devices for example via a hub the table contains a line for each connected device Activating Display FDB Entries at the bottom of the table allows you to display devices without active LLDP support in the table In this case the device also includes information from its FDB forwarding database If you connect the port to devices with the topology discovery function active then the devices exchange LLDP Data Units L_LDPDU and the topology table displays these neighboring devices When a port connects devices without an active topology discovery exclu sively the table contains a line for this port to represent the connected devices This line contains the number of connected devices The FDB address table contains MAC addresses of devices that the topology table hides for the sake of clarity UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 233 Operation Diagnosis 9 8 Topology Discovery 9 8 2 LLDP Med LLDP for Media Endpoint Devices LLDP MED is an extension to LLDP that operates between endpoint devices Endpoints include devices such as IP phones or
75. ames in the communication between the transmission devices uplink the ports differentiate the frames for different VLANs Terminal Port Port VLAN identi fier PVID A 1 2 B 2 3 C 3 3 D 4 2 Uplink 5 1 Table 14 Ingress table for device on left Terminal Port Port VLAN identi fier PVID Uplink 1 1 E 2 2 F 3 3 G 4 2 H 5 3 Table 15 Ingress table for device on right VLAN ID Port 1 253 4 S 1 U Table 16 Egress table for device on left UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 193 VLANs 8 1 Examples of VLANs VLAN ID Port 2 U U T 3 U U T Table 16 Egress table for device on left VLAN ID Port Table 17 Egress table for device on right The communication relationships here are as follows terminal devices on ports 1 and 4 of the left device and terminal devices on ports 2 and 4 of the right device are members of VLAN 2 and can thus communicate with each other The behavior is the same for the terminal devices on ports 2 and 3 of the left device and the terminal devices on ports 3 and 5 of the right device These belong to VLAN 3 The terminal devices see their respective part of the network Participants outside this VLAN cannot be reached The device also sends broadcast multicast and unicast packets with unknown unlearned destination addresses exclusively inside a VLAN Here the devices use VLAN tagging IEEE 801 1Q within the VLAN with the ID 1 Uplink The letter T in the eg
76. ams gt Accessories gt Command Prompt you start the DOS command line interpreter on your computer O Enter the command telnet lt 1 P address of the device gt UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 21 User interfaces 1 2 Command Line Interface Administrator Command Prompt non Microsoft Windows Version 6 1 76611 A Copyright lt c gt 2669 Microsoft Corporation All rights reserved E h gt telnet 18 115 10 100 Figure 3 Setting up the telnet connection to the HiOS 2S 2A 3S RSPE via the DOS command line Telnet connection via PuTTY LI Start the PuTTY program on your computer PuTTY appears with the login screen Set up the serial configuration parameters of the terminal emulation program as follows UM BasicConfig HiOS 2S 2A 3S RSPE 22 Release 4 0 07 2014 User interfaces 1 2 Command Line Interface XS PuTTY Configuration Category Logging Select a serial line Terminal Keyboard Serial line to connect to jco o Bell Features Configure the serial line E Window Speed baud a600 an Data bits E ehaviour Translation Stop bits j Selection Colours Parity None v Connection Flow control XON XO FF Data Proxy Telnet Rlogin SSH About Figure 4 Configuring the serial data connection via PuTTY UM BasicConfig HiOS 2S 2A 3S RSPE Releas
77. artment o Name Telephone number 0 Street Zip code City Emaii a Date Signature Dear User Please fill out and return this page as a fax to the number 49 0 7127 14 1600 or per mail to Hirschmann Automation and Control GmbH Department 01RD NT Stuttgarter Str 45 51 72654 Neckartenzlingen UM BasicConfig HiOS 2S 2A 3S RSPE 298 Release 4 0 07 2014 Index C Index lt lt VAR HiDiscovery gt HiDiscovery lt VAR gt 45 lt VAR HiView gt HiView lt VAR gt 11 18 lt VAR HiVision gt Industrial HiVision lt VAR gt 12 51 A Access roles 67 AF 177 Aging time 150 Alarm 211 Alarm messages 208 APNIC 36 ARIN 36 ARP 40 Assured Forwarding 177 B Bandwidth 182 Best Master Clock algorithm 136 BOOTP 35 Boundary clock PTP 135 C CD ROM 282 CIDR 41 Class Selector 177 Classless Inter Domain Routing 41 Closed circuit 222 Command Line Interface 20 Configuration changes 208 Configuration file 50 D Daylight saving time 124 Delay PTP 137 Delay measurement PTP 137 Device Status 213 DHCP 35 DHCP L2 Relay 263 DHCP server 123 129 282 Differentiated services 177 DiffServ 161 DiffServ Codepoint 177 DSCP 161 174 177 E EF 177 Email notification 236 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Event log file Expedited Forwarding F FAQ First installation Flow control G Gateway Generic object classes Grandmaster PTP H HaneWin Hardware reset Host address IANA IEEE MA
78. asic Settings gt Port dialog Statistics tab and click the Reload button UM BasicConfig HiOS 2S 2A 3S RSPE 228 Release 4 0 07 2014 Operation Diagnosis 9 6 Port Event Counter 9 6 1 Detecting Non matching Duplex Modes Problems occur when 2 ports directly connected to each other have mismatching duplex modes These problems are difficult to track down The automatic detection and reporting of this situation has the benefit of recog nizing mismatching duplex modes before problems occur This situation arises from an incorrect configuration for example if you deac tivate the automatic configuration on the remote port A typical effect of this non matching is that at a low data rate the connection seems to be functioning but at a higher bi directional traffic level the local device records a lot of CRC errors and the connection falls significantly below its nominal capacity The device allows you to detect this situation and report it to the network management station In the process the device evaluates the error counters of the port in the context of the port settings Possible causes of port error events The following table lists the duplex operating modes for TX ports with the possible fault events The meanings of terms used in the table are as follows Collisions In half duplex mode collisions mean normal operation Duplex problem Mismatching duplex modes EMI Electromagnetic interference Network extension
79. asicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Displays the configuration profiles contained in non volatile memory NVM Switch to the privileged EXEC mode Save the current settings in the configuration profile named lt string gt in non volatile memory NvM If present the device overwrites a configu ration profile of the same name The new config uration profile is marked as selected 93 Managing configuration profiles 4 2 Saving settings 94 Selecting a configuration profile If the non volatile memory NVM contains several configuration profiles you have the option to select any configuration profile there The device always stores the settings in the selected configuration profile Upon reboot the device loads the settings of the selected configuration profile into memory RAM Perform the following work steps L Open the Basic Settings gt Load Save dialog External Memory Configuration Encryption Information Selected ENVM SD Agen Ee Sather Delete NVM synchron to running contig Vv Status fok ENVM synchron to NYM Vv Undo Modifications of Configuration Function fon C off Period to undo while Connection is lost s 600 Watchdog IP Address 0 0 0 0 Storage Type te Modification Date Selected Encrypted amen Fingerprint a RAM unning contig 02 0 00 NVM c 3 Feb 1 a T 97 OBE i Iv infig Fi 1 i E 02 0 00 0554 2BF F nfig3 013 M E r OBE Vv NVM infig 20
80. at least 6 characters Up to 64 alphanumeric characters are allowed The device differentiates between upper and lower case The minimum length of the password is defined in the Configuration frame The device always checks the minimum length of the password O To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 71 Access to the device 3 2 User Management enable Switch to the privileged EXEC mode configure Switch to the Configuration mode users password policy check Activates the checking of the password for the lt user gt enable lt user gt user account based on the specified policy In this way you obtain a higher level of complexity for the password Note The password check may lead to a message when you display the security status show security status all You specify the settings that cause this message with the command security status monitor pwd policy inactive users password lt user gt SECRET Specifies the password SECRET for the lt user gt user account Enter at least 6 charac ters save Saves the settings in the non volatile memory of the device NvM in the selected configuration profile 3 2 5 Setting up a new user account Allocate a separate user account to each user that accesses the device management In this way you can spe
81. bal dialog O Under Admin Status you turn the IGMP snooping function of the device on or off globally When the IGMP snooping function is off the device behaves as follows gt The device ignores the received query and report messages gt The device sends floods received data packets with a multicast address as the destination address on all ports LI To temporarily save the configuration click Set Under the global activation option of the IGMP snooping function you define individual settings for ports Interface tab or VLANs VLAN tab These settings are only effective if the IGMP snooping function is enabled globally for the device LI Setting the IGMP snooping settings for a port L Open the Interface tab Operation Information on off Multicast Control Frames Processed fo Interface VLAN Port Active Group Membership Interval Max Response Time MRP Expiration Time Fast Leave Admin Mode Static Query Port VLAN IDs 2H Iv 260 0 260 Iv Iv 1 212 Iv 60 10 60 Set Reload Hep Figure 62 Port tab in the Switching gt IGMP Snooping gt Configuration dialog UM BasicConfig HiOS 2S 2A 3S RSPE 152 Release 4 0 07 2014 Network Load Control 7 2 Multicasts LI To enable IGMP snooping on a particular port select the Active checkbox on the line of the desired port LI To temporarily save the configuration click Set LI Setting the IGMP snoopin
82. ble Weighted Fair Queuing for traffic class 4 Assign a weight of 10 to traffic class 4 Assign Queue Shaping of 10 to traffic class 4 Enable Weighted Fair Queuing for traffic class 5 Assign a weight of 5 to traffic class 5 Enable Weighted Fair Queuing for traffic class 6 Assign a weight of 10 to traffic class 6 Queue Id Min bandwidth Max bandwidth Scheduler type 0 5 0 weighted I 20 0 weighted 2 30 0 weighted 3 20 0 weighted 4 10 1 weighted 5 5 0 weighted 6 10 0 weighted 7 0 0 strict 170 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Network Load Control Setting up Queue Shaping enable configure 7 4 QoS Priority Switch to the privileged EXEC mode Switch to the Configuration mode cos queue max bandwidth 7 Assign Queue Shaping of 10 to traffic class 7 10 show cos queue Queue Id Min bandwidth Max bandwidth Scheduler type YO OP WNEF CO N HOGD HOO G 7 4 7 Management prioritization weigh weigh weigh weigh 0 weigh weigh weigh 0 strict ted ted ted ted ted ted ted In order for you to have full access to the management of the device even when there is a high network load the device allows you to prioritize manage ment packets When prioritizing management packets the device sends the management packets with priority information On Layer 2 the device modifies the VLAN priority in the VLAN tag For this fu
83. cConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 49 Entering IP Parameters 2 6 Entering IP Parameters per DHCP 2 6 Entering IP Parameters per DHCP The DHCP Dynamic Host Configuration Protocol is a further development of BOOTP which it has replaced The DHCP additionally allows the configu ration of a DHCP client via a name instead of via the MAC address For the DHCP this name is Known as the client identifier in accordance with RFC 2131 The device uses the name entered under sysName in the system group of the MIB II as the client identifier You can enter this system name directly via SNMP the Web based management See Basic Settings gt System dialog or the Command Line Interface The device sends its system name to the DHCP server The DHCP server then uses the system name to allocate an IP address as an alternative to the MAC address In addition to the IP address the DHCP server sends the netmask the default gateway if available the tftp URL of the configuration file if available The device applies the configuration data to the appropriate parameters When the DHCP Sever assigns the IP address the device permanently saves the configuration data in non volatile memory Option Meaning 1 Subnet Mask 2 Time Offset 3 Router 4 Time server 12 Host Name 42 NTP server 61 Client Identifier Table 3 DHCP options which the device requests UM BasicConfig HiOS 2S 2A 3S RSPE 50 Release 4 0 07 2014 E
84. cal Time Source L State fynctolecel S Set Reload Help Figure 55 Time gt SNTP gt Server dialog O To activate the SNTP server function select the On value in the Admin Status frame UM BasicConfig HiOS 2S 2A 3S RSPE 132 Release 4 0 07 2014 Synchronizing the System Time in the 6 2 SNTP Network L To turn on broadcast operation mode select the checkbox Broad cast Admin Mode in the Configuration frame In the broadcast operation mode the SNTP server sends SNTP messages to the network in defined intervals The SNTP server also responds to the requests from SNTP clients in unicast operation mode L Inthe Broadcast Destination Address field you set the IP address to which the SNTP server sends the SNTP packets Set a broadcast address or a multicast address L Inthe Broadcast Port field you enter the number of the UDP port to which the SNTP server sends the SNTP packets in broadcast operation mode O Inthe Broadcast VLAN ID field you enter the ID of the VLAN in which the SNTP server sends the SNTP packets in broadcast operation mode L Inthe Broadcast Send Interval s field you define the interval in which the SNTP server sends the SNTP packets in broadcast operation mode O To temporarily save the changes click Set The Status field displays the current status of the SNTP server function L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save
85. cause the device to reboot L Open the Diagnostics gt System gt Selftest dialog L Select the action to perform for a cause in the Action column enable Switch to the privileged EXEC mode configure Switch to the Configuration mode selftest action task log To send a message to the event log when a task is only unsuccessful selftest action resource To send a flag to the manamgement station when send trap there is a lack of resources selftest action software To send a flag to the manamgement station when send trap there is a loss of software integrity selftest action hardware To reboot the device when hardware degradation reboot occurs UM BasicConfig HiOS 2S 2A 3S RSPE 252 Release 4 0 07 2014 Operation Diagnosis 9 14 Cause and Action management during Selftest Disabling these functions lets you decrease the time required to restart the device after a cold start You find these options in the Diagnostics gt System gt Selftest dialog Configuration frame RAM Test to enable or disable the ramtest function during a cold start Activate SysMon1 to enable or disable the System Monitor function during a cold start Reload default config on error to enable or disable the reloading of the standard device configuration if no readable configuration is available during a restart Note Device access is in jeopardy when you disable the System Monitor 1 for example misplacement or
86. ccess the management via device ports that are members of the relevant VLAN The MAC address field shows the MAC address of the device with which you access the device via the network L In the HiDiscovery Protocol frame you define the settings for accessing the device via the HiDiscovery software L The HiDiscovery protocol allows you to allocate an IP address to the device on the basis of its MAC address Activate the HiDiscovery protocol if you want to allocate an IP address to the device from your PC with the supplied HiDiscovery software default setting Opera tion On Access read write LI If required you can manually enter the IP address the netmask and the gateway in the IP Parameter frame L To temporarily save the changes click Set Note To make the configuration available even after a restart save the settings permanently in the Basic Settings gt Load Save dialog UM BasicConfig HiOS 2S 2A 3S RSPE 48 Release 4 0 07 2014 Entering IP Parameters 2 5 Entering IP Parameters per BOOTP 2 5 Entering IP Parameters per BOOTP With the BOOTP function activated the device sends a boot request message to the BOOTP server The boot request message contains the Client ID configured in the Basic Settings gt Network dialog The BOOTP server enters the Client ID into a database and assigns an IP address The server answers with a boot reply message The boot reply message contains the assigned IP address UM Basi
87. ce differentiates between upper and lower case The minimum length of the password is defined in the Configuration frame The device always checks the minimum length of the password L Select the authorization profile in the Access Role field In this example we select the operator authorization profile To activate the user account select the Active checkbox Click Set and back OO UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 73 Access to the device 74 3 2 User Management The dialog shows the user accounts that are set up Configuration Number of Lagin Attempts fo Minimum Password Length f User Name administrator Check A User rtm rere mer te _ Password Policy Minimum Upper Cases h Minimum Lower Cases ho Minimum Numbers ho Minimum Special Charactes 1 SNMP Encryption Type SNMP Auth Type admir pera mM guest m aser operator m hmacmd5 des hmacmds des Set Reload Create Remove Help Figure 33 Device Security gt User Management dialog L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save enable configure users add lt operator gt users password policy check lt operator gt enable users password lt operator gt SECRET users access rol operator nabl show users lt operator gt users lt operator gt save Switch to th
88. ce informs you For this assign the desired minimum severity to the notification levels of the device The device informs the receivers as follows Notification Immediate The device sends an email message immediately when an event of the severity assigned or more critical occurs Notification Periodic Inthe log file buffer the device logs if an event of the severity assigned or more critical occurs The device sends an email message with the log file periodically or if the log file buffer overflows Ifan event of a lesser severity occurs the device does not send an email message Perform the following work steps C Open the Diagnostics gt Email Notification gt Global dialog Inthe Notification Immediate frame you specify the settings for instant messages L In the Severity field you specify the minimum severity L In the Subject field you specify the subject line In the Notification Periodic frame you specify the settings for periodic messages LI In the Severity field you specify the minimum severity L In the Subject field you specify the subject line LI Click the Set button UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 237 Operation Diagnosis 9 10 Email Notification HiOS 2A HiOS 3S enable Switch to the privileged EXEC mode configure Switch to the Configuration mode logging email severity Specifies the minimum severity for the serious urgent lt le
89. ced functions of the device 10 5 MRP IEEE 10 5 2 MMRP When a device receives broadcast multicast or unknown traffic on a port the device floods the traffic to the other ports This process causes unnecessary use of bandwidth on the LAN The Multiple MAC Registration Protocol MMRP allows you to control the traffic flooding by distributing an attribute declaration to participants on a LAN The attribute values that the MAD component encodes and transmits on the LAN in MRP messages are Group service requirement information and 48 bit MAC addresses The switch stores the attributes in a filtering database as MAC address regis tration entries The forwarding process uses the filtering database entries solely to transmit dat through those ports necessary to reach Group member LANs Switches facilitate the group distribution mechanisms based on the Open Host Group concept receiving frames on the active ports and forward exclu sively on ports with group members This way any MMRP participants requiring frames transmitted to a particular group or groups requests membership in the group MAC service users send frames to a particular group from anywhere on the LAN A group receives these frames on the LANs attached to registered MMRP participants MMRP and the MAC Address Registration Entries thus restrict the frames to required segments of a loop free LAN In order to maintain the registration and deregistration state and to receive traffic
90. ch to the Configuration mode mac filter lt MAC address gt Create the MAC address filter consisting of a lt VLAN ID gt MAC address and VLAN ID interface 1 1 Select interface 1 port 1 mac filter lt MAC address gt Assign the port to a previously created MAC lt VLAN ID gt address filter save Saves the settings in the non volatile memory of the device NVM in the selected configuration profile UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 145 Network Load Control 7 1 Direct Packet Distribution O Convert a learned MAC address into a static address entry C Open the switching gt Filter for MAC Addresses dialog assess satus wano an m aja eana 00 13 3b 00 01 8a _flearned a0 _ learned a4 learned 1 1 ned 1 learned 1 1 1 1 learned learned 0 mgmt Set Reload Create Edit Entry Hep Figure 60 Switching gt Filter for MAC Addresses dialog L To convert a learned MAC address into a static address entry select the value permanent in the Status column L To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save UM BasicConfig HiOS 2S 2A 3S RSPE 146 Release 4 0 07 2014 Network Load Control O Disable a static address entry 7 1 Direct Packet Distribution L Open the switching gt Filter for MAC Addresses dialog a lea
91. changeover to daylight saving time select the On value in the Admin Status frame L To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save enable Switch to the privileged EXEC mode configure Switch to the Configuration mode clock summer time mod Configure the automatic daylight saving time lt disable recurring eu usa gt changeover turn on or off or activate with a profile clock summer time recurring Enter the start time for the changeover start clock summer time recurring Enter the end time for the changeover end save Saves the settings in the non volatile memory of the device NVM in the selected configuration profile UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 125 Synchronizing the System Time in the 6 2 SNTP Network 6 2 SNTP The Simple Network Time Protocol SNTP allows you to synchronize the system time in your network The device supports the SNTP client and the SNTP server function The SNTP server makes the UTC Universal Time Coordinated available UTC is the time relating to the coordinated world time measurement The UTC is the same worldwide and ignores local time shifts SNTP is a simplified version of NTP Network Time Protocol The data packets are identical with SNTP and NTP Accordingly both NTP and SNTP servers serve as a time source for SNTP clients Note State
92. chine In the Configuration frame click On To enable the MMRP function globally in the Operation frame click On To enable the MMRP ports on switch 1 use the following CLI commands Substituting the appropriate interfaces in the CLI commands enable the MMRP functions and ports on switches 2 and 3 enable Switch to the privileged EXEC mode configure Switch to the Configuration mode interface 1 1 Change to the Interface Configuration mode of port 1 1 mrp ieee mmrp operation Enable MMRP on the port interface 1 2 Switch to the interface configuration mode for interface 1 2 mrp ieee mmrp operation Enable MMRP on the port exit Switch to the Configuration mode 276 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Advanced functions of the device 10 5 MRP IEEE mrp ieee mrp periodic state Enable the MMRP periodic state machine glob machine ally mrp ieee mmrp operation Enable MMRP globally 10 5 3 MVRP The Multiple VLAN Registration Protocol MVRP is an MRP application that provides dynamic VLAN registration and withdraw services on a LAN MVRP provides a maintenance mechanism for the Dynamic VLAN Registra tion Entries and for transmitting the information to other switches This infor mation allows MVRP aware devices to establish and update their VLAN membership information When members are present on a VLAN the infor mation indicates through which ports the switch forwards traffic to re
93. chronizing the System Time in the 6 3 PTP Network UM BasicConfig HiOS 2S 2A 3S RSPE 140 Release 4 0 07 2014 Network Load Control 7 Network Load Control The device features a number of functions that reduce the network load Direct packet distribution Multicasts Rate limiter Prioritization QoS Differentiated Services Flow control UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 141 Network Load Control 7 1 Direct Packet Distribution 7 1 Direct Packet Distribution The device reduces the network load with direct packet distribution On each of its ports the device learns the sender MAC address of received data packets The device stores the combination port and MAC address in its MAC address table FDB By applying the store and forward method the device buffers data received and checks it for validity before forwarding it The device rejects invalid and defective data packets UM BasicConfig HiOS 2S 2A 3S RSPE 142 Release 4 0 07 2014 Network Load Control 7 1 Direct Packet Distribution 7 1 1 Learning MAC addresses If the device receives a data packet it checks whether the MAC address of the sender is already stored in the MAC address table FDB If the MAC address of the sender is unknown the device generates a new entry The device then compares the destination MAC address of the data packet with the entries stored in the MAC address table FDB The device sends packets with a known desti
94. cifically control the authorizations for the access In the following example we will set up the user account for an lt operator gt user The lt operator gt user is authorized to monitor and configure the device with the exception of security related settings Prerequisite User account with authorization profile administrator Perform the following work steps O Create a new user account L Open the Device Security gt User Management dialog UM BasicConfig HiOS 2S 2A 3S RSPE 72 Release 4 0 07 2014 Access to the device 3 2 User Management O Click Create The dialog shows the New Entry frame New entry User Name Active E Password Display Password J Access Role guest bd User locked L Policy Check r SNMP Auth Type hmacmd5 b4 SNMP Encryption Type des v Set Set and back Back Hep Figure 32 New entry frame in the Device Security gt User Management dialog O Enter the name in the User Name field In this example we give the user account the name lt operator gt O To obtain a higher level of complexity for the password select the Policy Check checkbox Before saving it the device checks the password according to the policy defined in the Password Policy frame L In the Password field enter a password of at least 6 characters Up to 64 alphanumeric characters are allowed O To make the password visible when it is being input select the Display Pass word checkbox The devi
95. configuration profiles 4 3 Loading settings C Open the Basic Settings gt Load Save dialog External Memory Selected ENYM SD Status jok Undo Modifications of Configuration Configuration Encryption Function Period to undo while Connection is lost s 600 Watchdog IP Address 0 0 0 0 Active 7 Set Password Delete Information NVM synchron to running contig 4 Vv ENYM synchron to NVM Con oft Encryption Software 3 Fingerprint Roo E E E E I B6FBF2FBE44CA49828FC0BE 7 Fe 201 2 PM Vv al E 0552 Vv NVM fig Feb 11 2013 12 35 18 Pt E E E 651 28FC A ENYM nfig Feb 1 2013 1 12 52 PM cA E E 02 0 00 0B540423EFE616CBCFSCBB7DOF424FD84F61B2BF Vv Set Reload Save Activate Delete Select v 2 Help eel Figure 47 Basic Settings gt Load Save dialog LI Select the line of the desired configuration profile O Click the Activate button The device copies the settings to memory RAM and disconnects from the graphical user interface The device immediately uses the settings of the configuration profile on the fly L Reload the graphical user interface L Login again In the Selected column the checkbox of the configuration profile that was just activated is selected UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 101 Managing configuration profiles 4 3 Loading settings
96. ctivate DHCP network parms 10 0 1 23 Assign the device the IP address 10 0 1 23 and 255 255 255 0 the netmask 255 255 255 0 You have the option of also assigning a gateway address copy config running config Save the current configuration to the non volatile nvm memory After entering the IP parameters you easily configure the device via the graphical user interface see the GUI reference manual UM BasicConfig HiOS 2S 2A 3S RSPE 44 Release 4 0 07 2014 Entering IP Parameters 2 3 Entering the IP Parameters via HiDiscovery 2 3 Entering the IP Parameters via HiDiscovery The HiDiscovery protocol enables you to assign IP parameters to the device via the Ethernet You easily configure other parameters via the graphical user interface see the GUI reference manual Install the HiDiscovery software on your PC The software is on the CD supplied with the device O To install it you start the installation program on the CD O Start the HiDiscovery program File Edit Options lid MAC Address writable IP Address Net Mask Defaut Gateway Product Name 100 80 63 44 CC 00 10 115 0 76 255 255 224 0 10 115 0 3 00 80 63 C0 50 00 00 80 63 43 40 00 00 80 63 9B 14 00 00 80 63 96 E4 00 00 80 63 46 00 06 00 80 63 43 40 40 00 80 63 44 CC 40 00 80 63 6E 38 4E 00 80 63 16 24 61 10 115 0 33 255 255 224 0 10 115 0 3 10 115 0 70 255 255 224 0 10 115 0 3 10 115 0 17 255 255 224 0 10 115 0 3 0 0 0 0 0 0 0
97. ctivate ports 1 through 3 as MVRP participants mark Active for ports 1 through 3 on switch 1 To activate ports 2 through 4 as MVRP participants mark Active for ports 2 through 4 on switch 2 To activate ports 3 through 6 as MVRP participants mark Active for ports 3 through 6 on switch 3 To activate ports 7 and 8 as MVRP participants mark Active for ports 7 and 8 on switch 4 To maintain the registration of the VLANs in the Configuration frame enable the Periodic State Machine mark the On radio button LI To enable the function MVRP globally in the Operation frame mark the On radio button Oo OF 0 OO UM BasicConfig HiOS 2S 2A 3S RSPE 278 Release 4 0 07 2014 Advanced functions of the device 10 5 MRP IEEE To enable the MVRP ports on switch 1 use the following CLI commands Substituting the appropriate interfaces in the CLI commands enable the MVRP functions and ports on switches 2 3 and 4 enable Switch to the privileged EXEC mode configure Switch to the Configuration mode interface 1 1 Change to the Interface Configuration mode of port 1 1 mrp ieee mvrp operation Enable MVRP on the port interface 1 2 Switch to the interface configuration mode for interface 1 2 mrp ieee mvrp operation Enable MVRP on the port exit Switch to the Configuration mode mrp ieee mvrp periodic Enables the periodic state machine on this state machine device mrp ieee mvrp operation Enables MMRP on this d
98. d level in the Console Logging frame Severity text box using the pull down menu LI To enable the operation click On The device buffers logged events in 2 separate storage areas so that the device keeps log entries for urgent events Define the minimum severity for events that the device logs to the buffered storage area with a higher priority L To send events to the buffer configure the desired level in the Buff ered Logging frame Severity text box using the pull down menu When you activate the logging of SNMP requests the device logs the requests as events in the syslog The Log SNMP Get Request function logs user requests for device configuration information The Log SNMP Set Request function logs device configuration events Define the minimum level for events that the device logs in the syslog LI Select the Log SNMP Get Request checkbox if you want to send reading SNMP requests to the device as events to the syslog server L Select the Log SNMP Set Request checkbox if you want to send writing SNMP requests to the device as events to the syslog server L Choose the desired severity level for the get and set requests When active the device logs configuration changes made using the CLI commands to the audit trail This feature is based on the IEEE 1686 stan dard for Substation Intelligent Electronic Devices LI Open the Diagnostics gt Report gt Global dialog LI To activate the function in the CLI Loggin
99. d temperature threshold Events for ring redundancy Loss of the redundancy in ring manager mode On delivery ring redun dancy monitoring is inactive The device is a normal ring participant and detects an error in the local configuration The interruption of link connection s Configure at least one port for this feature In the Propagate Connection Error frame you specify which ports the device signals if the link is down On delivery link monitoring is inactive The removal of the external memory The configuration on the external memory does not match that in the device The removal of a module Select the corresponding entries to decide which events the device status includes Note With a non redundant voltage supply the device reports the absence of a supply voltage To disable this message feed the supply voltage over both inputs or ignore the monitoring UM BasicConfig HiOS 2S 2A 3S RSPE 222 Release 4 0 07 2014 Operation Diagnosis 9 4 Out of band Signalling 9 4 1 Controlling the Signal Contact With the Manual Setting mode you control this signal contact remotely Application options Simulation of an error detected during SPS error monitoring Remote control of a device via SNMP such as switching on a camera L Open the Diagnostics gt Status Configuration gt Signal Contact dialog L To set the signal contact manually you select the Manual Setting option from the Mode pull down menu in the Config
100. ddress frame enter the IP address of the management station to which the device sends traps In the Active column you select the entries that the device should take into account when the device sends traps Oo O OO The device generates traps for changes selected in the dialogs Diagnostics gt Status Configuration gt Device Status and Diagnostics gt Status Configuration gt Security Status Create at lease 1 SNMP Manager that receives traps Note You need read write access for this dialog UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 211 Operation Diagnosis 9 1 Sending Traps Operation on oft Set Reload Create Remove Help Figure 79 Alarms dialog 9 1 4 ICMP Messaging The device allows you to use the Internet Control Message Protocol ICMP for diagnostic applications for example ping and trace route The device also uses ICMP for time to live and discarding messages in which the device forwards an ICMP message back to the packet source device Use the ping network tool to test the path to a particular host across an IP network The traceroute diagnostic tool displays paths and transit delays of packets across a network The CLI handbook contains a description of the ping and traceroute tools UM BasicConfig HiOS 2S 2A 3S RSPE 212 Release 4 0 07 2014 Operation Diagnosis 9 2 Monitoring the Device Status 9 2 Monitoring the Device Status The device status provides an ove
101. ddress of your device L Click Open HiView sets up the connection to the device and displays the login window UM BasicConfig HiOS 2S 2A 3S RSPE 18 Release 4 0 07 2014 User interfaces 1 1 Graphical user interface GUI Start the graphical user interface in the Web browser This requires that Java is enabled in the security settings of your Web browser C Start your Web browser O Write the IP address of the device in the address field of the Web browser Use the following form https xxx xxx xXxX XXX The Web browser sets up the connection to the device and displays the login window fh HIRSCHMANN Figure 1 Login window C Select the user name and enter the password C Select the language in which you want to use the graphical user inter face C Click Ok The Web browser displays the graphical user interface UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 19 User interfaces 1 2 Command Line Interface 1 2 Command Line Interface The Command Line Interface enables you to use the functions of the device through a local or remote connection The Command Line Interface provides IT specialists with a familiar environ ment for configuring IT devices As an experienced user or administrator you have knowledge about the basics and about using Rail Switch Power Enhanced devices The Command Line Interface reference manual gives you step by step information on using the Command Li
102. do not contain a VLAN tag the device is guided by the priority of the receiving port When the receiving port is set to trust IpDscp the device uses the QoS information ToS DiffServ in the IP header When the data packets do not contain IP packets the device is guided by the priority of the receiving port When the receiving port is set to unt rusted the device is guided by the priority of the receiving port UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 161 Network Load Control 7 4 QoS Priority Prioritizing traffic classes For prioritization of traffic classes the device uses the following methods Strict When transmission of data of a higher traffic class is no longer taking place or the relevant data is still in the queue the device sends data of the corresponding traffic class If all traffic classes are prioritized according to the strict method under high network load the device may permanently block the data of lower traffic classes Weighted Fair Queuing The traffic class is assigned a guaranteed bandwidth This ensures that the device sends the data traffic of this traffic class even if there is a great deal of data traffic in higher traffic classes 7 4 2 Handling of Received Priority Information Applications label data packets with the following prioritization information VLAN priority based on IEEE 802 1Q 802 1D Layer 2 Type of Service ToS or DiffServ DSCP for VLAN Management IP
103. document GUI Reference Manual UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 295 General Information B 4 Maintenance B 4 Maintenance Hirschmann are continually working on improving and developing their soft ware Check regularly whether there is an updated version of the software that provides you with additional benefits You find information and software downloads on the Hirschmann product pages on the Internet http www hirschmann com UM BasicConfig HiOS 2S 2A 3S RSPE 296 Release 4 0 07 2014 General Information B 5 Readers Comments B 5 Readers Comments What is your opinion of this manual We are constantly striving to provide as comprehensive a description of our product as possible as well as important information to assist you in the operation of this product Your comments and suggestions help us to further improve the quality of our documentation Your assessment of this manual Very Good Satisfactory Mediocre Poor Good Precise description O O O O O Readability O O O O O Understandability O O O O O Examples O O O O O Structure O O O O O Comprehensive O O O O O Graphics O O O O O Drawings O O O O O Tables O O O O O Did you discover any errors in this manual If so on what page UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 297 General Information B 5 Readers Comments Suggestions for improvement and additional information General comments Sender Company Dep
104. dware reset Changes to the configuration Segmentation of a port The device sends traps to various hosts to increase the transmission reli ability for the messages The unacknowledged trap message consists of a packet containing information about an unusual event The device sends traps to those hosts entered in the trap destination table The device allows you to configure the trap destination table with the management station via SNMP UM BasicConfig HiOS 2S 2A 3S RSPE 208 Release 4 0 07 2014 Operation Diagnosis 9 1 Sending Traps 9 1 1 List of SNMP traps The following table shows a short list of possible traps sent by the device Trap name authenticationFailure coldStart hm2DevMonSenseExt NvmRemoval linkDown linkUp hm2DevMonSense Temperature hm2DevMonSense PSState hm2SigConStateChange newRoot topologyChange alarmRising Threshold alarmFalling Threshold hm2AgentPortSecurity Violation hm2SfpChangeTrap hm2DiagSelftestAction Trap hm2MrpReconfig hm2DiaglfaceUtilization Trap hm2LogAuditStartNext Sector hm2PtpSynchronization Change hm2ConfigurationSaved Trap hm2ConfigurationChanged Trap Table 18 Possible traps Meaning This is sent if a station attempts to access an agent without authorisation This is sent during the boot phase for both cold starts after successful initialisation of the network management This is sent when the external memory has been removed This is sent i
105. e 4 0 07 2014 23 User interfaces XS PuTTY Configuration Category 1 2 Command Line Interface Session Basic options for your PuTTY session Logging M Specify the destination you want to connect to Terminal Keyboard Host Name or IP address Port Bell 10 100 10 100 23 Features Connection type Window C Raw C Telnet C Rlogin SSH Serial Appearance 7 Behaviour Load save or delete a stored session Translation Saved Sessions Selection Colours Default Settin gs Connection ta Data Save Proxy s Telnet Delete Rlogin SSH Serial Close window on exit C Always Never Only on clean exit Figure 5 PuTTY input screen L Inthe Host Name or IP address input field you enter the IP address of your device The IP address a b c d consists of 4 decimal numbers with values from 0 to 255 The 4 decimal numbers are separated by points LI To select the connection type click Telnet under Connection type O Click Open to set up the data connection to your device CLI appears on the screen with a window for entering the user name The device enables up to 5 users to have access to the Command Line Interface at the same time User admin Password xx Figure 6 Login window in CLI UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 24 User interfaces 1 2 Command Line Interface
106. e actual time depends on the application area Examples of application areas include Log entries Time stamping of production data Process control The device offers the following options for synchronizing the time on the network The Simple Network Time Protocol SNTP is a simple solution for low accuracy requirements Under ideal conditions SNTP achieves an accu racy in the millisecond range The accuracy depends on the signal delay IEEE 1588 with the Precision Time Protocol PTP achieves accuracies on the order of fractions of microseconds This method is suitable even for demanding applications up to and including process control PTP is always the better choice if the involved devices support this protocol PTP is more accurate has advanced methods of error correction and causes a low network load The implementation of PTP is comparatively easy Note According to the PTP and SNTP standards both protocols function in parallel in the same network However since both protocols influence the system time of the device situations may occur in which the two protocols conflict with each other UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 121 Synchronizing the System Time in the 6 1 Basic settings Network 6 1 Basic settings In the Time gt Basic Settings dialog you specify general settings for the time 6 1 1 Setting the time If no reference time source is available to you you have the option to s
107. e already set up and active defaultDot1x8021AuthList This list specifies the methods for the authentication of connected terminal devices using IEEE 802 1X The 8021x application is allocated to the list defaultLoginAuthList This list specifies the methods for the authentication for users that log in using the graphical user interface GUI or using the CLI via SSH or Telnet The SSH Telnet and Web Interface applications are allo cated to the list defaultV24AuthList This list specifies the methods for the authentication for users that log in using the CLI via a serial connection The Console V 24 application is allocated to the list UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 57 Access to the device 3 1 Authentication lists 3 1 4 Managing authentication lists You manage the authentication lists in the graphical user interface GUI or in the CLI Prerequisite User account with authorization profile administrator L Open the Device Security gt Authentication List dialog The dialog shows the lists that are set up radius reject reject reject reject 3021 local reject reject reject reject S elnet Y local reject reject reject reject Co 24 M Set Reload Create Remove Allocate Applications Hep Figure 23 Device Security gt Authentication List dialog show authlists Shows the lists that are set up UM BasicConfig HiOS 2S 2A 3S RSPE 58 Release 4 0 07 2014 Access t
108. e privileged EXEC mode Switch to the Configuration mode Creates the lt operator gt user account Activates the checking of the password for the lt operator gt user account based on the speci fied policy In this way you obtain a higher level of complexity for the password Specifies the password SECRET for the lt operator gt user account Enter at least 6 char acters Allocates the operator authorization profile to the lt operator gt user account Activates the lt operator gt user account Shows the user accounts that are set up Saves the settings in the non volatile memory of the device NvM in the selected configuration profile UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Access to the device 3 2 User Management Note Remember to allocate the password when you are setting up a new user account in the CLI 3 2 6 Deactivating the user account After a user account is deactivated the device denies the related user access to the management functions In contrast to completely deleting it deacti vating a user account allows you to keep the settings and reuse them in the future Prerequisite User account with authorization profile administrator Perform the following work steps L To keep the user account settings and reuse them in the future you temporarily deactivate the user account fey L Open the Device Security gt User Management dialog UM BasicConfig HiOS 2S 2A 3S RSPE R
109. e unreli able connection paths Because of the continuous increase in the avail able bandwidth there was no need to use the ToS field Only with the real time requirements of today s networks has the ToS field become signifi cant again Selecting the ToS byte of the IP header enables you to differ entiate between different services However this field is not widely used in practice Bits Bits 0 2 IP Precedence Defined Bits 3 6 Type of Service Defined Bit 7 111 Network Control 0000 all normal 0 Must be zero 110 Internetwork Control 1000 minimize delay 101 CRITIC ECP 0100 maximize throughput 100 Flash Override 0010 maximize reliability 011 Flash 0001 minimize monetary cost 010 Immidiate 001 Priority 000 Routine Table 10 ToS field in the IP header UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 165 Network Load Control 7 4 QoS Priority 7 4 5 Handling of traffic classes The device provides the following options for handling traffic classes Strict Priority Weighted Fair Queuing Strict Priority combined with Weighted Fair Queuing Queue Management Description of Strict Priority With the Strict Priority setting the device first transmits data packets that have a higher traffic class higher priority before transmitting a data packet with the next highest traffic class The device transmits a data packet with the lowest traffic class lowest priority whe
110. ed an IP address conflict The follow list contains the default settings for this function Operation setting Operation Enabled Configuration settings Detection Mode Active and Passive Send Periodic ARP Probes Enabled Detection Delay ms 200 Release Delay s 15 Number of Address Protections 3 Protection Interval ms 200 Send Trap Enabled 2 7 1 Active and Passive detection Actively checking the network helps prevent the device from connecting to the network with a duplicate IP address After connecting the device to a network or after configuring the IP address the device immediately checks whether its IP address exists within the network To check the network for address conflicts the device sends 4 ARP probes with the detection delay of 200 ms into the network If the IP address exists the device returns to the previous configuration if possible and makes another check after the config ured release delay time UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 53 Entering IP Parameters 2 7 Management Address Conflict Detection When you disable active detection the device sends 2 gratuitous APR announcements in 2 s intervals Using the ARP announcements with passive detection enabled the device polls the network to determine whether there is an address conflict After resolving an address conflict or after expired release delay time the device reconnects to the network Followin
111. elease 4 0 07 2014 75 Access to the device 3 2 User Management The dialog shows the user accounts that are set up r Configuration Password Policy Number of Login Attempts fo Minimum Upper Cases h Minimum Password Length po Minimum Lower Cases ho Minimum Numbers ho Minimum Special Charactes 1 User Name Ea z n SNMP Auth Type SNMP Encryption Type admir M mn administrator a CC hmacmd5 des iser mM o m guest T m hmeomisi des iser Vv sane operator m m hmacmd5 des Set Reload Create Remove Help Figure 34 Device Security gt User Management dialog L In the row for the relevant user account remove the selection from the Active checkbox O To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save enable Switch to the privileged EXEC mode configure Switch to the Configuration mode users disable lt user gt To disable user account show users Shows the user accounts that are set up save Saves the settings in the non volatile memory of the device NvM in the selected configuration profile L To permanently deactivate the user account settings you delete the user account UM BasicConfig HiOS 2S 2A 3S RSPE 76 Release 4 0 07 2014 Access to the device 3 2 User Management O Select the relevant user and click Clear L To permanently save the changes you open the Basic Settings
112. er To carry out the installation follow the installation assistant O Start the DHCP Server program haneWIN DHCP Server 2 1 2 File Options window Help Observed MAC addresses Id 2 4 MAC Addhess ld IP Address E TFTP New J static dynamic j ignored Listening on Port 67 a Figure 92 Start window of the DHCP server UM BasicConfig HiOS 2S 2A 3S RSPE 282 Release 4 0 07 2014 Setting up the Configuration Environ A 1 Setting up a DHCP BOOTP ment Server Note The installation procedure includes a service that is automatically started in the basic configuration when Windows is activated This service is also active if the program itself has not been started When started the service responds to DHCP queries L Open the window for the program settings in the menu bar Options Preferences and select the DHCP tab page L Enter the settings shown in the illustration and click OK Preferences 27 x General Language DHCP Interfaces TFTP TFTP Options I Accept Relay Agent Information Option 82 T Disable Client Auto Configuration Option 116 I Respond to DHCP requests only I Vary dynamic IP address of clients Check that a selected dynamic IP address is not in use Abbrechen bemehmen Figure 93 DHCP setting LI To enter the configuration profiles select Options Configuration Profiles inthe menu bar L Enter the name of the new configuration pro
113. erentiates between upper and lower case Specify a different community than for read access L To temporarily save the changes click Set L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save enable configure snmp community rw lt community name gt show snmp community save UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Switch to the privileged EXEC mode Switch to the Configuration mode Specifies the community for read write access Shows the communities that are set up Saves the settings in the non volatile memory of the device NvM in the selected configuration profile 81 Access to the device 3 3 SNMP Access O Deactivate the access via SNMPv1 or SNMPv2 in the device CI Open the Device Security gt Management Access gt Server dialog SNMP tab The dialog shows the settings of the SNMP server SNMP Telnet HTTP HTTPS ssH Configuration SNMPv1 enabled SNMPY2 enabled SNMPY3 enabled Port Number 161 SNMPover802 enabled D Set Reload Help Figure 37 SNMP tab in the Device Security gt Management Access gt Server dialog To deactivate the SNMPv1 protocol you remove the selection from the SNMPv1 enabled checkbox To deactivate the SNMPv2 protocol you remove the selection from the SNMPv2 enabled checkbox To temporarily save the changes click Set To permanently save the changes you open the Bas
114. estination addresses exclusively inside the virtual LAN The rest of the data network forwards traffic as normal Flexibility You have the option of forming user groups based on the function of the participants apart from their physical location or medium Clarity VLANs give networks a clear structure and make maintenance easier UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 185 VLANs 8 1 Examples of VLANs 8 1 Examples of VLANs The following practical examples provide a quick introduction to the structure of a VLAN Note When configuring VLANs you use an interface for management that will remain unchanged For this example you use either interface 1 6 or the V 24 serial connection to configure the VLANs 8 1 1 Example 1 VEN Figure 71 Example of a simple port based VLAN UM BasicConfig HiOS 2S 2A 3S RSPE 186 Release 4 0 07 2014 VLANs 8 1 Examples of VLANs The example shows a minimal VLAN configuration port based VLAN An administrator has connected multiple terminal devices to a transmission device and assigned them to 2 VLANs This effectively prohibits any data transmission between the VLANs whose members communicate only within their own VLANs When setting up the VLANs you create communication rules for every port which you enter in incoming ingress and outgoing egress tables The ingress table specifies which VLAN ID a port assigns to the incoming data packets Hereby you use the port address
115. et the time in the device After a cold start or reboot if no real time clock is available or if the real time clock contains an invalid time the device initializes its clock with January 1 00 00h After the power supply is switched off the device buffers the settings of the real time clock up to 24 hours Alternatively you configure the settings in the device so that it automatically obtains the current time from a PTP clock or from an SNTP server UM BasicConfig HiOS 2S 2A 3S RSPE 122 Release 4 0 07 2014 Synchronizing the System Time in the 6 1 Basic settings Network Perform the following work steps L Open the Time gt Basic Settings dialog The System Time UTC field shows the current UTC Universal Time Coordinated of the device UTC is the time relating to the coor dinated world time measurement UTC is the same worldwide and does not take local time shifts into account The time in the System Time field comes from the System Time UTC plus the Local Offset min value and a possible shift due to daylight saving time Note PTP sends the International Atomic Time TAI The TAI time is 35 s ahead of UTC as of July 1 2012 If the PTP reference time source of the UTC offset is set correctly the device automatically corrects this difference on the display in the System Time UTC field L In order to cause the device to apply the time of your PC to the System Time field click the Set Time from PC butto
116. ettings the non volatile memory offers storage space for multiple configuration profiles If an external memory is connected the device generates a copy of the configuration profile on the external memory automatically The device allows you to deactivate this function UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 87 Managing configuration profiles 4 1 Detecting changed settings 4 1 Detecting changed settings Changes made to settings during operation are stored by the device in its memory RAM The configuration profile in non volatile memory NVM remains unchanged until you explicitly save it Until then the configuration profiles in memory and non volatile memory differ This device helps you recognize changed settings If the configuration profile in the memory RAM differs from the selected configuration profile in the non volatile memory NVM you can recognize the difference based on the following criteria The status bar at the top of the menu displays the icon If the configuration profiles match the icon is hidden The checkbox inthe Basic Settings gt Load Save dialog Information frame is unmarked If the configuration profiles match the checkbox is marked Information NYM synchron to running config I show config status Configuration Storage sync State FUNNING Config CO NViw wi dia ie ia Sea tae deh we as out of sync UM BasicConfig HiOS 2S 2A 3S RSPE 88 Release 4 0 07 2014 Ma
117. evice UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 279 Advanced functions of the device 10 6 CLI Client 10 6 CLI Client The device supports an CLI client that directly opens a connection to the SSH server using the TCP Port configured in the SSH tab of the Device Security gt Management Access gt Server dialog The CLI client allows you to configure the device using CLI commands A prerequisite to using the CLI client is that you activate the SSH server func tion in the SSH tab of the Device Security gt Management Access gt Server dialog For detailed information on CLI commands review the Command Line Inter face reference manual UM BasicConfig HiOS 2S 2A 3S RSPE 280 Release 4 0 07 2014 Setting up the Configuration Environ ment A Setting up the Configuration Environment UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 281 Setting up the Configuration Environ A 1 Setting up a DHCP BOOTP ment Server A 1 Setting up a DHCP BOOTP Server On the product CD supplied with the device you will find the software for a DHCP server from the software development company IT Consulting Dr Herbert Hanewinkel You can test the software for 30 calendar days from the date of the first installation and then decide whether you want to purchase a license O To install the DHCP servers on your PC put the product CD in the CD drive of your PC and under Additional Software select haneWIN DHCP Serv
118. f band Prerequisite HiView or Web browser and Java Terminal emulation software Terminal emulation software Table 1 User interfaces for accessing the management of the device UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 17 User interfaces 1 1 Graphical user interface GUI 1 1 Graphical user interface GUI The graphical user Interface GUI allows you to conveniently define and monitor the settings of the device from a computer on the network You reach the graphical user interface GUI with the following programs HiView Web browser System requirements Use HiView to open the graphical user interface This application offers you the possibility to use the graphical user interface without other appli cations such as a Web browser or an installed Java Runtime Environment JRE Alternatively you have the option to open the graphical user interface in a Web browser e g in Mozilla Firefox version 3 5 or higher or Microsoft Internet Explorer version 6 or higher You need to install the Java Runtime Environment JRE in the most recently released version You can find installation packages for your operating system at http java com Starting the graphical user interface The prerequisite for starting the graphical user interface first configure the IP parameters of the device correctly Start the graphical user interface in HiView O Start HiView L In the URL field of the start window enter the IP a
119. f the connection to a port is interrupted This is sent when connection is established to a port This is sent if the temperature exceeds the set threshold limits This is sent if the status of a power supply unit changes This is sent if the status of the signal contact changes in the oper ation monitoring This is sent if the sending agent becomes the new root of the span ning tree This is sent when the port changes from blocking to forwarding or from forwarding to blocking This is sent if the RMON input exceeds its upper threshold This is sent if the RMON input goes below its lower threshold This is sent if an MAC address detected on this port does not correspond to the current settings for hm2AgentPortSecurityEntry This is sent when a supported or unsupported SFP device is inserted or removed This trap is sent if a selftest action is performed as configured for the four categories task resource software and hardware This is sent if the configuration of the MRP Ring changes This is sent if the interface threshold exceds the configured upper or lower limits This is sent when the audittrail has filled one sector and starts a new one This is sent if Ptp synchronization status is changed This is sent after the device has successfully saved its configura tion locally This is sent if you change the configuration of the device after saving locally for the first time UM BasicConfig HiOS 2S 2A 3S RSPE
120. f the network components or the associated operating software In addition we refer to the conditions of use specified in the license contract You can get the latest version of this manual on the Internet at the Hirschmann product site http www hirschmann com Printed in Germany Hirschmann Automation and Control GmbH Stuttgarter Str 45 51 72654 Neckartenzlingen Germany Tel 49 1805 141538 Rel 4 0 07 2014 22 07 2014 Contents Contents 1 1 1 2 1 3 2 2 2 3 2 4 2 5 2 6 2 7 3 3 1 Safety instructions About this Manual Key Introduction User interfaces Graphical user interface GUI Command Line Interface 1 2 1 Preparing the data connection 1 2 2 CLI access via telnet 1 2 3 CLI via SSH Secure Shell 2 4 CLI via the V 24 port tem Monitor Functional scope 1 S 1 3 1 1 3 2 Starting the System Monitor ys 3 3 Entering IP Parameters IP Parameter Basics 2 1 1 IP Address Version 4 2 1 2 Netmask 2 1 3 Classless Inter Domain Routing Entering IP parameters using the CLI Entering the IP Parameters via HiDiscovery Enter the IP Parameter using the graphical user interface Entering IP Parameters per BOOTP Entering IP Parameters per DHCP Management Address Conflict Detection 2 7 1 Active and Passive detection Access to the device Authentication lists UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 11 13 15 17 18 20 20 26 29 33
121. fications of Configuration Function Period to undo while Connection is lost s Watchdog IP Address Configuration Encryption Active 7 Set Password Delete Information NVM synchron to running contig IV ENVM synchron to NYM Vv Storage Type tm Modification Date Selected Encrypted ati Fingerprint Pesala running contig 0 7 140 A 7FF304 A9 6219 JOB0D443594 l l 1 3 Set Reload Save Activate Delete Select x Figure 39 Basic Settings gt Load Save dialog L Make sure that the desired configuration profile is selected You can recognize the selected configuration profile by the fact that the checkbox is selected in the Selected column L Click the Set button show config profiles nvm enable Save UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Displays the configuration profiles contained in non volatile memory NVM Switch to the privileged EXEC mode Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 91 Managing configuration profiles 4 2 Saving settings 92 Copying settings to a configuration profile The device allows you to store the settings saved in memory RAM ina configuration profile other than the selected configuration profile In this way you create a new configuration profile in non volatile memory NVM or overwrite an existing one
122. figuration click Set enable Switch to the privileged EXEC mode configure Switch to the Configuration mode cos queue weighted 0 Enable Weighted Fair Queuing for traffic class 0 cos queue min bandwidth 0 Assign a weight of 5 to traffic class 0 5 cos queue weighted 1 Enable Weighted Fair Queuing for traffic class 1 cos queue min bandwidth 1 Assign a weight of 20 to traffic class 1 20 cos queue weighted 2 Enable Weighted Fair Queuing for traffic class 2 cos queue min bandwidth 2 Assign a weight of 30 to traffic class 2 30 cos queue weighted 3 Enable Weighted Fair Queuing for traffic class 3 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 169 Network Load Control cos queu 20 min bandwidth show cos queue 7 4 QoS Priority Assign Queue Shaping of 20 to traffic class 3 Queue Id Min bandwidth Max bandwidth Scheduler type 0 5 0 weighted 1 20 0 weighted 2 30 0 weighted 3 20 0 weighted 4 0 0 strict 5 0 0 strict 6 0 0 strict 7 0 0 strict Combining Weighted Fair Queuing and Queue Shaping enable configure cos q u u weighted 4 cos q 10 u u min bandwidth cos q max bandwidth cos q weighted 5 cos q 5 min bandwidth cos q u weighted 6 cos q 10 u min bandwidth show cos queue Switch to the privileged EXEC mode Switch to the Configuration mode Ena
123. file and click Add UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 283 Setting up the Configuration Environ ment Configuration profiles Eg Profile Typ Default Client Profile Edit Bemove a Figure 94 Adding configuration profiles O Enter the netmask and click Apply RS2_7_103 21x Basic Profile DNS NetBios Server Boot Other r Dynamic IP Addresses i From Until Lease time s 36000 Subnet mask 255 255 255 0 Gateway Address Backup Gateway 1 Backup Gateway 2 Abbrechen Ubemehimen Figure 95 Netmask in the configuration profile O Select the Boot tab page A 1 Setting up a DHCP BOOTP Server O Enter the IP address of your tftp server L Enter the path and the file name for the configuration file O Click Apply and then OK 284 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Setting up the Configuration Environ A 1 Setting up a DHCP BOOTP ment Server Basic Profile DNS NetBios Server Boot Other p Boot Server Next Server IP Address I 149 218 112 159 switcht O3config dat Boot File Size in 512 byte blocks I Always use option 66 67 for Name and File I Altemate File if Vendor Class Id is File Boot File Size in 512 byte blocks Root Path Substitutions in File and Root Path ZN host name ZA P address Abbrechen Ubemetmen Figure 96 Configuration file on t
124. finitions for storing information about adjacent devices with LLDP active As the main element the connection information contains an exact unique identifier for the connection end point MAC Service Access Point This is made up of a device identifier which is unique on the entire network and a unique port identifier for this device Chassis identifier its MAC address Port identifier its port MAC address Description of port System name System description Supported system capabilities System capabilities currently active Interface ID of the management address VLAN ID of the port Auto negotiation status at the port Medium half full duplex setting and port speed setting Information about the VLANs installed in the device VLAN ID and VLAN name irrespective of whether the port is a VLAN participant A network management station querys this information from devices that have LLDP active This information allows the network management station to form a description of the network topology UM BasicConfig HiOS 2S 2A 3S RSPE 232 Release 4 0 07 2014 Operation Diagnosis 9 8 Topology Discovery Non LLDP devices normally block the special multicast LLDP IEEE MAC address used for information exchange Non LLDP devices therefore discard LLDP packets When positioning a non LLDP capable device between 2 LLDP capable devices the non LLDP capable device prohibits information exchanges between the 2 LLDP capable devices The Man
125. g frame click On UM BasicConfig HiOS 2S 2A 3S RSPE 244 Release 4 0 07 2014 Operation Diagnosis 9 11 Reports The Download JAR File button allows you to save a Java Applet of the graphical user interface GUI on your PC as a JAR file This applet allows you the option of administering the device instead of using a web browser The device creates the file name of the applet automatically in the format lt device type gt lt software version gt _ lt software revision of applet gt jar L Click Download JAR File LI Select the directory in which you want to save the applet L Click Save The Download Support Information button allows you to save the following system information data in one ZIP file on your PC System log systemlog html System information systeminfo html Audit trail audittrail html Support information supportinfo html Running configuration runningconfig xml Default configuration defaultconfig xml The device creates the file name of the support information automatically in the format lt IP address gt _ lt system name gt zip L Click Download Support Information LI Select the directory in which you want to save the support informa tion L Click on Save UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 245 Operation Diagnosis 9 11 Reports 9 11 2 Syslog The device enables you to send messages about important device internal events to one or more syslog servers up
126. g 10 detected conflicts if the configured release delay interval is less than 60 s then the device sets the release delay interval to 60 s After the device performs active detection or you disable the active detection function with passive detection enabled the device listens on the network for other devices using the same IP address If the device detects a duplicate IP address it initially defends its address by employing the ACD mechanism in the passive detection mode and sends out gratuitous ARPs The number of protections that the device sends and the protection interval are configurable To resolve conflicts if the remote device remains connected to the network the network interface of the local device disconnects from the network When a DHCP server assigns an IP address to the device the device returns a DHCP decline message when an address conflict occurs The device uses the ARP probe method which has the following advantages ARP caches on other devices remain unchanged the method is robust through multiple ARP probe transmissions UM BasicConfig HiOS 2S 2A 3S RSPE 54 Release 4 0 07 2014 Access to the device 3 Access to the device UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 55 Access to the device 3 1 Authentication lists 3 1 Authentication lists The device allows you to use authentication lists to specify which method it uses for the authentication For every application with which someone accesses
127. g results The device enables you to configure the following functions signal the device security status out of band via a signal contact signal the device security status by sending a trap when the device status changes detect the device security status in the Basic Settings gt System dialog of the graphical user interface query the security status in the Command Line Interface 9 3 1 Events which can be monitored Select the events which the device includes in the security status alert by activating the parameter in the Monitor column Name Meaning Password default settings After installation change the passwords to increase security The unchanged device monitors if the default passwords remain unchanged Minimum Password Length Create passwords more than 8 characters long to maintain a high lt 8 security posture When active the device monitors the Minimum Password Length setting Table 20 Security Status events UM BasicConfig HiOS 2S 2A 3S RSPE 218 Release 4 0 07 2014 Operation Diagnosis Name Password Policy settings deactivated User account password Policy Check deactivated Telnet server active HTTP server active SNMP unencrypted Access to System Monitor with V 24 possible Saving the Configuration Profile on the External Memory possible Link interrupted on enabled device ports Write access using HiDis covery possible Load unencrypted config from external memory IEC61850 MMS active
128. g settings for a VLAN L Open the VLAN tab Operation Information On Off Multicast Control Frames Processed fo Interface VLAN VLAN ID Group Membership Interval Max Response Time Fast Leave Admin Mode MRP Expiration Time cd 260 0 Iv 260 Set Reload Hep a Figure 63 VLAN tab in the switching gt IGMP Snooping gt Configuration dialog L To enable IGMP snooping for a specific VLAN select the Active checkbox on the table line of the desired VLAN L To temporarily save the configuration click Set UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 153 Network Load Control 7 2 Multicasts Setting the IGMP querier function The device itself optionally sends active query messages alternatively it responds to query messages or detects other multicast queriers in the network IGMP querier function Prerequisite The IGMP snooping function is activated globally Perform the following work steps LI Define the settings for the IGMP querier function LI Open the switching gt IGMP Snooping gt Querier dialog Operation Configuration Protocol Version C1 2 C3 on oft Query Interval s 60 Expiry Interval s 125 VLAN ID Current State Election Participate Mode Protocol Version Max Response Time Last Querier Address Last Querier Yersion M E M 0000 2 NIA 0 0 0 0 WA Set Reload Hep Figure 64 Switching gt IGMP Snooping gt
129. gister multicast group memberships and VLAN identifiers Note The Multiple Registration Protocol MRP requires a loop free network To help prevent loops in your network use a network protocol such as the Media Redundancy Protocol Spanning Tree Protocol or Rapid Spanning Tree Protocol with MRP 10 5 1 MRP Operation Each participant contains an applicant component and an MRP Attribute Declaration MAD component The applicant component is responsible for forming the attribute values and their registration and de registration The MAD component generates MRP messages for transmission and processes messages received from other participants The MAD component encodes and transmits the attributes to other participants in MRP Data Units MRPDU In the switch an MRP Attribute Propagation MAP component distributes the attributes to participating ports UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 273 Advanced functions of the device 10 5 MRP IEEE A participant exists for each MRP application and each LAN port For example a participant application exists on an end device and another appli cation exists on a switch port The Applicant state machine records the attri bute and port for each MRP participant declaration on an end device or switch Applicant state machine variable changes trigger the transmission of MRPDUs to communicate the declaration or withdrawal To establish an MMRP instance an end device first sends a Join
130. going data packets of the source port to the destination port The feature has no affect on the data traffic copied from the source ports during port mirroring A management tool connected on the destination port for example an RMON probe monitors the data traffic on the source ports in the sending and receiving directions i L Select the Diagnostics gt Ports gt Port Mirroring dialog This dialog allows you to configure and activate the port mirroring function of the device The device displays unavailable ports as inactive For example the port currently in use as the destination port or if you have already selected the maximum number of ports LI Select the source ports whose data traffic you want to review from the list of physical ports by checkmarking the relevant boxes L Select the destination port to which you have connected your management tool from the drop down list in the Destination Port frame The device displays the ports that are available in the drop down list The device omits ports currently used as source ports EJ L To enable the function activate On in the Operation frame UM BasicConfig HiOS 2S 2A 3S RSPE 250 Release 4 0 07 2014 Operation Diagnosis 9 13 Monitoring Data Traffic on the Ports Port Mirroring The Reset configuration button in the dialog allows you to reset the port mirroring settings of the device to the delivery state Note When port mirroring is active the device u
131. guration xi Category Session Basic options for your PuTTY session Logging Specify the destination you want to connect to E Terminal Bs Keyboard Serial line Speed Bell cows 00 Features Connection type E Window C Raw Telnet C Rlogin C SSH Serial Appearance F i Behaving Load save or delete a stored session Translation Saved Sessions Selection Colours toad Connection Isp Data Save Proxy Telnet Delete Rlogin SSH senal Close window on exit C Always C Never Only on clean exit About Cancel Figure 13 Serial data connection via V 24 with PuTTY After the data connection has been set up successfully the device displays a window for entering the user name UM BasicConfig HiOS 2S 2A 3S RSPE 30 Release 4 0 07 2014 User interfaces 1 2 Command Line Interface Figure 14 Logging in to the Command Line Interface program O Enter a user name The default setting for the user name is admin Press the Enter key O Enter the password The default setting for the password is private Press the Enter key The device offers the possibility to change the user name and the pass word later in the Command Line Interface These entries are case sensitive The device displays the CLI start screen UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 31 User interfaces 1 2 Command Line Interface Figure 15 CLI screen after login Note You can
132. h the VLAN ID 2 the name VLANZ2 vlan add 3 Create a new VLAN with the VLAN ID 3 name 3 VLAN3 Give the VLAN with the VLAN ID 3 the name VLAN3 UM BasicConfig HiOS 2S 2A 3S RSPE 188 Release 4 0 07 2014 VLANs name 1 VLAN1 exit show vlan brief 8 1 Examples of VLANs Give the VLAN with the VLAN ID 1 the name VLAN1 Leave the VLAN configuration mode Display the current VLAN configuration Mears VEGAN TD ss sor carp Dap meie a er a Se a et cae a a ws a DS eh eee ee Be Ge 4042 Max SUPPOrted VLANS wecescsie ieee woe a a w Esca wE a a 256 Number of currently configured VLANs 3 vlan un dware Modes sisser Se soe Sie SS Soe Se ae oe Set aes disabled VLAN ID VLAN Name VLAN Type VLAN Creation Time 1 LAN1 2 VLAN2 3 LAN3 L Configuring the ports VLAN ID default 0 days 00 00 05 static 0 days 02 44 29 static 0 days 02 52 26 Set Reload Create Remove Help Figure 73 Defining the VLAN membership of the ports UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 189 VLANs 8 1 Examples of VLANs L Assign the ports of the device to the corresponding VLANs by clicking on the related table cell to open the selection menu and define the status The selection options are currently not a member of this VLAN GVRP allowed T member of VLAN send data packets with tag U Member of the VLAN send data packets without tag F
133. h to the privileged EXEC mode Switch to the Configuration mode Assign traffic class 2 to VLAN priority 0 Also assign traffic class 2 to VLAN priority 1 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Network Load Control 7 4 QoS Priority exit Switch to the privileged EXEC mode show classofservice Display the assignment dotlp mapping Assign port priority to received data packets enable Switch to the privileged EXEC mode configure Switch to the Configuration mode interface 1 1 Switch to the Interface Configuration mode of interface 1 1 classofservice trust Assign the untrusted mode to the interface untrusted classofservice Also assign traffic class 2 to VLAN priority 1 dotlp mapping 0 2 Also assign traffic class 2 to VLAN priority 1 classofservice dotlp mapping 1 2 vlan priority 1 Set the port priority to 1 exit Switch to the Configuration mode exit Switch to the privileged EXEC mode show classofservice trust Display the trust mode Interface Trust Mode 1 1 untrusted 1 2 dotip 1 3 dotip 1 4 dotip 1 5 dotip 1 6 dotip 1 7 dotip Assigning DSCP to a traffic class L Open the O QoS Priority P DSCP Mapping LI dialog LI Enter the desired value in the Traffic Class column LI To temporarily save the configuration click Set enable Switch to the privileged EXEC mode configure Switch to the Configuration mode UM BasicConfig HiOS 2S 2A 3S
134. hcp l2relay trust Specify the port as Trusted Port dhcp 12relay mode Activate the DHCP Layer 2 Relay function on the port exit Switch to the Configuration mode interface 1 2 Switch to the interface configuration mode for interface 1 2 dhcp l2relay trust Specify the port as Trusted Port dhcp 1l2relay mode Activate the DHCP Layer 2 Relay function on the port exit Switch to the Configuration mode dhcp l2relay mode Enable the DHCP Layer 2 Relay function on the device UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 267 Advanced functions of the device 10 3 Using the device as a DNS client HiOS 2A HiOS 3S 10 3 Using the device as a DNS client HiOS 2A HiOS 3S The Domain Name System DNS client queries DNS servers to resolve host names and IP addresses of network devices Much like a telephone book the DNS client converts names of devices into IP addresses When the DNS client receives a request to resolve a new name it first queries its internal static database then the assigned DNS servers for the information The DNS client saves the queried information in a cache for future requests The device offers the possibility to configure the DNS client from the DHCP server using the management VLAN The device also offers you the possibility to assign host names to IP addresses statically The DNS client provides the following user functions DNS server list with space for 4 domain name server IP addresses static h
135. he content of the log click Reload LI To search the content of the log for a key word click Search LI To archive the content of the log as an html file click Save UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 247 Operation Diagnosis 9 11 Reports Note You have the option to also send the logged events to one or more syslog servers 9 11 4 Audit Trail The Diagnostics gt Report gt Audit Trail dialog contains system informa tion and changes to the device configuration performed through CLI and SNMP In the case of device configuration changes the dialog displays Who changed What and When To log changes to the device configuration use in the Diagnostics gt Report gt Audit Trail dialog the functions Log SNMP Get Request and Log SNMP Set Request The Diagnostics gt Syslog dialog allows you to configure up to 8 Syslog servers to which the device sends Audit Trails The following list contains log events changes to configuration parameters CLI commands except show commands automatic changes to the System Time watchdog events locking a user after several unsuccessful login attempts special CLI command logging audit trail lt string gt which logs the comment user login either locally or remote via CLI manual user initiated logout timed logout after a user defined period of CLI inactivity file transfer operation including a Firmware Update configuration changes via HiDiscovery au
136. he option to turn on the query function in an appropriately equipped switch A switch that connects one multicast receiver with a multicast router analyzes the IGMP information with the IGMP snooping method The IGMP snooping method also makes it possible for switches to use the IGMP function A switch stores the MAC addresses derived from IP addresses of the multicast receivers as recognized multicast addresses in its MAC address table FDB In addition the switch identifies the ports on which it has received reports for a specific multicast address In this way the switch transmits multicast packets exclusively on ports to which multicast receivers are connected The other ports do not receive these packets UM BasicConfig HiOS 2S 2A 3S RSPE 150 Release 4 0 07 2014 Network Load Control 7 2 Multicasts A special feature of the device is the possibility of determining the processing of data packets with unknown multicast addresses Depending on the setting the device discards these data packets or forwards them to all ports By default the device transmits the data packets only to ports with connected devices which in turn receive query packets You also have the option of additionally sending known multicast packets to query ports UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 151 Network Load Control 7 2 Multicasts E Setting IGMP Snooping Perform the following work steps L Open the switching gt IGMP Snooping gt Glo
137. he privileged EXEC mode Switch to the Configuration mode Switch to the Interface Configuration mode of interface 1 1 Port 1 1 becomes member untagged in VLAN 2 Port 1 1 is assigned the port VLAN ID 2 Switch to the Configuration mode Switch to the interface configuration mode for interface 1 2 Port 1 2 becomes member untagged in VLAN 3 Port 1 2 is assigned the port VLAN ID 3 Switch to the Configuration mode Switch to the Interface Configuration mode of Interface 1 3 Port 1 3 becomes member untagged in VLAN 3 Port 1 3 is assigned the port VLAN ID 3 Switch to the Configuration mode Switch to the interface configuration mode of interface 1 4 Port 1 4 becomes member untagged in VLAN 2 Port 1 4 is assigned the port VLAN ID 2 exit Switch to the Configuration mode exit Switch to the privileged EXEC mode show vlan id 3 Show details for VLAN 3 VLAN ID 3 VLAN Name VLAN3 VLAN Type Static Interface Current Configured Tagging 1 1 Autodetect Tagged 1 2 Include Incl Untagged 1 3 Include Include Untagged 1 4 Autodetect Tagged 1 5 Autodetect Tagged UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 191 VLANs 8 1 Examples of VLANs 8 1 2 Example 2 Management Station optional Figure 75 Example of a more complex VLAN configuration The second example shows a more complex configuration with 3 VLANs 1 to 3 Along with the Swi
138. he tftp server L Add a profile for each device type If devices of the same type have different configurations then you add a profile for each configuration To complete the addition of the configuration profiles click OK Configuration profiles x Profile Default Client Profile PowerMICE 105 Ps2 7103 a Edt Remove Figure 97 Managing configuration profiles L To enter the static addresses click Static in the main window UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 285 Setting up the Configuration Environ A 1 Setting up a DHCP BOOTP ment rs haneWIN DHCP Server 9 1 2 File Options Window Help Observed MAC addresses Id 2 4 MAC Address id IP Address TFTP New Listening on Port 67 Wi Figure 98 Static address input Q Click New r haneWIN DHCP Server 2 73 File Options Window Help Observed MAC addresses Id 2 4 MAC Addiess id IP Addess em J static dynamic ignored Listening on Port 6 Figure 99 Adding static addresses L Enter the MAC address of the device LI Enter the IP address of the device LI Select the configuration profile of the device O Click Apply and then OK Server UM BasicConfig HiOS 2S 2A 3S RSPE 286 Release 4 0 07 2014 Setting up the Configuration Environ A 1 Setting up a DHCP BOOTP ment Server Add static entries a With static entries y
139. he transmission time latency in routers and switches has a measurable effect on the precision of the time transmission To correct such inaccura cies PTP defines what are known as boundary clocks In a network segment a boundary clock is the reference time source master clock to which the subordinate slave clocks synchronize Typi cally routers and switches take on the role of boundary clock The boundary clock in turn obtains the time from a higher level reference time source Grandmaster GPS Reference ae Grandmaster Clock Slave Master Boundary Clock Figure 56 Position of the boundary clock in a network Transparent clock Switches typically take on the role of transparent clock to enable high accuracy across the cascades The transparent clock is a slave clock that corrects its own transmission time when forwarding synchronization messages received Ordinary clock PTP designates the clock in a terminal device as an ordinary clock An ordinary clock functions either as a master clock or slave clock UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 135 Synchronizing the System Time in the 6 3 PTP Network 6 3 2 Best Master Clock algorithm The devices participating in PTP designate a device in the network as a refer ence time source Grandmaster Here the Best Master Clock algorithm is used which determines the accuracy of the clocks available in the network
140. he update procedure is completed successfully the device displays the message Firmware successfully loaded onto the device Upon restart the device loads the installed device software UM BasicConfig HiOS 2S 2A 3S RSPE 116 Release 4 0 07 2014 Loading Software Updates 5 3 Software update from the external memory 5 3 2 Automatically initiated by the device During a restart the device updates the device software automatically when the following files are located in the external memory the image file of the device software a text file startup txt with the content aut oUpdate lt image_file_name gt bin Prerequisite is that in the Basic Settings gt External Memory dialog row Enable Automatic Software Update you mark the checkbox This is the default setting on the device Perform the following work steps Copy the image file of the new device software into the main directory of the external memory Use an image file suitable for the device exclusively Create a text file startup txt in the main directory of the external memory Open the startup txt file in the text editor and add the following line aut oUpdate lt image_file_name gt bin Install the external memory on the device Restart the device During the booting process the device checks automatically the following criteria ls an external memory connected Is a startup txt file in the main directory of the external memor
141. ic Settings gt Load Save dialog and click Save OO o ogo UM BasicConfig HiOS 2S 2A 3S RSPE 82 Release 4 0 07 2014 Access to the device 3 3 SNMP Access enable Switch to the privileged EXEC mode configure Switch to the Configuration mode no snmp access version v1 Deactivates the SNMPv1 protocol no snmp access version v2 Deactivates the SNMPv2 protocol show snmp access Shows the settings of the SNMP server save Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 3 3 2 SNMPv3 access The SNMP protocol allows you to monitor and configure the device via the network with a network management system NMS When the NMS accesses the device via SNMPv3 the NMS authenticates itself with a user s login data The prerequisite for network management access is that the same SNMPv3 parameters are specified in the device and in the NMS When a new user account is being set up in the device the default settings for the SNMP Auth Type and SNMP Encryption Type param eters are such that the Industrial HiVision network management software can access the device with it immediately To monitor or configure the device with a different NMS you adjust the following parameters in the relevant user account to match the settings in your NMS SNMP Auth Type parameter hmacmdd Authentication with HMAC MD5 hmacsha Authentication with HMAC SHA SNMP Encryption Type
142. ify devices helps prevent a rogue client from connecting to the same port causing the voice traffic to deterio rate Another benefit of the Voice VLAN feature is that a VoIP phone obtains a VLAN ID or priority information using LLDP MED As a result the VoIP phone sends voice data as tagged priority tagged or untagged depending on the Voice VLAN Interface configuration The following Voice VLAN interface modes are possible The first 3 methods segregate and prioritize voice and data traffic Traffic segregation results in an increased voice traffic quality during high traffic periods Configuring the port to using the vlan mode allows the device to tag the voice data coming from a VOIP phone with the user defined voice VLAN ID The device assigns regular data to the port default PVID Configuring the port to use the dotlp priority mode allows the device to tag the data coming from a VOIP phone with VLAN 0 and the user defined priority The device assigns the default priority of the port to regular data Configure both the voice VLAN ID and the priority using the vlan dotip priority mode In this mode the VOIP phone sends voice data with the user defined voice VLAN ID and priority information The device assigns the default PVID and priority of the port to regular data When configured as untagged the phone sends untagged frames When configured as none the phone uses its own configuration to send voice traffic UM BasicConfig HiOS 2S 2A 3S
143. in the IP header This field is also called DiffServ Codepoint or DSCP The DSCFP field is used for classification of packets into different quality classes The DSCP field replaces the ToS field The first 3 bits of the DSCP field are used to divide the packets into classes The next 3 bits are used to further subdivide the classes on the basis of different criteria This results in up to 64 different service classes Explicit Congestion Notification ECN Figure 69 Differentiated Services field in the IP header The different DSCP values get the device to employ a different forwarding behavior what is known as Per Hop Behavior PHB The following PHB classes are defined Class Selector CSO CS7 For backward compatibility the Class Selector PHB assigns the 7 possible IP precedence values from the previous ToS field to specific DSCP values see table 11 Expedited Forwarding EF For applications with high priority The Expedited Forwarding PHB reduces delays latency jitter and packet loss RFC 2598 Assured Forwarding AF The Assured Forwarding PHB provides a differentiated schema for handling different data traffic RFC 2597 Default Forwarding Best Effort This PHB stands for dispensing with a specific prioritization UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 177 Network Load Control 7 5 Differentiated Services ToS Meaning Precedence Value As
144. ing the mail server 10 6 Enabling disabling of the function 10 7 Sending of a test message nek 1 1 Global Settings 1 2 Syslog 1 3 System Log 11 4 Audit Trail Network Analysis with TC PDump Monitoring Data Traffic on the Ports Port Mirroring Cause and Action management during Selftest Network Monitoring with sFlow Advanced functions of the device Using the device as a DHCP Server 10 1 1 IP Addresses assigned per port or per VLAN 10 1 2 DHCP server static IP address example 10 1 3 DHCP server dynamic IP address range example DHCP L2 Relay 10 2 1 Circuit and Remote IDs 10 2 2 DHCP L2 Relay Configuration Using the device as a DNS client 10 3 1 Configuring a DNS server example Auto Disable MRP IEEE 10 5 1 MRP Operation 10 5 2 MMRP 10 5 3 MVRP CLI Client Setting up the Configuration Environment Setting up a DHCP BOOTP Server General Information Management Information Base MIB UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 236 237 238 239 239 241 241 243 244 246 247 248 249 250 252 254 257 258 258 259 261 263 264 264 268 268 271 273 273 275 277 280 281 282 289 290 Contents B 2 B 3 B 4 B 5 Abbreviations used Technical Data Maintenance Readers Comments Index Further Support 293 295 296 297 299 301 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Safety instructions Safety instructions A WARNING
145. ion include 3 tagging 3 enable pvid 1 ingressfilter Pg te ee Lan exit acceptframe vlanonly interface 1 2 vV vV lan exit include 2 pvid 2 interface 1 3 V V lan exit lan participation lan participation include 3 pvid 3 interface 1 4 vV vV lan exit include 2 pvid 2 interface 1 5 lan participation 8 1 Examples of VLANs Port 1 1 becomes member untagged in VLAN 3 Port 1 1 becomes member tagged in VLAN 3 Port 1 1 is assigned the port VLAN ID 1 Port 1 1 ingress filtering is activated Port 1 1 only forwards frames with a VLAN tag Switch to the Configuration mode Switch to the interface configuration mode for interface 1 2 Port 1 2 becomes member untagged in VLAN 2 Port 1 2 is assigned the port VLAN ID 2 Switch to the Configuration mode Switch to the Interface Configuration mode of Interface 1 3 Port 1 3 becomes member untagged in VLAN 3 Port 1 3 is assigned the port VLAN ID 3 Switch to the Configuration mode Switch to the interface configuration mode of interface 1 4 Port 1 4 becomes member untagged in VLAN 2 Port 1 4 is assigned the port VLAN ID 2 Switch to the Configuration mode Switch to the interface configuration mode for port 1 5 vlan participation include 3 Port 1 5 becomes member untagged in VLAN 3 vlan pvid 3 Port 1 5 is assigned the port VLAN ID 3 exit
146. ions which are available in the newer device soft ware version exclusively are lost If you intend to downgrade to the software version HiOS 2 x xx note the the following information Using an up to date software version the device saves the settings ina compressed configuration profile When booting with the above mentioned software version the device is able to read uncompressed configuration profiles exclusively If upon booting solely a compressed configuration profile is available the device boots applying the delivery settings The settings in the compressed configuration profile are then lost To save the configuration profile which is compatible with the software version mentioned above you proceed as follows Before downgrading L Open the Basic Settings gt Load Save dialog O Click the _ and Export buttons to export the configuration profile as an unencrypted XML file After downgrading LI Open the Basic Settings gt Load Save dialog O Click the _ and Import buttons to import the configuration profile UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 119 Loading Software Updates 5 4 Loading an older software UM BasicConfig HiOS 2S 2A 3S RSPE 120 Release 4 0 07 2014 Synchronizing the System Time in the Network 6 Synchronizing the System Time in the Network Many applications rely on a time that is as correct as possible The necessary accuracy and thus the allowable deviation from th
147. irectly However having a DHCP server on each subnet is expensive and often impractical An alternative to having a DHCP server in every subnet is to use the network devices to relay packets between a DHCP client and a DHCP server located in a different subnet A Layer 3 Relay agent is generally a router that has IP interfaces in both the client and server subnets and routes traffic between them However in Layer 2 switched networks there are one or more network devices switches for example between the client and the Layer 3 Relay agent or DHCP server In this case this device provides a Layer 2 Relay agent to add the information that the Layer 3 Relay agent and DHCP server require to perform their roles in address and configuration assignment The follow list contains the default settings for this function Global setting Active setting disable Interface settings Active setting disable Trusted Port disable VLAN settings Active setting disable Circuit ID enable Remote ID Type mac Remote ID blank UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 263 Advanced functions of the device 10 2 DHCP L2 Relay 10 2 1 Circuit and Remote IDs Before forwarding the request of a client to the DHCP server the device adds the Circuit ID and the Remote ID to the Option 82 field of the DHCP request packet The Circuit ID stores on which port the device received the request of the client The remote ID
148. is auto disabled the device effectively shuts down the port and the port blocks traffic The port LED blinks green 3 times per period and iden tifies the reason for the shutdown In addition the device generates a log entry listing the reason for the auto disable When you enable the port after a timeout by auto disable the device generates a log entry This feature provides a recovery function which automatically enables an auto disabled port after a user defined time When this function enables a port the device sends a trap with the port number and an empty Reason entry The auto disable function serves the following purposes It assists the network administrator in port analysis It reduces the possibility that this port causes the network to be instable Auto disable is available for the following functions Link Flap CRC Error Duplex Mismatch Applies to HiOS 2A Hi0S 3S DHCP Snooping Applies to HiOS 2A HiOS 3S ARP Rate BPDU Rate Port MAC Lock In the following example you allow the device to enable ports disabled due to conditions defined in the CRC Fragments tab of the Diagnostics gt Ports gt Port Monitor dialog L Open the Diagnostics gt Ports gt Auto Disable dialog LI Activate the CRC Error checkbox in the Configuration frame O Specify the delay time as 120 s in the Reset Timer s column for the ports you want to enable UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 271 Advanced functi
149. is port only if it has previously received IGMP query messages If that is the case the entry shows L learned Learn by LLDP A port with this setting automatically discovers other Hirschmann devices via LLDP Link Layer Discovery Protocol The device then learns the IGMP query status of this port from these Hirschmann devices and configures the IGMP query function accordingly The ALA entry indicates that the Learn by LLDP function is enabled If the device has found another Hirschmann device on this port in this VLAN the entry also shows an A Automatic Forward All With this setting the device sends the data packets addressed to a multicast address on this port The setting is suitable in the following situations for example For diagnostic purposes For devices in an MRP ring After the ring is switched the Forward All function allows rapid reconfiguration of the network for data packets with registered multicast destination addresses Activate the Forward All function on all ring ports Prerequisite The IGMP snooping function is activated globally L To configure enhanced IGMP snooping settings proceed as follows UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 155 Network Load Control 7 2 Multicasts L Open the switching gt IGMP Snooping gt Snooping Enhancements dialog O Double click the desired port in the desired VLAN O To activate one or more functions select the corresponding
150. ldown menu select class1 In the Rule frame Type pulldown menu select srcip In the Parameter frame Source IP Address textbox enter 10 20 10 11 and in the Source IP Address Mask textbox enter 2555293525550 Click OK To add the source port to the class click Create In the Class frame Name pulldown menu select class1 In the Rule frame Type pulldown menu select scrL4port In the Parameter frame Source Port textbox enter 80 Click OK To save the change on the device click Set Create a policy and a policy class instance Open the Switching gt QoS Priority gt DiffServ gt Policy dialog To create a new policy click Create In the Policy frame Name textbox enter policyl In the Policy frame Direction pulldown menu select in In the Class frame pulldown menu select class1 In the Attribute frame Type pulldown menu select drop Click OK To save the change on the device click Set Assign the policy to a port Open the Switching gt QoS Priority gt DiffServ gt Assignment dialog To assign the policy to an interface click Create In the Assignment frame Port pulldown menu select 1 1 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 179 Network Load Control OO OO 7 5 Differentiated Services In the Assignment frame Direction pulldown menu select in In the Assignment frame Policy pulldown menu select polieyl
151. mail box Juliet receives the letter and removes the outer envelope She finds the inner envelope with Romeo s IP address Opening the inner envelope and reading its contents corresponds to transferring the message to the higher protocol layers of the SO OSI layer model Juliet would now like to send a reply to Romeo She places her reply in an envelope with Romeo s IP address as destination and her own IP address as source But where is she to send the answer For she did not receive Romeo s MAC address It was lost when Lorenzo replaced the outer envelope In the MIB Juliet finds Lorenzo listed under the variable hmnNetGateway IPAddr as a means of communicating with Romeo She therefore puts the envelope with the IP addresses in a further envelope with Lorenzo s MAC destination address The letter now travels back to Romeo via Lorenzo the same way the first letter traveled from Romeo to Juliet UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Entering IP Parameters 2 1 IP Parameter Basics 2 1 3 Classless Inter Domain Routing Class C with a maximum of 254 addresses was too small and class B with a maximum of 65 534 addresses was too large for most users Resulting in an ineffective usage of the available class B addresses Class D contains reserved multicast addresses Class E is for experimental purposes A non participating gateway ignores experimental datagrams with these destination addresses Since 1993 RFC 1519 has
152. mann com The device gives you the following options for updating the device software Software update from the PC Software update from a server Software update from the external memory Loading an older software Note The device settings are kept after updating the device software You see the version of the installed device software in the login window of the graphical user interface If you are already logged in perform the following work steps to display the version of the installed software LI Open the Basic Settings gt Software dialog The field Running Version displays the version number and creation date of the device software that the device loaded during the last restart and is currently running enable Change to the Privileged EXEC mode show system info Displays the system information such as the version number and creation date of the device software that the device loaded during the last restart and is currently running UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 113 Loading Software Updates 5 1 Software update from the PC 5 1 Software update from the PC The prerequisite is that the image file of the device software is saved on a data carrier which is accessible from your PC Perform the following work steps E L L 114 Navigate to the folder where the image file of the device software is saved Open the Basic Settings gt Software dialog Drag the image file of the device soft
153. ments in this chapter relating to external SNTP servers also apply to NTP servers SNTP knows the following operation modes for the transmission of time Unicast In unicast operation mode an SNTP client sends requests to an SNTP server and expects a response from this server Broadcast In broadcast operation mode an SNTP server sends SNTP messages to the network in defined intervals SNTP clients receive these SNTP messages and evaluate them IP destination address Send SNTP packets to 0 0 0 0 Nobody 224 0 1 1 Multicast address for SNTP messages 255 255 255 255 Broadcast address Table 6 Target address classes for broadcast operation mode UM BasicConfig HiOS 2S 2A 3S RSPE 126 Release 4 0 07 2014 Synchronizing the System Time in the 6 2 SNTP Network Note An SNTP server in broadcast operation mode also responds to direct requests via unicast from SNTP clients In contrast SNTP clients work in either unicast or broadcast operation mode UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 127 Synchronizing the System Time in the 6 2 SNTP Network 6 2 1 Preparation Perform the following work steps LI To get an overview of how the time is passed on draw a network plan with the devices participating in SNTP When planning bear in mind that the accuracy of the time depends on the delays of the SNTP messages To minimize delays and their variance place an SNTP server in each network segment Each of these SNTP ser
154. messages to the master clock This method is available only for transparent clocks The device sends the synchronization messages sent via multicast only to the master clock keeping the network load low If the device receives a synchronization message from another master clock it sends the synchronization messages only to this new port If the device knows no master clock it sends synchronization messages to all device ports Peer to Peer P2P The slave clock measures the delay of synchronization messages to the master clock In addition the master clock measures the delay to each slave clock even across blocked ports This requires that the master and slave clock support Peer to Peer P2P In case of interruption of a redundant ring for example the slave clock becomes the master clock and the master clock becomes the slave clock This switch occurs without loss of precision because the clocks already know the delay in the other direction UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 137 Synchronizing the System Time in the 6 3 PTP Network 6 3 4 PTP domains The device transmits synchronization messages only from and to devices in the same PTP domain The device allows you to set the domain for the boundary clock and for the transparent clock individually GPS ane D Ordinary Clock Reference Grandmaster Clock Switch PTP Subdomain 1 N E a Boundary A Clock i m E T e
155. misconfiguration of the administrator pass word selftest ramtest no selftest ramtest selftest system monitor no selftest system monitor show sel show sel ftest action ftest settings UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Enable RAM selftest on cold start Switch off the ramtest function Enable the SysMon1 function Switch off the SysMon1 function Show status of the actions to be taken in the event of device degradation Show ramtest and sysmon settings in event of a cold start 253 Operation Diagnosis 9 15 Network Monitoring with sFlow HiOS 2A HiOS 3S 9 15 Network Monitoring with SFlow HiOS 2A HiOS 3S sFlow is a standard protocol for monitoring networks The device provides this function for visibility into network activity enabling effective management and control of network resources The sFlow monitoring system consists of an sFlow agent embedded in the device and a central sFlow collector The agent uses sampling technology to capture traffic statistics sFlow instances associated with individual data sources within the agent perform packet flow and counter sampling Using sFlow datagrams the agent forwards the sampled traffic statistics to an sFlow collector for analysis The agent uses 2 forms of sampling a statistical packet based sampling of packet flows and a timed based sampling of counters An sFlow datagram co
156. monitor To monitor the temperature you also set the temperature thresholds inthe Basic Settings gt Systemdialog at the bottom of the System Data frame LI To send a trap to the management station activate the Generate Trap function in the Trap Configuration frame OO UM BasicConfig HiOS 2S 2A 3S RSPE 214 Release 4 0 07 2014 Operation Diagnosis 9 2 Monitoring the Device Status Configuration gt Alarms Traps dialog Fi 1 Configure at least one SNMP Manager in the Diagnostics gt Status enable configure device status t rap device status monitor nvm not in sync device status m envm removal device status m power supply 1 device status m ring redundancy device status m temperature device status m module removal device status m onitor onitor onitor onitor onitor odule 1 Switch to the privileged EXEC mode Switch to the Configuration mode Enable a trap to be sent if the device status changes Sets the monitoring of whether the external non volatile memory and the current configuration match Sets the monitoring of the external non volatile memory device removal Enables the monitoring of the power supply 1 Sets the monitoring of the ring redundancy Sets the monitoring of the device temperature Enables the global monitoring of module removal Enables the monitoring of module 1 removal In order to enable the device to monitor an active link witho
157. n Definition of the syntax terms used Integer An integer in the range 2 2 1 IP Address XXX XXX XXX XXX xxx integer in the range 0 255 MAC Address 12 digit hexadecimal number in accordance with ISO IEC 8802 3 Object identifier X X X X e g 1 3 6 1 1 4 1 248 Octet string ASCII character string PSID Power supply identifier number of the power supply unit UM BasicConfig HiOS 2S 2A 3S RSPE 290 Release 4 0 07 2014 General Information B 1 Management Information Base MIB Definition of the syntax terms used TimeTicks Stopwatch Elapsed time in seconds numerical value 100 Numerical value integer in range 0 232 1 Timeout Time value in hundredths of a second Time value integer in range 0 2321 Type field 4 digit hexadecimal number in accordance with ISO IEC 8802 3 Counter Integer 0 2 whose value is increased by 1 when certain events occur 7 dotidBridoe B 26 snmpDoraMeuMGT ma Figure 102 Tree structure of the Hirschmann MIB UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 291 General Information B 1 Management Information Base MIB A description of the MIB can be found on the product CD provided with the device UM BasicConfig HiOS 2S 2A 3S RSPE 292 Release 4 0 07 2014 General Information B 2 Abbreviations used B 2 ACA31 ACL BOOTP CLI DHCP FDB GUI HTTP HTTPS ICMP IEEE IGMP IP LED LLDP F O MAC MIB MRP
158. n Based on the value in the Local Offset min field the device calcu lates the time in the System Time UTC field The System Time UTC comes from the System Time minus the Local Offset min value and a possible shift due to daylight saving time The Time Source field displays the origin of the time data The device automatically selects the source with the greatest accuracy The source is initially local If PTP is active and if the device receives a valid PTP message the device sets its time source to ptp If SNTP is active and if the device receives a valid SNTP packet the device sets its time source to sntp The device priori tizes PTP ahead of SNTP The Local Offset min value specifies the time difference between the local time and the System Time UTC L In order to cause the device to determine the time zone on your PC click the Set Offset from PC button The device calculates the local time difference from UTC and enters the difference into the Local Offset min field Note The device provides the option to obtain the local offset from a DHCP server O To temporarily save the changes click Set UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 123 Synchronizing the System Time in the 6 1 Basic settings Network L To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save enable Switch to the privileged EXEC mode configure Switch t
159. n there are no other data packets remaining in the queue In unfortunate cases the device never sends packets with a low priority if there is a high volume of high priority traffic waiting to be sent on this port In delay sensitive applications such as VoIP or video Strict Priority allows Strict Priority data to be sent immediately Description of Weighted Fair Queuing With Waited Fair Queuing also called WeightedRoundRobin WRR the user assigns a minimum or reserved bandwidth to each traffic class This ensures that data packets with a lower priority are also sent when the network is very busy The reserved values range from 0 through 100 of the available band width in steps of 1 A reservation of 0 is equivalent to a no bandwidth setting The sum of the individual bandwidths may add up to 100 If you assign Weighted Fair Queuing to every traffic class the entire band width of the corresponding port is available to you UM BasicConfig HiOS 2S 2A 3S RSPE 166 Release 4 0 07 2014 Network Load Control 7 4 QoS Priority Combining Strict Priority and Weighted Fair Queuing When combining Weighted Fair Queuing with Strict Priority ensure that the highest traffic class of Weighted Fair Queuing is lower than the lowest traffic class of Strict Priority When you combine Weighted Fair Queuing with Strict Priority a high Strict Priority network load can significantly reduce the bandwidth avail able for Weighted Fair Queuing
160. naging configuration profiles 4 1 Detecting changed settings If the copy in the external memory differs from the configuration profile in the non volatile memory you see the difference based on the following criteria The checkbox in the Basic Settings gt Load Save dialog Information frame is unmarked If the configuration profiles match the checkbox is marked Information NYM synchron to running contig IV ENYM synchron to NVM fe show config status Configuration Storage sync State NV tO AGAS 1 66 4606 FERS EG a See BE EOS Se oe eae ates out of sync UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 89 Managing configuration profiles 4 2 Saving settings 4 2 Saving settings Prerequisite User account with authorization profile administrator 4 2 1 Saving the configuration profile in the device If you change the settings of the device during operation the device stores the changes in its memory RAM In order to keep the changes after a reboot save the configuration profile in non volatile memory NVM Saving a configuration profile The device always stores the settings in the selected configuration profile in non volatile memory NVM Perform the following work steps UM BasicConfig HiOS 2S 2A 3S RSPE 90 Release 4 0 07 2014 Managing configuration profiles 4 2 Saving settings C Open the Basic Settings gt Load Save dialog External Memory Selected ENYM SD Status jok Undo Modi
161. nation MAC address directly to ports that have already received data packets from this MAC address The device floods data packets with unknown destination addresses that is the device forwards these data packets to all ports 7 1 2 Aging of learned MAC addresses Addresses that have not been detected by the device for an adjustable period of time aging time are deleted from the MAC address table FDB by the device A reboot or resetting of the MAC address table deletes the entries in the MAC address table FDB UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 143 Network Load Control 7 1 Direct Packet Distribution 7 1 3 Static address entries In addition to learning the sender MAC address the device also provides the option to set MAC addresses manually These MAC addresses remain configured and survive resetting of the MAC address table FDB as well as rebooting of the device Static address entries allow the device to forward data packets directly to selected device ports If you do not specify a destination port the device discards the corresponding data packets You manage the static address entries in the graphical user interface GUI or in the CLI Prerequisite User account with authorization profile administrator or operator Perform the following work steps L Create a static address entry LI Open the Switching gt Filter for MAC Addresses dialog Address Status VLANID 24 2 2 2 3 2 4 U b 0
162. nction to be useful the configuration of the corresponding ports must permit the sending of packets with a VLAN tag On Layer 3 the device modifies the IP DSCP value UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 171 Network Load Control 7 4 QoS Priority 7 4 8 Setting prioritization Assigning the Port Priority CI E OOOO O d pen the ialog QoS Priority Port Configuration In the Port Priority column you define the priority with which the device sends the data packets received on this port without a VLAN tag In the Trust Mode column you define the criteria the device uses to assign a traffic class to data packets received enable configure interface 1 1 vlan priority 3 xit To temporarily save the configuration click Set Switch to the privileged EXEC mode Switch to the Configuration mode Switch to the Interface Configuration mode of interface 1 1 Assigns port priority 3 to interface 1 1 Switch to the Configuration mode Assigning VLAN priority to a traffic class LI Open the O QoS Priority 802 1D p Mapping LI dialog O To assign a traffic class to a VLAN priority insert the associated value in the Traffic Class column LI To temporarily save the configuration click Set enable configure gj gj 172 asso E service dot asso lp mapping fservice dot lp mapping 0 a 2 2 Switc
163. ndard passwords To prevent undesired access change the password in the default settings of the user accounts Prerequisite User account with authorization profile administrator Perform the following work steps LI Change the passwords for the admin and user user accounts fea L Open the Device Security gt User Management dialog UM BasicConfig HiOS 2S 2A 3S RSPE 70 Release 4 0 07 2014 Access to the device 3 2 User Management The dialog shows the user accounts that are set up Configuration Password Policy Number of Login Attempts 0 Minimum Upper Cases fi Minimum Password Length 6 Minimum Lower Cases fi Minimum Numbers fi Minimum Special Charactes fi User Name bats i Eoi SNMP Auth Type SNMP Encryption Type ad M m administrator D m hmacmd5 des user M s aet O C hmacmd5 des Set Reload Create Remove Help Figure 31 Device Security gt User Management dialog LI To obtain a higher level of complexity for the password mark the Policy Check checkbox Before saving it the device checks the password according to the policy specified in the Password Policy frame Note The password check may lead to a message in the Basic Settings gt System dialog in the Security Status frame You specify the settings that cause this message in the Basic Settings gt System dialog L Click the row of the relevant user account in the Password field Enter a password of
164. ne Interface CLI and its commands 1 2 1 Preparing the data connection Information for assembling and starting up your HiOS 2S 2A 3S RSPE device can be found in the Installation user manual You will find information for configuring your HiOS 2S 2A 3S RSPE device in the Configuration user manual L Connect the device with the network The network parameters must be set correctly for the data connection to be successful You can access the user interface of the Command Line Interface with the freeware program PuTTY This program is located on the product CD LJ Install PUTTY on your computer UM BasicConfig HiOS 2S 2A 3S RSPE 20 Release 4 0 07 2014 User interfaces 1 2 Command Line Interface 1 2 2 CLI access via telnet Telnet connection via Windows Note Telnet is only installed as standard in Windows versions before Windows Vista Start screen L Open the Windows start screen on your computer with Start gt Run L Enter the command telnet lt Open field P address of the device gt Into the a Run Xa Type the name of a prograrn folder document or Internet resource and Windows will open it for you Open telnet 10 115 10 100 v amp This task will be created with administrative privileges ok Cancel Browse Figure 2 Setting up the telnet connection to the HiOS 2S 2A 3S RSPE via the Windows entry screen Command prompt L With Start gt Progr
165. net O Click gt The Dedicated Applications column now shows the application O Click OK UM BasicConfig HiOS 2S 2A 3S RSPE 62 Release 4 0 07 2014 Access to the device 3 1 Authentication lists The dialog shows the updated settings reject 802 M local reject reject reject reject Vv local reject reject reject reject M _radius local reject reject reject M radius local reject reject reject SSH Vv loginTelnet radius local reject reject reject T M Set Reload Create Remove Allocate Applications Help Figure 28 Device Security gt Authentication List dialog LI Repeat these work steps to allocate an application to the other lists L To temporarily save the changes click Set show appllists Shows the applications and the allocated lists appllists set authlist Allocates the LoginGUI list to the Web WebInterface loginGUI Interface application UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 63 Access to the device 3 1 Authentication lists L Deactivate the list for those applications by means of which no access to the device is performed In this example we assume that no access using the CLI via Telnet is performed Therefore we remove the selection from the Active checkbox for the loginTelnet list CO To deactivate a list you remove the selection from the Active checkbox adius reject reject 8c local
166. new VLAN to the table click OK UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 199 VLANs GPEOooo Bee og 8 2 Guest Unauthenticated VLAN Edit the name of the new VLAN by double clicking on the Name cell of the new entry and entering Guest To add a new VLAN to the table click Create The Create window opens In the VLAN ID text box enter 20 To close the Create window and add the new VLAN to the table click OK Edit the name of the new VLAN by double clicking on the Name cell of the new entry and entering Unauth Open the Network Security gt 802 1X Port Authentication gt Global dialog Activate the 802 1x global function in the Operation frame by clicking On Open the Network Security gt 802 1X Port Authentication gt Port Configuration dialog In the port 1 4 Port Control cell select auto In the port 1 4 Guest VLAN ID cell enter 10 In the port 1 4 Unauthenticated VLAN ID cell enter 20 To temporarily save the configuration click Set Open the Basic Settings gt External Memory dialog To save the configuration permanently in the external memory acti vate the Auto save config on envm checkbox and click Set enable Switch to the privileged EXEC mode vlan database Switch to the VLAN mode vlan add 10 Create VLAN 10 vlan add 20 Create VLAN 20 name 10 Guest Rename VLAN 10 to Guest name 20 Unauth Rename VLAN 20 to Unauth exit Switch t
167. nge the name of the configuration profile If you keep the proposed name the device will overwrite an existing configuration profile of the same name L Click the OK button The device copies the settings into the specified memory If you specified the value ram in the Destination frame the device disconnects the graphical user interface and uses the settings immedi ately on the fly enable Switch to the privileged EXEC mode copy config Import a configuration profile from a TFTP server remote tftp lt IP Adresse gt into memory RAM lt Pfad gt lt Dateiname gt The device copies the settings into memory RAM running config and disconnects the CLI connection The device immediately uses these settings on the fly UM BasicConfig HiOS 2S 2A 3S RSPE 106 Release 4 0 07 2014 Managing configuration profiles copy config remote sftp lt Benutzername gt lt Pass wort gt lt IP Adresse gt lt pfad gt lt Dateiname gt running config E copy config remote tftp lt IP Adresse gt lt Pfad gt lt Dateiname gt nvm profile config3 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 4 3 Loading settings Import a configuration profile from an SFTP server to memory RAM The device copies the settings into memory RAM and disconnects the CLI connection The device immediately uses these settings on the fly Import a configuration profile from a TFTP server save in non vola
168. nt O Select reject for the device to reject authentication requests This prevents the user from being granted access to the device The device gives you the option of a fall back solution For this you specify one other method in each of the Policy 2 to Policy 5 fields If the authentication with the specified method is unsuccessful the device uses the next policy In this example we select the following methods radius in the Policy 1 field local in the Policy 2 field reject in the fields Policy 3 to Policy 5 New entry Name floginGUI Policy 1 radius 7 Policy 2 local v Policy 3 reject 7 Policy 4 reject z Policy 5 reject x Active r Set Set and back Back Hep Figure 25 New entry frame in the Device Security gt Authentication List dialog L To activate the list select the Active checkbox O Click Set and back UM BasicConfig HiOS 2S 2A 3S RSPE 60 Release 4 0 07 2014 Access to the device 3 1 Authentication lists L Repeat these work steps to create another list The dialog shows the lists that are set up Policy1 Policy2 Policy3 Policy4 PolicyS Dedicated Applications uthList 8021 i radius reject reject reject reject M local reject reject reject reject SSH Telnet Webinterface M local reject reject reject reject Console v 24 Vv radius local reject reject reject M radius local rejec
169. ntains both types of samples Packet flow sampling based on a sampling rate sends a steady but random stream of datagrams to the collector For time based sampling the agent polls the counters at set intervals to fill the datagrams The device implements datagram version 5 for the sFlow agent The user defined sFlow functions are Sampler configuration packet flow sampling data source port number to sample physical ports receiver index associated with the sampler sampling rate the device counts the packets of received data when the count reaches the user defined number the agent samples the packet 0 disable range 256 65535 header size in bytes to sample range 20 256 Poller configuration counter sampling data source port number available for physical ports receiver index associated with the poller interval in seconds between samples range 0 86400 Receiver configuration up to 8 entries owner name to claim an sFlow entry timeout in seconds until sampling is stopped and the device releases the receiver along with the sampler and the poller UM BasicConfig HiOS 2S 2A 3S RSPE 254 Release 4 0 07 2014 Operation Diagnosis 9 15 Network Monitoring with sFlow HiOS 2A HiOS 3S datagram size IP address port number To configure the sFlow agent for a monitoring session first configure an available receiver Then configure a sampling rate to perform packet flow sampling and configure a polling interval for counte
170. ntering IP Parameters 2 6 Entering IP Parameters per DHCP Option Meaning 66 TFTP Server Name 67 Bootfile Name Table 3 DHCP options which the device requests The advantage of using DHCP instead of BOOTP is that the DHCP server can restrict the validity of the configuration parameters Lease to a specific time period known as dynamic address allocation Before this period Lease Duration elapses the DHCP client can attempt to renew this lease Alternatively the client can negotiate a new lease The DHCP server then allocates a random free address To help avoid this DHCP servers provide the explicit configuration option of assigning a specific client the same IP address based on a unique hardware ID known as static address allocation On delivery DHCP is activated As long as DHCP is activated the device attempts to obtain an IP address If it cannot find a DHCP server after restarting it will not have an IP address The Basic Settings gt Network dialog offers you the opportunity to activate or to deactivate DHCP See Enter the IP Parameter using the graphical user interface on page 47 Note When using Industrial HiVision network management the user checks to see that DHCP allocates the original IP address to each device every time The appendix contains an example configuration of the BOOTP DHCP server Example of a DHCP configuration file etc dhcpd conf for DHCP Daemon subnet 10 1 112 0 ne
171. o Figure 57 Example of PTP domains UM BasicConfig HiOS 2S 2A 3S RSPE 138 Release 4 0 07 2014 Synchronizing the System Time in the 6 3 PTP Network 6 3 5 Using PTP In order to synchronize the clocks precisely with PTP only use switches with a boundary clock or transparent clock as nodes Perform the following work steps L To gain an overview of the distribution of clocks draw a network plan with the devices involved in PTP L Define the role for each participating switch boundary clock or trans parent clock In the device this setting is called PTP Mode PTP mode Application v2 boundary clock As a boundary clock the device distributes synchronization messages to the slave clocks in the subordinate network segment The boundary clock in turn obtains the time from a higher level reference time source Grandmaster v2 transparent clock As a transparent clock the device forwards received synchroniza tion messages after they have been corrected by the delay of the transparent clock Table 9 Possible settings for PTP mode LI Turn on PTP on each participating switch PTP is then configured on a largely automatic basis LO Turn on PTP on the terminal devices O In order to influence which device in the network will become the refer ence time source Grandmaster change the default value for Priority 1 and Priority 2 for the boundary clock UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 139 Syn
172. o the Configuration mode clock set lt YYYY MM DD gt Set the system time of the device lt HH MM SS gt clock timezone offset Enter the time difference between the local time lt 780 840 gt and the received UTC time in minutes save Saves the settings in the non volatile memory of the device NvM in the selected configuration profile 6 1 2 Automatic daylight saving time changeover If you operate the device in a time zone in which there is a summer time change you set up the automatic daylight saving time changeover on the Daylight Saving Time tab When daylight saving time is enabled the device sets the local system time forward by 1 hour at the beginning of daylight saving time At the end of daylight saving time the device sets the local system time back again by 1 hour Perform the following work steps L Open the Time gt Basic Settings dialog Daylight Saving Time tab L To select a preset profile for the start and end of daylight saving time click the Profile button in the Admin Status frame UM BasicConfig HiOS 2S 2A 3S RSPE 124 Release 4 0 07 2014 Synchronizing the System Time in the 6 1 Basic settings Network LI If no matching daylight saving time profile is available you can define the changeover times in the fields Summertime Begin and Summertime End For both time points you define the month the week within this month the weekday and the time of day O To enable automatic
173. o the device 3 1 Authentication lists 3 1 5 Adjusting the settings The device allows you to allocate a separate policy for the authentication to every application with which someone accesses the device In the following example we will set up a separate list for each of the appli cations included in the default list defaultLoginAuthList Prerequisite User account with authorization profile administrator Perform the following work steps O Create new lists L Open the Device Security gt Authentication List dialog O Click Create The dialog shows the New Entry frame New entry Name Policy 1 jlocal Policy 2 reject Policy 3 jreject Policy 4 reject Policy 5 reject Active F 4 4 4 4 4 Set Set and back Back Hep Figure 24 New entry frame in the Device Security gt Authentication List dialog UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 59 Access to the device 3 1 Authentication lists LI Enter a meaningful name in the Name field In this a we give the list the following names loginGUI for access using the graphical user interface GUI loginSSH for access using the CLI via SSH loginTel net for access using the CLI via Telnet LI Select the desired method in the Policy 1 field O Select radius for the device to forward authentication requests to a RADIUS server in the network O Select Local for the device to authenticate users using the local user manage me
174. o the privileged EXEC mode configure Switch to the Configuration mode dotlx system auth control Enable the 802 1X function globally enable dot1x port control auto Enable port control on port 1 4 interface 1 4 Switch to the Interface Configuration mode of interface 1 4 dot1x guest vlan 10 Assign the guest vlan to port 1 4 dotlx unauthenticated Assign the unauthorized vlan to port 1 4 vlan 20 exit Switch to the Configuration mode 200 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 VLANs 8 3 RADIUS VLAN assignment 8 3 RADIUS VLAN assignment The RADIUS VLAN assignment feature allows fora RADIUS VLAN ID attri bute to be associated with an authenticated client When a client authenti cates successfully and the RADIUS server sends a VLAN attribute the device associates the client with the RADIUS assigned VLAN As a result the device adds the physical port as an untagged member to the appropriate VLAN and sets the port VLAN ID PVID with the given value UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 201 VLANs 8 4 Creating a Voice VLAN 8 4 Creating a Voice VLAN Use the Voice VLAN feature to separate voice and data traffic on a port by VLAN and or priority A primary benefit of using Voice VLAN is to safeguard the sound quality of an IP phone when the data traffic on the port is high The device uses the source MAC address to identify and prioritize the voice data flow Using a MAC address to ident
175. of the terminal device to assign it to a VLAN The egress table specifies on which ports the device sends the frames from this VLAN T with tag field T tagged marked U without tag field U untagged not marked For this example the status of the TAG field of the data packets has no rele vance so you set it to U Terminal Port Port VLAN identi fier PVID A 1 2 B 2 3 C 3 3 D 4 2 5 1 Table 12 Ingress table VLANID Port 1 U 2 U U 3 U U Table 13 Egress table UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 187 VLANs 8 1 Examples of VLANs Proceed as follows to perform the example configuration O Configure VLAN L Open the switching gt VLAN gt Configuration dialog VAND Status Creation time Name Wi 42 WETS TE ET GIB HAD BOOS f deraut U mo U GaGa Ga GR GG VLAN ID 2 OK Cancel Figure 72 Creating and naming new VLANs LI To add a new VLAN to the table click Create L The Create window opens Enter the new VLAN ID number for example 2 in the text box O Click OK LI You give this VLAN the name VLAN2 by clicking on the field and entering the name Also change the name from Default to VLAN1 L Repeat the previous steps and create another VLAN with the VLAN ID 3 and the name VLAN3 enable Switch to the privileged EXEC mode vlan database Switch to the VLAN configuration mode vlan add 2 Create a new VLAN with the VLAN ID 2 name 2 VLAN2 Give the VLAN wit
176. ok ENYM synchron to NYM Vv Undo Modifications of Configuration Function Co off Period to undo while Connection is lost s 600 Watchdog IP Address 0 0 0 0 3 3 Encryption Software n A Fingerprint Storage Type ve Modification Date Selected Encrypted Fingerprint Verified nning config 02 0 00 i jal 13 7 10 32 AM 87FF3041326F49441621997B00B 5941 j J f 0D44 Set Reload Save Activate Delete Select x Figure 45 Basic Settings gt Load Save dialog LI Select the line of the desired configuration profile L Click the _ button then Export The dialog displays the Export window UM BasicConfig HiOS 2S 2A 3S RSPE 98 Release 4 0 07 2014 Managing configuration profiles bx Destination we p o E i Cancel 4 2 Saving settings Figure 46 Export window in the Basic Settings gt Load Save dialog L You set the storage location and file name in the Destination frame and file name following form name in the following form O To save the file on your PC click the button and specify the storage location O To save a file toa TFTP server specify the storage location and file name in the tftp lt IP address gt lt path gt lt file name gt O To save the file to an SCP or SFTP server specify the storage location and file scp orsftp lt user gt lt password gt lt IP address gt lt path gt lt file name gt LQ Click the OK
177. omcenter com Support ranges from the first installation through the standby service to maintenance concepts UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 301 Further Support With the Hirschmann Competence Center you have decided against making any compromises Our client customized package leaves you free to choose the service components you want to use Internet http www hicomcenter com UM BasicConfig HiOS 2S 2A 3S RSPE 302 Release 4 0 07 2014 Further Support UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 303 fh HIRSCHMANN A BELDEN BRAND
178. onnecting but without updating the cache hit No If you want to abandon the connection completely hit Cancel Hitting Cancel is the ONLY guaranteed safe choice Figure 9 Security alert prompt for the fingerprint LI Check the fingerprint to help protect yourself from unwelcome guests LI If the fingerprint matches that of the device key click Yes The device offers the possibility to read the fingerprints of the device key with the CLI command show ssh or in the graphical user interface in the Device Security gt Management Access gt Server dialog SSH tab UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 27 User interfaces 1 2 Command Line Interface Note The OpenSSH Suite offers experienced network administrators a further option to access your device via SSH To set up the data connection enter the following command ssh admin 10 149 112 53 admin represents the user name 10 149 112 53 is the IP address of your device CLI appears on the screen with a window for entering the user name The device enables up to 5 users to have access to the Command Line Inter face at the same time login as admin admin a b c d s password Figure 10 Login window in CLI a b c d is the IP address of your device LI Enter a user name The default setting for the user name is admin Press the Enter key O Enter the password The default setting for the password is private Press the Enter key The device offers
179. ons of the device 10 4 Auto Disable I G Activate the ports you want to enable automatically Note The Reset button allows you to enable the port before the Reset Timer s counts down enable configure auto disabl error interface Le reason cre 1 1 auto disab e timer 120 auto disab l auto disab l 212 le operation le reset Switch to the privileged EXEC mode Switch to the Configuration mode Activate the auto disable CRC function Change to the Interface Configuration mode of port 1 1 Specifies the elapse reset timer as 120 s for this port Activate the auto disable function settings for this port Allows you to enable the port before the Reset Timer s counts down UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Advanced functions of the device 10 5 MRP IEEE 10 5 MRP IEEE The IEEE 802 1ak amendment to the IEEE 802 1Q standard introduced the Multiple Registration Protocol MRP to replace the Generic Attribute Regis tration Protocol GARP The IEEE also modified and replaced the GARP applications GARP Multicast Registration Protocol GMRP and GARP VLAN Registration Protocol GVRP with the Multiple MAC Registration Protocol MMRP and the Multiple VLAN Registration Protocol MVRP To confine traffic to the required areas of a network the MRP applications distribute attribute values to MRP enabled devices across a LAN The MRP applications register and de re
180. ort 4 The left funnel symbolizes this status If the flow control function on ports 1 2 and 3 of the device is turned on The device reacts before the funnel overflows The funnel on the right illustrates ports 1 2 and 3 sending a message to the transmitting devices to control the transmition speed This results in the receiving port no longer being over whelmed and is able to process the incoming traffic UM BasicConfig HiOS 2S 2A 3S RSPE 182 Release 4 0 07 2014 Network Load Control 7 6 Flow Control Workstation 1 Workstation 2 Workstation 3 Workstation 4 Figure 70 Example of flow control 7 6 1 Halfduplex or fullduplex link E Flow Control with a half duplex link In the example there is a halfduplex link between Workstation 2 and the device Before the send queue of port 2 overflows the device sends data back to Workstation 2 Workstation 2 detects a collision and stops transmitting UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 183 Network Load Control 7 6 Flow Control Flow Control with a full duplex link In the example there is a fullduplex link between Workstation 2 and the device Before the send queue of port 2 overflows the device sends a request to Workstation 2 to include a small break in the sending transmission 7 6 2 Setting the Flow Control Perform the following work steps Open the Switching gt Global dialog Select the Activate Flow Control checkbox With this setting you ac
181. orts are ports with multicast receivers registered with the corresponding multicast group This option ensures that the transfer works with basic applications without further configuration The device sends out known multicasts only on the registered ports The advantage of this setting is that it uses the available bandwidth optimally through direct distribution Prerequisite The IGMP snooping function is activated globally L To configure multicasts proceed as follows L Open the switching gt IGMP Snooping gt Multicasts dialog LI In the Configuration frame you specify how the device sends data packets to unknown multicast addresses Send to Query Ports The device sends packets with unknown multicast address to all query ports Send to All Ports The device sends data packets with an unknown multicast address to all ports Discard The device discards all packets with an unknown multicast address L Inthe Known Multicasts column you specify how the device sends data packets to known multicast addresses in the corresponding VLAN Click the relevant field and select the desired option LI To temporarily save the configuration click Set UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 157 Network Load Control 7 3 Rate limiter 7 3 Rate limiter The rate limiter function allows you to limit the data traffic on the ports in order to ensure stable operation even when there is a high level of traffic The rate limita
182. ostname to IP address mapping with space for 64 configurable static hosts host cache with space for 128 entries 10 3 1 Configuring a DNS server example Name the DNS client and configure it to query a DNS server to resolve host names Open the Advanced gt DNS gt Client gt Static dialog In the Configuration frame select user from the Configuration Source pull down menu Enter devicel for a unique device name in the Domain Name text box To add a new entry to the table click Create Enter 10 1 3 5 fora DNS server in Address To enable the entry click Active Open the Advanced gt DNS gt Client gt Global dialog OOOO OO UM BasicConfig HiOS 2S 2A 3S RSPE 268 Release 4 0 07 2014 Advanced functions of the device 10 3 Using the device as a DNS client HiOS 2A HiOS 3S L To enable the function select in the Operation frame the On radio button Configuration Configuration Source hsr O Domain Name feve Request Timeout s f3 Request Retransmits kbo o O o y Y Index 1 101 39 Iv Set Reload Create Remove Hep Figure 88 Advanced DNS Server Static dialog enable Switch to the privileged EXEC mode configure Switch to the Configuration mode dns client source user Sets the function to user to manually configure the DNS client dns client domain name Enters device1 as a unique domain name for the devicel device dns client servers add 1 ip Adds a DNS server with IP addre
183. ou can assign clients with known hardware address or identifier a fixed IP address and configuration profile The assigned IP addresses must not overlap with the dynamic address ranges Identifiers or hardware addresses must be specified byte by byte in hexadecimal notation For MAC hardware addresses the bytes must be separated by a dash or colon PF Client Identifier 7 Circuit Identifier I Remote Identifier or 00 00 00 51 74 00 Hardware address IP Address fi 49 218 112 105 Optional Configuration Profile Switch Remark J Redundant entry allow entry with an existing IP address OK Apply Cancel Figure 100 Entries for static addresses L Add an entry for each device that will get its parameters from the DHCP server gt haneWIN DHCP Server Fie Options Window Help Observed MAC addresses Id 2 4 00 80 63 51 74 00 PowerMICE 105 149 218 112 105 03 06 05 14 23 22 00 80 63 10 Sa d MICE102 149 218 112 102 03 06 05 14 09 58 00 80 63 14 db d3 RS2_16M101 149 218 112 101 00 80 63 0f 1d b0 RS2_7_103 149 218 112 103 4 gt iTFTP New 7 static dynamic ignored _ Listening on Port 67 Figure 101 DHCP server with entries UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 287 Setting up the Configuration Environ A 1 Setting up a DHCP BOOTP ment Server UM BasicConfig HiOS 2S 2A 3S RSPE 288 Release 4 0 07 2014 General Information
184. ounter Alarm Counter Alarm Counter rm Reason Power Supply 2 Jul Rm Alarm Reason assword length lt 8 Jul 23 2013 9 49 24 AM gt Alarm Reason y 1 Power Supply 2 Jul 23 2013 9 49 21 AM gt 9 8 7 6 Figure 81 Device security and relay status alarm display 1 Number of existing device alarms 2 The symbol displays the security status 3 Number of existing security alarms 4 The symbol displays the relay status 5 Number of existing relay alarms 6 Cause and Start of existing relay alarms 7 Cause and Start of existing security alarms 8 Cause and Start of existing device alarms 9 The symbol displays the device status show security status all In the EXEC Privilege mode display the security status and the setting for the security status determination UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 221 Operation Diagnosis 9 4 Out of band Signalling 9 4 Out of band Signalling The device uses the signal contact to control external devices and monitor device functions Function monitoring enables you to perform remote diag nostics The device reports the operating status via a break in the potential free signal contact relay contact closed circuit for the selected mode The device monitors the following functions Incorrect supply voltage at least one of the 2 supply voltages is not operating the internal supply voltage is not operating When the device is operating outside of the user define
185. ove configured traffic conditions at ingress Switch to the Interface Configuration mode of interface 1 1 Assign policy1 to interface 1 1 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Network Load Control 7 5 Differentiated Services exit Switch to the Configuration mode diffserv enable Enable the function globally UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 181 Network Load Control 7 6 Flow Control 7 6 Flow Control If a large number of data packets are received in the sending queue of a port at the same time this can cause the port memory to overflow This happens for example when the device receives data on a Gigabit port and forwards it to a port with a lower bandwidth The device discards surplus data packets The flow control mechanism described in standard IEEE 802 3 ensures that no data packets are lost due to a port memory overflowing Shortly before a port memory is completely full the device signals to the connected devices that it is not accepting any more data packets from them In full duplex mode the device sends a pause data packet In half duplex mode the device simulates a collision The following figure shows how flow control works Workstations 1 2 and 3 want to simultaneously transmit a large amount of data to Workstation 4 The combined bandwidth of Workstations 1 2 and 3 is greater than the band width of Workstation 4 This causes an overflow on the receive queue of p
186. packets Layer 3 The device offers the following options for evaluating this priority information trustDotip The device assigns VLAN tagged data packets to the different traffic classes according to their VLAN priorities The corresponding allocation is configurable The device assigns the priority of the receiving port to data packets it receives without a VLAN tag trustIpDscp The device assigns the IP packets to the different traffic classes according to the DSCP value in the IP header even if the packet was also VLAN tagged The corresponding allocation is configurable The device priori tizes non IP packets according to the priority of the receiving port untrusted The device ignores the priority information in the data packets and assigns the priority of the receiving port to them UM BasicConfig HiOS 2S 2A 3S RSPE 162 Release 4 0 07 2014 Network Load Control 7 4 QoS Priority 7 4 3 VLAN tagging For the VLAN and prioritizing functions the IEEE 802 1Q standard provides for integrating a MAC frame in the VLAN tag The VLAN tag consists of 4 bytes and is between the source address field Source Address Field and type field Length Type Field Os NAG B gs yo SE ON RS ec C Oa Ad R o X o amp A VE TRC A we Fs ew O on XN lt O ee wr CF S lt A lt RS Qe ox op oo 2 amp oS S Qh Fv a Het otal ars00 octets i min 64 max 1522 Octets Figure 66 Ethernet data packet
187. pply signal contact 1 monitor Enables the monitoring of module 1 removal module removal 1 UM BasicConfig HiOS 2S 2A 3S RSPE 224 Release 4 0 07 2014 Operation Diagnosis 9 4 Out of band Signalling signal contact 1 trap Enables the device to send a trap the status of the operation monitoring changes no signal contact 1 trap Disables a trap messaging In order to enable the device to monitor an active link without a connec tion first enable the global function then enable the individual ports L In the Monitor column activate the Link interrupted on enabled device ports function L Open the Port tab of the Diagnostics gt Status Configuration gt Device Status dialog enable Switch to the privileged EXEC mode configure Switch to the Configuration mode signal contact 1 monitor Sets the monitoring of the network connection link failure interface 1 1 Select interface 1 port 1 signal contact 1 Sets the monitoring of a active link without a link alarm connection for this port Events which can be monitored Name Meaning Temperature If the temperature exceeds or falls below the value specified Ring Redundancy Enable this function to monitor if ring redundancy is present Connection Error Enable this function to monitor every port link event in which the Propagate Connection Error checkbox is active Module removal Enable this global function to monitor the removal of a module Also enable the individ
188. profiles contained in non volatile memory NVM Switch to the Configuration mode Identifier of the configuration profile Take note of the adjacent name of the configura tion profile Saves the settings in the non volatile memory of the device NVM in the selected configuration profile 95 Managing configuration profiles 4 2 Saving settings 4 2 2 Saving the configuration profile in external memory When you save a configuration profile the device automatically creates a copy in external memory when the external memory is connected In the delivery state of the device this function is enabled You have the following option of enabling or disabling this function Perform the following work steps L Open the Basic Settings gt External Memory dialog Auto i save mea se me equracturet ae Software Update Priority config on ENYM Set Reload Hep Loading data ok Figure 44 Basic Settings gt External Memory dialog LI In order to cause the device to automatically generate a copy in external memory during the saving process select the checkbox in the Auto save config on ENVM column L To turn off the function remove the checkmark from the checkbox in the Auto save config on ENVM column To temporarily save the changes click Set To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save OO UM BasicConfig HiOS 2S 2A 3S RSPE 96 Release
189. quests an authentication LI Click in the fields User ID and Password to enter the user name and password The device logs in to the mail server using these login data provided that in the Encryption field you set the value t1lsv1 L Click in the Description field enter a meaningful designation for the mail server L Mark the checkbox in the Active column LI Click the Set button enable Switch to the privileged EXEC mode configure Switch to the Configuration mode logging email mail server add Specifies the mail server with the IP address lt 1 5 gt addr lt IP ADDRESS gt IP ADDRESS The device manages the settings security lt none tlsvl1 gt in memory 1 5 username lt USER NAME gt password lt PASSWORD gt port lt 1 65535 gt UM BasicConfig HiOS 2S 2A 3S RSPE 240 Release 4 0 07 2014 Operation Diagnosis 9 10 Email Notification HiOS 2A HiOS 3S 9 10 6 Enabling disabling of the function Perform the following work steps C Open the Diagnostics gt Email Notification gt Global dialog LI Select in the Operation frame the On radio button LI Click the Set button enable Switch to the privileged EXEC mode configure Switch to the Configuration mode logging email operation Enables the sending of email messages no logging email operation Disables the sending of email messages 9 10 7 Sending of a test message The device allows you to check the
190. r pool from which it allocates IP addresses to clients The pool consists of a list of entries An entry defines either a specific IP address or an IP address range The device allows you to activate the DHCP server globally and per interface 10 1 1 IP Addresses assigned per port or per VLAN The DHCP server assigns a static IP address or dynamic range of IP addresses to a client connected to a port or a VLAN The device allows you to create entries for either a port or a VLAN When creating an entry to assigning IP addresses to a VLAN the port entry grays out When creating an entry to assigning IP addresses to a port the VLAN entry grays out Static allocation means that the DHCP server assigns the same IP address to a specific client The DHCP server identifies the client using a unique hard ware ID A static address entry contains 1 IP address and applies it to a port or VLAN on which the server receives a request from a specific client For static allocation create a pool entry for the ports or one specific port enter UM BasicConfig HiOS 2S 2A 3S RSPE 258 Release 4 0 07 2014 Advanced functions of the device 10 1 Using the device as a DHCP Server the IP address and leave the Last IP Address field empty Enter a hard ware ID with which the DHCP server uniquely identifies the client This ID is either a MAC address a client ID a remote ID or a circuit ID If a client contacts the server with the configured hardware ID the D
191. r sampling For example Company XYZ wishes to monitor data flow on a device The IP address for the remote server containing the sFlow collector is 10 10 10 10 XYZ requires a sample of the first 256 bytes of every 300th packet Further more XYZ requires counter polling every 400 s Open the Diagnostics gt SFlow gt Configuration dialog For the name of the person or organization controlling the receiver enter xyz in the Name cell For the remote server IP Address on which the sFlow collector soft ware runs enter 10 10 10 10 in the IP Address cell Open the Diagnostics gt SFlow gt Configuration dialog Sampler tab Select the index number of the receiver configured in the previous steps from the Receiver pull down menu For the number of packets the device receives before the agent samples a packet enter 300 in the Sampling Rate cell For the number of bytes to sample from a packet enter 256 in the Maximum Header Size cell Open the Diagnostics gt SFlow gt Configuration dialog Poller tab Select the index number of the receiver configured the previous steps from the Receiver pull down menu For the time in seconds between samples enter 400 in the Interval s cell d 0 0 0 0O 0O 0 Be enable Switch to the privileged EXEC mode configure Switch to the Configuration mode sflow receiver 1 owner XYZ Configure an sFlow receiver ip 10 10 10 10 interface 1 1 Switch
192. r the data rate The settings apply on a per port basis and are broken down by type of traffic Received broadcast data packets Received multicasts Received unicast data packets with an unknown destination address To turn on the outbound rate limitation on a port configure and acti vate the limitation for at least one category In the Threshold Unit column you choose whether you define the threshold values in percent of the inbound bandwidth of the port or in data packets per second The threshold value 0 turns off rate limitation L On the Egress tab you configure the rate limitation for outbound data traffic This setting is disabled by default value 0 To enable the rate limitation of the outbound traffic on one port set a value between 1 and 100 in the Bandwidth column The percentage refers to the outbound bandwidth of the port LI To temporarily save the configuration click Set UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 159 Network Load Control 7 4 QoS Priority 7 4 QoS Priority QoS Quality of Service is a procedure defined in IEEE 802 1D It is used to distribute resources in the network QoS allows you to prioritize the data of important applications Prioritizing prevents data traffic with lower priority from interfering with delay sensitive data traffic especially when there is a heavy network load Delay sensitive data traffic includes for example voice video and real time data UM
193. rding to the defined rules VLAN configuration is a manual process Use the VLAN unaware mode to forward traffic as received without any modification For example the device transmits tagged packets when received as tagged and transmits untagged packets when received as untagged Regardless of VLAN assignment mechanisms the device assigns packets to VLAN ID 1 and to a multicast group indicating that the packet flood domain is according to the VLAN UM BasicConfig HiOS 2S 2A 3S RSPE 206 Release 4 0 07 2014 Operation Diagnosis 9 Operation Diagnosis The device provides you with the following diagnostic tools Sending Traps Monitoring the device status Out of band signaling via signal contact Port status indication Event counter at port level Detecting non matching duplex modes SFP status display Topology Discovery Detecting IP address conflicts Detecting loops Reports Monitoring data traffic on a port port mirroring Syslog Event log Cause and Action management during Selftest UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 207 Operation Diagnosis 9 1 Sending Traps 9 1 Sending Traps The device reports unusual events which occur during normal operation immediately to the management station This is done by messages called traps that bypass the polling procedure Polling means querying the data stations at regular intervals Traps allow you to react quickly to unusual events Examples of such events are Har
194. re Fingerprint Storage Type te Modification Date Selected Encrypted Fingerprint running confic 02 0 00 RAM NYM 2013 7 10 32 AN 12 0 0 CF3387F 4435 Jan 30 2013 7 12 06 AM cA E fa 02 0 00 CF3387FF3041 326F49441621997B00B0D44359 A1 Vv Set Reload Save Activate Delete Select x Figure 50 Basic Settings gt Load Save dialog L Click the _ button then Import The dialog shows the Import window UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 105 Managing configuration profiles 4 3 Loading settings TT 6 6 l x Source EJ ltt OL Destination Storage Type jnvm Y Contiguration Profile Name jl Cancel Figure 51 Import window in the Basic Settings gt Load Save dialog L In the Source frame specify the storage location and file name O To import the file from your PC click the button and select the storage loca tion and file name O To import the file from a TFTP server specify the storage location and file name in the following form tftp lt IP address gt lt path gt lt file name gt O To import the file from an SCP or SFTP server specify the storage location and file name in the following form scp orsftp lt user gt lt password gt lt IP address gt lt path gt lt file name gt LI Inthe Destination frame specify the memory into which the device copies settings during import L In the Name field cha
195. re dhcep server pool add 2 dynamic 192 198 23 92 192 168 23 142 dhcp server pool modify 2 leasetime seconds infinite dhcp server pool add 3 dynamic 192 198 23 172 192 168 23 180 dhcp server pool modify 3 leasetime seconds infinite dhcp server pool mode 2 dhcp server pool mode 3 dhcp server operation interface 2 1 dhcp server operation 10 1 Using the device as a DHCP Server Switch to the privileged EXEC mode Switch to the Configuration mode Adds a dynamic pool with an IP range from 192 168 23 92 to 192 168 23 142 Enters the lease time in seconds or infinite Creates index 3 and assigns the IP address range from 192 168 23 172 to 192 168 23 180 A dynamic pool consists of a range of IP addresses Enters the lease time in seconds or infinite Enables the index 2 pool entry Enables the index 3 pool entry Enables the DHCP server Switch to the interface configuration mode Enables the DHCP server operation on this port UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Advanced functions of the device 10 2 DHCP L2 Relay 10 2 DHCP L2 Relay A network administrator uses the DHCP Layer 2 Relay agent to add DHCP client information required by Layer 3 Relay agents and DHCP servers to assign an address and configuration to a client When a DHCP client and server are in the same IP subnet they exchange IP address requests and replies d
196. require an IP address block contact your Internet Service Provider ISP Your ISP contacts their local higher level organization to reserve an IP address block APNIC Asia Pacific Network Information Center Asia Pacific Region ARIN American Registry for Internet Numbers Americas and Sub Sahara Africa LACNIC Regional Latin American and Caribbean IP Address Registry Latin America and some Caribbean Islands RIPE NCC R seaux IP Europ ens Europe and Surrounding Regions UM BasicConfig HiOS 2S 2A 3S RSPE 36 Release 4 0 07 2014 Entering IP Parameters 2 1 IP Parameter Basics Net ID 7 bits Host ID 24 bits Class A Net ID 14 bits Host ID 16 bits Class B Net ID 21 bits Host ID 8 bits Class C Multicast Group ID 28 bits Class D reserved for future use 28 b its Class E Figure 17 Bit representation of the IP address The IP addresses belong to class A when their first bit is a zero for example the first octet is less than 128 The IP address belongs to class B if the first bit is a one and the second bit is a zero for example the first octet is between 128 and 191 The IP address belongs to class C when the first 2 bits are a one for example the first octet is higher than 191 Assigning the host address host ID is the responsibility of the network oper ator The network operator alone is responsible for the uniqueness of
197. ress table of the ports indicates VLAN tagging The configuration of the example is the same for the device on the right Proceed in the same way using the ingress and egress tables created above to adapt the previously configured left device to the new environment Proceed as follows to perform the example configuration O Configure VLAN EJ L Open the Switching gt VLAN gt Configuration dialog UM BasicConfig HiOS 2S 2A 3S RSPE 194 Release 4 0 07 2014 VLANs 8 1 Examples of VLANs Create VLAN ID 3 Set Reva Create Remove i OQ Hei Figure 76 Creating and naming new VLANs L To add a new VLAN to the table click Create L The Create window opens Enter the new VLAN ID number for example 2 in the text box LI You give this VLAN the name VLAN2 by clicking on the field and entering the name Also change the name from Default to VLAN1 L Repeat the previous steps and create another VLAN with the VLAN ID 3 and the name VLAN3 enable Switch to the privileged EXEC mode vlan database Switch to the VLAN configuration mode vlan add 2 Create a new VLAN with the VLAN ID 2 name 2 VLAN2 Give the VLAN with the VLAN ID 2 the name VLAN2 vlan add 3 Create a new VLAN with the VLAN ID 3 name 3 VLAN3 Give the VLAN with the VLAN ID 3 the name VLAN3 name 1 VLAN1 Give the VLAN with the VLAN ID 1 the name VLAN1 exit Switch to the privileged EXEC mode UM BasicConfig HiOS 2S 2A 3S RSPE Release 4
198. rify that VLAN 2 is present then perform the following steps on Switch 1 O Setup the VLAN 2 and specify port 1 1 as a member of VLAN 2 enable Switch to the privileged EXEC mode vlan database Switch to the VLAN mode dhcep 12relay circuit id 2 Activate the Circuit ID and the DHCP Option 82 on VLAN2 dhcp 1l2relay remote id ip 2 Specify the IP address of the device as the Remote ID on VLANZ2 dhcp l2relay mode 2 Activate the DHCP Layer 2 Relay function on VLANZ2 exit Switch to the privileged EXEC mode configure Switch to the Configuration mode interface 1 1 Change to the Interface Configuration mode of port 1 1 dhcp 1l2relay mode Activate the DHCP Layer 2 Relay function on the port exit Switch to the Configuration mode interface 1 2 Switch to the interface configuration mode for interface 1 2 dhcp l2relay trust Specify the port as Trusted Port dhcp 12relay mode Activate the DHCP Layer 2 Relay function on the port exit Switch to the Configuration mode dhcp 1l2relay mode Enable the DHCP Layer 2 Relay function on the device UM BasicConfig HiOS 2S 2A 3S RSPE 266 Release 4 0 07 2014 Advanced functions of the device 10 2 DHCP L2 Relay Perform the following work steps on Switch 2 enable Switch to the privileged EXEC mode configure Switch to the Configuration mode interface 1 1 Change to the Interface Configuration mode of port 1 1 d
199. rm Counter XS Supply 2 Jul RO Alarm Reason assword length lt 8 Jul 23 2013 9 49 24 AM gt Alarm Reason y 1 Power Supply 2 Jul 23 2013 9 49 21 AM gt 9 8 7 6 Figure 80 Device security and relay status alarm display 1 Number of existing device alarms 2 The symbol displays the security status 3 Number of existing security alarms 4 The symbol displays the relay status 5 Number of existing relay alarms 6 Cause and Start of existing relay alarms 7 Cause and Start of existing security alarms 8 Cause and Start of existing device alarms 9 The symbol displays the device status show device status all In the EXEC Privilege mode display the device status and the setting for the device status deter mination UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 217 Operation Diagnosis 9 3 Security Status DEVMON 9 3 Security Status DEVMON The Security Status provides an overview of the overall security of the device Many processes aid in system visualization by recording the security status of the device and then presenting its condition in graphic form The device displays the overall security status in the Basic Settings gt System dialog Security Status frame Inthe Global tab of the Diagnostics gt Status Configuration gt Security Status dialog the device displays its current status as Error or Ok in the Security Status frame The device determines this status from the individual monitorin
200. rmation between routers and connected receivers on Layer 3 IGMP snooping describes the function of a switch of continuously moni toring IGMP traffic and optimizing its own transmission settings for this data traffic The IGMP snooping function in the device operates according to RFC 4541 Considerations for Internet Group Management Protocol IGMP and Multi cast Listener Discovery MLD Snooping Switches Multicast routers with an active IGMP function periodically request query registration of multicast streams in order to determine the associated IP multicast group members IP multicast group members reply with a Report message This Report message contains all the parameters required by IGMP The multicast router enters the IP multicast group address from the Report message in its routing table This causes it to forward data packets with this IP multicast group in the destination address field according to its routing table Receivers log out with a Leave message when leaving a multicast group IGMP version 2 and higher and do not send any more Report messages The multicast router removes the routing table entry of a receiver if it does not receive any more Report messages from this receiver within a certain time aging time If several IGMP multicast routers are in the same network then the device with the smaller IP address takes over the query function If there are no multicast routers on the network then you have t
201. rn ed aD jlearn ed learn ed f0 learn mamt z ed assess a ano on 2e eja 1 01 8a earned Set Reload Create Edit Entry Hep Figure 61 Switching gt Filter for MAC Addresses dialog O To disable a static address entry select the value invalid in the Status column L To temporarily save the changes click Set enable configure interface 1 1 no mac filter lt MAC address gt lt VLAN exit ID gt no mac filter lt MAC address gt lt VLAN ID gt UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Switch to the privileged EXEC mode Switch to the Configuration mode Select interface 1 port 1 Cancel the assignment of the MAC address filter on the port Switch to the Configuration mode Delete the MAC address filter consisting of a MAC address and VLAN ID 147 Network Load Control 7 1 Direct Packet Distribution exit Switch to the privileged EXEC mode save Saves the settings in the non volatile memory of the device NvM in the selected configuration profile L Delete learned MAC addresses L To delete the learned addresses from the MAC address table FDB open the Basic Settings gt Restart dialog and click Reset MAC Address Table there clear mac addr tabl Delete the learned MAC addresses from the MAC address table FDB UM BasicConfig HiOS 2S 2A
202. rtant device internal event Audit Trail Logs successful CLI commands and user comments The file also includes SNMP logging Persistent Logging The device saves log entries in a file in the external memory when present These files are available after power down The maximum size maximum number of retainable files and the severity of logged events are configurable After obtaining the user defined maximum size or maximum number of retainable files the device archives the entries and starts a new file The device deletes the oldest file and renames the other files to maintain the configured number of files To review these files use the CLI or copy them to an external server for future reference System information The system information is an HTML file containing the system relevant data Download Support Information This button allows you to download system information as files in a ZIP archive In service situations these reports provide the technician with the necessary information UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 243 Operation Diagnosis 9 11 Reports 9 11 1 Global Settings Using this dialog you enable or disable where the device sends reports For example to a Console a Syslog Server or a CLI connection You also set at which severity level the device writes events into the reports L Open the Diagnostics gt Report gt Global dialog L To send a report to the console configure the desire
203. rview of the overall condition of the device Many process visualization systems record the device status for a device in order to present its condition in graphic form The device displays its current status as Error or Ok in the Device status frame The device determines this status from the individual monitoring results The device enables you to signal the out of band device status via a signal contact signal the device status by sending a trap when the device status changes detect the device status in the Basic Settings gt System dialog of the graphical user interface query the device status in the Command Line Interface The Global tab of the Diagnostics gt Status Configuration gt Device Status dialog allows you to configure the device to send a trap to the management station for the following events Incorrect supply voltage at least one of the 2 supply voltages is not operating the internal supply voltage is not operating When the device is operating outside of the user defined temperature threshold Loss of the redundancy in ring manager mode The interruption of link connection s Configure at least one port for this feature In the Port tab of the Diagnostics gt Status Configuration gt Device Status dialog in the Propagate Connection Error row you specify which ports the device signals if the link is down The removal of the external memory The configuration in the external memory is out of s
204. s a request in unicast operation mode The table contains up to four SNTP server definitions L To add an SNTP server click Create Enter the connection data of the SNTP server O To activate the SNTP client function select the On value in the Admin Status frame O To temporarily save the changes click Set The Status field shows the current status of the SNTP client func tion O To permanently save the changes you open the Basic Settings gt Load Save dialog and click Save Device 192 168 1 1 192 168 1 2 192 168 1 3 192 168 1 11 192 168 1 12 SNTP client function Off On On On On Configuration Mode unicast unicast unicast unicast unicast Request interval 30 30 30 30 30 SNTP server 192 168 1 1 192 168 1 2 192 168 1 2 192 168 1 3 address es 192 168 1 1 192 168 1 1 192 168 1 2 192 168 1 1 Table 7 SNTP client settings for the example UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 131 Synchronizing the System Time in the 6 2 SNTP Network 6 2 3 Specifying SNTP server settings When the device operates as an SNTP server it provides its system time in coordinated world time UTC in the network Perform the following work steps CI Open the Time gt SNTP gt Server dialog Operation on Off Configuration Listen UDP Port 123 Broadcast Admin Mode L Broadcast Destination Address 0 0 0 0 ba Broadcast Port 123 Broadcast VLAN ID pooo Broadcast Send Interval s 128 Disable Server at lo
205. s port the device assigns the supplicants to the guest VLAN Adding supplicants to a guest VLAN causes the port to change to the authorized state allowing the supplicants to access to external networks The Unauthenticated VLAN function allows the device to provide service to 802 1x capable supplicants which authenticate incorrectly This function allows the unauthorized supplicants to have access to limited services When you configure an unauthenticated VLAN on a port with 802 1x port authenti cation and the global operation enabled the device places the port in an unauthenticated VLAN When a 802 1x capable supplicant incorrectly authenticates on the port the device adds the supplicant to the unauthenti cated VLAN If you also configure a guest VLAN on the port then non 802 1x capable supplicants use the guest VLAN The reauthentication timer counts down when the port has an unauthenti cated VLAN assigned The unauthenticated VLAN reauthenticates when the Reauthentication Period expires and supplicants are present on the port If no supplicants are present the device places the port in the configured guest VLAN The following example explains how to create a Guest VLAN Create an Unauthorized VLAN in the same manner L Open the switching gt VLAN gt Configuration dialog O To add a new VLAN to the table click Create L The Create window opens In the VLAN ID text box enter 10 O To close the Create window and add the
206. s the VLAN ID to the entry with the longer prefix first UM BasicConfig HiOS 2S 2A 3S RSPE 204 Release 4 0 07 2014 VLANs 8 7 Protocol based VLAN HiOS 2A HiOS 3S 8 7 Protocol based VLAN HiOS 2A HiOS 3S In a protocol based VLAN the device bridges traffic through specified ports based on the protocol associated with the VLAN User defined packet filters determine whether a packet belongs to a particular VLAN Configure protocol based VLANs using the Ethertype field as the filtering criteria for untagged packets For example assign a specific protocol to a protocol based VLAN When the device receives untagged packets with the protocol it forwards them to the protocol based VLAN The device assigns the other untagged packets to the port VLAN ID UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 205 VLANs 8 8 VLAN unaware mode 8 8 VLAN unaware mode The VLAN unaware function defines the operation of the device in a LAN segmented by VLANs The device accepts packets and frames and processes them according to its inbound rules Based on the IEEE 802 1Q specifications the function governs how the device processes VLAN tagged frames or packets Use the VLAN aware mode to apply the user defined VLAN topology config ured by the network administrator The device uses VLAN tagging in combi nation with the IP or Ethernet address when forwarding packets or frames The device processes inbound and outbound frames or packets acco
207. s the configuration data to the device using its MAC address The DHCP mode is the default mode for the configuration data reference set the parameter to the BOOTP mode for this method Configuration via DHCP You choose this in band method to configure the installed device using DHCP You need a DHCP server for this method The DHCP server assigns the configuration data to the device using its MAC address or its system name Configuration using the graphical user interface If the device already has an IP address and is reachable via the network then the graphical user interface provides you with another option for configuring the IP parameters UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 35 Entering IP Parameters 2 1 IP Parameter Basics 2 1 IP Parameter Basics 2 1 1 IP Address Version 4 The IP addresses consist of 4 bytes Write these 4 bytes in decimal notation separated by a decimal point RFC 1340 written in 1992 defines 5 IP Address classes Class Network Host address Address range address A 1 byte 3 bytes 0 0 0 0 to 127 255 255 255 B 2 bytes 2 bytes 128 0 0 0 to 191 255 255 255 C 3 bytes 1 byte 192 0 0 0 to 223 255 255 255 D 224 0 0 0 to 239 255 255 255 E 240 0 0 0 to 255 255 255 255 Table 2 IP address classes The first byte of an IP address is the network address The worldwide leading regulatory board for assigning network addresses is the IANA Internet Assigned Numbers Authority If you
208. s this community with the communities specified in the device If the communities match the device accepts the SNMP packet and grants access Make the following basic provisions to make undesired access to the device more difficult O Change the community for read write access Treat this community confi dentially Everyone who knows the community has the option to change the settings for the device L Specify a different community for read write access than for read access L Use SNMPv1 or SNMPv2 only in environments protected from eaves dropping The protocols do not use encryption The SNMP packets contain the community in clear text We recommend using SNMPv3 and deactivating the access via SNMPv1 and SNMPvz2 in the device Prerequisite User account with authorization profile administrator Perform the following work steps L Change the community for read write access UM BasicConfig HiOS 2S 2A 3S RSPE 80 Release 4 0 07 2014 Access to the device 3 3 SNMP Access CI Open the Device Security gt Management Access gt SNMPv1 v2 Community dialog The dialog shows the communities that are set up Community rite private public Set Reload Help Loading data ok Figure 36 Device Security gt Management Access gt SNMPv1 v2 Community dialog LI Inthe row for the Write community click the Name field Enter the community Up to 32 alphanumeric characters are allowed The device diff
209. ser interface GUI or in the CLI Prerequisite User account with authorization profile administrator 5 L Open the Device Security gt User Management dialog UM BasicConfig HiOS 2S 2A 3S RSPE 68 Release 4 0 07 2014 Access to the device 3 2 User Management The dialog shows the user accounts that are set up Configuration Password Policy Number of Login Attempts 0 Minimum Upper Cases fi Minimum Password Length 6 Minimum Lower Cases fi Minimum Numbers fi Minimum Special Charactes fi i User Policy i ese bai ee admin M m T we F F administrator hmacmd5 des guest hmacmds des user Set Reload Create Remove Help Figure 30 Device Security gt User Management dialog show users Shows the user accounts that are set up UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 69 Access to the device 3 2 User Management 3 2 3 Default setting In the state on delivery the user accounts admin and user are set up on the device Parameters Value in the state on delivery User Name admin user Password private public Authorization administrator guest User locked off off Policy Check off off SNMP Auth Type hmacmd5 hmacmd5 SNMP Encryption des des Type Table 5 Default settings for the factory setting user accounts Note Change the password for the admin user account before making the device available in the network 3 2 4 Changing sta
210. ses the specified destination port solely for reviewing data in this state the port blocks normal data traffic Switch PLC A RMON Probe a PEET Figure 84 Port mirroring UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 251 Operation Diagnosis 9 14 Cause and Action management during Selftest 9 14 Cause and Action management during Selftest The device checks its assets during the boot process and occasionally there after The device checks system task availability or termination and the avail able amount of memory Furthermore the device checks for application func tionality and if there is any hardware degradation in the chip set When the device detects a loss in integrity the device responds to the degra dation with a user defined action The following categories are available for configuration Task action to be taken when a task is unsuccessful Resources action to be taken due to the lack of resources Software action taken for loss of software integrity For example code segment checksum or access violations Hardware action taken due to hardware degradation Configure each category to produce an action when the device detects a loss in integrity The following actions are available for configuration log only this action writes a message to the logging file send trap a trap will be sent to the management station reboot an error in the category when activated will
211. settings by sending a test message Prerequisite The settings for the email message are specified The function is enabled Perform the following work steps CI Open the Diagnostics gt Email Notification gt Mail Server dialog LI Click the Connection Test button to display the Connection Test dialog LI Click in the Severity field Select the value urgent to send the test message to the recipients which the device informs about serious events Select the value urgent to send the test message to the recipients which the device informs about serious events O Click in the Message Text field enter the text of the email message L Click the OK button to send the test message UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 241 Operation Diagnosis enable configure logging email test msgtype 9 10 Email Notification HiOS 2A HiOS 3S Switch to the privileged EXEC mode Switch to the Configuration mode lt urgent non urgent gt lt STRI NG gt content to the receivers Sends an email message with the STRING If you do not see any error message and the receivers obtain the message the device settings are correct 242 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Operation Diagnosis 9 11 Reports 9 11 Reports The following lists reports and buttons available for diagnostics System Log file The log file is an HTML file in which the device writes every impo
212. signed DSCP Network Control 111 CS7 111000 Internetwork Control 110 CS6 110000 Critical 101 CS5 101000 Flash Override 100 CS4 100000 Flash 011 CS3 011000 Immediate 010 CS2 010000 Priority 001 CS1 001000 Routine 000 CSO 000000 Table 11 Assigning the IP precedence values to the DSCP value 7 5 1 DiffServ example Using the following steps configure the device to drop packets containing the source IP address 10 20 10 11 the TCP protocol and the source port 80 received on port 1 1 Step 1 Create a traffic class LI Open the switching gt QoS Priority gt DiffServ gt Class dialog L To create a new traffic class click Create O In the Class frame Name textbox enter classl LI In the Rule frame Type pulldown menu select protocol L In the Parameter frame Protocol Number textbox enter 6 The IANA defined the Assigned Internet Protocol Numbers that you enter in the Protocol Number textbox Use this link to find a list of the protocol numbers http www iana org assignments protocol numbers protocol numbers xhtml A rule with the protocol number 255 matches every protocol in the IANA list O Click OK UM BasicConfig HiOS 2S 2A 3S RSPE 178 Release 4 0 07 2014 Network Load Control 7 5 Differentiated Services A EEA OOOOOUOO Step 2 Ao oo eo oe Step 3 E L L To add the source IP address and Mask to the class click Create In the Class frame Name pul
213. ss of 10 1 3 5 as LOr Tegas index 1 dns client adminstate Activates the DNS client function Configure the DNS client to map static hosts with IP addresses L Open the Advanced gt DNS gt Client gt Static Hosts dialog L To add a new entry to the table click Create L Inthe Name cell enter example com which is a name of a device in the network L In the IP Address cell enter 10 1 3 9 O To enable the entry click Active UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 269 Advanced functions of the device 10 3 Using the device as a DNS client HiOS 2A HiOS 3S index Name IP Adress 1 example com 101 39 Vv Set Reload Create Remove Hep Figure 89 Table in the Advanced gt DNS gt Client gt Static Hosts dialog enable Switch to the privileged EXEC mode configure Switch to the Configuration mode dns client host add 1 name Adds example com as a static host with an IP example com ip 10 1 3 9 address of 10 1 3 9 dns client adminstate Activates the DNS client function UM BasicConfig HiOS 2S 2A 3S RSPE 270 Release 4 0 07 2014 Advanced functions of the device 10 4 Auto Disable 10 4 Auto Disable If the configuration displays a port as enabled but the device detects an error or change in the condition the software shuts down that port In other words the device software disables the port because of a detected error or change in the condition When a port
214. t reject reject Vv radius local reject reject reject Vv Set Reload Create Remove Allocate Applications 2 Help Figure 26 Device Security gt Authentication List dialog enable configure authlists add loginGUI authlists enable loginGUI authlists set policy loginGUI radius local rej reject reject show authlists ect UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Switch to the privileged EXEC mode Switch to the Configuration mode Creates the loginGUT list Activates the 1oginGUT list Allocates the methods to the loginGUI list according to the example Shows the lists that are set up 61 Access to the device 3 1 Authentication lists L Connect the list with an application L Mark in the Device Security gt Authentication List dialog the desired list by clicking the Name field L Click Allocate Applications The dialog shows the Allocate Applications window edicated Applications a Fiel S Set Reiywi Create i Remove i Aloon Apeications Figure 27 Allocate Applications window in the Device Security gt Authenti cation List Alalog O In the Possible Applications column select the application that you are allocating to the list gt For access using the graphical user interface GUI select Web Interface gt For access using the CLI via SSH select SSH gt For access using the CLI via Telnet select Tel
215. tab Port on checkbox and Link Current Settings field u Table 22 Symbols identifying the status of the device ports UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 227 Operation Diagnosis 9 6 Port Event Counter 9 6 Port Event Counter The port statistics table enables experienced network administrators to iden tify possible detected problems in the network This table shows you the contents of various event counters In the Basic Settings gt Restart dialog you can reset the event counters to zero using Cold start or Reset port counters The packet counters add up the events sent and the events received The event counters may be obseverd by selecting the Diagnostics Ports Statistics Table dialog Counter Indication of known possible weakness Received fragments Non functioning controller of the connected device Electromagnetic interference in the transmission medium CRC error Non functioning controller of the connected device Electromagnetic interference in the transmission medium Inoperable component in the network Collisions Non functioning controller of the connected device Network over extended lines too long Collision or a detected fault with a data packet Table 23 Examples indicating known weaknesses O To reset the counters click in the Basic Settings gt Restart dialog Reset port counters L To monitor the current status of the event counters open the B
216. tact 1 all Displays signal contact settings for the specified signal contact UM BasicConfig HiOS 2S 2A 3S RSPE 226 Release 4 0 07 2014 Operation Diagnosis 9 5 Port Status Indication 9 5 Port Status Indication MO Open the Basic Settings gt system dialog The dialog displays the device with the current configuration Furthermore the dialog indicates the status of the individual ports with a symbol The following symbols represent the status of the individual ports In some situations these symbols interfere with one another If you position the mouse pointer over the port icon a bubble help displays a detailed descrip tion of the port state Criterion Symbol Bandwidth of the 10 Mbit s device port Port activated connection okay full duplex mode 2 100 Mbit s Port activated connection okay full duplex mode 1000 Mbit s Port activated connection okay full duplex mode Operating state Half duplex mode activated Seethe Basic Settings gt Port dialog Configuration tab Automatic Configuration checkbox Manual Configuration field and Manual Cable Crossing Auto Conf off field Autonegotiation activated See the Basic Settings gt Port dialog Configuration tab Automatic Configuration checkbox Port is blocked by a redundancy function AdminLink Port is deactivated connection okay u Port is deactivated no connection set up See the Basic Settings gt Port dialog Configuration
217. tch from example 1 you use a 2nd Switch on the right in the example The simple network divides the terminal devices A H of the individual VLANs over 2 transmission devices Switches VLANs configured in this manner are distributed VLANs When configured correctly the VLANs allow the optional Management Station to access the network components Note In this case VLAN 1 has no significance for the terminal device communication but it is required for the administration of the transmission devices via what is known as the Management VLAN As in the previous example uniquely assign the ports with their connected terminal devices to a VLAN With the direct connection between the 2 trans mission devices uplink the ports transport packets for both VLANs To differentiate these uplinks you use VLAN tagging which handles the frames accordingly Thus you maintain the assignment to the respective VLANs UM BasicConfig HiOS 2S 2A 3S RSPE 192 Release 4 0 07 2014 VLANs 8 1 Examples of VLANs Proceed as follows to perform the example configuration L Add Uplink Port 5 to the ingress and egress tables from example 1 O Create new ingress and egress tables for the right switch as described in the first example The egress table specifies on which ports the device sends the frames from this VLAN T with tag field T tagged marked U without tag field U untagged not marked In this example the devices use tagged fr
218. the device a separate policy is possible 3 1 1 Applications The device supports the following applications with which the device management can be accessed Access using CLI via a serial connection Access using CLI via SSH Access using CLI via Telnet Access using the graphical user interface GUI The device also controls the access to the network from connected terminal devices using port based access control IEEE802 1x 3 1 2 Methods When users login the device uses one of the following methods for the authentication local The device authenticates the users by using the local user management see the Device Security gt User Management dialog radius The device forwards authentication requests to a RADIUS server in the network UM BasicConfig HiOS 2S 2A 3S RSPE 56 Release 4 0 07 2014 Access to the device 3 1 Authentication lists When terminal devices login to access the network using IEEE802 1X the device uses one of the following methods for the authentication radius The device forwards authentication requests to a RADIUS server in the network ias The device authenticates the terminal devices with the integrated authen tication server IAS implemented in the device The IAS manages the login data in a separate database see the Network Security gt 802 1X Port Authentication gt Integrated Authentication Server dialog 3 1 3 Default setting In the default settings of the device the following lists ar
219. tile memory NVM as configura tion profile config3 107 Managing configuration profiles 4 4 Resetting the device to the factory defaults 4 4 Resetting the device to the factory defaults If you reset the settings in the device to the delivery state the device deletes the configuration profiles in the volatile memory and in the non volatile memory If an external memory is connected the device also deletes the configuration profiles saved on the external memory The device then reboots and loads the factory settings 4 4 1 With the graphical user interface or CLI Prerequisite User account with authorization profile administrator Perform the following work steps UM BasicConfig HiOS 2S 2A 3S RSPE 108 Release 4 0 07 2014 Managing configuration profiles 4 4 Resetting the device to the factory defaults C Open the Basic Settings gt Load Save dialog External Memory Selected ENvM SD Status ok Undo Modifications of Configuration Configuration Encryption Information Active 7 Set Password Delete NVM synchron to running contig IV ENYM synchron to NYM Vv Function Con off Period to undo while Connection is lost s 600 Watchdog IP Address foooo irs Encryption Software 4 5 Fingerprint Storage Type tm Modification Date Selected Encrypted Fingerprint running config 02 0 00 conti 013 7 1 AM F3387FF 1 JOBOL 5941 F B RAM NYM Set Reload Save Ac
220. tion is performed individually for each port as well as separately for inbound and outbound traffic If the data rate on a port exceeds the defined limit the device discards the overload on this port Rate limitation occurs entirely on layer 2 In the process the rate limiter func tion ignores protocol information on higher levels such as IP or TCP This may affect the TCP traffic To minimize these effects use the following options Limit the rate limitation to certain frame types for example broadcasts multicasts and unicasts with unknown destination addresses Limit the outbound data traffic instead of the inbound traffic The outbound rate limitation works better with TCP flow control due to device internal buffering of the data packets Increase the aging time for learned unicast addresses See on page 143 Aging of learned MAC addresses LI To configure the rate limiter function proceed as follows MO Open the switching gt Rate Limiter dialog UM BasicConfig HiOS 2S 2A 3S RSPE 158 Release 4 0 07 2014 Network Load Control 7 3 Rate limiter Ingress Egress Threshold Broadcast Multicast Unki ele Broadcast Threshold Multicast Threshold Mode 1 ad percent percent percent percent Set Reload O Hep Figure 65 Switching gt Rate Limiter dialog gt On the Input tab you configure the load limitation for inbound data traffic Turn the rate limiter on or off and set limits fo
221. tivate Delete Select x Figure 52 Basic Settings gt Load Save dialog LI Click the _ button then Back to factory defaults The dialog displays a warning message L Click the OK button The device deletes the configuration profiles in the volatile memory and in the non volatile memory If an external memory is connected the device also deletes the config uration profiles saved on the external memory After a brief period the device restarts and loads the delivery settings enable Switch to the privileged EXEC mode clear factory Deleting the configuration profiles in the volatile memory RAM and in non volatile memory NvM If an external memory is connected the device also deletes the configuration profiles saved on the external memory After a brief period the device restarts and loads the delivery settings UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 109 Managing configuration profiles 4 4 Resetting the device to the factory defaults 4 4 2 Inthe System Monitor Prerequisite Your PC is connected via terminal cable with the V 24 connec tion of the device Perform the following work steps L L Restart the device To switch to the System Monitor press 1 within 3 seconds when prompted during reboot The device loads the System Monitor To switch from the main menu to the Manage configurations menu press 4 To execute the Clear configs and boot params command press 1
222. tivate flow control in the device Open the Basic Settings gt Port dialog Configuration tab To turn on the flow control on a port select the Flow Control option on the corresponding table line To temporarily save the configuration click Set Oo OO OO Note When you are using a redundancy function you deactivate the flow control on the participating device ports If the flow control and the redun dancy function are active at the same time there is a risk that the redundancy function will not operate as intended UM BasicConfig HiOS 2S 2A 3S RSPE 184 Release 4 0 07 2014 VLANs 8 VLANs In the simplest case a virtual LAN VLAN consists of a group of network participants in one network segment who can communicate with each other as if they belonged to a separate LAN More complex VLANs span out over multiple network segments and are also based on logical instead of only physical connections between network participants VLANs are an element of flexible network design It is easier to reconfiguring logical connections centrally than cable connections The device supports independent VLAN learning in accordance with the IEEE 802 1Q standard which defines the VLAN function Although there are many benefits of using VLANs the following lists the top benefits Network load limiting VLANs reduce the network load considerably as the devices transmit broadcast multicast and unicast packets with unknown unlearned d
223. tmask 255 255 240 0 option subnet mask 255 255 240 0 option routers 10 1 112 96 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 51 Entering IP Parameters 2 6 Entering IP Parameters per DHCP Host berta requests IP configuration with her MAC address host berta hardware ethernet 00 80 63 08 65 42 fixed address 10 1 112 82 Host hugo requests IP configuration with his client identifier host hugo option dhcp client identifier hugo option dhcp client identifier 00 68 75 67 6f fixed address 10 1 112 83 server name 10 1 112 11 filename agent config dat Lines that begin with the character contain comments The lines that precede the individual devices indicate settings that apply to the following device The fixed address line assigns a fixed IP address to the device Please refer to your DHCP Server manual for more details UM BasicConfig HiOS 2S 2A 3S RSPE 52 Release 4 0 07 2014 Entering IP Parameters 2 7 Management Address Conflict Detection 2 Management Address Conflict Detection You assign an IP address to the device using several different methods This function helps the device detect IP address conflicts on a network after boot up and the device also checks periodically during operation This function is described in RFC 5227 When enabled the device sends an SNMP trap informing you that it detect
224. to 8 Additionally you also include SNMP requests to the device as events in the syslog Note To display the logged events open the dialog Diagnostics gt Report gt Audit Trail Of Diagnostics gt Report gt System Log Open the Diagnostics gt Syslog dialog Activate the syslog function in the Operation frame Click on Create Enter the IP address of the syslog server in the IP Address column Enter the UDP port on which the syslog server receives log entries in the Port column Enter the minimum seriousness level an event must attain for the device to send a log entry to this syslog server in the Minimum Severity column LI To enable the syslog server entry to which the device sends the logs select the Active control box d aE Configure the following settings for read and write SNMP requests in the SNMP Logging frame Open the Diagnostics gt Report gt Global dialog Select the Log SNMP Get Request checkbox if you want to send reading SNMP requests to the device as events to the syslog server Select the Log SNMP Set Request checkbox if you want to send writing SNMP requests to the device as events to the syslog server Choose the desired severity level for the get and set requests d 0 0g UM BasicConfig HiOS 2S 2A 3S RSPE 246 Release 4 0 07 2014 enable configure Operation Diagnosis logging host add 1 addr 10 0 1 159 severity 3 logging syslog operation e
225. to the Interface Configuration mode of interface 1 1 sflow sampler receiver 1 To assign the sFlow sampler on the port to the rate 300 previously configured receiver with a sampling rate of 300 UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 255 Operation Diagnosis 256 c s 256 c sflow pol ow sampler maxheadersize ler receiver linterval 400 9 15 Network Monitoring with sFlow HiOS 2A HiOS 3S To configure the maximum header size of the sFlow sampler to 256 To assign the sFlow poller to the previously config ured receiver and to sample data for 400 s UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Advanced functions of the device 10 Advanced functions of the device UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 257 Advanced functions of the device 10 1 Using the device as a DHCP Server 10 1 Using the device as a DHCP Server A Dynamic Host Configuration Protocol DHCP server assigns IP addresses gateways and other networking definitions such as DNS and NTP parameters to clients The DHCP operations fall into 4 basic phases IP discovery IP lease offer IP request and IP lease acknowledgment Use the acronym DORA which stands for Discovery Offer Request and Acknowledgement to help remember the phases The server receives client data on UDP port 67 and sends data to the client on UDP port 68 The DHCP server provides an IP address pool o
226. tomatic configuration or firmware updates via the external memory blocked management access due to invalid login rebooting opening and closing SNMP over HTTPS tunnels detected power failures UM BasicConfig HiOS 2S 2A 3S RSPE 248 Release 4 0 07 2014 Operation Diagnosis 9 12 Network Analysis with TC PDump 9 12 Network Analysis with TCPDump Tcpdump is a packet sniffing UNIX utility used by network administrators to sniff and analyze traffic on a network A couple of reasons for sniffing traffic on a network is to verify connectivity between hosts or to analyze the traffic traversing the network Tcpdump on the device provides the possibility to decode or capture packets received and transmitted by the Management CPU This function is available using the debug CLI command Refer to the CLI Handbook for further infor mation about the Tcpdump function UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 249 Operation Diagnosis 9 13 Monitoring Data Traffic on the Ports Port Mirroring 9 13 Monitoring Data Traffic on the Ports Port Mirroring The port mirroring function enables you to copy the data traffic from several ports to a single port of the device for diagnostic purposes The ports from which the device copies data are source ports The port to which the device copies the data are destination port the device uses phys ical ports as source or destination ports In port mirroring the device copies valid incoming and out
227. ual module to monitor External memory not in The device monitors sychronization between the device configura sync with NVM tion and the configuration stored on the ENVM External memory removed Enable this function to monitor the presence of an external memory storage device Power Supply 0 Enable this function to monitor the power supply Table 21 Device Status events UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 225 Operation Diagnosis 9 4 Out of band Signalling E Displaying the signal contact s status The device gives you additional options for displaying the status of the signal contact gt display in the graphical user interface query in the Command Line Interface L Open the Basic Settings gt System dialog Security Status Relay Status Alarm Counter Alarm Counter NS Supply 2 Jul XN t Alarm Reason assword length lt 8 Jul 23 2013 9 49 24 AM AlarmReason y 1 Power Supply 2 Jul 23 2013 9 49 21 AM gt 6 1 Device Status Alarm Counter Figure 82 Device security and relay status alarm display 1 Number of existing device alarms 2 The symbol displays the security status 3 Number of existing security alarms 4 The symbol displays the relay status 5 Number of existing relay alarms 6 Cause and Start of existing relay alarms 7 Cause and Start of existing security alarms 8 Cause and Start of existing device alarms 9 The symbol displays the device status show signal con
228. uration frame L To open the signal contact you select the Opened option in the Configuration frame L To close the signal contact you select the Closed option in the Configuration frame enable Switch to the privileged EXEC mode configure Switch to the Configuration mode signal contact 1 mode manual Select the manual setting mode for signal contact 1 signal contact 1 state open Open signal contact 1 signal contact 1 state closed Close signal contact 1 9 4 2 Monitoring the Device and Security Statuses The Mode pull down menu in the Configuration frame controls the signal contact When you change modes click Set then Reload to display the current status When you select Device Status from the Mode pull down menu in the Configuration frame then the signal contact displays the status from the Diagnostics gt Status Configuration gt Device Status dialog UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 223 Operation Diagnosis 9 4 Out of band Signalling When you select Security Status from the Mode pull down menu in the Configuration frame then the signal contact displays the status from the Diagnostics gt Status Configuration gt Security Status dialog When you select Device Status Security Status from the Mode pull down menu in the Configuration frame then the signal contact displays the combined device and security status Configuring the operation monitoring L Open the
229. urce from which the device gets its IP parameters after starting You also define the VLAN in which the device management can be accessed configure the HiDiscovery access and allocate manual IP parameters Management Interface IP Address Assignment C BooTP DHCP C Local VLAN ID 1 MAC Address EC E5 55 F5 C2 00 HiDiscovery Protocol BOOTP DHCP Operation On Off Client ID JMSP ECE555F5C200 Access jreadyVrite v IP Parameter IP Address fi 0115 45 104 Netmask fess 255 224 0 Gateway address fi 0115323 Set Reload Hep Figure 22 Basic Settings gt Network dialog LI In the Management Interface frame you first define where the device gets its IP parameters from UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 47 Entering IP Parameters 2 4 Enter the IP Parameter using the graphical user interface In the BOOTP mode the configuration is viaa BOOTP or DHCP server on the basis of the MAC address of the device In the DHCP mode the configuration is viaa DHCP server on the basis of the MAC address or the name of the device In the Local mode the device uses the network parameters from the internal device memory Note When you change the allocation mode of the IP address the device activates the new mode immediately after the Set button is pressed LI In the VLAN ID field you enter the ID of the VLAN in which the device management can be accessed via the network O Note here that you can only a
230. us events select Periodic LI Click in the Address field specify the email address of the receiver L Mark the checkbox in the Active column L Click the Set button enable Switch to the privileged EXEC mode configure Switch to the Configuration mode logging email to addr add Specifies the receiver with the email address lt 1 10 gt addr lt user doma in gt user doma in The device manages the msgtype lt urgent non urgent gt settings on the memory place 1 10 9 10 5 Specifying the mail server The device sends the email messages through 1 of up to 5 mail servers encrypted or unencrypted using the SMTP protocol Perform the following work steps CI Open the Diagnostics gt Email Notification gt Mail Server dialog L Use the Create button to add a new table entry LI Click in the IP Address field add the IP address of the mail server UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 239 Operation Diagnosis 9 10 Email Notification HiOS 2A HiOS 3S L Click in the Encryption field select the value t1sv1 if the mail server encrypts the connection using TLS SMTP over SSL Other wise leave the value at none The device adapts the value in the TCP Port field automatically You see the change after clicking the buttons Set and Reload If the mail server uses a port other than the default port LI Click in the TCP Port field enter the number of the TCP port If the mail server re
231. ut a connection first enable the global function then enable the individual ports L Open the Global tab of the Diagnostics gt Status Configuration gt Device Status dialog L In the Monitor column you select the Connection error function L Open the Port tab of the Diagnostics gt Status Configuration gt O Device Status dialog In the Propagate Connection Error row you select the ports to monitor enable configure device status monitor link failure UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Switch to the privileged EXEC mode Switch to the Configuration mode Sets the monitoring of the network connection 215 Operation Diagnosis 9 2 Monitoring the Device Status interface 1 1 Select interface 1 port 1 device status link alarm Sets the monitoring of a active link without a connection for this port Note The above CLI commands activate monitoring and trapping for the supported components If you want to activate or deactivate monitoring for individual components you will find the corresponding syntax in the CLI manual or in the help of the CLI console Enter a question mark for the CLI prompt UM BasicConfig HiOS 2S 2A 3S RSPE 216 Release 4 0 07 2014 Operation Diagnosis 9 2 Monitoring the Device Status 9 2 3 Displaying the Device Status LI Open the Basic Settings gt System dialog 1 2 Device Status Security Status Relay Status Alarm Counter Alarm Counter Ala
232. vel gt events logging email severity Specifies the minimum severity for non serious non urgent lt level gt events logging email subject add Creates a subject line with the content TEXT for lt urgent non urgent gt TEXT the email messages 9 10 3 Changing the send interval The device allows you to specify in which interval the device sends email messages with the log file 30 minutes are preset Perform the following work steps LI Open the Diagnostics gt Email Notification gt Global dialog You specify the settings for non serious events Notification Periodic frame LI Change the value in the Sending Interval min field to change the interval LI Click the Set button enable Switch to the privileged EXEC mode configure Switch to the Configuration mode logging email duration Specifies the interval at which the device sends lt 30 1440 gt email messages with log file UM BasicConfig HiOS 2S 2A 3S RSPE 238 Release 4 0 07 2014 Operation Diagnosis 9 10 Email Notification HiOS 2A HiOS 3S 9 10 4 Specifying the receivers The device allows you to inform up to 10 different receivers Perform the following work steps LCI Open the Diagnostics gt Email Notification gt Receiver dialog LI Click the Create button Adds a new table entry LI Click in the Notification field To inform the receiver about serious events select Immediate To inform the receiver about non serio
233. veral network cards you can select the one you desire in the HiDiscovery toolbar HiDiscovery displays a line for every device that reacts to the HiDiscovery protocol HiDiscovery enables you to identify the devices displayed L Select a device line LI Click the Signal symbol in the tool bar to set the LEDs for the selected device flashing To switch off the flashing click on the symbol again L By double clicking a line you open a window in which you can enter the device name and the IP parameter Properties xi MAC Address 00 80 63 43 40 00 Name Power Unit 1 Switch 2 IP Configuration IP Address 10 115 Oo im 70 Set Default Net Mask 255 255 i 224 0 Set Default Default Gateway 10 fus o 3 Set Default Save As Default Ok Cancel Figure 21 HiDiscovery I P parameter assignment Note For security reasons switch off the HiDiscovery function for the device in the graphical user interface after you have assigned the IP parameters to the device Note Save the settings so that you will still have the entries after a restart UM BasicConfig HiOS 2S 2A 3S RSPE 46 Release 4 0 07 2014 Entering IP Parameters 2 4 Enter the IP Parameter using the graphical user interface 2 4 Enter the IP Parameter using the graphical user interface To configure the global parameters use the following steps L Open the Basic Settings gt Network dialog In this dialog you first define the so
234. vers synchronizes its own system time as an SNTP client with its parent SNTP server SNTP cascade The highest SNTP server in the SNTP cascade has the most direct access to a reference time source GES PLC SNTP client 192 168 1 11 P SNTP server SNTP client BE 192 168 1 1 192 168 1 12 Switch SNTP SNTP SNTP SNTP client Server client server 192 168 1 2 192 168 1 3 Figure 53 Example of SNTP cascade UM BasicConfig HiOS 2S 2A 3S RSPE 128 Release 4 0 07 2014 Synchronizing the System Time in the 6 2 SNTP Network Note For precise time distribution between SNTP servers and SNTP clients you preferably use network components routers and switches that forward the SNTP packets with a low and uniform transmission time latency An SNTP client sends its requests to up to 4 configured SNTP servers If there is no response from the 1st SNTP server the SNTP client sends its requests to the 2nd SNTP server If this request is also unsuccessful it sends the request to the 3rd and finally the 4th SNTP server If none of these SNTP servers responds the SNTP client loses its synchronization The SNTP client periodically sends requests to each SNTP server until a server delivers a valid time Note The device provides the option of obtaining a list of SNTP server IP addresses from a DHCP server L If no reference time source is available to you determine a device
235. ware into the field File in the Software Update frame Alternatively click in the Software Update frame the button and select the image file To start the update procedure click the Update button The device copies the currently running device software into the backup memory As soon as the update procedure is completed successfully the device displays the message Firmware successfully loaded onto the device Upon restart the device loads the installed device software UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 Loading Software Updates 5 2 Software update from a server 5 2 Software update froma server To update the software using TFTP SFTP or SCP you need a server on which the image file of the device software is saved Perform the following work steps LI Open the Basic Settings gt Software dialog O Enter in the File field in the Software Update frame the URL for the image file in the following form When the image file is saved on a TFTP Server sftp lt IP address gt lt path gt lt image_file_name gt bin When the image file is saved on a SCP or SFTP server scp Of sftp lt IP address gt lt path gt lt image_file_name gt bin scp or sftp lt user gt lt password gt lt IP address gt lt path gt lt image file name gt bi n If you enter the URL without the user and password the device displays the window Authentication There you enter Username and Password
236. with an SNTP server as a reference time source Adjust its system time at regular intervals UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 129 Synchronizing the System Time in the 6 2 SNTP Network 6 2 2 Defining settings of the SNTP client As an SNTP client the device obtains the time information from SNTP or NTP servers and synchronizes its system clock accordingly Perform the following work steps CI Open the Time gt SNTP gt Client dialog Operation Configuration State Mode unicast Y notSynchronizea on off Request Interval s 30 Disable Client atter successful Synchronization r index Target UDP Port ieee NTP Server 192 168 1 0 123 Success Set Reload Create Remove Help Figure 54 Time gt SNTP gt Client dialog L Set the SNTP operation mode In the Configuration frame select one of the following values in the Mode field gt unicast The device sends requests to an SNTP server and expects a response from this server broadcast The device waits for broadcast messages from SNTP servers on the network LI To synchronize the time only once select the checkbox Disable Client after successful Synchronization After synchronization the device switches the SNTP client function back off again UM BasicConfig HiOS 2S 2A 3S RSPE 130 Release 4 0 07 2014 Synchronizing the System Time in the 6 2 SNTP Network The table shows the SNTP server to which the SNTP client send
237. with tag For data packets with VLAN tags the device evaluates the following informa tion Priority information VLAN tagging if VLANs are configured UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 163 Network Load Control 7 4 QoS Priority x amp S amp AG RS Re D 3 v lt S K amp oe Re 0 of oe os gt KO Y oe AV o q nb t 4 Octets Figure 67 Structure of the VLAN tagging Data packets with VLAN tags containing priority information but no VLAN information VLAN ID 0 are known as Priority Tagged Frames Note Network protocols and redundancy mechanisms use the highest traffic class 7 Therefore select other traffic classes for application data When using VLAN prioritizing consider the following special features End to end prioritizing requires the VLAN tags to be transmitted to the entire network which means that every network component needs to be VLAN capable Routers are not able to send and receive packets with VLAN tags through port based router interfaces UM BasicConfig HiOS 2S 2A 3S RSPE 164 Release 4 0 07 2014 Network Load Control 7 4 QoS Priority 7 4 4 IP ToS Type of Service The Type of Service field ToS in the IP header was already part of the IP protocol from the start and is used to differentiate different services in IP networks Even back then there were ideas about differentiated treat ment of IP packets due to the limited bandwidth available and th
238. xit 9 11 Reports Switch to the privileged EXEC mode Switch to the Configuration mode Add a new recipient of the log messages The 3 indicates the seriousness of the message sent by the device 3 means error Enable the Syslog function Switch to the privileged EXEC mode show logging host Display the syslog host settings No Server IP Port Max Severity Type Status 1 1040 1199 514 error systemlog active configure Switch to the Configuration mode logging snmp requests get Create log events from reading SNMP requests operation logging snmp requests get The 5 indicates the seriousness of the message severity 5 that the device allocates to messages from reading SNMP requests 5 means note logging snmp requests set Create log events from writing SNMP requests operation logging snmp requests set The 5 indicates the seriousness of the message severity 5 that the device allocates to messages from writing SNMP requests 5 means notice exit Switch to the privileged EXEC mode show logging snmp Display the SNMP logging settings Log SNMP GET requests enabled Log SNMP GET severity notice Log SNMP SET requests enabled Log SNMP SET severity notice 9 11 3 System Log The device allows you to call up a log file of the system events The table in the Diagnostics gt Report gt System Log dialog lists the logged events LI To update t
239. y Does the image file exist which is specified in the startup txt file ls the software version of the image file more recent than the software currently running on the device If the criteria are fulfilled the device starts the update procedure The device copies the currently running device software into the backup memory As soon as the update procedure is completed successfully the device reboots automatically and loads the new software version sp 00u 0 Check the result of the update procedure The log file in the Diagnostics gt Report gt System Log dialog contains one of the following messages S_watson_AUTOMATIC_SWUPDATE_SUCCESS Software update completed successfully S_watson_AUTOMATIC_SWUPDATE_ABORTED Software update aborted UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 117 Loading Software Updates 5 3 Software update from the external memory S_watson_AUTOMATIC_SWUPDATE_ABORTED_WRONG_FILE Software update aborted due to wrong image file S_watson_AUTOMATIC_SWUPDATE_ABORTED_SAVING_FILE Software update aborted due to failed saving of the image file to the device UM BasicConfig HiOS 2S 2A 3S RSPE 118 Release 4 0 07 2014 Loading Software Updates 5 4 Loading an older software 5 4 Loading an older software The device allows you to replace the device software with an older version The basic settings on the device are kept after replacing the device software Note The settings for funct
240. ync with the configu ration in the device The removal of a module Select the corresponding entries to decide which events the device status includes UM BasicConfig HiOS 2S 2A 3S RSPE Release 4 0 07 2014 213 Operation Diagnosis 9 2 Monitoring the Device Status Note With a non redundant voltage supply the device reports the absence of a supply voltage To disable this message feed the supply voltage over both inputs or ignore the monitoring 9 2 1 Events which can be monitored Name Meaning Temperature If the temperature exceeds or falls below the value specified Ring redundancy Enable this function to monitor if ring redundancy is present Connection error Enable this function to monitor every port link event in which the Propagate Connection Error checkbox is active Module removal Enable this global function to monitor the removal of a module Also enable the individual module to monitor External memory removal Enable this function to monitor the presence of an external memory storage device External memory not in The device monitors sychronization between the device configura sync tion and the configuration stored on the ENVM Power Supply 0 Enable this function to monitor the power supply Table 19 Device Status events 9 2 2 Configuring the Device Status L Open the Global tab of the Diagnostics gt Status Configuration gt Device Status dialog In the Monitor column you select the events to
Download Pdf Manuals
Related Search