RUGGEDCOM ROS
Contents
1. Siemens Supported Agent Capabilities MIBs 9 Chapter 1 Introduction RUGGEDCOM ROS User Guide 67 636 OERLE ZOR SCA 43 TOS SOLS e ee hee oe 43061 70 RDescr S25 355 29i 307 Salas QA EV 82 47 2E SBE 4D 34 De il a Se 4D 2G 4D S18 DAs OS 382 because of specific impl 42 20 CORZO ORGA TAs Gia 4D 49 CDOS i G20 540 67 67 72 65 67 61 74 68 DisplayString SSL SZ eAD ADs Aer AD BO cil O77 2055 libs M4520 5A 6 2D ho 6E Coe Soe Ea oe 2E 40 JA 20243 61570 GI 6 2 09 00 095 1450950557352 sysO 47 47 45 69 50 69 sysO sysO OS 6E sysO 45 hex sysO 49 sys 47 62 sys 49 sys TAMON sys 49 Tas 20 42 4 6 4 4 2E sysO 4c Use Or 61 See 69 41 CARE 74 GE PAD 66 O 7 9 O 42 O 2 O 4 RDe 44 74 RDe 6 RDe 4D RDe 220 47 20m 520s ose 4c 69 162 62 OCL 6S Displ sito SS Sit 26 va oO oO eee hex RDescr 2D 4E Coe 5o55 41 So 9 0 il 2 as 2 7 4 3 4 5 7 6 7 7 D 8 sysORDescr 19 hex sysORDescr 20 52 55 47 47 45 44 43 4F 4D 2D 53 45 52 49 41 4C 2D 4D 49 42 20 41 67 65 6E 42 4D On 6D 205 47 205 DisplayString Displ Pieler Displ AF TOOS Displ DisplayString el Displ 2 49 74 Oe SE AD 69 hex2. VLANs ROS provides the following VLAN features Support for up to 255 VLANs e Configurable port native VLAN Port modes of operation tailored to edge devices such as a PC or IED and to network switch interconnections A default setting that ensures configuration free connectivity in certain scenarios Ability to force either tagged or untagged operation on the port native VLAN Ability to switch between VLAN aware and VLAN unaware modes of operation e GARP VLAN Registration Protocol GVRP Double VLAN tagging or QinQ Configurable management VLAN Section 8 1 VLAN Operation Section 8 1 1 VLANs and Tags A virtual LAN or VLAN is a group of devices on one or more LAN segments that communicate as if they were attached to the same physical LAN segment VLANs are extremely flexible because they are based on logical instead of physical connections When VLANs are introduced all traffic in the network must belong to one or another VLAN Traffic on one VLAN cannot pass to another except through an internetwork router or Layer 3 switch A VLAN tag is the identification information that is present in frames in order to support VLAN operation Section 8 1 2 Tagged vs Untagged Frames Tagged frames are frames with 802 1Q VLAN tags that specify a valid VLAN identifier VID Untagged frames are frames without tags or frames that carry 802 1p prioritization tags only having prioritization information and a VI
3. IEEE 802 1X standard authentication IEEE 802 1X with MAC Authentication also known as MAC Authentication Bypass With this option the device can authenticate clients based on the client s MAC address if IEEE 802 1X authentication times out Autolearn Synopsis 1 to 16 or None Default None Only applicable when the Security field has been set to Static MAC It specifies maximum number of MAC addresses that can be dynamically learned on the port If there are static addresses configured on the port the actual number of addresses allowed to be learned is this number minus the number of the static MAC addresses Sticky Synopsis No Yes Default Yes Only applicable when the Security field has been set to Static MAC If Security is set to 802 1X Sticky is automatically forced to No Change the behaviour of the port to either sticky or non sticky If Sticky is Yes static MAC addresses authorized on the port stick to the port and the switch will not allow them to be removed from the port in case of link down on that port or move to a different port If Sticky is No static MAC addresses authorized on the port may move to an unsecured port There are three scenarios in which static MAC addresses can move link down on a secure port e traffic switches over from a secure port to an unsecure port Ports Security Parameters 231 Chapter 9 RUGGEDCOM ROS Port Security User Guide Param
4. Section 1 5 1 7 PSStatusCmd This format describes a bit layout for providing the status of available power supplies Bits 0 4 of the lower byte of the register are used for this purpose Bits 0 1 Power Supply 1 Status Bits 2 3 Power supply 2 Status The rest of the bits in the register do not provide any system status information Table PSStatusCmd Bit Values Bit Value Description 01 Power Supply not present 01 1 10 Power Supply is functional 10 2 11 Power Supply is not functional 11 3 The values used for power supply status are derived from the RUGGEDCOM specific SNMP MIB Read Power Supply Status from device using PSStatusCmd In this example consider a Modbus Request to read multiple registers from location 0x0043 0x04 0x00 0x43 0x00 0x01 Response may look like 0x04 0x02 0x00 Ox0A The lower byte of the register displays the power supplies status In this example both power supplies in the unit are functional Section 1 5 1 8 TruthValue This format represents a true or false status in the device e 1 indicates the corresponding status for the device to be true e 2 indicates the corresponding status for the device to be false Read FailSafe Relay status from device using TruthValue For example consider a Modbus Request to read multiple registers from location 0x0044 0x04 0x00 0x44 0x00 0x01 Response may look like 0x04 0x02 0x00 0x01 The register s lower byte shows the Fa
5. ETHERNET S Host with Port Redirection Software RuggedServer Figure 59 RTU Polling 0 65 ETHERNET RuggedServer RuggedServer If a server is used at the host end it will wait for a request from the host encapsulate it in an IP Datagram and send it to the remote side There the remote server will forward the original request to the RTU When the RTU replies the server will forward the encapsulated reply back to the host end The server maintains configurable timers to help decide if replies and requests are complete The server also handles the process of line turnaround when used with RS485 It is important to mention that unsolicited messages from RTUs in half duplex mode cannot be supported reliably Message processing 94 RTU Polling RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols time includes sending a message over RS485 a packtimer and a turnaround time In order to handle half duplex mode reliably the turnaround time must be configured long enough to allow an expected response to be received Any other messages will not be sent to the RS485 line within the processing time If such a message is received from the network it will be delayed It is up to the application to handle polling times on ports properly Section 3 2 1 3 Broadcast RTU Polling Broadcast polling allows a single host connected server to fan out a polling stream to a number of remote RTUs The host equi
6. Figure 35 Serial Port Menu A single field RIGB on the Serial Ports configuration form sets the operational mode of the IRIGB port per serial port Parameter Description IRIGB Synopsis PWM PPS Off Default Off Selects the output mode of the IRIG B pin on the corresponding serial port PWM Pulse Width Modulation mode complies with IRIG Standard 200 04 generating formats IRIGB006 and IRIGB007 In PPS mode a pulse with a duration of 1 millisecond is output every second at the beginning of the second Section 2 11 6 Time Source Selection This menu configures the reference time source to be used by the device for the local clock and for all served time references Time Source Selection 65 Chapter 2 Administration RUGGEDCOM ROS User Guide Log out Time Source Back Primary Time Source IRIGB y IRIGB Lock Interval 23 min IRIGB Cable Compensation none Figure 36 Time Source Form Parameter Description Primary Time Source Synopsis LOCAL CLK IRIGB IEEE1588 NTP Server Default LOCAL CLK access admin To select time source that will discipline the local clock Note that changing the time source may produce a step change in the time seen via any of the clock outputs IRIGB Lock Interval Synopsis 1 to 120 min or Forever Default Forever To set time interval with in which GPS IRIGB receiver should acquire lock to the time source Normally GPS or IRIGB receiver needs couple of min
7. 199 85 245 192 26 access admin VLAN Configuration 219 Chapter 8 RUGGEDCOM ROS VLANs User Guide Section 8 3 1 Global VLAN Parameters Log out Global VLAN Parameters access admin Back VLAN aware No C Yes Apply Reload Figure 155 Global VLAN Parameters Form Parameter Description VLAN aware Synopsis No Yes Default Yes Set either VLAN aware or VLAN unaware mode of operation NOTE i Do not attempt to change the VLAN aware parameter of the managed switch by applying a configuration CSV file update Configuration file updates are used to apply bulk changes to the current configuration of a switch Instead a change to this individual parameter MUST first be applied separately from any other table i e parameter changes In other words configuration file updates should exclude the VLAN aware parameter Section 8 3 2 Static VLANs Log out Static VLANs Back InsertRecord Management YLAN None SCADA IEDs None On Metering IEDs None Protection IEDs 3 6 Figure 156 Static VLANs Table 220 Global VLAN Parameters RUGGEDCOM ROS User Guide Chapter 8 VLANs Log out Back Figure 157 Static VLANs Form Parameter VID VLAN Name Forbidden Ports IGMP MSTI NOTE access Static VLANs mia VID he VLAN Name Protection IEDs Forbidden Ports None IGMP Off On O MSTI o Description
8. 5 TTT fo days 00 03 25 Reload Figure 143 Bridge RSTP Statistics Form Parameter Bridge Status Bridge ID Description Synopsis lt empty string gt Designated Bridge Not Designated For Any LAN Root Bridge Spanning Tree status of the bridge The status may be root or designated This field may display Not designated For Any LAN if the bridge is not the designated bridge for any of its ports Synopsis H HH HH HH H where is O to 65535 is O to FF Bridge Identifier of this bridge Spanning Tree Statistics 201 Chapter 7 Spanning Tree RUGGEDCOM ROS User Guide Parameter Root ID Regional Root ID Root Port Root Path Cost Configured Hello Time Learned Hello Time Configured Forward Delay Learned Forward Delay Configured Max Age Learned Max Age Total Topology Changes Time since Last TC Description Synopsis 4 4 44 4 where is 0 to 65535 is 0 to FF Bridge Identifier of the root bridge Synopsis 4 4 4 4 where is 0 to 65535 is 0 to FF Bridge Identifier of the IST regional root bridge for the MST region this device belongs to Synopsis 0 to 65535 or lt empty string gt If the bridge is designated this is the port that provides connectivity towards the root bridge of the network Synopsis 0 to 4294967295 The total cost of the path to the root bridge composed of the sum of the costs of e
9. 94 95 028 023 bos Ges eb 8a EGE WS 86 84 pols TSS e6 le ES os coos ad f4 Gg 28 DTS 2e 108 e7 gosig OOR ae e2 Sig 86 91 ESR EER fois dd os 2e 595 gak Zions 42 os Gos 65 6d eyes cas 99 ed 7e Selg oo 45 Ae GIS DES Ss 59 cs ie Gig 973 TEES 363 le e9 cos gai dd gek cos eR C2 d4 40 ass el 88 sel Selg 6a db acs ZST as 42 Os Bee 68 BER d5 sel Oa CBR Ges iels e0 61 aos bass WIE gele ADE do 528 SSIS d4 Lote 40 DAL COR e6 ous 46 EIJE 8e Os Sos DIE Ses f4 49 ise Sle Big TSS Big da 68 es Cis 208 Laos ea Relies 3e 038 caos G23 1138 49 ie Gig 60 SSH Key Pairs Chapter 1 RUGGEDCOM ROS Introduction User Guide Section 1 1 3 Bootloader Considerations NOTE i ROS Key Management features require Boot Software v2 20 0 at minimum It is strongly recommended to update the bootloader to this version or higher NOTE i If a Boot upgrade is required from Boot v2 15 0 or older it is recommended to run the flashfiles defrag command from the CLI Shell prior to the bootloader upgrade In the event that it is impracticable to update the bootloader to v2 20 0 or higher some of the key management features will nevertheless be available although in a degraded mode A ROS system
10. Call Dir Max Conns Loc Port Rem Port IP Address Description Synopsis 1 to maximum port number Default 1 The port number as seen on the front plate silkscreen of the switch Synopsis 0 to 255 or Off Default Off The character that can be used to force forwarding of accumulated data to the network Ifa packetization character is not configured accumulated data will be forwarded based upon the packetization timeout Pack Timer parameter Synopsis 1 to 1000 Default 10 ms The delay from the last received character until when data is forwarded If parameter value is set to be less than 3 ms there is not guaranty that it will be obeyed It will be a minimum possible time in which device can react under certain data load Synopsis 16 to 1400 or Maximum Default Maximum The maximum number of bytes received from serial port to be forwarded Synopsis 16 to 1400 or Maximum Default Maximum The maximum number of bytes received from the serial port to be forwarded Synopsis None XON XOFF Default None The Flowcontrol setting for serial port Synopsis TCP UDP Default TCP The network transport used to transport protocol data over IP network Synopsis In Out Both Default In The Call direction for TCP Tranport Whether to accept an incoming connection or to place an outgoing connection or to place outgoing connection and wait for incomming both directions Synopsis 1
11. Chapter 14 RUGGEDCOM ROS Diagnostics User Guide Log out Files Transfer 2 Alarms Back TELNET PC File Browse_ Device File TFTP Server IP Address Leer PUT J Figure 215 Files Transfer Form Parameter Description PC File The path and name of the file on your local PC Use the Browse button to locate the file Device File The name of the file on the device TFTP Server IP Address The IP address of a TFTP server A TFTP server application must be installed on your local PC 288 Transferring Files RUGGEDCOM ROS Chapter 15 User Guide Firmware Upgrade and Configuration Management 15 Firmware Upgrade and Configuration Management ROS provides flexible powerful mechanisms for the bulk update and backup of system firmware and of the configuration database The ROS firmware and configuration database are represented as files in the internal file system and bulk update and backup consist of simply transferring files to and from the ROS device by one of the several means provided ROS also implements an SQL command language in order to provide the flexibility and power of a database model when configuring ROS based devices Section 15 1 Files Of Interest The files in ROS that may be updated and backed up are described below main bin the main ROS application firmware image Upgrades to ROS are made via updates to this file boot bin the boot loader firmware image In normal practice the boot l
12. HENAO Untagged Disabled 2 11 Untagged Disabled 4 1 Untagged Disabled 15 1 Untagged Disabled 6 1 Untagged Disabled Fi 1 Untagged Disabled 8 14 Untagged Disabled Log out Port VLAN Parameters pacien admin Back Port s 1 Type Edge y PVID 1 PVID Format Untagged Tagged GVRP Disabled x Apply Reload Figure 159 Port VLAN Parameters Form Parameter Description Port s Synopsis Any combination of numbers valid for this parameter The port number as seen on the front plate silkscreen of the switch or a list of ports if aggregated in a port trunk Type Synopsis Edge Trunk PVLANEdge QinQ Default Edge Port VLAN Parameters RUGGEDCOM ROS Chapter 8 User Guide VLANs Parameter Description This parameter specifies how the port determines its membership in VLANs There are few types of ports Edge the port is only a member of one VLAN its native VLAN specified by the PVID parameter Trunk the port is automatically a member of all configured VLANs Frames transmitted out of the port on all VLANs except the port s native VLAN will be always tagged It can also be configured to use GVRP for automatic VLAN configuration PVLANEdge the port is only a member of one VLAN its native VLAN specified by the PVID parameter and does not forward traffic to other PVLANedge ports within the same VLAN QinQ the port is a trunk port using double VLAN tagging or nested V
13. Upgrading Firmware for details on the permissions necessary to write the ROS configuration file Section 15 7 Backing Up ROS System Files All of the same file transfer mechanisms discussed in the preceding sections may also be used to transfer files from a ROS device as well as to update firmware or configuration files It might be desirable in addition to creating an archive of the device s firmware files to back up the configuration database config csv or system log file syslog txt on a regular basis Type dir at the ROS CLI for a listing and description of files on the ROS device An example of backing up a file using SFTP follows For descriptions on the use of the other file transfer mechanisms please refer to the examples in Section 15 4 Upgrading Firmware Note that only the direction of file transfer changes Section 15 7 1 Backing Up Files Using SFTP This method requires that SFTP client software be available on a computer with a network connection to the ROS device that one wishes to back up Establish an SFTP connection with administrative privileges to the ROS device Begin transferring the desired file from the device An example of using an SFTP session to create a local backup of the ROS main firmware image to a Linux workstation follows user3lhost sftp admin3lros_ip Conesa co OS _WS o admin3lros_ ip s password sftp gt get main bin Downloading main bin main bin 100 2139KB 48 7K
14. e Configure Raw Socket e Configure Preemptive Raw Socket e Configure Modbus Server e Configure Modbus Client Configure WIN and TIN Configure MicroLok Configure DNP Protocol e Configure DNP e Configure DNP over RawSocket e Configure Mirrored Bits e Configure Telnet Com Port e Configure Device Address Table e View TIN Dynamic Address Table e View Links Statistics e View Connection Statistics e View Serial Port Statistics e Clear Serial Port s Statistics e Reset Serial Port s Ethernet Ports Ethernet Stats Link Aggregation Spanning Tree Virtual LANs Port Security Classes of Service Multicast Filtering MAC Address Tables Network Discovery Diagnostics Figure 66 Serial Protocols Menu Serial Protocol Configuration 105 Chapter 3 Serial Protocols RUGGEDCOM ROS User Guide Section 3 3 1 Serial Ports Log out Figure 67 Serial Port Table Serial Ports access admin Port1 None RS232 Off 960018 1 Mone O ms 15 bits CNN E 0 ms Port2 None RS232 Off g600 8 1 None Oms 15 bits Off 0 ms 3 Port3 None RS232 Off 9600 8 1 Mone 0ms 15 bits Off o 0 ms 4 Port4 None R5232 Off 9600 8 1 None Oms 15bits Of o 0ms Log out Back Port Name Protocol Type ForceHD Baud Data Bits Stop Parity Turnaround Hold Time DSCP IRIGB Figure 68 Serial Port Configuration Form RxtoTx Delay Serial Ports iT Pott o N
15. PAC ANS Ay SSA IAS Is Silo 6 6 6 D 02 D GE 74 74 emetation of Lin 41 74 6D 74 42 Cx 74 0 BODE OS que TOSE 2 6E Gor 74 PASAR RS 232 MIB Agent O mG 20 74 64 74 6 74 hex 43 68 20 20 SU 6 Go Oe 74 WS Oe hex 6 k Aggregation O Ue OS 68 65 Gir Gila 20 12 que 20 GE 62 4D 5205 20 Ol 20 69 49 Ss 49 66 Gls Capabilities Gee 42 Ol 45 205 66 69 74 69 20209273520 GD Once 45 45 38 30 USOS 20 4C 69 DL D AD IZ IS IO O SS RUGGEDCOM SERIAL MIB Agent Capabilities Notice the sysORID 10 object value The sysORTable will describe precisely which MIB and which parts of the MIB are supported by the device Section 1 3 SNMP Trap Summary The switch generates the following standard traps from IF MIB linkDown linkUp e from SNMPv2 MIB authenticationFailure coldStart from BRIDGE MIB newRoot topologyChage from RMON MIB risingAlarm fallingAlarm e from LLDP MIB IldpRemoteTablesChange The switch also generates several proprietary traps These traps are described in the RC TRAPS MIB 10 SNMP Trap Summary RUGGEDCOM ROS Chapter 1 User Guide Introduction Table Proprietary Traps Trap Source MIB genericTrap RC TRAPS MIB powerSupplyTrap swUpgradeTrap cfgChangeTrap weakPassword Trap defaultKeysTrap For SSL keys only
16. RUGGEDCOM ROS User Guide Parameter Description protocol It provides the connected device with time to turn off its transmitter and to turn on its receiver helping to ensure that the device receives the next message without data loss IRIGB Synopsis PWM PPS Off Default Off The operational mode of the IRIGB port Possible options are PWM and PPS PWM Pulse Width Modulation mode complies with IRIG Standard 200 04 generating formats IRIGB002 and IRIGB003 PPS Pulse per Second provides a generic PPS interface to synchronize external devices For more information on IRIG B see Section 2 11 5 Configuring IRIG B Section 3 3 2 Raw Socket Log out E ER i Figure 69 Raw Socket Table Protocol access admin 13 leg Maximum XON XOFF TCP 0 Off 10 ms M n 1 50001 50000 192 168 0 10 Enabled None IGE n 4 50000 50000 Enabled Log out Back Figure 70 Raw Socket Form Protocol access admin Port B Pack Char for Pack Timer fi Oms Pack Size Maximum Flow Control None XON XOFF Transport TCP UDP Call Dir ny Max Conns hi Loc Port 50000 Rem Port 50000 IP Address Link Stats Disabled Enabled Apply Reload 108 Raw Socket RUGGEDCOM ROS User Guide Chapter 3 Serial Protocols Parameter Port Pack Char Pack Timer Pack Size Pack Size Flow Control Transport
17. Synopsis 1to2 Default 1 The TIN Protocol running mode Synopsis TCP UDP Default UDP The network transport used to transport protocol data over an IP network Synopsis TCP UDP Default UDP The network transport used to transport protocol data over an IP network Synopsis 1024 to 65535 Default 51000 The local port number on which the TIN protocol listens for connections or UDP datagrams Synopsis 1024 to 65535 Default 52000 The local port number on which the WIN protocol listens for connections or UDP datagrams Synopsis 1 to 3600 or Disabled Default Disabled The Aging Time for TIN mode2 messages It specifies how long a message should be stored in the internal table When the feature is enabled any TIN mode2 message received WIN and TIN 115 Chapter 3 Serial Protocols RUGGEDCOM ROS User Guide Parameter Address Aging Timer Broadcast Addresses Unicast Addresses Link Stats WIN DSCP TIN DSCP Section 3 3 8 MicroLok Log out jas EN io Figure 79 MicroLok Form Description will be stored in an internal table which can be examined by using command SQL SELECT FROM ItcsTin2Dup If the same message is received within the time window specified by this parameter the new message is considered duplicate and thus discarded Synopsis 60 to 1000 Default 300s The time of communication inactivity after which a learned TIN address is re
18. bootVersionMismatchTrap rcRstpNewT pology RUGGEDCOM STP MIB Generic traps carry information about event in severity and description objects They are sent at the time that an alarm is generated for the device The following are examples of RUGGEDCOM Generic Traps along with the severity of each one in brackets e e heap error alert NTP server failure notification real time clock failure error failed password warning MAC address not learned by switch fabric warning BootP client TFTP transfer failure error received looped back BPDU error received two consecutive confusing BPDUs on port forcing down error GVRP failed to learn too many VLANs warning The information about generic traps can be retrieved using CLI command alarms The switch generates the following traps on specific events e from RUGGEDCOM STP MIB rcRstpNewTopology generated after topology becomes stable after a topology change occurs on a switch port from RUGGEDCOM POE MIB rcPoeOverheat and rcPoeOverload generated by Power over Ethernet PoE overheat and overload conditions respectively These traps are only generated by RS900GP devices Section 1 4 Available Services by Port The following table lists the services available by the device including the following information e Services The service supported by the device Port Number The port number associated with the service Port Open Available S
19. 62001 Rem Port 62000 IP Address Link Stats Disabled Enabled Dyn Pack Char Off Dyn Pack Timer 10ms Timeout 10s Apply Reload Parameter Description Port Synopsis 1 to4 Default 1 The port number as seen on the front plate silkscreen of the switch Preemptive Raw Socket 111 Chapter 3 Serial Protocols RUGGEDCOM ROS User Guide Parameter Pack Char Pack Timer Pack Size Flow Control Loc Port Rem Port IP Address Link Stats Dyn Pack Char Dyn Pack Timer Timeout Description Synopsis 0 to 255 or Off Default Off The character that can be used to force forwarding of accumulated data to the network Ifa packetization character is not configured accumulated data will be forwarded based upon the packetization timeout parameter Synopsis 1 to 1000 Default 10 ms The delay from the last received character until when data is forwarded If parameter value is set to be less than 3 ms there is not guaranty that it will be obeyed It will be a minimum possible time in which device can react under certain data load Synopsis 16 to 1400 or Maximum Default Maximum The maximum number of bytes received from serial port to be forwarded Synopsis None XON XOFF Default None The Flowcontrol setting for serial port Synopsis 1024 to 65535 Default 62001 The local IP port to use when listening for an incoming connection or UDP data Synopsis 1 to 65
20. Auxiliary TCP Port Disabled Send Exceptions Disabled O Enabled Link Stats Disabled Enabled Figure 76 Modbus Server Form Parameter Description Port Synopsis 1 to maximum port number Default 1 The port number as seen on the front plate silkscreen of the switch Response Timer Synopsis 50 to 10000 Default 1000 ms The maximum allowable time to wait for the RTU to start to respond Auxiliary TCP Port Synopsis 1024 to 65535 or Disabled Default Disabled access admin access admin The TCP Modbus Server always listens on TCP port 502 It may be additionally configured to listen on this auxiliary port number accepting calls on both Send Exceptions Synopsis Disabled Enabled Modbus Server 113 Chapter 3 Serial Protocols RUGGEDCOM ROS User Guide Parameter Link Stats Section 3 3 6 Modbus Client Log out la 2 tz Figure 77 Modbus Client Form Parameter IP Port Forward Exceptions Link Stats DSCP Description Default Enabled This parameter enables disables sending a TCP Modbus exception back to the master if a response has not been received from the RTU within expected time Synopsis Disabled Enabled Default Enabled Enables link statistics collection for this protocol Modbus Client prira IP Port 502 Forward Exceptions Disabled O Enabled Link Stats Disabled Enabled DSCP o Description Synopsi
21. Configurable local and remote IP port numbers per serial port TCP accept or request one permanent connection on configured IP address e TCP accept one dynamic connection from different IP address e Dynamic connection activity timer controlled XON XOFF flow control for permanent connection e Packetization trigger based on a specific packet size a specific character or upon a timeout for each connection Section 3 1 4 Modbus protocol features e Operation in TCPModbus Server Gateway or Client Gateway mod e e Multi master mode on the server e Configurable behavior for sending exceptions e Full control over packetization timers A configurable Auxiliary IP port number for applications that do not support port 502 Section 3 1 5 DNP protocol features e Packetization per protocol specification e CRC checking in message headers received from the serial port e Local and remote source address learning 92 DNP over Raw Socket protocol features RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols Section 3 1 6 Microlok protocol features e Packetization per protocol specification Section 3 1 7 WIN protocol features e Packetization following the protocol requirements e CRC checking for messages received from the serial port Section 3 1 8 TIN protocol features Support for two modes of TIN protocol e Packetization following the protocol requireme
22. Layer 2 Multicast Startup Wait 10s Desired Clock Accuracy 10us Network Class IEEE1588 network Non IEEE1588 network O Figure 28 Global Parameters Form Parameter Description PTP Enable Synopsis No Yes Default No 58 Global PTP Parameters RUGGEDCOM ROS Chapter 2 User Guide Administration Parameter Description Enables PTP Precision Time Protocol protocol Clock Type Ordinary Clock Default Ordinary Clock Selects PTP Precision Time Protocol clock type such as Ordinary Clock OC If configure as an Ordinary Clock the device acts as either a master or slave except if IRIGB or GPS interface is installed In that case the device either acts as a master or remains in a passive state PTP Profile Synopsis Power Profile Default P2P Profile Default E2E Profile Custom Profile Ethernet Ports VLAN ID Class Of Service Transport Protocol Startup Wait Desired Clock Accuracy Network Class Default Power Profile Selects PTP Precision Time Protocol clock profile PTP profile is the set of allowed PTP features applicable to a device Supported profiles are Power Profile IEEE C37 238 Default P2P Peer to Peer Profile as defined in IEEE1588 2008 standard with layer 2 transport Default E2E End to End Profile as defined in IEEE1588 2008 standard with layer 2 transport and user defined Custom Profile Synopsis Any combination of numbers valid for this parameter Default All
23. NOTE If the IEEE 1344 is needed make sure IEEE 1344 is enabled last when configuring time synchronization otherwise the device will need to be reset Parameter Description TTL Output Synopsis Off PWM PPS Default PWM Selects operational mode of IRIGB port Possible options are PWM Pulse Width Modulation and PPS Pulse per Second PWM mode complies with IRIG Standard 200 04 and is capable of generating formats IRIGB006 and IRIGB007 PPS provides generic PPS interface to synchronize external devices IEEE 1344 Synopsis No Yes Default No Selects IEEE 1344 IRIGB extensions C37 118 2005 if a BNC IRIG B card is installed IEEE 1344 IRIGB extensions use extra bits of the Control Functions CF portion of the IRIGB time code Within this portion of the time code bits are designated for additional features including Calendar Year Leap seconds leap seconds pending Daylight Saving Time DST DST pending local time offset and time quality IRIG B functionality for the serial port connectors is configured via the serial port setup menu 64 Configuring IRIG B RUGGEDCOM ROS Chapter 2 User Guide Administration Log out Serial Ports access admin Back Port fi Name Port1 Protocol None Type R5232 ForceHD On Off Baud 9600 Data Bits TO ge Stop E Parity None Turnaround dms PostTx Delay fis bits Hold Time or DSCP fo RxtoTx Delay Oms IRIGB Off y Apply Reload
24. Network Discovery RUGGEDCOM ROS User Guide Section 13 3 1 4 LLDP Neighbor Information LLDP Neighbor Information access admin 00 0A DC 0B 59 40 15 rcswS RSG2100 R RM HI XXX 3 00 OA DC 10 A8 CO 00 0A DC 10 A8 C0 __ localhostlocaldoma _ Linux 2 6 26 2 9x1 6 00 0A DC 10 A8 CO 00 0A DC 10 A8 C1 localhost localdoma Linux 2 6 26 2 gx1 Figure 203 LLDP Neighbor Information Table Parameter Port Chassisld Portld SysName SysDesc Description Synopsis 0 to 4294967295 The local port associated with this entry Synopsis Any 19 characters Chassis Id information received from a remote LLDP agent Synopsis Any 19 characters Port Id information received from a remote LLDP agent Synopsis Any 19 characters System Name information received from a remote LLDP agent Synopsis Any 19 characters System Descriptor information received from a remote LLDP agent 272 LLDP Neighbor Information RUGGEDCOM ROS Chapter 13 User Guide Network Discovery Section 13 3 1 5 LLDP Statistics access admin Log out LLDP Statistics Figure 204 LLDP Statistics Table Parameter Description Port Synopsis 1 to9 The port number as seen on the front plate silkscreen of the switch FrmDrop Synopsis 0 to 4294967295 The number of all LLDP frames discarded ErrFrm Synopsis 0 to 4294967295 The number of all LLDPDUs received with detectable errors Frmin Synopsis 0 to 4294967295 The numbe
25. Off On Port 3 4_ Port4 Figure 99 Port Parameters Table Log out Back Figure 100 Port Parameters Form Parameter Port Name Media 400TX Enabled On Auto Auto off off On 100TX Enabled On Auto Auto Off Off On Port Parameters access admin Port 2 Port 2 Name Media 100TX State Disabled Enabled AutoN of on Speed Auto y Dupx Auto y FlowCtr of on C LFI or Alarm off On Apply Reload Description Synopsis 1 to maximum port number Default 0 The port number as seen on the front plate silkscreen of the switch Synopsis Any 15 characters Default Not installed A descriptive name that may be used to identify the device connected to that port Synopsis 100TX 10FL 100FX 1000X 1000T 802 119 EoVDSL 100TX Only 10FL 100SX 10GX 136 Port Parameters RUGGEDCOM ROS Chapter 4 User Guide Ethernet Ports Parameter Description The type of the port s media State Synopsis Disabled Enabled Default Enabled Disabling a port will prevent all frames from being sent and received on that port Also when disabled link integrity pulses are not sent so that the link activity LED will never be lit You may want to disable a port for troubleshooting or to secure it from unauthorized connections NOTE Disabling a port whose media type is set to 802 11 disables the corresponding wireless module AutoN Synopsis Off On De
26. Selects which Ethernet ports will take part in PTP Precision Time Protocol message exchanges Synopsis 1 to 4095 or Disable Default 1 The VLAN ID associated with untagged and 802 1p priority tagged frames received on this port Frames tagged with a non zero VLAN ID will always be associated with the VLAN ID retrieved from the frame tag Frames tagged with a zero VLAN ID will always be associated with the VLAN ID 1 unless this parameter is configured Synopsis 1 to 7 or Disable Default 4 Sets the frame priority of PTP data as set out in the IEEE 802 1p specification IEEE 802 1p defines eight different classes of service usually expressed through the 3 bit priority field in an IEEE 802 1Q header added to the Ethernet frame Enabling the VLAN option and a Class Of Service set to Disable is equivalent to priority O in terms of IEEE 802 1p specification Synopsis Layer 2 Multicast Default Layer 2 Multicast Layer 2 Ethernet multicast transport for PTP Precision Time Protocol messages Synopsis 0s to 3600s Default 10s Normally start up time of non GPS master is less than GPS enabled master i e acquiring GPS lock This parameter provides ability to bootstrap the PTP network in more orderly fashion Synopsis 50 ns 100 ns 250 ns 1 us 2 5 us 10 us 25 us 100 us 250 us 1 ms 2 5 ms 10 ms 25 ms 100 ms 250 ms Default 100 us This parameter allows user to configure desired clock accurac
27. Soe FOR 9 aes C2 b2 85 ESS TOS 84 Gilg EZS llarg e4 Sus ERS POB JO PAP iO Garon ey fey der te Ss oo SHO ES ea b4 86 06 328 pos 41 e8 SEIE e8 9e 76 58 ee EZ is ROZAR CUE part TOSE EKOS 2 46 240 77 Ls Peas gaili FA cas 37 b8 Cons Od Sas Oa TOR 8b SOS 9e 1024 Sartare ES 288 BEER TOs Lao 123 e2 sio 138 6d O cil 8d ALE el 2e 157 80 394 129 48 Ses Ss 74 40 d8 Sao COR dg 04 4 e6 14 So 6d BER e0 EIJE Nog 328 sios 4e LOS 8a ada e5 ea DE ee d6 18 Jilg cor OS 48 le TO cre SOG 66 DOR ISLE Bess 36 foots Des 62 053 4a e9 398 25 SSIS SEn 938 SBOR ess de dd zali d8 61 ESTS EOS fe de 8e Soele 28 B28 ZIONS 58 e5 d4 Sos Od CER Shir 99 FAR B28 Sau San Oa seb on Seine 40 LES c6 E Cee 123 de G23 G38 gek 01 ar e8 58 Lao 54 ee eb e7 ECS 6a FOR Selg 303 EZ 8 el Cos 74 Guile GOS DOs Ser sas de 64 e0 TaS SSL 48 BSS 385 52 COS 023 8e ces eas 04 Ze ESk ce aC oo BES 40 FIS 578 ll g Sot e3 99 49 Got TSE AE DOS ae fact 9e f ssh keys ba ek Be Laos 14 67 T2 e8 Sas de 43 4c
28. Synopsis 1 to 4094 Default 1 The VLAN Identifier is used to identify the VLAN in tagged Ethernet frames according to IEEE 802 1Q Synopsis Any 19 characters Default The VLAN name provides a description of the VLAN purpose for example Engineering VLAN Synopsis Any combination of numbers valid for this parameter Default None These are ports that are not allowed to be members of the VLAN Examples None all ports of the switch are allowed to be members of the VLAN 2 4 6 8 all ports except ports 2 4 5 6 and 8 are allowed to be members of the VLAN Synopsis Off On Default Off This parameter enables or disables IGMP Snooping on the VLAN Synopsis 0 to 16 Default 0 This parameter is only valid for Multiple Spanning Tree Protocol MSTP and has no effect if MSTP is not used The parameter specifies the Multiple Spanning Tree Instance MSTI to which the VLAN should be mapped If IGMP Snooping is not enabled for the VLAN both IGMP messages and multicast streams will be forwarded directly to all members of the VLAN If any one member of the VLAN joins a multicast group then all members of the VLAN will receive the multicast traffic Static VLANs 221 Chapter 8 VLANs RUGGEDCOM ROS User Guide Section 8 3 3 Port VLAN Parameters Log out Back Port VLAN Parameters Untagged Disabled Figure 158 Port VLAN Parameters Table
29. describes a protocol that can simplify the troubleshooting of complex networks and can be used by Network Management Systems NMS to obtain and monitor detailed information about a network s topology LLDP data are made available via SNMP through support of LLDP MIB LLDP allows a networked device to discover its neighbors across connected network links using a standard mechanism Devices that support LLDP are able to advertise information about themselves including their capabilities configuration interconnections and identifying information LLDP agent operation is typically implemented as two modules the LLDP transmit module and LLDP receive module The LLDP transmit module when enabled sends the local device s information at regular intervals in 802 1AB standard format Whenever the transmit module is disabled it transmits an LLDPDU LLDP data unit with a time to live TTL time length value TLV containing 0 in the information field This enables remote devices to remove the information associated with the local device in their databases The LLDP receive module when enabled receives remote devices information and updates its LLDP database of remote systems When new or updated information is received the receive module initiates a timer for the valid duration indicated by the TTL TLV in the received LLDPDU A remote system s information is removed from the database when an LLDPDU is received from it with TTL TLV containing 0 i
30. sure users have the right knowledge and expertise to understand the various technologies associated with critical communications network infrastructure technologies Siemens unique mix of IT Telecommunications expertise combined with domain knowledge in the utility transportation and industrial markets allows Siemens to provide training specific to the customer s application For more information about training services and course availability visit www siemens com ruggedcom or contact a Siemens sales representative Customer Support Customer support is available 24 hours 7 days a week for all Siemens customers For technical support or general information please contact Customer Support at Toll Free North America 1 866 922 7975 International 1 905 856 5288 Website http support automation siemens com Accessing Documentation XV RUGGEDCOM ROS User Guide Preface Customer Support xvi RUGGEDCOM ROS Chapter 1 User Guide Introduction if Introduction Section 1 1 Security Considerations Section 1 1 1 Security Recommendations To prevent unauthorized access to the device note the following security recommendations Do not connect the device directly to the Internet The device should be operated inside a secure network perimeter Replace the default passwords for the standard admin operator and guest accounts before the device is deployed Use strong passwords For more information about creat
31. 2 Customer 1 Network E a Service PVID X Switch 1 Provider Switch 2 PVID Y Infrastructure Customer 1 Customer 2 Figure 151 Using QinQ Example NOTE QinQ can only be enabled on one switch port at a time 216 QinQ RUGGEDCOM ROS Chapter 8 User Guide VLANs NOTE li Some switch models only support QinQ if all edge ports are configured with the same PVID In this case a dedicated switch must be assigned to each customer Section 8 2 VLAN Applications Section 8 2 1 Traffic Domain Isolation VLANs are most often used for their ability to restrict traffic flows between groups of devices Unnecessary broadcast traffic can be restricted to the VLAN that requires it Broadcast storms in one VLAN need not affect users in other VLANs Hosts on one VLAN can be prevented from accidentally or deliberately assuming the IP address of a host on another VLAN By configuring the management VLAN a management domain can be established that restricts the number of users able to modify the configuration of the network The use of creative bridge filtering and multiple VLANs can carve seemingly unified IP subnets into multiple regions policed by different security access policies Multi VLAN hosts can assign different traffic types to different VLANs VLAN Applications 217 Chapter 8 RUGGEDCOM ROS VLANs User Guide Switch 1 Switch 2 Switch 3 Figure 152 Multiple Overlapping VLANs Section 8 2 2 Admi
32. CoS Parameters amin Back Port s fi Default Pri lo Inspect TOS No Yes Apply Reload Figure 173 Port CoS Parameter Form 238 Port CoS Parameters RUGGEDCOM ROS Chapter 10 User Guide Classes of Service Parameter Description Port s Synopsis 1 to maximum port number The port number as seen on the front plate silkscreen of the switch or a list of ports if aggregated in a port trunk Default Pri Synopsis 0 to7 Default 0 This parameter allows prioritization of the frames received on this port that are not prioritized based on the frames contents e g priority field in the VLAN tag DiffServ field in the IP header prioritized MAC address Inspect TOS Synopsis No Yes Default No This parameter enables or disables parsing of the Type Of Service TOS field in the IP header of the received frames to determine the Class of Service that should be assigned When TOS parsing is enabled the switch will use the Differentiated Services bits in the TOS field Section 10 2 3 Priority to CoS Mapping e s access Log out Priority to CoS Mappin ania Back Normal Ello llar la Testo E E Figure 174 Priority to CoS Mapping Table Priority to CoS Mapping 239 Chapter 10 RUGGEDCOM ROS Classes of Service User Guide ee r access Log out q Priority to CoS Mappin sami Back maoniy lo Cos Normal y Apply Reload Figure 175 Priority
33. For the modules with SFP GBICs media description is displayed as per SFF 8472 specification if transceiver is plugged into the module e g 10 100 1000TX RJ45 100FX SM SC 10FX MM ST 1000SX SFP LC S SL M5 This command performs a reset of the specified Ethernet ports This action is useful for forcing re negotiation of speed and duplex mode or in situations where the link partner has latched into an inappropriate state 146 Port Status RUGGEDCOM ROS Chapter 4 User Guide Ethernet Ports Section 4 3 Troubleshooting Problem One One of my links seems to be fine at low traffic levels but starts to fail as traffic rates increase One of my links pings OK but has problems with FTP SQL HTTPY A possible cause of intermittent operation is that of a duplex mismatch If one end of the link is fixed to full duplex and the peer auto negotiates the auto negotiating end falls back to half duplex operation At lower traffic volumes the link may display few if any errors As the traffic volume rises the fixed negotiation side will begin to experience dropped packets while the auto negotiating side will experience collisions Ultimately as traffic loads approach 100 the link will become entirely unusable NOTE i The ping command with flood options is a useful tool for testing commissioned links The command ping 192 168 0 1 500 2 can be used to issue 500 pings each separated by two milliseconds to the next switch If
34. HMACMD5 CBC DES o00000 a as E TA common noAuth noPriv public 192 168 0 10 public noAuth noPriw read 192 168 0 20 public noAuth noPriv P Figure 41 SNMP User Table 74 SNMP Users RUGGEDCOM ROS Chapter 2 User Guide Administration Log out SNMP Users access admin Back Name read IP Address 192 168 020 v1 v2c Community pubie s lt is sSSCS Auth Protocol noAuth HMACMDS Priv Protocol noPriw CBC DES Auth Key FO Confirm Auth Key FT Priv Key Bo Confirm Priv Key 7 Apply Delete Reload Figure 42 SNMP User Form Parameter Description Name Synopsis Any 32 characters Default initial The name of the user This user name also represents the security name that maps this user to the security group IP Address Synopsis H HH HHH where H ranges from 0 to 255 Default The IP address of the user s SNMP management station If IP address is configured SNMP requests from that user will be verified by IP address as well SNMP Authentication trap will be generated to trap receivers if request was received from this user but from any other IP address If IP address is empty traps can not be generated to this user but SNMP requests will be served for this user from any IP address v1 v2c Community Synopsis Any 32 characters Default The community string which is mapped by this user security name to the security gr
35. IP Address 1192 168 0 100 Auth UDP Pot 1812 Auth Key eo Confirm Auth Key eeeee Figure 48 RADIUS Server Form Parameter Server IP Address Auth UDP Port Auth Key Confirm Auth Key Section 2 14 TACACS TACACS Terminal Access Controller Access Control System Plus is a TCP based access control protocol that provides authentication authorization and accounting services to routers network access servers and other networked computing devices via one or more centralized servers It is based on but is not compatible with the older TACACS protocol TACACS has generally replaced its predecessor in more recently built or updated networks although TACACS and XTACACS are still used on many older networks Note that Siemens TACACS client implementation always has encryption enabled Description Synopsis Any 8 characters Default Primary This field tells whether this configuration is for a primary or a backup server Synopsis HHHHH HH HH where H ranges from 0 to 255 Default The RADIUS server IP Address Synopsis 1 to 65535 Default 1812 The authentication UDP Port on the RADIUS server Synopsis 31 character ASCII string Default None The authentication key shared with the RADIUS server It is used to encrypt any passwords that are sent between the switch and the RADIUS server Synopsis 31 character ASCII string Default None Confirm input of the above authentication key TACA
36. Instance ID 1 GET Port s 1 Priority 128 vw STP Cost Auto RSTP Cost Auto Figure 142 Port MSTI Parameter Form Parameter Description Instance ID Synopsis 0 to 16 Default 1 The Instance ID refers to the MSTI Multiple Spanning Tree Instance ID Specify an Instance ID and select GET in order to load parameters corresponding to the selected _ MSTI Changes to parameters that are subsequently applied will apply to the selected Port MSTI Parameters 199 Chapter 7 Spanning Tree RUGGEDCOM ROS User Guide Parameter Port s Priority STP Cost RSTP Cost Description Instance ID Note Port Parameters for the IST MSTI zero are accessible via the Port RSTP Parameters menu see Section 7 4 2 Port RSTP Parameters Synopsis Any combination of numbers valid for this parameter The port number as seen on the front plate silkscreen of the switch or a list of ports if aggregated in a port trunk Synopsis 0 16 32 48 64 80 96 112 128 144 160 176 194 208 224 240 Default 128 Selects the STP port priority Ports of the same cost that attach to a common LAN will select the port to be used based on the port priority Synopsis 0 to 65535 or Auto Default Auto Selects the cost to use in cost calculations when the Cost Style parameter is set to STP in the Bridge RSTP Parameters configuration Settin
37. Mode of Operation A force half duplex mode of operation allows use of extensions that create echo loops as optical loop topology that utilizes the RMC20 repeat mode function RuggedServer Q RMC 20 Device 1 cc RS485 MASTER RS232 422 REPEAT OFF i FORCE HALF DUPLEX ON RMC 20 RS485 Slave RS485 Slave REPEaT 0N m gt REPEAT ON Multiple RMC 20 s Figure 65 Optical Loop Topology The diagram Figure 65 Optical Loop Topology illustrates a topology that utilizes the RMC20 repeat mode function The repeat function will optically retransmit any data received on the optical receiver in addition to any connected serial devices As a result any data transmitted from the master will be retransmitted optically to all the slaves This topology can be used for RS232 RS485 or RS422 multi drop networks In all cases all slaves have the repeat function DIP position 4 ON while the one connected to the RMC30 is configured with the repeat 104 Force Half Duplex Mode of Operation RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols function OFF The port used on the RMC30 must be in full duplex mode while the ForceHD Force Half Duplex parameter must be turned ON Section 3 3 Serial Protocol Configuration The Serial Protocols menu is accessible from the main menu a access Log out A g Main Menu adinin Administration e Serial Protocols e Configure Serial Ports e Configure Protocols
38. Packets 0408 2 Port 5 Statistics R Uint32 Ethernet In Packets 040A 2 Port 6 Statistics R Uint32 Ethernet In Packets 040C 2 Port 7 Statistics R Uint32 Ethernet In Packets 040E 2 Port 8 Statistics R Uint32 Ethernet In Packets 0410 2 Port 9 Statistics R Uint32 Ethernet In Packets 0412 2 Port 10 Statistics R Uint32 Ethernet In Packets Modbus Memory Map 15 Chapter 1 RUGGEDCOM ROS Introduction User Guide Address Registers Descnption Reference R W Format Table in Ul 0414 2 Port 11 Statistics R Uint32 Ethernet In Packets 0416 2 Port 12 Statistics R Uint32 Ethernet In Packets 0418 2 Port 13 Statistics R Uint32 Ethernet In Packets 041A 2 Port 14 Statistics R Uint32 Ethernet In Packets 041C 2 Port 15 Statistics R Uint32 Ethernet In Packets 041E 2 Port 16 Statistics R Uint32 Ethernet In Packets 0420 2 Port 17 Statistics R Uint32 Ethernet In Packets 0422 2 Port 18 Statistics R Uint32 Ethernet In Packets 0424 2 Port 19 Statistics R Uint32 Ethernet In Packets 0426 2 Port 20 Statistics R Uint32 Ethernet In Packets 0440 2 Port 1 Statistics R Uint32 Ethernet Out Packets 0442 2 Port 2 Statistics R Uint32 Ethernet Out Packets 0444 2 Port 3 Statistics R Uint32 Ethernet Out Packets 0446 2 Port 4 Statistics R Uint32 Ethernet Out Packets 0448 2 Port 5 Statistics R Uint32 Ethernet Out Packets 044A 2 Port 6 Statistics R Uint32 Ethernet Out Packets 044C 2 Port 7 Statis
39. ROS menu interface complete the following steps in order Each step begins at Administration gt System Time Manager Precision Time Protocol gt Configure Global Parameters set PTP Enable to Yes Precision Time Protocol gt Configure Global Parameters set Clock Type to Ordinary Clock Precision Time Protocol gt Configure Global Parameters set PTP Profile to Default P2P Profile Precision Time Protocol gt Configure Clock Parameters set Priority1 to 1 Configure Time Source set Primary Time Source to your primary time source such as IRIGB LOCAL CLK or NTP Q How do configure a P2P slave clock A Using the ROS menu interface complete the following steps in order Each step begins at Administration gt System Time Manager Precision Time Protocol gt Configure Global Parameters gt set PTP Enable to Yes Precision Time Protocol gt Configure Global Parameters gt set Clock Type to Ordinary Clock Precision Time Protocol gt Configure Global Parameters gt set PTP Profile to Default P2P Profile Precision Time Protocol gt Configure Clock Parameters gt set Slave Only to Yes Configure Time Source gt set Primary Time Source to IEEE1588 Q How do configure an End to End E2E master clock A Using the ROS menu interface complete the following steps in order Each step begins at Administration gt System Time Manager 1 Precision Time Protocol gt Configure Global Parameters set PTP Ena
40. Retrieving NfOrmation reiia is Grea a A a aan 298 15 9 4 Changing Values ina Table aere jerine EREA RA EAA ASA AEE RA pidan adonde 299 15 9 5 Setting Default Values in a Table ooooccnnncicinococcnnnnnnconnnnnnnnnnnonnnonnnnnnnrnnnnnnrrnnnnnnrrnnnnnner 299 1979 69 Using RSH and SQL renien cd lox ted a Mane 299 xii RUGGEDCOM ROS User Guide Preface Preface This guide describes the ROS v running on the RUGGEDCOM RS416 family of products It contains instructions and guidelines on how to use the software as well as some general theory It is intended for use by network technical support personnel who are familiar with the operation of networks It is also recommended for us by network and system planners system programmers and line technicians About This Guide This guide is intended for use by network technical support personnel who are familiar with the operation of networks It is also recommended for us by network and system planners system programmers and line technicians Conventions This User Guide Guide uses the following conventions to present information clearly and effectively Alerts The following types of alerts are used when necessary to highlight important information For E gt DANGER DANGER alerts describe imminently hazardous situations that if not avoided will result in death or serious injury WARNING WARNING alerts describe hazardous situations that if not avoided may result in
41. Stats Synopsis Disabled Enabled Default Enabled Enables link statistics collection for the protocol Section 3 3 3 Remote Hosts access Log out Remote Hosts admin Back InsertRecord 10 1 23 50000 All 10 2 3 4 500 00 AIl Figure 71 Remote Hosts Table access Log out Remote Hosts dnin Back IP Address 10 234 IP Port 50000 Port s an _Apply Delete Reload Figure 72 Remote Hosts Form Parameter Description IP Address Synopsis HH HHH HHH where ranges from 0 to 255 Default The IP address of the remote host IP Port Synopsis 1 to 65535 or Unknown Default 50000 110 Remote Hosts RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols Parameter Description The IP port that remote host listens to If this is zero Unknown the unit only receives from the remote host but does not transmit to it Port s Synopsis Any combination of numbers valid for this parameter Default All The local serial ports that the remote host is allowed to communicate with Section 3 3 4 Preemptive Raw Socket Log out Back Figure 73 Preemptive Raw Socket Table Preemptive Raw Socket a Off 10 ms Maximum None 62001 62000 Enabled Off 10ms 10s 1 Alarms Figure 74 Preemptive Raw Socket Form Log out Preemptive Raw Socket 1 Alarms Back Port 1 Pack Char Off Pack Timer 10 ms Pack Size Maximum Flow Control None XON XOFF Loc Port
42. Stopped Diagnostics may be stopped at any point Ifa stop is issued in the middle of a diagnostics run it will nevertheless run to completion and the results will be updated NOTE i Both the port under test PUT or partner port PT can be configured to be either in Enabled mode with auto negotiation or in Disabled mode Other modes may interfere with the cable diagnostics procedure and are not recommended Section 4 2 4 2 Interpreting Cable Diagnostics Results Four different conditions are reported for the state of a cable under examination Good No fault is detected on the tested cable Open Opened cable pair s is are detected on the tested cable Short Short cable pair s is are detected on the tested cable Imped Impedance Mismatch is detected on the tested cable The corresponding counts for each of these status conditions indicates the number of occurrences of each type of fault For a typical no fault Category 5 cable plugged into a 100BASE T port Good will be incremented by Running Cable Diagnostics 143 Chapter 4 RUGGEDCOM ROS Ethernet Ports User Guide two after every run of cable diagnostics once for each cable pair used by a 100BASE T port Note that for a 1 OOOBASE T port four cable pairs will be tested and so Good will be incremented by four after every successful run For a fault condition an estimated distance to the fault will be calculated and recorded in the
43. Time Control gt Configure Global Parameters set PTP Enable to Yes 2 Under Precision Time Control gt Configure Global Parameters set Clock Type to Ordinary Clock 3 Under Precision Time Control gt Configure Global Parameters set PTP Profile to Custom Profile 4 Under Precision Time Control gt Configure Global Parameters set Transport Protocol to Layer 3 Multicast 5 Under Precision Time Control gt Configure Global Parameters set Network Class to IEEE1588 Network Under Precision Time Control gt Configure Clock Parameters set Slave Only to Yes Under Precision Time Control gt Configure Time Source set Primary Time Source to IEEE1588 Under Precision Time Control gt View PTP Statistics gt View PTP Clock Stats view the IEEE1588 status on the switch Status must equal Slave Q How do configure an IEEE1588 ordinary clock and transparent clock with a GPS time source and power profile A The following describes how to configure a master clock transparent clock and slave with a GPS time source and power profile Using the ROS menu interface do the following NOTE i Each step begins at Administration gt System Time Manager PTP IEEE1588 Frequently Asked Questions 71 Chapter 2 RUGGEDCOM ROS Administration User Guide GPS Antenna Switch 1 Switch 2 Switch 3 Master Transparent Clock Slave Ethernet Link 2 Ethernet Link 1 Figure 40 Ordinary Clock and Transparent C
44. Tree Instance ID Specify an Instance ID and select GET in order to load the parameters of the page corresponding to the selected MSTI Changes to parameters that are subsequently applied will apply to the selected Instance ID Note Bridge Parameters for the IST MSTI zero are accessible via the Bridge RSTP Parameters menu see Section 7 4 1 Bridge RSTP Parameters Synopsis 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default 32768 Bridge Priority provides a way to control the topology of the STP connected network The desired Root and Designated bridges can be configured for a particular topology The bridge with the lowest priority will become root In the event of a failure of the root bridge the bridge with the next lowest priority will then become root Designated bridges that for redundancy purposes service a common LAN also use priority to determine which bridge is active In this way careful selection of Bridge Priorities can establish the path of traffic flows in both normal and abnormal conditions 198 Bridge MSTI Parameters RUGGEDCOM ROS Chapter 7 User Guide Spanning Tree Section 7 4 6 Port MSTI Parameters Log out Port MSTI Parameters admin Back Instance ID GET i Figure 141 Port MSTI Parameter Table access Log out Port MSTI Parameters mi Back
45. and Reference System Service IERS observes the Earth s rotation and nearly six months in advance January and July a Bulletin C message is sent out which reports whether or not to add a leap second in the end of June and December Please note that change in the Current UTC Offset parameter will result in a temporary disruption in the timing network Synopsis No Yes Default No This parameter allows user to manage the leap second event A leap second is a second added to Coordinated Universal Time UTC in order to keep it synchronized with astronomical time The International Earth Rotation and Reference System Service IERS observes the Earth s rotation and nearly six months in advance January and July a Bulletin C message is sent out which reports whether or not to add a leap second in the end of June and December This parameter must set at least 5 minutes in advance before the occurrence of leap second event Configuring NTP Service ROS may optionally be configured to refer periodically to a specified NTP server to correct any accumulated drift in the on board clock ROS will also serve time via SNTP to hosts that request it Two NTP servers primary and secondary may be configured for the device The primary server is contacted first upon each attempt to update the system time If the primary server fails to respond the secondary server is contacted If either the primary or secondary server fails to respond an alarm is r
46. audit the device to make sure it complies with these recommendations and or any internal security policies Configuration files are provided in the CSV comma separated values format for ease of use Make sure that configuration files are properly protected Management of the configuration file certificates and keys is the responsibility of the device owner Before returning the device to Siemens for repair make sure encryption is disabled to create a cleartext version of Security Considerations 1 Chapter 1 RUGGEDCOM ROS Introduction User Guide the configuration file and replace the current certificates and keys with temporary certificates and keys that can be destroyed upon the device s return Section 1 1 2 Key Files This section describes in detail the security keys used by ROS for the establishment of secure remote login SSH and web access SSL It is strongly recommended to create and provision your own SSL certificates and SSH keys The default certificate and keys are only ever used when upgrading to ROS v3 12 0 or later New ROS based units from Siemens will already have unique certificate and keys preconfigured in ss1 crt and ssh keys flash files The default and auto generated SSL certificate are self signed It is recommended to use SSL certificates that are either signed by a trusted third party Certificate Authority CA or by an organization s own CA This technique is described in the Siemens application
47. better performance than STP IEEE 802 1w RSTP still required up to several seconds to restore network connectivity when a topology change occurred A revised and highly optimized RSTP version was defined in the IEEE standard 802 1D 2004 edition IEEE 802 1D 2004 RSTP reduces network recovery times to just milliseconds and optimizes RSTP operation for various scenarios ROS supports IEEE 802 1D 2004 RSTP Section 7 1 1 RSTP States and Roles RSTP bridges have roles to play either root or designated One bridge the Root Bridge is the logical center of the network All other bridges in the network are Designated bridges RSTP also assigns each port of the bridge a state and a role The RSTP state describes what is happening at the port in relation to address learning and frame forwarding The RSTP role basically describes whether the port is facing the center or the edges of the network and whether it can currently be used State There are three RSTP states Discarding Learning and Forwarding The discarding state is entered when the port is first put into service The port does not learn addresses in this state and does not participate in frame transfer The port looks for RSTP traffic in order to determine its role in the network When it is determined that the port will play an active part in the network the state will change to learning Forwarding Timer Expires Or Active RSTP Handshake has Occurred Learning BPDUS indicate
48. change position to allow editing of the data item Typing a new value after pressing enter always erases the old parameter value The left and right cursor keys can be used to position the edit point without erasing the old parameter value The up and down cursor keys can be used to cycle through the next higher and lower values for the parameter After the parameter has been edited press enter again to change other parameters When all desired parameters have been modified press lt Ctrl A gt to apply changes The switch will automatically prompt you to save changes when you leave a menu in which changes have been made Some menus will require you to press lt Ctrl 1 gt to insert a new record of information and lt Ctrl L gt to delete a record Section 2 1 4 Updates Occur In Real Time All configuration and display menus present the current values automatically updating if changed from other user interface sessions or SNMP All statistics menus will display changes to statistics as they occur Section 2 1 5 Alarm Indications Are Provided Alarms are events for which the user is notified through the Diagnostics sub menu All configuration and display menus present an indication of the number of alarms in the upper right hand corner of the screen as they occur automatically updating as alarms are posted and cleared Section 2 1 6 The CLI Shell The user interface provides a Command Line Interface shell for operations that are
49. contained in IldpRemoteSystemsData objects because of insufficient resources The number of times the complete set of information has been inserted into tables contained in lldpRemoteSystemsData The counter that represents the number of age outs that occurred on a given port An age out is the number of times the complete set of information advertised by a neighbour has been deleted from tables contained in lldpRemoteSystemsData objects because the information timeliness interval has expired The number of LLDP frames received by this LLDP agent on the indicated port and then discarded for any reason This counter can provide an indication that LLDP header formatting problems may exist with the local LLDP agent in the sending system or that LLDPDU validation problems may exist with the local LLDP agent in the receiving system The number of invalid LLDP frames received by this LLDP agent on the indicated port while this LLDP agent is enabled 168 List of Objects Eligible for RMON Alarms RUGGEDCOM ROS User Guide Chapter 5 Ethernet Statistics lldpStatsRxPortFramesTotal lIldpStatsRxPortTLVsDiscardedTotal IldpStatsRxPortTLVsUnrecognizedTotal rcDeviceSts Temperature rs232AsyncPortFramingErrs rs232AsyncPortOverrunErrs rs232AsyncPortParityErrs snmpInASNParseErrs snmpInBadCommunityNames snmpInBadCommunityNames snmpIinBadVersions snmpinPkts tcpActiveOpens tcpAttemptFails tcpCurrEstab tcpEstab
50. each of its segments in order to determine whether at least one consumer still subscribes to a given stream If it receives no responses within a given timeout period usually two query intervals the router will prune the multicast stream from the given segment A more usual method of pruning occurs when consumers wishing to un subscribe issue an IGMP leave group message to determine whether there are any remaining subscribers of that group on the segment After the last consumer of a group has un subscribed the router will prune the multicast stream from the given segment Section 11 1 2 Switch IGMP Operation The IGMP Snooping feature provides a means for switches to snoop i e watch the operation of routers respond with joins leaves on the behalf of consumer ports and to prune multicast streams accordingly There are two modes of IGMP that the switch can be configured to assume active and passive Active Mode ROS IGMP supports routerless mode of operation When such a switch is used without a multicast router it is able to function as if it is a multicast router sending IGMP general queries 244 Switch IGMP Operation RUGGEDCOM ROS Chapter 11 User Guide Multicast Filtering Passive Mode When such a switch is used in a network with a multicast router it can be configured to run Passive IGMP This mode prevents the switch from sending the queries that can confuse the router causing it to stop issuing IGMP querie
51. end TCPModbus exchange 98 Modbus Server and Client Applications RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols Client Server Gateway Gateway RIY Master Transmission time from Master to Client Gateway Network transmission time Queuing time Transmission time from Server Gateway to RTU RTU think and transmission times to Server Gateway a Network transmission time N a Y Transmission time from Client Gateway to Master Time out Retransmissions complete Exception sent 9d Figure 63 Sources of Delay and Error in an End to End Exchange In step 1 the master issues a request to the Client Gateway If the Client Gateway validates the message it will forward it to the network as step 2 The Client Gateway can respond immediately in certain circumstances as shown in step 1a When the Client Gateway does not have a configuration for the specified RTU it will respond to the master with an exception using TCPModbus exception code 11 No Path When the Client Gateway has a configured RTU but the connection is not yet active it will respond to the master with an exception using TCPModbus exception code 10 No Response If the forwarding of TCPModbus exceptions is disabled the client will not issue any responses Steps 3a and 3b represent the possibility that the Server Gateway does not have a configuration for the specified RTU The Server Gateway will always resp
52. for particular objects Table TITLE File Name resnmpv2AC mib rcudpmibAC mib rctcpmibAC mib rcSnmpUserBasedSmMibAC mib rcSnmpViewBasedAcmMibAC mib rcifmibAC mib rcbridgemibAC mib rermonmibAC mib rcqbridgemibAC mib rcipmibAC mib rclldpmibAC mib rclagmibAC mib rcrstpmibAC mib rercdot11AC mib rcrcpoeAC mib rercrstpmibAC mib rercsysinfomibAC mib rerctrapsmibAC mib rers232mibAC mib rcserialmibAC mib MIB Name RC SNMPv2 MIB AC RC UDP MIB AC RC TCP MIB AC RC SNMP USER BASED SM MIB AC RC SNMP VIEW BASED ACM MIB AC RC IF MIB AC RC BRIDGE MIB AC RC RMON MIB AC RC Q BRIDGE MIB AC RC IP MIB AC RC LLDP MIB AC RC LAG MIB AC RC STP MIB AC RC RUGGEDCOM DOT11 MIB AC RC RUGGEDCOM POE MIB AC RC RUGGEDCOM STP AC MIB RC RUGGEDCOM SYS INFO MIB AC RC RUGGEDCOM TRAPS MIB AC RUGGEDCOM RS 232 MIB AC RC RUGGEDCOM SERIAL MIB AC Supported MIB SNMPv2 MIB UDP MIB TCP MIB SNMP USER BASED SM MIB AC SNMP VIEW BASED ACM MIB AC IF MIB BRIDGE MIB RMON MIB Q BRIDGE MIB IP MIB LLDP MIB IEEE8023 LAG MIB STP MIB RUGGEDCOM DOT11 MIB RUGGEDCOM POE MIB RUGGEDCOM STP MIB RUGGEDCOM SYS INFO MIB RUGGEDCOM TRAPS MIB RS 232 MIB RUGGEDCOM SERIAL MIB Siemens Supported Agent Capabilities MIBs RUGGEDCOM ROS Chapter 1 User Guide Introduction The following is an example from an RS416 device that describes the way to find objects and variations for supported MIBs NOTE RS416 running ROS CF52 Main v supports rugged
53. information in PTP messages to adjust their time to that of the master in their part of the hierarchy The PTP protocol executes within a logical scope called a domain The time established via the protocol within one domain is independent of the time in other domains A PTP version 2 system may consist of a combination of both PTP aware and PTP unaware devices There are five basic types of PTP device defined in the IEEE 1588 2008 standard Ordinary Clocks e Boundary Clocks End to End Transparent Clocks e Peer to Peer Transparent Clocks e Management Nodes The RS416 supports Ordinary Clock mode The Ordinary Clock can be either the grandmaster clock in a system or a slave clock in the master slave hierarchy The selection of grandmaster clock and slave clocks is based on the Best Master Clock BMC algorithm defined in the IEEE 1588 2008 standard The PTP protocol may operate at multiple OSI layers depending on the timestamp reference point for event messages System synchronization precision improves significantly the closer to the physical layer the timestamp reference point is taken Section 2 11 1 2 Clock Accuracy Siemens has developed a system for classifying clock accuracy In the context of RUGGEDCOM equipment this characterizes how well a slave clock maintains synchronization with its master clock The Desired Clock Accuracy is derived from the clockAccuracy attributes defined in the IEEE 1
54. its distance from the root bridge If the root bridge is assigned the lowest priority of 0 the bridges on either side should use a priority of 4096 and the next bridges 8192 and so on As there are 16 levels of bridge priority available this method provides for up to 31 bridges in the ring 6 Implement the network and test under load Section 7 3 3 RSTP Port Redundancy Figure 133 Port Redundancy In cases where port redundancy is essential RSTP allows more than one bridge port to service a LAN For example if port 3 is designated to carry the network traffic of LAN A port 4 will block Should an interface failure occur on port 3 port 4 would assume control of the LAN Section 7 4 Spanning Tree Configuration The Spanning Tree menu is accessible from the main menu RSTP Port Redundancy 189 Chapter 7 RUGGEDCOM ROS Spanning Tree User Guide Log out Main Menu access admin e Administration e Ethernet Ports e Ethernet Stats e Link Aggregation e Spanning Tree Configure Bridge RSTP Parameters Configure Port RSTP Parameters Configure eRSTP Parameters View Bridge RSTP Statistics View Port RSTP Statistics Configure MST Region Identifier Configure Bridge MSTI Parameters Configure Port MSTI Parameters View Bridge MSTI Statistics View Port MSTI Statistics Clear Spanning Tree Statistics Figure 134 Spanning Tree Menu Section 7 4 1 Bridge RSTP Parameters The Bridge RSTP Parameter form configures RSTP b
55. le 3 l z Figure 209 Alarm Table Parameter Level Time Description Alarms 2 Alarms CRIT u 28 22 12 iLink is intermittent on port 7 180 in 16m WARN Jul 28 22 28 Port1 was down Description Synopsis EMRG ALRT CRIT ERRO WARN NOTE INFO DEBG Severity level of the alarm EMERG The device has had a serious failure that caused a system reboot ALERT The device has had a serious failure that did not cause a system reboot CRITICAL The device has a serious unrecoverable problem ERROR The device has a recoverable problem that does not seriously affect operation WARNING Possibly serious problem affecting overall system operation NOTIFY Condition detected that is not expected or not allowed INFO Event which is a part of normal operation e g cold start user login etc DEBUG Intended for factory troubleshooting only Synopsis MMM DD HH MM Time of first occurrence of the alarm Synopsis Any 127 characters Description of the alarm gives details about the frequency of the alarm if it has occurred again since the last clear Alarms can be cleared from the Clear Alarms option Section 14 1 6 Security Messages for Authentication The following describes the authentication related security messages that can be generated by ROS Section 14 1 6 1 Security Messages for Login Authentication ROS provides various logging options related to login aut
56. maintained on the same bridged network Data traffic is allocated to one or another of several spanning trees by mapping one or more VLANs onto the network NOTE li The sophistication and utility of the Multiple Spanning Tree implementation on a given bridged network is proportional to the amount of planning and design invested in configuring MSTP If MSTP is activated on some or all of the bridges in a network with no additional configuration the result will be a fully and simply connected network but at best the result will be the same as a network using only RSTP Taking full advantage of the features offered by MSTP requires a potentially large number of configuration variables to be derived from an analysis of data traffic on the bridged network and from requirements for load sharing redundancy and path optimization Once these parameters have all been derived it is also critical that they are consistently applied and managed across all bridges in an MST region NOTE i By design MSTP processing time is proportional to the number of active STP instances This means that MSTP will likely be significantly slower than RSTP Therefore for mission critical applications RSTP should be considered a better network redundancy solution than MSTP 182 MSTP Operation RUGGEDCOM ROS Chapter 7 User Guide Spanning Tree Section 7 2 1 MST Regions and Interoperability In addition to supporting multiple spanning trees in a network
57. menu Synopsis 5to 32768 Default 30s The interval at which LLDP frames are transmitted on behalf of this LLDP agent Synopsis 2 to 10 Default 4 The multiplier of the Tx Interval parameter that determines the actual time to live TTL value used ina LLDPDU The actual TTL value can be expressed by the following formula TTL MIN 65535 Tx Interval Tx Hold Synopsis 1 to 10 Default 2s The delay in seconds from when the value of Admin Status parameter of a particular port becomes Disabled until re initialization will be attempted Synopsis 1 to 8192 Default 2s The delay in seconds between successive LLDP frame transmissions initiated by value or status changed The recommended value is set according to the following formula 1 lt txDelay lt 0 25 Tx Interval Global LLDP Parameters 269 Chapter 13 RUGGEDCOM ROS Network Discovery User Guide Section 13 3 1 2 Port LLDP Parameters access Log out Port LLDP Parameters arate Back i rxTx Disabled 2 rxTx_ Disabled Disabled 4 rxTx Disabled 5 rxTx Disabled 6 rxTx_ Disabled rxTx Disabled 8 rxTx_ Disabled 9 rxTx Disabled Figure 200 Port LLDP Parameters Table access Log out Port LLDP Parameters an Back Port 1 Admin Status rxTx y Notifications Disabled Enabled Apply Reload Figure 201 Port LLDP Parameters Form Parameter Description Port Synopsis 1to9 Default 1 The port number as seen on the front
58. n access Cable Diagnostics Parameters patri Port 6 State Stopped Started Runs 0 Calib 0 0m Good 0 Open Short 0 Imped 0 Pass Fail Total 0 O 0 Apply Reload Figure 105 Cable Diagnostics Parameters Form The Figure 104 Cable Diagnostics Table screen pictured above lists the current value of the following parameters for all Ethernet ports Clicking on a port number in the table brings up the Figure 105 Cable Diagnostics Parameters Form for the corresponding port This form can be used to set certain of the cable diagnostic parameters for the port as indicated below Parameter Port State Runs Calib Good Open Description Synopsis 1toX The port number as seen on the front plate silkscreen of the switch Started Stopped or N A Start or stop cable diagnostics on the selected port If a port does not support cable diagnostics State will be reported as N A Synopsis 0 to 65535 The total number of times that cable diagnostics are to be performed on the selected port If set to 0 cable diagnostics will be performed until diagnostics are stopped explicitly Synopsis 100 0 m to 100 0 m The calibration value can be used to adjust the estimated distance to the fault Refer to Section 4 2 4 3 Calibrating Estimated Distance To Fault for details on setting this parameter Synopsis 0 to 65535 The number of times that GOOD TERMINATION no fault has been detected o
59. note Creating Uploading SSH Keys and SSL Certificates to ROS Using Windows available from www siemens com ruggedcom The sequence of events related to Key Management during an upgrade to ROS v3 12 0 or later is as follows NOTE i The auto generation of SSH keys is not available for Non Controlled NC versions of ROS e Upgrade Boot Software to v2 20 0 or newer see Section 1 1 3 Bootloader Considerations On first boot ROS gt v3 12 0 will start the SSH and SSL secure web services using the default keys Immediately after boot ROS will start to generate a unique SSL certificate and SSH key pair and save each one to its corresponding flash file This process will take approximately one hour on a lightly loaded unit As each one is created the corresponding service is immediately restarted with the new keys At any time during the key generation process one may upload custom keys which will take precedence over both the default and auto generated keys and will take effect immediately e On subsequent boot if there is a valid ss1 crt file the default certificate will not be used for SSL If there is a valid ssh keys file the default SSH key will not be used At any time new keys may be uploaded or generated by ROS using the sslkeygen or sshkeygen CLI commands Section 1 1 2 1 SSL Certificates ROS supports SSL certificates that conform to the following specifications e X 509 v3 digital certificate form
60. of a RUGGEDCOM Dictionary for a FreeRADIUS server VENDOR RuggedCom 15004 BEGIN VENDOR RuggedCom ATTRIBUTE RuggedCom Privilege level 2 string END VENDOR RuggedCom User Login Authentication and Authorization 79 Chapter 2 RUGGEDCOM ROS Administration User Guide Sample entry for user admin Adding Users admin Auth Type Local User Password admin RuggedCom Privilege level admin Section 2 13 3 802 1X Authentication A RADIUS server may also be used to authenticate access on ports with 802 1X security support Attributes sent to the RADIUS server in a RADIUS Request are user name derived from client s EAP identity response NAS IP address e service type framed e framed MTU 1500 maximum size of EAP frame which is the size of an Ethernet frame EAP message e vendor specific attribute as described above RADIUS messages are sent as UDP messages The switch and the RADIUS server must use the same authentication and encryption key NOTE i ROS supports both PEAP and EAP MD5 PEAP is more secure and is recommended if available in the supplicant Section 2 13 4 RADIUS Server Configuration Log out RADIUS Server access admin Back 11812 Backup 192 168 0 111 1812 Figure 47 RADIUS Server Summary 80 802 1X Authentication RUGGEDCOM ROS User Guide Chapter 2 Administration Log out RADIUS Server access admin Back Server Primary
61. of received packets that were between 1024 and 1518 bytes long The total number of received packets that were between 128 and 255 bytes long The total number of received packets that were between 256 and 511 bytes long The total number of received packets that were between 512 and 1023 bytes long The total number of received packets that were 64 bytes long The total number of received packets that were between 65 and 127 bytes long The number of received packets which meet all the following conditions 1 Packet data length is less than 64 bytes 2 Collision Event has not been detected 3 Late Collision Event has not been detected 4 Packet has valid CRC The total number of good packets received that were directed to the broadcast address This object is a 64 bit version of iflnBroadcastPkts The total number of good packets received that were directed to multicast address 166 List of Objects Eligible for RMON Alarms RUGGEDCOM ROS User Guide Chapter 5 Ethernet Statistics ifHCInOctets ifHCInUcastPkts ifHCOutBroadcastPkts ifHCOutMulticastPkts ifHCOutOctets iflnBroadcastPkts ifinDiscards ifinErrors ifinMulticastPkts iflnNUcastPkts iflnOctets iflnUcastPkts ifOutBroadcastPkts ifOutMulticastPkts ifOutNUcastPkts ifOutOctets ifOutUcastPkts ifOutUcastPkts ipForwDatagrams ipFragCreates ipFragFails ipFragOKs ipInAddrErrors The total number of bytes received on the int
62. off Simply leave all ports set to type Edge and leave the native VLAN set to 1 This is the default configuration for the switch Problem Two have added two VLANs 2 and 3 made a number of ports members of these VLANS Now I need some of the devices in one VLAN to send messages to some devices in the other VLAN If the devices need to communicate at the physical address layer they must be members of the same VLAN If they can communicate in a Layer 3 fashion i e using a protocol such as IP or IPX you can use a router The router will treat each VLAN as a separate interface which will have its own associated IP address space 224 Troubleshooting RUGGEDCOM ROS Chapter 8 User Guide VLANs Problem Three l have a network of thirty switches for which I wish to restrict management traffic to a separate domain What is the best way of doing this while still staying in contact with these switches At the switch where the management station is located configure a port to use the new management VLAN as its native VLAN Configure a host computer to act as a temporary management station At each switch configure the management VLAN to the new value As each switch is configured you will immediately lose contact with it but should be able to re establish communications from the temporary management station After all switches have been taken to the new management VLAN configure the ports of all attached management devices t
63. port as an edge port A good candidate for disabling STP would be a port that services only a single host computer Priority Synopsis 0 16 32 48 64 80 96 112 128 144 160 176 194 208 224 240 Default 128 Selects the STP port priority Ports of the same cost that attach to a common LAN will select the port to be used based upon the port priority STP Cost Synopsis 0 to 65535 or Auto Default Auto Selects the cost to use in cost calculations when the Cost Style parameter is set to STP in the Bridge RSTP Parameters configuration Setting the cost manually provides the ability to preferentially select specific ports to carry traffic over others Leave this field set to auto to use the standard STP port costs as negotiated 4 for 1Gbps 19 for 100 Mbps links and 100 for 10 Mbps links For MSTP this parameter applies to both external and internal path cost RSTP Cost Synopsis 0 to 2147483647 or Auto Default Auto Selects the cost to use in cost calculations when the Cost Style parameter is set to RSTP in the Bridge RSTP Parameters configuration Setting the cost manually provides the ability to preferentially select specific ports to carry traffic over others Leave this field set to auto to use the standard RSTP port costs as negotiated 20 000 for 1Gbps 200 000 for 100 Mbps links and 2 000 000 for 10 Mbps links For MSTP this parameter applies to both external and internal path cost Edge Port Synopsi
64. port should not be active Forwarding Timer Expires Or Active RSTP Handshake Discarding Link rises or falls RSTP Disabled in any state Disabled RSTP Enabled Figure 129 Bridge and Port States 178 RSTP States and Roles RUGGEDCOM ROS Chapter 7 User Guide Spanning Tree The learning state is entered when the port is preparing to play an active part in the network The port learns addresses in this state but does not participate in frame transfer In a network of RSTP bridges the time spent in this state is usually quite short RSTP bridges operating in STP compatibility mode will spend six to 40 seconds in this state After learning the bridge will place the port in the forwarding state The port both learns addresses and participates in frame transfer while in this state NOTE i ROS introduces two more states Disabled and Link Down Introduced purely for purposes of management these states may be considered subclasses of the RSTP Discarding state The Disabled state refers to links for which RSTP has been disabled The Link Down state refers to links for which RSTP is enabled but are currently down Role There are four RSTP port roles Root Designated Alternate and Backup If the bridge is not the root bridge it must have a single Root Port The Root Port is the best i e quickest way to send traffic to the root bridge A port is designated if it is the best port to ser
65. power system devices and other equipment receiving the time code must be able to decode them The following diagram shows one use case of IRIG B and boundary clock which does Telecom to Power profile conversion and IEEE1588 to IRIGB conversion RSG2288 Boundary Clock BC PTPv2 Slave PTPv2 Master Power Profile Coax Cable Fault Recorder Telecom Profile Telecom Network Power Substation Network GPS Merger Fault PMU PTPv2 Slave PTP Master Unit acord PTPv2 Slave PTPv2 Slave PTPV2 Slave IRIGB Serial IED IED IRIGB Serial IRIGB Coax Figure 23 IRIG B and Boundary Clock Use Case NOTE DSP information requires proper configuration of DST Rule and DST Offset which reflects master configuration in IEEE1588 IEEE 1344 gateway e Set the desired time configuration in all RS416 units and reset units Do not change any configuration in the master once timing plane is running otherwise it may require resetting the IEEE1588 IEEE1344 gateway as well Reset unit after configuration of IEEE1344 Section 2 11 2 Configuring Time and Date This menu configures the current time date time zone and DST Daylight Savings Time settings 54 Configuring Time and Date RUGGEDCOM ROS User Guide Chapter 2 Administration Log out Back Figure 24 Time and Date Form Parameter Time Date Time Zone DST Offset DST Rule Time and Da
66. requires a DSA key pair in PEM format The DSA key must be between 512 and 2048 bits in length for Controlled versions The key file is uploaded to the ssh keys flash file on the device The following is an example of a PEM formatted SSH key 2 BEGIN DSA PRIVATE KEY MIIBuwIBAAKBgO0D0OgcGbXx rrEMu2913UW4cYo101cbnuUz70Zyd2mBLDx GYbD8 X5TnRcMraJ0RuuGK chqQJUw5k3zQmZa BS6q9U7wYwlAx8JSxxpwfPf1 t09VWKG rtSJIMpLRoDq3qEwEVyR4kDUo04LFQODsljtiyhezin6 kd6 gqsd5Xulvdh4wIVANXb SBi97GmZ6 9f4UCVIIBtXLEjAoGAAfmhkcCCEnRJitUTiCE MurxdFUr3mFs d31 4cUDaLStOEhYYmx5dbFdQuapl4Y32B71Z0kohi5q1T1iUAa40 nUnJx1hFvblkYT 8DLwxcuDAaiu0VqsaPtJtbaL2dYNp96tFisj 475PEEWBGbP6GSe5kKalZdgwuie 9LyPb ACgYBv856v5tb9UVG5 tX5Crfv Nd8FFISSFKmVWW3yzguhHajg2LQg8UU sm1 zPSwYQ0SbQ9aOCAUnpLc2HUkK013i 00KVI7y9MMc4B bGu4W40nryP7oFpnp YYHt5PJY zvLw Wa u3NOVFHkF1tGyfVBMXeV36nowPo wrVMolAEgIVALLTnfpw maV6uh6RxeEld4Xox5g2 Certificates and keys are uploaded using the same file transfer mechanisms discussed in previous sections Please refer to Section 1 1 Security Considerations for a detailed discussion of encryption key management Section 15 9 Using SQL Commands The ROS provides an SQL like command facility that allows expert users to perform several operations not possible under the user interface namely Restoring the contents of a specific table but not the whole configuration to their factory defaults Search tables in the database for specific configurat
67. running Main Software v and Boot Software earlier than v2 20 0 will have the following behaviour e The unit will use the default keys after every reset and immediately begin generating ss1 crt and ssh keys lt will not however write these files to flash The unit will accept user uploaded ss1 crt and ssh keys but again it will not write these files to flash WARNING AN If ROS Boot Software earlier than v2 20 0 runs and creates log entries there is the possibility that it will overflow into an area of Flash memory that is reserved by ROS Main Software v or newer for keys If this were to occur some syslog data would not be readable by Main In the even more unlikely event that ROS Boot Software v2 20 0 or newer had been installed and Main had written the ss1 crt and ssh keys files and the unit had subsequently had a downgrade to Boot Software earlier than v2 20 0 there is a possibility similar to the warning above whereby Boot logging could possibly overwrite and therefore destroy one or both installed key files Section 1 2 SNMP MIB Support Section 1 2 1 Standard MIBs Table Standard MIBs Standard MIB Name Title RFC 2578 SNMPv2 SMI Structure of Management Information Version 2 RFC 2579 SNMPv2 TC Textual Convention s for SMlv2 RFC 2580 SNMPv2 CONF Conformance Statements for SMlv2 IANAifType Enumerated Values of The ifType Object Defined ifTable defined in IF MIB RFC 1907 SNMPv2 MIB Management Information Base for S
68. sample type absolute or delta Synopsis absolute delta Default delta The method of sampling the selected variable and calculating the value to be compared against the thresholds The value of the sample type can be absolute or delta Synopsis 0 to 2147483647 Default 5 The number of seconds during which the data is sampled and compared with the rising and falling thresholds Synopsis rising falling risingOrFalling Default risingOrFalling The alarm that may be sent when this record is first created if the condition for raising an alarm is met The value of a startup alarm can be rising falling or risingOrFalling Synopsis 0 to 65535 Default 1 The index of the event that is used when a falling threshold is crossed If there is no corresponding entry in the Event Table then no association exists In particular if this value is zero no associated event will be generated Synopsis 0 to 65535 Default 1 The index of the event that is used when a rising threshold is crossed If there is no corresponding entry in the Event Table then no association exists In particular if this value is zero no associated event will be generated Synopsis Any 127 characters Default Monitor The owner of this record It is suggested to start this string with the word monitor 162 RMON Alarms RUGGEDCOM ROS Chapter 5 User Guide Ethernet Statistics Section 5 5 RMON Events The RM
69. saves sysloq txt May 19 11 52 54 273 INFO System and crash logs cleared May 19 11 53 28 492 INFO Port 1 is up May 19 11 53 28 569 WARN Port 1 is down May 19 11 53 30 234 INFO Admin logged in May 19 11 57 37 995 INFO Port 1 is up May 19 11 57 38 915 WARN Port 1 is down May 19 11 57 48 001 INFO Port 1 is up May 19 11 57 48 333 WARN Port 1 is down May 19 11 58 16 817 INFO Admin logged out May 19 12 01 31 626 INFO Admin logged out May 19 12 04 13 254 INFO Admin logged in May 19 12 09 31 259 INFO Admin logged out May 19 15 13 38 427 WARN Port 6 is down May 19 15 13 41 979 INFO Port6 is up May 19 15 13 42 174 WARN Port 6 is down May 19 15 21 48 445 INFO Port6 is up May 19 15 21 48 818 WARN Port6 is down Figure 211 Viewing the System Log 3 Alarms The system log will continue to accumulate information until it becomes full There is enough room in the file to accumulate logs for months or years under normal operation The Clear System Log option will clear the system log Clearing the log is recommended after a firmware upgrade 284 Viewing and Clearing the System Log RUGGEDCOM ROS User Guide Chapter 14 Diagnostics Section 14 4 Viewing Product Information Log out Back MAC Address Order Code Classification Serial Number Boot Version Main Version Required Boot Hardware ID Figure 212 Product Information Form Parameter MAC Address Order Code Classification Serial Number Boot V
70. selected the system sends any syslog messages generated by Error Critical Alert and Emergency 86 Configuring Local Syslog RUGGEDCOM ROS User Guide Chapter 2 Administration Section 2 16 2 Configuring Remote Syslog Client Log out Remote Syslog Client Back UDP Port 514 Apply Reload Figure 54 Remote Syslog Client Form Parameter Description UDP Port Synopsis 1025 to 65535 or 514 Default 514 access admin The local UDP port through which the client sends information to the server s Section 2 16 3 Configuring the Remote Syslog Server Log out Remote Syslog Server Back InsertRecord 192 168 0 1 514 LOCAL7 DEBUGGING 192 168 3 1 514 USER WARNING Figure 55 Remote Syslog Server Table access admin Configuring Remote Syslog Client 87 Chapter 2 RUGGEDCOM ROS Administration User Guide access Log out Remote Syslog Server E admin Back IP Address UDP Port 514 Facility LOCAL7 y Severity DEBUGGING 7 Apply Delete Reload Figure 56 Remote Syslog Server Form Parameter Description IP Address Synopsis HH HHH HHH where ranges from 0 to 255 Default Syslog server IP Address UDP Port Synopsis 1025 to 65535 or 514 Default 514 The UDP port number on which the remote server listens Facility Synopsis USER LOCALO LOCAL1 LOCAL2 LOCAL3 LOCAL4 LOCALS LOCAL6 LOCAL7 Default LOCAL7 Syslog facility name
71. serious injury and or equipment damage CAUTION CAUTION alerts describe hazardous situations that if not avoided may result in equipment damage IMPORTANT IMPORTANT alerts provide important information that should be known before performing a procedure or step or using a feature NOTE NOTE alerts provide additional information such as facts tips and details About This Guide xiii RUGGEDCOM ROS Preface User Guide CLI Command Syntax The syntax of commands used in a Command Line Interface CLI is described according to the following conventions Example Description command Commands are in bold command parameter Parameters are in plain text command parameterl parameter2 Alternative parameters are separated by a vertical bar command parameterl parameter2 Parameters in italics must be replaced with a user defined value command parameterl parameter2 Square brackets indicate a required choice between two or more parameters command parameter3 parameter4 Curly brackets indicate an optional parameter s command parameterl parameter2 parameter3 All commands and parameters are presented in the order they must parameter4 be entered Related Documents Other documents that may be of interest include ROS Installation Guide for RUGGEDCOM RS416 e RUGGEDCOM Fiber Guide e RUGGEDCOM Wireless Guide White Paper Rapid Spanning Tree in Industrial Networks System Requirements Each work
72. source and layer 3 multicast Using the ROS menu interface do the following NOTE i Each step begins at Administration gt System Time Manager GPS Antenna Switch Master Switch Slave Ethernet Link Figure 39 Ordinary Clock with a GPS Time Source and Layer 3 End to End Procedure Configuring the master clock 1 Under Precision Time Control gt Configure Global Parameters set PTP Enable to Yes 2 Under Precision Time Control gt Configure Global Parameters set Clock Type to Ordinary Clock 3 Under Precision Time Control gt Configure Global Parameters set PTP Profile to Custom Profile 70 PTP IEEE1588 Frequently Asked Questions RUGGEDCOM ROS Chapter 2 User Guide Administration 4 Under Precision Time Control gt Configure Global Parameters set Transport Protocol to Layer 3 Multicast 5 Under Precision Time Control gt Configure Global Parameters set Network Class to IEEE1588 Network Under Precision Time Control gt Configure Clock Parameters set Priority1 to 1 Under Precision Time Control gt Configure Time Source set Primary Time Source to GPS Under View Time Sync Status view the GPS status on the switch Time Source must equal GPS and GPS Status must equal Lock 9 Under Precision Time Control gt View PTP Statistics gt View PTP Clock Stats view the IEEE1588 status on the switch Status must equal Master Procedure Configure the slave clock 1 Under Precision
73. system log For detailed information about which cable pair has been detected to have experienced which type of fault and the corresponding distance to the fault please refer to the system log file NOTE i The Runs parameter cannot be changed while cable diagnostics are running on a port In order to change the value stop the diagnostic run on the port change the Runs parameter and restart diagnostics On ports that do not support cable diagnostics N A will be shown as the cable diagnostics state and any settings made to the Runs and Calibration fields will be discarded Section 4 2 4 3 Calibrating Estimated Distance To Fault Take the following steps to calibrate the Calib parameter the estimated distance to fault 1 Pick a particular port for which calibration is needed 2 Connect an Ethernet cable with a known length e g 50m to the port 3 Do not connect the other end of the cable to any link partner 4 Run cable diagnostics a few times on the port OPEN fault should be detected 5 Find the average distance to the OPEN fault recorded in the log and compare it to the known length of the cable The difference can be used as the calibration value 6 Enter the calibration value and run cable diagnostics a few more times The distance to the OPEN fault should now be at a similar distance to the actual cable length The distance to the fault for the selected port is now calibrated Section 4 2 5 Link Detectio
74. the IEEE 802 1Q standard defines a set of rules that must be followed by all VLAN aware switches for example e Valid VID range is 1 to 4094 VID 0 and VID 4095 are invalid Each frame ingressing a VLAN aware switch is associated with a valid VID Each frame egressing a VLAN aware switch is either untagged or tagged with a valid VID this means priority tagged frames with VID 0 are never sent out by a VLAN aware switch It turns out that some applications have requirements conflicting with the IEEE 802 1Q native mode of operation e g some applications explicitly require priority tagged frames to be received by end devices To ensure the required operation in any possible application scenario and provide full compatibility with legacy VLAN unaware devices the device can be configured to work in a VLAN unaware mode In that mode e Frames ingressing a VLAN unaware switch are not associated with any VLAN e Frames egressing a VLAN unaware switch are sent out unmodified i e in the same untagged 802 1Q tagged or priority tagged format as they were received Section 8 1 9 GVRP GARP VLAN Registration Protocol GVRP is a standard protocol built on GARP the Generic Attribute Registration Protocol to automatically distribute VLAN configuration information in a network Each switch in a network needs only to be configured with VLANs it requires locally it dynamically learns the rest of the VLANs configured elsewhere in the networ
75. this case Section 7 3 RSTP Applications Section 7 3 1 RSTP in Structured Wiring Configurations RSTP allows you to construct structured wiring systems in which connectivity is maintained in the event of link failures For example a single link failure of any of links A through N in Figure 131 Example of a Structured Wiring Configuration would leave all the ports of bridges 555 through 888 connected to the network 186 Implementing MSTP on a Bridged Network RUGGEDCOM ROS Chapter 7 User Guide Spanning Tree Figure 131 Example of a Structured Wiring Configuration Procedure Design Considerations for RSTP in Structured Wiring Configurations 1 Select the design parameters for the network What are the requirements for robustness and network fail over recovery times Are there special requirements for diverse routing to a central host computer Are there any special port redundancy requirements Identify required legacy support Are STP bridges used in the network These bridges do not support rapid transitioning to forwarding If these bridges are present can they be re deployed closer to the network edge Identify edge ports and ports with half duplex shared media restrictions Ports that connect to host computers IEDs and controllers may be set to edge ports in order to guarantee rapid transitioning to forwarding as well as to reduce the number of topology change notifications in the network Ports with
76. to 64 Default 1 The maximum number of allowed incoming TCP connections for configurations using TCP Synopsis 1024 to 65535 Default 50000 The local IP port to use when listening for an incoming connection or UDP data Synopsis 1 to 65535 Default 50000 The remote TCP port to use when placing an outgoing connection Note that this parameter is applicable only to TCP connections If the transport protocol is set to UDP the remote port is configured using the Remote Hosts table For more information see the Section 3 3 3 Remote Hosts section Synopsis HH HHARH AHH where ranges from 0 to 255 or Default For direction Out client the remote IP address to use when placing an outgoing TCP connection request For direction In server the local interface IP address on which to listen for connection requests An empty string implies the default the IP address of the management interface Raw Socket 109 Chapter 3 RUGGEDCOM ROS Serial Protocols User Guide Parameter Description For direction Both client or server the remote IP address to use when placing an outgoing TCP connection request The listening interface will be chosen by matching mask Note that this parameter is applicable only to TCP connections If the transport protocol is set to UDP the remote port is configured using the Remote Hosts table For more information see the Section 3 3 3 Remote Hosts section Link
77. to be An NTP server e An IEEE 1588 master An IRIG B source The System Time Manager option within the ROS Administration menu fully configures time keeping functions on a ROS based device e Administration Configure IP Interfaces Configure IP Gateways Configure IP Services Configure System Identification Configure Passwords System Time Manager Configure Time and Date Configure IRIGB Precision Time Protocol Configure Time Source Configure NTP Server View Time Sync Status Figure 22 System Time Manager Menu Section 2 11 1 Time Keeping Protocol Fundamentals This section describes the time keeping protocols supported by the RS416 Section 2 11 1 1 Precision Time Protocol PTP Fundamentals The IEEE 1588 working group PTP Precise Timing Protocol standard details a method of synchronizing clocks over networks including Ethernet RUGGEDCOM switches support PTP version 2 which is defined in the IEEE 1588 2008 standard System Time Management 51 Chapter 2 RUGGEDCOM ROS Administration User Guide IEEE 1588 PTP is a distributed protocol that allows multiple clocks in a network to synchronize with one another These clocks are organized into a master slave synchronization hierarchy with a grandmaster clock at the top of the hierarchy which determines the reference time for the entire system Synchronization is achieved via the exchange of PTP timing messages Slave clocks use the timing
78. to process the broadcast message before it receives the next poll When polling is performed over TCP network delays may cause the broadcast and next poll to arrive at the remote server at the same time Configuring a turnaround delay at the server will enforce a minimum separation time between each message transmitted via the serial port Note that turnaround delays do not need to be configured at the host computer side and may be disabled there Section 3 2 3 DNP 3 0 Microlok TIN and WIN Applications RS416 supports a variety of protocols that specify source and destination addresses A destination address specifies which device should process the data and the source address specifies which device sent the message Having both destination and source addresses satisfies at least one requirement for peer to peer communication because the receiver knows where to direct responses Each device supporting one of these protocols must have a unique address within the collection of devices sending and receiving messages to and from each other 100 A Worked Example RUGGEDCOM ROS User Guide Chapter 3 Serial Protocols Device 10 Device 10 Communicating with devices 1 and 2 RuggedServer Client Gateway Device 11 Device 11 Communicating with devices 1 2 and 3 RuggedServer Client Gateway Figure 64 Source Destination Two Way Communication Even if the protocol can distinguish between the server and client
79. used for devices such as VolP phones and Ethernet printers that do not support the 802 1X protocol This method allows such devices to be authenticated using the same database infrastructure as that used in 802 1X IEEE 802 1X with MAC Authentication Bypass works as follows 1 The device connects to a switch port 2 The switch learns the device MAC address upon receiving the first frame from the device the device usually sends out a DHCP request message when first connected 3 The switch sends an EAP Request message to the device attempting to start 802 1X authentication The switch times out while waiting for the EAP reply because the device does not support 802 1X The switch sends an authentication message to the authentication server using the device MAC address as the username and password 6 The switch authenticates or rejects the device according to the reply from the authentication server Section 9 1 4 VLAN Assignment with Tunnel Attributes ROS supports assigning a VLAN to the authorized port using tunnel attributes as defined in RFC3580 when the Port Security mode is set to 802 1X or 802 1X MAC Auth In some cases it may be desirable to allow a port to be placed into a particular VLAN based on the authentication result For example to allow a particular device based on its MAC address to remain on the same VLAN as it moves within a network configure the switches for 802 1X MAC Auth mode to allow a p
80. v2 40 00 0090 RS910 40 00 0091 001 Rev A RS920 Viewing Product Information 285 Chapter 14 RUGGEDCOM ROS Diagnostics User Guide Parameter Description 40 00 0102 001 Rev A RS940G 40 00 0097 000 Rev A RSi80X series CPU board RSG2300 RS416v2 Shows the type part number and revision level of the hardware Section 14 5 Loading Factory Default Configuration The Load Factory Defaults menu is used to reset the unit s configuration to its factory default Optionally it is possible to exclude parameters that affect basic connectivity and SNMP management from the reset in order to be able to remain in communication with the device Specifically configuration items in the following categories are not affected by a selective configuration reset IP Interfaces IP Gateways SNMP Users SNMP Security to Group Maps e SNMP Access e RUGGEDCOM Discovery Protocol RCDP Time Zone DST Offset DST Rule The menu presents a choice of whether to reset all or only the selected set of configuration parameters to their factory default values access Log out Load Factory Defaults admin Back Figure 213 Load Factory Defaults Dialog Parameter Description Defaults Choice Synopsis None Selected All This parameter allows the user to choose to load defaults to Selected tables i e excluding those listed above which would preserve configuration of the tables that are critical
81. where flow control disabled Media Type Auto Select Disabled Flow Control FEFI Disabled Link Alarms Enabled min sql select from ethportcfg where flow control disabled min sql select from ethportcfg where flow control disabled Media Type Auto Auto Auto Auto Select Select Select Select Flow Control FEFI Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Link Alarms Enabled Enabled Enabled Enabled 300 Using RSH and SQL
82. 0 00 00 00 00 VID fi Port fi CoS Normal Crit Apply Delete Reload Figure 196 Static MAC Address Form Parameter Description MAC Address Synopsis XX XX XX where is 0 to FF XX is 0 to FF or wildcard Default 00 00 00 00 00 00 A MAC address that is to be statically configured A maximum of 6 wildcard characters may be used to specify a range of MAC addresses allowed to be learned by the Port Security module when Port Security is set to Static MAC mode Wildcards must start from the end of the MAC address and all wildcards must be contiguous Examples 00 0A DC means the range beginning with 00 OA DC 00 00 00 and ending with 00 0A DC FF FF FF Configuring Static MAC Address Table 263 Chapter 12 RUGGEDCOM ROS MAC Address Tables User Guide Parameter Description 00 0A DC 12 3 means the range beginning with 00 OA DC 12 30 00 and ending with 00 0A DC 12 3F FF VID Synopsis 1 to 4094 Default 1 The VLAN Identifier of the VLAN on which the MAC address operates Port Synopsis 1 to maximum port number or Learn Default Learn Enter the port number upon which the device with this address is located If the port should be auto learned set this parameter to Learn CoS Synopsis Normal Medium High Crit Default Normal Set this parameter to prioritize the traffic for a specified address Section 12 5 Purging MAC Address Table This command removes all dynamic entries
83. 0 120000 24 41 1169341 fpga xsvf 00230000 010000 42 42 55784 fpga2288 xsvf 00240000 290000 43 83 2656569 syslog txt 004D0000 2D0000 84 128 16925 ssh keys 007A0000 010000 129 129 660 Sel year 007B0000 010000 130 130 1974 banner txt 007C0000 010000 131 131 256 crashlog txt 007D0000 010000 132 132 256 config bak 007E0000 010000 133 133 21762 COn ge sv 007F6000 008000 137 140 BITEZ factory EE OO7FEOOO 002000 141 141 1154 Figure 4 Flashfile Memory Mapping Summary 28 Managing the Flash Filesystem RUGGEDCOM ROS User Guide Chapter 1 Introduction Section 1 7 4 2 Obtaining Information On a Particular File When the flashfiles command is invoked with the key word info followed by the name of a file in memory as arguments detailed information is displayed for the named file For example gt flashfiles info main bin Flash file information for main bin Header version 4 Platform IO SS OS File name main bin Firmware version v3 8 0 0A3 Build date A es 200s rae File length 8 ZTE TIO Board IDs FE dl 9 b 8 a iS y 4 y ll ls ashe eile AS 2 7 SILO 8 e 1A G Header CRC a OSZT Header CRC Calc 0827 Body CRC A AIO Body CRC Calc A ev2 710 Figure 5 Obtaining Information About main bin Section 1 7 4 3 Defragmenting the Flash Filesystem The flash memory defragmenter should be used in a case when not enough flash memory is left for a binary upgrade Fragmentation may occur for example when switchin
84. 0ctets DropEvents OutMulticasts OutBroadcasts UndersizePkts Figure 111 Ethernet Port Statistics Form i 3673103 2640768 56235 aez zne estes 2380 fa Reload Parameter Port InOctets Description Synopsis 1 to maximum port number The port number as seen on the front plate silkscreen of the switch Synopsis 0 to 18446744073709551615 152 Viewing Ethernet Port Statistics RUGGEDCOM ROS Chapter 5 TotallnOctets TotallnPkts InBroadcasts InMulticasts CRCAlignErrors OversizePkts Fragments Jabbers Collisions LateCollisions Pkt64Octets User Guide Ethernet Statistics Parameter Description The number of octets in both received packets Unicast Multicast Broadcast and dropped packets OutOctets Synopsis 0 to 18446744073709551615 The number of octets in transmitted packets InPkts Synopsis 0 to 18446744073709551615 The number of received good packets Unicast Multicast Broadcast and dropped packets OutPkts Synopsis 0 to 18446744073709551615 The number of transmitted good packets Synopsis 0 to 18446744073709551615 The total number of octets of all received packets This includes data octets of rejected and local packets which are not forwarded to the switching core for transmission It should reflect all the data octets received on the line Synopsis 0 to 18446744073709551615 The number of received packets This includes rejected drop
85. 0x00 0x80 0x00 0x01 Section 1 5 1 3 Uint16 This format describes a Standard Modbus 16 bit register Section 1 5 1 4 Uint32 This format describes Standard 2 Modbus 16 bit registers The first register holds the most significant 16 bits of a 32 bit value The second register holds the least significant 16 bits of a 32 bit value 20 Text RUGGEDCOM ROS Chapter 1 User Guide Introduction Section 1 5 1 5 PortCmd This format describes a bit layout per port where 1 indicates the requested action is true and 0 indicates the requested action is false PortCmd provides a bit layout of a maximum of 32 ports therefore it uses two Modbus registers The first Modbus register corresponds to ports 1 16 e The second Modbus register corresponds to ports 17 32 for a particular action Bits that do not apply to a particular product are always set to zero A bit value of 1 indicates that the requested action is true For example the particular port is up A bit value of 0 indicates that the requested action is false For example the particular port is down Reading data using PortCmd For example consider a Modbus Request to read multiple registers from location Ox03FE 0x04 0x03 OxFE 0x00 0x02 The response depends on how many ports are available on the device For example if the maximum number of ports on a connected RUGGEDCOM device is 20 the response would look like the following 0x04 0x04 OxF2 0x
86. 2 SNMP Management Feature Introduced IRIG B cable compensation IEEE1344 extension PTP profiles IEEE1588 IRIGB ROS supports Simple Network Management Protocol Versions 1 SNMPv1 2 SNMPv2c and 3 SNMPv3 SNMPv3 protocol provides secure access to devices by a combination of authentication and packet encryption over the network SNMPv3 security features include the following message integrity ensures that a packet has not been tampered with in transit e authentication determines the message is from a valid source e encryption scrambles the contents of a packet to prevent it from being seen by an unauthorized source SNMPv3 provides security models and security levels A security model is an authentication strategy that is set up for a user and the group in which the user resides A security level is a permitted level of security within a security model A combination of a security model and security level will determine which security mechanism is employed when handling an SNMP packet SNMP Management 73 Chapter 2 RUGGEDCOM ROS Administration User Guide Note the following about the SNMPv3 protocol each user belongs to a group a group defines the access policy for a set of users an access policy defines what SNMP objects can be accessed for reading writing and creating notifications a group determines the list of notifications its users can receive a group also defines the
87. 3 Chapter 11 Multicast Filtering RUGGEDCOM ROS User Guide Figure 184 GMRP Port Summary Log out Back access Port GMRP Parameters admin Adv amp Learn Adv amp Learn Adv amp Learm Disabled Disabled Disabled Disabled lloalla This menu configures GMRP parameters specific to a particular port on the device Log out Back access Port GMRP Parameters admin Port s fa GMRP Adv amp Learn 7 Apply Reload Figure 185 Port GMRP Parameter Form Parameter Port s GMRP Description Synopsis Any combination of numbers valid for this parameter The port number as seen on the front plate silkscreen of the switch or a list of ports if aggregated in a port trunk Synopsis Disabled Adv Only Adv amp Learn Default Disabled Configures GMRP GARP Multicast Registration Protocol operation on the port There are three GMRP modes of operation DISABLED the port is not capable of any GMRP processing ADVERTISE ONLY the port will declare all MCAST addresses existing in the switch configured or learned but will not learn any MCAST addresses 254 Port Specific GMRP Configuration Chapter 11 RUGGEDCOM ROS Multicast Filtering User Guide Parameter Description ADVERTISE amp LEARN the port will declare all MCAST Addresses existing in the switch configured or learned and can dynamically learn MCAST addresses NOTE i It is rec
88. 4 which features a compatibility mode with legacy STP 802 1D 1998 e Industry standard support of Multiple Spanning Trees 802 1Q 2005 which is interoperable with both RSTP and legacy STP e RUGGEDCOM RSTP feature enhancements eRSTP e Superior performance RSTP will recognize a link failure and put an alternate port into forwarding within milliseconds RSTP may be enabled on a per port basis Ports may be configured as edge ports which allow rapid transitioning to the forwarding state for non STP hosts e Path costs may be hard configured or determined by port speed negotiation in either the STP or RSTP style e Full bridge and port status displays provide a rich set of tools for performance monitoring and debugging NOTE i Historically a device implementing STP on its ports has been referred to as a bridge Siemens uses the terms bridge and switch synonymously SNMP manageable including newRoot and topologyChange traps Section 7 1 RSTP Operation The 802 1D Spanning Tree Protocol STP was developed to enable the construction of robust networks that incorporate redundancy while pruning the active topology of the network to prevent loops While STP is effective it requires that frame transfer halt after a link outage until all bridges in the network are guaranteed to be aware of the new topology Using the values recommended by 802 1D this period lasts 30 seconds The Rapid Spanning Tree Protocol RSTP IEEE
89. 4294967295 The number of broadcast packets received access admin 158 RMON History Samples RUGGEDCOM ROS Chapter 5 User Guide Ethernet Statistics Parameter Description InMulticasts Synopsis 0 to 4294967295 CRCAlignErrors UndersizePkts OversizePkts Fragments Jabbers Collisions Utilization Section 5 4 3 RMON Alarms The number of multicast packets received Synopsis 0 to 4294967295 The number of packets received that meet all the following conditions 1 Packet data length is between 64 and 1536 octets inclusive 2 Packet has invalid CRC 3 Collision Event has not been detected 4 Late Collision Event has not been detected Synopsis 0 to 4294967295 The number of received packets that meet all the following conditions 1 Packet data length is less than 64 octets 2 Collision Event has not been detected 3 Late Collision Event has not been detected 4 Packet has valid CRC Synopsis 0 to 4294967295 The number of packets received with data length greater than 1536 octets and valid CRC Synopsis 0 to 4294967295 The number of packets received that meet all the following conditions 1 Packet data length is less than 64 octets 2 Collision Event has not been detected 3 Late Collision Event has not been detected 4 Packet has invalid CRC Synopsis 0 to 4294967295 The number of packets that meet all the following conditions 1 Packet data length is greater that 1
90. 5 Us amp of Port Redirectors isyeen aee ATA aa T ea A aia 97 3 2 1 6 Message Packetization onanan a E 97 3 2 2 Modbus Server and Client Applications 0 ccccece cece ce eeeeeeeeee nessa nese se eeseeeeeaaeeeeaeeesaeeees 98 3 2 2 1 TCPModbus Performance Determinants 2 cccceeeeceeeeeeeeeeeeeecaeeeeaeeeeseeeeaaes 98 3 2 2 2 A Worked Example ota acid 100 3 2 2 3 Use of Tumaround Delay Soesi ain E AEE E EATE E E S 100 3 2 3 DNP 3 0 Microlok TIN and WIN Applications cooccooccccncocncocncncnnnnnnonconnnonnnannnnononone 100 3 2 3 1 The Concept ofiLinKs coacciones 101 3 2 3 2 Address Learning for TIN teo da at acaba 101 3 2 3 3 Address Learning for DNP uecociic dd td 102 3 2 3 4 Broadcast Messages o ccccoooccccccnooococononoccnonnnnnnnnnnnnnnnnnnancnnnnnnnnnnnnnnnnnnnnnancncnnnancinnns 103 3 2 3 0 Transport PROTOCOL ciddadiadaedengeideas Ea a eee cated 103 3 2 4 Force Half Duplex Mode of Operation cccccceeeeeeeeece eect ee eeeeeeeeceeeeeeeeesaeeesaeeeeneeesaaes 104 3 3 Senial Protocol Configuration sucias 105 323 1 SOnlal POMS E S eect discs tewecoue toed T N I E O tess neato 106 32322 RAW SOCKS uccodacritad toalla a ata decades bend 108 3 39 97 Remote Hosts 2cctt thi nates a o e o ceases hota add 110 3 3 4 Preemptive Raw Socket 0cccccececeece eee ce eee ea eeee ee eeeeeeeeaeeeeeaaeeseeeeseeeesaaeeeseeeeseeeeaaees 111 33 0 MOGDUS SEVER n
91. 535 Default 62000 The remote TCP port to use when placing an outgoing connection Synopsis HH HH AHH where ranges from 0 to 255 or lt EMTY STRING gt Default The permanent master s IP address Empty string represents management IP address of this device Synopsis Disabled Enabled Default Enabled Enables link statistics collection for this protocol Synopsis 0 to 255 or Off Default Off The character that can be used to force the forwarding of accumulated data to the network for connection to a dynamic master If a packetization character is not configured accumulated data will be forwarded based upon the packetization timeout parameter Synopsis 1 to 1000 Default 10 ms The delay from the last received character until when data is forwarded to the dynamic master Synopsis 10 to 3600 Default 10s The time in seconds that is allowed for a dynamic master to be idle before its connection is closed The protocol listens to the socket open to the dynamic master and if no data are received within this time the connection will be closed Preemptive Raw Socket RUGGEDCOM ROS User Guide Chapter 3 Serial Protocols Section 3 3 5 Modbus Server Log out Modbus Server es EN io 11 1000 ms Disabled Enabled _ Enabled 2 1000 ms Disabled Enabled Enabled Figure 75 Modbus Server Table Log out Modbus Server Back Port 1 Response Timer 1000 ms
92. 536 octets 2 Packet has invalid CRC Synopsis 0 to 4294967295 The number of received packets for which Collision Event has been detected Synopsis 0 to 100 The best estimate of the mean physical layer network utilization on this interface during this sampling interval in percent The RMON Alarm table configures the switch to examine the state of a specific statistical variable The record of this table contains an upper and a lower threshold for legal values of the statistic in a given interval This provides the ability to detect events occurring more quickly than a specified maximum rate or less quickly than a specified minimum rate When a statistic value s rate of change exceeds its limits an internal alarm of INFO level is always generated Internal alarms can be viewed using the Diagnostics menu View Alarms command RMON Alarms 159 Chapter 5 RUGGEDCOM ROS Ethernet Statistics User Guide Additionally a statistic threshold crossing can result in further activity The RMON Alarm record can be configured to point to a particular RMON Event Record which can generate an SNMP trap an entry in the switch s event log or both The RMON Event Record can steer alarms towards different users defined in SNMP Users table The alarm record can point to a different event record for each of the thresholds so combinations such as trap on rising threshold or trap on rising threshold log and trap on falling th
93. 55 0 0 Figure 15 IP Interfaces Table Log out IP Interfaces Sannin Back Type VLAN ID 2 Mgmt No O Yes O IP Address Type Static IP Address 10 2 0 4 Subnet 255 255 0 0 Figure 16 IP Interfaces Form NOTE The IP address and mask configured for the management VLAN are not changed when resetting all configuration parameters to defaults and will be assigned a default VLAN ID of 1 Changes to the IP address take effect immediately All IP connections in place at the time of an IP address change will be lost NOTE i You can use the ROS web interface to change the IP Address Type of the management interface from Static to DHCP However after doing so you cannot use the web interface to change the IP Address Type back to Static and set an IP address If you need to change the IP Address Type of IP Interfaces 43 Chapter 2 RUGGEDCOM ROS Administration User Guide the management interface from DHCP to Static configure the setting through a telnet SSH RSH or serial port connection or upload a new configuration file to the device Parameter Description Type Synopsis VLAN Default VLAN Specifies the type of the interface for which this IP interface is created ID Synopsis 1 to 4094 Default 1 Specifies the ID of the interface for which this IP interface is created If the interface type is VLAN this represents the VLAN ID Mgmt Synopsis No Yes Default No Sp
94. 56 Multicast Groups either static or dynamic e Ability to prioritize a Static Multicast Group via Class of Service e Industry standard support of IGMP RFC 1112 RFC 2236 versions 1 and 2 in active and passive roles e Support of IEEE 802 1Q 2005 standard GMRP GARP Multicast Registration protocol e Ability to enable or disable IGMP on a per VLAN basis e Multicast routers may be statically configured or dynamically recognized by IGMP Routerless IGMP operation ROS performs Multicast Filtering using the following methods e Static Multicast Groups Internet Group Management Protocol IGMP snooping IEEE standard GARP Multicast Registration protocol GMRP NOTE li ROS IGMP Snooping supports multicast routers using IGMP version 2 and hosts using either IGMP version 1 or 2 Section 11 1 IGMP IGMP is used by IP hosts to report their host group memberships to multicast routers As hosts join and leave specific multicast groups streams of traffic are directed to or withheld from that host The IGMP protocol operates between multicast routers and IP hosts When an unmanaged switch is placed between multicast routers and their hosts the multicast streams will be distributed to all ports This may introduce significant traffic onto ports that do not require it and receive no benefit from it RUGGEDCOM products with IGMP Snooping enabled will act on IGMP messages sent from the router and the host restricting traffic stream
95. 588 specification and represents the instantaneous value of time offset between master and slave clocks Section 2 11 1 3 IRIG B Fundamentals The Inter Range Instrumentation Group IRIG IRIG B standard details the format of a signal encoding which contains the current day hour minute and second in UTC format broadcast at the start of each second The RS416 can be ordered with one dedicated TTL level output and one input which operate in IRIG B007 PWM Pulse Width Modulated mode Note that IRIG B006 is a subset of IRIG B007 The RS416 can be ordered with serial ports that provide IRIG B output in addition to RS232 serial on each DB9 or RJ45 connector Each of these ports may under software control provide either IRIG B007 PWM or a generic PPS Pulse Per Second signal The name of an IRIG B code format consists of a single letter followed by three digits Each letter or digit reflects an attribute of the corresponding IRIG B code as shown in the following table OSI refers to the Open Systems Interconnection Reference Model 52 Clock Accuracy RUGGEDCOM ROS Chapter 2 User Guide Administration Table First Letter B 100 PPS 1st Digit 0 No carrier 1 Amplitude modulation 2nd Digit 0 No carrier 2 1 kHz 1 ms resolution 3rd Digit 2 BCD Binary Coded Decimal time of year 3 BCD time of year SBS Straight Binary Second 6 BCD time of year BCD year 7 BCD time of year BCD year SBS Section 2 11 1 4 IRIG B IE
96. 7 1 4 Path and Port Costs The STP path cost is the main metric by which root and designated ports are chosen The path cost for a designated bridge is the sum of the individual port costs of the links between the root bridge and that designated bridge The port with the lowest path cost is the best route to the root bridge and is chosen as the root port In actuality the primary determinant for root port selection is the root bridge ID Bridge ID is important mainly at network startup when the bridge with the lowest ID is elected as the root bridge After startup when all bridges agree on the root bridge s ID the path cost is used to select root ports If the path costs of candidates for the root port are the same the ID of the peer bridge is used to select the port Finally if candidate root ports have the same path cost and peer bridge ID the port ID of the peer bridge is used to select the root port In all cases the lower ID path cost or port ID is selected as the best 180 Edge Ports RUGGEDCOM ROS Chapter 7 User Guide Spanning Tree How Port Costs Are Generated Port costs can be generated either as a result of link auto negotiation or manual configuration When the link auto negotiation method is used the port cost is derived from the speed of the link This method is useful when a well connected network has been established It can be used when the designer is not too concerned with the resultant topology as long as con
97. 76 0x00 0x05 In this example bytes 3 and 4 refer to register 1 at location OXO3FE and represent the status of ports 1 16 Bytes 5 and 6 refer to register 2 at location 0x03FF and represent the status of ports 17 32 In this example the device only has 20 ports so byte 6 contains the status for ports 17 20 starting from right to left The rest of the bits in register 2 corresponding to the non existing ports 21 31 are zero Performing write actions using PortCmd For example consider a Write Multiple Register request to clear Ethernet port statistics 0x10 0x00 0x83 0x00 0x01 2 0x55 0x76 0x00 0x50 A bit value of 1 is a command to clear Ethernet statistics on a corresponding port A bit value of 0 is a command to do nothing on a corresponding port The response may look like 0x10 0x00 0x81 0x00 0x02 Section 1 5 1 6 Alarm This format is another form of text description Alarm text corresponds to the alarm description from the table holding all of the alarms Similar to the Text format this format returns ASCII representation of alarms Note that alarms are stacked in the RUGGEDCOM device in the sequence of their occurrence That is the first alarm on the stack is Alarm 1 the next latched alarm in the device is Alarm 2 and so on You can return the first eight alarms from the stack if they exist A zero value is returned if an alarm does not exist PortCmd 21 Chapter 1 RUGGEDCOM ROS Introduction User Guide
98. 802 1w was a further evolution of the 802 1D Spanning Tree Protocol It replaced the settling period with an active handshake between bridges that guarantees the rapid propagation of topology information throughout the network RSTP also offers a number of other significant innovations including Topology changes in RSTP can originate from and be acted upon by any designated bridges leading to more rapid propagation of address information unlike topology changes in STP which must be passed to the root bridge before they can be propagated to the network e RSTP explicitly recognizes two blocking roles Alternate and Backup Port which are included in computations of when to learn and forward STP however recognizes only one state Blocking for ports that should not forward RSTP bridges generate their own configuration messages even if they fail to receive any from the root bridge This leads to quicker failure detection STP by contrast must relay configuration messages received on the RSTP Operation 177 Chapter 7 RUGGEDCOM ROS Spanning Tree User Guide root port out its designated ports If an STP bridge fails to receive a message from its neighbor it cannot be sure where along the path to the root a failure occurred RSTP offers edge port recognition allowing ports at the edge of the network to forward frames immediately after activation while at the same time protecting them against loops While providing much
99. 95 The count of STP configuration messages received on this port Synopsis 0 to 4294967295 The count of STP configuration messages transmitted on this port Synopsis 0 to 4294967295 The count of configuration change notification messages received on this port Excessively high or rapidly increasing counts signal network problems Synopsis 0 to 4294967295 The count of configuration messages transmitted from this port Synopsis HH HH HH HH H where is 0 to 65535 is 0 to FF Provided on the root ports of designated bridges the Bridge Identifier of the bridge this port is connected to Synopsis True or False Whether or not the port is operating as an edge port 204 Port RSTP Statistics RUGGEDCOM ROS User Guide Chapter 7 Spanning Tree Section 7 5 3 Bridge MSTI Statistics Log out Back Instance ID gt SEr Bridge Status Bridge ID Root ID Root Port Bridge MSTI Statistics access admin Root Bridge 32769 00 0A DC 00 1D 8B 32769 00 0A DC 00 1D 88 Root Path Cost o Total Topology Changes 4 Time since Last TC fo days 00 05 27 Reload Figure 146 Bridge MSTI Statistics Form Parameter Instance ID Bridge Status Bridge ID Root ID Root Port Root Path Cost Description Synopsis 0 to 16 Default 1 The Instance ID refers to the MSTI Multiple Spanning Tree Instance ID Specify an Instance ID and select GET in order to load parameters
100. A LAAEN RIERA N AERA 257 Te4 TrouDleSMOOtinG cl A ida 257 Chapter 12 MAC Address Tables iu A AAA A 259 12 1 Viewing MAC Addresses aii ptuhsheen eben dcp EEEE AAN edu EE TORE EAEE REEE EE AAEE 260 12 2 Configuring MAC Address Learning Options ccc eecececeeeeeeeeeeeeee aa eeeeeeaaeeeeeeaaeeeeeaaeeeeeaaeeees 261 123 Configuring Flooding Options cia cil aan 262 12 4 Configuring Static MAC Address Table 0 ccceeeeeeeneeeeeee terse tea ener tesa eeeeeeaaeeeeeeaaneeeeeaaeeeeeeaaeees 263 12 5 Purging MAC Address Table ccceetieeeeee tree etter renner ernie eee eain nese aeeeeeeaeeeeeeaeeeeeeaaeeeeeaaees 264 RUGGEDCOM ROS User Guide Table of Contents Chapter 13 Network DIS COVE rial AE ARAS E AAA 265 135 LED Operation RR is 265 13 2 REDPOperatlonnccs siceces sdehcelsathanes aa a aa dia teceb cede annus a a a a a Aa EAA hemes idea 266 13 3 Network Discovery Menu cocinas id ote ad pled a A 266 13 33 LP DR MeN a a a a aa a N 267 13 3 1 1 Global ELDP Parameters sicsi cccecsiteneedetecncest seanaeedsennenaeetanendessanqest AAEE ORE AE 269 13 93 12 Port LLDP Parameters omeia n e aa r a aaa eee 270 13 3 1 3 LLDP Global Remote Statistics eree sree apertan iE Ena nS RERNA AREARE AREER AT EREA E 271 13 3 1 4 LLDP Neighbor Information asernes an ereraa ta aea EE EAE EE EREA RAAEN a 272 13310 LEOP SUSIE coc dd a 273 133 25 REDP CONTIQUIATION eia erer nr E a area 274 Chapter 14 PP O A 275 14 1 U
101. AC Address Table MAC addresses authorized with 802 1X or 802 1 MAC AUTH are not shown Log out Authorized MAC Addresses Back 2 00 00 00 00 00 11 1 Yes 2 00 00 00 00 00 12 1 Yes Figure 168 Authorized MAC Addresses Table Parameter Description Port Synopsis 0 to 4294967295 Port on which MAC address has been learned MAC Address Synopsis HH HH HH HH H where ranges 0 to FF Authorized MAC address learned by the switch VID Synopsis 0 to 65535 VLAN Identifier of the VLAN upon which the MAC address operates Sticky Synopsis No Yes This describes whether the authorized MAC address Device can move to an unsecured port or not YES authorized MAC address Device cannot move to a different switch port or be removed from the port in case of link down on the port NO authorized MAC address Device may move to an unsecured switch port or be removed from the port in case of link down on the port 234 Viewing Authorized MAC Addresses RUGGEDCOM ROS Chapter 10 User Guide Classes of Service 10 Classes of Service ROS CoS provides the following features Support for 4 Classes of Service e Ability to prioritize traffic by ingress port e Ability to prioritize traffic by the priority field in 802 1Q tags e Ability to prioritize traffic based on its source or destination MAC address e Ability to prioritize traffic by the TOS field in the IP header Section 10 1 CoS Operation CoS provides th
102. ADIUS server DHCP client and BOOTP client Different IP interfaces must not overlap that is the subnet mask must be unique The RS416 supports the configuration of 255 IP interfaces In VLAN unaware mode only one IP interface can be configured On non management interfaces only static IP addresses can be assigned On the management interface the user can choose from the following IP Address types Static DHCP BOOTP and Dynamic Static IP Address type refers to the manual assignment of an IP address while DHCP BOOTP and Dynamic IP Address types refer to the automatic assignment of an IP address DHCP is widely used in LAN environments to dynamically assign IP addresses from a centralized server which reduces the overhead of administrating IP addresses BOOTP is a subset of the DHCP protocol ROS supports the transfer of a BOOTFILE via BOOTP The BOOTFILE represents any valid ROS file such as config csv The name of BOOTFILE on the BOOTP server must match the corresponding ROS file The Dynamic IP Address type refers to a combination of the BOOTP and DHCP protocols Starting with BOOTP the system will try BOOTP and DHCP in a round robin fashion until it receives a response from the corresponding server 42 IP Interfaces RUGGEDCOM ROS Chapter 2 User Guide Administration access Log out IP Interfaces ares Back InsertRecord VLAN 1 Static 192 168 0 30 255 255 255 0 VLAN 2 Static 10 2 0 4 255 2
103. Alarms option under the diagnostics menu RMON generated alarms are passive Section 14 1 3 Alarms and the Critical Failure Relay All active alarms will immediately de energize the critical fail relay thus signifying a problem The relay will be re energized when the last outstanding active alarm is cleared NOTE i Alarms are volatile in nature All alarms active and passive are cleared at startup Section 14 1 4 Configuring Alarms ROS provides a means for selectively configuring alarms in fine grained detail Some notes on alarm configuration in ROS Alarms at levels CRITICAL or ALERT are not configurable nor can they be disabled e The Level field is read only the preconfigured alarm level is not a configurable option e Alarms cannot be added to or deleted from the system Alarm configuration settings changed by a user will be saved in the configuration file The alarms CLI command lists all alarms configurable and non configurable 276 Active Alarms RUGGEDCOM ROS Chapter 14 User Guide Diagnostics Log out Alarms 3 Alarms Back InsertRecord BPDU Guard activated ERRO On On On On 60s Boot version mismatc WARN On On On On Os On On On On 60s On On On On 60s Off On On Off 60s On On On On Os On On On On 60s on
104. B s 00 44 Since All files in ROS may be backed up using an SFTP session with administrative privileges Section 15 8 Certificate and Key Management Users are able to load custom and unique SSL certificates and SSL SSH keys in ROS or use the certificates and keys provided by ROS There are three types of certificates and keys NOTE i Default and auto generated SSH keys are not available for Non Controlled NC versions of ROS Default Backing Up ROS System Files 295 Chapter 15 RUGGEDCOM ROS Firmware Upgrade and Configuration Management User Guide Each ROS device is shipped with an SSL certificate and RSA key pair and a DSA key pair for SSH that are unique to software version If a valid SSL certificate or SSL SSH keys are not available on the device the default certificate and keys are used immediately so that SSH and SSL https sessions can be served Auto Generated If a default SSL certificate and SSL SSH keys are in use ROS immediately begins to generate a unique certificate and SSL SSH keys for the device in the background This process takes approximately one hour to complete depending on how busy the device is at the time following the startup of the device If a custom certificate and keys are loaded while auto generated certificates and keys are being generated the generator will abort and the custom certificate and keys and will be used e User Generated Recommended Custom certificates and keys
105. Back 1 Off None Yes Don t shutdown Unsecure 2 StaticMAC None No _ Don t shutdown Unauthorized 3 Off none Yes Don t shutdown Unsecure 4 or Yes Don t shutdown Unsecure 5 or None Yes Don t shutdown Unsecure 2 ls or None Yes _ Don t shutdown Unsecure 7 Off None Yes Don t shutdown Unsecure 8 or None Yes _ Don t shutdown Unsecure Figure 164 Ports Security Parameters Table 230 Port Security Configuration RUGGEDCOM ROS Chapter 9 User Guide Port Security Log out Ports Security Back Port 1 Security Off Autolearn None Sticky No Yes Shutdown Time Don t shutdown Status Unsecure Apply Reload Figure 165 Ports Security Parameters Form Parameter Description Port Synopsis 1 to maximum port number Default 1 The port number as seen on the front plate silkscreen of the switch Security Synopsis Off Static MAC 802 1X 802 1x MAC Auth Default Off Enables or disables the port s security feature Two types of port access control are available Static MAC address based With this method authorized MAC address es should be configured in the Static MAC Address table If some MAC addresses are not known in advance or it is not known to which port they will be connected there is still an option to configure the switch to auto learn certain number of MAC addresses Once learned they do not age out until the unit is reset or the link goes down
106. CS 81 Chapter 2 RUGGEDCOM ROS Administration User Guide Section 2 14 1 User Login Authentication and Authorization A TACACS server can be used to authenticate and authorize access to the device s services such as HMI via Serial Console Telnet SSH RSH Web Server see Password Configuration User name and Password are sent to the configured TACACS Server Two TACACS servers Primary and Secondary are configurable per device If the primary server is not reachable the device will automatically fall back to the secondary server to complete the authorization process Section 2 14 2 TACACS Server Configuration Log out TACACS Plus Server access admin Back ae 1192 168 1 100 49 XXXXXXXXX gan 192 168 1 101 49 pane XXXXXXXXX Figure 49 TACACS Server Summary Log out TACACS Plus Server access admin Back Server Primary IP Address 192 168 1 100 Auth TCP Port 49 Auth Key eecccccce Confirm Auth Key leeeeseses Figure 50 TACACS Server Form Parameter Description Server Synopsis Any 8 characters 82 User Login Authentication and Authorization RUGGEDCOM ROS Chapter 2 User Guide Administration Parameter Description Default Primary This field indicates whether this configuration is for a primary or a backup server IP Address Synopsis HH HHH HH AHH where ranges from 0 to 255 Auth TCP Port Auth Key
107. Confirm Auth Key Section 2 14 3 Default The TACACS server IP Address Synopsis 1 to 65535 Default 49 The authentication TCP Port on the TACACS server Synopsis 31 character ASCII string Default The authentication key shared with the TACACS server It is used to encrypt any passwords that are sent from the switch to the TACACS server Synopsis 31 character ASCII string Default None Confirm input of the above authentication key User Privilege Level Configuration The TACACS standard priv_lvl attribute is used to grant access to the device By default the attribute uses the following ranges e priv_lvl 15 represents an access level of admin e 1 lt priv_lvl lt 15 any value from 2 to 14 represents an access level of operator e priv_lvl 1 represents an access level of guest You can also configure a different non default access level for admin operator or guest users NOTE If an access level is not received in the response packet from the server access is not be granted to the user User Privilege Level Configuration 83 Chapter 2 RUGGEDCOM ROS Administration User Guide Section 2 14 4 TACACS Server Privilege Configuration Log out TACPLUS Serv Privilege Config access admin Back Admin Priv 15 Oper Priv 2 14 Guest Priv 1 Figure 51 TACACS Server Privilege Form Parameter Description Admin Priv Synopsis 0 to 15 0 to 15 Default 15 Privilege
108. Controls RUGGEDCOM ROS Chapter 5 User Guide Ethernet Statistics Parameter Description Granted Buckets Synopsis 0 to 65535 The number of buckets granted for this RMON collection history This field is not editable Interval Synopsis 1 to 3600 Default 1800 The number of seconds in over which the data is sampled for each bucket The range is 1 to 3600 The default is 1800 Owner Synopsis Any 127 characters Default Monitor The owner of this record It is suggested to start this string with the word monitor Section 5 4 2 RMON History Samples History samples for a particular record in the RMON History Control Table are displayed by selecting a particular record and view option The index of the record will be included in the resulting menu title of the sample screen The table will present a series of samples The sample number starts with one and increases by one with each new log entry The oldest samples are deleted in favor of new samples when the allotted buckets are used The StartTime field provides the system time when the measurement interval started The remaining fields provide the counts for each statistic as measured in the sample period Statistics collection begins whenever the History Control record is created and when the switch is initialized As new samples are added the window is automatically updated Log out RMON History 2 Samples ain Back Sample DropEvents InOctets InPkts InBroadcastsInMu
109. D of 0 Frames with a VID 0 are also called priority tagged frames When a switch receives a tagged frame it extracts the VID and forwards the frame to other ports in the same VLAN VLAN Operation 211 Chapter 8 RUGGEDCOM ROS VLANs User Guide Section 8 1 3 Native VLAN Each port is assigned a native VLAN number the Port VLAN ID PVID When an untagged frame ingresses a port it is associated with the port s native VLAN By default when the switch transmits a frame on the native VLAN it sends the frame untagged The switch can be configured to transmit frames on the native VLAN tagged Section 8 1 4 Management VLAN Management traffic like all traffic on the network must belong to a specific VLAN The management VLAN is configurable and always defaults to VLAN 1 This VLAN is also the default native VLAN for all ports thus allowing all ports the possibility of managing the product Changing the management VLAN can be used to restrict management access to a specific set of users Section 8 1 5 Edge and Trunk Port Types Each port can be configured to take on a type of Edge or Trunk Edge Type An Edge port attaches to a single end device such as a PC or IED and carries traffic on a single pre configured VLAN the native VLAN Trunk Type Trunk ports are part of the network and carry traffic for all VLANs between switches Trunk ports are automatically members of all VLANs configured in the switch The swit
110. DCOM ROS User Guide Chapter 7 Spanning Tree Section 7 5 2 Port RSTP Statistics Log out access admin Port RSTP Statistics 11 Forwarding Designated 19 3 Discarding Alternate Figure 144 Port RSTP Statistics Table O O N E o 119 A LE io Figure 145 Port RSTP Statistics Form operEdge Log out Port RSTP Statistics pita Back Port s ph Status Forwarding Role Designated Cost 200000 RX RSTs Bo TX RSTs 387 RX Configs fo TX Configs fo RX Tens fo TX Tens fo Desig Bridge ID False Reload Parameter Description Port s Synopsis Any combination of numbers valid for this parameter Port RSTP Statistics 203 Chapter 7 Spanning Tree RUGGEDCOM ROS User Guide Parameter Status Role Cost RX RSTs TX RSTs RX Configs TX Configs RX Tens TX Tens Desig Bridge ID operEdge Description The port number as seen on the front plate silkscreen of the switch or a list of ports if aggregated in a port trunk Synopsis Disabled Listening Learning Forwarding Blocking Link Down Discarding The status of this port in the Spanning Tree This may be one of the following Disabled STP is disabled on this port Link Down STP is enabled on this port but the link is down Discarding The link is not used in the STP topology but is standing by Learning The port is learn
111. EE1344 Extensions IRIG B Inter range instrumentation group timecode B is widely used in the electrical power industry to synchronize power system devices such as breakers relays and meters IRIG B has a pulse rate of 100 pulses per second with an index count of 10 milliseconds over its one second time frame IRIG B consists of 100 bits produced every second 74 bits of which contain various time date time changes and time quality information of the time signal There are three functional groups of bits in the IRIG B time code e Li De Binary Coded Decimal BCD Control Functions CF Straight Binary Seconds SBS NOTE RS416 supports IEEE C37 118 which is similar to IEEE1344 except the local time offset uses a reversed sign IEEE1344 extensions are only available if a supporting BNC IRIG B card is installed in the RS416 device IEEE1344 extensions use extra bits of the Control Functions CF portion of the IRIG B time code Within this portion of the time code bits are designated for additional features including e e e Calendar Year now called BCDYEAR Leap seconds and leap seconds pending Daylight Saving Time DST and DST pending Daytime time changes is one hour Local time offset half hour resolution Time quality Parity Position identifiers IRIG B IEEE 1344 Extensions 53 RUGGEDCOM ROS Chapter 2 User Guide Administration To be able to use these extra bits of information
112. Example of a Ring Backbone Configuration In the event of a failure on link D bridge 444 will unblock link H Bridge 333 will communicate with the network through link F Figure 132 Example of a Ring Backbone Configuration Procedure Design Considerations for RSTP in Ring Backbone Configurations 1 Select the design parameters for the network What are the requirements for robustness and network fail over recovery times Typically ring backbones are chosen to provide cost effective but robust network designs 188 RSTP in Ring Backbone Configurations RUGGEDCOM ROS Chapter 7 User Guide Spanning Tree 2 Identify required legacy support and ports with half duplex shared media restrictions These bridges should not be used if network fail over recovery times are to be minimized 3 Identify edge ports Ports that connect to host computers IEDs and controllers may be set to edge ports in order to guarantee rapid transitioning to forwarding as well as to reduce the number of topology change notifications in the network 4 Choose the root bridge The root bridge can be selected to equalize either the number of bridges number of stations or amount of traffic on either of its legs It is important to realize that the ring will always be broken in one spot and that traffic always flows through the root 5 Assign bridge priorities to the ring The strategy that should be used is to assign each bridge s priority to correspond to
113. IN server local interface IP address to listen to the local port for connection request Empty string can be used for IP address of management interface For direction BOTH client or server remote IP address to use when placing an outgoing TCP connection requestListening interface will be chosen by matching mask This parameter is applicable only to TCP connections If the transport protocol is set to UDP the remote port is configured using the Remote Hosts table For more information see the Section 3 3 3 Remote Hosts section Link Stats Synopsis Disabled Enabled Default Enabled Enables links statistics collection for this protocol Section 3 3 13 Device Addresses Up to 1024 entries can be created in this table Log out Device Address Table access pd MA dd ABN ct dl Morcilla admin Back InsertRecord ModbusServer 4 192 168 0 1 2 RTU 04 ModbusClient 3 192 168 0 2 4 RTU 03 TIN abc55500 192 168 0 1 3 TIN war 192 168 0 44 Unknown WaysideDataRadio DNP 1 192 168 0 16 Unknown Figure 87 Device Address Table Device Addresses 123 Chapter 3 Serial Protocols RUGGEDCOM ROS User Guide Log out Back Protocol Address access admin Device Address Table ModbusServer Remote IP Adar Port Name Figure 88 Device Address Form Parameter Protocol Address Remote IP Addr Port Name Unknown Description Synopsis
114. INFO MIB RUGGEDCOM DOT11 MIB RUGGEDCOM POE MIB RUGGEDCOM SERIAL MIB Aggregation Management Information Base Module for LLDP Configuration Statistics Local System Data and Remote Systems Data Components Definitions of Managed Objects for Bridges with Traffic Classes Multicast Filtering and Virtual LAN Extensions Description RUGGEDCOM enterprise SMI RUGGEDCOM traps definition General system information about RUGGEDCOM device Managemet for wireless interface on RUGGEDCOM device Management for POE ports on RUGGEDCOM device Managemet for seral ports on RUGGEDCOM device Siemens Proprietary MIBs Chapter 1 RUGGEDCOM ROS Introduction User Guide File Name MIB Name Description rcRstp mib RUGGEDCOM STP MIB Management for STP protocol Section 1 2 3 Siemens Supported Agent Capabilities MIBs SNMPv2 MIB defines branch mib 2 system and sysORTable This table is described as The conceptual table listing the capabilities of the local SNMPv2 entity acting in an agent role with respect to various MIB modules When this table is retrieved by an NMS all Agent Capabilities supported by devices sysORID object and their descriptions sysORDescr are retrieved These Agent Capabilities and descriptions are defined in Siemens Agent Capabilities MIBs Each supported MIB is accompanied with Agent Capabilities MIBs Agent Capabilites list supported MIBs supported groups of objects in them and possible variations
115. LANs An extra VLAN tag is always added to all frames egressing this port VID in the added extra tag is the PVID of the frame s ingress port VLAN tag is always stripped from frames ingressing this port PVID Synopsis 1 to 4094 Default 1 The Port VLAN Identifier specifies the VLAN ID associated with untagged and 802 1p priority tagged frames received on this port Frames tagged with a non zero VLAN ID will always be associated with the VLAN ID retrieved from the frame tag Modify this parameter with care By default the switch is programmed to use VLAN 1 for management and every port on the switch is programmed to use VLAN 1 If you modify a switch port to use a VLAN other than the management VLAN devices on that port will not be able to manage the switch PVID Format Synopsis Untagged Tagged Default Untagged Specifies whether frames transmitted out of the port on its native VLAN specified by the PVID parameter will be tagged or untagged GVRP Synopsis Adv amp Learn Adv Only Disabled Default Disabled Configures GVRP Generic VLAN Registration Protocol operation on the port There are several GVRP operation modes DISABLED the port is not capable of any GVRP processing ADVERTISE ONLY the port will declare all VLANs existing in the switch configured or learned but will not learn any VLANs ADVERTISE amp LEARN the port will declare all VLANs existing in the switch configured or learned and can dyna
116. M SS Default 00 00 00 This parameter specifies the amount of time to be shifted forward backward when DST begins and ends For example for most of the USA and Canada DST time shift is 1 hour 01 00 00 forward when DST begins and 1 hour backward when DST ends Synopsis mm n d HH MM SS mm n d HH MM SS Default This parameter specifies a rule for time and date when the transition between Standard and Daylight Saving Time occurs mm Month of the year 01 January 12 December n week of the month 1 1st week 5 5th last week d day of the week 0 Sunday 6 Saturday HH hour of the day 0 24 e MM minute of the hour 0 59 Configuring Time and Date 55 Chapter 2 Administration RUGGEDCOM ROS User Guide Parameter Current UTC Offset Leap Second Pending Section 2 11 3 Description SS second of the minute 0 59 Example The following rule applies in most of the USA and Canada 03 2 0 02 00 00 11 1 0 02 00 00 In the example DST begins on the second Sunday in March at 2 00am and ends on the first Sunday in November at 2 00am Synopsis 0s to 1000s Default 34s Coordinated Universal Time UTC is a time standard based on International Atomic Time TAI with leap seconds added at irregular intervals to compensate for the Earth s slowing rotation The Current UTC Offset parameter allows the user to adjust the difference between UTC and TAI The International Earth Rotation
117. MAC address table for the controller port see MAC Address Tables section Frames destined for the controller will be flooded to switch B where they will be forwarded to the controller after the controller transmits its first frame 134 Controller Protection Through Link Fault Indication LFI RUGGEDCOM ROS Chapter 4 User Guide Ethernet Ports NOTE li If both link partners are capable of the LFI it MUST NOT be enabled on both sides of the link If it is enabled on both sides the link will never be established because each side will permanently wait for its partner to transmit a link signal Section 4 2 Ethernet Ports Configuration and Status The Ethernet Ports menu is accessible from the main menu access Log out Main Menu admin e Administration e Ethernet Ports Configure Port Parameters Configure Port Rate Limiting Configure Port Mirroring Configure Link Detection View Port Status Reset Portis Ethernet Statistics Spanning Tree Virtual LANs Port Security Classes of Service Multicast Filtering MAC Address Tables Diagnostics Figure 98 Ethernet Ports Menu Ethernet Ports Configuration and Status 135 Chapter 4 Ethernet Ports RUGGEDCOM ROS User Guide Section 4 2 1 Port Parameters Log out Back Port Parameters access admin PortName Media State AutoNSpeedDupx FlowCtriLFI Alarm 1 Port1 100TX Enabled On Auto Auto Off off On 2 lot 100TX Enabled On Auto Auto Off
118. ModbusServer ModbusClient DNP WIN TIN MicroLok Default ModbusServer The serial protocol supported on this serial port Synopsis Any 31 characters Default The complete address of a device which might be either local to the RUGGEDCOM device or remote A local address is one associated with a device connected to a serial port on this device The corresponding serial port must be configured to match this address specification A remote address is the address of a device connected to a serial port on a remote host over an IP network In this case Remote Ip Addr must also be configured The format and range of this address field is determined by the protocol Modbus 1 to 244 e MicroLok 1 to 65535 or 8 to hexadecimal digits 1 to a DNP 3 0 1 to 65520 WIN 6 bits address 0 to 63 TIN String wdr for wayside data radio TIN mode 2 or a 32 bit address 8 digits expressed in hexadecimal digits 0 through f An all zero address is not allowed Synopsis HHHHH HHH HH where ranges from 0 to 255 Default The IP address of a remote host where a device with a configured remote address is connected Synopsis 1 to maximum port number or Unknown Default Unknown The serial port to which a device is attached If the device with this address is attached to the serial port of a remote host the value of this parameter is Unknown Synopsis Any 16 characters Default The addressed device
119. NMPv2 RFC 2011 IP MIB SNMPv2 Mnagement Information Base for Internet Protocol using SMlv2 6 Bootloader Considerations RUGGEDCOM ROS Chapter 1 User Guide Introduction Standard MIB Name Title RFC 2012 TCP MIB SNMPv2 Management Information Base for the Transmission Control Protocol using SMlv2 RFC 2013 UDP MIB Management Information Base for the UDP using SMlv2 RFC 1659 RS 232 MIB Definitions of Managed Objects for RS 232 like Hardware Devices RFC 2863 IF MIB The Interface Group MIB RFC 2819 RMON MIB Remote Network Monitoring management Information Base RFC 4188 BRIDGE MIB Definitions of Managed Objects for Bridges RFC 4318 STP MIB Definitions of Managed Objects for Bridges with Rapid Spanning Tree Protocol RFC 3411 SNMP FRAMEWORK MIB An Architecture for Describing Simple Network Management Protocol SNMP Management Framework RFC 3414 SNMP USER BASED SM MIB User based Security Model USM for Version 3 of the Simple Network Management Protocol SNMPv3 RFC 3415 SNMP VIEW BASED ACM MIB View bsed Access Control Model VACM for the Simple Management Protocol SNMP IEEE 802 3ad IEEE8023 LAG MIB Management Information Base Module for Link IEEE 802 1AB 2005 RFC 4363 Section 1 2 2 LLDP MIB Q BRIDGE MIB Siemens Proprietary MIBs Table TITLE File Name ruggedcom mib ruggedcomtraps mib rcsysinfo mib rcDot11 mib rcPoe mib rcSerial mib MIB Name RUGGEDCOM MIB RUGGEDCOM TRAPS MIB RUGGEDCOM SYS
120. OM ROS User Guide Parameter Pkt65to127Octets Pkt128to255Octets Pkt256to511Octets Pkt512to1023Octets Pkt1024to15360Octets DropEvents OutMulticasts OutBroadcasts UndersizePkts OutUcastPkts Description The number of received and transmitted packets with size of 64 octets This includes received and transmitted packets as well as dropped and local received packets This does not include rejected received packets Synopsis 0 to 4294967295 The number of received and transmitted packets with a size of 65 to 127 octets This includes received and transmitted packets as well as dropped and local received packets This does not include rejected received packets Synopsis 0 to 4294967295 The number of received and transmitted packets with a size of 128 to 257 octets This includes received and transmitted packets as well as dropped and local received packets This does not include rejected received packets Synopsis 0 to 4294967295 The number of received and transmitted packets with a size of 256 to 511 octets This includes received and transmitted packets as well as dropped and local received packets This does not include rejected received packets Synopsis 0 to 4294967295 The number of received and transmitted packets with a size of 512 to 1023 octets This includes received and transmitted packets as well as dropped and local received packets This does not include rejected received packets Synopsis 0
121. ON Events Table stores profiles of behavior used in event logging These profiles are used by RMON Alarm records to send traps and to log events Each record may specify that an alarms log entry be created on its behalf whenever the event occurs Each entry may also specify that a notification should occur by way of SNMP trap messages In this case the user for the trap message is given as parameter Community Two traps are defined risingAlarm and fallingAlarm Log out RMON Events 1 Alarms Back InsertRecord aan g4 Monitoring outgo 11 logAndTrap public 0 days 00 10 41 on port 2 Figure 120 RMON Events Table Log out RMON Events 1 Alarms Back Index 1 Type logAndTrap Community public Last Time Sent 0 days 00 06 06 Description Monitoring outgoing trafic on port 2 Owner Monitor Figure 121 RMON Events Form Parameter Description Index Synopsis 1 to 65535 Default 2 The index of this RMON Event record RMON Events 163 Chapter 5 Ethernet Statistics RUGGEDCOM ROS User Guide Parameter Type Community Last Time Sent Description Owner Section 5 6 RMON Event Log Description Synopsis none log snmpTrap logAndTrap Default logAndTrap The type of notification that the probe will make about this event In the case of log an entry is made in the RMON Log table for each event In the case of snmp_trap a
122. OSS airaa chidencud sheneed ibiebd eugebbaccgiblebsedg Meecudttlanteubhidedoastideceaditte 77 2 V3 RADA ah ae eed Dae ees oe he 78 243 1 RADIUS sOVOIVIOW oirr ads oy cere Eee ead cee A A ae eee ee Meee 78 2 13 2 User Login Authentication and Authorization cece eeeeceee cece ee ee eres eee eeeeaeeeeeeeaaeeeeeeaaees 79 2 13 3 802 1X Authentication ccoo ati ii eee ae 80 2 13 4 RADIUS Server Configuration cece ccceeeee cece eee e eee ee eee eee eee eeeesaeeeeeeaeeeeeeeaeeeeeesaaeeeeeeaaees 80 214 TACA OS HA ics cetisehucttsqictcess phatwetiiian cede adieces Hadhegdeiittued A A E A A E E A AEE 81 2 14 1 User Login Authentication and Authorization 2 0 0 ccceeeeeeenee cece ee ee test eee eeeeaeeeeeeeaaaeeeeeaaees 82 2 14 2 TACACS Server Configuration asiriene etai Eni EELA eter eee E AEREA ERA EEEE 82 2 14 3 User Privilege Level Configuration esre carei eregrii neniki ranen nka pAn Er REA REA AEE REENE RAEAN 83 2 14 4 TACACS Server Privilege Configuration ooooocccononcccconncoccnononocnnonnnnccnnnnnnncnnnnancnnnnnancnnns 84 2 15 DHCP Relay Agent ea irie viata a fede ceed eet hace aig dk aA RE ARAA EAO AAR eee ead 84 ZNO SYSIOQs NANO 85 2 16 1 Configuring Local Syslog coccion aia a Gade ea ene dads Sends Pe da 86 2 16 2 Configuring Remote Syslog Client sise ec enri esteia ipia E ester eee see eres eae eeeeaeeeeeeeaaeeeeeeaaeees 87 2 16 3 Configuring the Remote Syslog Server 0 ececeeeeeeeeeee reeset ee eres eee ee
123. On On On Ts On On On On 60s j i i On on On On 1s IEEE1588 alarm WARN_ On On On On 605 IRIGB al WARN On On On On 60s Inconsistent speed dpx in trunk ERRO On On On On 1s Invalid configuration ERRO On On Off On 605 Link up down WARN On On On On 1s Lea information INFO Off On On Off Os MAC address authorization failed ERRO On On On On Os MAC address not learned WARN On On On On 0s Mcast CPU filtering table full WARN On On On On 60s NTP server unreachable WARN On On On On Os New STP root INFO Off Off Off Off Os Port security violate WARN On On On On os Power supply failed WARN On On On On 60s RADIUS server unreachable WARN On On On On Os Received looped back BPDU ERRO On On On On 60s SNMP authentication failed WARN On On On Off 60s STP events INFO Off Off On Off Os STP pco Fame INFO Off Off Off Off Os TACACS response invalid WARN On On On On 1s y un On On On On Os On On On On 60s On On of or 60s access Log out Alarms S admin Back Name Excessive failed login attempts Level WARN Latch Onis Off Trap On Off Log One Offs LED amp Relay Onze Offs Refresh Time 60s Apply Delete Reload Figure 208 Alarm Configuration Form Configuring Alarms 277 Chapter 14 RUGGEDCOM ROS Diagnostics User Guide Parameter Description Name Synopsis Any 34 characters Default sys alarm The alarm name e g as obtained via CLI alarms Level Synopsis EMRG ALRT CRIT ERRO
124. P header DS byte setting is supported in the egress direction only Section 3 3 9 Log out NP 1 Alarms Back Transport TCP UDP Figure 80 DNP Form Parameter Transport IP Port Remote UDP Port IP Pont 20000 Remote UDP Port IP Port Learn Learning Disabled Aging Timer 300 s Link Stats Disabled Enabled DSCP lo Apply Reload Description Synopsis TCP UDP Default TCP The network transport used to transport protocol data over an IP network Synopsis 1024 to 65535 Default 20000 A local port number on which the DNP protocol listens for UDP datagrams Synopsis IP Port Learn DNP 117 Chapter 3 RUGGEDCOM ROS Serial Protocols User Guide Parameter Description Default IP Port The IP port on which remote device listens to UDP datagrams This port is either the same IP port that devices in all networks listen to or can be learned from the UDP datagram Learning Synopsis HHHH HHHH where ranges from 0 to 255 or Disabled Default Disabled Enable or disable address learning Learning can be disabled or enabled on a management IP interface empty string or enabled on the interface with a specific IP address If learning is enabled and the remote address is not known a UDP broadcast message will be sent and source addresses will be learned on devices that run the DNP protocol If the local address is not known a message will be sent to all serial por
125. Port 13 Statistics R Uint32 Ethernet Out Octets 04DA 2 Port 14 Statistics R Uint32 Ethernet Out Octets 04DC 2 Port 15 Statistics R Uint32 Ethernet Out Octets 04DE 2 Port 16 Statistics R Uint32 Ethernet Out Octets 18 Modbus Memory Map RUGGEDCOM ROS Chapter 1 User Guide Introduction A Description Reference Address Registers Table in Ul Format 04E0 2 Port 17 Statistics Uint32 Ethernet Out Octets 04E2 2 Port 18 Statistics Uint32 Ethernet Out Octets 04E4 2 Port 19 Statistics Uint32 Ethernet Out Octets 04E6 2 Port 20 Statistics Uint32 Ethernet Out Octets SERIAL STATISTICS table Name uartPortStatus 0600 2 Port 1 Statistics Serial Uint32 In characters 0602 2 Port 2 Statistics Serial Uint32 In characters 0604 2 Port 3 Statistics Serial Uint32 In characters 0606 2 Port 4 Statistics Serial Uint32 In characters 0640 2 Port 1 Statistics Serial Uint32 Out characters 0642 2 Port 2 Statistics Serial Uint32 Out characters 0644 2 Port 3 Statistics Serial Uint32 Out characters 0646 2 Port 4 Statistics Serial Uint32 Out characters 0680 2 Port 1 Statistics Serial Uint32 In Packets 0682 2 Port 2 Statistics Serial Uint32 In Packets 0684 2 Port 3 Statistics Serial Uint32 In Packets 0686 2 Port 4 Statistics Serial Uint32 In Packets 06C0 2 Port 1 Statistics Serial Uint32 Out Packets 06C2 2 Port 2 Statistics Serial Uint32 Out Packets 06C4 2 Port 3 Statistics Se
126. Protocols User Guide Section 3 2 2 Modbus Server and Client Applications The Modbus Server and Client applications are used to transport Modus requests and responses across IP networks The Modbus Client application accepts Modbus polls from a master and determines the IP address of the corresponding RTU The client then encapsulates the message in TCP respecting TCPModbus protocol and forwards the frame to a Server Gateway or native TCPModbus RTU Returning responses are stripped of their TCP headers and issued to the master The Modbus Server application accepts TCP encapsulated TCPModbus messages from Client Gateways and native masters After removing the TCP headers the messages are issued to the RTU Responses are TCP encapsulated and returned to the originator The following figure presents a complex network of Client Gateways Server Gateways and native TCPModbus devices RTU 1 i RuggedMC RuggedServer Server Gateway Master Polling RTUs1and2 Client Gateway ETHERNET RuggedServer Server Gateway A Master Polling RTUs 1 2 and 4 Figure 62 Modbus Client and Server RuggedMC Client Gateway RuggedServer Server Gateway Native TCPModbus Master polling all RTUs Native TCPModbus RTU Section 3 2 2 1 TCPModbus Performance Determinants The following description provides some insight into the possible sources of delay and error in an end to
127. Resets tcpInSegs tcpOutSegs tcpPassiveOpens tcpRetransSegsDescr udpInDatagrams udpInErrors udpNoPorts udpOutDatagrams The number of valid LLDP frames received by this LLDP agent on the indicated port while this LLDP agent is enabled The number of LLDP TLVs discarded for any reason by this LLDP agent on the indicated port The number of LLDP TLVs received on the given port that are not recognized by this LLDP agent on the indicated port The temperature measured in the device The total number of characters with a framing error input from the port since system re initialization The total number of characters with an overrun error input from the port since system re initialization The total number of characters with a parity error input from the port since system re initialization The total number of ASN 1 or BER errors encountered by the SNMP Agent decoding received SNMP messages The total number of SNMP messages delivered to the SNMP Agent which represented an SNMP operation which was not allowed by the SNMP community named in the message The total number of SNMP messages delivered to the SNMP Agent which used a unknown SNMP community name The total number of SNMP messages which were delivered to the SNMP Agent and were for an unsupported SNMP version The number of messages delivered to the SNMP Agent The number of times TCP connections have made a direct transition to the SYN SENT state
128. S User Guide version 3 40x23 Serial Number cane 2A CO oE r oE ie Signature Algorithm shalWithRSAEncryption Issuer C CA ST Ontario L Concord O RuggedCom com OU RC CN ROS Validity Not Before Dec 6 00 00 00 2012 GMT Not After D e 7 00700 00 2037 GMT Subject C CA ST Ontario L Concord O RuggedCom com OU RC CN ROS Subject Public Key Info Public Key Algorithm rsaEncryption RSA Public Key 1024 bit Modulus 1024 bit OQresheGrle O22 obrede 358015 01360 38 06 rds 45s bOt le i0arliiasisgipe eoreer te Get aribi se te tatei0e Saba 03 cedida Utiel repr lbses fac Sarlo ean eei sls lraaitete si terol cares het Ger Seizatag rez detailed encara des aqiiot od 02 hares Osio Lo OS Saipan ford Spiral ida DOLL ASe eloa O nee oa sa eSi0bisdidricat291do 11510810 ceda eo GET oT ae ela aseo EOS Sue Exponent 65537 0x10001 X509v3 extensions X509v3 Subject Key Identifier MOSSOS s 2D Sail same e MD iS AS SS ID MDS SIDS 12277 Beye X509v3 Authority Key Identifier keyidECTESIDOTESS SOL DO ELISEOS ADO ABBA I RADE BEDES D ILL SS DirName C CA ST 0ntario L Concord O RuggedCom com OU RC CN ROS Serials LAO 2D COBE ROEDE KINIS Basic Constraints CA TRUE Signature Algorithm shalWithRSAEncryption Section 1 1 2 2 SSH Key GAGES CAs eS PSlVeosSs WSs Ot ans rela Oe s Wsyg Cie SSNs ela DANZAS HO OO OS SIRO ZO AO zz de Peirce decia escalado terre ao ota pare Si icars id aatQerlersitelipeiasieatediadtdd 7fta
129. SIEMENS RUGGEDCOM ROS v3 12 User Guide For RS416 9 2013 Preface Introduction Administration Serial Protocols Ethernet Ports Ethernet Statistics Link Aggregation Spanning Tree VLANs Port Security Classes of Service Multicast Filtering MAC Address Tables Network Discovery Diagnostics Firmware Upgrade and Configuration Management 10 11 12 13 14 15 RUGGEDCOM ROS User Guide Copyright 2013 Siemens AG All rights reserved Dissemination or reproduction of this document or evaluation and communication of its contents is not authorized except where expressly permitted Violations are liable for damages All rights reserved particularly for the purposes of patent application or trademark registration This document contains proprietary information which is protected by copyright All rights are reserved No part of this document may be photocopied reproduced or translated to another language without the prior written consent of Siemens AG Disclaimer Of Liability Siemens has verified the contents of this manual against the hardware and or software described However deviations between the product and the documentation may exist Siemens shall not be liable for any errors or omissions contained herein or for consequential damages in connection with the furnishing performance or use of this material The information given in this document is reviewed regularly and any
130. Status e Administration Configure IP Interfaces Configure IP Gateways Configure IP Services Configure System Identification Configure Passwords System Time Manager Configure Time and Date Precision Time Protocol e Configure Path Delay e View PTP Statistics Configure Time Source Configure NTP Server View Time Sync Status Main Menu access admin Configure Global Parameters e Configure Clock Parameters View PTP Clock Stats e View Peer Delay Stats PTP Clock Stats access admin Status SLAVE Current Offset ens Servo Status LOCK GMID 00 0A DC FF FE 02 F 1 40 Master ID 00 0A DC FF FE 02 F 1 40 Description Synopsis Any 31 characters Shows the status of the PTP Precision Time Protocol node If the device is configured as an Ordinary Clock this field shows the status of the PTP state such as MASTER SLAVE or LISTENING If the device is configured as a Transparent Clock this this field indicates the configuration setting Synopsis 2147483647 ns to 2147483647 ns Shows the current time offset between the master and slave clocks calculated according to the IEEE1588 2008 specification Synopsis Any 15 characters Shows the status of the clock servo The clock servo mechanism disciplines the system clock If the clock accuracy is within the desired limits the status is set to lock Note that an alarm might occur convergence of the clock servo 62 Viewing PTP Statistics RUGGEDCOM ROS Chap
131. T IDENTIFIER ruggedcomLagAC 9 sysORID 19 OBJECT IDENTIFIER ruggedcomRs232AC 20 sysORID 20 OBJECT IDENTIFIER ruggedcomRcSerialAC 21 sysORDescr 1 DisplayString SNMPv2 MIB Agent Capabilities SOPA Ug AB rcs Ou a O 22DA OEM Be aa Western Olen Wg ote On oye een On AG ag olla A A 2 noon G Ono OR nAn Gobo To sck Rexi 22 sysORDescr 2 DisplayString SNMP FRAMEWORK MIB Agent Capabilities 53 48 40 00 20 46 5924 40 45 57 48 252 48 20 40 49 420 20 4167 65 68 4 20643 CAT O Oe ey eb vou o a toe be ER 23 sysORDescr 3 DisplayString SNMP USER BASED SM MIB Agent Capabilities Doth 450 20 00 00 40 02 2 A O64 24 A O A A Oa eB 6E 74 20 43 Gl 70 662 69 6Cs69 74 69 65 735 A nes J 24 sysORDescr 4 DisplayString SNMP VIEW BASED ACM MIB Agent Capabilities Belen oD NA DG GAS O O SAS AL Gy Sha Ns ADS HL ACY UD AID AID NS A OS G71 GS Gis 120 5 AS Gil 10 Gil 6A 69 GC 69 74 69 65 75 2m aes 25 sysORDescr 5 DisplayString IF MIB Agent Capabilities 49 46 2D 4D 49 42 20 MO 56s ABS 14 20 cs Gil 70 61 62569 60369 7A 69 65 7552 e 26 sysORDescr 6 DisplayString TCP MIB Agent Capabilities 54 43 50 2D 4D 49 D2 AQ PA NISSAN 20 ASS 70 Gil 6269 GC 69 7A 69 65 7552 aes J 27 sysORDescr 7 DisplayString UDP MIB Agent Capabilities 55 44 50 2D 4D 49 ND AD PA SIDAD NAAA Gil 70 G1 62569 6 69 746 65 Sa aes 128 sysORDescr 8 DisplayString IP MIB Agent Capabilities 49 50 2D 4D 49 42 20 41
132. The port that want to become root won t do so Is it possible that the port cost is incorrectly programmed or that auto negotiation derives an undesired value Inspect the port and path costs with each port active as root Problem Seven My IED Controller does not work with your switch Certain low CPU bandwidth controllers have been found to behave less than perfectly when they receive unexpected traffic Try disabling STP for the port If the controller fails around the time of a link outage then there is the remote possibility that frame disordering or duplication may be the cause of the problem Try setting the root port of the failing controller s bridge to STP Problem Eight My network runs fine with your switch but occasionally lose polls to my devices Inspect network statistics to determine whether the root bridge is receiving TCNs around the time of observed frame loss It may be possible that you have problems with intermittent links in your network Problem Nine I m getting a lot of TCNs at the root where are they coming from Examine the RSTP port statistics to determine the port from which the TCNs are arriving Sign on to the switch at the other end of the link attached to that port Repeat this step until the switch generating the TCNs is found i e the switch that is itself not receiving a large number of TCNs Determine the problem at that switch 210 Troubleshooting RUGGEDCOM ROS Chapter 8 User Guide VLANs
133. USER LOCALO LOCAL1 LOCAL2 LOCAL3 LOCAL4 LOCALS LOCAL6 LOCAL7 Syslog Facility is an information field associated with a syslog message The syslog facility is the application or operating system component that generates a log message ROS maps all syslog logging information onto a single facility which is configurable to facilitate a remote syslog server Severity Synopsis EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE INFORMATIONAL DEBUGGING Default DEBUGGING Syslog severity level EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE INFORMATIONAL DEBUGGING The severity level is the severity of the generated message Note that the selected severity level is accepted as the minimum severity level for the system For example if the severity level is set as Error then the system sends any syslog message generated by Error Critical Alert and Emergency events Section 2 17 Troubleshooting Problem One have configured the IP address and a gateway am pinging the switch but it is not responding am sure the switch is receiving the ping because its port LEDs are flashing and the statistics menu shows the pings What is going on 88 Troubleshooting RUGGEDCOM ROS Chapter 2 User Guide Administration Is the switch being pinged through a router If so the switch gateway address must be configured The following figure illustrates the problem RuggedSwitch RuggedRouter Workstatio
134. WARN NOTE INFO DEBG Severity level of the alarm EMERG The device has had a serious failure that caused a system reboot ALERT The device has had a serious failure that did not cause a system reboot CRITICAL The device has a serious unrecoverable problem ERROR The device has a recoverable problem that does not seriously affect operation WARNING Possibly serious problem affecting overall system operation NOTIFY Condition detected that is not expected or not allowed INFO Event which is a part of normal operation e g cold start user login etc DEBUG Intended for factory troubleshooting only Latch Synopsis On Off Default Off Enables latching occurrence of this alarm in the Alarms Table Trap Synopsis On Off Default Off Enables sending an SNMP trap for this alarm Log Synopsis On Off Default Off Enables logging the occurrence of this alarm in syslog txt LED amp Relay Synopsis On Off Refresh Time Section 14 1 5 Default Off Enables LED and fail safe relay control for this alarm If latching is not enabled this field will remain disabled Synopsis 0 sto 60 s Default 60s Refreshing time for this alarm Viewing and Clearing Alarms Alarms are displayed in the order in which they occurred even if the real time clock was incorrect at the time of the alarm 278 Viewing and Clearing Alarms RUGGEDCOM ROS User Guide Chapter 14 Diagnostics Log out
135. aAA AARAA 224 Chapter 9 Port Sec rity AS 227 9 1 Port security Operation so EN 227 9 1 1 Static MAC Address Based Authorization cccccceececeeeeeceeeeceeeeeeeeeeeeeesaeeeeaeeeeseeeeaaees 227 9 1 2 IEEE 802 1X Authentication edie cece eee terre eter a eeii ana ied iea aA aiaeei iiA 228 9 1 3 IEEE 802 1X with MAC Authentication 2 0 0 ceeeeee tree eee eeee eee eeeeeeeeeeeeeeaeeeeeaaeeeeeeaaeees 229 9 1 4 VLAN Assignment with Tunnel Attributes 20 2 eect eet ee ee eee eterna eres nena eeeeeeaaeeeeeeaa 229 9 2 Port Security Configuration A edegaa scenes 230 9 2 1 Ports Security Parameters oraninin paak aa a eA pha dhs dan Pan aida 230 O22 802 1X O 232 RUGGEDCOM ROS Table of Contents User Guide 9 2 3 Viewing Authorized MAC Addresses 0 0 0 ceecceeeeeeeeneeeeeeaaeeeeeeaaeeeeeeaaeeeeeeaaeeeeeeaaeeeeeeaaenees 234 Chapter 10 rado eS po icerir rena ao ER EEE E eE Ue UI EEEREN 235 10 1 COS O ol ela AAEE E EE E E E E E oath Rata 235 101 1 Inspection PHASE ara a a a r a aaa aa a aa Aab aaa eaaa 235 10 4 29 Forwarding PRASE tad 236 1072 COS Configuration 2 A eee 236 1024 Global CoS Parameters aisla a 237 1022 Port COs Parameters sarar a E A E O E 238 10 2 3 Priorityrto CoS Map ping iio AEEA eid indented 239 10 2 4 DSCP to COS MappiNg estirada nitrilo 241 Chapter 11 Multicast Filtering sur add 243 TAT A A NS 243 11 1 1 Router and Host IGMP Operation occcoccccocccconccconccn
136. aavect A a L AATA 289 152 File Transter MECHANISMS oo di 289 19 3 CONSOLE SESSIONS iii A dee ata a cece Pe edad y sdacai vee EAEE did 289 15 4 Upgrading Firmware eiii ie AO pate ab eee seeded aie aoe eae 290 15 44 Applying the Upgrade sesiic sti encttecd cet A A A id 290 15 4 2 Security Considerations 0 cee eee renee ieee een eeeeee ii eeeeeeaaeeeeeea 290 15 4 3 Upgrading Firmware Using XModem ccseeeeeeeeeeeeeeeeeeeeeeaaeeeeeeaaeeeeeeaaeeeeeeaaeeeeeeaaeees 291 xi RUGGEDCOM ROS Table of Contents User Guide 15 4 4 Upgrading Firmware Using the ROS TFTP Server cccececceeeeeeeeeeeeeeeeeeeeeeeaaeeeeeeaneees 291 15 4 5 Upgrading Firmware Using the ROS TFTP Client 0 cece ceeeeeeeneeeeeeeaaeeeeeeaaeeeeeeaaeeees 292 15 4 6 Upgrading Firmware Using SFTP ccccceeeeee eee etter eee aaa AA EE EA EA a AAR ERR 292 19 5 Downgrading Firmware eisirean lors tiraba ordinarias 293 15 6 Updating ConfiguratiON poroen ana a a 294 15 7 Backing Up ROS System FileS ooooooccconoccccccnnccccconnncnnnonnncnnnnnnannnnnonannnnnnnannnnnnnannnnnnnancncnonaninnns 295 15 7 1 Backing Up Files Using SFTP pereante re a ETE R E AE EAER AETAT 295 15 8 Certificate and Key Management coccion a a A Eaa pane denotes 295 19 9 Using SOL Commands Arere rer eaa a A habe ead ee eae tials dead E A EAE TES 297 15 91 Getting Started eriari aa E A E AAEE ETAN 297 1592 Finding the Correct Table viii a Aar aA 298 NBI
137. ach link in the path If custom costs have not been configured 1Gbps ports will contribute a cost of four 100 Mbps ports will contribute 19 and 10 Mbps ports will contribute 100 For the CIST instance of MSTP this is an external root path cost which is the cost of the path from the IST root i e regional root bridge to the CST root i e network global root bridge Synopsis 0 to 65535 The configured Hello time from the Bridge RSTP Parameters menu Synopsis 0 to 65535 The actual Hello time provided by the root bridge as learned in configuration messages This time is used in designated bridges Synopsis 0 to 65535 The configured Forward Delay time from the Bridge RSTP Parameters menu Synopsis 0 to 65535 The actual Forward Delay time provided by the root bridge as learned in configuration messages This time is used in designated bridges Synopsis 0 to 65535 The configured Maximum Age time from the Bridge RSTP Parameters menu Synopsis 0 to 65535 The actual Maximum Age time provided by the root bridge as learned in configuration messages This time is used in designated bridges Synopsis 0 to 65535 A count of topology changes in the network as detected on this bridge through link failures or as signaled from other bridges Excessively high or rapidly increasing counts signal network problems Synopsis D days HH MM SS Displays the time since the last topology change 202 Bridge RSTP Statistics RUGGE
138. agnostiese a aada lt di 141 4 2 4 1 Running Cable Diagnostics ooooiccccnoncccccnocccnccnnncnncnnnannncnnnannn cnn nanan ENNEN ERE ENNAN 143 4 2 4 2 Interpreting Cable Diagnostics Results 2 0 0 0 cceceeeeeee tee eeeeeeeeeeeeeeeeeeeeaaeeeeeeaaeees 143 4 2 4 3 Calibrating Estimated Distance To Fault ccc ceeeeeeeeeeeeeeeaneeeeeeaaeeeeeeaaeeeeeeaaeeeees 144 4 2 5 Link Detection Options a r a a ee ce eeee cece eee r ae a a aa eE a E EA GEE 144 AROS Port Status SAA RT 146 LET IROSCHING POS nit A A A 146 4 3 TroubIGSMOOUING italia 147 Chapter 5 Ethernet Statisties erre O A 149 5T Viewing Ethernet Statistics erreira aei E A A OAT E 149 5 2 Viewing Ethernet Port Statistics ooooonocccnnnnncccnnoccccnnnnnaccnnnnnnccnnnnancrnnnnnncrnn nn nnrcnn nn anaana nn nncrnn nana 151 9 3 Clearing Ethernet Port Statistics sespe toad ccdepetcecaa spac cedeybecdeasepadecdeSengedaa peed daran hades 155 9 4 Remote Monitoring RMON ios nac dd vedi eae 155 5 4 1 RMON History Controls cece cece e eee eee eee eee e eee ee sees iieii ia iea Ai aiia 155 542 RMON History Samples ernia aundian pode cage abria Pond cede ed ghee a AAA dde ie 157 9 43 RMON Alarms 0 A tee estat adenine Read ceeds abide ete 159 vii RUGGEDCOM ROS Table of Contents User Guide 5 5 RMON AE D EEE E E E E E E 163 5 6 RMON Event LOG vesical ida 164 5 7 List of Objects Eligible for RMON Alarms 0ooocccoconcccccnnncccnonnnnccnn
139. aised NOTE If it is desired that NTP provide the time reference for the unit the Time Source parameter must be set to NTP Server in the Section 2 11 6 Time Source Selection menu NOTE If the time source is an NTP server make sure the IP address for the server is configured before enabling NTP server as the time source otherwise the device will need to be reset This is important for example when the time signal is output using IRIG B 56 Configuring NTP Service RUGGEDCOM ROS User Guide Chapter 2 Administration Figure 25 NTP Server List Figure 26 NTP Server Form Parameter Server IP Address Update Period Section 2 11 4 NTP Server access admin 192 168 15 Backup 192166144 NTP Server 1 Alarms Server Primary IP Address 192 168 1 5 Update Period 60 min Apply Reload Description Synopsis Primary Secondary This field displays the chosen NTP server The remaining fields on this form correspond to the chosen server Synopsis HH HHARHA AHH where ranges from 0 to 255 Default This parameter specifies the IP address of an S NTP server Simple Network Time Protocol programming an address of 0 0 0 0 disables SNTP requests This device is an SNTP client which may connect to only one server If a server address is programmed then a manual setting of the time will be overwritten at the next update period Synopsis 1 to 1440 Default 60 min This set
140. aki oca ATE adi poe hE apes 184 LRD ROOMS ada 184 7 2 3 Benefits Of MST Po iii AAA E A ee ol a dn ad egy dean 185 7 2 4 Implementing MSTP on a Bridged Network ccccceeeeeeeeeeeeee seen eeeeeeeeeeeeeeeeeeeeaaeeeeeeaaees 186 LS RSTPcApplications soncth ite a adds 186 7 3 1 RSTP in Structured Wiring Configurations cece cece ceeeee ee eeeeeeee aa eeeeeeaaeeeeeeaaeeeeetaaeeees 186 7 3 2 RSTP in Ring Backbone Configurations ooococococccccnncccnnnnnnconnnnnnconnnnnncrnnnnnncrnnnnnnrrnnnnnners 188 3 3 gt RSTP Port REGUAGANCY viii dada satin 189 7 4 Spanning Tree Configuration eee ee ere ee nner eee neers eae eres eee eeeeaaeeeeeeaaeeeeeeaaeees 189 4 1 Bridge RS TP Parameters mito a la asthe Maes cada 190 7 4 2 Port RSTP Parameters 0ccccccceceeeeeeeceeeeeee ce E E EET A E 192 7 433 CRSTP Parameters miei id O Anata de oe eens ete 194 7 44 MST Region Identifier circos rito dd aiii ciedad 197 TAS Bridge MST Parameters eira eras lia ti ln 198 7 4 6 Port MSTI ParamMeters rine eii i daa ia 199 1 0 Spanning Tree Statistics oi iaa a AA Aa R AAR 201 5 1 Bridge ROTP StatistiCs a e aE ne aa ad 201 viii RUGGEDCOM ROS User Guide Table of Contents 1 5 2 POC ROTA Sfat STOS a aaa NT 203 1 031 Bridge MST StatiSticS piia o an aa has eet A aide cae Dees 205 T o4 Port MSTEStatistiCs asi stess cineca she mia cecaee a iii 206 1 00 Clear STP StauiStiCS curia dalla 208 LE Troubleshoot
141. al root path cost which is the cost of the path from the IST root i e regional root bridge to the CST root i e network global root bridge Synopsis 0 to 65535 A count of topology changes in the network as detected on this bridge through link failures or as signaled from other bridges Excessively high or rapidly increasing counts signal network problems Synopsis D days HH MM SS Displays the time since the last topology change on the speciic M MSTI instance access admin Port MSTI Statistics Forwarding Designated 0 Forwarding Master 1 Oo oO Figure 147 Port MSTI Statistics Table ml 2 3 Discarding Alternate 4 Discarding Alternate 206 Port MSTI Statistics RUGGEDCOM ROS Chapter 7 User Guide Spanning Tree Log out Port MSTI Statistics ae admin Back Instance ID i Port s 2 Ll Status Forwarding Role Master Cost 119 Desig Bridge ID Figure 148 Port MSTI Statistics Form Parameter Description Instance ID Synopsis 1to 16 Default 1 The Instance ID refers to the MSTI Multiple Spanning Tree Instance ID Specify an Instance ID and select GET in order to load parameters corresponding to the selected MSTI Note Port Statistics for the IST MSTI zero are accessible via the Port RSTP Statistics menu see Section 7 5 2 Port RSTP Statistics Port s Synopsis Any combination of numb
142. are the most secure option They give the user complete control over certificate and key management allow for certificates signed by a public or local certificate authority controlled distribution of public SSH keys to network hosts that need them and more NOTE The RSA key pair must be added to the ss1 crt file after the SSL certificate For SSL ROS requires an X 509 certificate in standard PEM format and an RSA key pair The certificate may be self signed or signed by a separate authoriy The RSA key must be between 512 and 1048 bits in length The certificate and keys must be combined in a single ss1 crt file and uploaded to the device The following is an example of a combined SSL certificate and key BEGIN CERLCIPLCATP ASES MIIC94CCA1 gAwIBAgIJAJh6rrehMt 3iMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD VQQGEWJDOTEQMA4GA1LUECBMHT250YXJpbzEQMA4GA1UEBxMHQ2 9uY 2 9yZDESMBAG A1LUECHMJUnVnZ2VkY 2 9tMRkwFWwYDVOQOQLEXBDdXN0b211ciBTdXBwb3J0MSYwJAYD VOODEx1XUy1NSUXBTkdPVkFOL1JVROdFRENPTS5MTONBTDEKMCIGCSAGSIL3DOEJ ARYVc3VwcG9ydEBydWdnZWR3b20uY29tMBAXDTEyMTAyMzIxMTA1M1O0XDTE3MTAy Mj IxMTA1M1owgZwxCzAJBgNVBAYTA1VTMRAwDgYDVOOTEwdPbnRhcmlvMRAwDgYD VOOHEwdDb253b3JkMRIwEAYDVOOKEwlSdWdnZWRDb20xGTAXBgNVBAsSTEEN1C3Rv bWVyIFN1cHBvcnOxFDASBgNVBAMTCzZE5Mi4xNjguMS4yMSQwIgYJKoZIhvcNAQkB FhVTdXBwb3J00HJ1Z2d1ZGNvbS53 b20wgZ8wDQOYJKoZIhvcNAQEBBOADgY0AMIGJ AoGBALfE4eh2aY CE3W5a4Wz1Z1RGRPO2COHt153wFFrus fFOXNhK1QirlAHbNT RSwcTR8ZFapivwYDivn0ogO0GFXknYP90gv2o0laSVY08FqzkJW77g93
143. arget port Since both transmitted and received frames on the source port are mirrored to the target port frames will be discarded if the sum traffic exceeds the target port s transmission rate This problem reaches its extreme in the case where traffic on a 100 Mbps full duplex port is mirrored onto a 10 Mbps half duplex port NOTE li Invalid frames received on the source port will not be mirrored These include CRC errors oversize and undersize packets fragments jabbers collisions late collisions and dropped events Section 4 2 3 1 Port Mirroring Limitations e Traffic will be mirrored onto the target port only if the target port is a member of the same VLANs as the source port The target port may sometimes incorrectly show the VLAN tagged untagged format of the mirrored frames Network management frames such as STP GVRP etc may not be mirrored e Switch management frames generated by the switch such as Telnet HTTP SNMP etc may not be mirrored Log out Figure 103 Port Mirroring Form Parameter Port Mirroring Source Ports Egr Source Ports Ingr access Port Mirroring airin Port Mirroring Disabled Enabled Source Ports Egr 1 4 6 Source Ports Ingr 3 5 7 8 Target Port 1 Apply _ Reload Description Synopsis Disabled Enabled Default Disabled Enabling port mirroring causes all frames received and transmitted by the source port s to be transmitted out of the ta
144. articular user based on the user s login credentials to remain on the same VLAN when the user logs in from different locations configure the switches for 802 1X mode If the RADIUS server wants to use this feature it indicates the desired VLAN by including tunnel attributes in the Access Accept message The RADIUS server uses the following tunnel attributes for VLAN assignment e Tunnel Type VLAN 13 Tunnel Medium Type 802 Tunnel Private Group ID VLANID Note that VLANID is 12 bits and takes a value between 1 and 4094 inclusive The Tunnel Private Group ID is a String as defined in RFC2868 so the VLANID integer value is encoded as a string IEEE 802 1X with MAC Authentication 229 Chapter 9 RUGGEDCOM ROS Port Security User Guide If the tunnel attributes are not returned by the authentication server the VLAN assigned to the switch port remains unchanged Section 9 2 Port Security Configuration The Ports Security menu is accessible from the main menu Log out Main Menu 1 Alarms e Administration e Ethernet Ports e Ethernet Stats e Link Aggregation e Spanning Tree e Virtual LANs e Port Security e Configure Ports Security e Configure 802 1X Parameters e View Authorized MAC Addresses e Classes of Service e Multicast Filtering e MAC Address Tables e Network Discovery e Diagnostics Figure 163 Ports Security Menu Section 9 2 1 Ports Security Parameters Log out Ports Security
145. as seen on the front plate silkscreen of the switch Protocol Synopsis Any 15 characters The serial protocol supported on this serial port Rx Chars Synopsis 0 to 4294967295 The number of received characters Tx Chars Synopsis 0 to 4294967295 The number of transmitted characters Rx Packets Synopsis 0 to 4294967295 The number of received packets Tx Packets Synopsis 0 to 4294967295 Packet Errors Parity Errors Framing Errors Overrun Errors Section 3 4 4 The number of transmitted packets Synopsis 0 to 4294967295 The number of packets received from this port and discarded error in protocol CRC or routing information not found Synopsis 0 to 4294967295 The number of Parity Errors Synopsis 0 to 4294967295 The number of Framing Errors Synopsis 0 to 4294967295 The number of Overrun Errors Clearing Serial Port Statistics Log out Back Clear Serial Portis Statistics Port1 Port2 C Port3 Porta C Apply Figure 95 Clear Serial Port Statistics Form This command clears statistics on one or more serial ports To clear statistics for one or more ports check the boxes corresponding to the selected ports and select Apply Clearing Serial Port Statistics 129 Chapter 3 RUGGEDCOM ROS Serial Protocols User Guide Section 3 4 5 Resetting Serial Ports Log out Reset Serial Portis Back Port1 Port2 C Port3 C Porta C Apply Figure 96 Reset Serial Port s Form T
146. at PEM format RSA key pair 512 to 2048 bits in length The RSA key pair used in the default certificate and in those generated by ROS uses a public key of 1024 bits in length 2 Key Files RUGGEDCOM ROS Chapter 1 User Guide Introduction NOTE RSA keys smaller than 1024 bits in length are not recommended Support is only included here for compatibility with legacy equipment NOTE The default certificate and keys are common to every instance of a given ROS firmware version That is why it is important to either allow the key autogeneration to complete or to provision custom keys In this way one has at least unique and at best traceable and verifiable keys installed when establishing secure communication with the unit NOTE RSA key generation times increase dramatically with key length 1024 bit RSA keys take O 10 minutes on a lightly loaded unit whereas 2048 bit keys take O 2 hours A typical modern PC system however can generate these keys in seconds The following bash shell script fragment uses the openss1 command line utility to generate a self signed X 509 v3 SSL certificate with a 1024 bit RSA key suitable for use in ROS Note that two standard PEM files are required the SSL certificate and the RSA private key file These are concatenated into the resulting ss1 crt file which may then be uploaded to ROS RSA key size BITS 1024 20 years validity DAYS 7305 Values that will be stored in the Distingui
147. ation side will begin to experience dropped packets while the auto negotiating side will experience excessive collisions Ultimately as traffic load approaches 100 the link will become entirely unusable These problems can be avoided by always configuring ports to the appropriate fixed values Section 4 2 2 Port Rate Limiting i aa access Log out Port Rate Limiting admin Back 1000 Kbps Broadcast Disabled 1000 Kbps Broadcast Disabled 1000 Kbps Broadcast Disabled 1000 Kbps Broadcast Disabled 1000 Kbps Broadcast Disabled 1000 Kbps Broadcast Disabled 1000 Kbps Broadcast Disabled 1000 Kbps Broadcast Disabled 1000 Kbps Broadcast Disabled 1000 Kbps Broadcast Disabled E ko Hea Mea len lor helo lo Figure 101 Port Rate Limiting Table 138 Port Rate Limiting RUGGEDCOM ROS Chapter 4 User Guide Ethernet Ports aes access Log out Port Rate Limiting adin Back Port h Ingress Limit 1000 Kbps Ingress Frames Broadcast y Egress Limit Disabled Apply Reload Figure 102 Port Rate Limiting Form Parameter Description Port Synopsis 1 to maximum port number Default 1 The port number as seen on the front plate silkscreen of the switch Ingress Limit Synopsis 62 to 256000 Kbps or Disabled Default 1000 Kbps The maximum rate above which received frames of the type described by the ingress frames parameter will be discarded by the switc
148. ay be required from a different master on dynamic TCP connection This feature allows a dynamic master to automatically preempt a permanent master A connection request from the dynamic master would cause the permanent master to be suspended Either closing the dynamic connection or timing out on data packets causes the permanent master session to be resumed The diagram Figure 61 Permanent and Dynamic Master Connection Support shows the case where all RTUs are connected to Preemptive Raw Socket ports of RS416 devices The permanent master is connected to the Raw Socket port of the RS416 Raw Socket is configured to be connected to all Preemptive Raw Socket ports where polled RTUs are connected multiple incoming connection Preemptive Raw Socket configuration on all ports connected to RTUs will point to that Raw Socket as a permanent master IP address and Remote IP port A dynamic master can establish a connection to any Preemptive Raw Socket port at any time and temporarily suspend the polling process until the dynamic connection is cleared or times out 96 Preemptive Raw Socket RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols Section 3 2 1 5 Use of Port Redirectors Port redirectors refer to software packages that emulate the existence of serial communications ports The redirector software creates and makes these virtual serial ports available providing access to the network via a TCP connection When a so
149. ayString ayString 47 47 45 44 43 4F 4D 2D eae i O hex AS Gils 1056 62 69 6C 69 MORO So Dl RUGGEDCOM IP MIB Agent Capabilit hex 1F 4D 2D 49 50 2D 4D 49 42 20 1 67 65 65 4 20 o la Displ 10 01 362569366 69274 69205 13520530 531521 ayString ayString 6b 14 20 43 61 70 61562 69 6C 69 74 ayString RUGGEDCOM STP MIB Agent Capabil STP MIB Agent Capabilities 70965 7 3 2 hex 43 56 Ca h BRIDGE MIB Agent Capabilities MGT e655 SB ASIN Ss TOS EZ OS ES 69 TA 52 1635 152 959 Sl 7061 02 RUGGEDCOM TRAPS MIB Agent Capabilities 01 AWAY TNS ADS E Sh AID CD SANS AEN OE TA G9 654135205305 352m RUGGEDCOM SYS INFO MIB Agent ADS 5 AD Als Ain AG A AD Ah Ae A DO AL Te Gd Ome 14 520 5 pabilities ex 42 52 49 44 569 O55 755 AO reres 52 AD ADs 53 554 50 LIA A A O O TAS E 14 20 45 Gil TO bie toy Displ TOSE Displ TOSE Displ 4D 2E hex LLDP MIB Agent Capabil Gn 14 20 AsO TOS AI 66 69 4 RMON MIB Agent Capabil TASAS TOS 62509 66 69 74 Q BRIDGE MIB Agent Capabilities ayString ayString ayString OA OA ayString Oi 68 aSa Ea 20m Ea ities SON OSa 13 25 hex ities TON OSa 73 2 E 4 5 C 4C 44 50 2D 2 4D 4F 4E 2D SUSAN He TUS OSLO IL SO 4 a6 IEEE8023 LAG MIB Agent Capabilities Note that this MIB is not implemented per compliance statement the IEEE8023 LAG MIB
150. ble Options Message Name Alarm SNMP Trap Syslog Primary RADIUS Server Yes Yes Yes Unreachable TACACS Server Unreachable ROS generates this alarm and logs a message in the syslog when the primary TACACS server is unreachable Table Configurable Options Message Name Alarm SNMP Trap Syslog Primary TACACS Server Yes Yes Yes Unreachable TACACS Response Invalid ROS generate this alarm and logs a message in the syslog when the response from the TACACS server is received with an invalid CRC Table Configurable Options Message Name Alarm SNMP Trap Syslog TACACS Response Invalid Yes Yes Yes SNMP Authentication Failure ROS generates this alarm sends an authentication failure trap and logs a message in the syslog when an SNMP manager with incorrect credentials communicates with the SNMP agent in ROS Table Configurable Options Message Name Alarm SNMP Trap Syslog SNMP Authentication Failure Yes Yes Yes Security Messages for Login Authentication 281 Chapter 14 RUGGEDCOM ROS Diagnostics User Guide Section 14 1 6 2 Security Messages for Port Authentication li Ae security feature is not available on all platforms This section is only applicable for the platforms that can support the port security feature The following is the list of log and alarm messages related to port access control in ROS MAC Address Authorization Failure e Secure Port X Learned MAC Addr on VLAN X e Port Security Violated MAC Address A
151. ble to Yes 2 Precision Time Protocol gt Configure Global Parameters set Clock TypeOrdinary Clock PTP IEEE1588 Frequently Asked Questions 67 Chapter 2 RUGGEDCOM ROS Administration User Guide 3 Precision Time Protocol gt Configure Global Parameters set PTP Profile to Default E2E Profile Precision Time Protocol gt Configure Clock Parameters set Priority1 to 1 Configure Time Source set Primary Time Source to your primary time source such as IRIGB LOCAL_CLK or NTP Q How do configure an E2E slave clock A Using the ROS menu interface complete the following steps in order Each step begins at Administration gt System Time Manager 1 Precision Time Protocol gt Configure Global Parameters set PTP EnableYes 2 Precision Time Protocol gt Configure Global Parameters set Clock TypeOrdinary Clock 3 Precision Time Protocol gt Configure Global Parameters set PTP ProfileDefault E2E Profile 4 Configure Time Source set Primary Time SourceIEEE1588 Q How do configure an IEEE1588 ordinary clock with an IRIG B time source and power profile A Using the ROS menu interface complete the following steps in order GPS Antenna TTL In Switch 1 Switch 2 IEEE 1588 Master Clock IEEE 1588 Slave TTL Out Ethernet Serial BNC Serial BNC Interface 1 Interface Interface 1 Interface IRIG B IRIG B IRIG B IRIG B Figure 38 IEEE1588 Ordinary Clock with IRIG B Time Source and Power Profile Configuring
152. ce S2 transmits multicast traffic to Port A2 which is then forwarded via port A1 which has previously become a member of Multicast Group 2 e Switch B forwards the Group 2 multicast via Port B2 towards Switch C e Switch C forwards the Group 2 multicast via Port C2 which has previously become a member of Group 2 Ultimately Host H2 connected to Port C2 receives the Group 2 multicast Section 11 3 Multicast Filtering Configuration and Status The Multicast Filtering menu is available from the main menu 250 Multicast Filtering Configuration and Status RUGGEDCOM ROS User Guide Chapter 11 Multicast Filtering Log out Main Menu Administration Ethernet Ports Ethernet Stats Link Aggregation Spanning Tree Virtual LANs Port Security Classes of Service Multicast Filtering e Configure IGMP Parameters e Configure Global GMRP Parameters e Configure Port GMRP Parameters e Configure Static Multicast Groups View IP Multicast Groups View Multicast Group Summary MAC Address Tables Network Discovery Diagnostics Figure 181 Multicast Filtering Menu Section 11 3 1 Configuring IGMP Parameters Note that the activation of IGMP on a per VLAN basis is configured using Static VLANs Figure 182 IGMP Parameter Form IGMP Parameters Mode Passive Active 60 S None Router Forwarding Off On RSTP Flooding Off On Apply Reload Query Interval Router Por
153. ch can pass through traffic forwarding frames received on one trunk port out another trunk port The trunk ports must be members of all the VLANs the pass through traffic is part of even if none of those VLANs are used on edge ports Frames transmitted out of the port on all VLANs other than the port s native VLAN are always sent tagged NOTE i Sometimes it may be desirable to manually restrict the traffic on the trunk to a certain group of VLANS For example when the trunk connects to a device such as a Layer 3 router that supports a subset of the available VLANs The trunk port can be prevented from being a member of the VLAN by including it in the VLAN s Forbidden Ports list Port Type VLANs Supported PVID Format Usage Untagged VLAN Unaware networks All frames are sent and received without the need for VLAN tags Edge 1 Native Configured VLAN Aware networks VLAN traffic domains are Tagged enforced on a single VLAN 212 Native VLAN RUGGEDCOM ROS Chapter 8 User Guide VLANs Port Type VLANs Supported PVID Format Usage Switch to Switch connections VLANs must be manually created and administered or can be dynamically learned through GVRP Trunk All Configured Tagged or Untagged f i Multiple VLAN end devices Implement connections to end devices that support multiple VLANs at the same time Section 8 1 6 VLAN Ingress and Egress Rules Ingress Rules These are the VLAN ingress rul
154. cols with Defined Links All protocols with defined links source and destination addresses are part of protocol can use either TCP or UDP to transport data Broadcast Messages 103 Chapter 3 RUGGEDCOM ROS Serial Protocols User Guide The Device Address Table contains addresses and locations of devices configured or learned for specific protocols If a protocol is configured to use TCP to transport data the server will start listening to the IP Port configured for the protocol At the same time TCP connections will be placed to all IP addresses where devices for that protocol are attached RS416 will keep only one connection open to one IP Address on one IP Port Use of Differentiated Services Code Point DSCP RS416 has the ability to set the DS byte in the IP header of outbound IP packets The value can be configured on an ingress serial port and or for a protocol Which value will be used depends on the protocol configured on a port and the transport configured for the particular protocol UDP IP transport supports a DSCP setting per serial port or per protocol If a configuration contains a DSCP setting per serial port as well as per protocol then the system will use whichever setting has a higher DSCP value TCP IP transport supports per protocol DSCP setting RawSocket and Modbus Server protocol properties are configured per port as well so they always support DSCP setting per serial port Section 3 2 4 Force Half Duplex
155. comRcTrapsACO01 RC RUGGEDCOM TRAPS MIB AC defines ruggedcomRcTrapsAC01 support for the following groups from RUGGEDCOM TRAPS MIB ruggedcomGenericTrapGroup ruggedcomPowerSupplyGroup ruggedcomNotificationsGroup ruggedcomSecurityGroup RUGGEDCOM TRAPS MIB lists following objects in ruggedcomGenericTrapGroup ruggedcomGenericTrapGroup OBJECT GROUP OBJECTS genericTrapSeverity genericTrapDescription Query result walking through sysORTable from RS416 1 sysORID 1 OBJECT IDENTIFIER ruggedcomSnmpv2AC 2 sysORID 2 OBJECT IDENTIFIER ruggedcomSnmpFrameworkAC 3 sysORID 3 OBJECT IDENTIFIER ruggedcomSnmpUserBasedSmAC 4 sysORID 4 OBJECT IDENTIFIER ruggedcomSnmpViewBasedAcmAC 5 SysORID 5 OBJECT IDENTIFIER ruggedcomIfAC 6 sysORID 6 OBJECT IDENTIFIER ruggedcomTcpAC 7 sysORID 7 OBJECT IDENTIFIER ruggedcomUdpAC 8 sysORID 8 OBJECT IDENTIFIER ruggedcomIpAC 9 sysORID 9 OBJECT IDENTIFIER ruggedcomRcIpAC 0 sysORID 10 OBJECT IDENTIFIER ruggedcomRcTrapsACO1 1 sysORID 11 OBJECT IDENTIFIER ruggedcomRcSysinfoACO1 2 sysORID 12 OBJECT IDENTIFIER ruggedcomBridgeAC 3 sysORID 13 OBJECT IDENTIFIER ruggedcomRstpAC 4 sysORID 14 OBJECT IDENTIFIER ruggedcomRcStpAC 5 sysORID 15 OBJECT IDENTIFIER ruggedcomL1dpAC 6 sysORID 16 OBJECT IDENTIFIER ruggedcomRmonAC 7 sysORID 17 OBJECT IDENTIFIER ruggedcomqBridgeAC 8 sysORID 18 OBJEC
156. commended that network analysis and planning inform the steps of configuring the VLAN and MSTP parameters in particular Begin with a set of MSTP capable Ethernet bridges and MSTP disabled For each bridge in the network 1 Configure and enable RSTP see sections Section 7 4 1 Bridge RSTP Parameters and Section 7 4 2 Port RSTP Parameters Note that the Max Hops parameter in the Bridge RSTP Parameters menu is the maximum hop count for MSTP Create the VLANs that will be mapped to MSTIs see the sections on VLAN Configuration Map VLANs to MSTIs via the VLAN Configuration menus Note that MSTP need not be enabled in order to map a VLAN to an MSTI Note also that this mapping must be identical for each bridge that is to belong to the MST region 4 Configure a Region Identifier and Revision Level Note that these two items must be identical for each bridge in the MST region see Section 7 4 4 MST Region Identifier 5 Verify that the Digest field in the MST Region Identifier menu is identical for each bridge in the MST region If it is not then the set of mappings from VLANs to MSTIs differs Configure Bridge Priority per MSTI see Section 7 4 5 Bridge MSTI Parameters Configure Port Cost and Priority per port and per MSTI see Section 7 4 6 Port MSTI Parameters Enable MSTP see Section 7 4 1 Bridge RSTP Parameters NOTE li Static VLANs must be used in an MSTP configuration GVRP is not supported in
157. console connection with administrative privileges to the ROS device to be upgraded i e via RS232 telnet or SSH Enter the CLI shell and run the TFTP client command to receive the firmware image for example tftp lt TFTP server gt get lt remote filename gt main bin where TFTP server is the IP address of the TFTP server remote filename is the name of the binary image file of the main ROS application firmware residing in the TFTP server outgoing directory Verify as above the successful transfer via the ROS CLI version command A sample transcript from the ROS CLI See IO 0 0 1 ee ROSSCHS2 Matin Vso Tollan mesin lonir TET CDE Imanin loma Teese Ole Pilcese wait elosing tlle se TRIP CMD main bin loading succesful gt version C rrcent ROS CRS IBOR C O EAS ZO ES SO Omens 2150 Current ROS CF52 Main Software v3 6 0 Oct 03 2008 09 33 Next ROS CF52 Main Software v3 7 0 Jun 02 2009 08 36 Section 15 4 6 Upgrading Firmware Using SFTP This method requires that the binary image file of the main ROS application firmware along with SFTP client software be available on a computer with a network connection to the ROS device to be upgraded SFTP is the Secure File Transfer Protocol also known as the SSH File Transfer Protocol a file transfer mechanism that uses SSH to encrypt every aspect of file transfer between a networked client and server Establish an SFTP connection with administrative privileges to the ROS d
158. corresponding to the selected MSTI Note Bridge Statistics for the IST MSTI zero are accessible via the Bridge RSTP Statistics menu see Section 7 5 1 Bridge RSTP Statistics Synopsis lt empty string gt Designated Bridge Not Designated For Any LAN Root Bridge Spanning Tree status of the bridge The status may be root or designated This field may display Not designated For Any LAN if the bridge is not the designated bridge for any of its ports Synopsis 4 4 44 4 where is 0 to 65535 is 0 to FF Bridge Identifier of this bridge Synopsis 4 4 44 4 where is 0 to 65535 is 0 to FF Bridge Identifier of the root bridge Synopsis 0 to 65535 or lt empty string gt If the bridge is designated this is the port that provides connectivity towards the root bridge of the network Synopsis 0 to 4294967295 Bridge MSTI Statistics 205 Chapter 7 Spanning Tree RUGGEDCOM ROS User Guide Parameter Total Topology Changes Time since Last TC Section 7 5 4 Port MSTI Statistics Log out Back Instance ID Description The total cost of the path to the root bridge composed of the sum of the costs of each link in the path If custom costs have not been configured 1Gbps ports will contribute a cost of four 100 Mbps ports will contribute 19 and 10 Mbps ports will contribute 100 to this figure For the CIST instance of MSTP this is an extern
159. ction 5 4 Remote Monitoring RMON The Remote Monitoring RMON package provides the following capabilities The ability to collect and view historical statistics in order to review performance and operation of Ethernet ports e The ability to record a log entry and or generate an SNMP trap when the rate of occurrence of a specified event is exceeded Section 5 4 1 RMON History Controls The RMON History Controls table programs the switch to take samples of the RMON MIB history statistics of an Ethernet port at regular intervals Clearing Ethernet Port Statistics 155 Chapter 5 RUGGEDCOM ROS Ethernet Statistics User Guide access Log out RMON History Controls admin Back InsertRecord Figure 113 RMON History Controls Table n access Log out RMON History Controls admin Back Index 40 Port 2 Requested Buckets Granted 1 Buckets 100 Interval 20 Owner Monitor Figure 114 RMON History Controls Form Parameter Description Index Synopsis 1 to 65535 Default 1 The index of this RMON History Control record Port Synopsis 1 to maximum port number Default 1 The port number as seen on the front plate silkscreen of the switch Requested Buckets Synopsis 1 to 4000 Default 50 The maximum number of buckets requested for this RMON collection history group of statistics The range is 1 to 4000 The default is 50 156 RMON History
160. ctory default IP address enter https 192 168 0 1 Once in contact with the switch start the login process by clicking on the Login link The resulting page should be similar to that presented below Enter User Name admin Enter Password cecce Login goahead WEBSERVER Figure 10 The ROS log in page CAUTION AN To prevent unauthorized access to the device make sure to change the default username and password for each user level i e operator guest and admin before commissioning the device It is recommended that each username and password be unique and customized to the user to add an additional level of security The ROS Web Server Interface 39 Chapter 2 RUGGEDCOM ROS Administration User Guide Enter the admin user name and the password for the admin user and then click the LogIn button The switch is shipped with a default administrator password of admin After successfully logging in the main menu appears Section 2 3 2 Customizing the Login Page To display a custom welcome message device information or any other information on the login page add text to the banner txt file If the banner txt file is empty only the username and password fields will appear on the login page For more information see Section 15 1 Files Of Interest Section 2 3 3 The Structure of the Web Interface The user interface is organized as a series of linked web pages The main me
161. d 00 04 71611018 1091097150 6 9e dd 0e 1t e5 e3 21 8b50b 3139300 OL aateareC ci rlletss eile tb iS tacticas CASES TI SAS Seibel O esses ashe OSO ZAC 28 dd Pairs Controlled versions of ROS support SSH public private key pairs that conform to the following specifications PEM format DSA key pair 512 to 2048 bits in length The DSA key pair used in the default key pair and in those generated by ROS uses a public key of 1024 bits in length NOTE DSA keys smaller than 1024 bits in length are not recommended and support is only included here for compatibility with legacy equipment SSH Key Pairs RUGGEDCOM ROS User Guide The following bash shell script fragment uses the ssh keygen command line utility to generate a 1024 bit DSA key suitable for use in ROS The resulting ssh keys file which may then be uploaded to ROS NOTE DSA key generation times increase dramatically with key length 1024 bit DSA keys take approximately 50 minutes on a lightly loaded unit whereas 2048 bit keys take approximately 4 hours A typical modern PC system however can generate these keys in seconds DSA key size BITS 1024 Make an SSH key pair ssh keygen t dsa b 1024 N The following listing is the disassembly of a self signed SSL certificate generated by ROS Private Key priv 00 TUS pub GES ef 2e BOR Oa oe ed 47 e8 Os 6e GOR gels Sos lar eat B23 Oa Die 20 OEE 32 68 STE
162. d E A bladeetibieaccatils 48 2 11 System Time Management aisneis id Ad aa ida 51 2 11 1 Time Keeping Protocol Fundamentals oooccoooccccccnnccccccnnccccnnnnnncnnnnnnnnnnnnnnnnnnnnnancncnnnanccnnns 51 2 11 1 1 Precision Time Protocol PTP Fundamentals ooooccccoccccccnocccnccnnccnnccnnnonnnnnnnannnnnnns 51 27113132 ClOCK ACCURACY sexs saie te vase a 52 2 11 43 IRIG B Fundamentals vii dia 52 2 11 1 4 IRIG B 1EEE1344 Extensions inrer tae a aE nenita cda podes 53 2 11 2 Configuring Time and Date ransana aei td dana 54 2 113 Configuring NTP Service as 56 2 11 4 Configuring Precision Time Protocol PTP IEEE 1588 0 cc ceeeeeeeeeeeeeeeeeeeeeeeaeeeeeeeaneees 57 21141 Global PTP Parameters 0022225 sccccgedeeceene chee eessthee taba 58 2 11 4 2 Clock Parameters ociic5 ean nieiecd et ads ii 60 2 11 4 3 Delay Mechanism Settings serani rE A A EAA ATAA AA EEEE 61 2 1144 Viewing PTP Statistics cocino rr ai R ia 62 21125 Contona IRE rea T A AT iii 63 ZATO TIME Soure SCIOCUON eseria iea aE A E A EAA EAE ATEA 65 2 11 7 Time Synchronization Status aiai anean Rina ere Ea aaan a rA A AA AEAT 66 2 11 8 PTP IEEE1588 Frequently Asked Questions o cooocicicccoccccccnncccnccnnocnnncnnannncnnnanancnnnannnnnnnns 67 2 12 SNMP Management suscrito 73 2 V21 SNMP USOS eono A A A A A 74 2 12 2 SNMP Security to Group Maps 0ccccceeece cece eeeee ee eeeaeeeeaeeeeceeeeaaeeeeaeeesaeeeeseeeeeeeesaeees 76 2123 SSONMPcACC
163. desirable to identify all ports on the device operating in 100 Mbps full duplex mode with flow control disabled and to enable flow control on these ports gt sql update ethportcfg set FlowCtrl Off where Media 100TX and FlowCtrl On 2 records updated Section 15 9 5 Setting Default Values in a Table It is sometimes desirable to restore one table to its factory defaults without modifying the remainder of the configuration The sql default command allows an individual table to be defaulted gt sql default into ethportcfg Section 15 9 6 Using RSH and SQL The combination of remote shell scripting and SQL commands offers a means to interrogate and maintain a large number of devices Consistency of configuration across sites may be verified by this method The following presents a simple example where the devices to interrogate are drawn from the file Devices C gt type Devices 10 011 MORO PAZ ORO ees c gt for F i in devices do rsh i l admin admin sql select from ethportcfg where flow_control disabled Changing Values in a Table 299 Chapter 15 Firmware Upgrade and Configuration Management RUGGEDCOM ROS User Guide Cirsa 10 0 1 1 Sil echa ac Port Name Status 5 BOTS Enabled 1 records selected CENSO A aa 0 records selected CNS SAO AS aa Port Name Status 3 LOGS Enabled 7 Roe 7 Enabled 8 BOSS Enabled iiS Rog S Enabled 4 records selected CoN min sql select from ethportcfg
164. dge Priorities can establish the path of traffic flows in normal and abnormal conditions Synopsis 1 sto 10s Default 2s The time between configuration messages issued by the root bridge Shorter hello times result in faster detection of topology changes at the expense of moderate increases in STP traffic Synopsis 6 sto 40s Default 20s Bridge RSTP Parameters 191 Chapter 7 RUGGEDCOM ROS Spanning Tree User Guide Parameter Description The time for which a configuration message remains valid after being issued by the root bridge Configure this parameter with care when many tiers of bridges exist or when slow speed links such as those used in WANs are part of the network Transmit Count Synopsis 3 to 100 or Unlimited Default Unlimited The maximum number of BPDUs on each port that may be sent in one second Larger values allow the network to recover from failed links bridges more quickly Forward Delay Synopsis 4s to 30s Default 15s The amount of time a bridge spends learning MAC addresses on a rising port before beginning to forward traffic Lower values allow the port to reach the forwarding state more quickly but at the expense of flooding unlearned addresses to all ports Max Hops Synopsis 6 to 40 Default 20 This parameter is only relevant for MSTP ignore it otherwise This parameter specifies the maximum possible bridge diameter inside an MST region MSTP BPDUs propagating inside an MST reg
165. ding skipping the listening and learning stages Edge ports that receive configuration messages immediately lose their Edge Port status and become normal spanning tree ports A loop created on an improperly connected edge port is thus quickly repaired Because an Edge Port services only end stations topology change messages are not generated when its link toggles Section 7 1 3 Point to Point and Multipoint Links RSTP uses a peer peer protocol called Proposing Agreeing to ensure transitioning in the event of a link failure This protocol is point to point and breaks down in multipoint situations i e when more than two bridges operate on a shared media link If RSTP detects this circumstance based upon the port s half duplex state after link up it will switch off Proposing Agreeing The port must transition through the learning and forwarding states spending one forward delay in each state There are circumstances in which RSTP will make an incorrect decision about the point to point state of the link simply by examining the half duplex status namely The port attaches only to a single partner but through a half duplex link The port attaches to a shared media hub through a full duplex link The shared media link attaches to more than one RSTP enabled bridge In such cases the user may configure the bridge to override the half duplex determination mechanism and force the link to be treated in the proper fashion Section
166. ds to be selected and the proper view name from that entry must be used for access control checking View names are predefined noView access is not allowed e V1Mib SNMPv3 MIBs excluded e allOfMibs all supported MIBs are included Log out SNMP Access access admin Back InsertRecord Manager snmpV 3 authPriv allOfMib allOfMib allOfMib public snmp 2c noAuthNoPriy allOfMib allOfMib allOfMib read snmp 1 noAuthNoPriv V1Mib noView noView Figure 45 SNMP Access Table Log out SNMP Access access admin Back Group Manager lt sSCS SecurityModel snmpv3 y SecurityLevel authPriv y ReadViewName allOfMib gt WriteViewName anomib y NotifyViewName allOfMib gt Apply Delete Reload Figure 46 SNMP Access Form SNMP Access 77 Chapter 2 RUGGEDCOM ROS Administration User Guide Parameter Description Group Synopsis Any 32 characters Default The group name to which the security model and name belong This name is used as an index to the SNMPv3 VACM Access Table SecurityModel Synopsis snmpV1 snmpV2c snmpV3 Default snmpV3 In order to gain the access rights allowed by this entry the configured security model must be in use SecurityLevel Synopsis noAuthNoPriv authNoPriv authPriv Default noAuthNoPriv The minimum level of security required in order to gain the access rights allowed by this entry A security level of noAuthNoPriv is less than a
167. due to feature additions Syslog txt file will accumulate information until it fills holding approximately 3 megabytes of characters The clearlogs command resets these logs It is recommended to run clearlogs command after every firmware upgrade Viewing and Clearing Log Files 27 Chapter 1 RUGGEDCOM ROS Introduction User Guide Section 1 7 4 Managing the Flash Filesystem The flashfiles command is an interface to three utilities for obtaining information about and for managing the Flash filesystem maintained by ROS e Flash filesystem statistics display Detailed information about a specific file e Flash filesystem defragmentation tool gt help flashfiles A set of diagnostic commands to display information about the Flash filesystem and to defragment flash memory flashfiles When no parameters are provided statistics about the Flash memory and filesystem are printed flashfiles info filename Provides information about a specific file in the Flash filesystem flashfiles defrag Defragments files in the Flash filesystem Figure 3 Flashfiles command summary Section 1 7 4 1 Flash Filesystem Memory Mapping When the flashfiles command is invoked with no arguments a listing is displayed of files currently in Flash memory their locations and the amount of memory they consume gt flashfiles Filename Base Size Sectors Used boot bin 00000000 110000 223 1049514 main bin 0011000
168. e Once this time exceeds the Aging Timer setting for the protocol the device will be removed from the table This value is updated every 10 seconds Section 3 4 Serial Statistics Section 3 4 1 Link Statistics This table presents detailed statistics for serial links between two devices Log out Back PPA access Links Statistics admin 2 COMZ 5 2 COM1 Figure 91 Link Statistics Table 767 192 168 0 2 4999 1535 192 168 0 5 4998 0 126 Serial Statistics RUGGEDCOM ROS User Guide Chapter 3 Serial Protocols Protocol access Links Statistics admin DNP Local Address 2 COM2 Remote Address 767 192 168 0 2 4999 Rx Local Rx Remote fi 461 Erroneous o Figure 92 Link Statistics Form Parameter Protocol Local Address Remote Address Rx Local Rx Remote Erroneous Section 3 4 2 Connection Statistics Reload Description Synopsis None RawSocket ModbusServer ModbusClient DNP WIN TIN MicroLok The serial protocol supported by devices that create this link Synopsis Any 27 characters The address of the device connected to the serial port on this device Synopsis Any 35 characters The address of the device connected to the remote host s serial port Synopsis 0 to 4294967295 The number of packets received from the local address that were forwarded to the remote side Synopsis 0 to 4294967295 The numbe
169. e 197 Network Discovery Main Menu Section 13 3 1 LLDP Menu The LLDP menu is used to configure LLDP on the switch globally and per port to exchange LLDP information with neighbors and to view LLDP information and statistics LLDP Menu 267 Chapter 13 RUGGEDCOM ROS Network Discovery User Guide access Log out Main Menu peeps e Administration e Ethernet Ports e Ethernet Stats e Link Aggregation e Spanning Tree e Virtual LANs Port Security e Classes of Service e Multicast Filtering e MAC Address Tables e Network Discovery e Link Layer Discovery Protocol e Configure Global LLDP Parameters Configure Port LLDP Parameters View LLDP Global Remote Statistics View LLDP Neighbor Information View LLDP Statistics e Ru m Discovery Protocol e Diagnostics Figure 198 Network Discovery Menu 268 LLDP Menu RUGGEDCOM ROS User Guide Chapter 13 Network Discovery Section 13 3 1 1 Global LLDP Parameters access Global LLDP Parameters aii State Disabled Enabled Tx Interval 30s Tx Hold 4 Reinit Delay 2s Tx Delay 2s Apply Reload Figure 199 Global LLDP Parameters Form Parameter State Tx Interval Tx Hold Reinit Delay Tx Delay Description Synopsis Disabled Enabled Default Enabled Enables the LLDP protocol Note that LLDP is enabled on a port when LLDP is enabled globally and along with enabling per port setting in Port LLDP Parameters
170. e 3 Mogerieg el cout hi aie Ow ark eK a LINK Logging is disabled MAC Logging is disabled BORM 3 AES VCO O SPs LCERA IGMP Logging is disabled GVRP Logging is disabled WEBS Logging is disabled DHCPRA Logging is disabled S02 1 2 Logging te cisabled RE Logging is disabled Figure 6 Displaying Trace Settings 30 Tracing Events RUGGEDCOM ROS User Guide Chapter 1 Introduction Section 1 7 6 1 Enabling Trace Tracing can be enabled on a per subsystem basis Obtain detailed information about individual subsystems by entering trace subsystem_name lt CR gt Some subsystems offer a mechanism to enable tracing only on certain ports gt trace stp trace stp syntax stp 1 all verbose packets timers decodes ports port_number all SIP 2 Legging iS disabled gt trace stp all ome 2 Loggar aLL cono Leone ON POr BIS gt trace link trace link syntax Lave changes ll Stats ll altos E LINK Logging is disabled gt trace link changes LINK changes gt Figure 7 Enabling Trace Section 1 7 6 2 Starting Trace 1 16 statsonce fact tods To start trace enter trace lt CR gt All historical trace messages may be displayed using trace noclear lt CR gt Since this may include many messages it may be more desirable to use the trace clear lt CR gt command instead This command will automatically clear the trace buffe
171. e Serial Protocols Section 3 2 3 4 Broadcast Messages DNP Broadcast Messages Addresses 65521 through 65535 are DNP 3 0 broadcast addresses RS416 supports broadcasts sending messages with those destination addresses received from serial ports to all IP Addresses found in the Device Address Table either learned or statically configured When a DNP broadcast message is received from the IP network it will be distributed to all ports configured to support the DNP protocol TIN Broadcast Messages TIN broadcast messages can be received only from devices connected to the serial ports TIN Mode 1 Broadcast Messages These messages will be sent to all TIN Address Ports found in the Dynamic Address Table TIN Mode 2 Broadcast Messages These messages will be sent according to the configuration to all TIN addresses on every IP address found in the Dynamic Address Table and or to all Wayside Data Radio IP addresses found in the Static Device Address Table Section 3 2 3 5 Transport Protocols For supported protocols with exception of Modbus either UDP datagram or TCP connection packets can be used to transport protocol data over the IP network The Modbus data can be transported only using TCP connection following TCPModbus protocol UDP supports all the addressing modes of IP unicast multicast and broadcast Therefore if address learning is enabled UDP broadcasts will be sent across the network Transport for Raw Socket The TCP t
172. e ability to expedite the transmission of certain frames and port traffic over others The CoS of a frame can take on one of four values Normal Medium High or Critical The default policies of the switch enforce a Normal CoS for all traffic NOTE i Use the highest supported CoS with caution as it is always used by the switch for handling network management traffic such as STP BPDUs If this CoS is used for regular network traffic upon traffic bursts it may result in loss of some network management frames which in its turn may result in loss of connectivity over the network The CoS feature has two main phases inspection and forwarding Section 10 1 1 Inspection Phase In the inspection phase the CoS priority of a received frame is determined from The priority field in 802 1Q tags The Differentiated Services Code Point DSCP component of the Type Of Service TOS field if the frame is IP The default CoS for the port e gt A specific CoS based upon the source and destination MAC address as set in the Static MAC Address Table Note that a frame s CoS will be determined once the first examined parameter is found in the frame Received frames are first examined to determine if their destination or source MAC address is found in the Static MAC Address Table If yes the CoS configured for the static MAC address is used If neither destination or source MAC address is in the Static MAC Address Table the frame is then exa
173. e for RMON Alarms 170 RUGGEDCOM ROS Chapter 6 User Guide Link Aggregation Bb Link Aggregation Link Aggregation is also known as port trunking or port bundling ROS provides the following Link Aggregation features Support for up to 15 port trunks NOTE li The actual maximum number of port trunks depends on the number of ports in the switch at least two ports are required to compose a port trunk Up to 8 ports can be aggregated in one port trunk e Highly randomized load balancing between the aggregated links based on both source and destination MAC addresses of the forwarded frames Section 6 1 Link Aggregation Operation Link Aggregation provides you with the ability to aggregate several Ethernet ports into one logical link port trunk with higher bandwidth Link Aggregation can be used for two purposes e To obtain increased linearly incremental link bandwidth To improve network reliability by creating link redundancy If one of the aggregated links fails the switch will balance the traffic between the remaining links Link Aggregation Operation 171 Chapter 6 RUGGEDCOM ROS Link Aggregation User Guide Figure 124 Link Aggregation Examples Section 6 1 1 Link Aggregation Rules Any port can belong to only one port trunk at a time The aggregated port with the lowest port number is called the Port Trunk Primary Port Other ports in the trunk are called Secondary Ports Layer 2 fea
174. e ke is not an emtpy string it must be at least 6 characters long Section 2 12 2 SNMP Security to Group Maps Entries in this table map configuration of security model and security name user into a group name which is used to define an access control policy Up to 32 entries can be configured Log out SNMP Security to Group Maps access admin Back InsertRecord snmpY 1 read read snmpY2c common public snmpY2c public public snmpVv3 Manager Manager Figure 43 SNMP Security to Group Maps Table Log out SNMP Security to Group Maps access admin Back SecurityModel snmp 2c Name common Group public Apply Delete Reload Figure 44 SNMP Security to Group Maps Form Parameter Description SecurityModel Synopsis snmpV1 snmpV2c snmpV3 Default snmpV3 The Security Model that provides the name referenced in this table 76 SNMP Security to Group Maps RUGGEDCOM ROS Chapter 2 User Guide Administration Parameter Description Name Synopsis Any 32 characters Default The user name which is mapped by this entry to the specified group name Group Synopsis Any 32 characters Default The group name to which the security model and name belong This name is used as an index to the SNMPv3 VACM Access Table Section 2 12 3 SNMP Access These parameters provide the ability to configure access rights for groups To determine whether access is allowed one entry from this table nee
175. e person responsible for managing the switch You can enter name phone number email etc It is displayed in the login screen so that this person may be contacted should help be required These parameters provide the ability to configure parameters for authorized and authenticated access to the device s services HMI via Serial Console Telnet SSH RSH Web Server Access to the switch can be authorized and authenticated via RADIUS or TACACS servers or using locally configured passwords that are configured per user name and access level 48 System Identification RUGGEDCOM ROS Chapter 2 User Guide Administration Note that access via the Serial Console is authorized first using local settings If a local match is not found RADIUS TACACS will be used if enabled For all other services if RADIUS or TACACS is enabled for authentication and authorization but is unreachable the local settings will be used if configured To access the unit the user name and password must be provided Three user names and passwords can be configured They correspond to three access levels which provide or restrict access to change settings and execute various commands within the device guest users can view most settings but may not change settings or run commands operator cannot change settings but can reset alarms clear statistics and logs admin user can change all the settings and run commands CAUTION AN To prevent unauthoriz
176. e to Power Profile 4 Under Precision Time Control gt Configure Global Parameters set Network Class to IEEE1588 Network 5 Under Precision Time Control gt Configure Clock Parameters set Slave Only to Yes 72 PTP IEEE1588 Frequently Asked Questions RUGGEDCOM ROS User Guide Chapter 2 Administration 6 Under Configure Time Source set Primary Time Source to IEEE1588 7 Under Configure IRIGB set IEEE1344 to Yes Procedure Configuring the slave clock 1 Under Precision Time Control gt Configure Global Parameters set PTP Enable to Yes 2 Under Precision Time Control gt Configure Global Parameters set Clock Type to Ordinary Clock 3 Under Precision Time Control gt Configure Global Parameters set PTP Profile to Power Profile 4 Under Precision Time Control gt Configure Global Parameters set Network Class to IEEE1588 Network Under Precision Time Control gt Configure Clock Parameters set Slave Only to Yes Under Configure Time Source set Primary Time Source to IEEE1588 Under Configure IRIGB set IEEE1344 to Yes Q IEEE1588 Firmware Dependencies A The following table shows the dependencies between ROS and FPGA firmware revisions and new features introduced during relevant releases Table ROS and FPGA416 Firmware Dependencies ROS Version FPGA416 Version ROS 3 11 FGPA416 128 ROS 3 10 FPGA416 120 ROS 3 9 FPGA416 120 ROS 3 8 FPGA416 120 ROS 3 7 FPGA416 102 Section 2 1
177. e to each other using the PTP protocol Synopsis 125 ms 250 ms 500 ms 1s 2s Default 1s Selects PTP Precision Time Protocol Sync interval mean time interval between successive Sync messages in seconds Sync messages are periodically sent by Master Clock which provides time of day information to PTP Slave Clock s Synopsis 1s 2s 4s 8s 16s 32s Default 1s Selects PTP Precision Time Protocol announce interval mean time interval between successive Announce messages in seconds Announce messages are periodically sent by Master Clock which provide status and characterization information about it The Announce message is used to establish the synchronization hierarchy Synopsis 2 to 10 Default 3 Selects PTP Precision Time Protocol announce receipt timeout This parameter specifies the number of Announce Interval that have to pass without receipt of an Announce message This parameter is part of BMC Best Master Clock algorithm Please note that change in this parameter may be disruptive Synopsis 0 to 255 Default 128 Selects PTP Precision Time Protocol clock priority1 during the execution of Best Master Clock BMC algorithm Lower value takes precedence The operation of the best master clock algorithm selects clocks from a set with a lower value of priority1 over clocks from a set with a greater value of priority1 Synopsis 0 to 255 Default 128 Selects PTP Precision Time Protocol clock priority2 dur
178. eceived successfully but discarded because of an unknown or unsupported protocol The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this discretionary discard criterion The number of IP datagrams discarded because no route could be found to transmit them to their destination Note that this counter includes any packets counted in ipForwDatagrams which meet this no route criterion Note that this includes any datagrams which a host cannot route because all of its default routers are down The total number of IP datagrams which local IP user protocols including ICMP supplied to IP in requests for transmission Note that this counter does not include any datagrams counted in ipForwDatagrams The number of IP fragments received which needed to be reassembled at this entity The number of IP datagrams successfully reassembled The number of times the complete set of information has been deleted from tables contained in lldpRemoteSystemsData objects because the information timeliness interval has expired The number of times the complete set of information has been deleted from tables contained in lldpRemoteSystemsData objects The number of times the complete set of information could not be entered into tables
179. ecifies whether the IP interface is the device management interface IP Address Type Synopsis Static Dynamic DHCP BOOTP Default Static Specifies whether the IP address is static or is dynamically assigned via DHCP or BOOTP The Dynamic option automatically switches between BOOTP and DHCP until it receives a response from the relevant server The Static option must be used for non management interfaces IP Address Synopsis 4H HH AHH where ranges from 0 to 255 Default 192 168 0 1 Specifies the IP address of this device An IP address is a 32 bit number that is notated by using four numbers from O through 255 separated by periods Only a unicast IP address is allowed which ranges from 1 0 0 0 to 233 255 255 255 Subnet Synopsis H HH AHH where ranges from 0 to 255 Default 255 255 255 0 Specifies the IP subnet mask of this device An IP subnet mask is a 32 bit number that is notated by using four numbers from O through 255 separated by periods Typically subnet mask numbers use either 0 or 255 as values e g 255 255 255 0 but other numbers can appear Section 2 6 IP Gateways These parameters provide the ability to configure gateways A maximum of 10 gateways can be configured When both the Destination and Subnet fields are both 0 0 0 0 displayed as blank space the gateway is a default gateway 44 IP Gateways RUGGEDCOM ROS Chapter 2 User Guide Administration access Log out IP Gateway
180. ect some switch ports and multicast goes everywhere Is IGMP broken No it may be a proper switch behavior When the switch detects a change in the network topology through STP it acts to avoid loss of multicast traffic if configured to do so it starts forwarding all multicast traffic to all ports that are not STP Edge ports because they may potentially link to routers This may result in some undesired flooding of multicast traffic which will stop after a few minutes however it guarantees that all devices interested in the traffic will keep receiving it without a break Note that the same behavior will be observed when the switch resets or when IGMP Snooping is being enabled for the VLAN 258 Troubleshooting RUGGEDCOM ROS Chapter 12 User Guide MAC Address Tables 12 MAC Address Tables ROS MAC address table management provides you with the following features e Viewing learned MAC addresses Purging MAC Address Entries e Configuring the switch s MAC Address Aging time e Configuring static MAC addresses e Configuring flooding options The MAC Address Tables menu is accessible from the main menu access Log out Main Menu an Administration Ethernet Ports Ethernet Stats Link Aggregation Spanning Tree Virtual LANs Port Security Classes of Service Multicast Filtering MAC Address Tables View MAC Addresses Configure MAC Address Learning Options Configure Flooding Options Configure Static MAC Addres
181. ed Value format The file can also be encrypted and assigned a passphrase key for protection All configuration changes whether they are performed using the web interface console interface CLI SNMP or SQL are stored in this one file The file named config csv may be read from and written to the ROS device in the same ways that firmware image files can as described in the preceding sections The configuration file may be copied from the unit and used as a backup to be restored at a later date Configuration files from different units may be compared using standard text processing tools For more information about encrypting the configuration file refer to Section 2 8 Data Storage NOTE Data encryption is not available in NC versions of ROS When switching between Controlled and Non Controlled NC versions of ROS make sure data encryption is disabled Otherwise the NC version of ROS will ignore the encrypted configuration file and load the factory defaults The transfer mechanisms supported for the update of config csv are the same as for ROS firmware image files e XModem using the ROS CLI over a console session TFTP client using the ROS CLI in a console session and a remote TFTP server TFTP server from a remote TFTP client e SFTP secure FTP over SSH from a remote SFTP client Please refer to the preceding section Section 15 4 Upgrading Firmware for examples of the use of each of these mechanisms for transfe
182. ed access to the device make sure to change the default username and password for each user level i e operator guest and admin before commissioning the device It is recommended that each username and password be unique and customized to the user to add an additional level of security When creating a new password make sure it adheres to the following rules e Must not be less than 6 characters in length Must not include the username or any 4 continous alphanumeric characters found in the username For example if the username is Subnet25 the password may not be subnet25admin or subnetadmin However net25admin or Sub25admin is permitted e Must have at least one alphabetic character and one number Special characters are permitted e Must not have more than 3 continuously incrementing or decrementing numbers For example Sub123 and Sub19826 are permitted but Sub12345 is not An alarm will generate if a weak password is configured Any password that does not satisfy the rules mentioned above will be considered a weak password by ROS The weak password alarm can be disabled by user For more information about disabling alarms refer to Section 14 1 4 Configuring Alarms Log out Passwords Back Auth Type Local y Guest Username guest Guest Password Confirm Guest Password Operator Username operator Operator Password Confirm Operator Password Admin Username admin Admin Password Confirm Admin Password Ap
183. edium High Crit Specifies what Class Of Service is assigned to frames carrying this address as source or destination address 260 Viewing MAC Addresses RUGGEDCOM ROS User Guide Chapter 12 MAC Address Tables Section 12 2 Configuring MAC Address Learning Options Log out Back P R access MAC Address Learning Options admiri Aging Time 300 s Age Upon Link Loss No Yes Apply Reload Figure 192 MAC Address Learning Options Form Parameter Aging Time Age Upon Link Loss Description Synopsis 15 to 800 Default 300s This parameter configures the time that a learned MAC address is held before being aged out Synopsis No Yes Default Yes When a link failure and potentially a topology change occurs the switch may have some MAC addresses previously learned on the failed port As long as those addresses are not aged out the switch will still be forwarding traffic to that port thus preventing that traffic from reaching its destination via the new network topology This parameter allows the aging out of all MAC addresses learned on a failed port immediately upon link failure detection Configuring MAC Address Learning Options 261 Chapter 12 RUGGEDCOM ROS MAC Address Tables User Guide Section 12 3 Configuring Flooding Options A access Log out Flooding Options ports Back Figure 193 MAC Address Flooding Options Table A i acces
184. eeeeaeeeeeeeeeeeeeaaeeeeeeaaees 87 RUGGEDCOM ROS Table of Contents User Guide 2 17 TROUBIESHOOUNG e ic rt ephebhastceds stweceditlatdebese titi aaa AA Eaa ERARE 88 o A EEE EE EiS 91 3 T Seral Protocols OVErview 0 A a 91 3 1 1 Raw Socket protocol features rresrrssrs aa a a aaa Eae Aara ana eaha danaa 91 3 1 2 DNP over Raw Socket protocol features cccccecceeeece cece eeee eee saeeeeaeeeeaeeeeaeeeeeeeesaeees 92 3 1 3 Preemptive Raw Socket protocol features cccccecc cece ce eeee ee eeeeeeeaeeeeeaeeesaeeeeaaeeeseeeeaaes 92 3 1 4 Modbus protocol features victor O a AA AAT PATEE Ea 92 3 1 5 DNP protocol features sair an cee eee ee cents A a A e e a a E 92 3 10 lt Microlok protocol features iii A Aa 93 3 1 7 WIN protocol features ir sisena lit da a aTa dazed 93 3 1 8 TIN protocol features sesion a o aaa e icaa 93 3 1 9 TelnetComPort protocol features oooocccccncccocccconccconcnnnncnnnnncnnnnnnnnnnncnnnnnonnnnnnncnnnnnnnnnancnnnnnns 93 3 2 Serial Protocols Operativa A iaa 93 3 2 1 Serial Encapsulation Applications ooooooocococccccncccocccnoncnccnnnnnnnnncnncnnnnnnnnnnncnnnnnnnnnnnonencnnnnnnns 93 3 2 1 1 Character Encapsulation Raw Socket oooooncccoconcccccccccccccnnccnnnonononnncnnannnnnnnnnnnnnnnns 93 32 172 RTU Polling ida dida a cada Ria iria iria 94 3 2 1 3 Broadcast RITU Poling caian 95 3 2 1 4 Preemptive Raw Socket sucrer e ea ee eee aa a a aaa aaa aa a aa aa aaa 96 3 2 1
185. eived join messages for the multicast group Section 11 2 2 Leaving a Multicast Group Periodically the switch sends GMRP queries in the form of a leave all message If a host either a switch or an end station wishes to remain in a multicast group it reasserts its group membership by responding with an appropriate join request Otherwise it can either respond with a leave message or simply not respond at all If the switch receives a leave message or receives no response from the host for a timeout period the switch removes the host from the multicast group GMRP GARP Multicast Registration Protocol 247 Chapter 11 RUGGEDCOM ROS Multicast Filtering User Guide Section 11 2 3 GMRP Protocol Notes Since GMRP is an application of GARP transactions take place using the GARP protocol GMRP defines the following two Attribute Types The Group Attribute Type used to identify the values of group MAC addresses The Service Requirement Attribute Type used to identify service requirements for the group Service Requirement Attributes are used to change the receiving port s multicast filtering behavior to one of the following Forward All Multicast group traffic in the VLAN or e Forward All Unknown Traffic Multicast Groups for which there are no members registered in the device in a VLAN If GMRP is globally disabled on the device GMRP PDUs received by the switch are forwarded like any other
186. elp and press Enter to see the list of commands available at the current session access level For more information on the ROS CLI commands see Section 1 6 Command Line Listing Section 1 7 2 Obtaining Help For A Command Help related to the usage of a particular command may be obtained by entering help command name lt CR gt at the shell prompt gt help type Displays the contents of a text file Enter dir for a directory listing of files TYPE filename Figure 1 Displaying Help For A Command Section 1 7 3 Viewing Files RUGGEDCOM devices maintain a number of volatile and non volatile files These files can aid in the resolution of problems and serve as a useful gauge of the device s health Section 1 7 3 1 Listing Files Enter dir lt CR gt to obtain a complete list of files and a description of each 26 Summary Of CLI Commands Available in ROS RUGGEDCOM ROS User Guide Chapter 1 Introduction NOTE Each file has associated attributes as described under the Attr column in dir command Files marked R are readable i e may be uploaded by the user Files marked W are writable i e may be modified downloaded by the user Files marked B are binary files i e may be upgraded by the user The most useful files include config csv crashlog txt and syslog txt These files may be viewed by using the type command specifying the desired filename Ea Direc
187. ement interface is used When both outgoing and incoming connections are enabled client or server this is remote IP address to use to place an outgoing TCP connection request or from which to accept calls For UDP transport this is the IP address of the interface to listen to for UDP datagrams Synopsis Disabled Enabled Default Enabled Enables links statistics collection for the protocol Mirrored Bits _ actory 1 UDP 61001 61000 Enabled 2 UDP 61002 61000 Mirrored Bits e actory Port 2 Transport UDP Loc Port 61002 Rem Port 61000 IP Address Link Stats Disabled Enabled 120 Mirrored Bits RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols Parameter Description Port Synopsis 1 to4 Default 1 The port number as seen on the front plate silkscreen of the switch Transport Synopsis TCP UDP Default UDP The network transport used to transport Mirrored Bits protocol data over an IP network Loc Port Synopsis 1024 to 65535 Default 61001 The local IP port to use when listening for an incoming connection or UDP data Rem Port Synopsis 1 to 65535 Default 61000 The remote TCP port to use when placing an outgoing connection IP Address Synopsis H H HH HHH HHH where ranges from O to 255 or lt EMPTY STRING gt Default For an outgoing TCP connection client and UDP transport this is the remote IP address to c
188. en Open Open Open Closed Closed Closed Closed UDP Open TCP Closed Closed UDP Open TCP Closed Access Authorized Yes Yes Yes No Yes Yes No Yes No Yes Yes No No No No No 12 Available Services by Port RUGGEDCOM ROS Chapter 1 User Guide Introduction Services Port Number Port Open Port Default Access Authorized WIN UDP 52000 UDP Open UDP Open TCP No TCP 52000 TCP open after Closed configured first time can not be closed MICROLOK UDP 60000 UDP Open UDP Open TCP No TCP open after Closed configured first time can not be closed MirroredBits UDP 61001 to Open configurable Closed No UDP 61016 TCP Modbus Server including TCP 502 Open Open No Management access TCP Modbus Switch Management access TCP 502 Open configurable Closed No DHCP DHCP Agent UDP 67 sending Open Open No msg if enabled if received always come to CPU dropped if service not configured DHCP Server WLAN UDP 67 for listening Open Open No UDP 68 for responding RCDP Open configurable Closed Yes Section 1 5 ModBus Management Support and Memory Map ModBus management support in RUGGEDCOM devices provides a simple interface for retrieving basic status information ModBus support simplifies the job of SCADA Supervisory Control And Data Acquisition system integrators by providing familiar protocol for the retrieval of RUGGEDCOM device information ModBus pr
189. er Name Revision Level Digest Description Synopsis Any 32 characters Default 00 0A DC 00 41 74 Variable length text string You must configure an identical region name on all switches you want to be in the same MST region Synopsis 0 to 65535 Default 0 Use this parameter if you want to create a new region from a subset of switches in a current region while maintaining the same region name Synopsis 32 hex characters This is a read only parameter and should be only used for network troubleshooting In order to ensure consistent VLAN to instance mapping it is necessary for the protocol to be able to exactly identify the boundaries of the MST regions For that purpose the characteristics of the region are included in BPDUs There is no need to propagate the exact VLAN to instance mapping in the BPDUs because switches only need to know whether they are in the same region as a neighbor Therefore only this 16 octet digest created from the VLAN to instance mapping is sent in BPDUs MST Region Identifier 197 Chapter 7 Spanning Tree RUGGEDCOM ROS User Guide Section 7 4 5 Bridge MSTI Parameters Log out co e Mm i Instance ID 1 GET Figure 140 Bridge MSTI Parameters Parameter Instance ID Bridge Priority access admin Bridge MSTI Parameters Bridge Priority 32768 Description Synopsis 0 to 16 Default 1 The Instance ID refers to the MSTI Multiple Spanning
190. er auto negotiates the auto negotiating end will fall back to half duplex operation At lower traffic the volumes the link may display few if any errors As the traffic volume rises the fixed negotiation side will begin to experience dropped packets while the auto negotiating side will experience collisions Ultimately as traffic loads approach 100 the link will become entirely unusable At this point RSTP will not be able to transmit configuration messages over the link and the spanning tree topology will break down If an alternate trunk exists RSTP will activate it in the place of the congested port Since activation of the alternate port often relieves the congested port of its traffic the congested port will once again become reliable RSTP will promptly enter it back into service beginning the cycle once again The root port will flip back and forth between two ports on the switch Problem Two My PC IED Device is connected to your switch After reset the switch it takes a long time before it comes up Is it possible that the RSTP edge setting for this port is set to false If Edge is set to false the bridge will make the port go through two forward delay times before the port can send or receive frames If Edge is set to true the bridge will transition the port directly to forwarding upon link up Another possible explanation is that some links in the network run in half duplex mode RSTP uses a peer to peer protocol called Proposa
191. erface including framing characters This object is a 64 bit version of iflnOctets The number of packets delivered by this sub layer to a higher sub layer which were not addressed to a multicast or broadcast address at this sub layer This object is a 64 bit version of iflnUcastPkts The total number of packets transmitted that were directed to the broadcast address This object is a 64 bit version of ifOutBroadcastPkts The total number of packets transmitted that were directed to multicast address This object is a 64 bit version of ifOutMulticastPkts The total number of bytes transmitted out of the interface This object is a 64 bit version of ifOutOctets The total number of good packets received that were directed to the broadcast address The number of received packets that are dropped due to lack of receive buffers The number of received packets that contained errors preventing them from being deliverable to a higher layer protocol The total number of good packets received that were directed to multicast address The number of packets delivered by this sub layer to a higher sub layer which were addressed to a multicast or broadcast address at this sub layer The total number of bytes received on the interface including framing characters The number of packets delivered by this sub layer to a higher sub layer which were not addressed to a multicast or broadcast address at this sub layer The total numbe
192. ers valid for this parameter The port number as seen on the front plate silkscreen of the switch or a list of ports if aggregated in a port trunk Status Synopsis Disabled Listening Learning Forwarding Blocking Link Down Discarding The status of this port in the Spanning Tree This may be one of the following Disabled STP is disabled on this port Link Down STP is enabled on this port but the link is down Discarding The link is not used in the STP topology but is standing by Learning The port is learning MAC addresses in order to prevent flooding when it begins forwarding traffic Forwarding The port is forwarding traffic Role Synopsis lt empty string gt Root Designated Alternate Backup Master The role of this port in the Spanning Tree This may be one of the following Designated The port is designated for i e carries traffic towards the root for the LAN it is connected to Root The single port on the bridge which provides connectivity towards the root bridge Backup The port is attached to a LAN that is serviced by another port on the bridge It is not used but is standing by Port MSTI Statistics 207 Chapter 7 RUGGEDCOM ROS Spanning Tree User Guide Parameter Description Alternate The port is attached to a bridge that provides connectivity to the root bridge It is not used but is standing by Master Only exists in MSTP The port is an MST region boundary port and the si
193. ersion Main Version Required Boot Hardware ID Product Information 3 Alarms Rossun kanie 262012164 pisi ooo R5400 40 00 0010 Rev C1 Reload Description Synopsis HH HH HH HH H where ranges 0 to FF Shows the unique MAC address of the device Synopsis Any 57 characters Shows the order code of the device Synopsis Any 15 characters Provides system classification The value Controlled indicates the main firmware is a Controlled release The value Non Controlled indicates the main firmware is a Non Controlled release The Controlled main firmware can run on Controlled units but it can not run on Non Controlled units The Non Controlled main firmware can run on both Controlled and Non Controlled units Synopsis Any 31 characters Shows the serial number of the device Synopsis Any 47 characters Shows the version and the build date of the boot loader software Synopsis Any 47 characters Shows the version and build date of the main operating system software Synopsis Any 15 characters Shows the minimum boot software loader version required by running main Synopsis RSMCPU 40 00 0008 Rev B1 RSMCPU2 40 00 0026 Rev A1 RS400 40 00 0010 Rev B2 RMC30 RS900 40 00 0025 Rev B1 RS900 40 00 0032 Rev B1 RS1600M RS400 40 00 0010 Rev C1 RSG2100 RS900G RSG2200 RS969 RS900 v2 40 00 0066 RS900 v2 40 00 0067 RS416 40 00 0078 RMC30 v2 RS930 40 00 0089 RS969
194. ervices by Port 11 Chapter 1 Introduction RUGGEDCOM ROS User Guide The port state whether it is always open and cannot be closed or open only but can be configured NOTE In certain cases the service might be disabled but the port can stil be open e g TFTP e Port Default The default state of the port i e open or closed Access Authorized Denotes whether the ports services are authenticated during access Services Telnet HTTP HTTPS RSH TFTP SFTP SNMP SNTP SSH ICMP TACACS RADIUS Remote Syslog DNP over RawSocket DNPv3 RawSocket Telnet COM TIN Port Number TCP 23 TCP 80 TCP 443 TCP 512 UDP 69 TCP 22 UDP 161 UDP 123 TCP 22 TCP 49 configurable UDP 1812 to send configurable opens random port to listen to UDP 514 configurable TCP 21001 to TCP 21016 UDP 20000 TCP 20000 UDP 50001 to UDP 50016 TCP 50001 to TCP 50016 UDP 51000 TCP 51000 Port Open Open configurable Open redirects to 443 Open Open configurable Open Open Open Open Always might acts as server Open Open Open configurable Open configurable Open configurable Open configurable UDP Open TCP open after configured first time can not be closed Open configurable UDP Open TCP open after configured first time can not be closed Port Default Closed Open Open Closed Open service disabled Open Op
195. es i e the rules applied to all frames when they are received by the switch Frame received Priority This does not depend on ingress port s VLAN configuration Untagged Tagged VID 0 Tagged valid VID parameters VLAN ID associated with the frame PVID PVID VID in the tag Frame dropped due to its tagged untagged format No No No Frame dropped if VLAN associated with the frame is not configured N A N A Yes or learned in the switch Frame dropped if ingress port is not a member of the VLAN the N A N A No frame is associated with Egress Rules These are the VLAN egress rules i e the rules applied to all frames when they are transmitted by the switch Frame sent On other VLAN On egress port s native VLAN E Egress port type Port is a member of the VLAN Bet da ee ve Edge According to the egress port s N A frame is dropped PVID Format parameter Trunk Tagged dropped Section 8 1 7 Forbidden Ports List Each VLAN can be configured to exclude ports from membership in the VLAN Section 8 1 8 VLAN aware And VLAN unaware Modes Of Operation The native operation mode for an IEEE 802 1Q compliant switch is VLAN aware Even if a specific network architecture does not use VLANs ROS default VLAN settings allow the switch still to operate in a VLAN aware VLAN Ingress and Egress Rules 213 Chapter 8 RUGGEDCOM ROS VLANs User Guide mode while providing functionality required for almost any network application However
196. es that have been received by this port from its segment The number of frames that have been transmitted by this port to its segment The number of times a VLAN entry has been deleted from the dot1qVlanCurrentTable for any reason If an entry is deleted then inserted and then deleted this counter will be incremented by 2 The number of good Broadcast packets received The best estimate of the total number of collisions on this Ethernet segment The number of packets received which meet all the following conditions 1 Packet data length is between 64 and 1536 bytes inclusive 2 Packet has invalid CRC 3 Collision Event has not been detected 4 Late Collision Event has not been detected The number of received packets that are dropped due to lack of receive buffers The number of packets received which meet all the following conditions 1 Packet data length is less than 642 Collision Event has not been detected 3 Late Collision Event has not been detected 4 CRC invalid The total number of packets received that were longer than 1518 bytes and had either a bad Frame Check Sequence or Alignment Error The number of good Multicast packets received The number of bytes in received good packets Unicast Multicast Broadcast and dropped packets The number of packets received with data length greater than 1536 bytes and valid CRC The number of received good packets Unicast Multicast Broadcast and dropped packets The total number
197. esiatcnumsaheten dace 2 V2 2 SSH Key Pals ici ea 4 1 1 3 Bootloader CONSIDErAtONS sdicia eaaet aaea a a aaa tala sta aa Eaa aaa a i tagata 6 1 2 SNMP MIB SUPPO dt odres 6 1 2 1 Standard MIBS coin ie ltda da 6 1 2 2 Siemens Proprietary MIES i ccoo iaa 7 1 2 3 Siemens Supported Agent Capabilities MIBS cccceececeeeceeeeece eect ce eeee ee eecaeeeeaeeeeseeesaaees 8 1 3 SNMP Trap SUMMA Y iii diia 10 1 4 Available Services by POM eio eaer a EA EE AE A E AOA ridad 11 1 5 ModBus Management Support and Memory Map 2 cccceeeeceeece ee eeeeeeeeceeeeeeeeesaeeeeaeeeeseeeeaaes 13 1 5 1 Modbus Memory Map ccc tt er rn nn ree reser NA EENE VENERA 14 Vee a TeX O tac cetetite echt PE Made ctaritun sedi EE segeatandeds bets EE E TA ETTEN 20 A i o acest Sachs E EAEE E E A T uedctea E E A E 20 VAS UES AA TEA 20 Ee E 6 E EEE A EE ET 20 ToO PORC MA La tina 21 1 57936 AAA Mi AA A alee alo 21 ESAT PSStatus CMA seriada a aaa 22 RUGGEDCOM ROS Table of Contents User Guide PORE Truth Value ecos idilio AA ES 22 TO Command Line LISting is2 025 ceye 3 sae aes hee ec had eas ede tne eee ON eaten pe a es Meera 23 1 Using the CEI Shell ii A A ds 25 1 7 1 Summary Of CLI Commands Available in ROS ooooncnnocicccococccnnonononnnnnnannn cnn nanan cn cnn 26 1 7 2 Obtaining Help For A Command c oooccccccnnccccncnnnonononnnonnnnnnnnnnnnnnnnnn cnn E Reina 26 Ero A A O ents 26 EPEAT Leng Plea
198. eter Description e traffic switches over from an unsecure port to a secure port or link up on the secure port NOTE The movement of static MAC addresses from one secured port to another secured port is not supported Frames will be dropped at the new secured port Shutdown Time Synopsis 1 to 86400 s or Until reset Don t shutdown Default Don t shutdown Specifies for how long to shut down the port if a security violation occurs Status Synopsis Any 31 characters Describes the security status of the port Section 9 2 2 802 1X Parameters Log out 802 1X Parameters access admin 30s 60s No 600s 2 30s 30s 2 30s 60s No Os 2 30s 30s 2 30s 60s No 3600 s 2 30s 30s 2 30s 60s No 3600s 2 fos os hR A CRI 30s 60s No 3600s 2 30s 30s 2 te laos lens o a0 A EC fas Figure 166 802 1X Parameters Table 232 802 1X Parameters RUGGEDCOM ROS User Guide Chapter 9 Port Security Figure 167 802 1X Parameters Form Parameter Port txPeriod quietPeriod reAuthEnabled reAuthPeriod reAuthMax suppTimeout Log out Back 802 1X Parameters access admin Port fi tPeriod 30 S quietPeriod 60 S reAuthEnabled No Yes reAuthPeriod 00s reAuthMax 1 uw o un suppTimeout serverTimeout 3 o wo maxReq Apply Reload F Description Synopsis 1 to maximum port number Default 1 The port n
199. ets 2 RMON alarm 1 rising Log out Rmon Event 1 Log 1 Alarms Back Log 1 LogTime 0 days 00 06 01 LogDescription RMON alarm 1 rising ifOutOctets 2 Figure 123 RMON Event Log Form Parameter Description Log Synopsis 0 to 4294967295 The index log taken for this log record LogTime Synopsis DDDD days HH MM SS The system elapsed time when this log was created LogDescription Synopsis Any 49 characters The description of the event that activated this log entry RMON Event Log 165 Chapter 5 Ethernet Statistics RUGGEDCOM ROS User Guide Section 5 7 List of Objects Eligible for RMON Alarms The following table lists ROS database objects which are eligible for RMON alarms dot1dBasePortMtuExceededDiscards dotidTpPortInFrames dotidTpPortOutFrames dot1qVlanNumDeletes etherStatsBroadcastPkts etherStatsCollisions etherStatsCRCAlignErrors etherStatsDropEvents etherStatsFragments etherStatsJabbers etherStatsMulticastPkts etherStatsOctets etherStatsOversizePkts etherStatsPkts etherStatsPkts1024to1518Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherStatsPkts512to10230ctets etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsUndersizePkts ifHCInBroadcastPkts ifHCInMulticastPkts The number of frames discarded by this port due to an excessive size The number of fram
200. evice to be upgraded Begin a transfer to the device specifying a destination filename of main bin An SFTP client utility will provide an indication that the file was transferred properly but again it is recommended to also query the device directly in order to verify successful transfer A sample SFTP session to upgrade the ROS main firmware image from a Linux workstation follows user host sftp admin ros ip 292 Upgrading Firmware Using the ROS TFTP Client RUGGEDCOM ROS Chapter 15 User Guide Firmware Upgrade and Configuration Management Connec tingga tO LOS _ WoO admin ros ip s password Sir Ep pus ROS Cro RMS iS OA nma Uploading ROS CF52 Main _v3 7 0 bin to main bin ROSSO MAIS OD 100 2139KB 48 6KB s 00 44 Si Cpa Section 15 5 Downgrading Firmware Downgrading the ROS firmware is generally not recommended as it may have unpredicatable effects However if a downgrade is required do the following Po NS IMPORTANT Before downgrading the firmware make sure the hardware and FPGA code types installed in the device are supported by the older firmware version Refer to the Release Notes for the older firmware version to confirm IMPORTANT Non Controlled NC versions of ROS can not be downgraded to Controlled firmware versions However Controlled firmware versions can be downgraded to an NC firmware version CAUTION Do not downgrade the ROS boot version Disconnect the device from the networ
201. fault On Enable or disable IEEE 802 3 auto negotiation Enabling auto negotiation results in speed and duplex mode being negotiated upon link detection both end devices must be auto negotiation compliant for the best possible results 10Mbps and 100Mbps fiber optic media do not support auto negotiation so these media must be explicitly configured to either half or full duplex mode Full duplex operation requires both ends to be configured as such or else severe frame loss will occur during heavy network traffic Speed Synopsis Auto 10M 100M 1G Default Auto Speed in Megabit per second or Gigabit per second If auto negotiation is enabled this is the speed capability advertised by the auto negotiation process If auto negotiation is disabled the port is set to this speed AUTO means advertise all supported speed modes Dupx Synopsis Auto Half Full Default Auto Duplex mode If auto negotiation is enabled this is the duplex capability advertised by the auto negotiation process If auto negotiation is disabled the port is set to this duplex mode AUTO means advertise all supported duplex modes Flow Control Synopsis Off On Default Off Flow Control is useful for preventing frame loss during times of severe network traffic Examples of this include multiple source ports sending to a single destination port or a higher speed port bursting to a lower speed port When the port is in half duplex mode this is accomplished using back
202. for basic communication and switch management applications or to force All tables to default settings 286 Loading Factory Default Configuration RUGGEDCOM ROS Chapter 14 User Guide Diagnostics NOTE li It is possible to explicitly reset configuration items in the exceptional categories listed above to their default values by using the sql command Please refer to the section entitled Upgrading Firmware and Managing Configurations Section 14 6 Resetting the Device This operation will warm start the device after the user has confirmed the reset operation from the Reset Device option Log out Reset Device Back You are about to reset device Confirm Figure 214 Reset Device Dialog Section 14 7 Transferring Files The Files Transfer form is used to transfer files between the device and a PC To transfer files using this form either a TFTP server must be installed and running on the PC or a TELNET connection must be established with the device so that XMODEM can be used to transfer files If a TFTP server is installed and running on the PC press GET to transfer from the PC to the device or PUT to transfer from the device to the PC Available files include e main bin application software boot bin boot software config csv configuration file e syslog txt system log file NOTE i If the transfer is not completed within 1 minute an error will be reported Resetting the Device 287
203. from the CLOSED state The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN SENT or the SYN RCVD plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN RCVD The number of TCP connections for which the current state is either ESTABLISHED or CLOSE WAIT The number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE WAIT state The total number of segments received including those received in error The total number of segments sent including those on current connections but excluding those containing only retransmitted bytes The number of times TCP connections have made a direct transition to the SYN RCVD state from the LISTEN state The total number of segments retransmitted that is the number of TCP segments transmitted containing one or more previously transmitted bytes The total number of UDP datagrams received and delivered to UDP users The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port The total number of received UDP datagrams for which there was no application at the destination port The number of sent UDP datagrams List of Objects Eligible for RMON Alarms 169 RUGGEDCOM ROS Chapter 5 User Guide Ethernet Statistics List of Objects Eligibl
204. from the MAC address table The only negative impact of this operation is that it causes flooding while addresses are relearned 264 Purging MAC Address Table RUGGEDCOM ROS Chapter 13 User Guide Network Discovery 13 Network Discovery ROS supports two different Layer 2 protocols for automated network discovery LLDP the Link Layer Discovery Protocol and RCDP the RUGGEDCOM Discovery Protocol LLDP is an IEEE standard protocol IEEE 802 1AB which allows a networked device to advertise its own basic networking capabilities and configuration ROS is capable of advertising and collecting network information via LLDP LLDP functionality in ROS includes the ability to Enable or disable LLDP reception and transmission per port or for the whole device e View LLDP statistics e View neighbor information Report LLDP neighbor information via SNMP RCDP the RUGGEDCOM Discovery Protocol is designed primarily for the initial deployment of RUGGEDCOM networking devices that have not been configured In response to RCDP commands and queries from an application such as RUGGEDCOM Explorer which supports RCDP ROS has the ability to Enable or disable RCDP functionality e Report its basic network configuration and other identifying information Respond to a basic set of control commands e Perform basic device configuration Section 13 1 LLDP Operation The IEEE standard 802 1AB Link Layer Discovery Protocol LLDP
205. from the generating device to the collector CAUTION AN Remote syslog while a powerful utility for network monitoring is not a secure service Information sent to a remote syslog server is delivered in plaintext The syslog client resides in ROS and supports up to 5 collectors syslog servers ROS Remote Syslog provides the ability to configure IP address es of collector s e Source UDP port e Destination UDP port per collector Syslog source facility ID per collector same value for all ROS modules Syslog 85 Chapter 2 RUGGEDCOM ROS Administration User Guide e Filtering severity level per collector in case different collectors are interested in syslog reports with different severity levels Section 2 16 1 Configuring Local Syslog The local syslog configuration enables users to control what level of syslog information will be logged Only messages of a severity level equal to or greater than the configured severity level are written to the syslog txt file in the unit Log out Local Syslog pone Back Local Syslog Level DEBUGGING y Apply Reload Figure 53 Local Syslog Form Parameter Description Local Syslog Level Synopsis EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE INFORMATIONAL DEBUGGING Default INFORMATIONAL The severity of the message that has been generated Note that the severity level selected is considered the minimum severity level for the system For example if ERROR is
206. ftware package uses one of the virtual serial ports a TCP connection request is sent to a remote IP address and IP port that have been programmed into the redirector Some redirectors also offer the ability to accept connection requests The RawSocket protocol is the one most frequently used on the RS416 for connection to serial port redirection software The TelnetComPort protocol may be used in place of RawSocket if the redirection software on the other end of the connection also supports the serial break command as defined in RFC2217 In TelnetComPort mode a serial break received from the remote RFC2217 compatible client will be transmitted as a serial break on the configured serial port and a break signal received on the serial port will be transmitted as an RFC2217 compatible break signal to the remote client Note that a break signal on a serial port is defined as a condition where the serial data signal is in space or logic zero state for longer than the time needed to transmit one whole character including start and stop bits Section 3 2 1 6 Message Packetization The serial server buffers received characters into packets in order to improve network efficiency and demarcate messages The server uses three methods to decide when to packetize and forward the buffered characters to the network e Packetize on a specific character e Packetize on timeout e Packetize on a specific packet size If configured to packetize on a spec
207. g Alarms Link Section 2 3 4 Making Configuration Changes When changing a data item the user selects the data item by selecting the field to edit with the mouse entering a new value and clicking on the apply field More than one parameter may be modified at a time Log out IP Services Back Inactivity Timeout 5 min Telnet Sessions Allowed 0 Web Server Users Allowed 16 TFTP Server Disabled ModBus Address Disabled SSH Sessions Allowed 4 RSH Server Disabled Enabled Apply Reload Figure 13 Parameters Form Example Some menus will require you to create or delete new records of information Section 2 3 5 Updating Statistics Displays You may click the refresh button to update statistics displays Section 2 4 Administration Menu The Administration menu provides ability to configure network and switch administration parameters Making Configuration Changes 41 Chapter 2 RUGGEDCOM ROS Administration User Guide Figure 14 Administration Menu Section 2 5 IP Interfaces These parameters provide the ability to configure IP connection parameters such as address network and mask The user can configure an IP interface for each subnet VLAN One of the interfaces is configured to be the management interface The following IP services are only available through the management interface TFTP server SNMP server Telnet server SSH server RSH server Web server authentication using a R
208. g between different firmware image versions that require different numbers of memory sectors Sectors of available memory can become separated by ones allocated to files It may be for example that the total available memory might be sufficient for a firmware update but that memory may not be available in one contiguous region as is required by ROS Note that Flash memory defragmentation is implemented as an automatically invoked function in bootloaders v2 15 1 and greater Section 1 7 5 Pinging a Remote Device The ping command sends an ICMP echo request to a remotely connected device For each reply received the round trip time is displayed The command ping lt IP address gt will send a small number of pings to the device with this IP address and display the results The ping command can be used to verify connectivity to the next connected device It is a useful tool for testing commissioned links This command also includes the ability to send a specific number of pings with a specified time for which to wait for a response The specification of a large number of pings and a short response time can flood a link stressing it more than a usual ping sequence The command ping 192 168 0 1 500 2 can be used to issue 500 pings each separated by two milliseconds to the next device If the link used is of high quality then no pings should be lost and the average round trip time should be small Obtaining Infor
209. g database table name will be cited Another way to find a table name is to run the sql info tables command This command also displays menu names and their corresponding database table names depending upon the features supported by the device Table Description alarms Alarms cpuDiags CPU Diagnostics ethPortCfg Port Parameters ethPortStats Ethernet Statistics ethPortStatus Port status iplecicg IP Services Section 15 9 3 Retrieving Information Retrieving a Table The SQL select subcommand is used to retrieve table information The command sql select from tablename provides a summary of the parameters within the table as well as their values gt sql select from ipIfCfg Type ID Mgmt IP Address Type IP Address Subnet IfIndex VLAN 1 Yes Static 1S 103 05 94 ASADAS O 1001 1 records selected Retrieving a Parameter from a Table SQL select command may be used to retrieve a particular parameter from a table SQL command sql select parameter_name from tablename is used for this purpose The parameter name is always the same as those displayed in the menu system If the parameter name has spaces in it e g IP Address the spaces must be replaced with underscores or the name must be quoted gt sql select ip address from ipIfCfg IP Address 192 158 0 0 E 1 records selected Retrieving a Table with the Where Clause It is useful to be able to display specific rows of a table predicated upon the row havin
210. g parameters of a specific value Addition of where clause to the select statement will limit the results returned For example suppose that it is desirable to identify all ports on the device operating in Auto Select mode gt sql select from ethportcfg where Speed Auto Port Name ifName Media State AutoN Speed Dupx FlowCtrl LFI Alarm i gia dl 100TX Enabled On Auto Auto Off Ofer On 2 Rome 2 2 100TX Enabled On Auto Auto Off Off On 298 Finding the Correct Table RUGGEDCOM ROS Chapter 15 User Guide Firmware Upgrade and Configuration Management 3 POCERO 3 100TX Enabled On Auto Auto Off Off On 4 oia A 4 100TX Enabled On Auto Auto Off Off On 5 Pore 5 5 100TX Enabled On Auto Auto Off OLE On 6 Port 6 6 100TX Enabled On Auto Auto Off Off On 7 EOL 7 100TX Enabled On Auto Auto Off GFF OD 8 Port 3 8 100TX Enabled On Auto Auto Off Off On 8 records selected It is also possible to select rows based on multiple parameters using and and or operations between comparisons in the where clause For example gt sql select from ethportcfg where Speed Auto and FlowCtrl On Port Name ifName Media State AutoN Speed Dupx FlowCtrl LFI Alarm 4 Port 4 4 100TX Enabled On Auto Auto On Off On 5 BOCES 5 100TX Enabled On Auto Auto On Off On 2 records selected Section 15 9 4 Changing Values in a Table The where clause can be used to select rows in a table and to modify the fields in that row As an example suppose that it is
211. g the cost manually provides the ability to preferentially select specific ports to carry traffic over others Leave this field set to auto to use the standard STP port costs as negotiated 4 for 1Gbps 19 for 100 Mbps links and 100 for 10 Mbps links For MSTP this parameter applies to both external and internal path cost Synopsis 0 to 2147483647 or Auto Default Auto Selects the cost to use in cost calculations when the Cost Style parameter is set to RSTP in the Bridge RSTP Parameters configuration Setting the cost manually provides the ability to preferentially select specific ports to carry traffic over others Leave this field set to auto to use the standard RSTP port costs as negotiated 20 000 for 1Gbps 200 000 for 100 Mbps links and 2 000 000 for 10 Mbps links For MSTP this parameter applies to both external and internal path cost 200 Port MSTI Parameters RUGGEDCOM ROS User Guide Chapter 7 Spanning Tree Section 7 5 Spanning Tree Statistics Section 7 5 1 Bridge RSTP Statistics Log out Bridge RSTP Statistics access admin Back Bridge Status Root Bridge Bridge ID 32768 00 0A DC 00 1D 88 Root ID 32768 00 0A DC 00 1D 8B Regional RootID 32768 00 0A DC 00 1D 8B Root Port Root Path Cost Regional Root Path Cost Configured Hello Time Learned Hello Time Configured Forward Delay Learned Forward Delay Configured Max Age Learned Max Age Total Topology Changes Time since Last TC
212. ges in a statistic at the end of each measurement period It may be desirable to alarm when the total or absolute number of events crosses a threshold In this case set the measurement period type to absolute 160 RMON Alarms RUGGEDCOM ROS Chapter 5 User Guide Ethernet Statistics Log out RMON Alarms 1 Alarms Back InsertRecord 1 ifOutOctets 2 11800 11790 390 delta lp Figure 118 RMON Alarms Table Log out RMON Alarms 1 Alarms Back Index Variable ifOutOctets 2 Rising igo Thr 11800 Falling fi Thr 11790 Value 390 Type absolute O delta Interval 5 a risngOrFaling Y Event Event Owner Monitor Figure 119 RMON Alarms Form Parameter Description Index Synopsis 1 to 65535 Default 2 The index of this RMON Alarm record Variable Synopsis SNMP Object Identifier up to 39 characters Default ifOutOctets 2 RMON Alarms 161 Chapter 5 Ethernet Statistics RUGGEDCOM ROS User Guide Parameter Rising Threshold Falling Threshold Value Type Interval Startup Alarm Rising Event Falling Event Owner Description The SNMP object identifier OID of the particular variable to be sampled Only variables that resolve to an ASN 1 primitive type INTEGER INTEGER Integer32 Counter32 Counter64 Gauge or TimeTicks may be sampled A list of objects can be printed using shell command rmon The OID for
213. gout of the shell Usage ping dest count timeout dest Target IP address count Number of echo requests to send default is 4 timeout Timeout in milliseconds to wait for each reply range is 2 5000 default is 300 milliseconds Purge the MAC Address Table Perform a hard reset of the switch Reset one or more Ethernet ports which may be useful for forcing re negotiation of speed and duplex or in situations where the link partner has latched into an inappropriate state RESETPORT ports all ports comma separated port numbers e g 1 3 5 7 all all ports will be reset Displays names of RMON alarm eligible objects Displays gateway configuration The SQL command provides an sq like interface for manipulating all system configuration and status parameters Entering SQL HELP command name displays detailed help for a specific command Commands clauses table and column names are all case insensitive DEFAULT Sets all records in a table s to factory defaults DELETE Allows for records to be deleted from a table HELP Provides help for any SQL command or clause INFO Displays a variety of information about the tables in the database INSERT Enables new records to be inserted into a table SAVE Saves the database to non volatile memory storage SELECT Queries the database and displays selected records UPDATE Enables existing records in a table to be updated Usage sslkeygen Generates a new SSL certifica
214. guration RUGGEDCOM ROS Chapter 6 User Guide Link Aggregation Log out Main Menu e Administration e Ethernet Ports e Ethernet Statistics e Link Aggregation e Configure Port Trunks e Spanning Tree e Virtual LANs e Classes of Service e Multicast Filtering e MAC Address Tables e Diagnostics Figure 126 Link Aggregation Menu Section 6 2 1 Configuring Port Trunks Log out Port Trunks Back InsertRecord 1 3x100Mbs link 2 5 6 Figure 127 Port Trunk Table Configuring Port Trunks 175 Chapter 6 Link Aggregation RUGGEDCOM ROS User Guide Log out Back Figure 128 Port Trunk Form Parameter Trunk ID Trunk Name Ports Port Trunks Trunk ID fi Trunk Name Bx DOMbs link Ports 25 5 Apply Delete Reload Description Synopsis 1 to maximum number of port trunks Default 1 Trunk number It doesn t affect port trunk operation in any way and is only used for identification Synopsis Any 19 characters Default Provides a description of the aggregated link purpose Synopsis Any combination of numbers valid for this parameter Default None List of ports aggregated in the trunk 176 Configuring Port Trunks RUGGEDCOM ROS Chapter 7 User Guide Spanning Tree a Spanning Tree The RUGGEDCOM family of Ethernet switches provides the latest in IEEE standard Spanning Tree functionality including e Industry standard support of Rapid Spanning Tree 802 1D 200
215. h Note that this guarantees an upper boundary only The observed rate threshold may be lower Ingress Frames Synopsis Broadcast Multicast Mcast amp FloodUcast All Default Broadcast This parameter specifies the types of frames to be rate limited on this port It applies only to received frames Broadcast only broadcast frames Multicast multicast including broadcast frames Mcast amp FloodUcast multicast including broadcast and flooded unicast frames All all multicast broadcast and unicast frames Egress Limit Synopsis 62 to 256000 Kbps or Disabled Default Disabled The maximum rate at which the switch will transmit multicast broadcast and unicast frames on this port The switch will discard frames in order to meet this rate if required Section 4 2 3 Port Mirroring Port mirroring is a troubleshooting tool that copies or mirrors all traffic received or transmitted on a designated port to another mirror port If a protocol analyzer were attached to the target port the traffic stream of valid frames on any source port is made available for analysis Port Mirroring 139 Chapter 4 Ethernet Ports RUGGEDCOM ROS User Guide Select a target port that has a higher speed than the source port Mirroring a 100 Mbps port onto a 10 Mbps port may result in an improperly mirrored stream Frames will be dropped if the full duplex rate of frames on the source port exceeds the transmission speed of the t
216. half duplex shared media restrictions require special attention in order to guarantee that they do not cause extended fail over recovery times Choose the root bridge and backup root bridge carefully The root bridge should be selected to be at the concentration point of network traffic Locate the backup root bridge adjacent to the root bridge One strategy that may be used is to tune the bridge priority to establish the root bridge and then tune each bridge s priority to correspond to its distance from the root bridge RSTP in Structured Wiring Configurations 187 Chapter 7 RUGGEDCOM ROS Spanning Tree User Guide 5 Identify desired steady state topology Identify the desired steady state topology taking into account link speeds offered traffic and QOS Examine of the effects of breaking selected links taking into account network loading and the quality of alternate links 6 Decide upon port cost calculation strategy Select whether fixed or auto negotiated costs should be used Select whether the STP or RSTP cost style should be used 7 Calculate and configure priorities and costs 8 Implement the network and test under load Section 7 3 2 RSTP in Ring Backbone Configurations RSTP may be used in ring backbone configurations where rapid recovery from link failure is required In normal operation RSTP will block traffic on one of the links for example as indicated by the double bars through link H in Figure 132
217. hange detection Such flooding is desirable if guaranteed multicast stream delivery after topology change is most important 252 Global GMRP Configuration RUGGEDCOM ROS User Guide Chapter 11 Multicast Filtering Log out Global GMRP Parameters Back GMRP aware No Yes RSTP Flooding On Off Leave Timer 4000 ms Apply Reload Figure 183 Global GMRP Parameter Form Parameter Description GMRP aware Synopsis No Yes Default No access admin Set either GMRP aware or GMRP unaware mode of operation When GMRP is globally GMRP unaware GMRP configurations on individual ports are ignored When GMRP is globally GMRP aware each port can be individually configured STP Flooding Synopsis Off On Default Off This parameter specifies whether multicast streams will be flooded out of all STP non edge ports upon topology change detection Such flooding is desirable if guaranteed multicast stream delivery after a topology change is most important Leave Timer Synopsis 600 ms to 8000 ms Default 4000 The time in milliseconds to wait after issuing Leave or LeaveAll before removing registered multicast groups If Join messages for specific addresses are received before this timer expires the addresses will be kept registered Section 11 3 3 Port Specific GMRP Configuration This menu displays a summary of GMRP settings for all ports on the device Port Specific GMRP Configuration 25
218. he network MST Regions and Interoperability 183 Chapter 7 RUGGEDCOM ROS Spanning Tree User Guide Section 7 2 2 MSTP Bridge and Port Roles Section 7 2 2 1 Bridge Roles CIST Root The CIST Root is the elected root bridge of the CIST Common and Internal Spanning Tree which spans all connected STP and RSTP bridges and MSTP regions CIST Regional Root The root bridge of the IST within an MST region The CIST Regional Root is the bridge within an MST region with the lowest cost path to the CIST Root Note that the CIST Regional Root will be at the boundary of an MST region Note also that it is possible for the CIST Regional Root to be the CIST Root MSTI Regional Root The root bridge for an MSTI within an MST region A root bridge is independently elected for each MSTI in an MST region Section 7 2 2 2 Port Roles Each port on an MST bridge may have more than one role depending on the number and topology of spanning tree instances defined on the port CIST Port Roles The Root Port provides the minimum cost path from the bridge to the CIST Root via the CIST Regional Root If the bridge itself happens to be the CIST Regional Root the Root Port is also the Master Port for all MSTIs see below and provides the minimum cost path to a CIST Root located outside the region A Designated Port provides the minimum cost path from an attached LAN via the bridge to the CIST Regional Root Alternate and Backup Ports ha
219. hen back in order to reestablish the topology Problem Four My network is composed of a ring of bridges of which two connected to each other are managed and the rest are unmanaged Why does the RSTP protocol work quickly when I break a link between the managed bridges but not in the unmanaged bridge part of the ring Troubleshooting 209 Chapter 7 RUGGEDCOM ROS Spanning Tree User Guide A properly operating unmanaged bridge is transparent to STP configuration messages The managed bridges will exchange configuration messages through the unmanaged bridge part of the ring as if it is non existent When a link in the unmanaged part of the ring fails however the managed bridges will only be able to detect the failure through timing out of hello messages Full connectivity will require three hello times plus two forwarding times to be restored Problem Five The switch is up and running and working fine Then I start a certain application and the network becomes unstable After stop the application the network goes back to running normally RSTP sends its configuration messages using the highest possible priority level If CoS is configured to allow traffic flows at the highest priority level and these traffic flows burst continuously to 100 of the line bandwidth STP may be disrupted It is therefore advised not to use the highest CoS Problem Six After bring up a new port the root moves on to that port and don t want it to
220. hentication A user can log into a ROS device in three different ways Console SSH or Telnet ROS can log messages in the syslog send a trap to notify an SNMP manager and or raise an alarm when a successful and unsuccessful login event occurs In addition when a weak password is configured on a unit or when the primary authentication server for TACACS or RADIUS is not reachable ROS will raise alarms send SNMP traps and log messages in the syslog The following is a list of log and alarm messages related to user authentication Security Messages for Authentication 279 Chapter 14 RUGGEDCOM ROS Diagnostics User Guide e Weak Password Configured e Default Keys In Use Login and Logout Information e Excessive Failed Login Attempts e RADIUS Server Unreachable TACACS Server Unreachable TACACS Response Invalid SNMP Authentication Failure Unknown privKey from SNMPv3 User NOTE i All alarms and log messages related to login authentication are configurable See Section 14 1 4 Configuring Alarms for more information Weak Password Configured ROS generates this alarm and logs a message in the syslog when a weak password is configured in the Passwords table Table Configurable Options Message Name Alarm SNMP Trap Syslog Weak Password Configured Yes Yes Yes Default Keys In Use ROS generates this alarm and logs a message in the syslog when default keys are in use For more information about default ke
221. ica a dida 113 3 3 07Modbus Client acia 114 33 47 WINS Ni a ES 115 vi RUGGEDCOM ROS User Guide Table of Contents 3 98 MICKOLOK A sdbiced cade ndedd ac annig SS 116 O DNP A ats Na te iS AA 117 3 3 10 DNP over Raw SOCKet erneer nti e aE aR AEA AR AEEA E ERA enue 118 3 911 Mirrored BilS asociada lidades 120 3 3 12 lelnetGomPOrt ia to Aa 121 ID Device Addresses s 123 3 3 14 Dynamic Device Addresses ereire ar aE EE EERE c4adhagen stances AER deeeeshatnceed nenas 125 3 4 Serial Statist OS circa to EIA Ei bes ha datas ae caren eecaad pee Dee ape eee 126 3 41 Link Statistics 126 374 2 Connection StatistiGS ereraa ii tardaba EE 127 3 43 Serial Port STatiStICS cciorooos tonos heehee pias ta ee hee esate eet ie eee ees 128 344 Clearing Serial Port Statistics 2 0ccpcnecepaeqnievnccatedapds qeannead ened AENEAN EREA RESTAR EERTE AREA REAA KANE 129 3 4 5 Resetting Serial Ports escocia dotadas ici 130 3 5 TFOUDIESHOGUIAG A O A RN 130 Chapter 4 A A O A esti 133 4 1 Controller Protection Through Link Fault Indication LFI ooooonnnnnnnnnnicnnoconinnnonccnnn nono crnn cnn rra 133 4 2 Ethernet Ports Configuration and Status oonccconnncccconnncccnonnncccnnnonaccnnnnnnccnnnnnnccnnnnnnrrnnnnnncrannnnners 135 AZ Pot Parameters ii A AE 136 4 2 2 Port Rate LIMIT iodo 138 Ar POR MINOFING ti lisa 139 4 2 3 1 Port Mirroring Limitations raire naaa a E aA OEE EEEE E TA RES 140 4 2 4 Cable Di
222. ices have the same passphrase configured Otherwise the configuration file will be rejected NOTE Encryption must be disabled before the device is returned to Siemens or the configuration file is shared with Customer Support Data Storage 47 Chapter 2 Administration RUGGEDCOM ROS User Guide IMPORTANT Never downgrade the ROS software version beyond ROS v3 12 0 when encryption is enabled Make sure the device has been restored to factory defaults before downgrading Section 2 9 System Identification The system identification is displayed in the sign on screen and in the upper left hand corner of all ROS screens Log out Back System Identification System Name System Name Location Contact Figure 20 System Identification Form Parameter System Name Location Contact Section 2 10 Passwords Location Contact Apply Reload Description Synopsis Any 19 characters Default System Name The system name is displayed in all ROS menu screens This can make it easier to identify the switches within your network provided that all switches are given a unique name Synopsis Any 49 characters Default Location The location can be used to indicate the physical location of the switch It is displayed in the login screen as another means to ensure you are dealing with the desired switch Synopsis Any 49 characters Default Contact The contact can be used to help identify th
223. ific character the server will examine each received character and will packetize and forward upon receiving the configured character The character is usually a lt CR gt or an lt LF gt character but may be any 8 bit 0 to 255 value If configured to packetize on a timeout the server will wait for a configurable time after receiving a character before packetizing and forwarding If another character arrives during the waiting interval the timer is restarted This method allows characters transmitted as part of an entire message to be forwarded to the network in a single packet when the timer expires after receiving the very last character of the message NOTE li Some polling software packages which perform well under DOS have been known to experience problems when used with Windows based software or port redirection software If the OS does not expedite the transmission of characters in a timely fashion pauses in transmission can be interpreted as the end of a message Messages can be split into separate TCP packets A locally attached server or a port redirector could packetize and forward the message incorrectly Solutions include tuning the OS to prevent the problem or increasing the packetizing timer Finally the server will always packetize and forward on a specific packet size i e when the number of characters received from the serial port reaches a configured value Use of Port Redirectors 97 Chapter 3 RUGGEDCOM ROS Serial
224. ilSafe Relay status In this example the failsafe relay is energized Read ErrorAlarm status from device using TruthValue For example consider a Modbus Request to read multiple registers from location 0x0045 0x04 0x00 0x45 0x00 0x01 Response may look like 22 PSStatusCmd RUGGEDCOM ROS Chapter 1 User Guide Introduction 0x04 0x02 0x00 0x01 The register s lower byte shows the alarm status In this example there is no active ERROR ALERT or CRITICAL alarm in the device Section 1 6 Command Line Listing The following commands are available at the command line of ROS based devices alarms Displays list of available alarms Usage alarms all all display all alarm instances default empty display one instance of each alarm type arp Displays the IP to MAC address resolution table clearalarms Clears all alarms clearethstats Clears Ethernet statistics for one or more port s clearethstats ports all ports comma separated port numbers e g 1 3 5 7 all all ports clearlogs Clears the system and crash logs circbistats Clears Cable Diagnostics statistics for one or more port s clearstpstats cls dir exit factory flashfiles flashleds circblstats ports all ports comma separated port numbers e g 1 3 5 7 all all ports Clear all spanning tree statistics Clears the screen Prints file directory listing Terminate this command line session Enables facto
225. ined this group statically through static configuration in Static MAC Table and to which the multicast group traffic is forwarded GMRP Dynamic Ports Synopsis Any combination of numbers valid for this parameter Ports that joined this group dynamically through GMRP Application and to which the multicast group traffic is forwarded Section 11 4 Troubleshooting Problem One When I start a multicast traffic feed it is always distributed to all members of the VLAN Is IGMP enabled for the VLAN Multicasts will be distributed to all members of the VLAN unless IGMP is enabled Problem Two Computers on my switch receive the multicast traffic just fine but can t get the stream through a connected router Is the port used to connect the router included in the Router Ports list To determine whether the multicast stream is being delivered to the router run the Ethernet Statistics menu View Ethernet Statistics command Verify that the traffic count transmitted to the router is the same as the traffic count received from the multicasting source Multicast Group Summary 257 Chapter 11 RUGGEDCOM ROS Multicast Filtering User Guide Problem Three The video stream at one of my end stations is of pretty poor quality Video serving is a resource intensive application Because it uses isochronous workload data must be fed at a prescribed rate or end users will see glitches in the video Networks that carry data from the server to the c
226. ing socorro a ee A Lea eae eed 208 Chapter 8 VEAN Sc eco 211 9 1 WEAN Qperation sii E AAA AAA Ra 211 Sl WEANS and Tags etica ido cd 211 8 1 2 Tagged vs Untagged Frames 00oocccccoccccccnnnoccnonnnnccnnnnnnccnnnnnnccnnnnnncrnnnnnncrnnnnnnrrnnnnnnrrnnnnnnr 211 9 1 3 Native MEAN ada lada 212 8 1 4 gt Management VELAN acatar ad itnds 212 91 5 Egge and Trunk Port Types usina i 212 8 1 6 VLAN Ingress and Egress RUICS cccocionciononioconinnancononnnaconcanan dino ened cneeunesasetenedensedeeeensdenes 213 91 Forbidden Ports ista att 213 8 1 8 VLAN aware And VLAN unaware Modes Of Operation oooocococccccnccconcccnnccccnncnnnncnnonencnnnnns 213 8 1 9 GVRP GARP VLAN Registration Protocol oooccccnnnnccconocncccnnnnnccnnnnnnccnnnnnnccnnnnnnrcnnnnnnors 214 851510 PMEAN EGGO ainia a 215 O A eee adie EE EE A teaver atte adda ead 216 8 2 MEAN Application S t anere aa ae aaae aTa a a aaa a aaa aa A a aaao 217 8 2 1 Traffic Domainilsolationk sinees e aa a 217 8 2 2 Administrative Convenience ccccccecceecceeeece cece ce eeeeeeeeaaeeeeeeeesaeeeeaeeeeseeesaeeesaeeesaeees 218 9 2 3 Reduced HardWwate soii datada dete ead teat oa olas dante 218 3 9 VIEANS Configuration eroian aan n oi 219 8 3 1 Global VLAN Parameters iii A A ds 220 9 9 2 Slate VEAN S reran i TA RTA a 220 8 3 3 Port VLAN Parameters se i a a a a A a a a 222 9 34 VMLAN SUMMA A A A A A 223 9 4 TrOUDIGSHOOUNG ricotta daa AAE TAEAE AA
227. ing MAC addresses in order to prevent flooding when it begins forwarding traffic Forwarding The port is forwarding traffic Synopsis lt empty string gt Root Designated Alternate Backup Master The role of this port in the Spanning Tree This may be one of the following Designated The port is designated for i e carries traffic towards the root for the LAN it is connected to Root The single port on the bridge which provides connectivity towards the root bridge Backup The port is attached to a LAN that is serviced by another port on the bridge It is not used but is standing by Alternate The port is attached to a bridge that provides connectivity to the root bridge It is not used but is standing by Synopsis 0 to 4294967295 Cost offered by this port If the Bridge RSTP Parameters Cost Style is set to STP 1Gbps ports will contribute a cost of four 100 Mbps ports will contribute 19 and 10 Mbps ports contribute 100 If the Cost Style is set to RSTP 1Gbps will contribute 20 000 100 Mbps ports will contribute a cost of 200 000 and 10 Mbps ports contribute a cost of 2 000 000 Note that even if the Cost Style is set to RSTP a port that migrates to STP will have its cost limited to a maximum of 65535 Synopsis 0 to 4294967295 The count of RSTP configuration messages received on this port Synopsis 0 to 4294967295 The count of RSTP configuration messages transmitted on this port Synopsis 0 to 42949672
228. ing strong passwords refer to the password requirements in Section 2 10 Passwords Create and provision custom SSL certificates and SSH keys in order to establish a chain of trust that you yourself can verify SSL and SSH private keys are accessible to users who connect to the device via the serial console Make sure to take appropriate precautions when shipping the device beyond the boundaries of the trusted environment Replace the SSH and SSL keys with throwaway keys prior to shipping Take the existing SSH and SSL keys out of service When the device returns create and program new keys for the device Control access to the serial console to the same degree as any physical access to the device Access to the serial console allows for potential access to the ROS boot loader which includes tools that may be used to gain complete access to the device Only enable the services that will be used on the device If SNMP is enabled limit the number of IP addresses that can connect to the device and change the community names Also configure SNMP to raise a trap upon authentication failures Avoid using insecure services such as Telnet and TFTP or disable them completely if possible These services are available for historical reasons and are disabled by default Limit the number of simultaneous Web Server Telnet and SSH sessions allowed Configure remote system logging to forward all logs to a central location Periodically
229. ing the execution of Best Master Clock BMC algorithm Lower value takes precedence In the event that the operation of 60 Clock Parameters RUGGEDCOM ROS User Guide Chapter 2 Administration Parameter Path Delay Mechanism Slave Only Section 2 11 4 3 Delay Mechanism Settings Description the best master clock algorithm fails to order the clocks based on the values of priority1 clockClass clockAccuracy and scaledOffsetLogVariance the priority2 attribute allows the creation of upto 256 priorities to be evaluated before the tie breaker The tie breaker is based on the clock identity Synopsis Disabled Peer to Peer End to End Default Peer to Peer Selects PTP Precision Time Protocol delay mechanism functionality There are two mechanisms used in PTP to measure the propagation delay between PTP ports Peer delay mechanism measures the port to port propagation time such as link delay and frame residence time The E2E End to End delay mechanism measures the message propagation time between master and slave clocks The peer delay mechanism is independent of whether the PTP port is a master or a slave Please note that the peer delay mechanism does not interwork with path delay measurements based on the E2E also called request response delay mechanism Synopsis No Yes Default No Forces an ordinary clock to be a slave only clock A slave only clock can never enter the master state User can combine s
230. ion carry a time to live parameter that is decremented by every switch that propagates the BPDU If the maximum number of hops inside the region exceeds the configured maximum BPDUs may be discarded due to their time to live information Section 7 4 2 Port RSTP Parameters access Log out Port RSTP Parameters DARIA Back Enabled 128 Auto Auto Auto Enabled 128 Auto Auto Auto Enabled 128 Auto Auto Auto Enabled 128 Auto Auto Auto Figure 136 Port RSTP Parameter Table 192 Port RSTP Parameters RUGGEDCOM ROS Chapter 7 User Guide Spanning Tree Log out Port RSTP Parameters 2 Alarms Back 2 e ie Ao Ado Aro Ao pe e 4 Enabled 128 Auto Auto Auto Auto False False Figure 137 Port RSTP Parameter Form Parameter Description Port s Synopsis Any combination of numbers valid for this parameter The port number as seen on the front plate silkscreen of the switch or a list of ports if aggregated in a port trunk Enabled Synopsis Disabled Enabled Default Enabled Enabling STP activates the STP or RSTP protocol for this port per the configuration in the STP Configuration menu STP may be disabled for the port ONLY if the port does not attach to an STP enabled bridge in any way Failure to meet this requirement WILL result in an undetectable traffic loop in the network A better alternative to disabling the port is to leave STP enabled but to configure the
231. ions e Make changes to tables predicated upon existing configurations When combined with RSH SQL commands provide a means to query and configure large numbers of devices from a central location Section 15 9 1 Getting Started SQL information is obtainable via the CLI shell SQL command Peg The SQL command provides an sql like interface for manipulating all system configuration and status parameters Entering SQL HELP command name displays detailed help for a specific command Commands clauses table and column names are all case insensitive DEFAULT Sets all records in a table s to factory defaults DELETE Allows for records to be deleted from a table HELP Provides help for any SQL command or clause INFO Displays a variety of information about the tables in the database INSERT Allows for new records to be inserted into a table SAVE Saves the database to non volatile memory storage SELECT Queries the database and displays selected records UPDATE Allows for existing records in a table to be updated Using SQL Commands 297 Chapter 15 RUGGEDCOM ROS Firmware Upgrade and Configuration Management User Guide Section 15 9 2 Finding the Correct Table Many SQL commands operate upon specific tables in the database and require the table name to be specified Navigating the menu system to the desired menu and pressing lt Ctrl Z gt will show the name of the table The menu name and the correspondin
232. ity RSTP must process every received BPDU and take appropriate action This opens a way for an attacker to influence RSTP topology by injecting RSTP BPDUs into the network BPDU Guard is a feature that protects the network from BPDUs received by a port to which RSTP capable devices are not expected to be attached If a BPDU is received by a port for which the Edge parameter is set to TRUE or RSTP is disabled the port will be shut down for the time period specified by this parameter DON T SHUTDOWN BPDU Guard is disabled UNTIL RESET port will remain shut down until the port reset command is issued by the operator Synopsis On On with standard root Off Default On In mesh network topologies the standard RSTP algorithm does not guarantee deterministic network recovery time in the case of a root bridge failure Such a recovery time is hard to calculate and it can be different and may be relatively long for any given mesh topology This configuration parameter enables Siemens s enhancement to RSTP which detects a failure of the root bridge and takes some extra RSTP processing steps significantly reducing the network recovery time and making it deterministic To guarantee optimal performance the Fast Root Failover algorithm must be supported by all switches in the network including the root However it is not uncommon to assign the root role to a switch from a vendor different from the rest of the switches i
233. ivate If the client requests access via an insecure HTTP port it will be rerouted to the secure port Access to the web server via HTTPS will be granted to a client that provides a valid user name password pair NOTE li HTTPS requires SSL private and public keys SSL private and public keys are built into the firmware by default ROS will also auto generate keys if user generated keys are not provided These keys are encrypted and obfuscated to hinder reverse engineering efforts Default and auto generated keys can be superceded by uploading a key pair to the device Siemens strongly encourages users to replace the default keys for improved security Custom private and public keys are stored in the ss1 crt file This file is write only and can only be replaced by admin users It cannot be downloaded from the device If the file is empty a Default Keys In Use for SSL alarm is generated NOTE i It can happen that upon connecting to the ROS web server a web browser may report that it cannot verify the authenticity of the server s certificate against any of its known certificate authorities This is expected and it is safe to instruct the browser to accept the certificate Once the browser accepts the certificate all communications with the web server will be secure Start a web browser session and open a connection to the switch by entering a URL that specifies its host name or IP address For example in order to access the unit at its fa
234. ive main bin lt CR gt When ROS responds with Press Ctrl X to cancel begin your XModem transmission using the means provided by your terminal software After the file transfer has been completed the device will provide an indication that the file has been transferred successfully The transcript of a sample exchange looking at the ROS CLI follows gt xmodem receive main bin Press Ctrl X to cancel Receiving data now C Received 1428480 bytes Closing file main bin main bin transferred successfully If possible select the XModem 1K protocol for transmission otherwise select XModem The device must be reset in order for the new software to take effect If you want to reset the device immediately enter reset lt CR gt The device will reboot within a few seconds Section 15 4 4 Upgrading Firmware Using the ROS TFTP Server This method requires that the binary image file of the main ROS application firmware along with TFTP client software be available on a computer with a network connection to the ROS device to be upgraded NOTE i The TFTP Server parameter in IP Services Configuration controls how a TFTP client can access the device s built in TFTP server A setting of Disabled prevents all access Get Only allows retrieval of files only and Enabled allows both storing and retrieval of files Ensure that this parameter is set appropriately for the type of access you wish to perform Enable TFTP transfers t
235. ived These parameters provide the ability to configure the switch to act as a relay agent for DHCP Option 82 The DHCP Relay Agent is communicating to the server on a management interface The agent s IP address is the address configured for the management interface 84 TACACS Server Privilege Configuration RUGGEDCOM ROS Chapter 2 User Guide Administration access Log out DHCP Relay Agent admin Back DHCP Server Address f192 168 0 165 DHCP Client Ports 2 4 Reload Figure 52 DHCP Relay Agent Form Parameter Description DHCP Server Address Synopsis HH HHH AHH where ranges from 0 to 255 Default This parameter specifies the IP address of the DHCP server to which DHCP queries will be forwarded from this relay agent DHCP Client Ports Synopsis Any combination of numbers valid for this parameter Default None This parameter specifies ports where DHCP clients are connected Examples All all ports of the switch can have DHCP clients connected 2 4 6 8 ports 2 4 5 6 and 8 can have DHCP clients connected Section 2 16 Syslog The syslog provides users with the ability to configure local and remote syslog connections The remote syslog protocol defined in RFC 3164 is a UDP IP based transport that enables a device to send event notification messages across IP networks to event message collectors also known as syslog servers The protocol is simply designed to transport these event messages
236. ived from it Such a way natively exists in some link media but not in others e Auto Negotiating links 100Base TX 1000Base T 1000Base X auto negotiation built in feature a special flag called Remote Fault Indication is set in the transmitted auto negotiation signal e 100Base FX links Far End Fault Indication FEF is a standard feature defined by the IEEE 802 3 standard for this link type The feature includes Transmitting FEFI transmitting modified link integrity signal in case a link failure is detected i e no link signal is received from the link partner Detecting FEFI indicating link loss in case FEFI signal is received from the link partner e 10Base FL links no standard support As one can see from the above 10Base FL links have no native link partner notification mechanism Also FEFI support in 100Base FX links is optional according to the IEEE 802 3 standard which means that some link partners may not support it Siemens offers an advanced Link Fault Indication LFI feature for the links where no native link partner notification mechanism is available With the LFI enabled the device bases generation of a link integrity signal upon its reception of a link signal In the diagram above if switch A fails to receive a link signal from the controller it will stop generating a link signal The controller will detect the link failure and switch to the backup port The switch can also be configured to flush the
237. k Connect to the device either through the serial console port or through the device s IP address Log in as an adminstrator Make a local copy of the current configuration file IMPORTANT Never downgrade the ROS software version beyond ROS v when encryption is enabled Make sure the device has been restored to factory defaults before downgrading Restore the device to its factory defaults Upload and apply the older firmware version and its associated FPGA files using the same methods used to install newer firmware versions For more information refer to Section 15 4 Upgrading Firmware Clear all logs by issuing the clearlogs command Clear all alarms by issuing the clearalarms command Configure the device as desired After downgrading the firmware and FPGA files note the following Some settings from the previous configuration may be lost or loaded to default including user s passwords if downgrading from a security related version as those particular tables or fields may not exist in the older firmware version Because of this the unit must be configured after the downgrade A standard banner will appear on the login screen instead of a custom banner Downgrading Firmware 293 Chapter 15 RUGGEDCOM ROS Firmware Upgrade and Configuration Management User Guide Section 15 6 Updating Configuration By default ROS maintains its complete configuration in an ASCII text file in CSV Comma Separat
238. k via GVRP A GVRP aware end station configured for a particular VLAN ID can be connected to a trunk on a GVRP aware switch and automatically become part of the desired VLAN When a switch sends GVRP BPDUs out of all GVRP enabled ports GVRP BPDUs advertise all the VLANs known to that switch configured anually or learned dynamically through GVRP to the rest of the network When a GVRP enabled switch receives a GVRP BPDU advertising a set of VLANs the receiving port becomes a member of those advertised VLANs and the switch begins advertising those VLANs via all the GVRP enabled ports other than the port on which the VLANs were learned To improve network security using VLANs GVRP enabled ports may be configured to prohibit the learning of any new dynamic VLANs but at the same time be allowed to advertise the VLANs configured on the switch 214 GVRP GARP VLAN Registration Protocol RUGGEDCOM ROS User Guide Chapter 8 VLANs End Node D GVRP aware Port D2 GVRP Adv amp Learn Edge Switch D Port D1 GVRP aware Adv amp Learn Port B3 GVRP aware Adv Learn Port B1 GVRP aware Core Switch Port B2 GVRP aware Adv 8 Learn B Adv 8 Learn Port A1 GVRP aware Port B4 GVRP aware Adv 8 Learn Port E1 GVRP aware Port C1 GVRP aware Adv only Adv Only Adv only Edge Switch Edge Switch Edge Swi
239. kzkv 8Zrw3m W cBsZJ8SyKLIDfy401HkHpDOle5NsQFSrziGUPJAOIvvx4rAgMBAAG LDAqMAkG A1UdEwOQCMAAwHOY DVROOBBYEFEROutgQOifnrflnDtsqNcnvRBOXMAOGCSqGSIb3 DOEBBQUAA4GBAHtBsNZuh8tB3kdgR7Pn XidCsD70YnI7w0tiy9yiRRhARmVXH8h 5Q1rOeHceri3JFFIOxIxQt 4KgCUYJLutc9Esk nxQQar3zR7IQCtOqOABPkviiYs c3ibVbhJjLpR2vNW4xRAJ HKkNNtBOg1xUlp4v0mJ2syYZR 7XAy OP S A ENDS II CA Sa A BEGIN RSA PRIVATE KEY MIICXAIBAAKBgQC3xOHodmmPghN1uWuF s 93WdURkKT 9INgjh7ded8BRalPP3xUFzYSp UIg5Q0B2zU0USsHEOfGRWqYr8GA4r59KIDhhV5J2D dIL9qCGk1IWNPBamZCVu 4N5M 5L Ga8N5lv3AbGSfEsiiyA38uNNR5B60zZpXuTbEBUq84h1D4wDiL78eKwIDAQAB AoGBAI2CXHuHg2 3wuk9zAusoOhw0MN1 M1jYz0k9aajIvvdZT3Tyd29yCADy8GwA eUmoWXLS C4CcBqPa9til8ei3rDn w8dveVHsi 9FXjtVSYQN ilKw moMAj Zy4kN kpdpHMohwv 909VWR1AZbr YTxaG tK15bqxnZ14wHF8xAkEA5vwut8USRg2 dk W 4 X 2 N Y K A ndOtle8ILEQNHvHOdOr2et xNH4ZEo 7mqot 6SkkCD1xmxA6XG64hR3BExFSZcew r4SOFGCtOJBAMurr5FYPJIRFGzPM3HwcpAaaMIUtPwNyTtT3 yw1YcUI7iZVVfbdx E n a G B7qOadPybTg7wqUrGVkPSzzQelz9YCSSV8COFgpIsEYhbqfTLZE183YjsuaE801 BivaWLITOb2TVM207zSDOG5fv41990v mgrORtmeXshVmEChtKnBcm7HHOCQE6B 5GpX2Rp98eaU L9nH86iuPnd7 WUfLArDMJ8hAoRczeUlnipXrIh5kWWCgOsTKmUrafdEQvdpT83 HfIOCP36JpCdome2eUCODZN9OrTgPfeDIXzyO0iUUWF1zSlidkU WVF3rV9Dse30sVEk63Yky8uKUy7yPUNW1dG4U5vVRKmY 296 Certificate and Key Management RUGGEDCOM ROS Chapter 15 User Guide Firmware Upgrade and Configuration Management For SSH ROS
240. l Agreement to ensure transitioning in the event of a link failure This protocol requires full duplex operation When RSTP detects a non full duplex port it cannot rely on Proposal Agreement protocol and must make the port transition the slow i e STP way If possible configure the port for full duplex operation Otherwise configure the port s point to point setting to true Either one will allow the Proposal Agreement protocol to be used Problem Three When I test your switch by deliberately breaking a link it takes a long time before can poll devices past the switch thought RSTP was supposed to be fast What is happening Is it possible that some ports participating in the topology have been configured to STP mode or that the port s point to point parameter is set to false STP and multipoint ports converge slowly after failures occur Is it possible that the port has migrated to STP If the port is connected to the LAN segment by shared media and STP bridges are connected to that media then convergence after link failure will be slow Delays on the order of tens or hundreds of milliseconds can result in circumstances where the link broken is the sole link to the root bridge and the secondary root bridge is poorly chosen The worst of all possible designs occurs when the secondary root bridge is located at the farthest edge of the network from the root In this case a configuration message will have to propagate out to the edge and t
241. lasses of Service Multicast Filtering MAC Address Tables Diagnostics Configure Alarms View Latched Alarms Clear Latched Alarms View System Log Clear System Log View CPU Diagnostics View Product Information Load Factory Defaults Reset Device Files Transfer Figure 206 Diagnostics Menu Section 14 1 Using the Alarm System Alarms are the occurrence of events of interest that are logged by the device If alarms have occurred the device will indicate the number of alarms in the top right corner of all menu screens There are two broad types of alarms active and passive alarms Using the Alarm System 275 Chapter 14 RUGGEDCOM ROS Diagnostics User Guide Section 14 1 1 Active Alarms Active alarms are ongoing They signify states of operation that are not in accordance with normal operation Examples of active alarms include links that should be up but are not or error rates that are continuously exceeding a certain threshold Active alarms are removed cleared either by solving the original cause of the alarm or by explicitly clearing the alarm itself Section 14 1 2 Passive Alarms Passive alarms are historic in nature They signify events that represented abnormal conditions in the past and do not affect the current operational status Examples of passive alarms include authentication failures or error rates that temporarily exceeded a certain threshold Passive alarms are cleared through the Clear
242. lave only and Transparent Clock functionality Please note that a boundary clock must not be configured as a slave only clock This menu configures PTP Precision Time Protocol delay mechanism attributes Log out Back Figure 30 Delay Mechanism Form Parameter P2P Request Interval E2E Request Interval Path Delay access admin P2P Request Interval 1s E2E Request Interval 1s Description Synopsis 1 s 2s 4s 8s 16s 32s Default 1s Selects the PTP delay request interval mean time interval between successive delay request messages in seconds The peer delay mechanism measures the port to port propagation time such as the link delay between two communicating ports supporting the peer delay mechanism Synopsis 1 s 2s 4s 8s 16s 32s Default 1s Selects the PTP delay request interval mean time interval between successive delay request messages in seconds The E2E also called request response delay mechanism measures the message propagation time between the master and slave clocks Delay Mechanism Settings 61 Chapter 2 Administration RUGGEDCOM ROS User Guide Section 2 11 4 4 Viewing PTP Statistics The View PTP Statistics menu provides links to forms where you can view PTP Clock Boundary Clock Slave and Peer Delay statistics Log out Figure 31 View PTP Statistics Menu Log out Back Figure 32 PTP Clock Stats Form Parameter Status Current Offset Servo
243. letely break RSTP operation can lead to a longer recovery time from failures in the network eRSTP offers some enhancements to the protocol which make the switch fully interoperable with other vendors switches which may be running IEEE 802 2w RSTP The enhancements do not affect interoperability with more recent RSTP editions This configuration parameter enables the aforementioned interoperability mode Synopsis STP 16 bit RSTP 32 bit Default STP 16 bit The RSTP standard defines two styles of a path cost value STP uses 16 bit path costs based on 1x10E9 link speed 4 for 1Gbps 19 for 100 Mbps and 100 for 10 Mbps whereas RSTP uses 32 bit costs based upon 2x10E13 link speed 20 000 for 1Gbps 200 000 for 100 Mbps and 2 000 000 for 10 Mbps Switches from some vendors however use the STP path cost style even in RSTP mode which can cause confusion and problems with interoperability This configuration parameter selects the style of path cost to employ Note that RSTP path costs are used only when the bridge version support is set to allow RSTP and the port does not migrate to STP 196 eRSTP Parameters RUGGEDCOM ROS User Guide Chapter 7 Spanning Tree Section 7 4 4 MST Region Identifier Log out Name access MST Region Identifier admin 00 04 D C 00 41 74 Revision Level 0 Digest AC36177F50263CD4B63821 D8AB26L Figure 139 MST Region Identifier Form Paramet
244. level to be assigned to the user Oper Priv Synopsis 0 to 15 0 to 15 Default 2 14 Privilege level to be assigned to the user Guest Priv Synopsis 0 to 15 0 to 15 Default 1 Privilege level to be assigned to the user Section 2 15 DHCP Relay Agent A DHCP Relay Agent is a device that forwards DHCP packets between clients and servers when they are not on the same physical LAN segment or IP subnet The feature is enabled if the DHCP server IP address and a set of access ports are configured DHCP Option 82 provides a mechanism for assigning an IP Address based on the location of the client device in the network Information about the client s location can be sent along with the DHCP request to the server The DHCP server makes a decision about an IP Address to be assigned based on this information DHCP Relay Agent takes the broadcast DHCP requests from clients received on the configured access port and inserts the relay agent information option Option 82 into the packet Option 82 contains the VLAN ID 2 bytes and the port number of the access port 2 bytes the circuit ID sub option and the switch s MAC address the remote ID sub option This information uniquely defines the access port s position in the network The DHCP Server supporting DHCP option 82 sends a unicast reply and echoes Option 82 The DHCP Relay Agent removes the Option 82 field and broadcasts the packet to the port from which the original request was rece
245. licable to RUGGEDCOM products Section 1 5 1 Modbus Memory Map Description Reference Address Registers Table in UI R W Format PRODUCT INFO table Name Productinfo 0000 16 Product Identification Text 0010 32 Firmware Identification Text 0040 1 Number of Ethernet Ports R Uint16 0041 1 Number of Serial Ports R Uint16 0042 1 Number of Alarms R Uint16 0043 1 Power Supply Status R PSStatusCmd 0044 1 FailSafe Relay Status R TruthValue 0045 1 ErrorAlarm Status R TruthValue PRODUCT WRITE REGISTERS table Name various tables 0080 1 Clear Alarms Ww Cmd Modbus Memory Map RUGGEDCOM ROS Chapter 1 User Guide Introduction Address Registers Description nes R W Format Table in Ul 0081 2 Reset Ethernet Ports W PortCmd 0083 2 Clear Ethernet Statistics W PortCmd 0085 2 Reset Serial Ports W PortCmd 0087 2 Clear Serial Port W PortCmd Statistics ALARMS table Name alarms 0100 64 Alarm 1 R Alarm 0140 64 Alarm 2 R Alarm 0180 64 Alarm 3 R Alarm 01C0 64 Alarm 4 R Alarm 0200 64 Alarm 5 R Alarm 0240 64 Alarm 6 R Alarm 0280 64 Alarm 7 R Alarm 02C0 64 Alarm 8 R Alarm ETHERNET PORT STATUS table Name ethPortStats 03FE 2 Port Link Status R PortCmd ETHERNET STATISTICS table Name rmonStats 0400 2 Port 1 Statistics R Uint32 Ethernet In Packets 0402 2 Port 2 Statistics R Uint32 Ethernet In Packets 0404 2 Port 3 Statistics R Uint32 Ethernet In Packets 0406 2 Port 4 Statistics R Uint32 Ethernet In
246. lient must be engineered to handle this heavy isochronous workload Video streams can consume large amounts of bandwidth Features and capacity of both server and network including routers bridges switches and interfaces impact the streams You should not exceed 60 of the maximum interface bandwidth For example if using a 10 Mbps Ethernet you should run a single multicasting source at no more than 6 Mbps or two sources at 3 Mbps Router ports will carry the traffic of all multicast groups so it is especially important to consider these ports in your design Note that multicasting will definitely introduce latency in all traffic on the network Plan your network carefully in order to account for capacity and latency concerns Problem Four Multicast streams of some groups are not forwarded properly Some segments without subscribers receive the traffic while some segments with subscribers don t Ensure that you do not have a situation where different multicast groups have multicast IP addresses that map to the same multicast MAC address The switch forwarding operation is MAC address based and will not work properly for several groups mapping to the same MAC address Problem Five Computers on my switch issue join requests but don t receive multicast streams from a router Is your multicast router running IGMP version 2 It must run IGMP version 2 in order for IGMP Snooping to operate properly Problem Six I connect or disconn
247. lock with a GPS Time Source and Power Profile Procedure Configuring the master clock 1 Under Precision Time Control gt Configure Global Parameters set PTP Enable to Yes 2 Under Precision Time Control gt Configure Global Parameters set Clock Type to Ordinary Clock 3 Under Precision Time Control gt Configure Global Parameters set PTP Profile to Power Profile Under Precision Time Control gt Configure Global Parameters set Grandmaster ID to 100 Under Precision Time Control gt Configure Global Parameters set Network Class to IEEE1588 Network Under Precision Time Control gt Configure Clock Parameters set Priority1 to 1 Under Configure Time Source set Primary Time Source to GPS Under View Time Sync Status view the GPS status on the switch Time Source must equal GPS and GPS Status must equal Lock 9 Under Precision Time Control gt View PTP Statistics gt View PTP Clock Stats view the IEEE1588 status on the switch Status must equal Master 10 Configure IRIG B as the time source for all Intelligent Electronic Devices IEDs For more information see Section 2 11 5 Configuring IRIG B Procedure Configuring the transparent clock 1 Under Precision Time Control gt Configure Global Parameters set PTP Enable to Yes 2 Under Precision Time Control gt Configure Global Parameters set Clock Type to OC and PTP TClock 3 Under Precision Time Control gt Configure Global Parameters set PTP Profil
248. lticasts CR 1 O days 00 00 04 0 448 7 0 7 0 12 O days 00 00 24 D 646 13 D 11 D 13 O days 00 00 44 0 4686 56 13 10 D 4 O days 00 01 04 D 13768 131 9 10 D 5 O days 00 01 24 0 4642 52 9 10 D 6 D days 00 01 44 D 2968 42 12 10 D YA O days 00 02 04 0 6149 67 9 10 D Figure 115 RMON History Samples Table RMON History Samples 157 Chapter 5 Ethernet Statistics RUGGEDCOM ROS User Guide RMON History 2 Samples Sample StartTime DropEvents InOctets InPkts InBroadcasts InMulticasts CRCAlignErrors UndersizePkts OversizePkts Fragments Jabbers Collisions Utilization 4 0 days 00 01 04 0 13768 131 O Ojj oOjjojjo oj o Figure 116 RMON History Samples Form Parameter Sample StartTime DropEvents InOctets InPkts InBroadcasts Description Synopsis 0 to 4294967295 The sample number taken for this history record Synopsis DDDD days HH MM SS The system elapsed time when started interval over which this sample was measured Synopsis 0 to 4294967295 The number of received packets that are dropped due to lack of receive buffers Synopsis 0 to 4294967295 The number of octets in good packets Unicast Multicast Broadcast and dropped packets received Synopsis 0 to 4294967295 The number of good packets Unicast Multicast Broadcast and dropped packets received Synopsis 0 to
249. mands Synopsis 15 character ASCII string Default None Confirm the input of the above Guest Password Synopsis 15 character ASCII string Default operator Related password is in the Oper Password field cannot change settings can reset alarms statistics logs etc Leave this parameter empty to disable this account Synopsis 15 character ASCII string Default operator Related user name is in the Oper Username field cannot change settings can reset alarms statistics logs etc Synopsis 15 character ASCII string Default None Confirm the input of the above Operator Password Synopsis 15 character ASCII string Default admin Related password is in the Admin Password field full read write access to all settings and commands Synopsis 15 character ASCII string Default admin Related user name is in the Admin Username field full read write access to all settings and commands Synopsis 15 character ASCII string Default None Confirm the input of the above Admin Password 50 Passwords RUGGEDCOM ROS Chapter 2 User Guide Administration Section 2 11 System Time Management ROS running on the RS416 offers the following time keeping and time synchronization features Local hardware time keeping and time zone management IEEE 1588 master and slave clock operation IRIG B input and output SNTP time synchronization In addition to the local clock the unit s time reference may be configured
250. mat objectName index1 index2 where index format depends on index object type Synopsis 0 to 2147483647 Default 11800 A threshold for the sampled variable When the current sampled variable value is greater than or equal to this threshold and the value at the last sampling interval was less than this threshold a single event will be generated A single event will also be generated if the first sample created after this record is greater than or equal to this threshold and the associated startup alarm is equal to rising After a rising alarm is generated another such event will not be generated until the sampled value falls below this threshold and reaches the value of FallingThreshold Synopsis 0 to 2147483647 Default 11790 A threshold for the sampled variable When the current sampled variable value is less than or equal to this threshold and the value at the last sampling interval was greater than this threshold a single event will be generated A single event will also be generated if the first sample created after this record is less than or equal to this threshold and the associated startup alarm is equal to falling After a falling alarm is generated another such event will not be generated until the sampled value rises above this threshold and reaches the value of RisingThreshold Synopsis 0 to 2147483647 The value of a monitored object during the last sampling period The presentation of the value depends on the
251. mation On a Particular File 29 Chapter 1 RUGGEDCOM ROS Introduction User Guide NOTE The device to be pinged must support ICMP echo Upon commencing the ping an ARP request for the MAC address of the device is issued If the device to be pinged is not on the same network as the device pinging the other device the default gateway must be programmed Section 1 7 6 Tracing Events The CLI trace command provides a means to trace the operation of various protocols supported by the device Trace provides detailed information including STP packet decodes IGMP activity and MAC address displays NOTE Tracing has been designed to provide detailed information to expert users Note that all tracing is disabled upon device startup In order to display the current trace settings and discover the systems that are being traced enter the CLI command trace trace Supported commands noclear Starts the log without Cleacing e Test HASTE Disables all trace subsystems from tracing allon Enables all flags in all trace subsystems stp Traces STP operations Laag Displave switch ESbelo SLatistics mac Displays MAC Events forward Forwards trace messages to an IP UDP address igmp Displays IGMP Snooping events gvrp Displays GVRP events webs Traces Web Server connections dhcpra Traces DHCP Relay Agent SODA Traces 802 1X PAE Lja Traces IP communications Enter trace command for more information on a particular command Sm
252. me out should be used by the master The maximum length of a Modbus message is 256 bytes This leads to a transmission time of about 25 ms at the Master and 250 ms at the RTU Under ideal circumstances the maximum round trip time is given by 25 ms Master gt client 3 ms network delay 250 ms server gt RTU 100 ms Think time 250 ms RTU gt server 3 ms network delay 25 ms client gt Master This delay totals about 650 ms Contrast this delay with that of a quick operation such as reading a single register Both request and response are less than 10 bytes in length and complete for this example in 1 and 10 ms at the client and server Assuming the RTU responds quickly the total latency will approach 35 ms The server can already be busy sending a request when the request of our example arrives Using the figures from the above paragraph the server being busy would increase the end to end delay from 650 to 1250 ms additional 250 ms server gt RTU 100 ms Think time 250 ms RTU gt server The preceding analysis suggests that the Master should time out at some time after 1250 ms from the start of transmission Section 3 2 2 3 Use of Turnaround Delay Modbus protocol uses the concept of a turnaround delay in conjunction with broadcast messages When the host sends a broadcast message that does not invoke an RTU response it waits for a turnaround delay time This delay ensures that the RTU has enough time
253. mically learn VLANs Only Trunk ports are GVRP capable Section 8 3 4 VLAN Summary There are actually three ways that a VLAN can be created in the switch Explicit A VLAN is explicitly configured in the Static VLANs list Implicit A VLAN ID is a parameter required for different feature configurations e g Port VLAN Parameters Static MAC Addresses IP Interface Type and ID When such a parameter is set to some VLAN ID value appropriate VLAN is automatically created if it does not yet exist VLAN Summary 223 Chapter 8 RUGGEDCOM ROS VLANs User Guide Dynamic A VLAN learned through GVRP NOTE i Not explicitly created VLAN is always created with IGMP Snooping disabled If it is desirable for IGMP to be used on that VLAN it should be created as a Static VLAN with IGMP enabled All VLANs regardless of the way they were created are shown in the VLAN Summary Log out VLAN Summary Back Figure 160 VLAN Summary Table Parameter Description VID Synopsis 1 to 4094 The VLAN Identifier is used to identify the VLAN in tagged Ethernet frames according to IEEE 802 1Q Untagged Ports Synopsis Any combination of numbers valid for this parameter All ports that are untagged members of the VLAN Tagged Ports Synopsis Any combination of numbers valid for this parameter All ports that are tagged members of the VLAN Section 8 4 Troubleshooting Problem One don t need VLANs at all How do turn them
254. mined for 802 1Q tags and the priority field is mapped to a CoS If a tag is not present the frame is examined to determine if it is an IP frame If CoS Operation 235 Chapter 10 RUGGEDCOM ROS Classes of Service User Guide the frame is IP and inspecting TOS is enabled the CoS is determined from the DSCP field If the frame is not IP or inspecting TOS is disabled the default CoS for the port is used Received To CoS Use Port Default Egress Ports Frame MAC Address in Static MAC Address Na No Table Use TOS DSCP Y Use DSCP to CoS Mapping Use Priority to Use CoS CoS Mapping Configured for the MAC address Figure 169 Determining The CoS Of A Received Frame After inspection the frame is the forwarded to the egress port for transmission Section 10 1 2 Forwarding Phase The inspection phase results in the CoS of individual frames being determined When these frames are forwarded to the egress port they are collected into one of the priority queues according to the CoS assigned to each frame CoS weighting selects the degree of preferential treatment that is attached to different priority queues The ratio of the number of higher CoS to lower CoS frames transmitted can be programmed If desired the user can program lower CoS frames are to be transmitted only after all higher CoS frames have been serviced Section 10 2 CoS Configuration The Classes Of Service menu is acces
255. more easily performed at the command line You may switch back and forth from the menu system and shell by pressing lt Ctrl S gt For more information on the capabilities of the shell please refer to Section 1 7 Using the CLI Shell Making Configuration Changes 37 Chapter 2 Administration RUGGEDCOM ROS User Guide Section 2 2 The ROS Secure Shell Server Section 2 2 1 Using a Secure Shell to Access the User Interface SSH Secure Shell is a network protocol which provides a replacement for insecure remote login and command execution facilities such as Telnet and remote shell SSH encrypts traffic in both directions preventing traffic sniffing and password theft NOTE i SSH requires a private and public key pair A 1024 bit private public key pair is built into the firmware by default ROS will also auto generate keys if user generated keys are not provided These keys are encrypted and obfuscated to hinder reverse engineering efforts Default and auto generated keys can be superceded by uploading a key pair to the device Siemens strongly encourages users to replace the default keys for improved security Private and public keys are stored in the ssh keys file This file is write only and can only be replaced by admin users It can not be downloaded from the device If the file is empty a Default Keys In Use for SSH alarm is generated SSH protocol version 2 is implemented in ROS The authentication meth
256. moved from the device address table Entries in the Link Statistics Table with the aged address will be kept until statistics are cleared Synopsis Static Dynamic StaticAndDynamic Default Static The device address table in which addresses will be found for broadcast messages Synopsis Static Dynamic StaticAndDynamic Default Dynamic The device address table in which addresses will be found for unicast messages Synopsis Disabled Enabled Default Enabled Enables link statistics collection for this protocol Synopsis 0 to 63 Default 0 To set the DS byte in the IP header DS byte setting is supported in the egress direction only Synopsis 0 to 63 Default 0 To set the DS byte in the IP header DS byte setting is supported in the egress direction only MicroLok salen A admin Transport TCP O UDP IP Port 60000 Link Stats Disabled Enabled DSCP jo 116 MicroLok RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols Parameter Description Transport Synopsis TCP UDP Default UDP The network transport used to transport protocol data over an IP network IP Port Synopsis 1024 to 65535 Default 60000 A local port number on which the MicroLok protocol listens for UDP datagrams or TCP connections Link Stats Synopsis Disabled Enabled Default Enabled Enables link statistics collection for this protocol DSCP Synopsis 0 to 63 Default 0 To set the DS byte in the I
257. n A RADIUS server can be used to authenticate and authorize access to the device s services such as HMI via Serial Console Telnet SSH RSH Web Server see Password Configuration ROS implements a RADIUS client which uses the Password Authentication Protocol PAP to verify access Attributes sent to a RADIUS server are username user password service type Login e vendor specific currently defined as the following vendor ID Siemens AG enterprise number 15004 assigned by the Internet Assigned Numbers Authority IANA string sub attribute containing specific values subtype 1 vendor s name subtype length 11 total length of sub attribute of subtype 1 ASCII string RuggedCom Two RADIUS servers Primary and Secondary are configurable per device If the Primary Server is not reachable the device will automatically fall back to the Secondary server to complete the authorization process The vendor specific attribute is used to determine the access level from the server which may be configured at the RADIUS server with the following information Vendor ID Siemens AG enterprise number 15004 assigned by Internet Assigned Numbers Authority IANA Sub attribute Format String e Vendor Assigned Sub Attribute Number 2 Attribute value any one of admin operator guest NOTE li If no access level is received in the response packet from the server then no access will be granted to the user An Example
258. n 192 168 0 1 192 168 0 2 N lt Figure 57 Using A Router As A Gateway The router is configured with the appropriate IP subnets and will forward the ping from the workstation to the switch When the switch responds however it will not know which of its interfaces to use in order to reach the workstation and will drop the response Programming a gateway of 10 0 0 1 will cause the switch to forward unresolvable frames to the router This problem will also occur if the gateway address is not configured and the switch tries to raise an SNMP trap to a host that is not on the local subnet Troubleshooting 89 RUGGEDCOM ROS Chapter 2 User Guide Administration Troubleshooting 90 RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols i h Serial Protocols RUGGEDCOM devices support the following serial protocols Raw Socket serial encapsulation Preemptive Raw Socket TCPModbus client and server modes DNP 3 DNP packetization over Raw Socket Microlok WIN and TIN Mirrored Bits TelnetComPort RFC2217 Section 3 1 Serial Protocols Overview Serial interface bit rates can be configured in range of 100 to 230400 bps A turnaround time is supported to enforce minimum times between successive messages transmitted via a serial port If a port is set to force half duplex mode while sending data all received data will be discarded To set this mode the port must natively work in full duplex mode To transpo
259. n Options Log out Link Detection 1 Alarms Back Fast Link Detection On_withPortGuard Link Detection Time 100 ms Apply Reload Figure 106 Link Detection Form 144 Calibrating Estimated Distance To Fault RUGGEDCOM ROS User Guide Chapter 4 Ethernet Ports Parameter Fast Link Detection Link Detection Time NOTE Description Synopsis Off On On_withPortGuard Default On_withPortGuard This parameter provides system protection against a faulty end device generating an improper link integrity signal When a faulty end device or a mismatched fiber port is connected to the unit a large number of continuous link state changes can be reported in a short period of time This high rate of link state changes can render the system unresponsive Three different settings are available for this parameter ON_withPortGuard This is the recommended setting With this setting an extended period gt two minutes of excessive link state changes reported by a port prompts the Port Guard feature to permanently disable Fast Link Detection on the and raises an alarm By disabling Fast Link Detection on the port excessive link state changes can no longer consume a substantial amount of system resources However note that if Fast Link Detection is disabled the port will need a longer time to detect a link failure If the port is part of a spanning tree this could result in a longer network recovery time of up
260. n SNMP trap is sent to one or more management stations Synopsis Any 31 characters Default public If the SNMP trap is to be sent it will be sent to the SNMP community specified by this string Synopsis DDDD days HH MM SS The time from last reboot at the time this event entry last generated an event If this entry has not generated any events this value will be 0 Synopsis Any 127 characters Default Monitoring outgoing traffic on port 2 A comment describing this event Synopsis Any 127 characters Default Monitor The owner of this event record It is suggested to start this string with the word monitor Event logs for a particular record in the RMON Events Table can be viewed by selecting a particular record and view option The index of the record will be included in the resulting menu title of the log table 164 RMON Event Log RUGGEDCOM ROS User Guide Chapter 5 Ethernet Statistics Log out Rmon Event 1 Log 1 Alarms 0 days 00 06 01 ho 0 days 00 06 06 RMON alarm 1 rising ifOutOctets 2 RMON alarm 1 falling ifOutOctets 2 leo 0 days 00 09 21 0 days 00 09 26 RMON alarm 1 rising ifOutOctets 2 RMON alarm 1 falling ifOutOctets 2 kn ME 0 days 00 10 31 RMON alarm 1 rising ifOutOctets 2 0 days 00 10 41 RMON alarm 1 falling ifOutOctets 2 m Ho 0 days 00 11 46 Figure 122 RMON Event Log Table ifOutOct
261. n image When this compressed image is run for the first time it decompresses itself and reinstalls the decompressed image to Flash memory Subsequent device reboots will use the decompressed image Section 15 4 2 Security Considerations There are three file transfer methods available in ROS XModem TFTP and SFTP Any user can perform transfers from the device using XModem and TFTP However only users logged using the admin account can upload files to the device 290 Upgrading Firmware RUGGEDCOM ROS Chapter 15 User Guide Firmware Upgrade and Configuration Management NOTE TFTP does not define an authentication scheme Any use of the TFTP client or server is considered highly insecure XModem transfers can only be performed through the serial console which is authenticated during login Li me The device does not have an SFTP client and therefore can only receive SFTP files from an external source SFTP requires authentication for the file transfer Section 15 4 3 Upgrading Firmware Using XModem This method requires that the binary image file of the main ROS application firmware along with serial terminal or telnet software and the ability to do XModem transfers be available on a computer with an RS232 or network connection respectively to the ROS device to be upgraded Establish a console connection with administrative privileges either via the RS232 port or via telnet Enter the ROS command xmodem rece
262. n its information field LLDP Operation 265 Chapter 13 RUGGEDCOM ROS Network Discovery User Guide NOTE li LLDP is implemented to keep a record of only one device per Ethernet port Therefore if there are multiple devices sending LLDP information to a switch port on which LLDP is enabled information about the neighbor on that port will change constantly CAUTION LLDP is not secure by definition Avoid enabling LLDP on devices connected to external networks Siemens recommends using LLDP only in secure environments operating within a security perimeter Section 13 2 RCDP Operation The purpose of the RUGGEDCOM Discovery Protocol is to support the deployment of ROS based devices that have not been configured since leaving the factory ROS devices that have not been configured all have the default IP Layer 3 address Connecting more than one of them on a Layer 2 network means that one cannot use standard IP based configuration tools to configure them The behavior of IP based mechanisms such as the web interface SSH telnet or SNMP will all be undefined Since RCDP operates at Layer 2 it can be used to reliably and unambiguously address multiple devices even though they may share the same IP configuration Siemens s RUGGEDCOM Explorer is a lightweight standalone Windows application that supports RCDP It is capable of discovering identifying and performing basic configuration of ROS based devices via RCDP The features s
263. n the cable pairs of the selected port Synopsis 0 to 65535 The number of times that OPEN has been detected on the cable pairs of the selected port 142 Cable Diagnostics RUGGEDCOM ROS Chapter 4 User Guide Ethernet Ports Parameter Description Short Synopsis 0 to 65535 The number of times that SHORT has been detected on the cable pairs of the selected port Imped Synopsis 0 to 65535 Pass Fail Total Section 4 2 4 1 Running Cable Diagnostics To start cable diagnostics on a port The number of times that IMPEDANCE MISMATCH has been detected on the cable pairs of the selected port Synopsis 0 to 65535 0 to 65535 0 to 65535 This field summarizes the results of the cable diagnostics performed so far Pass the number of times that cable diagnostics were completed successfully on the selected port Fail the number of times that cable diagnostics failed on the selected port Total the total number of times that cable diagnostics have been attempted on the selected port 1 Connect a Category 5 or better quality cable to the port under test PUT 2 Connect the other end of the cable to a similar network port For example connect 100BASE T port to a 100BASE T port 1000BASE T port to a 1000BASE T port 3 Configure the PUT s Runs count 4 Configure the PUT s cable diagnostics State to Started To stop cable diagnostics on a port 1 Configure the PUT s cable diagnostics state to
264. n the network In this case it is possible that the root might not support the Fast Root Failover algorithm In this scenario use the relaxed algorithm which tolerates the lack of algorithm support in the root switch The following are the supported configuration options eRSTP Parameters 195 Chapter 7 Spanning Tree RUGGEDCOM ROS User Guide Parameter IEEE802 1w Interoperability Cost Style Description On Fast Root Failover is enabled and the most robust algorithm is used which requires the appropriate support in the root switch On with standard root Fast Root Failover is enabled but a relaxed algorithm is used allowing the use of a standard switch in the root role Off Fast Root Failover algorithm is disabled and hence a root switch failure may result in excessive connectivity recovery time NOTE This feature is only available in RSTP mode In MSTP mode the configuration parameter is ignored In a single ring topology this feature is not needed and should be disabled to avoid longer network recovery times due to extra RSTP processing For recommendations regarding the use of this feature refer to Section 7 1 6 Fast Root Failover Synopsis On Off Default On The original RSTP protocol defined in the IEEE 802 1w standard has minor differences from more recent enhanced standard s Those differences cause interoperability issues which although they do not comp
265. nables Remote Shell access 46 IP Services RUGGEDCOM ROS User Guide Chapter 2 Administration Section 2 8 Data Storage These parameters provide the ability to encrypt and password protect data in the CSV configuration file Li NOTE Data encryption is not available in Non Controlled NC versions of ROS When switching between Controlled and Non Controlled NC versions of ROS make sure data encryption is disabled Otherwise the NC version of ROS will ignore the encrypted configuration file and load the factory defaults Log out Data Storage 3 Alarms Back Encryption On Off Passphrase Confirm Passphrase Apply Reload Figure 19 Data Storage Form Parameter Description Encryption Synopsis On Off Default Off Enable disable encryption of data in configuration file Passphrase Synopsis 31 character ascii string This passphrase is used as a secret key to encrypt the configuration data Encrypted data can be decrypted by any device configured with the same passphrase Confirm Passphrase Synopsis 31 character ascii string S This passphrase is used as a secret key to encrypt the configuration data Encrypted data can be decrypted by any device configured with the same passphrase NOTE Only configuration data is encrypted All comments and table names in the configuration file are saved as Clear text NOTE When sharing a configuration file between devices make sure both dev
266. nagement Connection Inactivity Timeout e TFTP Server Permissions e System Identification e Passwords Time Keeping e SNMP Management e Radius Server DHCP Relay Agent e Remote Syslog Section 2 1 The ROS User Interface Section 2 1 1 Using the RS232 Port to Access the User Interface Attach a terminal or PC running terminal emulation software to the RS232 port The terminal should be configured for 8 bits no parity operation at 57 6 Kbps Hardware and software flow control must be disabled Select a terminal type of VT100 Once the terminal is connected pressing any key on the keyboard will prompt for the user name and password to be entered CAUTION AN To prevent unauthorized access to the device make sure to change the default username and password for each user level i e operator guest and admin before commissioning the device It is recommended that each username and password be unique and customized to the user to add an additional level of security The switch is shipped with a default administrator user name admin and password admin Once successfully logged in the user will be presented with the main menu The ROS User Interface 35 Chapter 2 RUGGEDCOM ROS Administration User Guide Section 2 1 2 The Structure of the User Interface The user interface is organized as a series of menus with an escape to a command line interface CLI shell Each menu screen presents the swi
267. name 124 Device Addresses RUGGEDCOM ROS User Guide Chapter 3 Serial Protocols Section 3 3 14 Dynamic Device Addresses This table provides the ability to view the TIN protocol s device addresses from remote locations that were learned dynamically access Log out TIN Dynamic Address Table saris Back ddccbbad 192 168 0 1 50001 68 8s Figure 89 Dynamic Device Address Table access Log out TIN Dynamic Address Table admin Back Address ddecbbal Location 192 168 0 1 IP Port 50001 RSSI 68 Aging Time 137 s Figure 90 Dynamic Device Address Form Parameter Description Protocol Synopsis TIN The serial protocol supported on this serial port Address Synopsis Any 31 characters The remote device address Location Synopsis H HHH HHH HHH where ranges from 0 to 255 The IP Address of the remote host Synopsis 1 to 65535 IP Port Dynamic Device Addresses 125 Chapter 3 Serial Protocols RUGGEDCOM ROS User Guide Parameter Description The remote port number from which a UDP datagram was received from a remote device or from which a TCP connection was established RSSI Synopsis 128 to 0 or N A The signal strength indicator received from wayside data radio N A for TIN Mode 1 Aging Time Synopsis 0 to 1000 The amount of time since the last packet arrived from the devic
268. necessary corrections will be included in subsequent editions We appreciate any suggested improvements We reserve the right to make technical improvements without notice Registered Trademarks ROX Rugged Operating System On Linux CrossBow and eLAN are trademarks of Siemens AG ROSO is a registered trademark of Siemens AG Other designations in this manual might be trademarks whose use by third parties for their own purposes would infringe the rights of the owner Third Party Copyrights Siemens recognizes the following third party copyrights Copyright 2004 GoAhead Software Inc All Rights Reserved Security Information Siemens provides products and solutions with industrial security functions that support the secure operation of plants machines equipment and or networks They are important components in a holistic industrial security concept With this in mind Siemens products and solutions undergo continuous development Siemens recommends strongly that you regularly check for product updates For the secure operation of Siemens products and solutions it is necessary to take suitable preventive action e g cell protection concept and integrate each component into a holistic state of the art industrial security concept Third party products that may be in use should also be considered For more information about industrial security visit http www siemens com industrialsecurity To stay informed about produc
269. nectivity is assured Manual configuration is useful when the exact topology of the network must be predictable under all circumstances The path cost can be used to establish the topology of the network exactly as the designer intends STP vs RSTP Costs The IEEE 802 1D 1998 specification limits port costs to values of 1 to 65536 It recommends that a path cost corresponding to the 1x109 link speed be used Designed at a time when 9600 bps links were state of the art this method breaks down in modern use as the method cannot represent a link speed higher than a gigabit per second In order to remedy this problem in future applications the IEEE 802 1w specification limits port costs to values of 1 to 200000 with a path cost corresponding to the 2x1012 link speed RUGGEDCOM bridges support interoperability with legacy STP bridges by selecting the style to use In practice it makes no difference which style is used as long as it is applied consistently across the network or if costs are manually assigned Section 7 1 5 Bridge Diameter The bridge diameter is the maximum number of bridges between any two possible points of attachment of end stations to the network The bridge diameter reflects the realization that topology information requires time to propagate hop by hop through a network If configuration messages take too long to propagate end to end through the network the result will be an unstable network There is a relation
270. ng User Guide The switch will immediately issue IGMP queries if in IGMP Active mode to obtain potential new group membership information e The switch can be configured to flood multicast streams temporarily out of all ports that are not configured as STP Edge Ports Section 11 1 3 Combined Router and Switch IGMP Operation This section describes the additional challenges of multiple routers VLAN support and switching Producer P1 resides on VLAN 2 while P2 resides on VLAN 3 Consumer C1 resides on both VLANs whereas C2 and C3 reside on VLANs 3 and 2 respectively Router 2 resides on VLAN 2 presumably to forward multicast traffic to a remote network or act as a source of multicast traffic itself Multicast Multicast Router 1 Router 2 Switch VLAN 2 3 VLAN 2 Figure 179 IGMP Operation Example 2 In this example we will assume that all the devices agree that router 1 is the querier for VLAN 2 and router 2 is simply a non querier In this case the switch will periodically receive queries from router 1 and thus maintain the information concerning which of its ports links to the multicast router However the switch port that links to router 2 must be manually configured as a router port Otherwise the switch will send neither multicast streams nor joins leaves to router 2 Note that VLAN 3 does not have an external multicast router The switch should be configured to operate in its routerless mode and is
271. ngle port on the bridge which provides connectivity for the Multiple Spanning Tree Instance towards the Common Spanning Tree root bridge i e this port is the root port for the Common Spanning Tree Instance Cost Synopsis 0 to 4294967295 Cost offered by this port If the Bridge RSTP Parameters Cost Style is set to STP 1Gbps ports will contribute a cost of four 100 Mbps ports will contribute 19 and 10 Mbps ports contribute If the Cost Style is set to RSTP 1Gbps will contribute 20 000 100 Mbps ports will contribute a cost of 200 000 and 10 Mbps ports contribute a cost of 2 000 000 Note that even if the Cost Style is set to RSTP a port that migrates to STP will have its cost limited to a maximum of 65535 Desig Bridge ID Synopsis 4 4 4 where is 0 to 65535 is 0 to FF Provided on the root ports of designated bridges the Bridge Identifier of the bridge this port is connected to Section 7 5 5 Clear STP Statistics Clicking the Clear Spanning Tree Statistics link on the main Spanning Tree menu see Figure 134 Spanning Tree Menu presents the following confirmation form access Log out Clear Spanning Tree Statistics factory Back You are about to clear all spanning tree statistics Figure 149 Clear Spanning Tree Statistics Confirmation Form Click the Confirm button to clear all statistics maintained by ROS for spanning tree including global and port based statistics Section 7 6 Trouble
272. nistrative Convenience VLANs enable equipment moves to be handled by software reconfiguration instead of by physical cable management When a host s physical location is changed its connection point is often changed as well With VLANs the host s VLAN membership and priority are simply copied to the new port Section 8 2 3 Reduced Hardware Without VLANs traffic domain isolation requires using separate bridges for separate networks VLANs eliminate the need for separate bridges The number of network hosts may often be reduced Often a server is assigned to provide services for independent networks These hosts may be replaced by a single multi homed host supporting each network on its own VLAN This host can perform routing between VLANs 218 Administrative Convenience RUGGEDCOM ROS User Guide Chapter 8 VLANs P 3 Server Router or Layer 3 Switch Figure 153 Inter VLAN Communications Section 8 3 VLAN Configuration The Virtual LANs menu is accessible from the main menu Log out Main Menu s Administration a Ethernet Ports a Ethernet Statistics Spanning Tree Virtual LANs Confiqure Global VLAN Parameters a Confiqure Static VLANs a Configure Port VLAN Parameters View VLAN Summary a Port Security a Classes of Service a Multicast Filtering a MAC Address Tables a Diagnostics Figure 154 Virtual LANs Menu VLAN 2 199 85 245 1 25 VLAN 3 199 85 245 128 26 VLAN 4
273. nly forward multicast traffic Switches running in Active IGMP mode participate in the querier election like multicast routers When the querier election process is complete the switch simply relays IGMP queries received from the querier When sending IGMP packets the switch uses its own IP address if it has one for the VLAN on which packets are sent or an address of 0 0 0 0 if it does not have an assigned IP address NOTE i IGMP Snooping switches perform multicast pruning using a multicast frame s destination MAC multicast address which depends on the group IP multicast address For example an IP multicast address A B C D corresponds to MAC address 01 00 5E XX YY ZZ where XX corresponds to the lower 7 bits of B and YY and ZZ are simply C and D respectively coded in hexadecimal Note also that IP multicast addresses such as 224 1 1 1 and 225 1 1 1 will both map onto the same MAC address 01 00 5E 01 01 01 This is a problem for which the IETF Network Working Group currently has no published solution Users are advised to be aware of and avoid this problem IGMP and STP An STP change of topology can render the routes selected to carry multicast traffic as incorrect This results in lost multicast traffic If STP detects change in the network topology IGMP will take some actions to avoid loss of multicast connectivity and reduce network convergence time Switch IGMP Operation 245 Chapter 11 RUGGEDCOM ROS Multicast Filteri
274. nncnncnncnnnncnnoncncnnnnnnncnnnnncnnnnnnnnnencnnnss 243 11 1 2 Switch IGMP Operation cccccccece ence ee eeee ce eeee ee eeeeeeeeaeeeeeaeeecaeeeeaaeeeeeeeeaeeeeeaeeeeaeneeaes 244 11 1 3 Combined Router and Switch IGMP Operation 2 cccecceeeecneeeeeeeeeeeeeeeeeeeeaeeeseeeeeaes 246 11 2 GMRP GARP Multicast Registration Protocol oooooonnccnnnnnccccnnoncccnnnnncccnnnnnnccnnnnnncrnnnnnncrnnnnnner 247 11 2 1 Joining a Multicast Group ccccoonccccnnnncccnonnncccnnnnnnccnnnnnnccnnnnnnccnnnnnncrnnnnnnrrnnnnnnrrnnnnnnrrnnnnnners 247 11 2 2 Leaving a Multicast Group sorai ea e eet ee ee eee eee aAa a A R 247 11 2 3 GMRP Protocol Notes 5 gcse nea ce hai EN TATAE E A TEREA RER 248 11 24 GMRP EXamMple 0000 A A A ta adel eae 248 11 3 Multicast Filtering Configuration and Status 2 0 00 eect e etter eee eee eres enna eeeeeeaaeeeeeeaa 250 11 3 1 Configuring IGMP Parameters prosene eter tte eee teeter eee eres een EAR 251 11 3 2 Global GMRP Configuration 20 0 2 ieee rr i iie vidine ARUANA AEN EA ANAE 252 11 3 3 Port Specific GMRP Configuration oooocococicicccnccnnnnnnccnnnnnnconnnnnncnnnnnnnrrnnnnnnrrnnnnnnrrnnnnnners 253 11 3 4 Configuring Static Multicast Groups 12 20 00 cece eter etter ee tere eee ee este nantes nena eeeeeeaaeeeeeeaa 255 11 3 5 Viewing IP Multicast Groups 2 000 cece etter eee ee reer nate rete aan nese aaeeeeeaaeeeeeaaeeeeeaaeeeees 256 11 3 6 Multicast Group Summary cece eee EE eee nee ane AAA
275. nnnnccnnonnncnnnnnnncrnnnnnnrrnnnnnnrrnn ranma 166 Chapter 6 IAK AGO SAO crio tdt iii 171 6 1 Link Aggregation Operation ooooooccccnncccoccccnnccccnnnnnncnnnoncncnnnnnnnnrnnnnnnnnnnnnnnrnnnnnnnnnnnnnnnrnnnannnnneninnnnss 171 6 11 Link Aggregation Rules ikl aate den aa a E a salad 172 6 1 2 Link Aggregation Limitations asar dd ti aa 173 6 2 Link Aggregation Configuration 0ccccccceceeeee cece ee eeee ee eeee ee eeeeeeeeaeeeeeeeeesaeeeeaeeeeseeeeaeeeseeeeeneneea 174 622 1 Configuring Port Trunks a A iii 175 Chapter 7 SOS MTS e EE aio 177 ED SRST P Operation cti vcd age Se tes eee aed Bie ie DA a eed eda tebe Saale a ae ae Gea eee 177 LIM RSITP States and Roles ien ss eugene coil clado ah aad eha aes anodino Mage anida 178 A BOGS POMS O eade i O Had eta aartees fade nadia A saad on gars EENAA 180 7 1 3 Point to Point and Multipoint LINKS 0 0 cece cece cece cece cece ce eeee cece eeeeeaeeeeeaeeecaeeeeaeeeeseeesaaees 180 1 4 Path and Port GOSS Metren eaan ataa eaa andes ita a desk ada rta 180 19 gt Bridge Diameter iii A data 181 TAO Fast ROot Failove E viii A a a tye dean 181 T2 MSTP Or de e dd he da A 182 7 2 1 MST Regions and Interoperability ooooo ncccnnnnncccnnnnnccnnnoncccnnnnnnccnnnnnnccnnnnnnccnn nn nnrrnnnnnnro 183 7 2 2 MSTP Bridge and Port Roles cccoooncccccnoccccconnnoccnnnnnnccnnnnnnccnnnnnnccnnnnnnccnnnnnnrrnnnnnncrnn nana 184 1 227 Bridge Roles sonata act acacia deci arc
276. nopsis None Even Odd Default None The parity to operate the port with Synopsis 0 to 1000 Default 0 ms The amount of delay if any to insert between the transmissions of individual messages via the serial port For Modbus protocol this value must be non zero It represents the delay between sending a brodcast message and the next poll out of the serial port Because RTUs do not reply to a broadcast enough time must be ensured to process it Synopsis 0 to 15 Default 15 bits The number of data bits needed to generate required delay with configured baudrate after the last bit of the packet was sent out before serial UART starts listening to the RX line This value is relevant for RS485 interfaces only Synopsis 1 to 15000 ms or off Default off The maximum amount of time in milliseconds that the serial packet can be held in the queue before being sent to the serial line Time is measured from the moment the packet is received from the IP layer Synopsis 0 to 63 Default 0 Sets the DS byte in the IP header DS byte setting is supported in the egress direction only Synopsis 0 ms to 1000 ms Default 0 ms The minimum amount of time in milliseconds that the transmission of a new message delays after the last message is received through the serial port This parameter is especially useful for half duplex transmission modes such as the two wire RS485 serial Serial Ports 107 Chapter 3 Serial Protocols
277. ntax of the RSH command is usually of the form rsh ipaddr 1 auth_token command_string where ipaddr The address or resolved name of the RUGGEDCOM device auth_token The authentication token which for ROS rsh is the user name guest operator or admin and corresponding password separated by a comma For example to run a command as user admin with password secret the token would be admin secret command string The ROS shell command to execute 32 Viewing DHCP Learned Information RUGGEDCOM ROS Chapter 1 User Guide Introduction The access level corresponding to the user name selected must support the given command Any output from the command will be returned to the workstation submitting the command Commands that start interactive dialogs such as trace cannot be used Section 1 7 9 Resetting the Device The CLI command reset lt CR gt can be used to reset the device Resetting the Device 33 RUGGEDCOM ROS Chapter 1 User Guide Introduction Resetting the Device 34 RUGGEDCOM ROS Chapter 2 User Guide Administration Y Administration The Administration menu covers the configuration of administrative parameters of both device and network local services availability security methods employed system identification and functionality related to the IP network IP Address Subnet Mask and Gateway Address static or dynamically obtainable e Management VLAN e Ma
278. nts CRC checking for messages received from the serial port e Remote source address learning specific for two different modes Section 3 1 9 TelnetComPort protocol features e RawSocket protocol with additional support for the serial break signal e Compliant with RFC2217 Section 3 2 Serial Protocols Operation Section 3 2 1 Serial Encapsulation Applications Section 3 2 1 1 Character Encapsulation Raw Socket Character encapsulation is used any time a stream of characters must be reliably transported across a network Character streams can be created by any type of device The baud rates supported at either server need not be the same If configured the server will obey XON XOFF flow control from the end devices Microlok protocol features 93 RUGGEDCOM ROS Chapter 3 Serial Protocols User Guide __ ETHERNET lt RuggedServer RuggedServer gt Figure 58 Character Encapsulation Section 3 2 1 2 RTU Polling The following applies to a variety of RTU protocols including Modbus ASCII and DNP NOTE i If a given device or service employs a serial protocol that is supported by ROS it is advised to configure ROS to use that particular protocol rather than another one e g RawSocket that can be made to be partly compatible Host equipment may connect directly to a server via a serial port may use a port redirection package or may connect natively to the Ethernet IP network
279. nu provides the links at the top level of the menu hierarchy and allows them to be expanded to display lower level links for each configuration subsystem access Log out Main Menu aia e Administration e Serial Protocols e Ethernet Ports e Ethernet Statistics e Link Aggregation e Spanning Tree e Virtual LANs e Port Security e Classes of Service e Multicast Filtering e MAC Address Tables e Diagnostics Figure 11 Main Menu via Web Server Interface Every web page in the menu system has a common header section which contains The System Name as configured in the System Identification menu is displayed in the top banner in between elements of the Siemens logo A Log out link at left and immediately below the banner terminates the current web session A Back link at left and below Log out links back to the previously viewed page The menu title in the center of the page and below the banner is a link to a context sensitive help page 40 Customizing the Login Page RUGGEDCOM ROS Chapter 2 User Guide Administration The access level e g access admin is displayed by default at the right of the page and below the banner If however any alarms are pending the text will be replaced with a link which displays the number of pending alarms Following this link displays a table of pending alarms Log out Port Parameters 3 Alarms Back Figure 12 Web Page Header Showin
280. o reset one or more ports check the boxes corresponding to the selected ports and select Apply Section 3 5 Troubleshooting Problem One Il configured a Serial IP connection to use the TCP transport using either an inbound or outbound connection but nothing seems to be happening What is going on Ensure that an Ethernet port link is up The peer may not be requesting accepting connections The Connection Statistics Table will display whether the connection is active or not The peer may not be sending data The Connection statistics Table will display the counts of transmitted and received data packets via the IP network Watch the connection activity For a detailed description of the TCP connection activity turn on tracing at the TRANSPORT level Problem Two My connections as shown in the Connection Statistics Table go up and then immediately go down again What is going on If two ports on the same or different servers are configured to call the same IP TCP port in the network only the first one to call will be successful All other ports will fail displaying the attempts as brief periods of connection in the Connection Statistics Table Problem Three My Modbus polling is not working am sure that a connection is occurring but my Master reports an error connecting to the device What is happening Are framing parity or overrun errors reported by either the client or server Is the Server Gateway set up for the c
281. o the ROS device as noted above Begin a TFTP transfer in binary mode to the device specifying a destination filename of main bin A TFTP client utility will provide an indication that the file was transferred properly but it is recommended to also query the device directly in order to verify successful transfer Establish a console session to the ROS device using RS232 telnet or SSH and enter the version command Upgrading Firmware Using XModem 291 Chapter 15 Firmware Upgrade and Configuration Management User Guide RUGGEDCOM ROS as described in Applying the Upgrade above If the transfer was successful the version of the firmware file that was transferred will appear as the Next firmware version i e that will appear after the next reset The transcript of a sample TFTP transfer looking at a DOS Windows CLI follows Ce eeego i 101 0 ue Co cules ROD CWa2 Menta we To Q loim mel n losin Transfer successful 1428480 bytes in 4 seconds 375617 bytes s Section 15 4 5 Upgrading Firmware Using the ROS TFTP Client This method requires that the binary image file of the main ROS application firmware along with a correctly configured TFTP server be available on a computer with a network connection to the ROS device to be upgraded Identify the IP address of the host providing the TFTP server capability Ensure that the firmware revision to be downloaded e g ROS CF52_Main_v3 7 0 bin is present there Establish a
282. o use the new VLAN NOTE i Establishing a management domain is often accompanied with the establishment of an IP subnet specifically for the managed devices Troubleshooting 225 RUGGEDCOM ROS Chapter 8 User Guide VLANs Troubleshooting 226 RUGGEDCOM ROS Chapter 9 User Guide Port Security y Port Security ROS Port Security provides you with the following features Authorizing network access using Static MAC Address Table Authorizing network access using IEEE 802 1X authentication e Configuring IEEE 802 1X authentication parameters Detecting port security violation attempt and performing appropriate actions Section 9 1 Port Security Operation Port Security or Port Access Control provides the ability to filter or accept traffic from specific MAC addresses Port Security works by inspecting the source MAC addresses of received frames and validating them against the list of MAC addresses authorized on the port Unauthorized frames will be filtered and optionally the port that receives the frame will be shut down permanently or for a period of time An alarm will be raised indicating the detected unauthorized MAC address Frames to unknown destination addresses will not be flooded through secure ports NOTE i Port security is applied at the edge of the network in order to restrict admission to specific devices Do not apply port security on core switch connections ROS supports several MAC add
283. oader does not require updating fbga xsvf the FPGA firmware binary image not normally updated fpga416 xsvf the firmware binary image for the secondary FPGA onboard the RS416 not normally updated config csv the complete configuration database in the form of a comma delimited ASCII text file banner txt contains text that appears on the login screen Section 15 2 File Transfer Mechanisms Several mechanisms are available to transfer these files to and from a ROS based device e XModem using the ROS CLI over a telnet or RS232 console session e TFTP client using the ROS CLI in a console session and a remote TFTP server TFTP server from a remote TFTP client e SFTP secure FTP over SSH from a remote SFTP client Section 15 3 Console Sessions Console sessions may be established depending on the settings in the IP Services menu by the following means e RS232 direct RS232 serial connection to the ROS device Files Of Interest 289 Chapter 15 RUGGEDCOM ROS Firmware Upgrade and Configuration Management User Guide e telnet remote terminal protocol via TCP IP unencrypted RSH Remote SHell the remote login shell protocol via TCP IP unencrypted e SSH Secure SHell the standard remote login shell protocol via TCP IP Both authentication and session are encrypted Section 15 4 Upgrading Firmware Upgrading ROS firmware may sometimes be necessary in order to take advantage of ne
284. od is keyboard interactive password authentication A user logged in via SSH has the same privileges as one logged in via the console port Section 2 2 2 Using a Secure Shell to Transfer Files ROS implements an SFTP server via SSH to transfer files securely The file system visible on the switch has a single directory The files in it are created at startup time and can be neither deleted nor renamed Existing files can be downloaded from the switch For example firmware images may be downloaded for backup and log files may be downloaded for analysis Some files may be overwritten by uploading a file of the same name to the switch as would be done in order to upgrade the firmware Parameter dir ls get put Parameter main bin boot bin config csv fpga xsvf fpga416 xsvf Description list directory contents download a file from the switch upload a file to the switch Description main ROS firmware image Switch bootloader image ROS configuration file FPGA configuration file FPGA configuration file 38 The ROS Secure Shell Server RUGGEDCOM ROS Chapter 2 User Guide Administration Section 2 3 The ROS Web Server Interface Section 2 3 1 Using a Web Browser to Access the Web Interface A web browser uses a secure communications method called HTTPS Hypertext Transfer Protocol Secure to encrypt traffic exchanged with its clients The web server guarantees that communications with the client are kept pr
285. of MSTP capable bridges MSTP is capable of interoperating with bridges that support only RSTP or legacy STP without requiring any special configuration An MST region may be defined as the set of interconnected bridges whose MST Region Identification is identical see Section 7 4 4 MST Region Identifier The interface between MSTP bridges and non MSTP bridges or between MSTP bridges with different MST Region Identification information becomes part of an MST Region boundary Bridges outside an MST region will see the entire region as though it were a single R STP bridge the internal detail of the MST region is hidden from the rest of the bridged network In support of this MSTP maintains separate hop counters for spanning tree information exchanged at the MST region boundary versus that propagated inside the region For information received at the MST region boundary the R STP Message Age is incremented only once Inside the region a separate Remaining Hop Count is maintained one for each spanning tree instance The external Message Age parameter is referred to the R STP Maximum Age Time whereas the internal Remaining Hop Counts are compared to an MST region wide Maximum Hops parameter MSTI An MSTI Multiple Spanning Tree Instance is one of sixteen independent spanning tree instances that may be defined in an MST region not including the IST see below An MSTI is created by mapping a set of VLANs in ROS via the VLAN c
286. of a standard bridge in the root role NOTE i To use RSTP Fast Root Failover all switches in the network must be RUGGEDCOM switches and must have the same Fast Root Failover algorithm enabled In networks mixing RUGGEDCOM and non RUGGEDCOM switches or in those mixing Fast Root Failover algorithms RSTP Fast Root Failover will not function properly and root bridge failure will result in an unpredictable failover time Fast Root Failover and RUGGEDCOM e Running RSTP with Fast Root Failover disabled has no impact on RSTP performance Fast Root Failover has no effect on RSTP performance in the case of failures that do not involve the root bridge or one of its links The extra processing introduced by Fast Root Failover significantly decreases the worst case failover time in mesh networks with a modest increase in the best case failover time The effect on failover time in ring connected networks however is only to increase it Recommendations On The Use Of Fast Root Failover e It is not recommended to enable Fast Root Failover in single ring network topologies e Itis strongly recommended to always connect the root bridge to each of its neighbor bridges using more than one link Section 7 2 MSTP Operation The Multiple Spanning Tree MST algorithm and protocol provide greater control and flexibility than RSTP and legacy STP MSTP Multiple Spanning Tree Protocol is an extension of RSTP whereby multiple spanning trees may be
287. ommended to enable GMRP only on edge ports and to disable it on trunk ports in order to allow more rapid propagation of attribute subscription especially after changes in network topology Section 11 3 4 Configuring Static Multicast Groups access Log out Static Multicast Groups pc Back InsertRecord MAC Address VID CoS Ports 01 00 5E 00 04 00 4 Normal 5 7 9 01 A0 F4 01 00 70 1 High 48 01 A0 F4 01 20 F5 1 Normal Figure 186 Static Multicast Groups Table i access Log out Static Multicast Groups admin a amp el MAC Address 00 00 00 00 00 00 VID i CoS Normal y Parts None Apply Delete Reload Figure 187 Static Multicast Group Form Parameter Description MAC Address Synopsis HH HH HH HH H where ranges 0 to FF Default 00 00 00 00 00 00 A multicast group MAC address VID Synopsis 1 to 4094 Configuring Static Multicast Groups 255 Chapter 11 RUGGEDCOM ROS Multicast Filtering User Guide Parameter Description Default 1 The VLAN Identifier of the VLAN on which the multicast group operates CoS Synopsis Normal Medium High Crit Default Normal Specifies what Class Of Service is assigned to the multicast group frames Ports Synopsis Any combination of numbers valid for this parameter Default None The ports to which the multicast group traffic is forwarded Section 11 3 5 Viewing IP Multicast Groups access Log ou
288. ommunicate with For an incoming TCP connection server the local interface IP address on which to listen for connection requests An empty string implies the default the IP address of the management interface When both outgoing and incoming connections are enabled client or server this is the remote IP address to which to place an outgoing TCP connection request or from which to accept an incoming request Link Stats Synopsis Disabled Enabled Default Enabled Enables link statistics collection for this protocol Section 3 3 12 TelnetComPort Log out Telnet Com Port 1 Alarms 4 off 10 ms Maximum None In 50001 50000 Enabled Back Figure 85 TelnetComPort Table TelnetComPort 121 Chapter 3 RUGGEDCOM ROS Serial Protocols User Guide Log out Telnet Com Port 1 Alarms Back Figure 86 TelnetComPort Form Parameter Port Pack Char Pack Timer Pack Size Flow Control Call Dir Loc Port Port 1 Pack Char Off Pack Timer 10ms Pack Size Maximum Flow Control None XON XOFF Call Dir In Loc Port 50001 Rem Port 50000 IP Address Link Stats Disabled Enabled a Apply Reload Description Synopsis 1 to maximum port number Default 1 The serial port number as seen on the front plate silkscreen of the RS416 Synopsis 0 to 255 or Off Default Off The character that will be used to force the forwarding of buffered data to the network If a packe
289. on 2 13 1 RADIUS overview RADIUS described in RFC 2865 http tools ietf org html rfc2865 is a UDP based protocol used for carrying authentication authorization and configuration information between a Network Access Server which desires to authenticate its links and a shared Authentication Server RADIUS is also widely used in conjunction with 802 1x for port security using EAP the Extensible Authentication Protocol described in RFC 3748 http tools ietf org html rfc3748 For Port Security configuration details see Chapter 9 Port Security A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers 78 RADIUS RUGGEDCOM ROS Chapter 2 User Guide Administration Unlike TACACS authorization and authentication functionality is supported by RADIUS in the same packet frame TACACS actually separates authentication from authorization into separate packets On receiving an authentication authorization request from a client in an Access Request packet the RADIUS server checks the conditions configured for received username password combination in the user database If all the conditions are met the list of configuration values for the user is placed into an Access Accept packet These values include the type of service e g SLIP PPP Login User and all the necessary values to deliver the desired service Section 2 13 2 User Login Authentication and Authorizatio
290. on the front plate silkscreen on the switch Synopsis TCP UDP Default TCP The network transport used to transport protocol data over the IP network Synopsis In Out Both Default In The Call direction for TCP Tranport In accepts an incoming connection Out places an outgoing connection Both places an outgoing connection and waits for as incomming connection both directions Synopsis 1 to 64 Default 1 The maximum number of allowed incoming TCP connections Synopsis 1 to 65535 Default 21001 The local IP port to use when listening for an incoming connection or UDP data Synopsis 1 to 65535 Default 21000 The remote TCP port to use when placing an outgoing connection Synopsis HHHHHHHHHHH where HHH ranges from 0 to 255 lt empty string gt Default lt empty string gt Defines the IP address based on the following For outgoing TCP connection client this is the remote IP address to communicate with DNP over Raw Socket 119 Chapter 3 Serial Protocols RUGGEDCOM ROS User Guide Parameter Link Stats Section 3 3 11 Mirrored Bits Log out Back Figure 83 Mirrored Bits Table Log out les gt io Figure 84 Mirrored Bits Form Description For incoming TCP connection server this is the local interface IP address to listen to for the local port for connection request If an empty string is configured the IP address of the manag
291. ond with a type 10 No Path in step 3a which the client will forward in step 3b Step 4 represents the possibility of a queuing delay The Server Gateway may have to queue the request while it awaits the response to a previous request The worst case occurs when a number of requests are queued for an RTU that has gone off line especially when the server is programmed to retry the request upon failure Steps 5 8 represent the case where the request is responded to by the RTU and is forwarded successfully to the master It includes the think time for the RTU to process the request and build the response Step 9a represents the possibility that the RTU is off line the RTU receives the request in error or that the Server Gateway receives the RTU response in error The Server Gateway will issue an exception to the originator If sending exceptions has not been enabled the Server Gateway will not send any response TCPModbus Performance Determinants 99 Chapter 3 RUGGEDCOM ROS Serial Protocols User Guide Section 3 2 2 2 A Worked Example A network is constructed with two masters and 48 RTUs on four Server Gateways Each of the masters is connected to a Client Gateway with a 115 2 Kbps line The RTUs are restricted to 9600 bps lines The network is Ethernet based and introduces an on average 3 ms of latency Analysis of traces of the remote sites has determined that the min max RTU think times were found to be 10 100 ms What ti
292. one yl R5232 y On Off ZE CE None y ms PostTx Delay fi 5 bits a Apply Reload access admin Parameter Description Port Synopsis 1 to maximum port number Default 1 The port number as seen on the front plate silkscreen of the switch Name Synopsis Any 15 characters Default Port 1 A descriptive name that may be used to identify the device connected on that port 106 Serial Ports RUGGEDCOM ROS User Guide Chapter 3 Serial Protocols Parameter Protocol Type ForceHD Baud Data Bits Stop Parity Turnaround PostTX Delay Hold Time DSCP RXtoTX Delay Description Synopsis None RawSocket ModbusServer ModbusClient DNP DNPRS WIN TIN MicroLok MirroredBits PreemptRawSocket TelnetComPort Default None The serial protocol supported on this serial port Synopsis RS232 RS485 RS422 Default RS232 The serial port interface type Synopsis On Off Default Off Enables forcing half duplex mode of operation While sending data out of the serial port all received data are ignored This mode of operation is available only on ports that operate in full duplex mode Synopsis 100 to 230400 Default 9600 The baud rate at which to operate the port Synopsis 7 8 Default 8 The number of data bits to operate the port with Synopsis 1 1 5 2 Default 1 The number of stop bits to operate the port with Sy
293. onfiguration to a given MSTI ID The same mapping must be configured on all bridges that are intended to be part of the MSTI Moreover all VLAN to MSTI mappings must be identical for all bridges in an MST region NOTE ROS supports 16 MSTIs in addition to the IST Each MSTI has a topology that is independent of every other Data traffic originating from the same source and bound to the same destination but on different VLANs on different MSTIs may therefore travel a different path across the network IST An MST region always defines an IST Internal Spanning Tree The IST spans the entire MST region and carries all data traffic that is not specifically allocated by VLAN to a specific MSTI The IST is always computed and is defined to be MSTI zero The IST is also the extension inside the MST region of the CIST see below which spans the entire bridged network inside and outside of the MST region and all other RSTP and STP bridges as well as any other MST regions CST The CST Common Spanning Tree spans the entire bridged network including MST regions and any connected STP or RSTP bridges An MST region is seen by the CST as an individual bridge with a single cost associated with its traversal CIST The CIST Common and Internal Spanning Tree is the union of the CST and the ISTs in all MST regions The CIST therefore spans the entire bridged network reaching into each MST region via the latter s IST to reach every bridge on t
294. op So the following procedure is strongly recommended to configure a port trunk a Disconnect or disable all the ports involved in the configuration i e either being added to or removed from the port trunk b Configure the port trunk on both switches c Double check the port trunk configuration on both switches d Reconnect or re enable the ports If the port trunk is being configured while the ports are not disconnected or disabled the port will be disabled for a few seconds automatically NOTE li The IEEE 802 3ad Link Aggregation standard requires all physical links in the port trunk to run at the same speed and in full duplex mode If this requirement is violated the performance of the port trunk will drop The switch will raise an appropriate alarm if such a speed duplex mismatch is detected NOTE i STP dynamically calculates the path cost of the port trunk based on its aggregated bandwidth However if the aggregated ports are running at different speeds the path cost may not be calculated correctly NOTE i Enabling STP is the best way for handling link redundancy in switch to switch connections composed of more than one physical link If STP is enabled and increased bandwidth is not required Link Aggregation should not be used because it may lead to a longer fail over time Section 6 2 Link Aggregation Configuration The Link Aggregation menu is accessible from the main menu 174 Link Aggregation Confi
295. or list of all filenames Section 1 7 Using the CLI Shell ROS Command Line Interface CLI support enables Execution of commands from a CLI shell e Remote execution of commands using RSH or SSH e Switching between the CLI shell and the menu system NOTE Different commands may be available to users at different login session security levels guest operator or administrator Using the CLI Shell 25 Chapter 1 RUGGEDCOM ROS Introduction User Guide The ROS CLI shell may be accessed from a terminal session to the device A terminal session may be established in one of three ways Direct cable via RS 232 Remote via RSH Remote via SSH When a terminal session is first established to the ROS device the user interface presented will be the full screen menu interface Please refer to Section 2 1 The ROS User Interface for more detail on the menu interface The Command Line Interface CLI shell may be accessed from any menu by pressing lt Ctrl S gt Any menu operation in progress such as changing a configuration parameter will be terminated You may return to the menu system by pressing lt Ctrl S gt again or by entering exit lt CR gt at the shell prompt This section describes a selection of the most useful commands in detail For a complete list of available commands please refer to Section 1 6 Command Line Listing Section 1 7 1 Summary Of CLI Commands Available in ROS Type h
296. orrect baud parity and stop bits Is the RTU online 130 Resetting Serial Ports RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols Is an adequate response timer configured at the server Is the master s timeout long enough Is the master pausing in the middle of transmitting the request Some versions of the Windows OS have been observed to display this behavior as the load is increased Could the IP network be splitting the Modbus message into two TCP segments Ultimately it may be necessary to view the contents of messages transmitted over TCP by activating tracing at the IP level or by viewing messages at the serial port level See the section on tracing at the SERIAL level Start by tracing at the client side ensuring that it is receiving and forwarding the request over IP Then if need be trace at the server side to ensure that it is receiving the request and forwarding to the RTU Verify that the RTU is responding properly Problem Four How do get figures like those presented earlier in the chapter for my own analysis Activating tracing at the IP level and serial port level The trace package displays timestamps packet sizes message directions and timeout event occurrences Troubleshooting 131 RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols Troubleshooting 132 RUGGEDCOM ROS Chapter 4 User Guide Ethernet Ports A Ethernet Ports ROS Ethernet port control provides the following fea
297. ort connected to an STP bridge will send only STP BPDUs One connected to an RSTP bridge need not refrain from sending MSTP BPDUs This is made possible by the fact that the MSTP carries the CIST Regional Root Identifier in the field that RSTP parses as the Designated Bridge Identifier Section 7 2 3 Benefits of MSTP Despite the fact that MSTP is configured by default to arrive automatically at a spanning tree solution for each configured MSTI advantages may be gained from influencing the topology of MSTIs in an MST region The fact that the Bridge Priority and each port cost are configurable per MSTI see sections Section 7 4 5 Bridge MSTI Parameters and Section 7 4 6 Port MSTI Parameters makes it possible to control the topology of each MSTI within a region Load Balancing MST can be used to balance data traffic load among sets of VLANs enabling more complete utilization of a multiply interconnected bridged network A bridged network controlled by a single spanning tree will block redundant links by design in order to avoid harmful loops Using MSTP however any given link may have a different blocking state for each spanning tree instance MSTI as maintained by MSTP Any given link therefore might be in blocking state for some VLANS and in forwarding state for other VLANs depending on the mapping of VLANs to MSTIs It is possible to control the spanning tree solution for each MSTI especially the set of active links fo
298. ount includes invalid addresses and addresses of unsupported Classes For entities which are not IP routers and therefore do not forward datagrams this List of Objects Eligible for RMON Alarms 167 Chapter 5 Ethernet Statistics RUGGEDCOM ROS User Guide ipInDelivers ipInDiscards ipInHdrErrors ipInReceives ipInUnknownProtos ipOutDiscards ipOutNoRoutes ipOutRequests ipRasmReqds ipReasmFails lldpStatsRemTablesAgeouts lldpStatsRemTablesDeletes lldpStatsRemTablesDrops lldpStatsRemTablesinserts lldpStatsRxPortAgeouts Total IldpStatsRxPortFramesDiscardedTotal lldpStatsRxPortFramesErrors counter includes datagrams discarded because the destination address was not a local address The total number of input datagrams successfully delivered to IP user protocols including ICMP The number of input IP datagrams for which no problems were encountered to prevent their continued processing but which were discarded e g for lack of buffer space Note that this counter does not include any datagrams discarded while awaiting reassembly The number of input datagrams discarded due to errors in their IP headers including bad checksums version number mismatch other format errors time to live exceeded errors discovered in processing their IP options etc The total number of input datagrams received from interfaces including those received in error The number of locally addressed datagrams r
299. oup if security model is SNMPv1 or SNMPv2c If this string is left empty it will be assumed to be equal to the same as user name Auth Protocol Synopsis noAuth HMACMD5 Default noAuth An indication of whether messages sent on behalf of this user to from SNMP engine can be authenticated and if so the type of authentication protocol which is used Priv Protocol Synopsis noPriv CBC DES Default noPriv An indication of whether messages sent on behalf of this user to from SNMP engine can be protected from disclosure and if so the type of privacy protocol which is used Auth Key Synopsis 31 character ASCII string Default The secret authentication key password that must be shared with SNMP client if the key is not an emtpy string it must be at least 6 characters long Confirm Auth Key Synopsis 31 character ASCII string Default SNMP Users 75 Chapter 2 RUGGEDCOM ROS Administration User Guide Parameter Description The secret authentication key password that must be shared with SNMP client if the key is not an emtpy string it must be at least 6 characters long Priv Key Synopsis 31 character ASCII string Default The secret encryption key password that must be shared with SNMP client If the key is not an emtpy string it must be at least 6 characters long Confirm Priv Key Synopsis 31 character ASCII string Default The secret encription key password that must be shared with SNMP client if th
300. ovides mostly read only status information but there are also a few writable registers for operator commands The ModBus protocol PDU Protocol Data Unit format is as follows Function Code Data RUGGEDCOM devices support the following ModBus function codes for device management through ModBus 1 Read Input Registers or Read Holding Registers 0x04 or 0x03 for which the Modbus PDU looks like Request Function code Starting Address Number of Input Registers Response Function code Byte Count 1 Byte 2 Bytes 2 Bytes 1 Byte 1 Byte 0x04 0x03 0x0000 to OxFFFF 0x0001 to 0x007D 0x04 0x03 2x N ModBus Management Support and Memory Map 13 Chapter 1 RUGGEDCOM ROS Introduction User Guide Input Registers N X2 Bytes N the number of Input Registers 2 Write Multiple Registers 0x10 Request Function code 1 Byte 0x10 Starting Address 2 Bytes 0x0000 to OxFFFF Number of Registers 2 Bytes 0x0001 to 0x0079 Byte Count 1 Byte 2x N Registers Value N x 2 Bytes Value of the register N the number of Input Registers Response Function code 1 Byte 0x10 Starting Address 2 Bytes 0x0000 to OxFFFF Number of Registers 2 Bytes 1 to 121 0x79 Note that as RUGGEDCOM devices have a variable number of ports not all registers and bits apply to all products Registers that are not applicable to a particular product return a zero value For example registers referring to serial ports are not app
301. ped local and packets which are not forwarded to the switching core for transmission It should reflect all packets received on the line Synopsis 0 to 18446744073709551615 The number of Broadcast packets received Synopsis 0 to 18446744073709551615 The number of Multicast packets received Synopsis 0 to 4294967295 The number of packets received which meet all the following conditions 1 Packet data length is between 64 and 1536 octets inclusive 2 Packet has invalid CRC 3 Collision Event has not been detected 4 Late Collision Event has not been detected Synopsis 0 to 4294967295 The number of packets received with data length greater than 1536 octets and valid CRC Synopsis 0 to 4294967295 The number of packets received which meet all the following conditions 1 Packet data length is less than 64 octets 2 Collision Event has not been detected 3 Late Collision Event has not been detected 4 Packet has invalid CRC Synopsis 0 to 4294967295 The number of packets which meet all the following conditions 1 Packet data length is greater that 1536 octets 2 Packet has invalid CRC Synopsis 0 to 4294967295 The number of received packets for which Collision Event has been detected Synopsis 0 to 4294967295 The number of received packets for which Late Collision Event has been detected Synopsis 0 to 4294967295 Viewing Ethernet Port Statistics 153 Chapter 5 Ethernet Statistics RUGGEDC
302. plate silkscreen of the switch Admin Status Synopsis rxTx txOnly rxOnly Disabled Default rxTx rxTx the local LLDP agent can both transmit and receive LLDP frames through the port 270 Port LLDP Parameters RUGGEDCOM ROS Chapter 13 User Guide Network Discovery Parameter Description e txOnly the local LLDP agent can only transmit LLDP frames rxOnly the local LLDP agent can only receive LLDP frames disabled the local LLDP agent can neither transmit nor receive LLDP frames Notifications Synopsis Disabled Enabled Section 13 3 1 3 Default Disabled Enabling notifications will allow the LLDP agent to send notifications and generate alarms for the port LLDP Global Remote Statistics access LLDP Global Remote Statistics din Inserts 9 Deletes 6 Drops 0 Ageouts 1 Reload Figure 202 LLDP Global Remote Statistics Form Parameter Inserts Deletes Drops Ageouts Description Synopsis 0 to 4294967295 The number of times an entry was inserted into the LLDP Neighbor Information Table Synopsis 0 to 4294967295 The number of times an entry was deleted from the LLDP Neighbor Information Table Synopsis 0 to 4294967295 The number of times an entry was deleted from the LLDP Neighbor Information Table because the information timeliness interval has expired Synopsis 0 to 4294967295 The number of all TLVs discarded LLDP Global Remote Statistics 271 Chapter 13
303. ply Reload Figure 21 Passwords Form Passwords 49 Chapter 2 Administration RUGGEDCOM ROS User Guide Parameter Auth Type Guest Username Guest Password Confirm Guest Password Operator Username Operator Password Confirm Operator Password Admin Username Admin Password Confirm Admin Password Description Synopsis Local RADIUS TACACS RADIUSorLocal TACACS orLocal Default Local Password authentication can be performed using locally configured values a remote RADIUS server or a remote TACACS server Setting this value to one of the combinations that includes RADIUS or TACACS requires that the Security Server Table be configured Local authentication from the local Password Table RADIUS authentication using a RADIUS server TACACS authentication using a TACACS server RADIUSOrLocal authentication using RADIUS If the server cannot be reached authenticate from the local Password Table TACACS OrLocal authentication using TACACS If the server cannot be reached authenticate from the local Password Table Synopsis 15 character ASCII string Default guest Related password is in the Guest Password field view only cannot change settings or run any commands Leave this parameter empty to disable this account Synopsis 15 character ASCII string Default guest Related user name is in the Guest Username field view only cannot change settings or run any com
304. pment connects via a serial port to a server Up to 64 remote servers may connect to the host server via the network RuggedServer ETHERNET lt RuggedServer RuggedServer Host Polling RTUs 1 3 RuggedServer Figure 60 Broadcast RTU Polling Initially the remote servers establish connections with the host server The host server is configured to accept a maximum of three incoming connections The host sequentially polls each RTU Each poll received by the host server is forwarded i e broadcast to all of the remote servers All RTUs receive the request and the appropriate RTU issues a reply The reply is returned to the host server where it is forwarded to the host Broadcast RTU Polling 95 Chapter 3 RUGGEDCOM ROS Serial Protocols User Guide Section 3 2 1 4 Preemptive Raw Socket RuggedServer RTU 3 ETHERNET RuggedServer lt RuggedServer Polling RTUs 1 4 RuggedServer Dynamic Master Permanent Master Figure 61 Permanent and Dynamic Master Connection Support Most SCADA protocols are master slave and support only a single master device Preemptive Raw Socket offers the ability to have multiple masters communicate to RTUs IEDs in a protocol independent manner For example the SCADA master polling device is the normal background process collecting data from the RTUs IEDs on permanent TCP connection Occasionally RTU IED maintenance configuration or control m
305. pressure whereby the switch simulates collisions causing the sending device to retry transmissions according to the Ethernet back off algorithm When the port is in full duplex mode this is accomplished using PAUSE frames which cause the sending device to stop transmitting for a certain period of time LFI Synopsis Off On Default Off Enabling Link Fault Indication LFI inhibits transmission of the link integrity signal when the receiving link has failed This enables the device at far end to detect link failure under all circumstances NOTE This feature must not be enabled at both ends of a link Alarm Synopsis On Off Default On Port Parameters 137 Chapter 4 RUGGEDCOM ROS Ethernet Ports User Guide Parameter Description Disabling link state alarms will prevent alarms and LinkUp and LinkDown SNMP traps from being sent for that port NOTE i If one end of the link is fixed to a specific speed and duplex type and the peer auto negotiates there is a strong possibility that the link will either fail to raise or raise with the wrong settings on the auto negotiating side The auto negotiating peer will fall back to half duplex operation even when the fixed side is full duplex Full duplex operation requires that both ends are configured as such or else severe frame loss will occur during heavy network traffic At lower traffic volumes the link may display few if any errors As the traffic volume rises the fixed negoti
306. r 2 network It allows Ethernet switches and end stations to register and unregister membership in multicast groups with other switches on a LAN and for that information to be disseminated to all switches in the LAN that support Extended Filtering Services GMRP is an industry standard protocol first defined in IEEE 802 1D 1998 and extended in IEEE 802 1Q 2005 GARP was defined in IEEE 802 1D 1998 and updated in 802 1D 2004 Note that GMRP provides similar functionality at Layer 2 to that which IGMP described in the preceding sections provides at Layer 3 Section 11 2 1 Joining a Multicast Group In order to join a multicast group an end station transmits a GMRP join message The switch that receives the join message adds the port through which the message was received to the multicast group specified in the message It then propagates the join message to all other hosts in the VLAN one of which is expected to be the multicast source When a switch transmits GMRP updates from GMRP enabled ports all of the multicast groups known to the switch whether configured manually or learned dynamically through GMRP are advertised to the rest of network As long as one host on the Layer 2 network has registered for a given multicast group traffic from the corresponding multicast source will be carried on the network Traffic multicast by the source is only forwarded by each switch in the network to those ports from which it has rec
307. r 3 RUGGEDCOM ROS Serial Protocols User Guide Address Learning for TIN Mode 1 When a message with an unknown source address is received from the IP network it is learned on the IP address and IP port If a message with the same source address is received from another IP address and or IP port the address will be relearned The aging time will be reset whenever a unicast TIN message is received from a particular source address The address will be removed from the table when the aging time expires Address Learning for TIN Mode 2 When a message with an unknown source address is received from the IP network it is learned on the IP address If a message with the same source address is received from another IP address and or IP port it will be learned again and another entry will be created in the Dynamic Device Address Table TIN addresses will be duplicated Aging time will be reset whenever a unicast TIN message is received from a particular source address The address will be removed from the table when the aging time expires Section 3 2 3 3 Address Learning for DNP For the DNP protocol both the local and remote concepts of address learning are implemented Source addresses are learned from messages received from the network for specific IP Addresses Source addresses from messages received from the serial ports are learned for specific local serial ports Although the DNP protocol can be configured for TCP or UDP transpor
308. r as it starts the trace Enabling Trace 31 RUGGEDCOM ROS Chapter 1 Introduction User Guide SNCS stp cran STP Logging is disabled gt trace stp decodes STP Logging decodes gt trade SED port Y STP Logging decodes on port s 7 gt trace link changes LINK changes gt trace Log has been cleared 009 445 IGMP TX General Query VLAN le epen DO 000 OW OR OOO to ports ALL VLAN PORTS 010 543 LINK Link 7 has risen ODO oss Ae aoee T RSI SADUS Meade Sere L ken O rie O olke De eoa e O root 32768 0adc001000 cst 38 brdg 32768 0adc005000 prt 128 7 age 2 00 maxage 20 hello 2 fwddelay 15 VllLength 0 DOO Sess hPa sore T RSI SADS Cao O age a ar ES O olse D airos L TE O root 32768 0adc004000 cst 0 brdg 32768 0adc004000 prt 128 14 age 0 00 maxage 20 hello 2 fwddelay 15 ViLength 0 Figure 8 Starting Trace NOTE The trace package includes the forward subsystem a remote reporting facility intended to be used only under the direction of Siemens service personnel Section 1 7 7 Viewing DHCP Learned Information Section 1 7 8 Executing Commands Remotely Through RSH The CLI command ipconfigeCR gt will provide the current IP address subnet mask and default gateway This command provides the only way of determining these values when DHCP is used The Remote Shell RSH facility can be used from a workstation to cause the product to act upon commands as if they were entered at the CLI prompt The sy
309. r each tree by manipulating per MSTI the bridge priority and the port costs of links in the network If traffic is allocated judiciously to multiple VLANs redundant interconnections in a bridged network which using a single spanning tree would have gone unused can now be made to carry traffic Isolation of Spanning Tree Reconfiguration A link failure in an MST region that does not affect the roles of Boundary ports will not cause the CST to be reconfigured nor will the change affect other MST regions This is due to the fact that MSTP information does not propagate past a region boundary MSTP versus PVST An advantage of MSTP over the Cisco Systems Inc proprietary PVST protocol is the ability to map multiple VLANs onto a single MSTI Since each spanning tree requires processing and memory the expense of keeping track of an increasing number of VLANs increases much more rapidly for PVST than for MSTP Compatibility with STP and RSTP No special configuration is required for the bridges of an MST region to connect fully and simply to non MST bridges on the same bridged network Careful planning and configuration is however recommended in order to arrive at an optimal network Benefits of MSTP 185 Chapter 7 RUGGEDCOM ROS Spanning Tree User Guide Section 7 2 4 Implementing MSTP on a Bridged Network It is recommended that the configuration of MSTP on a network proceed in the sequence outlined below Naturally it is also re
310. r of all LLDPDUs received FrmOut Synopsis 0 to 4294967295 The number of all LLDPDUs transmitted Ageouts Synopsis 0 to 4294967295 The number of times that a neighbor s information has been deleted from the LLDP remote system MIB because the txinfoTTL timer has expired TLVsDrop Synopsis 0 to 4294967295 The number of all TLVs discarded TLVsUnknown Synopsis 0 to 4294967295 The number of all TLVs received on the port that are not recognized by the LLDP local agent LLDP Statistics 273 Chapter 13 Network Discovery RUGGEDCOM ROS User Guide Section 13 3 2 RCDP Configuration Figure 205 RCDP Parameters Form Parameter RCDP Discovery access RCDP Parameters Eire RCDP Discovery Disabled Enabled Apply Reload Description Synopsis Disabled Enabled Default Enabled Disables Enables Device Discovery through Siemens Proprietary RCDP 274 RCDP Configuration RUGGEDCOM ROS Chapter 14 User Guide Diagnostics 14 Diagnostics ROS provides the following diagnostics features Alarm System to view and clear alarms e Viewing and clearing the system log e Viewing CPU diagnostics e Viewing the product information e Loading the factory default configuration e Resetting the device e Transferring Files The Diagnostics menu is accessible from the main menu Log out Main Menu 2 Alarms Administration Ethernet Ports Ethernet Stats Spanning Tree Virtual LANs Port Security C
311. r of packets received from the local address that were forwarded to the local serial port Synopsis 0 to 4294967295 The number of erroneous packets received from the remote address This table presents statistics for all active TCP connections on serial protocols The statistics are updated once every second Connection Statistics 127 Chapter 3 Serial Protocols RUGGEDCOM ROS User Guide Log out Connection Statistics INIR Back 20000 689663 Figure 93 Connection Statistics Table Parameter Description Remote IP Synopsis H HHH HHH HHH where ranges from 0 to 255 The remote IP address of the connection Remote Port Synopsis 0 to 65535 The remote port number of the connection Local Port Synopsis 0 to 65535 The local port number of the connection Rx Packets Synopsis 0 to 4294967295 The number of received packets on the connection Tx Packets Synopsis 0 to 4294967295 The number of packets transmitted on the connection Section 3 4 3 Serial Port Statistics Log out Serial Port Statistics access admin Back 1 DNP 0 314832 11244 0 0 0 0 0 DNP 0 40908 1461 0 0 0 0 0 3 DNP 0 0 0 0 0 0 0 0 4 DNP 0 0 0 0 0 0 0 0 Figure 94 Serial Port Statistics Table Parameter Port Description Synopsis 1 to maximum port number 128 Serial Port Statistics RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols Parameter Description The port number
312. r of packets transmitted that were directed to the broadcast address The total number of packets transmitted that were directed to multicast address The total number of transmitted packets which were addressed to a multicast or broadcast address The total number of bytes transmitted out of the interface The total number of transmitted packets which were not addressed to a multicast or broadcast address This object is a 64 bit version of ifOutUcastPkts The total number of transmitted packets which were not addressed to a multicast or broadcast address The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route to forward them to that final destination In entities which do not act as IP routers this counter will include only those packets which were Source Routed via this entity and the Source route option processing was successful The number of IP datagram fragments that have been generated as a result of fragmentation at this entity The number of IP datagrams that have been discarded because they needed to be fragmented at this entity but could not be e g because their Don t Fragment flag was set The number of IP datagrams that have been successfully fragmented at this entity The number of input datagrams discarded because the IP address in their header s destination field was not a valid address to be received at this entity This c
313. raffic for Multicast Group 1 Port E2 on Switch E therefore is statically configured to forward traffic for Multicast Group 1 e Switch E advertises membership in Multicast Group 1 to the network through Port E1 making Port B4 on Switch B a member of Multicast Group 1 Switch B propagates the join message causing Port D1 on Switch D to become a member of Multicast Group 1 Note that ports A1 and C1 also become members GMRP Example 249 Chapter 11 RUGGEDCOM ROS Multicast Filtering User Guide Host H2 is GMRP aware and sends a join request for Multicast Group 2 to Port C2 which thereby becomes a member of Group 2 e Switch C propagates the join message causing Port B2 on Switch B and Port A1 on Switch A to become members of Multicast Group 2 Note that ports D1 and E1 also become members Multicast Traffic on the Network Once GMRP based registration has propagated through the network as described above multicasts from S1 and S2 can reach their destinations as described in the following e Source S1 transmits multicast traffic to Port D2 which is forwarded via Port D1 which has previously become a member of Multicast Group 1 e Switch B forwards the Group 1 multicast via Port B4 towards Switch E Switch E forwards the Group 1 multicast via Port E2 which has been statically configured for membership in Multicast Group 1 Host H1 connected to Port E2 thus receives the Group 1 multicast Sour
314. ransport for RawSocket requires configuration of connection request direction remote IP address and IP port for listening or requesting outgoing TCP connections Only one outgoing connection can be requested but up to 64 connections can be accepted if the port is configured to listen to incoming connection requests For ports configured to request connections and to listen to incoming connection requests only one connection can become active RS416 will attempt to connect periodically if the first attempt fails and after a connection is broken RS416 can be used to connect to any device supporting TCP e g a host computer s TCP stack or a serial application on a host using port redirection software If Raw Socket ports are configured to use UDP for transport up to 64 remote hosts can communicate with devices connected to local serial ports Data in UDP packets from remote hosts configured to communicate with a particular serial port will be forwarded to that port as long as the serial port is configured to listen on the UDP port to which the remote hosts are transmitting Data received from the serial port will be forwarded to all remote hosts configured to communicate with that serial port The Raw Socket mechanism transparently passes data It does not attempt to determine where to demarcate packets in the data received from connected devices Given this transparency any protocol can be encapsulated within Raw Socket Transport for Proto
315. reshold are possible Each RMON alarm may be configured such that its first instance occurs only for rising falling or all threshold excessions The ability to configure upper and lower thresholds on the value of a measured statistic provides for the ability to add hysteresis to the alarm generation process If the value of the measured statistic over time is compared to a single threshold alarms will be generated each time the statistic crosses the threshold If the statistic s value fluctuates around the threshold an alarm can be generated every measurement period Programming different upper and lower thresholds eliminates spurious alarms The statistic value must travel between the thresholds before alarms can be generated The following figure illustrates the very different patterns of alarm generation resulting from a statistic sample and the same sample with hysteresis applied Statistic Value e Upper Lower srberederebereberedoredecedes Threshold Upper Threshoki g e SER AAN SE S fees Faling Falling Rising Rising Falimg Rising Figure 117 The Alarm Process There are two methods to evaluate a statistic in order to determine when to generate an event these are the delta and absolute methods For most statistics such as line errors it is appropriate to alarm when a rate is exceeded The alarm record defaults to the delta measurement method which examines chan
316. ress authorization methods Section 9 1 1 Static MAC Address Based Authorization e With this method the switch validates the source MAC addresses of received frames against the contents in the Static MAC Address Table e ROS also supports a highly flexible Port Security configuration which provides a convenient means for network administrators to use the feature in various network scenarios A Static MAC address can be configured without a port number being explicitly specified In this case the configured MAC address will be automatically authorized on the port where it is detected This allows devices to be connected to any secure port on the switch without requiring any reconfiguration The switch can also be programmed to learn and thus authorize a preconfigured number of the first source MAC addresses encountered on a secure port This enables the capture of the appropriate secure addresses when first configuring MAC address based authorization on a port Those MAC addresses are automatically inserted into the Static MAC Address Table and remain there until explicitly removed by the user Port Security Operation 227 Chapter 9 RUGGEDCOM ROS Port Security User Guide Section 9 1 2 IEEE 802 1X Authentication The IEEE 802 1X standard defines a mechanism for port based network access control and provides a means of authenticating and authorizing devices attached to LAN ports Although 802 1X is mostly used in wireless ne
317. rget port Synopsis Any combination of numbers valid for this parameter Default None Ethernet ports whose egress traffic is to be mirrored to the target port Synopsis Any combination of numbers valid for this parameter Default None 140 Port Mirroring Limitations RUGGEDCOM ROS Chapter 4 User Guide Ethernet Ports Parameter Description Ethernet ports whose ingress traffic is to be mirrored to the target port Target Port Synopsis 1 to maximum port number Default 1 The port to which selected traffic is mirrored A monitoring device should be connected to the target port Section 4 2 4 Cable Diagnostics ROS is able to perform cable diagnostics per Ethernet port and to view the results WARNING AN When cable diagnostics are performed on a port any established network link on the port will be dropped and normal network traffic will not be able to pass through either the Port Under Test or the Partner Port Please be aware of the potential network interruption that could be triggered by running cable diagnostics After the cable diagnostics finish the original network port settings for both the Port Under Test and the Partner Port are restored along with any established link Log out Cable Diagnostics Parameters access admin Back Figure 104 Cable Diagnostics Table Cable Diagnostics 141 Chapter 4 Ethernet Ports RUGGEDCOM ROS User Guide e
318. rial Uint32 Out Packets 06C6 2 Port 4 Statistics Serial Uint32 Out Packets Modbus Memory Map 19 Chapter 1 RUGGEDCOM ROS Introduction User Guide Section 1 5 1 1 Text This format provides a simple ASCII representation of the information related to the product ASCII characters most significant byte of register comes first For example consider a Read Multiple Registers request to read Product Identification from location 0x0000 0x04 0x00 0x00 0x00 0x08 The response may look like 0x04 0x10 0x53 0x59 0x53 0x54 0x45 0x4D 0x20 0x4E 0x41 0x4D 0x45 0x00 0x00 0x00 0x00 0x00 In this example starting from byte 3 until the end the response presents an ASCII representation of the characters for the product identification which reads as SYSTEM NAME The length of this field is smaller than eight registers so the rest of the field is filled with zeros Section 1 5 1 2 Cmd This format instructs the device to set the output to either true or false The most significant byte comes first FF 00 hex requests output to be True e 00 00 hex requests output to be False Any value other than the suggested values does not affect the requested operation For example consider a Write Multiple Registers request to clear alarms in the device 0x10 0x00 0x80 0x00 0x01 2 OxFF 0x00 FF 00 for register 00 80 clears the system alarms e 00 00 does not clear any alarms The response may look like 0x10
319. ridge level parameters 190 Bridge RSTP Parameters RUGGEDCOM ROS User Guide Chapter 7 Spanning Tree State Version Support Bridge Priority Hello Time Max Age Time Transmit Count Forward Delay Max Hops Bridge RSTP Parameters Disabled O Enabled STP Y 20s E access admin Figure 135 Bridge RSTP Parameter Form Parameter State Version Support Bridge Priority Hello Time Max Age Time Description Synopsis Disabled Enabled Default Enabled Enable STP RSTP MSTP for the bridge globally Note that for STP RSTP MSTP to be enabled on a particular port it must be enabled both globally and per port Synopsis STP RSTP MSTP Default RSTP Selects the version of Spanning Tree Protocol to support one of STP Rapid STP or Multiple STP Synopsis 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default 32768 Bridge Priority provides a way to control the topology of the STP connected network The desired Root and Designated bridges can be configured for a particular topology The bridge with the lowest priority will become the root In the event of a failure of the root bridge the bridge with the next lowest priority will then become the root Designated bridges that for redundancy purposes service a common LAN also use priority to determine which bridge is active In this way careful selection of Bri
320. rlay a private Layer 2 network over a public Layer 2 network A large network service provider for example might have several clients whose networks each use multiple VLANs It is likely that the VLAN IDs used by these different client networks would conflict with one another were they mixed together in the provider s network Using double VLAN tagging each client network could be further tagged using a client specific VID at the edges where the clients networks are connected to the network service provider s infrastructure Frames ingressing an edge port of the service provider switch are tagged with VIDs of the customer s private network When those frames egress the switch s QinQ enabled port into the service provider network the switch always adds an extra tag called outer tag on top of the frames original VLAN tag called inner tag and the outer tag VID is the PVID of the frames ingress edge port This means that traffic from an individual customer is tagged with his unique VID and is thus segregated from other customers traffic Within the service provider network switching is based on the VID in the outer tag When double tagged frames leave the service provider network they egress a QinQ enabled port of another switch The switch strips the outer tag while associating the frames with the VID extracted from it before stripping Thus the frames are switched to appropriate edge ports i e to appropriate customers Customer
321. rnnnnnnrrnnnnnncrnnnnnners 37 2 1 4 Updates Occur In Real TiMe isaac cana lata Eana 37 2 1 5 Alarm Indications Are Provided resserrer O E AEEA 37 Lro The ELSA A Aida 37 2 2 The ROS Secure Shel Seer arradan dad dada ea 38 2 2 1 Using a Secure Shell to Access the User Interface ooocccononnccconocccccononaccnnnnnnccnnnnnncrnnn nana 38 2 2 2 Using a Secure Shell to Transfer Files oooonnnnnnninncococcnnnnnoccnnnnnnrcnnnnnnrrnnnnnnrrnn nn nnrrnn oran 38 2 3 The ROS Web Server Interface iicocosiiiiia das 39 2 3 1 Using a Web Browser to Access the Web Interface 000 2 cececcceceee eee eeee eee eeeeee aa eeeeeeaaeeeeeeea 39 2 3 2 Customizing the Login Page srir aaeeea nana ENEE EEA ENNEA AEEA EEE ATEAN ETRIE RA 40 2 3 3 The Structure of the Web Interface 2s sccciedeciaeais nea deadectavacdenesuaedede nan donna didnt cor dean 40 2 3 4 Making Configuration Changes oocccoconccccononcccnnnnnnccnnnnnnccnnnnanccnnnnnncrnnnnnnrrnnnnnnrrnnnnnncrnnnnnners 41 2 3 5 Updating Statistics Displays dorn ieser un TE E a AE EEEN AE AES EEA aran 41 2 4 AdminiStration Ment cri AAI ARAR R AA ARATA ITNA 41 259 IP INLCMACCS runen a E caba 42 2 6 IP GNEVA sets E veces idee seid der itis caged eae E EEE ETAT EAA sedate itis AAAS 44 RUGGEDCOM ROS User Guide Table of Contents Lal IP SCIVICOS itch catia iiiciaede iidnetd itieece A irritada iii 45 20 Data Mal ein a 47 2 9 System Identification 0d idad 48 2510 PassWOrdS cerati EE phceae u
322. rolled Version Only RSH Server IP Services Inactivity Timeout 5 min Telnet Sessions Allowed 0 Web Server Users Allowed 16 TFTP Server Disabled ModBus Address Disabled SSH Sessions Allowed 4 RSH Server Disabled Enabled Apply Reload Description Synopsis 1 to 60 or Disabled Default 5 min Specifies when the console will timeout and display the login screen if there is no user activity A value of zero disables timeouts For Web Server users maximum timeout value is limited to 30 minutes Synopsis 0 to 4 Default 0 controlled version Default 4 non controlled version Limits the number of Telnet sessions A value of zero prevents any Telnet access Synopsis 1 to 16 Default 16 Limits the number of simultaneous web server users Synopsis Disabled Get Only Enabled Default Disabled As TFTP is a very insecure protocol this parameter allows the user to limit or disable TFTP Server access DISABLED disables read and write access to TFTP Server GET ONLY only allows reading of files via TFTP Server ENABLED allows reading and writing of files via TFTP Server Synopsis 1 to 254 or Disabled Default Disabled Determines the Modbus address to be used for Management through Modbus Synopsis 1 to 4 Default 4 Limits the number of SSH sessions Synopsis Disabled Enabled Default Disabled controlled version Default Enabled non controlled version Disables e
323. rring a file to a ROS device Once a configuration file has been successfully transferred it is automatically applied Configuration File Format The format of the configuration file makes it simple to apply a wide variety of tools to the task of maintaining ROS configuration Among the applications that may be used to manipulate ROS configuration files are Any text editing program capable of reading and writing ASCII files e Difference patching tools e g the UNIX diff and patch command line utilities Source Code Control systems e g CVS SVN CAUTION AN Do not edit an encrypted configuration file Any line that has been modified manually will be ignored ROS also has the ability to accept partial configuration updates It is possible for example to update only the parameters for a single Ethernet port Transferring a file containing only the following lines to a ROS device will result in an update of the parameters for Ethernet port 1 without changing any other parameters of the device s configuration Port Parameters eLnPortcrg Port Name Media State AutoN Speed Dupx FlowCtrl LFI Alarm 1 Port 1 100TX Enabled On Auto Auto Off Off On 294 Updating Configuration RUGGEDCOM ROS Chapter 15 User Guide Firmware Upgrade and Configuration Management Security Considerations The same limitations apply to writing config csv to the ROS device that apply to firmware images Refer to Section 15 4
324. rt protocol messages through the network either TCP IP or UDP IP transport can be used The exception is the TCPModbus protocol which cannot be employed over UDP The setting of Differentiated Services Code Point DSCP in the IP header is provided for TCP IP and UDP IP transport in the egress direction only Debugging facilities include statistics and tracing information on a serial port and or network transport Section 3 1 1 Raw Socket protocol features e A means to transport streams of characters from one serial port over an IP network to another serial port XON XOFF flow control Configurable local and remote IP port numbers per serial port Many to many UDP transactions TCP accept or request connection mode Point to point TCP connection mode and a broadcast connection mode in which up to 64 remote servers may connect to a central server Packetization and sending data on a specific packet size a specific character or upon a timeout Serial Protocols Overview 91 Chapter 3 RUGGEDCOM ROS Serial Protocols User Guide e Configurable turnaround time to enforce minimum time between messages sent out the serial port Section 3 1 2 DNP over Raw Socket protocol features e Packetization and sending data per DNP 3 protocol specification Section 3 1 3 Preemptive Raw Socket protocol features A means to transport streams of characters from one serial port over an IP network to another serial port
325. ry mode which includes several factory level commands used for testing and troubleshooting Only available to admin users CAUTION Misuse of the factory commands may corrupt the operational state of device and or may permanently damage the ability to recover the device without manufacturer intervention A set of diagnostic commands to display information about the Flash filesystem and to defragment Flash memory Usage flashfiles Displays Flash memory statistics and Flash memory file system contents Usage flashfiles info filename Displays information about the specified file in the Flash filesystem Usage flashfiles defrag Defragments files in the Flash filesystem Flashes the unit LED indicators for the specified number of seconds Command Line Listing 23 Chapter 1 Introduction RUGGEDCOM ROS User Guide help ipconfig loaddflts login logout ping purgemac reset resetport rmon route sql sslkeygen sshkeygen Controlled Version Only Usage flashleds timeout timeout the number of seconds to flash the unit LED indicators To stop flashing the LEDs set timeout to 0 zero help command name command name Name of command for which to get help If no command is specified a list of all available commands is displayed along with a brief description of each one Displays IP configuration Load Factory Default Configuration Login to the shell e set the access level Lo
326. s NOTE i A switch running in passive mode requires the presence of a multicast router or it will not be able to forward multicast streams at all If no multicast routers are present at least one IGMP Snooping switch must be configured for Active IGMP mode to make IGMP functional IGMP Snooping Rules e When a multicast source starts multicasting the traffic stream will be immediately blocked on segments from which joins have not been received The switch will always forward all multicast traffic to the ports where multicast routers are attached unless configured otherwise Packets with a destination IP multicast address in the 224 0 0 X range which are not IGMP are always forwarded to all ports This behavior is based on the fact that many systems do not send joins for IP multicast addresses in this range while still listening to such packets The switch implements proxy reporting i e membership reports received from downstream are summarized and used by the switch to issue its own reports The switch will only send IGMP membership reports out of those ports where multicast routers are attached because sending membership reports to hosts could result in unintentionally preventing a host from joining a specific group Multicast routers use IGMP to elect a master router known as the querier the one with the lowest IP address is elected to be the querier all other routers become of non queriers participating o
327. s False True Auto Default Auto Edge ports are ports that do not participate in the Spanning Tree but still send configuration messages Edge ports transition directly to frame forwarding without any listening and learning delays The MAC tables of Edge ports do not need to be flushed when topology changes occur in the STP network Unlike an STP disabled port accidentally connecting an edge port to another port in the spanning tree will result in a detectable loop The Port RSTP Parameters 193 Chapter 7 Spanning Tree RUGGEDCOM ROS User Guide Parameter Point to Point Restricted Role Restricted TCN Section 7 4 3 eRSTP Parameters Description Edgeness of the port will be switched off and the standard RSTP rules will apply until the next link outage Synopsis False True Auto Default Auto RSTP uses a peer to peer protocol that provides rapid transitioning on point to point links This protocol is automatically turned off in situations where multiple STP bridges communicate over a shared non point to point LAN The bridge will automatically take point to point to be true when the link is found to be operating in full duplex mode The point to point parameter allows this behavior or overrides it forcing point to point to be true or false Force the parameter true when the port operates a point to point link but cannot run the link in full duplex mode Force the parameter false when the port operate
328. s 1 to 65535 Default 502 The remote port number at which the Modbus protocol makes TCP connection requests Synopsis Disabled Enabled Default Enabled Enables forwarding exception messages to the Master as exception codes 10 no path or 11 no response When the Master polls for an unconfigured RTU or the remote Modbus Server receives a poll for an RTU which is not configured or is timing out it returns an exception message Disable this feature if your Master does not support exceptions but recognizes failure by time out when waiting for response Synopsis Disabled Enabled Default Enabled Enables link statistics collection for this protocol Synopsis 0 to 63 Default 0 To set the DS byte in the IP header DS byte setting is supported in the egress direction only 114 Modbus Client RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols Section 3 3 7 WIN and TIN Log out Back Figure 78 WIN and TIN Form Parameter TIN Mode TIN Transport WIN Transport TIN IP Port WIN IP Port Message Aging Timer TIN Mode TIN Transport WIN Transport TIN IP Port WIN IP Port Message Aging Timer Address Aging Timer Broadcast Addresses Unicast Addresses Link Stats WIN DSCP TIN DSCP access admin WIN and TIN fi TCP UDP TCP UDP 51000 52000 fizos Static Dynamic Disabled Enabled gt Apply Reload Description
329. s Log out Flooding Options admin Back Port s hh Flood Unknown Unicast On Off _Apply _ Reload Figure 194 MAC Address Flooding Options Form Parameter Description Port s Synopsis Any combination of numbers valid for this parameter The port number as seen on the front plate silkscreen of the switch or a list of ports if aggregated in a port trunk Flood Unknown Unicast Synopsis On Off Default On Normally unicast traffic with an unknown destination address is flooded out of all ports When a port is configured to turn off this kind of flooding the unknown unicast traffic is not sent out from the selected port 262 Configuring Flooding Options RUGGEDCOM ROS Chapter 12 User Guide MAC Address Tables Section 12 4 Configuring Static MAC Address Table Static MAC addresses are usually configured when the user wishes to enforce port security if supported Static MAC addresses are also configured when a device can receive but cannot transmit frames Prioritized MAC addresses are configured when traffic to or from a specific device on a LAN segment is to be assigned a higher CoS priority than other devices on that LAN segment Log out Static MAC Address Table edie Back InsertRecord MAC Address VID Port CoS 00 04 DC 00 11 00 4 6 Crit 00 04 DC FE 00 80 1 Learn Normal Figure 195 Static MAC Address Table Log out Static MAC Address Table oe Back MAC Address 00 0
330. s Table Purge MAC Address Table e Network Discovery e Diagnostics Figure 190 MAC Address Tables Menu 259 Chapter 12 MAC Address Tables RUGGEDCOM ROS User Guide Section 12 1 Viewing MAC Addresses Log out Back Figure 191 Address Table Parameter MAC Address VID Port Type CoS MAC Addresses 00 00 65 05 94 C4 1 Normal 00 04 23 AE FD 14 1 4 Dynamic 00 04 DC 01 01 E2 1 4 Dynamic 00 0D 88 4E 6B CF 1 4 Dynamic 00 0E 46 2C EE C4 1 4 Dynamic 00 DE A6 68 3F DF 1 4 Dynamic 00 50 22 B4 DC BD 1 4 Dynamic 00 E0 18 BB B4 C4 1 13 Dynamic Normal Description Synopsis 4 where ranges 0 to FF A MAC address learned by the switch Synopsis 0 to 65535 The VLAN Identifier of the VLAN on which the MAC address operates Synopsis 0 to 65535 or Multi Local The port on which MAC address has been learned MULTI multicast address so there is no switch port associated with this MAC address Synopsis Static Dynamic This describes how the MAC address has been learned by the switch STATIC the address has been learned as a result of a Static MAC Address Table configuration or some other management activity and can not be automatically unlearned or relearned by the switch DYNAMIC The address has been automatically learned by the switch and can be automatically unlearned Synopsis Normal M
331. s paje Back InsertRecord 192 168 0 99 111 112 113 110 255 255 0 0 11 22 33 44 Figure 17 IP Gateways Form Parameter Description Destination Synopsis HHHHHHHH HHH where ranges from 0 to 255 Default 0 0 0 0 Specifies the IP address of the destination device An IP address is a 32 bit number that is notated by using four numbers from 0 through 255 separated by periods Subnet Synopsis 4 HH HH where ranges from 0 to 255 Default 0 0 0 0 Specifies the IP subnet mask of the destination An IP subnet mask is a 32 bit number that is notated by using four numbers from 0 through 255 separated by periods Typically subnet mask numbers use either 0 or 255 as values e g 255 255 255 0 but other numbers can appear Gateway Synopsis HHHHH HH HH where H ranges from 0 to 255 Default 0 0 0 0 Specifies the gateway IP address The gateway address must be on the same IP subnet as this device NOTE The default gateway configuration will not be changed when resetting all configuration parameters to defaults Section 2 7 IP Services These parameters provide the ability to configure properties for IP services provided by the device IP Services 45 Chapter 2 Administration RUGGEDCOM ROS User Guide Log out Back Figure 18 IP Services Form Parameter Inactivity Timeout Telnet Sessions Allowed Web Server Users Allowed TFTP Server ModBus Address SSH Sessions Allowed Cont
332. s the link in full duplex mode but is still not point to point e g a full duplex link to an unmanaged bridge that concentrates two other STP bridges Synopsis True or False Default False A boolean value set by management If TRUE causes the Port not to be selected as the Root Port for the CIST or any MSTI even if it has the best spanning tree priority vector Such a Port will be selected as an Alternate Port after the Root Port has been selected This parameter should be FALSE by default If set it can cause a lack of spanning tree connectivity It is set by a network administrator to prevent bridges that are external to a core region of the network from influencing the spanning tree active topology This may be necessary for example if those bridges are not under the full control of the administrator Synopsis True or False Default False A boolean value set by management If TRUE it causes the Port not to propagate received topology change notifications and topology changes to other Ports If set it can cause temporary loss of connectivity after changes in a spanning tree s active topology as a result of persistent incorrectly learned station location information It is set by a network administrator to prevent bridges that are external to a core region of the network from causing address flushing in that region This may be necessary for example if those bridges are not under the full control of the administrator or if
333. s to the appropriate LAN segments Section 11 1 1 Router and Host IGMP Operation The network shown in Figure 178 IGMP Operation Example 1 provides a simple example of the use of IGMP One producer IP host P1 is generating two IP multicast streams M1 and M2 There are four potential consumers of these streams C1 through C4 The multicast router discovers which host wishes to subscribe to which stream by sending general membership queries to each of the segments IGMP 243 Chapter 11 RUGGEDCOM ROS Multicast Filtering User Guide M2y M1 Multicast Member 4 Membership Query Router embership Query M2 Membership Report M1 Membership Report Figure 178 IGMP Operation Example 1 In this example the general membership query indicating the desire to subscribe to a stream M2 The router will forward the M2 stream onto the C1 C2 segment In a similar fashion the router discovers that it must forward M1 onto segment C3 C4 NOTE Membership reports are also referred to as joins A consumer may join any number of multicast groups issuing a membership report for each group When a host issues a membership report other hosts on the same network segment that also require membership to the same group suppress their own requests since they would be redundant In this way the IGMP protocol guarantees that the segment will issue only one join for each group The router periodically queries
334. sant 26 1 7 3 2 Viewing and Clearing Log Files cece ee cece tener ee aa eee essa eeeeeeaaeeeeeaaeeeeeeaaeeees 27 1 7 4 Managing the Flash Filesystem ersun cece eee e ee nets ATEA aa E a a a e 28 1 7 4 1 Flash Filesystem Memory Mapping 0 ccceeeeeeeeeee eee tree eee eeeeee aa eeeeeeaaeeeeeeaaeeeeeea 28 1 7 4 2 Obtaining Information On a Particular File eee eeeeeeneeeeeeaaeeeeeeaaeeeeeeaaeeees 29 1 7 4 3 Defragmenting the Flash Filesystem ccccececcceeeeeeeneeeeeee aa eeeeeeaaeeeeeeaaeeeeeeaaeeees 29 1 775 Pinging a Remote Device seraa a A A EA A ESSR 29 ETG Tracing EVEN aoan e E Aa 30 1576 1 Enabling Trad ii adi 31 1510 2 Starting race veias weet pasteesetghecugtidateeds bteweatqaateede tetecedstdateetebete gest 31 1 7 7 Viewing DHCP Learned Information 0 ccc cceeeee cece ete reer eee eres eee eeeeaeeeeeeeneeeeeeeaaaeeeeeanees 32 1 7 8 Executing Commands Remotely Through RSH cceccseeeeeeeeeeeeeeaaeeeeeeaaeeeeteaaeeeeeeaaeeees 32 TAA Resetting the Devit serria aA EE AE A A EEE ASES 33 Chapter 2 o AA A 35 21 The ROS User lntentace ui tail 35 2 1 1 Using the RS232 Port to Access the User Interface oo ooonccccnnccccconnccccccnnnnccnnnnanccnnnnancnnnnn 35 2 1 2 The Structure of the User Interface ooooooiccccnoncccccnnoccnnccnnncnnnonnnnnnnnnnnnnnc non aran nnnnannnnnnnnannnnns 36 2 1 3 Making Configuration Changes oocccononccccnnnccccnnnnnnccnnnnnnccnnnnnnccnnnnnnrnnnnnnnr
335. security model and security level for its users Community is configured for protocols v1 and v2c Community is mapped to the group and access level with security name which is configured as User name Section 2 12 1 SNMP Users These parameters provide the ability to configure users for the local SNMPv3 engine along with the community for SNMPv1 and SNMPv2c Note that when employing the SNMPv1 or SNMPv2c security level the User Name maps the community name with the security group and access level Up to 32 entries can be configured WARNING When creating a new auth or priv key make sure it adheres to the following rules Must not be less than 6 characters in length e Must not include the username or any 4 continous alphanumeric characters found in the username For example if the username is Subnet25 the password may not be subnet25admin or subnetadmin However net25admin or Sub25admin is permitted Must have at least one alphabetic character and one number Special characters are permitted Must not have more than 3 continuously incrementing or decrementing numbers For example Sub123 and Sub19826 are permitted but Sub12345 is not An alarm will generate if a weak password is configured The weak password alarm can be disabled by user For more information about disabling alarms refer to Section 14 1 4 Configuring Alarms Log out SNMP Users access admin Back InsertRecord Manager 192 168 0 100 Manager
336. shed Name fields COUNTRY NAME CA Two letter country code STATE_OR PROVINCE NAME 0Ontario State or Province LOCALITY NAME Concord City ORGANIZATION Ruggedcom com Your organization s name ORGANIZATION CA ORGANIZATION _CA Your Certificate Authority COMMON_NAME RC The DNS or IP address of the ROS unit ORGANIZATIONAL UNIT ROS Organizational unit name Variables used in the construction of the certificate REQ SUBJ C COUNTRY NAME ST STATE OR PROVINCE NAME L LOCALITY NAME O ORGANIZATION OU S ORGANIZATIONAL UNIT CN COMMON NAME REQ _ SUBJ_CA C COUNTRY NAME ST STATE OR PROVINCE NAME L LOCALITY NAME 0 ORGANIZATION CA OU ORGANIZATIONAL UNIT id dd Make the self signed SSL certificate and RSA key pair openssl req x509 newkey rsa BITS nodes days DAYS subj REQ SUBJ keyout ros_ssl key out MOSES SIC Concatenate Cert and Key into a single file suitable for upload to ROS Note that cert must precede the RSA key Cat ros GGl seri SS SES SS For information on creating SSL certificates for use with ROS in a Microsoft Windows environment refer to the following Siemens application note Creating Uploading SSH Keys and SSL Certificates to ROS Using Windows The following listing is the disassembly of a self signed SSL certificate generated by ROS Certificate patas SSL Certificates 3 Chapter 1 Introduction RUGGEDCOM RO
337. ship between the bridge diameter and the maximum age parameter To achieve extended ring sizes RUGGEDCOM eRSTP uses an age increment of 1 4 of a second The value of the maximum bridge diameter is thus four times the configured maximum age parameter NOTE i Raise the value of the maximum age parameter if implementing very large bridged networks or rings Section 7 1 6 Fast Root Failover Siemens s Fast Root Failover feature is an enhancement to RSTP that may be enabled or disabled via configuration Fast Root Failover improves upon RSTP s handling of root bridge failures in mesh connected networks trading slightly increased failover times for a deterministic recovery time Two Fast Root Failover algorithms are available 2The RSTP algorithm is as follows STP configuration messages contain age information Messages transmitted by the root bridge have an age of 0 As each subsequent designated bridge transmits the configuration message it must increase the age by at least 1 second When the age exceeds the value of the maximum age parameter the next bridge to receive the message immediately discards it Bridge Diameter 181 Chapter 7 RUGGEDCOM ROS Spanning Tree User Guide e robust guarantees a deterministic root failover time but requires support from all switches in the network including the root switch e relaxed ensures a deterministic root failover time in most network configurations but allows the use
338. shooting Problem One When I connect a new port the network locks up The port status LEDs are flashing madly Occasionally the network seems to experience a lot of flooding All the ports seem to experience significant traffic The problem lasts a few seconds and then goes away 208 Clear STP Statistics RUGGEDCOM ROS Chapter 7 User Guide Spanning Tree One of my switches displays a strange behavior where the root port hops back and forth between two switch ports and never settles down Is it possible that one of the switches in the network or one of the ports on a switch in the network has STP disabled and accidentally connects to another switch If this has occurred then a traffic loop has been formed If the problem appears to be transient in nature it is possible that ports that are part of the spanning tree have been configured as edge ports After the link layers have come up on edge ports STP will directly transition them perhaps improperly to the forwarding state If an RSTP configuration message is then received the port will be returned to blocking A traffic loop may be formed for the length of time the port was in forwarding If one of the switches appears to flip the root from one port to another the problem may be one of traffic prioritization See problem five Another possible cause of intermittent operation is that of an auto negotiation mismatch If one end of the link is fixed to full duplex mode and the pe
339. sible from the main menu 236 Forwarding Phase RUGGEDCOM ROS Chapter 10 User Guide Classes of Service Log out Main Menu e Administration e Ethernet Ports e Ethernet Statistics e Spanning Tree e Virtual LANs e Classes of Service Configure Global CoS Parameters Configure Port CoS Parameters Configure Priority to CoS Mapping e Configure DSCP to CoS Mapping e Multicast Filtering e MAC Address Tables e Diagnostics Figure 170 Classes Of Service Menu Section 10 2 1 Global CoS Parameters access Log out Global CoS Parameters sain Back CoS Weighting 8 4 2 1 Strict Apply Reload Figure 171 Global CoS Parameters Form Parameter Description CoS Weighting Synopsis 8 4 2 1 Strict Default 8 4 2 1 During traffic bursts frames queued in the switch pending transmission on a port may have different CoS priorities This parameter specifies weighting algorithm for transmitting different priority CoS frames Examples 8 4 2 1 8 Critical 4 High 2 Medium and 1 Normal priority CoS frame Global CoS Parameters 237 Chapter 10 RUGGEDCOM ROS Classes of Service User Guide Parameter Description Strict lower priority CoS frames will be only transmitted after all higher priority CoS frames have been transmitted Section 10 2 2 Port CoS Parameters access Log out Port CoS Parameters lA Back Figure 172 Port CoS Parameter Form access Log out Port
340. sides RS416 does not do so Both sides Device 1 RuggedServer Server Gateway Device 2 ETHERNET RuggedServer Server Gateway Device 3 RuggedServer Server Gateway need to know where on the network a given destination device is If a message is received from the network the destination address must point to the serial port on the receiving server If a message is received from the local serial port the destination address must point to the IP address of the server where the addressed device is connected Section 3 2 3 1 The Concept of Links A communication link is established between two IP addresses The addressing is described below The remote address is the source IP address in a message received over the network and also the destination address of a message received from a serial port and transmitted on the network The local address is the destination IP address in a message received over the network and also the source address of a message received from a serial port and transmitted on the network For each link a statistical record will be available to the user if link statistics collection is enabled in the protocol configuration Section 3 2 3 2 Address Learning for TIN Address learning is implemented for the TIN protocol and learned entries are viewable in the Figure 89 Dynamic Device Address Table The Concept of Links 101 Chapte
341. sing the Alarm SYsteWM 0 iia 275 14 11 Active Alarm A ide AAA Yaa 276 14 127 Passie AlaMS 000 A A AIR 276 14 1 3 Alarms and the Critical Failure Relay ooooninncnnonincccconcnnccnnccnnnnnnnnnnnnnnanan cnn nr nn nn nnnrnnnnnns 276 14 1 4 lt Contiguring AlANMS iii dates 276 14 1 5 Viewing and Clearing Alarms occoooncccccnoncccnnnnnnccnnnnanccnnnnnnccnnnnnncrnnnnnncrnnnnnnrrnnnnnnrrnnnnnneros 278 14 1 6 Security Messages for Authentication oooccononncccnnnnncccnnnnnccnnnnnnccnnnnnncnnnonancrnn nn nncrnnnnnniro 279 14 1 6 1 Security Messages for Login Authentication ooooonncccnnnnncccnnnncccnnnnanccnnnnnnccnn nana 279 14 1 6 2 Security Messages for Port Authentication ocoooonncccnnonccccnnnnnccnnnnnnccnnnnnaccnnn nana 282 142 Viewing CPU Diagnostic arrasada co 283 14 3 Viewing and Clearing the System Log oooooocccccncoccccccnnccnnnnnnccnnnnnncnnnnnnnccnnnnnncrnnnnnnrrnnnnnncrnnn nano 284 14 4 Viewing Product Information oooonnncncoccccccnocccnnnnnncnnnnnncnnnnnnnnrnnnnnnnrnnnnnnrrnnnnnnrrnnnnnnrrnnnnnncrannnnners 285 14 5 Loading Factory Default Configuration o ooooniccccnnnccccnnnccccnnnnancnnnnnancnnnnnnnnnnnnnannnnnnnannnnnonancncnns 286 14 6 Resettingithe Devi ii ds 287 14 7 TransterringFlleS ida iia aid 287 Chapter 15 Firmware Upgrade and Configuration Management ooooccocccccccccccccnnncccnnnnnnnnos 289 15 1 Riles OF Interest osanna cece Cader sas aches a oheces staacest ables beada
342. sion Time Protocol gt View PTP Statistics gt View PTP Clock Stats view the IEEE 1588 status on the switch Status must equal Master Configuring the Slave Clock 1 Administration gt System Time Manager gt Precision Time Protocol gt Configure Global Parameters set PTP Enable to Yes 2 Administration gt System Time Manager gt Precision Time Protocol gt Configure Global Parameters set Clock Type to Ordinary Clock 3 Administration gt System Time Manager gt Precision Time Protocol gt Configure Global Parameters set PTP Profile to Power Profile 4 Administration gt System Time Manager gt Precision Time Protocol gt Configure Global Parameters set Network Class to IEEE1588 Network 5 Administration gt System Time Manager gt Precision Time Protocol gt Configure Clock Parameters set Slave Only to Yes 6 Administration gt System Time Manager gt Precision Time Protocol gt Configure Time Source set Primary Time Source to IEEE1588 Serial Protocols gt Configure Serial Ports set IRIGB to PWM on serial port 1 Administration gt System Time Manager gt Configure IRIGB set IEEE1344 to Yes Administration gt System Time Manager gt Precision Time Protocol gt View PTP Statistics gt View PTP Clock Stats view the IEEE 1588 status on the switch Status must equal Slave Q Can I configure the RS416 as a transparent clock A No the RS416 only supports ordinary clock mode Q Can I config
343. station used to connect to the ROS interface must meet the following system requirements Must have one of the following Web browsers installed Microsoft Internet Explorer 8 0 or higher Mozilla Firefox Google Chrome Iceweasel lceCat Linux Only e Must have a working Ethernet interface compatible with at least one of the port types on the RUGGEDCOM device e The ability to configure an IP address and netmask on the computer s Ethernet interface xiv CLI Command Syntax RUGGEDCOM ROS User Guide Preface Accessing Documentation The latest Hardware Installation Guides and Software User Guides for most RUGGEDCOM products are available online at www siemens com ruggedcom For any questions about the documentation or for assistance finding a specific document contact a Siemens sales representative Application Notes Application notes and other technical articles are available online at www siemens com ruggedcom Customers are encouraged to refer to this site frequently for important technical information that applies to their devices and or applications Training Siemens offers a wide range of educational services ranging from in house training of standard courses on networking Ethernet switches and routers to on site customized courses tailored to the customer s needs experience and application Siemens Educational Services team thrives on providing our customers with the essential practical skills to make
344. sue general membership queries as if it is the router Processing Joins If host C1 desires to subscribe to the multicast streams for both P1 and P2 it will generate two joins The join from C1 on VLAN 2 will cause the switch to immediately initiate its own join to multicast router 1 and to issue its own join as a response to queries The join from C1 for VLAN 3 will cause the switch to immediately begin forwarding multicast traffic from P2 to C1 246 Combined Router and Switch IGMP Operation RUGGEDCOM ROS Chapter 11 User Guide Multicast Filtering Processing Leaves When host C1 decides to leave a multicast group it will issue a leave request to the switch The switch will poll the port to determine if C1 is the last member of the group on that port If C1 is the last or only member the group will immediately be pruned from the port Should host C1 leave the multicast group without issuing a leave group message and then fail to respond to a general membership query the switch will stop forwarding traffic after two queries When the last port in a multicast group leaves the group or is aged out the switch will issue an IGMP leave report to the router Section 11 2 GMRP GARP Multicast Registration Protocol The GARP Multicast Registration Protocol GMRP is an application of the Generic Attribute Registration Protocol GARP that provides a mechanism at Layer 2 for managing multicast group membership in a bridged Laye
345. t UDP transport is used during the address learning phase as it supports all types of IP addresses unicast multicast and broadcast When a message with an unknown source address is received from the local serial port the address is learned on that port and the local IP address When a message with an unknown source address is received from the IP network on IP interface that is configured as learning interface it is learned on the IP address of the sender and serial port is unknown When a message with an unknown destination address is received from a serial port a UDP broadcast datagram is transmitted on the UDP port configured for the DNP protocol The IP interface that transmits this broadcast is the one configured as the learning interface When a message with an unknown destination address is received from the IP network it is sent to all DNP serial ports All learned addresses will be kept in the Device Address Table until they are active They will also be saved in non volatile memory and recovered if the device reboots so the learning process does not have to be repeated because of for example an accidental power interruption The aging timer is reset whenever a message is received or sent to the specified address This concept makes the DNP protocol configurable with the minimum number of parameters an IP port a learning IP interface and an aging timer 102 Address Learning for DNP RUGGEDCOM ROS Chapter 3 User Guid
346. t IP Multicast Groups admin 3 o a 224 1 0 2 01 00 5E 01 00 02 238 0 40 6 01 00 5 00 28 06 Figure 188 IP Multicast Groups Table Parameter Description VID Synopsis 0 to 65535 The VLAN Identifier of the VLAN on which the multicast group operates IP Address Synopsis HH HHH HHH HHH where ranges from O to 255 The multicast group IP address Joined Ports Synopsis Any combination of numbers valid for this parameter All ports that subscribed to the multicast group traffic Router Ports Synopsis Any combination of numbers valid for this parameter All ports that have been manually configured or dynamically discovered by observing router specific traffic as ports that link to multicast routers MAC Address Synopsis 7 where ranges 0 to FF The multicast MAC address corresponding to the group multicast IP address 256 Viewing IP Multicast Groups RUGGEDCOM ROS Chapter 11 User Guide Multicast Filtering Section 11 3 6 Multicast Group Summary access Log out Multicast Group Summary prieta Back 01 00 00 55 22 22 1 2 Figure 189 Multicast Group Summary Parameter Description VID Synopsis 0 to 65535 The VLAN Identifier of the VLAN on which the multicast group operates MAC Address Synopsis HH HH HH HH H where ranges 0 to FF The multicast group MAC address Static Ports Synopsis Any combination of numbers valid for this parameter Ports that jo
347. t updates as they occur sign up for a product specific newsletter For more information visit http support automation siemens com Warranty Refer to the License Agreement for the applicable warranty terms and conditions if any For warranty details visit www siemens com ruggedcom or contact a Siemens customer service representative Contacting Siemens Address Telephone E mail Siemens AG Toll free 1 888 264 0006 ruggedcom info i ia siemens com Industry Sector Tel 1 905 856 5288 Web 300 Applewood Crescent Fax 1 905 856 1995 Concord Ontario www siemens com ruggedcom Canada L4K 5C7 RUGGEDCOM ROS User Guide Table of Contents Table of Contents PROTACCS 2 diss scx CO ON xiii About TIS GUIDE Siac ese age A adi xiii Conventions rito AA A ay Seale ye base Deeb vee bocca A A ee donned xiii PANE A 2 Nee ae A ide ee ili le ea Maas allen dah etal dade nade xiii CLI Command Syntax ia A AA ae a eo xiv Related Document vii A dv eda gee aang a A aid xiv System REQUIF MEMES it A Ai xiv Accessing DOCUMONTALIONT a XV Application Notes ici A a A iS aaa ia tii XV TAM hs atte Cet A ate A E edits A S eR eee XV CUSTOM SUP POM xe doc XV Chapter 1 IMPtOduUCUOR sra a dd 1 TE Secunity Considerations arto 1 1 1 1 Security Recommendations 0 00 0 eee er tee eee aan eee anne eres aaeeeeeeaaeeeeeeaaeeeeeaaeeeees 1 112 AA iaabeedd aghbuds a a a ad anand 2 11521 SSL GOnificates in eed aatoa eee a dave
348. tate change processing from consuming all available CPU resources However if Port Guard is not used it is possible for almost all available CPU time to be consumed by frequent link state changes which could have a negative impact on overall system responsiveness Link Detection Options 145 Chapter 4 Ethernet Ports RUGGEDCOM ROS User Guide Section 4 2 6 Port Status Log out Back access Port Status admin PortName Link SpeedDuplexMedia 1 Pot1 Up 100M Ful 100TX 2 Pot2 Up 100M Full 100TX RJ45 Mom 3 Port3 Down 100TX 4 Port4 Down 100TXRJ45 Figure 107 Port Status Table 1 Parameter Port Name Link Speed Duplex Media Type Section 4 2 7 Resetting Ports Description Synopsis 1 to maximum port number The port for which status is provided Synopsis Any 15 characters A descriptive name that may be used to identify the device connected to that port Synopsis Down Up The port s link status Synopsis 10 100 1000 The port s current speed Synopsis Half Full The port s current duplex status Synopsis Any 31 characters Provides user with the description of installed media type on the port for modular products Please note that fiber media may be either Single Mode SM Multi Mode MM may be Short Distance Long Distance or Very Long Distance with connectors like LC SC ST MTRJ etc
349. tatistics R Uint32 Ethernet In Octets 0494 2 Port 11 Statistics R Uint32 Ethernet In Octets 0496 2 Port 12 Statistics R Uint32 Ethernet In Octets 0498 2 Port 13 Statistics R Uint32 Ethernet In Octets 049A 2 Port 14 Statistics R Uint32 Ethernet In Octets Modbus Memory Map 17 Chapter 1 RUGGEDCOM ROS Introduction User Guide Address Registers Descnption Reference R W Format Table in Ul 049C 2 Port 15 Statistics R Uint32 Ethernet In Octets 049E 2 Port 16 Statistics R Uint32 Ethernet In Octets 04A0 2 Port 17 Statistics R Uint32 Ethernet In Octets 04A2 2 Port 18 Statistics R Uint32 Ethernet In Octets 04A4 2 Port 19 Statistics R Uint32 Ethernet In Octets 04A6 2 Port 20 Statistics R Uint32 Ethernet In Octets 04C0 2 Port 1 Statistics R Uint32 Ethernet Out Octets 04C2 2 Port 2 Statistics R Uint32 Ethernet Out Octets 04C4 2 Port 3 Statistics R Uint32 Ethernet Out Octets 04C6 2 Port 4 Statistics R Uint32 Ethernet Out Octets 04C8 2 Port 5 Statistics R Uint32 Ethernet Out Octets 04CA 2 Port 6 Statistics R Uint32 Ethernet Out Octets 04CC 2 Port 7 Statistics R Uint32 Ethernet Out Octets 04CE 2 Port 8 Statistics R Uint32 Ethernet Out Octets 04D0 2 Port 9 Statistics R Uint32 Ethernet Out Octets 04D2 2 Port 10 Statistics R Uint32 Ethernet Out Octets 04D4 2 Port 11 Statistics R Uint32 Ethernet Out Octets 04D6 2 Port 12 Statistics R Uint32 Ethernet Out Octets 04D8 2
350. tch A E C Port A2 Edge Port PVID 7 Port E2 Edge Port PVID 20 Port C2 Edge Port PVID 7 End Node A End Node E End Node C GVRP unaware GVRP Unaware GVRP Unaware Figure 150 Using GVRP An example of using GVRP e Ports A2 and C2 are configured with PVID 7 and port E2 is configured with PVID 20 End Node D is GVRP aware and is interested in VLAN 20 hence VLAN 20 is advertised by it towards switch D e D2 becomes member of VLAN 20 e Ports A1 and C1 advertise VID 7 and ports B1 and B2 become members of VLAN 7 Ports D1 and B1 advertise VID 20 and ports B3 B4 and D1 become members of VLAN 20 Section 8 1 10 PVLAN Edge PVLAN Edge Protected VLAN Edge port refers to a feature of the switch whereby multiple VLAN Edge ports on a single device are effectively isolated from one another All VLAN Edge ports in a switch that are configured as protected in this way are prohibited from sending frames to each other but are still allowed to send frames to other non protected ports within the same VLAN This protection extends to all traffic on the VLAN unicast multicast or broadcast PVLAN Edge 215 Chapter 8 RUGGEDCOM ROS VLANs User Guide Note that this feature is strictly local to the switch PVLAN Edge ports are not prevented from communicating with ports off the switch whether protected remotely or not Section 8 1 11 QinQ QinQ is also known as double VLAN tagging or as Nested VLANs It is used to ove
351. tch name as provided by the System Identification parameter Menu Title Access Level Alarms indicator Sub Menus and Command Bar Sub menus are entered by selecting the desired menu with the arrow keys and pressing the enter key Pressing the escape key returns you to the parent menu System Identification Menu Name Access Level and Alarms Indicator System Name Main Menu admin access Serial Protocols Ethernet Ports Ethernet Stats Link Aggregation Spanning Tree Virtual LANs Port Security Classes of Service Multicast Filtering MAC Address Tables Network Discovery Diagnostics lt CTRL gt Z Help S Shell X Logout Command Bar Sub menus Figure 9 Main Menu With Screen Elements Identified The command bar offers a list of commands that apply to the currently displayed menu These commands include e lt Ctrl Z gt to display help on the current command or data item e lt Ctrl S gt to switch to the CLI shell e lt Ctrl Up Down gt to jump to next previous page of a status display The main menu also provides a lt Ctrl X gt command which will terminate the session This type of menu is accessible via serial console telnet session and SSH session 36 The Structure of the User Interface RUGGEDCOM ROS Chapter 2 User Guide Administration Section 2 1 3 Making Configuration Changes When changing a data item the user selects the data item by the cursor keys and then pressing the enter key The cursor will
352. te access admin Time 16 01 18 Date Feb 29 2012 Time Zone UTC 5 00 New York Toronto v DST Offset 00 00 00 DST Rule Current UTC Offset 34s Leap Second Pending No Yes O Description Synopsis HH MM SS This parameter enables both the viewing and setting of the local time Synopsis MMM DD YYYY This parameter enables both the viewing and setting of the local date Synopsis UTC 12 00 Eniwetok Kwajalein UTC 11 00 Midway Island Samoa UTC 10 00 Hawaii UTC 9 00 Alaska UTC 8 00 Los Angeles Vancouver UTC 7 00 Calgary Denver UTC 6 00 Chicago Mexico City UTC 5 00 New York Toronto UTC 4 00 Caracas Santiago UTC 3 30 Newfoundland UTC 3 00 Brasilia Buenos Aires UTC 2 00 Mid Atlantic UTC 1 00 Azores UTC 0 00 Lisbon London UTC 1 00 Berlin Paris Rome UTC 2 00 Athens Cairo Helsinki UTC 3 00 Baghdad Moscow UTC 3 30 Teheran UTC 4 00 Abu Dhabi Kazan Muscat UTC 4 30 Kabul UTC 5 00 Islamabad Karachi UTC 5 30 Calcutta New Delhi UTC 5 45 Kathmandu UTC 6 00 Almaty Dhaka UTC 6 30 Rangoon UTC 7 00 Bangkok Hanoi UTC 8 00 Beijing Hong Kong UTC 9 00 Seoul Tokyo UTC 9 30 Adelaide Darwin UTC 10 00 Melbourne Sydney UTC 11 00 Magadan New Caledonia UTC 12 00 Auckland Fiji Default UTC 0 00 Lisbon London This setting enables the conversion of UTC Universal Coordinated Time to local time Synopsis HH M
353. te in ss1 crt Begins background generation of the credential file ss1 crt The system log will indicate the beginning and successful completion of the process Generation of ss1 crt may take several minutes Usage sshkeygen Generates new SSH keys in ssh keys Begins background generation of the credential file ssh keys Command Line Listing RUGGEDCOM ROS Chapter 1 User Guide Introduction The system log will indicate the beginning and successful completion of the process Generation of ssh keys may take several minutes telnet Usage telnet dest dest Server s IP address NOTE lt Ctrl C gt closes telnet session tftp Usage tftp server cmd fsource fdest server Remote TFTP server s IP address cmd put upload or get download fsource Source filename dest Destination filename NOTE lt Ctrl C gt stops a tftp transfer trace Starts event tracing Run trace for more help type Displays the contents of a text file Enter dir for a directory listing of files type filename version Prints software versions wlan pt The WLAN passthrough command is a portal to access diagnostics shell of the WLAN interface CAUTION Execution of WLAN passthrough command affects the normal operation of WLAN interface and should only be used under the supervision of Siemens personnel xmodem xmodem direction filename direction send send file to client receive receive file from client filename Enter dir f
354. ter 2 User Guide Administration Parameter Description GM ID Synopsis Any 31 characters Shows the identity of the PTP Precision Time Protocol grandmaster clock Note that the master clock may be the same as the grandmaster clock Master ID Synopsis Any 31 characters Shows the identity of the PTP Precision Time Protocol master clock Note that the master clock may be the same as the grandmaster clock The Peer Delay Statistics form displays P2P Peer To Peer clock statistics for all ports These statistics are updated every few seconds access Log out Peer Delay Stats admin Back Port State PeerDelay 2 On 17605ns 4 Off Ons Figure 33 Peer Delay Statistics Form Parameter Description Port Synopsis 1 to 11 The port number as seen on the front plate silkscreen State Synopsis x The status of the PTP port with respect to the P2P Peer To Peer delay mechanism PeerDelay Synopsis 0 ns to 2147483647 ns Peer delay in nanoseconds The peer delay mechanism measures the port to port propagation time such as the link delay between two communicating ports supporting the peer delay mechanism Section 2 11 5 Configuring IRIG B This menu configures the output of the BNC IRIG B port Configuring IRIG B 63 Chapter 2 RUGGEDCOM ROS Administration User Guide access Log out IRIGB admin Back TTL Output PWM x IEEE1344 No Yes Apply Reload Figure 34 IRIG B Configuration Menu
355. the MAC_Operational status parameter for the attached LANs transitions frequently The eRSTP Parameter form configures parameters relevant to different eRSTP enhancements 194 eRSTP Parameters RUGGEDCOM ROS User Guide Chapter 7 Spanning Tree Log out Back access eRSTP Parameters adinin Max Network Diameter MaxAgeTime 4 MaxAgeTime BPDU Guard Timeout Don t shutdown Fast Root Failover On IEEE802 1w Interoperability On Off Cost Style Figure 138 eRSTP Parameter Form Parameter Max Network Diameter BPDU Guard Timeout Fast Root Failover STP 16 bit RSTP 32 bit Apply Reload Description Synopsis MaxAgeTime 4 MaxAgeTime Default 4 MaxAgeTime The RSTP standard puts a limit on the maximum network size that can be controlled by the RSTP protocol The network size is described by the term maximum network diameter which is the number of switches that comprise the longest path that RSTP BPDUs have to traverse The standard supported maximum network diameter is equal to the value of the MaxAgeTime RSTP configuration parameter eRSTP offers an enhancement to RSTP which allows it to cover networks larger than ones defined by the standard This configuration parameter selects the maximum supported network size Synopsis 1 to 86400 s or Until reset Don t shutdown Default Don t shutdown The RSTP standard does not address network secur
356. the Master Clock 1 Administration gt System Time Manager gt Precision Time Protocol gt Configure Global Parameters set PTP Enable to Yes 2 Administration gt System Time Manager gt Precision Time Protocol gt Configure Global Parameters set Clock Type to Ordinary Clock 3 Administration gt System Time Manager gt Precision Time Protocol gt Configure Global Parameters set PTP Profile to Power Profile 4 Administration gt System Time Manager gt Precision Time Protocol gt Configure Global Parameters set Network Class to IEEE1588 Network 68 PTP IEEE1588 Frequently Asked Questions RUGGEDCOM ROS Chapter 2 User Guide Administration 5 Administration gt System Time Manager gt Precision Time Protocol gt Configure Global Parameters set Grandmaster ID to 100 6 Administration gt System Time Manager gt Precision Time Protocol gt Configure Clock Parameters set Priority 1 to 1 7 Administration gt System Time Manager gt Precision Time Protocol gt Configure Time Source set Primary Time Source to IRIGB Serial Protocols gt Configure Serial Ports set IRIGB to PWM on serial port 1 Administration gt System Time Manager gt Configure IRIGB set IEEE1344 to Yes 10 Administration gt System Time Manager gt View Time Sync Status view the IRIGB status on the switch Time Source must equal IRIGB and IRIGB Status must equal Lock 11 Administration gt System Time Manager gt Preci
357. the link used is of high quality then no pings should be lost and the average round trip time should be small Problem Two l am trying to use the LFI protection feature but my links won t even come up Is it possible that the peer also has LFI enabled If both sides of the link have LFI enabled then both sides will withhold link signal generation from each other Troubleshooting 147 RUGGEDCOM ROS Chapter 4 User Guide Ethernet Ports Troubleshooting 148 RUGGEDCOM ROS Chapter 5 User Guide Ethernet Statistics em Ethernet Statistics ROS Ethernet Statistics provide you with the following abilities e Viewing basic Ethernet statistics e Viewing and clearing detailed Ethernet statistics Configuring RMON History control e Viewing collected RMON History samples e Configuring RMON Alarms Configuring RMON Events e Viewing collected RMON Event logs The Ethernet Statistics menu is accessible from the main menu access Log out Main Menu admin Administration Ethernet Ports Ethernet Statistics e View Ethernet Statistics e View Ethernet Port Statistics Clear Ethernet Port Statistics Configure RMON History Controls e Configure RMON Alarms Configure RMON Events Link Aggregation Spanning Tree EA LANs Port Security Classes of Service Multicast Filtering MAC Address Tables Diagnostics 6 4 4 4 4 4 4 Figure 108 Ethernet Port Statistics Menu Section 5 1 Vie
358. ther ports in the trunk and will be displayed for each port as usual Make sure that only ports with the same speed and duplex settings are aggregated If auto negotiation is used make sure it is resolved to the same speed for all ports in the port trunk To get a value of an Ethernet statistics counter for the port trunk add the values of the counter of all ports in the port trunk Section 6 1 2 Link Aggregation Limitations A port mirroring target port can not be member of a port trunk However a port mirroring source port can be member of a port trunk A port working in QinQ mode cannot be a member of a port trunk DHCP Relay Agent Client port cannot be a member of a port trunk Load balancing between the links of a bundle is randomized and may not be ideal For instance if three 100Mbs links are aggregated the resulting bandwidth of the port trunk may not be precisely 300Mbs A Static MAC Address should not be configured to reside on an aggregated port it may cause some frames destined for that address to be dropped A secure port cannot be a member of a port trunk Link Aggregation Limitations 173 Chapter 6 RUGGEDCOM ROS Link Aggregation User Guide NOTE i The port trunk must be properly configured on both sides of the aggregated link In switch to switch connections if the configuration of both sides does not match i e some ports are mistakenly not included in the port trunk it will result in a lo
359. tics R Uint32 Ethernet Out Packets 044E 2 Port 8 Statistics R Uint32 Ethernet Out Packets 0450 2 Port 9 Statistics R Uint32 Ethernet Out Packets 0452 2 Port 10 Statistics R Uint32 Ethernet Out Packets 0454 2 Port 11 Statistics R Uint32 Ethernet Out Packets 0456 2 Port 12 Statistics R Uint32 Ethernet Out Packets 16 Modbus Memory Map RUGGEDCOM ROS Chapter 1 User Guide Introduction Address Registers Description Reference R W Format Table in UI 0458 2 Port 13 Statistics R Uint32 Ethernet Out Packets 045A 2 Port 14 Statistics R Uint32 Ethernet Out Packets 045C 2 Port 15 Statistics R Uint32 Ethernet Out Packets 045E 2 Port 16 Statistics R Uint32 Ethernet Out Packets 0460 2 Port 17 Statistics R Uint32 Ethernet Out Packets 0462 2 Port 18 Statistics R Uint32 Ethernet Out Packets 0464 2 Port 19 Statistics R Uint32 Ethernet Out Packets 0466 2 Port 20 Statistics R Uint32 Ethernet Out Packets 0480 2 Port 1 Statistics R Uint32 Ethernet In Octets 0482 2 Port 2 Statistics R Uint32 Ethernet In Octets 0484 2 Port 3 Statistics R Uint32 Ethernet In Octets 0486 2 Port 4 Statistics R Uint32 Ethernet In Octets 0488 2 Port 5 Statistics R Uint32 Ethernet In Octets 048A 2 Port 6 Statistics R Uint32 Ethernet In Octets 048C 2 Port 7 Statistics R Uint32 Ethernet In Octets 048E 2 Port 8 Statistics R Uint32 Ethernet In Octets 0490 2 Port 9 Statistics R Uint32 Ethernet In Octets 0492 2 Port 10 S
360. ting determines how frequently the S NTP server is polled for a time update If the server cannot be reached three attempts are made at one minute intervals and then an alarm is generated at which point the programmed rate is resumed Configuring Precision Time Protocol PTP IEEE 1588 The Precision Time Protocol link on the main web menu leads to four sub menus that configure the operation of IEEE 1588 PTP on the RS416 Configuring Precision Time Protocol PTP IEEE 1588 57 Chapter 2 RUGGEDCOM ROS Administration User Guide Log out Main Menu access admin e Administration Configure IP Interfaces Configure IP Gateways Configure IP Services Configure System Identification Configure Passwords System Time Manager e Configure Time and Date Configure IRIGB e Precision Time Protocol Configure Global Parameters Configure Clock Parameters e Configure Path Delay e View PTP Statistics e Configure Time Source e Configure NTP Server e View Time Sync Status Configure SNMP Configure Security Server Configure DHCP Relay Agent Configure Syslog Figure 27 Precision Time Protocol Menu Section 2 11 4 1 Global PTP Parameters This menu configures system PTP parameters Log out Global Parameters access admin Back PTP Enable No Yes Clock Type Ordinary Clock PTP Profile Default E2E Profile v Ethernet Ports Al VLAN ID Disable Class Of Service Disable Transport Protocol
361. tization character is not configured buffered data will be forwarded based upon the packetization timeout Pack Timer parameter Synopsis 1 to 1000 Default 10 ms The delay from the last received character until when data is forwarded If parameter value is set to be less than 3 ms there is not guaranty that it will be obeyed It will be a minimum possible time in which device can react under certain data load Synopsis 16 to 1400 or Maximum Default Maximum The maximum number of bytes received from serial port to be forwarded Synopsis None XON XOFF Default None The Flowcontrol setting for serial port Synopsis In Out Both Default In The Call direction for TCP Tranport Whether to accept an incoming connection or to place an outgoing connection or to place outgoing connection and wait for incomming both directions Synopsis 1024 to 65535 Default 50000 The local IP port to use when listening for an incoming connection 122 TelnetComPort RUGGEDCOM ROS Chapter 3 User Guide Serial Protocols Parameter Description Rem Port Synopsis 1 to 65535 Default 50000 The remote TCP port to use when placing an outgoing connection This parameter is applicable only to TCP transport IP Address Synopsis HHH HH HHH HHH where ranges from 0 to 255 or Default For direction OUT client remote IP address to use when placing an outgoing TCP connection request For direction
362. to two seconds After Port Guard disables Fast Link Detection on a particular port you can re enable it by clearing the alarm ON In special cases where prolonged and frequent link state change constitutes legitimate link operation this setting prevents the system from disabling Fast Link Detection on the port If excessive link state changes persist for more than two minutes on a particular port an alarm is generated to warn about the observed bouncing link If the condition of excessive link state changes is resolved later on the alarm is cleared automatically Because this option does not disable Fast Link Detection a persistent bouncing link could affect the response time of the system This setting should be used with caution OFF Turning this parameter OFF completely disables Fast Link Detection The switch will need a longer time to detect a link failure This will result in a longer network recovery time of up to two seconds Only use this option if if fast link failure detection is not needed Synopsis 100 ms to 1000 ms Default 100 ms Determines the time that the link has to continuously stay up before the link up decision is made by the device The device performs Ethernet link detection de bouncing to avoid multiple responses to an occasional link bouncing event for example when a cable makes intermittent contact while being plugged in or unplugged When Fast Link Detection is enabled the system prevents link s
363. to 4294967295 The number of received and transmitted packets with a size of 1024 to 1536 octets This includes received and transmitted packets as well as dropped and local received packets This does not include rejected received packets Synopsis 0 to 4294967295 The number of received packets that are dropped due to lack of receive buffers Synopsis 0 to 18446744073709551615 The number of transmitted multicast packets This does not include broadcast packets Synopsis 0 to 18446744073709551615 The number of transmitted broadcast packets Synopsis 0 to 18446744073709551615 The number of received packets which meet all the following conditions 1 Packet data length is less than 64 octets 2 Collision Event has not been detected 3 Late Collision Event has not been detected 4 Packet has valid CRC Synopsis 0 to 18446744073709551615 The number of transmitted unicast packets 154 Viewing Ethernet Port Statistics RUGGEDCOM ROS Chapter 5 User Guide Ethernet Statistics Section 5 3 Clearing Ethernet Port Statistics Log out Clear Ethernet Port Statistics Port1 Port2 Port3 Porta C Port5 Port6 Port7 Port8 Port9 7 Port10 Portti Port12 Port13 Portl4 Portt5 Port16 C Apply Figure 112 Clear Ethernet Port Statistics Form This command clears Ethernet ports statistics for one or more Ethernet ports Ports are chosen by checking the corresponding boxes Se
364. to 4294967295 The number of transmitted good packets ErrorPkts Synopsis 0 to 4294967295 The number of any type of erroneous packet 150 Viewing Ethernet Statistics RUGGEDCOM ROS Chapter 5 User Guide Ethernet Statistics Section 5 2 Viewing Ethernet Port Statistics Ethernet port statistics provide a detailed view of the traffic This is useful when the exact source of error or traffic mix needs to be determined Log out Ethernet Port Statistics Back 1 3673103 2640768 56235 33462 5716606 88166 2536 131 0 o 0 0 0 0 0 0 0 0 3 658288463 1287504977 1443028 295204 658288463 1443028 11041 0 0 4 1353466121 690097031 5109227 1793529 1353634643 5110189 2586099 960891 0 5 2686153 273140867 21093 3624240 2686793 21103 20561 0 0 6 29330820 141833588 330643 895172 29336111 330722 200874 59062 0 z o 0 0 0 0 0 0 0 0 8 0 0 0 0 0 0 0 0 0 Figure 110 Ethernet Port Statistics Table Viewing Ethernet Port Statistics 151 Chapter 5 Ethernet Statistics RUGGEDCOM ROS User Guide Log out Back Ethernet Port Statistics Port InOctets OutOctets InPkts OutPkts TotallnOctets TotallnPkts InBroadcasts InMulticasts CRCAlignErrors OversizePkts Fragments Jabbers Collisions LateCollisions Pkt64Octets Pkt65to127Octets Pkt1 26to255Octets Pkt256t051 1 Octets Pkt512to10230ctets Pkt1024to1536
365. to CoS Mapping Form Parameter Description Priority Synopsis 0 to7 Default 0 This is a value of the IEEE 802 1p priority CoS Synopsis Normal Medium High Crit Default Normal This is a CoS assigned to received tagged frames with the specified IEEE 802 1p priority value 240 Priority to CoS Mapping RUGGEDCOM ROS Chapter 10 User Guide Classes of Service Section 10 2 4 DSCP to CoS Mapping Log out DSCP to CoS Mapping Back Normal Normal Normal Normal Normal Normal Normal Normal Normal Normal 110 Normal 11 Normal 112 Normal E a Figure 176 TOS DSCP to CoS Mapping Table Log out DSCP to CoS Mapping paar Back DSCP lo CoS Normal gt Apply Reload Figure 177 TOS DSCP to CoS Mapping Form Parameter Description DSCP Synopsis 0 to 63 Default 0 This is a Differentiated Services Code Point DSCP a value of the 6 bit DiffServ field in the Type Of Service TOS field of the IP header CoS Synopsis Normal Medium High Crit DSCP to CoS Mapping 241 Chapter 10 RUGGEDCOM ROS Classes of Service User Guide Parameter Description Default Normal This is a Class of Service assigned to received frames with the specified DSCP 242 DSCP to CoS Mapping RUGGEDCOM ROS Chapter 11 User Guide Multicast Filtering 11 Multicast Filtering ROS Multicast Filtering provides the following features e Support for up to 2
366. tory of RuggedSwitch Free files Free handles Free blocks Block size SOS Sul Cie 32 2048 of 2048 4096 Filename Size Hdls Blks Attr Description chia PRAT 0 il i Listing of files and attributes boot bin 1049514 0 O RWB Boot firmware main bin 1169341 0 O RWB Operating system firmware fpga xsvf 55784 0 O RWB FPGA programming file binary file fpga2288 xsvf 2656569 0 O RWB FPGA2288 programming file binary file factory txt 898 0 0 RW Factory data parameters config csv 21506 0 0 RW System settings config bak 21506 0 O RW System settings backup crashlog txt 0 0 0 RW Log of debilitating system events banner txt 0 0 O RW User defined free text banner SOLO rE a Te aes 0 O W SSL Certificate ssh keys 404 0 O W SSH Keys Ss TO gate 16669 0 0 RW Log of system events Gr Guibkiaesi 0 0 0 2 Changed configuration settings Figure 2 Displaying The Directory Of A ROSDevice Section 1 7 3 2 Viewing and Clearing Log Files The crashlog txt and syslog txt files contain historical information about events that have occurred The crashlog txt file will contain debugging information related to problems that might have resulted in unplanned restarts of the device or which may effect the device operation A file size of O bytes indicates that no untoward events have occurred The syslog txt file contains a record of significant events including startups configuration modifications firmware upgrades and database re initializations
367. traffic However if GMRP is globally enabled then GMRP packets are processed by the switch and are not forwarded If STP detects change in the network topology the switch can be configured to flood multicast streams temporarily out of all ports that are not configured as STP Edge Ports Section 11 2 4 GMRP Example In the example depicted in Figure 180 Example using GMRP there are two multicast sources S1 and S2 multicasting to Multicast Groups 1 and 2 respectively A network of five switches including one core Switch B connects the sources to two hosts H1 and H2 which receive the multicast streams from S1 and S2 respectively 248 GMRP Protocol Notes RUGGEDCOM ROS Chapter 11 User Guide Multicast Filtering Sl GMRP unawa e Port Ol G MRP ava e Adv amp Leam G MRP ava me Port B1 Port El G MRP Awa e Adv amp Leam Port Al GMRP Aware Adv Only amp Leam Po t C1 G MRP Ava re Adv amp Learn Edge Switch C PortC2 G MRP avame Adv amp barn Pon E2 Port A2 Mu kicast Group 1 H2 S2 H1 i e G MRP Ava Adv amp karn GMRP unaware G MRP Unava re Mu lta st Group 2 Legend O Multicast Host Multicast Source Figure 180 Example using GMRP Joining the Multicast Groups The sequence of events surrounding the establishment of membership for the two Multicast Groups on the example network is as follows Host H1 is GMRP unaware but needs to see t
368. ts access admin access admin Configuring IGMP Parameters 251 Chapter 11 Multicast Filtering RUGGEDCOM ROS User Guide Parameter Mode Query Interval Router Ports Router Forwarding STP Flooding Section 11 3 2 Global GMRP Configuration This menu configures GMRP parameters common to all ports on the device Description Synopsis Passive Active Default Passive Specifies IGMP mode PASSIVE the switch passively snoops IGMP traffic and never sends IGMP queries ACTIVE the switch generates IGMP queries if no queries from a better candidate for being the querier are detected for a while Synopsis 10 to 3600 Default 60s The time interval between IGMP queries generated by the switch NOTE This parameter also affects the Group Membership Interval i e the group subscriber aging time therefore it takes effect even in PASSIVE mode Synopsis Any combination of numbers valid for this parameter Default None This parameter specifies ports that connect to multicast routers If you do not configure known router ports the switch may be able to detect them however it is advisable to pre configure them Synopsis Off On Default On This parameter specifies whether multicast streams will be always forwarded to multicast routers Synopsis Off On Default Off This parameter specifies whether multicast streams will be flooded out of all STP non edge ports upon topology c
369. ts running the DNP protocol Local addresses will be learned from local responses If the TCP transport is configured a connection will be established to the devices with the corresponding IP address Aging Timer Synopsis 60 to 1000 Default 300s The time of communication inactivity after which a learned DNP address is removed from the device address table Entries in the Link Statistics Table with the aged address will be kept until the statistics are cleared Link Stats Synopsis Disabled Enabled Default Enabled Enables link statistics collection for this protocol DSCP Synopsis 0 to 63 Default 0 To set the DS byte in the IP header DS byte setting is supported in the egress direction only Section 3 3 10 DNP over Raw Socket Log out DNP over RawSocket access admin 1 TCP In f1 21001 21000 Enabled E Out 1 21002 21001 192 168 0 10 Enabled Figure 81 DNP over Raw Socket Table 118 DNP over Raw Socket RUGGEDCOM ROS User Guide Chapter 3 Serial Protocols Log out Back Figure 82 DNP over Raw Socket Form Parameter Port Transport Call Dir Max Conns Loc Port Rem Port IP Address DNP over RawSocket access admin Port 1 Transport TCP UDP Call Dir in y Max Conns fi Loc Port 21001 Rem Port 21000 IP Address Link Stats Disabled Enabled Apply Reload Description Synopsis 1 to4 Default 1 The port number as seen
370. tures e Configuring port physical parameters e Configuring link alarms traps for the port e Configuring port rate limiting e Using Port Mirroring e Cable Diagnostics Viewing port status e Resetting all or some ports Using Link Fault Indication LFI Section 4 1 Controller Protection Through Link Fault Indication LFI Modern industrial controllers often feature backup Ethernet ports used in the event of a link failure When these interfaces are supported by media such as fiber that employ separate transmit and receive paths the interface can be vulnerable to failures that occur in only one of the two paths Refer to the following figure While the link between switch A and the controller functions normally the controller holds the backup link down Switch B learns that it must forward frames towards switch A in order to reach the controller Unfortunately if the transmission path from the controller to switch A fails switch A will still generate link signals to the controller The controller will still detect link to switch A and will not fail over to the backup port Controller Protection Through Link Fault Indication LFI 133 Chapter 4 RUGGEDCOM ROS Ethernet Ports User Guide To Remainder of Network Switch A Switch B Figure 97 Controller Protection Through LFI To overcome this problem there should be a way of notifying the link partner in case a link integrity signal stopped being rece
371. tures e g STP VLAN CoS Multicast Filtering treat a port trunk as a single link If STP puts an aggregated port in blocking forwarding it does it for the whole port trunk If one of the aggregated ports joins leaves a multicast group e g via IGMP or GMRP all other ports in the trunk will join leave too Any port configuration parameter e g VLAN CoS change will be automatically applied to all ports in the trunk Configuration status parameters of the secondary ports will not be shown and their port numbers will be simply listed next to the primary port number in the appropriate configuration status Ul sessions For example 172 Link Aggregation Rules RUGGEDCOM ROS Chapter 6 User Guide Link Aggregation Log out Port CoS Parameters Back No No No No No No a D No No OOO OO 9 910 OO A Wo ha o Figure 125 Displaying Port Trunk Secondary Ports in Layer 2 Feature Configuration When a secondary port is added to a port trunk it inherits all the configuration settings of the primary port When this secondary port is removed from the port trunk the settings it had previous to the aggregation are restored Physical layer features e g physical link configuration link status rate limiting Ethernet statistics will still treat each aggregated port separately Physical configuration status parameters will NOT be automatically applied to o
372. tworks this method is also implemented in wired switches The 802 1X standard defines three major components of the authentication method Supplicant Authenticator and Authentication server Server Supplicant 5 Authenticator Figure 161 802 1X General Topology LAN Authentication Server RUGGEDCOM supports the Authenticator component 802 1X makes use of Extensible Authentication Protocol EAP which is a generic PPP authentication protocol and supports various authentication methods 802 1X defines a protocol for communication between the Supplicant and the Authenticator EAP over LAN EAPOL RUGGEDCOM communicates with the Authentication Server using EAP over RADIUS Supplicant Authenticator Authentication Server EAPOL Start EAP Request Identity EAP Response Identity RADIUS Access Request EAP Request RADIUS Access Challenge EAP Response credentials RADIUS Access Request EAP Success RADIUS Access Accept Figure 162 802 1X Packet Exchange 228 IEEE 802 1X Authentication RUGGEDCOM ROS Chapter 9 User Guide Port Security NOTE The switch supports authentication of one host per port NOTE i If the host s MAC address is configured in the Static MAC Address Table it will be authorized even if the host authentication is rejected by the authentication server Section 9 1 3 IEEE 802 1X with MAC Authentication This method is also known as MAB MAC Authentication Bypass It is commonly
373. uide Diagnostics Section 14 2 Viewing CPU Diagnostics Log out Back Figure 210 CPU Diagnostics Form Parameter Running Time Total Powered Time CPU Usage RAM Total RAM Free RAM Low Watermark Temperature Free Rx Bufs Free Tx Bufs CPU Diagnostics Running Time 9 days 02 59 45 Total Powered Time 72 days 21 00 49 CPU Usage 13 3 RAM Total 33554432 RAM Free 19034616 RAM Low Watermark 18835345 Temperature 38C Free Rx Bufs 500 Free Tx Bufs 100 Reload Description Synopsis DDDD days HH MM SS The length of time since the device was last powered on Synopsis DDDD days HH MM SS The cumulative powered up time of the device Synopsis 0 to 100 The percentage of available CPU cycles used for device operation as measured over the last second Synopsis 0 to 4294967295 The total number of bytes of RAM in the system Synopsis 0 to 429496729 The total number of bytes of RAM still available Synopsis 0 to 4294967295 The total number of bytes of RAM that have not been used during the system runtime Synopsis 32768 to 32767 C The temperature of the CPU board Synopsis 0 to 4294967295 Free Rx Buffers Synopsis 0 to 4294967295 Free Tx Buffers Viewing CPU Diagnostics 283 Chapter 14 RUGGEDCOM ROS Diagnostics User Guide Section 14 3 Viewing and Clearing the System Log The system log records various events including reboots user sign ins alarms and configuration
374. umber as seen on the front plate silkscreen of the switch Synopsis 1 to 65535 Default 30s The time to wait for the Supplicant s EAP Response Identity packet before retransmitting an EAP Request Identity packet Synopsis 0 to 65535 Default 60s The period of time not to attempt to acquire a Supplicant after the authorization session failed Synopsis No Yes Default No Enables or disables periodic re authentication Synopsis 60 to 86400 Default 3600 s The time between periodic re authentication of the Supplicant Synopsis 1to10 Default 2 The number of re authentication attempts that are permitted before the port becomes unauthorized Synopsis 1 to 300 Default 30s 802 1X Parameters 233 Chapter 9 RUGGEDCOM ROS Port Security User Guide Parameter Description The time to wait for the Supplicant s response to the authentication server s EAP packet serverTimeout Synopsis 1 to 300 Default 30s The time to wait for the authentication server s response to the Supplicant s EAP packet maxReq Synopsis 1 to 10 Default 2 The maximum number of times to retransmit the authentication server s EAP Request packet to the Supplicant before the authentication session times out Section 9 2 3 Viewing Authorized MAC Addresses The Authorized MAC Address Table lists the static MAC addresses learned from secure ports NOTE Only MAC addresses authorized on a static MAC port s are shown in the Authorized M
375. upported by RCDP include e Discovery of ROS based devices over a Layer 2 network e Retrieval of basic network configuration ROS version order code and serial number Control of device LEDs for easy physical identification e Configuration of basic identification networking and authentication parameters For security reasons RUGGEDCOM Explorer will attempt to disable RCDP on all devices when Explorer is shut down If RUGGEDCOM Explorer is unable to disable RCDP on a device ROS will automatically disable RCDP after approximately one hour of inactivity NOTE li RCDP is not compatible with VLAN based network configurations For correct operation of RUGGEDCOM Explorer no VLANs tagged or untagged must be configured All VLAN configuration items must be at their default settings NOTE li ROS responds to RCDP requests only It does not under any circumstances initiate any RCDP based communication Section 13 3 Network Discovery Menu The main Network Discovery menu links to configuration menus for both LLDP and RCDP 266 RCDP Operation RUGGEDCOM ROS User Guide Chapter 13 Network Discovery Log out E access Main Menu paleta Administration Ethernet Ports Ethernet Stats Link Aggregation Spanning Tree Virtual LANs Port Security Classes of Service Multicast Filtering MAC Address Tables Network Discovery e Link Layer Discovery Protocol e RuggedCom Discovery Protocol e Diagnostics Figur
376. ure the RS416 as a boundary clock A No the RS416 only supports ordinary clock mode Q Can I use UDP IP transport for PTP on the RS416 A No the RS416 only supports PTP over layer 2 Ethernet transport Q What is the accuracy of the RS416 PTP IEEE1588 Frequently Asked Questions 69 Chapter 2 Administration User Guide RUGGEDCOM ROS A Clock accuracy depends on a number of factors such as the number of hops between master and slave clocks the stability of the master clock and the variation in temperature Normally an RS416 can achieve an accuracy of 100 microseconds How do upgrade the PTP Firmware Core PTP functions are implemented in an FPGA on board the RS416 The FPGA firmware is field upgradeable via the ROS file fpga416 xsvf Please refer to Section 15 4 Upgrading Firmware for details on upgrading ROS firmware files How do configure an IRIG B Slave Using the ROS menu interface complete the following steps in order Each step begins at Administration System Time Manager Configure Time Source set Primary Time Source to IRIGB Configure Time and Date set Time Zone Configure Time and Date set DST Offset Configure Time and Date set DST Rule Configure IRIGB set IEEE 1344 to Yes op WN gt How do configure an IEEE1588 ordinary clock with a GPS time source and layer 3 end to end The following describes how to configure a master and slave clock with a GPS and IEEE1588 time
377. utes to lock the signal User should set reasonable time interval If time interval expire with out acquire the lock then system start distributing the time using local clock IRIGB Cable Compensation Synopsis 1 to 50000 ns or none Default none Cable compensation may be desired to compensate for a long cable run in order to minimize the timing inaccuracy Section 2 11 7 Time Synchronization Status This menu provides summary information on the status of the time synchronization subsystem It provides information related to e Which time source is acting as a primary time source e IRIG B status IEEE 1588 PTP status i e Master or Slave Log out Time Sync Status Back Time Source IEEE1588 IRIGB Status A Figure 37 Time Sync Status Form access admin 66 Time Synchronization Status RUGGEDCOM ROS Chapter 2 User Guide Administration Parameter Description Time Source Synopsis Any 15 characters Displays the time source which is driving the system clock IRIGB Status Synopsis Any 31 characters The status of the IRIG B clock source whether the IRIG B input is connected and if it is whether the received signal is valid Section 2 11 8 PTP IEEE1588 Frequently Asked Questions This section presents commonly asked questions and notes on the configuration of PTP Precision Time Protocol IEEE1588 on the RS416 Q How do configure a Peer to Peer P2P Master Clock A Using the
378. uthNoPriv which is less than authPriv ReadViewName Synopsis noView V1Mib allOfMib Default noView This parameter identifies the MIB tree s to which this entry authorizes read access If the value is noView then read access will not be granted WriteViewName Synopsis noView V1Mib allOfMib Default noView This parameter identifies the MIB tree s to which this entry authorizes write access If the value is noView then write access will not be granted NotifyViewName Synopsis noView V1Mib allOfMib Default noView This parameter identifies the MIB tree s to which this entry authorizes access for notifications If the value is noView then access for notifications will not be granted Section 2 13 RADIUS RADIUS Remote Authentication Dial In User Service is used to provide centralized authentication and authorization for network access ROS assigns a privilege level of Admin Operator or Guest to a user who presents a valid user name and password The number of users who can access the ROS server is ordinarily dependent on the number of user records which can be configured on the server itself ROS can also however be configured to pass along the credentials provided by the user to be remotely authenticated by a RADIUS server In this way a single RADIUS server can centrally store user data and provide authentication and authorization service to multiple ROS servers needing to authenticate connection attempts Secti
379. uthorization Failure ROS generates this alarm and logs a message in the syslog when a host connected to a secure port on the device is communicating using a source MAC address which has not been authorized by ROS or the dynamically learned MAC address has exceeded the total number of MAC addresses configured to be learned dynamically on the secured port This message is only applicable when the port security mode is set to Static MAC Table Configurable Options Message Name Alarm SNMP Trap Syslog MAC Address Authorization Yes Yes Yes Failure Secure Port X Learned MAC Addr on VLAN X ROS logs a message in the syslog and sends a configuration change trap when a MAC address is learned on a secure port Port X indicates the secured port number and VLAN number on that port This message is not configurable in ROS Table Message Details Message Name SNMP Trap Syslog Secure Port X Learned MAC Addr on VLAN Yes Yes X Port Security Violated This message is only applicable when the security mode for a port is set to 802 1x or 802 1x MAC Auth ROS this alarm and logs a message in the syslog when the host connected to a secure port tries to communicate using incorrect login credentials Table Configurable Options Message Name Alarm SNMP Trap Syslog 802 1x Port X Authentication Yes Yes Yes Failure 802 1x Port X Authorized Addr No No Yes XXX 282 Security Messages for Port Authentication RUGGEDCOM ROS Chapter 14 User G
380. ve the LAN segment it is connected to All bridges on the same LAN segment listen to each others messages and agree on which bridge is the designated bridge The ports of other bridges on the segment must become either root alternate or backup ports RP Root Port DP Designated Port AP Alternate Port BP Backup Port 1 Designated Designated Bridge Bridge 2 3 2 Figure 130 Bridge and Port Roles A port is alternate when it receives a better message from another bridge on the LAN segment it is connected to The message that an Alternate Port receives is better than the port itself would generate but not good enough to convince it to become the Root Port The port becomes the alternate to the current Root Port and will become the new Root Port should the current Root Port fail The Alternate Port does not participate in the network RSTP States and Roles 179 Chapter 7 RUGGEDCOM ROS Spanning Tree User Guide A port is a Backup Port when it receives a better message from the LAN segment it is connected to originating from another port on the same bridge The port is a backup for another port on the bridge and will become active if that port fails The Backup Port does not participate in the network Section 7 1 2 Edge Ports A port may be designated an Edge Port if it is directly connected to an end station As such it cannot create bridging loops in the network and can thus directly transition to forwar
381. ve the same sense that they do in RSTP described in Section 7 1 1 RSTP States and Roles under Roles but relative to the CIST Regional Root MSTI Port Roles For each MSTI on a bridge The Root Port provides the minimum cost path from the bridge to the MSTI Regional Root if the bridge itself is not the MSTI Regional Root A Designated Port provides the minimum cost path from an attached LAN via the bridge to the MSTI Regional Root Alternate and Backup Ports have the same sense that they do in RSTP described in Section 7 1 1 RSTP States and Roles under Roles but relative to the MSTI Regional Root The Master Port which is unique in an MST region is the CIST Root Port of the CIST Regional Root and provides the minimum cost path to the CIST Root for all MSTIs 184 MSTP Bridge and Port Roles RUGGEDCOM ROS Chapter 7 User Guide Spanning Tree Boundary Ports A Boundary Port is a port on a bridge in an MST region that connects to either of 1 a bridge belonging to a different MST region or 2 a bridge supporting only RSTP or legacy STP A Boundary Port blocks or forwards all VLANs from all MSTIs and the CIST alike A Boundary Port may be e The CIST Root Port of the CIST Regional Root and therefore also the MSTI Master Port A CIST Designated Port CIST Alternate Backup Port or Disabled At the MST region boundary the MSTI Port Role is the same as the CIST Port Role A Boundary P
382. w features or bug fixes In normal circumstances only the main ROS application firmware is updated the boot loader and FPGA firmware remain invariant The main ROS application firmware image is a binary file available from Siemens Please check the Siemens web site www siemens com ruggedcom for the availability of updates to ROS firmware or contact Siemens support Firmware upgrades may be performed using any of the transfer methods and protocols listed in Section 15 2 File Transfer Mechanisms NOTE i If a Boot upgrade is required from Boot v2 15 0 or older it is recommended to run the flashfiles defrag command from the CLI Shell prior to the bootloader upgrade IMPORTANT Non Controlled NC versions of ROS can not be upgraded to Controlled firmware versions However Controlled firmware versions can be upgraded to an NC firmware version Section 15 4 1 Applying the Upgrade Binary firmware images transferred to the ROS based device are stored in non volatile memory and require a device reset in order to take effect The version ROS shell command will display any firmware updates that are pending Currently running firmware is labeled Current pending upgrades are labeled Next gt version Current ROS CF52 Boot Software v2 14 0 Sep 29 2008 13 25 Current ROS CF52 Main Software v3 6 0 Oct 03 2008 09 33 Next ROS CHS2 Maine soLtware veld ON Jun O02 2009s 08 S16 ROS firmware is provided as a compressed installatio
383. wing Ethernet Statistics This table provides basic Ethernet statistics information which is reset periodically every few seconds This traffic view is useful when the origin and destination of a traffic flow need to be determined Viewing Ethernet Statistics 149 Chapter 5 RUGGEDCOM ROS Ethernet Statistics User Guide Log out Ethernet Statistics access admin Back PortState InOctets OutOctets InPkts_ OutPkts ErrorPkts 1 Down 0 0 0 0 0 2 Up 1484 6044 12 18 0 3 Down 0 0 0 0 0 4 Up 128 0 2 0 0 6 Down 0 0 0 0 0 18 Down 0 0 0 0 0 19 Down 0 0 0 0 0 10 Down 0 0 0 0 0 111 Down 0 0 0 0 0 13 Up 0 128 0 2 0 114 Up oO 192 0 3 0 15 Up 0 128 0 2 0 116 Up 0 128 0 2 0 Hz Up o 192 o 3 0 118 Down 0 0 0 0 0 19 Up 0 0 al 0 20 Up 1192 3 0 0 Figure 109 Ethernet Statistics Table Parameter Description Port Synopsis 1 to maximum port number The port number as seen on the front plate silkscreen of the switch State Synopsis Down Up The port link status InOctets Synopsis 0 to 4294967295 The number of octets in received good packets Unicast Multicast Broadcast and dropped packets OutOctets Synopsis 0 to 4294967295 The number of octets in transmitted good packets InPkts Synopsis 0 to 4294967295 The number of received good packets Unicast Multicast Broadcast and dropped packets OutPkts Synopsis 0
384. y The desired clock accuracy represents instantaneous value of time offset between master and slave clocks System will generate an alarm if time offset from master exceed the desired accuracy Synopsis 1EEE1588 network Non IEEE1588 network Default EEE1588 network Clock servo stability is highly dependent on network personality This parameter allows user to configure network personality to reflect their setup For example whether all devices in the timing plane are IEEE1588 aware IEEE1588 network or timing plane include non IEEE1588 devices as well non IEEE1588 network Please note that IEEE1588 network is independent of traffic load Only E2E mechanism is applicable to non IEEE1588 network Global PTP Parameters 59 Chapter 2 Administration RUGGEDCOM ROS User Guide Section 2 11 4 2 Clock Parameters This menu configures PTP Precision Time Protocol Ordinary Clock attributes Figure 29 Ordinary Clock Form Parameter Domain Number Sync Interval Announce Interval Announce Receipt Timeout Priority1 Priority2 Clock Parameters access admin Domain Number 0 Sync Interval 1s v Announce Interval 2s B Announce Receipt Timeout 3 Priority1 128 Priority2 128 Path Delay Mechanism Peer to Peer v Slave Only No O Yes O Description Synopsis 0 to 127 Default 0 Selects PTP Precision Time Protocol domain number Domain is basically a logical grouping of PTP clocks that synchroniz
385. ys refer to Section 15 8 Certificate and Key Management NOTE i For Non Controlled NC versions of ROS this alarm is only generated when default SSL keys are in use Table Configurable Options Message Name Alarm SNMP Trap Syslog Default Keys In Use Yes Yes Yes Login and Logout Information ROS generates this alarm and logs a message in the syslog when a successful and unsuccessful login attempt occurs A message is also logged in the syslog when a user with a certain privilege level is logged out from the device Login attempts are logged regardless of how the user accesses the device i e SSH Web Console Telnet or RSH However when a user logs out a message is only logged when the user is accessing the device through SSH Telnet or Console Table Configurable Options Message Name Alarm SNMP Trap Syslog Successful Login Yes Yes Yes 280 Security Messages for Login Authentication RUGGEDCOM ROS Chapter 14 User Guide Diagnostics Message Name Alarm SNMP Trap Syslog Failed Login Yes Yes Yes User Logout No No Yes Excessive Failed Login Attempts ROS generates this alarm and logs a message in the syslog after 10 failed login attempts by a user Table Configurable Options Message Name Alarm SNMP Trap Syslog Excessive Failed Login Attempts Yes Yes Yes RADIUS Server Unreachable ROS generates this alarm and logs a message in the syslog when the primary RADIUS server is unreachable Table Configura
Download Pdf Manuals
Related Search