WAGO 852-1322 Manual Download Page 32

Page: 32 / 84

32 Function Description

852-1322/852-1328 Industrial Managed Switch

Manual

1.0.01

6.1.2

RADIUS

The RADIUS is a networking protocol that provides authentication, authorization

and accounting (AAA) management for devices to connect and use a network

services. Figure “RADIUS Authentication Sequence” shows a diagram of

RADIUS authentication sequence.

Figure 9: RADIUS Authentication Sequence

6.1.3

MACSec

WAGO industrial managed switches support advanced security features that

allow traffic encryption and high throughput. MACsec or Media Access Control

Security is a security standard specified by IEEE also called IEEE 802.1AE. This

IEEE MAC security standard provides connectionless user data confidentiality,

frame data integrity, and data origin authenticity. MACsec can establish point-to-

point security on ETHERNET links between directly connected nodes. WAGO

industrial managed switches support this security feature and can be used to

transparently secure an IEEE 802 LAN connection to a peer device (such as

another switch) that also supports the MACsec.

MACsec defines two terms called secure channel and connectivity association

when setting up a secure communication between two switches. A secure

channel in MACsec is unidirectional and used for transmitting (outbound traffic)

or receiving (inbound traffic) data. A connectivity association when MACsec is

enabled consists of two secure channels: one for inbound traffic and one for

outbound traffic.

The point-to-point links can be secured by MACsec after matching security keys

are exchanged and verified between the ports on two different secure switches.

The static secure association key (SAK) security mode is when the user manually

configured the same static secure association key (SAK) on both sides of a

connection. There is no key server in this mode and the keys must be matched

on the ports of both switches. This can be viewed as setting up two secure

channels within a connectivity association. It is suggested to have a periodic

manual key update in order to prevent the key to be broken by brute-force attack.

Summary of Contents for 852-1322

Page 1: ...10_ 0 do cx 4053 88 1 Manual 852 1322 Managed Switch 8 Port Gb MACsec 852 1328 Managed Switch 6 Port Gb 2FOC MACsec 1 0 1 Pos 3 Alle Se rien Allge meine Mo dule Rec htliches Allgem eines Imp ress um f...

Page 2: ...measure has been taken to ensure the accuracy and completeness of this documentation However as errors can never be fully excluded we always appreciate any information or suggestions for improving the...

Page 3: ...erating the Industrial Switches 11 2 1 Safety Advice Precautions 12 3 Device Description 15 3 1 View 16 3 1 1 Front View 16 3 1 2 Top View 17 3 2 Connectors 18 3 2 1 Grounding screw 18 3 2 2 Power Sup...

Page 4: ...7 4 4 Password 48 7 4 5 Clock 49 7 5 Diagnostics 51 7 5 1 SNMP 51 7 5 1 1 SNMP Agent 54 7 5 1 2 SNMP V1 V2c Community 54 7 5 1 3 SNMP Trap 56 7 5 1 4 SNMP V3 Auth 57 7 5 2 Modbus TCP 59 7 5 3 System...

Page 5: ...Table of Contents 5 852 1322 852 1328 Industrial Managed Switch Manual 1 0 01 E nde der Liste f r Tex tma rke Ve rzeic hnis_v orn e...

Page 6: ...r Doku me ntatio n G l tigkeits ber eich Do kum enta tion 852 xxxx 16 mod _13 784 582 086 96_ 21 d ocx 130 868 1 This documentation is only applicable to WAGO ETHERNET accessory products Managed Switc...

Page 7: ...mein e M odul e Siche rh eits und s onsti ge Hinw eise Vo rsicht Vo rsicht _Wa rnu ng vo r Per sone nsch de n allge mei n_ Erl ut eru ng 13 mo d_13 433 100 287 62_ 21 d ocx 101 038 1 Personal Injury...

Page 8: ...d Switch Manual 1 0 01 Additional Information Refers to additional information which is not an integral part of this documentation e g the Internet Pos 11 6 Dok ume ntati on all gem ein Glie de rung s...

Page 9: ...23 mo d_14 356 471 860 05_ 21 d ocx 184 814 2 1 1 5 Font Conventions Pos 11 10 Alle Se rien Allge mein e Mo dule Rec htliches Allgem eines Schriftk onv entio nen 3 mod _12 210 5952 143 7_2 1 do cx 21...

Page 10: ...or from the legal protection of utility patents Third party products are always mentioned without any reference to patent rights Thus the existence of such rights cannot be excluded 3 m od_ 122 234 63...

Page 11: ...if t 2 und Inhal t 3 mo d_1 222 346 2394 53_ 21 docx 22 261 3 1 2 1 5 Standards and Regulations for Operating the Industrial Switches Please observe the standards and regulations that are relevant to...

Page 12: ...ing the appropriate key or tool Pos 14 12 3 Alle Seri en Allg emei ne Mod ule Sich er heits und sons tige Hi nweise Gefa hr Gefa hr U nfallve rh tung svors chrift en beac hten 6 mo d_1 260 180 6570 00...

Page 13: ...nweise Ac htun g Achtu ng V erp olung en der D aten u nd Ve rsor gun gsleitu nge n ve rmei den 6 mo d_1 2601 840 457 44_ 21 d ocx 467 67 1 Do not reverse the polarity of connection lines Avoid reverse...

Page 14: ...erference in residential areas This is a Class B device and therefore suitable to be used also in residential areas without specific measures to prevent interference Pos 14 15 D okum ent ation allge m...

Page 15: ...uses GCM AES to implement point to point security for ETHERNET links between switches In other words it can secure a network from a whole host of security threats including intrusion man in the middl...

Page 16: ...Table 3 Legend for the Figure Front View of the Industrial Managed Switch Pos Descrip tion Meaning For Details see Section 1 PWR Power is being supplied through the Power input Device Descriptions Un...

Page 17: ...end for the Figure Top View of the Industrial Managed Switch No Descrip tion Meaning For Details see Section 1 Grounding screw Device Description Connectors 2 Connector male for power consumption RPS...

Page 18: ...r G er teb eschr eibu ng Ansc hl sse Anschl s se 8 52 150 5 00 0 0 01 Er dun gssch rau be 35 mod _15 635 1124 232 7_2 1 d ocx 5546 49 3 1 3 2 1 Grounding screw The switch must be grounded Connect the...

Page 19: ...e top of the switch Both PWR and RPS support input voltage between 9 and 48 VDC The male connector shows the following pin assignment Figure 4 Power Supply Connector Table 5 Legend for Figure Power Su...

Page 20: ...Figure Network Connections No Desig nation Meaning For Details see Section 1 852 1328 6 x RJ 45 connections 10 100 1000BASE T Device Description 10 100 1000BASE T Ports 2 852 1328 2 x SFP connections...

Page 21: ...ansmission modes These ports also provide automatic crossover detection Auto MDI MDI X with plug and play capabilities Simply plug the network cables into the ports they then adapt to the end node dev...

Page 22: ...supply Off The primary power supply has been switched off or a fault has occurred RPS Redundant Power System LED Green The industrial managed switch uses the redundant power supply Off The redundant p...

Page 23: ...ustrial managed switch Figure 8 Label Table 9 Legend for Figure Label Item Product Label Description Item No Item number IN Device input and maximum current and voltage Ambient Temp Operating temperat...

Page 24: ...e of protection IP30 3 5 2 System Data Table 11 Technical Data System Data MAC table 16384 entries Jumbo Frame Size 10 kB Wavelength optical fibers Depends on SFP module Maximum lengths 10 100 1000BAS...

Page 25: ...ckets IEEE 802 1ae for MACsec 3 5 5 Environmental Conditions Table 15 Technical Data Environmental Conditions Surrounding air temperature operation 20 70 C Surrounding air temperature storage 40 85 C...

Page 26: ...6 1 Conformity Marking Pos 20 29 D okum ent ation allge mein Gliede run gsele me nte Lee rabs atz 2 Z 3 mod _12 2466 275 568 7_0 docx 24 460 1 Pos 20 30 Se rie 8 52 ETHERNET Zu beh r Ger te besch reib...

Page 27: ...ure that the heat output from the industrial managed switch and ventilation around it is adequate Do not place any heavy objects on the industrial managed switch 4 2 Installation on a Carrier Rail The...

Page 28: ...ence from electromagnetic radiation Observe the corresponding standards for EMC compatible installations as well 2 Plug the female connector into the male connector of the switch if it has not already...

Page 29: ...optics 1 Insert the respective SFP modules 2 Ensure that the fiber optic ports are clean You can clean the cable connectors by wiping them with a clean cloth or a cotton ball soaked with a little eth...

Page 30: ...witch support both autosensing and auto negotiation 1 Connect one end of the twisted pair cable of the type Category 3 5 5e to an available RJ 45 port on the industrial managed switch and the other en...

Page 31: ...e as the authentication server Authenticator The Authenticator is a network device i e the WAGO Industrial managed switch that acts as a proxy between the supplicant and the authentication server It p...

Page 32: ...transparently secure an IEEE 802 LAN connection to a peer device such as another switch that also supports the MACsec MACsec defines two terms called secure channel and connectivity association when...

Page 33: ...he changed configuration settings to take effect 7 1 Login 1 To open the WBM launch a Web browser e g Microsoft Edge or Mozilla Firefox or Google Chrome 2 Enter the IP address of the device i e WAGO 8...

Page 34: ...ity Warning Page a Please click on the red box Advanced button and click on Accept the Risk and Continue button as shown in Figure Security Warning Page Figure 11 Security Warning Page 6 After pressin...

Page 35: ...r update your changes to apply the settings 12 It is highly recommended to avoid using the factory default password during the actual operation of your device Therefore if you logged in with the defau...

Page 36: ...mation Legal Information Configuration System Settings Network Settings Port Settings Password Clock Diagnostics SNMP Modbus TCP System Log Port Monitor Security Static SAK Secure Code 802 1X Maintena...

Page 37: ...e second tries will have 0 second waiting time The third try will have a waiting time of 10 seconds The fourth try will have a waiting time of 100 seconds The fifth up to tenth tries will have a waiti...

Page 38: ...the characters in the security card and use them to enter them in the Secure code textbox as shown in Figure Example of Dialog after Clicking Forget it Button The secure code dialog in Figure Example...

Page 39: ...age to immediately update the password as shown in Figure Re direction to Change Password Tab Page When you finished changing the new password click on the Submit button The system will prompt you wit...

Page 40: ...O 852 1322 switch Table WBM Information Page System Information Tab summarizes the description of each field of system information Figure 21 WBM Information Page System Information Tab Table 17 WBM In...

Page 41: ...has two tabs that are WAGO Licenses and Open Source Licenses They list all information and terms about software license agreement 7 3 2 1 WAGO Licenses Figure 22 WBM Information Page Legal Information...

Page 42: ...mit button to update the information on the switch Figure WBM Configuration Page System Settings Tab shows System Settings page of an 852 1322 industrial managed switch model Table WBM Configuration P...

Page 43: ...ch can obtain IP address setting automatically from a DHCP server available on the user s local network If the DHCP is enabled the rest of the fields will be disabled Note that the user should consult...

Page 44: ...ed parameters will be automatically assigned Otherwise user can set up the static IP address and related fields manually Static IP Address 192 168 1 254 This field displays current IP address The user...

Page 45: ...n Figure 26 WBM Configuration Page Port Settings Tab The description of each parameter and its default value in Port Settings tab page are summarized in Table WBM Configuration Page Port Settings Tab...

Page 46: ...e box which are Port 7 and Port 8 Therefore the tab in Figure WBM Configuration Page Fiber Port Speed Setting Tab will allow the user to set the data rate or communication speed on each of the fiber p...

Page 47: ...er Port Speed Setting Tab Table 21 WBM Configuration Page Fiber Port Speed Setting Tab Parameters Factory Default Description Ports Fiber port number on the industrial managed switch For WAGO 852 1328...

Page 48: ...irm its correctness Please click on the Submit button to update the user name and password information on the switch Figure 28 WBM Configuration Page Password Tab The description of each parameter and...

Page 49: ...two standards one is the UTC time and the other is the Local time which is the time converted by Timezone The 12 hour format check box can be checked for 12 hour format or unchecked for 24 hour format...

Page 50: ...field displays the current local time on the device The local time for the device is read only cannot be changed It is display in the format of HH MM SS UTC 12 30 30 This field displays the current UT...

Page 51: ...SNMP manager and the device the SNMP agent The string is included in every packet transmitted between the SNMP manager and the SNMP agent The SNMP community acts like a password and is used to define...

Page 52: ...52 Configuration in the WBM 852 1322 852 1328 Industrial Managed Switch Manual 1 0 01 Figure 30 WBM Diagnostics Page SNMP Tab...

Page 53: ...Configuration in the WBM 53 852 1322 852 1328 Industrial Managed Switch Manual 1 0 01...

Page 54: ...ters Factory Default Description SNMP Enabled Disable Check the box to enable SNMP agent SNMP Version V3 Check the desired SNMP Version as either V1 V2c and or V3 7 5 1 2 SNMP V1 V2c Community SNMP V1...

Page 55: ...the Add button Figure 32 SNMP V1 V2c Community Setting Table WBM Diagnostics Page SNMP Tab SNMP V1 V2c Community Setting briefly provides descriptions of SNMP V1 V2c community string setting Table 25...

Page 56: ...P Trap section Figure 33 WBM Diagnostics Page SNMP Tab SNMP Trap The SNMP Trap Mode allows users to configure SNMP Trap mode or Inform mode by selecting the desired mode from the dropdown list as show...

Page 57: ...e maximum length of the string is 15 characters 7 5 1 4 SNMP V3 Auth As mentioned earlier SNMP V3 is a more secure SNMP protocol In this part the user will be able to set a password and an encryption...

Page 58: ...ered in the Encryption Key field and re entered again in Confirmed Key field After filling all the required fields please click on Add button to update the information on the industrial managed switch...

Page 59: ...nagement Information Base MIB browser The switch will be a Modbus slave which can be remotely configured by a Modbus master The Modbus slave address must be set to match the setting inside the Modbus...

Page 60: ...he Modbus Port field Click Submit button to set the Modbus TCP Table WBM Diagnostics Page Modbus TCP Tab summarizes the descriptions of the Modbus TCP s parameters Please refer to Appendix 0 for the M...

Page 61: ...Log Setting Tab The syslog can be saved to flash memory inside the industrial managed switch and or it can be sent to a remote log server The user needs to select the log level and provides the IP add...

Page 62: ...server Syslog Server IP 0 0 0 0 Set the IP address of Syslog server Syslog Server Service Port 514 Set the service port number of Syslog server Range from Port 1 to Port 65535 7 5 3 2 Log The Log tab...

Page 63: ...ic refresh cycle in seconds by entering the number in the corresponding field Note that the log records are sorted by date and time Table WBM Page Diagnostics System Log Log Tab summarizes the descrip...

Page 64: ...resh cycle sec Disable 20 Select the check box to enable cyclic refresh Enter the cycle time in seconds in which a cyclic refresh is performed The label of the button Refresh Start Stop changes depend...

Page 65: ...t status whether a port is connected Link Up Green color or disconnected Link Down Yellow color or disabled Black color Table WBM Diagnostics Page Port Monitor Tab summarizes the descriptions of each...

Page 66: ...nable secure association mode on industrial managed switch s port s first select one of the two ports from the dropdown list under the Ports Then check the Enabled box Then enter the Secure Channel Id...

Page 67: ...e Enabled box Then click on the Submit button This will update the status of the setting in the Static SAK Status table in the lower part of the Figure WBM Page Security Static SAK Tab Table 33 WBM Pa...

Page 68: ...of Secure Codes They can be used to log in to the industrial managed switch when the user forgot the password and selected the Forget it button at the login dialog The use of the device recovery card...

Page 69: ...328 Industrial Managed Switch Manual 1 0 01 7 6 3 IEEE 802 1X The 802 1X tab under the Security page is subdivided into three sub tabs which are Setting Parameters Setting and Port Setting as shown be...

Page 70: ...tion fields will become active The user then have to enter all the required fields to configure the 802 1X Setting which are the IP address of RADIUS server the RADIUS server s port number the RADIUS...

Page 71: ...ers Shared Key NULL A shared key between the managed switch and the RADIUS Server Both devices must be configured to use the same key where the maximum length is 30 characters Confirmed Shared Key Dep...

Page 72: ...server to respond to the supplicant s EAP packet The range is from 10 to 300 seconds Maximum Requests 2 The maximum number of the retransmissions that the authentication server can send the EAP reque...

Page 73: ...X security on any of the port s click one of the port or press Ctrl key and click multiple ports on the list and choose the Authorization Mode from the dropdown list and click the Update button To che...

Page 74: ...rmware from WAGO s website and save it in a local computer Then the users can click Browse button and choose the firmware file that is already downloaded The switch s firmware typically has a dld exte...

Page 75: ...n the Reset button as shown in Figure WBM Maintenance Page Reset to Default Tab When the switch is restarted the web browser will be re directed to the login web page as depicted in Figure Login Web P...

Page 76: ...ion box the user will be prompted to save or keep the file name 852 1322_XXX XXX XXX XXX ini by the Web browser Choosing to Save File will back up the switch s current configuration to your local driv...

Page 77: ...ustrial Managed Switch Manual 1 0 01 7 7 4 Reboot A simple reboot function is provided in this tab page requiring only one single click on the Reboot button as shown in Figure WBM Maintenance Page Reb...

Page 78: ...ss or user The user can logout of the device by either browsing to the Logout page and click Logout button or using the logout quick button which is located on the upper right corner of the web page a...

Page 79: ...2 Hi byte 0x04 Word 2 Lo byte 0x05 0x0024 36 1 word R Kernel Version Ex Version 1 03 Word 0 Hi byte 0x01 Word 0 Lo byte 0x03 IP Information 0x0050 80 1 word R DHCP Status 0x0000 Disabled 0x0001 Enabl...

Page 80: ...R Port Speed Status 10M 0x01 Status 100M 0x02 Status 1000M 0x03 Word 0 Hi byte Port 1 Status Word 0 Lo byte Port 2 Status Word 1 Hi byte Port 3 Status Word 1 Lo byte Port 4 Status Word 2 Hi byte Port...

Page 81: ...21 WBM Information Page System Information Tab 40 Figure 22 WBM Information Page Legal Information WAGO Licenses Tab 41 Figure 23 WBM Information Page Legal Information Open Source License Tab 41 Fig...

Page 82: ...fault Tab 75 Figure 49 Login Web Page 75 Figure 50 WBM Maintenance Page Backup Restore Tab 76 Figure 51 WBM Maintenance Page Reboot Tab 77 Figure 52 WBM Maintenance Page Logout Tab 78 Figure 53 Logout...

Page 83: ...Links and WBM Pages 36 Table 17 WBM Information Page System Information Tab 40 Table 18 WBM Configuration Page System Settings Tab 42 Table 19 WBM Configuration Page System Settings Tab 44 Table 20 WB...

Page 84: ...CI 2 017 2 8 mo d_1 486 477 503 580 _21 docx 40 539 4 1 WAGO Kontakttechnik GmbH Co KG Postfach 2880 D 32385 Minden Hansastra e 27 D 32423 Minden Phone 49 571 887 0 Fax 49 571 887 844169 E Mail info...

Search results

Summary of Contents for 852-1322

Reviews:

Related manuals for 852-1322

Brands by name

Popular brands

WAGO 852-1322, Manual

Search results

Summary of Contents for 852-1322

Reviews:

Related manuals for 852-1322

Brands by name

Popular brands