PT-G7828/G7728 User’s Manual
Edition 1.0, December 2017
www.moxa.com/product
© 2017 Moxa Inc. All rights reserved.
www.ipc2u.ru
www.moxa.pro
Page 1: ...PT G7828 G7728 User s Manual Edition 1 0 December 2017 www moxa com product 2017 Moxa Inc All rights reserved www ipc2u ru www moxa pro ...
Page 2: ...l or to the products and or the programs described in this manual at any time Information provided in this manual is intended to be accurate and reliable However Moxa assumes no responsibility for its use or for any infringements on the rights of third parties that may result from its use This product might include unintentional technical or typographical errors Changes are periodically made to th...
Page 3: ...g 3 44 QinQ Settings 3 44 VLAN Table 3 44 Port 3 45 Port Settings 3 45 Port Status 3 46 Link Aggregation 3 47 Link Swap Fast Recovery 3 49 RSTP Grouping 3 49 Multicast 3 50 The Concept of Multicast Filtering 3 50 IGMP Snooping 3 53 IGMP Snooping Setting 3 54 IGMP Group Status 3 55 Stream Table 3 55 Static Multicast Address 3 56 GMRP 3 57 Multicast Filtering Behavior 3 57 QoS 3 58 The Traffic Prior...
Page 4: ...ing 3 94 Monitoring 3 95 CPU Memory Utilization 3 95 Statistics 3 96 Fiber Digital Diagnostics Monitoring Fiber Check 3 97 Event Log 3 99 Tracking Function 3 99 Substation 3 105 IEC 61850 QoS 3 105 GOOSE Check 3 105 MMS server 3 107 A MIB Groups A 1 www ipc2u ru www moxa pro ...
Page 5: ...a switch Moxa switches provide three interfaces to access the configuration settings USB console interface command line interface and web console interface Chapter 3 Featured Functions In this chapter we explain how to access a Moxa switch s various configuration monitoring and management functions The functions can be accessed by USB console Telnet console and web console web browser We describe ...
Page 6: ...w the Moxa switch s IP address you can open the USB console by connecting the Moxa switch to a PC s USB port with a USB cable You can open the Telnet or web based console over an Ethernet LAN or over the Internet The following topics are covered in this chapter USB Console Configuration 115200 None 8 1 VT100 Configuration by Command Line Interface CLI Configuration by Web Console Disabling Telnet ...
Page 7: ... This software can be downloaded free of charge from the Moxa website Before running PComm Terminal Emulator first install the USB console driver on your PC and then connect the Moxa switch s USB console port to your PC s USB port with a USB cable After installing PComm Terminal Emulator open the Moxa switch s USB console as follows 1 From the Windows desktop click Start Moxa PComm Lite Ver1 6 Ter...
Page 8: ... Terminal tab select VT100 for Terminal Type and then click OK to continue 5 In the terminal window the Moxa switch will prompt you to select a terminal type Enter 1 to select ansi vt100 and then press Enter 6 The USB console will prompt you to log in Press Enter and select admin or user Use the down arrow key on your keyboard to select the Password field and enter a password if desired This passw...
Page 9: ...h s IP address is 192 168 127 253 and the Moxa switch s subnet mask is 255 255 255 0 referred to as a Class B network Your PC s IP address must be set to 192 168 xxx xxx if the subnet mask is 255 255 0 0 or to 192 168 127 xxx if the subnet mask is 255 255 255 0 NOTE To connect to the Moxa switch s Telnet or web console your PC host and the Moxa switch must be on the same logical subnet NOTE When c...
Page 10: ...o log in Press Enter and then select admin or user Use the down arrow key on your keyboard to select the Password field and enter a password if desired This password will be required to access any of the consoles web serial Telnet If you do not wish to create a password leave the Password field blank and press Enter 4 The Main Menu of the Moxa switch s Telnet console should appear www ipc2u ru www...
Page 11: ... is on the management VLAN NOTE When connecting to the Moxa switch s Telnet or web console first connect one of the Moxa switch s Ethernet ports to your Ethernet LAN or directly to your PC s Ethernet port You may use either a straight through or cross over Ethernet cable NOTE The Moxa switch s default IP address is 192 168 127 253 After making sure that the Moxa switch is connected to the same LAN...
Page 12: ... options Disabling Telnet and Browser Access If you are connecting the Moxa switch to a public network but do not intend to manage it over the network we suggest disabling both the Telnet and web consoles This is done from the USB console by navigating to System Identification under Basic Settings System Information Disable or enable the Telnet Console and Web Configuration as shown below www ipc2...
Page 13: ... USB port to your PC s COM port The Telnet and web consoles can be opened over an Ethernet LAN or the Internet The web console is the most user friendly interface for configuring a Moxa switch In this chapter we use the web console interface to introduce the console functions There are only a few differences between the web console USB console and Telnet console The following topics are covered in...
Page 14: ...itch s information and event log the operators can easily understand the system and port link status at a glance System Settings The System Settings section includes the most common settings required by administrators to maintain and control a Moxa switch System Information Define System Information items to make it easier to identify different switches that are connected to your network www ipc2u...
Page 15: ... Default Max 30 characters This option is useful for recording a more detailed description of the unit Switch Model name Contact Information Setting Description Factory Default Max 30 characters This option is useful for providing information about who is responsible for maintaining this unit and how to contact this person None Web Login Message Setting Description Factory Default Max 240 characte...
Page 16: ...er account cannot be deleted or disabled Active Setting Description Factory Default Checked This account can access the switch s configuration settings Checked Unchecked This account cannot access the switch s configuration settings Authority Setting Description Factory Default admin This account has read write access of all configuration parameters admin user This account can only view configurat...
Page 17: ... Select an existing account from the Account List table modify the account details and then click Apply to save the changes Deleting an Existing Account Select an account from the Account List table and then click Delete to delete the account www ipc2u ru www moxa pro ...
Page 18: ...ength check If Account Login Failure Lockout is enabled you will need to configure the Retry Failure Threshold and Lockout Time parameters If the number of login attempts exceeds the Retry Failure Threshold users will need to wait the number of minutes configured in Lockout Time before trying again Network Network configuration allows users to configure both IPv4 and IPv6 parameters for management...
Page 19: ...t DHCP The Moxa switch s IP address will be assigned automatically by the network s DHCP server Manual BOOTP The Moxa switch s IP address will be assigned automatically by the network s BootP server Manual The Moxa switch s IP address must be set manually IP Address Setting Description Factory Default IP address for the Moxa switch Assigns the Moxa switch s IP address on a TCP IP network 192 168 1...
Page 20: ... address to indicate the appropriate number of zeros required to fill the undefined fields None IPv6 Global Unicast Address Setting Description Factory Default None Displays the IPv6 Global Unicast address The network portion of the Global Unicast address can be configured by specifying the Global Unicast Prefix and using an EUI 64 interface ID in the low order 64 bits The host portion of the Glob...
Page 21: ...he Moxa switch has been up and running since the last cold start Current Time Setting Description Factory Default User specified time Indicates time in yyyy mm dd format None Clock Source Setting Description Factory Default Local Configure clock source from local time Local NTP Configure clock source from NTP SNTP Configure clock source from SNTP PTP Configure clock source from PTP Time Zone Setti...
Page 22: ...r IP Name Setting Description Factory Default 1st address or name of IP server The IP or domain address e g 192 168 1 1 time stdtime gov tw or time nist gov None IP address or name of secondary time server The Moxa switch will try to locate the secondary SNTP server if the first SNTP server fails to connect Query Period The time period to sync with time server 600secs Enable NTP SNTP Server Settin...
Page 23: ...published in November 2002 expands the performance capabilities of Ethernet networks to control systems that operate over a communication network In recent years an increasing number of electrical power systems have been using a more distributed architecture with network technologies that have less stringent timing specifications IEEE 1588 generates a master slave relationship between the clocks a...
Page 24: ...he normal communication mechanisms of the switch Such an Ethernet switch will synchronize clocks directly connected to one of its ports to the highest possible accuracy PTP Settings Enable IEEE 1588 PTP Setting Description Factory Default Enable Disable Enable or disable the IEEE 1588 PTP feature globally Disabled NOTE When using IEEE 1588 PTP please go to PTP port settings to enable the PTP featu...
Page 25: ...ion Factory Default P2P Configure as the peer to peer method Power profile C37 238 requires the peer to peer method P2P E2E Configure as the end to end method which measures the propagation time between two PTP ports NOTE Please make sure all PTP devices are configured to the same PTP Delay Mechanism Clock settings Sync Interval Setting Description Factory Default 3 128ms 2 256ms 1 512ms 0 1 sec 1...
Page 26: ...lternate domain 3 4 to 127 User defined domains 128 to 255 Reserved 0 NOTE The switch and the grandmaster clock must be in the same PTP domain Transport Mode Setting Description Factory Default 802 3 Configure PTP implementations directly using Ethernet format Default Profile 802 3 Power Profile fixed to 802 3 as C37 238 required IPv4 Configure PTP implementations using UDP IPv4 as a communication...
Page 27: ...ime accuracy within 100ns The value 0xFE is for unknown 0x21 100 ns Timescale Type Setting Description Factory Default PTP Under normal operations the epoch is the PTP epoch The time unit is SI International System seconds PTP UTC Offset Valid Setting Description Factory Default FALSE TRUE In PTP systems whose epoch is the PTP epoch the value of UTC offset is the offset between TAI International A...
Page 28: ...r values take precedence 4 Grandmaster ID Setting Description Factory Default 0 to 255 Only available in Power Profile mode Configure grandmaster ID to identify the grandmaster clock source 255 Check Announce TLV Setting Description Factory Default Enable Disable Only available in Power Profile mode When the profile type is Power profile the switch will not handle the PTP announce messages which d...
Page 29: ...ndustrial Ethernet devices are often located at the endpoints of a system these devices will not always know what is happening elsewhere on the network This means that an industrial Ethernet switch that connects to these devices must provide system maintainers with real time alarm messages Even when control engineers are out of the control room for an extended period of time they can still be info...
Page 30: ...e Turbo Ring path is disconnected If the MSTP topology has changed Coupling Changed Backup path is activated Master Changed Master of the Turbo Ring has changed Master Mismatch When the duplicate master two or more or non master is set up if any Turbo Ring path switch fails the duplicate master switches will automatically renegotiate to determine a new master RSTP Root Changed If the RSTP root has...
Page 31: ...g Changed The tracking status has changed and reacts on Static Route VRRP Tracking Changed The tracking status has changed and reacts on VRRP priority EPS Off On The external power supply for PoE is on EPS On Off The external power supply for PoE is off GOOSE Check Event The GOOSE check status has changed Dying Gasp When power input of power module is lower the system uptime threshold the dying ga...
Page 32: ...iption Trap A notification will be sent to the trap server when an event is triggered E Mail A notification will be sent to the email server defined in the Email Setting Syslog A notification will be sent to the syslog server defined in Syslog Server Setting Relay Supports digital inputs to integrate sensors When an event is triggered the device will automate alarms through the relay output Severi...
Page 33: ...rap or Email Event Log Oversize Action Setting Description Factory Default Overwrite The Oldest Event Log The oldest event log will be overwritten when the event log exceeds 1000 records Overwrite The Oldest Event Log Stop Recording Event Log Additional events will not be recorded when the event log exceeds 1000 records Email Settings Mail Server Setting Description Factory Default IP address or u...
Page 34: ...ecurity No SMTP Server Auth Method Setting Description Factory Default Plain Login CRAM MD5 choose an authentication mechanism PLAIN LOGIN and CRAM MD5 to login SMTP Server Plain Sending a Test Email After you complete the email settings you should first click Apply to activate those settings and then press the Test button to verify that the settings are correct NOTE Auto warning e mail messages w...
Page 35: ... Factory Default IP Address Enter the IP address of Syslog server 1 2 3 used by your network None Port Destination 1 to 65535 Enter the UDP port of Syslog server 1 2 3 514 NOTE The following events will be recorded into the Moxa switch s Event Log table and will then be sent to the specified Syslog Server Cold start Warm start Configuration change activated Power 1 or 2 transition Off to On or On ...
Page 36: ...c port The MAC Address table can be configured to display the following Moxa switch MAC address groups which are selected from the drop down list Drop Down List ALL Select this item to show all of the Moxa switch s MAC addresses ALL Learned Select this item to show all of the Moxa switch s Learned MAC addresses ALL Static Select this item to show all of the Moxa switch s Static Static Lock and Sta...
Page 37: ...r the rom file and then click the Upgrade button TFTP Server 1 Enter the TFTP Server s IP address 2 Input the firmware file name rom and click the Upgrade button Auto Backup Configurator ABC 02 1 Download the updated firmware rom file from Moxa s website www moxa com 2 Save the file to the ABC 02 s Moxa folder The file name cannot be longer than 8 characters and the file extension must be rom 3 Br...
Page 38: ...ABC 02 USB s Moxa folder Sys ini and MAC ini The purpose of saving the two files is to identify which file will be used when Auto load configuration from ABC to system when boot up is activated NOTE MAC ini is named using the last 6 digits of the switch s MAC address without spaces 2 Click Browse to select the configuration file and then click Restore to start loading the configuration into your s...
Page 39: ...gurator ABC 02 Local Click the Backup button to back up the log file to a local drive TFTP Server Enter the TFTP Server s IP address and file name and then click the Backup button Auto Backup Configurator ABC 02 Click Backup to save the configuration file to the ABC 02 The file will be saved in the ABC 02 s Moxa folder with filename Sys ini Auto backup of event log to prevent overwrite This functi...
Page 40: ...e used to perform two functions quickly reset the switch s configuration and save the current configuration and log files to the ABC 02 Please refer to the QIG for how to use the ABC 02 NOTE DO NOT remove the ABC 02 when performing an upgrade backup or restore Restart The Restart function provides users with a quick way to restart the switch s operating system Factory Default The Factory Default f...
Page 41: ...cation data transfers to be integrated onto one network Moxa s PoE switches are equipped with many advanced PoE management functions providing vital security systems with a convenient and reliable Ethernet network Moreover Moxa s advanced PoE switches support the high power PoE standard a 24 VDC direct power input and 20 ms fast recovery redundancy with Turbo Ring and Turbo Chain PoE Settings The ...
Page 42: ...nfiguration NOTE The configuration is different depending on whether the PoE power output managed by item is set to Allocated Power or Measured Power PoE Power Management by Allocated Power PoE Power Management by Measured Power www ipc2u ru www moxa pro ...
Page 43: ...cted devices to exceed the total measured power limit the switch with will deny power to the device with the lowest priority Enable Deny next port when exceed This setting only appears when PoE power output management mode is set to Allocated Power Setting Description Factory Default wattage Assigns the Total allocated power limit for all PoE ports combined 720 W Deny low priority port when exceed...
Page 44: ...ction checkbox enables the system to output power to the PD In this case it will take 10 to 15 seconds for PoE power to be output through this port after the switch is turned on Setting Description Factory Default Checked Enables legacy PD detection Unchecked Unchecked Disables legacy PD detection Power Priority Use Power Priority when managing PoE power with measured power mode The smaller the nu...
Page 45: ...ck function Unchecked Unchecked Disables the PD Failure Check function PoE Device IP Address Setting Description Factory Default Max 15 Characters Enter the PD s IP address None No Response Timeout Setting Description Factory Default 1 to 10 The maximum number of IP checking cycles 3 Check Period Setting Description Factory Default 5 to 300 Enter maximum time allowed for each IP checking cycle 10 ...
Page 46: ... power on days that are not check marked Start End Time Setting Description Factory Default Configured time period Enter the hour of the day the configuration will be enabled and the hour of the day the configuration will be disabled 0 to 24 PoE Warning Event Settings Since industrial Ethernet devices are often located at the endpoints of a system these devices do not always know what is happening...
Page 47: ...s the following limits 802 3 af 350 mA 802 3 at 600 mA High Power 720 mA Force 600 mA PoE PD Failure Check When the switch does not receive a PD response after the defined period Over Measured Power Limitation When the total PD power consumption exceeds the total measured power limit PoE FETBad When the MOSFET of the port is out of order please contact Moxa for technical service PoE over Temperatu...
Page 48: ...gh or low or the PD s detected capacitance is too high Unknown Unknown PD connected to the port Classification Item Description N A The port is not classified 0 to 4 Class 0 to 4 Unknown Unknown class for the port in this case it will usually be higher than class 4 Voltage V Item Description N A No voltage output on the port Voltage Display the voltage of the port PoE Port Configuration Suggestion...
Page 49: ... is detected at under 46 V the system suggests raising the voltage Enable PoE function for detection The system suggests enabling the PoE function PoE Port Status Monitoring Configuration Refresh Rate Setting Description Factory Default 5 to 300 The period of time for the system to refresh the PoE Port Status in seconds 5 Port Status Status Description Item Description Not Present No connection to...
Page 50: ...s enabled or disabled Power Output Indicates the power output of each PoE port Class Indicates the classification of each PoE port Current mA Indicates the actual current consumed by each PoE port Voltage V Indicates the actual voltage consumed by each PoE port Consumption Watts Indicates the actual Power consumed by each PoE port PD Failure Check Status Indicates the PD Failure Check status of ea...
Page 51: ...ANs you can segment your network into Departmental groups You could have one VLAN for the marketing department another for the finance department and another for the product development department Hierarchical groups You could have one VLAN for directors another for managers and another for general staff Usage groups You could have one VLAN for email users and another for multimedia users Benefits...
Page 52: ... or Layer 3 switching device VLANs Tagged and Untagged Membership The Moxa switch supports 802 1Q VLAN tagging a system that allows traffic for multiple VLANs to be carried on a single physical link backbone trunk When setting up VLANs you need to understand when to use untagged or tagged membership of VLANs Simply put if a port is on a single VLAN it can be an untagged member but if the port need...
Page 53: ...should be configured as an Access Port with PVID 3 Port 6 connect a single untagged device and assigns it to VLAN 5 it should be configured as an Access Port with PVID 5 Port 7 connects a single untagged device and assigns it to VLAN 4 it should be configured as an Access Port with PVID 4 After the application is properly configured Packets from Device A will travel through Trunk Port 3 with tagge...
Page 54: ... pushed down to the VLAN ID Configuration Panel when the user clicks the Add button The VLAN ID Configuration Table can be used to configure the settings for individual ports Quick Setting Panel Administrators can use the Quick Setting Panel to quickly configure VLAN settings for single ports or groups of ports To configure a group of ports type the port names in the Port column separated commas f...
Page 55: ... to different Moxa switch units PVID Setting Description Factory Default 1 to 4094 Sets the default VLAN ID for untagged devices connected to the port 1 Tagged VLAN Setting Description Factory Default 1 to 4094 This field will be active only when selecting the Trunk or Hybrid port type Set the other VLAN ID for tagged devices that connect to the port Use commas to separate different VIDs None Unta...
Page 56: ...hese characters a z A Z 0 9 _ Null QinQ Settings NOTE Moxa s layer 3 switches support the IEEE 802 1ad QinQ function which allows users to tag double VLAN headers into a single Ethernet frame TPID Setting Description Factory Default 8100 to FFFF Assign the TPID of the second VLAN tag 8100 QinQ Enable Setting Description Factory Default Enable Disable Enable VLAN QinQ function Disable VLAN Table ww...
Page 57: ...access port transmission speed flow control and port type MDI or MDIX Enable Setting Description Factory Default Checked Allows data transmission through the port Checked Unchecked Immediately shuts off port access Media Type Setting Description Factory Default Media type Displays the media type for each module s port N A Description Setting Description Factory Default Max 63 characters Specifies ...
Page 58: ...ned by the Auto process between the Moxa switch and connected devices Setting Description Factory Default Enable Enables flow control for this port when the port s Speed is set to Auto Disabled Disable Disables flow control for this port when the port s Speed is set to Auto MDI MDIX Setting Description Factory Default Auto Allows the port to auto detect the port type of the connected Ethernet devi...
Page 59: ...n this trunk group Load sharing MAC client traffic can be distributed across multiple links To avoid broadcast storms or loops in your network while configuring a trunk first disable or disconnect all ports that you want to add to the trunk or remove from the trunk After you finish configuring the trunk enable or re connect the ports If all ports on both switch units are configured as 100BaseTX an...
Page 60: ...rk1 Trk2 Trk3 Trk4 depends on switching chip capability some Moxa switches only support 3 trunk groups Specifies the current trunk group Trk1 The PT G7728 G8728 supports 4 Trunk Groups Trunk Type Setting Description Factory Default Static Selects Moxa s static trunking protocol Static LACP Selects LACP IEEE 802 3ad Link Aggregation Control Protocol Static Trunking Status The Trunking Status table ...
Page 61: ...Console utility s Link Swap recovery page or the Web Browser interface s Link Swap fast recovery page as shown below Link Swap Fast Recovery Setting Description Factory Default Enable Disable Select the checkbox to enable the Link Swap Fast Recovery function Enable RSTP Grouping The purpose of RSTP grouping is to fulfil the legacy requirement of IEDs or PLCs that utilize RSTP to communicate with e...
Page 62: ...hat carry multicast traffic This section explains multicasts multicast filtering and how multicast filtering can be implemented on your Moxa switch The Concept of Multicast Filtering What is an IP Multicast A multicast is a packet sent by one host to multiple hosts Only those hosts that belong to a specific multicast group will receive the multicast If the network is set up correctly a multicast c...
Page 63: ...ng since high volumes of traffic must be sent to several end stations at the same time but where broadcasting the traffic to all end stations would cause a substantial reduction in network performance Furthermore several industrial automation protocols such as Allen Bradley EtherNet IP Siemens Profibus and Foundation Fieldbus HSE High Speed Ethernet use multicast These industrial Ethernet protocol...
Page 64: ... default setting is IGMP V1 V2 NOTE Moxa Layer 3 switches are compatible with any device that conforms to the IGMP v2 and IGMP v3 device protocols Layer 2 switches only support IGMP v1 v2 IGMP Multicast Filtering IGMP is used by IP supporting network devices to register hosts with multicast groups It can be used on all LANs and VLANs that contain a multicast capable IP router and on other network ...
Page 65: ...namically GMRP functions similarly to GVRP except that GMRP registers multicast addresses on ports When a port receives a GMRP join message it will register the multicast address to its database if the multicast address is not registered and all the multicast packets with that multicast address are able to be forwarded from this port When a port receives a GMRP leave message it will de register th...
Page 66: ...le Select the Enable Multicast Fast Forwarding Mode checkbox to achieve fast multicast forwarding path re learning while the ring redundant network is down Note Turbo Ring V2 or Turbo Chain must be enabled Disabled Enable IGMP Snooping Setting Description Factory Default Enable Disable Enables or disables the IGMP Snooping function on that particular VLAN Enabled if IGMP Snooping is enabled global...
Page 67: ...the current active IGMP groups that were detected On this page you can view IGMP group settings by VLAN ID The information shown in the table includes Dynamic Router Port Indicates that a multicast router connects to or sends packets from these port s Static Router Port Displays the static multicast querier port s Querier Connected Port Displays the port that is connected to the querier Role Indic...
Page 68: ...Static Multicast Address NOTE The MAC address 01 00 5E XX XX XX will appear on the Static Multicast Address page Activate IGMP Snooping to implement automatic classification MAC Address Setting Description Factory Default Integer Type the MAC address in the MAC Address field to specify a static multicast address None Member Port Setting Description Factory Default Select Deselect Select the approp...
Page 69: ...tatus The Moxa switch displays the current active GMRP groups that were detected MAC Address The Multicast MAC address Static Port This multicast address is defined by static multicast Learned Port This multicast address is learned by GMRP Multicast Filtering Behavior Multicast Filtering Behavior supports two options Forward Unknown and Filter Unknown Multicast Filtering Behavior Setting Descripti...
Page 70: ...ary to keep adding bandwidth to the network Traffic prioritization uses the four traffic queues that are present in your Moxa switch to ensure that high priority traffic is forwarded on a different queue from lower priority traffic Traffic prioritization provides Quality of Service QoS to your network Moxa switch traffic prioritization depends on two industry standard methods IEEE 802 1D a layer 2...
Page 71: ...gured with VLANs and VLAN tagging The traffic flow through the switch is as follows A packet received by the Moxa switch may or may not have an 802 1p tag associated with it If it does not then it is given a default 802 1p tag which is usually 0 Alternatively the packet may be marked with a new 802 1p value which will result in all knowledge of the old 802 1p tag being lost Because the 802 1p prio...
Page 72: ...ach prevents the lower priority frames from being starved of opportunity for transmission with only a slight delay to the higher priority frames Weight Fair Strict In the Strict priority scheme all top priority frames egress a port until that priority s frames egress This approach can cause the lower priorities to be starved of opportunity for transmitting frames but ensures that all high priority...
Page 73: ...ombination For instance if a hot higher priority port is required for a network design TOS DSCP Inspection and Cos Inspection can be disabled This setting leaves only port default priority active which results in all ingress frames being assigned the same priority on that port Priority Mapping CoS Value and Priority Queues Setting Description Factory Default 0 to 7 Maps different CoS values to 8 d...
Page 74: ... industrial Ethernet switches not only prevent broadcast storms but can also be configured to a different ingress rate for all packets giving administrators full control of their limited bandwidth to prevent undesirable effects caused by unpredictable faults The Control Mode setting on the Rate Limiting page can be set to Normal or Port Disable Control Mode Setting Description Factory Default Norm...
Page 75: ...K 512K 1M 2M 4M 8M 10 100Mbps 15 150Mbps 25 250Mbps 35 350Mbps 50 500Mbps 65 650Mbps 85 850Mbps Limit Broadcast 8M Limit Broadcast Multicast Flooded Unicast Limit Broadcast Multicast Limit Broadcast Egress Rate Limit Setting Description Factory Default Egress rate Select the egress rate limit of max throughput for all packets from the following options Not Limited 3 5 10 15 25 35 50 65 85 Unlimite...
Page 76: ...s from the following options Not Limited 44640 74410 148810 223220 372030 520840 744050 Unlimited Security Security can be categorized into two levels the user name password level and the port access level Moxa switches provide many kinds of security functions including Management Interface Trusted Access SSL SSH Authentication certificate Login Authentication IEEE 802 1X MAC Authentication Bypass...
Page 77: ...on Factory Default Select Deselect Select the appropriate checkboxes to enable Moxa Service NOTE Moxa Service is only for Moxa network management software suite TCP Port 4000 UDP Port 4000 Enable Moxa Service Encrypted Setting Description Factory Default Select Deselect Select the appropriate checkboxes to enable Moxa Service Encrypted NOTE Moxa Service Encrypted is only for Moxa network managemen...
Page 78: ...ant access to any host on a specific subnetwork For example enter IP address 192 168 1 0 with netmask 255 255 255 0 to allow access to all IPs on the subnet defined by this IP address subnet mask combination Grant access to all hosts Make sure the Trusted Access list is not enabled by removing the checkmark from Enable trusted access The following table shows additional configuration examples Host...
Page 79: ...nerate Setting Description Factory Default Select Deselect Enable SSH Key Re generate Deselect Authentication Login Authentication Moxa switches provide three different user login authentications TACACS Terminal Access Controller Access Control System Plus RADIUS Remote Authentication Dial In User Service and Local The TACACS and RADIUS mechanisms are centralized AAA Authentication Authorization a...
Page 80: ...ry Default Authentication Protocol Authentication protocol selection Local Server IP Name Sets the IP address of an external TACACS RADIUS server as the authentication database None TCP UDP Port Sets the communication port of an external TACACS RADIUS server as the authentication database TACACS 49 RADIUS 1812 Shared Key Sets specific characters for server authentication verification None Authenti...
Page 81: ...requests from the switch Authentication Server The server that performs the actual authentication of the supplicant Authenticator Edge switch or wireless access point that acts as a proxy between the supplicant and the authentication server requesting identity information from the supplicant verifying the information with the authentication server and relaying a response to the supplicant The Moxa...
Page 82: ... set the 802 1X Local User Database as the authentication database Re Auth Global Setting Description Factory Default Enable Disable Select enable to require re authentication of the client after a preset time period of no activity has elapsed Enable Re Auth Period sec Setting Description Factory Default 60 to 65535 Sets the Re Auth period 3600 Enable 802 1X Setting Description Factory Default Sel...
Page 83: ...actory Default User Name Max of 30 characters User Name for the Local User Database None Password Max of 16 characters Password for the Local User Database None Confirm Password Max of 16 characters Confirm Password for the Local User Database None Description Max of 30 characters Description for the Local User Database None NOTE The user name for the IEEE 802 1X Local Database is case insensitive...
Page 84: ...Default 60 to 65535 Sets the Re Auth period 3600 Re Start Setting Description Factory Default Enable Disable Select enable to require a present time period to re start authentication after failure of authentication Disable Re Start Period sec Setting Description Factory Default 5 to 300 Sets the Re Start period 60 Enable MAC Authentication Bypass Setting Description Factory Default Select Deselect...
Page 85: ...y Default Select Deselect Enables using the same setting as Auth Server Deselect Server Setting Setting Description Factory Default Server IP Name Specifies the IP name of the server None Server Port Specifies the port of the server 1812 Server Shared Key Specifies the shared key of the server None www ipc2u ru www moxa pro ...
Page 86: ...a new MAC address tries to access a port after the maximum number of MAC addresses have already been learned The total number of allowed MAC addresses cannot exceed 1024 Port Security Mode Mode Setting Description Factory Default Static Port Lock The switch will block unauthorized MAC addresses and allow access to packets with a MAC address defined in the Static Unicast MAC Address Table None MAC ...
Page 87: ...ives a packet with an unlearned MAC address the port will be disabled Static Port Lock Port Number Setting Description Factory Default Port Number Associates the static address to a dedicated port None VID Setting Description Factory Default VLAN ID Associates the static address to a dedicated VLAN on the port None MAC Address Setting Description Factory Default MAC Address Adds the static unicast...
Page 88: ...Associates the static address to a dedicated port None VID Setting Description Factory Default VLAN ID Associates the static address to a dedicated VLAN on the port None MAC Address Setting Description Factory Default MAC Address Adds the static unicast MAC address into the address table None www ipc2u ru www moxa pro ...
Page 89: ...witches only support Ingress ACL Access control lists ACLs increase the flexibility and security of networking management ACLs provide traffic filtering capabilities for ingress and egress packets Moxa ACLs can manage filter criteria for a diverse range of protocols and allow users to configure customized filter criteria For example users can deny access to specific source or destination IP MAC ad...
Page 90: ...its from a switch the ACL will compare the packet to the rules in the access lists starting from the first rule If a packet is rejected or accepted by the first rule the switch will drop or pass this packet directly without checking the rest of the lower priority rules In other words Access Control Lists have Priority Index as an attribute to define the priority in the web configuration console Th...
Page 91: ...D is not unique with respect to the profile name The ID changes when swapping the priority of different access control profiles The maximum Priority Index number is 16 Name You can name the access control profile in this field Filter Name Select filtering by either IP or MAC address Detailed settings can be configured in the Access Control Rule Settings page If a selected ACL ID is already in the ...
Page 92: ...access control profile you would like to edit based on the ACL ID and then set up the rule content and ingress egress ports After configuring click the Add button to add the rule to the list Finally click Apply to activate the settings An access control rule displays setting options based on the filtering type used IP Based Layer 2 Device www ipc2u ru www moxa pro ...
Page 93: ...ecific subnet ranges to filter It allows checking the source or destination of the packet Choose Any if you do not need to use this criteria IP Protocol Select the type of protocols to be filtered Moxa provides ICMP IGMP IP over IP TCP and UDP as options in this field TCP UDP Source Destination Port If TCP or UDP are selected as the filtering protocol these fields will allow you to enter port numb...
Page 94: ...PT G7828 G7728 Featured Functions 3 82 MAC Based Layer 2 Device www ipc2u ru www moxa pro ...
Page 95: ...s to filter It allows checking the source or destination of the packet Choose Any if you do not need to use this criterion Ethernet Type Select the type of Ethernet protocol to filter Options are IPv4 ARP RARP IPv6 IEE802 3 PROFIENT LLDP and IEEE1588 VLAN ID Enter a VLAN ID you would like to filter by Once ready click the Add button to add the rule to the list and set up the ingress egress ports a...
Page 96: ...and all the rules will be displayed in the table DHCP IP Port Binding Designated IP Address Setting Description Factory Default IP Address Set the desired IP of connected devices None DHCP Relay Agent The DHCP Relay Agent makes it possible for DHCP broadcast messages to be sent over routers The DHCP Relay Agent enables DHCP clients to obtain IP addresses from a DHCP server on a remote subnet or th...
Page 97: ... are uniquely identified The Option 82 information contains 2 sub options Circuit ID and Remote ID which define the relationship between the end device IP and the DHCP Option 82 server The Circuit ID is a 4 byte number generated by the Ethernet switch a combination of physical port number and VLAN ID The format of the Circuit ID is shown below FF VV VV PP This is where the first byte FF is fixed t...
Page 98: ...ption Factory Default Enable or Disable Enable or disable the DHCP Option 82 function Disable Assign Remote ID by Setting Description Factory Default IP Uses the switch s IP address as the remote ID sub IP MAC Uses the switch s MAC address as the remote ID sub IP Client ID Uses a combination of the switch s MAC address and IP address as the remote ID sub IP Other Uses the user designated ID sub IP...
Page 99: ...te Read Community Community string No Uses a community string match for authentication SNMP V3 No Auth No No Uses an account with admin or user to access objects MD5 or SHA Authentication based on MD5 or SHA No Provides authentication based on HMAC MD5 or HMAC SHA algorithms 8 character passwords are the minimum requirement for authentication MD5 or SHA Authentication based on MD5 or SHA Data encr...
Page 100: ...ccess objects without authentication No MD5 Auth Authentication will be based on the HMAC MD5 algorithms 8 character passwords are the minimum requirement for authentication No SHA Auth Authentication will be based on the HMAC SHA algorithms 8 character passwords are the minimum requirement for authentication No Enable Admin Data Encryption Key for SNMP V1 V2c V3 and V3 only Setting Description Fa...
Page 101: ...st IP Address 1 Setting Description Factory Default IP or name Specifies the IP address or name of the primary trap server used by your network None 1st Trap Community Setting Description Factory Default Max 30 characters Specifies the community string to use for authentication Public Host IP Address 2 Setting Description Factory Default IP or name Specifies the IP address or name of the secondary...
Page 102: ...thms 8 character passwords are the minimum requirement for authentication SHA Auth Authentication will be based on the HMAC SHA algorithms 8 character passwords are the minimum requirement for authentication Enable Data Encryption Key Setting Description Factory Default Enable Enables data encryption using the specified data encryption key between 8 and 30 characters NA Disable No data encryption ...
Page 103: ...name Specifies the IP address or name of the primary trap server used by your network NA 1st Trap Community Setting Description Factory Default Max 30 characters Specifies the community string to use for authentication Public Host IP Address 2 Setting Description Factory Default IP or name Specifies the IP address or name of the secondary trap server used by your network None 2nd Trap Community Se...
Page 104: ...thms 8 character passwords are the minimum requirement for authentication SHA Auth Authentication will be based on the HMAC SHA algorithms 8 character passwords are the minimum requirement for authentication Enable Data Encryption Key Setting Description Factory Default Enable Enables data encryption using the specified data encryption key between 8 and 30 characters NA Disable No data encryption ...
Page 105: ...tors to diagnose network systems LLDP Ping and Port Mirror LLDP Overview LLDP is an OSI Layer 2 protocol defined by IEEE 802 11AB LLDP standardizes the self identification advertisement method and allows each networking device such as a Moxa managed switch to periodically send its system and configuration information to its neighbors Because of this all LLDP devices are kept informed of each other...
Page 106: ... uses the ping command to give users a simple but powerful tool for troubleshooting network problems The function s most unique feature is that even though the ping command is entered from the user s PC keyboard the actual ping command originates from the Moxa switch itself In this way the user can essentially sit on top of the Moxa switch and send ping commands out through its ports To use the Pi...
Page 107: ...ll be used to monitor the activity of the monitored port Monitoring You can monitor statistics in real time from the Moxa switch s web console and USB console CPU Memory Utilization The CPU Memory Utilization page displays the status of system resources Monitor this information to quickly and easily understand the working status of the switch CPU Utilization Setting Description Factory Default Rea...
Page 108: ...ted every few seconds allowing the user to analyze data transmission activity in real time Monitor by Port Access the Monitor by Port function by selecting FE or GE Ports or Port i in which i 1 2 G2 from the left pull down list The Port i options are identical to the Monitor by System function discussed above in that users can view graphs that show All Packets TX Packets RX Packets or Error Packet...
Page 109: ... facilitate the troubleshooting process for optical fiber links and reduce costs for onsite debugging Fiber Check Fiber Check is used to diagnose the link status of fiber connectors including SFP and fixed type Multi mode SC ST Single mode SC connectors Monitor the temperature TX RX power and other parameters on fiber ports to determine if the ports are working properly Enable the trap email warni...
Page 110: ...34 0 SFP 1FEMLC T 120 5 0 21 0 37 0 SFP 1FESLC T 120 3 0 8 0 37 0 SFP 1FELLC T 120 3 0 8 0 37 0 SFP 1GSXLC T 110 1 0 12 5 18 0 SFP 1GLSXLC T 120 2 0 12 0 19 0 SFP 1GLXLC T 120 0 0 12 5 20 0 SFP 1GLHLC T 120 1 0 11 0 23 0 SFP 1GLHXLC T 120 4 0 7 0 24 0 SFP 1GZXLC T 120 8 0 3 0 24 0 SFP 1G10ALC T 120 0 0 12 0 21 0 SFP 1G10BLC T 120 5 0 21 0 34 0 SFP 1G20ALC T 120 1 0 11 0 23 0 SFP 1G20BLC T 120 5 0 ...
Page 111: ...his event Event Events that have occurred NOTE The following events will be recorded into the Moxa switch s Event Log Table Cold start Warm start Configuration change activated Power 1 2 transition Off On Power 1 2 transition On Off Authentication fail Topology changed Master setting is mismatched Port traffic overload dot1x Auth Fail Port link off on Tracking Function This function is only availa...
Page 112: ...ertain remote devices by IP address Logic Tracking This function is a logic flow that can combine the interface tracking ping tracking and the logic tracking item with AND or OR logic Tracking Function Setting Description Factory default Enable Disable Enable or disable the tracking feature Disabled Interface Tracking Enable Setting Description Factory default Enable Disable Enable or disable the ...
Page 113: ...ion Factory default Range 0 to 100 000ms The status will change from up to down once the status of the monitored port or interface is less than the delay time If 100 000 ms is entered the status will not change to down even if the monitored port interface is down 1000 Ping Tracking Enable Setting Description Factory default Enable Disable Enable or disable the interface tracking feature Enabled Tr...
Page 114: ...e to down even if the condition is reached 3 Logical Tracking Enable Setting Description Factory default Enable Disable Enable or disable the interface tracking feature Disabled Tracking ID This is the ID of the logical tracking entry The tracking ID is unique in interface tracking ping tracking and logical tracking Logic List Choose the Tracking ID that the user wants to put in the logic list up ...
Page 115: ...e equal to the VRRP priority configuration If the VRRP entry binds a tracking entry and the status of the bound tracking entry is down then the running VRRP priority would be VRRP priority configuration minus decrement TID The tracking entry ID can affect the VRRP entry Decrement Settings Description Factory Default Decrement Range 0 to 255 This is the amount that will be reduced from the priority...
Page 116: ... TID entry is down the routing address will be erased from the routing table TID The tracking entry ID can affect the Static Route Port Settings For detailed port settings please refer to the port section settings If the status of related TID entry is up the port will be enabled If the status of TID entry is down the port will be disabled This can be observed in the page port status TID The tracki...
Page 117: ...oS Disable GOOSE Setting Description Factory Default High Medium Normal Low The priority of the GOOSE message High SMV Setting Description Factory Default High Medium Normal Low The priority of the GOOSE message Medium GOOSE Check The switch can snoop the GOOSE messages passing through the switch and show the communication status of GOOSE messages on this page The user can manually change the GOOS...
Page 118: ...ssage GOOSE Address Destination MAC address of ingress GOOSE message IED Name IED name of ingress GOOSE message VID VLAN ID of ingress GOOSE message Ingress Port The ingress port of GOOSE message Rx Counter Packet counter of ingress GOOSE message Status The status of GOOSE message communication Health The communication status of the GOOSE message is normal Timeout The communication status of the G...
Page 119: ...ed once the port link is down and the device is turned off Reset Reset the Rx counter and the status of the selected GOOSE messages Delete Delete selected GOOSE message Set Static Set the communication status of the GOOSE message to static entry MMS server A built in MMS Manufacturing Message Specification server allows Ethernet switches to be controlled monitored and managed via a Power SCADA sys...
Page 120: ...fTable MIB II 4 IP Group ipAddrTable ipNetToMediaTable IpGroup IpBasicStatsGroup IpStatsGroup MIB II 5 ICMP Group IcmpGroup IcmpInputStatus IcmpOutputStats MIB II 6 TCP Group tcpConnTable TcpGroup TcpStats MIB II 7 UDP Group udpTable UdpStats MIB II 10 Transmission Group dot3 dot3StatsTable MIB II 11 SNMP Group SnmpBasicGroup SnmpInputStats SnmpOutputStats MIB II 17 dot1dBridge Group dot1dBase dot...
Page 121: ...Traps Cold Start Link Up Link Down Authentication Failure dot1dBridge New Root dot1dBridge Topology Changed Private Traps Configuration Changed Power On Power Off Traffic Overloaded Turbo Ring Topology Changed Turbo Ring Coupling Port Changed Turbo Ring Master Mismatch Module Insert or Remove PortLoopDetectedTrap RateLimitedOnTrap LLDPChgTrap ABC 02 error Account Authentication Success Account Aut...
Page 122: ...PT G7828 G7728 MIB Groups A 3 Tracking Static Route Change Tracking port enable change EPS on EPS off GOOSE Check Dying Gasp www ipc2u ru www moxa pro ...
