RuggedCom RSG2488 User Manual Download

Page: 1 / 194

Rugged Operating System (ROS)®

v4.0 User Guide

RUGGEDCOM RSG2488

April 5, 2013

www.RuggedCom.com

Summary of Contents for RSG2488

Page 1: ...Rugged Operating System ROS v4 0 User Guide RUGGEDCOM RSG2488 April 5 2013 www RuggedCom com ...

Page 2: ...nt is reviewed regularly and any necessary corrections will be included in subsequent editions We appreciate any suggested improvements We reserve the right to make technical improvements without notice Registered Trademarks RuggedServer RuggedWireless RuggedCom Discovery Protocol RCDP RuggedExplorer Enhanced Rapid Spanning Tree Protocol eRSTP ROX Rugged Operating System On Linux RuggedBackbone Cr...

Page 3: ... 2 Key Files 3 1 2 2 1 SSL Certificates 3 1 2 2 2 SSH Key Pairs 5 1 3 Available Services 7 1 4 SNMP Management Interface Base MIB Support 8 1 4 1 Supported Standard MIBs 8 1 4 2 Supported Proprietary RuggedCom MIBs 9 1 4 3 Supported Agent Capabilities 10 1 5 SNMP Traps 10 1 6 ModBus Management Support 12 1 6 1 ModBus Function Codes 12 1 6 2 ModBus Memory Map 13 1 6 3 ModBus Memory Formats 17 1 6 3...

Page 4: ...SQL Commands 37 2 6 4 1 Finding the Correct Table 38 2 6 4 2 Retrieving Information 38 2 6 4 3 Changing Values in a Table 40 2 6 4 4 Resetting a Table 40 2 6 4 5 Using RSH and SQL 41 2 7 Managing the Flash File System 41 2 7 1 Viewing a List of Flash Files 42 2 7 2 Viewing a List of Flash File Details 42 2 7 3 Defragmenting the Flash File System 43 2 8 Accessing BIST Mode 43 2 9 Accessing the Boot...

Page 5: ...c Ethernet Ports 64 3 7 6 Configuring an Ethernet Port 65 3 7 7 Configuring Port Mirroring 67 3 7 8 Configuring Link Detection 69 3 7 9 Resetting Ethernet Ports 70 3 8 Managing IP Interfaces 70 3 8 1 Configuring the Management IP Interface 71 3 8 2 Managing Switch IP Interfaces 72 3 8 2 1 Viewing a List of Switch IP Interfaces 72 3 8 2 2 Adding a Switch IP Interface 72 3 8 2 3 Deleting a Switch IP...

Page 6: ...nfiguring an Alarm 99 4 4 4 Authentication Related Security Alarms 101 4 4 4 1 Security Alarms for Login Authentication 102 4 5 Managing the Configuration File 104 4 5 1 Configuring Data Encryption 104 4 5 2 Updating the Configuration File 105 4 6 Managing an Authentication Server 106 4 6 1 Managing RADIUS Authentication 106 4 6 1 1 Configuring the RADIUS Server 107 4 6 1 2 Configuring the RADIUS ...

Page 7: ... 5 2 2 3 RSTP Port Redundancy 129 5 2 3 MSTP Operation 129 5 2 3 1 MSTP Regions and Interoperability 130 5 2 3 2 MSTP Bridge and Port Roles 131 5 2 3 3 Benefits of MSTP 132 5 2 3 4 Implementing MSTP on a Bridged Network 133 5 2 4 Configuring STP Globally 133 5 2 5 Configuring STP for Ethernet Ports 135 5 2 6 Configuring eRSTP 137 5 2 7 Viewing Global Statistics for STP 139 5 2 8 Viewing STP Statis...

Page 8: ...ng SNMP Users 163 5 6 1 1 Viewing a List of SNMP Users 163 5 6 1 2 Adding an SNMP User 164 5 6 1 3 Deleting an SNMP User 166 5 6 2 Managing Security to Group Mapping 167 5 6 2 1 Viewing a List of Security to Group Maps 167 5 6 2 2 Adding a Security to Group Map 167 5 6 2 3 Deleting an SNMP Security Model 168 5 6 3 Managing SNMP Groups 169 5 6 3 1 Viewing a List of SNMP Groups 169 5 6 3 2 Adding an...

Page 9: ...y and effectively Alerts The following types of alerts are used when necessary to highlight important information DANGER DANGER alerts describe imminently hazardous situations that if not avoided will result in death or serious injury WARNING WARNING alerts describe hazardous situations that if not avoided may result in serious injury and or equipment damage CAUTION CAUTION alerts describe hazardo...

Page 10: ...for previous releases are also available For any questions about the documentation or for assistance finding a specific document contact a RuggedCom Sales representative Training RuggedCom offers a wide range of educational services ranging from in house training of standard courses on networking Ethernet switches and routers to on site customized courses tailored to the customer s needs experienc...

Page 11: ...tomer support is available 24 hours 7 days a week for all RuggedCom customers For technical support or general information please contact Customer Support at Toll Free North America 1 866 922 7975 International 1 905 856 5288 E Mail Support RuggedCom com Online www RuggedCom com ...

Page 12: ...Preface RUGGEDCOM RSG2488 User Guide xii Customer Support ...

Page 13: ...perating System ROS Features Simple plug and play operation automatic learning negotiation and crossover detection MSTP 802 1Q 2005 formerly 802 1s RSTP 802 1w and Enhanced Rapid Spanning Tree eRSTP network fault recovery 5ms Quality of Service 802 1p for real time traffic VLAN 802 1Q with double tagging IGMP Snooping for multicast filtering Port configuration status statistics mirroring security ...

Page 14: ...ice When the device returns create and program new keys for the device Restrict physical access to the device to only trusted personnel A person with malicious intent in possession of the flash card could extract critical information such as certificates keys etc user passwords are protected by hash codes or reprogram the card Control access to the serial console to the same degree as any physical...

Page 15: ...s own CA This technique is described in the RuggedCom application note Creating Uploading SSH Keys and SSL Certificates to ROS Using Windows available from www ruggedcom com The sequence of events related to Key Management during an upgrade to ROS 4 0 or later is as follows NOTE The auto generation of SSH keys is not available for Non Controlled NC versions of ROS On first boot ROS will start the ...

Page 16: ...igned X 509 v3 SSL certificate with a 1024 bit RSA key suitable for use in ROS Note that two standard PEM files are required the SSL certificate and the RSA private key file These are concatenated into the resulting ssl crt file which may then be uploaded to ROS RSA key size BITS 1024 20 years validity DAYS 7305 Values that will be stored in the Distinguished Name fields COUNTRY_NAME CA Two letter...

Page 17: ... ea cc 51 41 aa 4e 85 7c 01 ea c3 1e 9e 98 2a a9 62 48 d5 27 1e d3 18 cc 27 7e a0 94 29 db 02 5a e4 03 51 16 03 3a be 57 7d 3b d1 75 47 84 af b9 81 43 ab 90 fd 6d 08 d3 e8 5b 80 c5 ca 29 d8 45 58 5f e4 a3 ed 9f 67 44 0f 1a 41 c9 d7 62 7f 3f Exponent 65537 0x10001 X509v3 extensions X509v3 Subject Key Identifier EC F3 09 E8 78 92 D6 41 5F 79 4D 4B 7A 73 AD FD 8D 12 77 88 X509v3 Authority Key Identif...

Page 18: ... SSH key generated by ROS Private Key 1024 bit priv 00 b2 d3 9d fa 56 99 a5 7a ba 1e 91 c5 e1 35 77 85 e8 c5 28 36 pub 6f f3 9e af e6 d6 fd 51 51 b9 fa d5 f9 0a b7 ef fc d7 7c 14 59 52 48 52 a6 55 65 b7 cb 38 2e 84 76 a3 83 62 d0 83 c5 14 b2 6d 7f cc f4 b0 61 0d 12 6d 0f 5a 38 02 67 a4 b7 36 1d 49 0a d2 58 e2 ff 4a 0a 54 8e f2 f4 c3 1c e0 1f 9b 1a ee 16 e0 e9 eb c8 fe e8 16 99 e9 61 81 ed e4 f2 58...

Page 19: ...ly but can be configured NOTE In certain cases the service might be disabled but the port can stil be open e g TFTP Port Default The default state of the port i e open or closed Access Authorized Denotes whether the ports services are authenticated during access Services Port Number Port Open Port Default Access Authorized Note Telnet TCP 23 Open configurable Closed Yes Only available through two ...

Page 20: ...ed Yes Only available through two management interfaces Remote Syslog UDP 514 configurable Open configurable Closed No Only available through two management interfaces TCP Modbus RuggedServer TCP 502 Open Open No Only available through two management interfaces TCP Modbus Ruggedswitch TCP 502 Open configurable Closed No Section 1 4 SNMP Management Interface Base MIB Support ROS supports a variety ...

Page 21: ... Objects for Bridges with Rapid Spanning Tree Protocol RFC 3411 SNMP FRAMEWORK MIB An Architecture for Describing Simple Network Management Protocol SNMP Management Framework RFC 3414 SNMP USER BASED SM MIB User based Security Model USM for Version 3 of the Simple Network Management Protocol SNMPv3 RFC 3415 SNMP VIEW BASED ACM MIB View bsed Access Control Model VACM for the Simple Management Proto...

Page 22: ...MIB AC rcSnmpViewBasedAcmMibAC mib RC SNMP VIEW BASED ACM MIB AC SNMP VIEW BASED ACM MIB AC rcifmibAC mib RC IF MIB AC IF MIB rcbridgemibAC mib RC BRIDGE MIB AC BRIDGE MIB rcrmonmibAC mib RC RMON MIB AC RMON MIB rcqbridgemibAC mib RC Q BRIDGE MIB AC Q BRIDGE MIB rcipmibAC mib RC IP MIB AC IP MIB rclldpmibAC mib RC LLDP MIB AC LLDP MIB rcrstpmibAC mib RC RSTP MIB AC RSTP MIB rcrcrstpmibAC mib RC RU...

Page 23: ... RuggedCom generic traps NOTE Information about generic traps can be retrieved using the CLI command alarms For more information about the alarms command refer to Section 2 6 1 Available CLI Commands Table 6 Generic Traps Trap Severity heap error Alert NTP server failure notification real time clock failure Error failed password Warning MAC address not learned by switch fabric Warning received loo...

Page 24: ... Memory Map Section 1 6 3 ModBus Memory Formats Section 1 6 1 ModBus Function Codes RuggedCom devices support the following ModBus function codes for device management through ModBus NOTE While RuggedCom devices have a variable number of ports not all registers and bits apply to all products Registers that are not applicable to a particular device return a zero 0 value For example registers referr...

Page 25: ...uctinfo table Address Registers Description Reference Table in UI R W Format 0000 16 Product Identification R Text 0010 32 Firmware Identification R Text 0040 1 Number of Ethernet Ports R Uint16 0041 1 Number of Serial Ports R Uint16 0042 1 Number of Alarms R Uint16 0043 1 Power Supply Status R PSStatusCmd 0044 1 FailSafe Relay Status R TruthValue 0045 1 ErrorAlarm Status R TruthValue Product Writ...

Page 26: ...stics Ethernet In Packets R Uinst32 0406 2 Port s1 p4 Statistics Ethernet In Packets R Uinst32 0408 2 Port s2 p1 Statistics Ethernet In Packets R Uinst32 040A 2 Port s2 p2 Statistics Ethernet In Packets R Uinst32 040C 2 Port s2 p3 Statistics Ethernet In Packets R Uinst32 040E 2 Port s2 p4 Statistics Ethernet In Packets R Uinst32 0410 2 Port s3 p1 Statistics Ethernet In Packets R Uinst32 0412 2 Por...

Page 27: ...p2 Statistics Ethernet Out Packets R Uinst32 044C 2 Port s2 p3 Statistics Ethernet Out Packets R Uinst32 044E 2 Port s2 p4 Statistics Ethernet Out Packets R Uinst32 0450 2 Port s3 p1 Statistics Ethernet Out Packets R Uinst32 0452 2 Port s3 p2 Statistics Ethernet Out Packets R Uinst32 0454 2 Port s3 p3 Statistics Ethernet Out Packets R Uinst32 0456 2 Port s3 p4 Statistics Ethernet Out Packets R Uin...

Page 28: ...ort s3 p4 Statistics Ethernet In Packets R Uinst32 0498 2 Port s4 p1 Statistics Ethernet In Packets R Uinst32 049A 2 Port s4 p2 Statistics Ethernet In Packets R Uinst32 049C 2 Port s4 p3 Statistics Ethernet In Packets R Uinst32 049E 2 Port s4 p4 Statistics Ethernet In Packets R Uinst32 04A0 2 Port s5 p1 Statistics Ethernet In Packets R Uinst32 04A2 2 Port s5 p2 Statistics Ethernet In Packets R Uin...

Page 29: ...tics Ethernet Out Packets R Uinst32 04DE 2 Port s4 p4 Statistics Ethernet Out Packets R Uinst32 04E0 2 Port s5 p1 Statistics Ethernet Out Packets R Uinst32 04E2 2 Port s5 p2 Statistics Ethernet Out Packets R Uinst32 04E4 2 Port s5 p3 Statistics Ethernet Out Packets R Uinst32 04E6 2 Port s5 p4 Statistics Ethernet Out Packets R Uinst32 04E8 2 Port s6 p1 Statistics Ethernet Out Packets R Uinst32 04EA...

Page 30: ...nts an ASCII representation of the characters for the product identification which reads as SYSTEM NAME Since the length of this field is smaller than eight registers the rest of the field is filled with zeros 0 Section 1 6 3 2 Cmd The Cmd format instructs the device to set the output to either true or false The most significant byte comes first FF 00 hex requests output to be True 00 00 hex reque...

Page 31: ...locatoin 0x03FE 0x04 0x03 0xFE 0x00 0x02 The response depends on how many parts are available on the device For example if the maximum number of ports on a connected RuggedCom device is 20 the response would be similar to the following 0x04 0x04 0xF2 0x76 0x00 0x05 In this example bytes 3 and 4 refer to register 1 at location 0x03FE and represent the status of ports 1 16 Bytes 5 and 6 refer to reg...

Page 32: ...power supply status are derived from the RuggedCom specific SNMP MIB Reading the Power Supply Status from a Device Using PSStatusCmd To understand how to read the power supply status from a device using PSStatusCmd consider a ModBus Request to read multiple registers from location 0x0043 0x04 0x00 0x43 0x00 0x01 The response may look like 0x04 0x02 0x00 0x0A The lower byte of the register displays...

Page 33: ...lable on the device the default certificate and keys are used immediately so that SSH and SSL https sessions can be served Auto Generated If a default SSL certificate and SSL SSH keys are in use ROS immediately begins to generate a unique certificate and SSL SSH keys for the device in the background This process takes approximately 5 minutes to complete depending on how busy the device is at the t...

Page 34: ...vdZT3Tyd29yCADy8GwA eUmoWXLS C4CcBqPa9til8ei3rDn w8dveVHsi9FXjtVSYqN ilKw moMAjZy4kN kpdpHMohwv 909VWR1AZbr YTxaG tKl5bqXnZl4wHF8xAkEA5vwut8USRg2 TndOt1e8ILEQNHvHQdQr2et xNH4ZEo7mqot6skkCD1xmxA6XG64hR3BfxFSZcew Wr4SOFGCtQJBAMurr5FYPJRFGzPM3HwcpAaaMIUtPwNyTtTjywlYcUI7iZVVfbdx 4B7qOadPybTg7wqUrGVkPSzzQelz9YCSSV8CQFqpIsEYhbqfTLZEl83YjsuaE801 xBivaWLIT0b2TvM2O7zSDOG5fv4I990v mgrQRtmeXshVmEChtKnBcm7HH0...

Page 35: ...location Table or FAT 32 file system on a microSD or microSDHC Flash card up to a capacity of 4GB 3 1 2 4 Figure 1 microSD Card Slot 1 Cover 2 Screws 3 microSD Flash Card 4 Card Slot The primary purpose of the microSD card is to regain access to the device in the case of data corruption in the internal Flash memory If a version of the firmware main bin exists on the card ROS will load the firmware...

Page 36: ...Chapter 1 Introduction RUGGEDCOM RSG2488 User Guide 24 Removable Memory ...

Page 37: ...necting the device Section 2 1 1 Connecting to ROS Through a Direct Connection Section 2 1 2 Connecting to ROS Through the Network Section 2 1 1 Connecting to ROS Through a Direct Connection ROS can be accessed through a direct serial or Ethernet connection Using the RS232 Serial Console Port To establish a serial connection to the device do the following 1 Connect a terminal or a computer running...

Page 38: ...mputer running terminal emulation software Using a Web Browser Web browsers provide a secure connection to the Web interface for ROS using the SSL Secure Socket Layer communication method SSL encrypts traffic exchanged with its clients The ROS Web server guarantees that all communications with the client are private If a client requests access through an insecure HTTP port the client is automatica...

Page 39: ... terminal emulation software do the following 1 Select the service i e Telnet RSH or SSH 2 Enter the IP address for the device 3 Connect to the device Once the connection is established the login form appears For more information about logging in to the device refer to Section 2 2 Logging In Section 2 2 Logging In To log in to the device do the following 1 Connect to the device either directly or ...

Page 40: ...ring Passwords 2 In the Enter User Name field type the username for an account setup on the device 3 In the Enter Password field typ the password for the account 4 Press Enter or click Login Web interface only Section 2 3 Logging Out To log out of the device navigate to the main screen and do the following To log out of the Console or secure shell interfaces press CTRL X To log out of the Web inte...

Page 41: ...ame For information about logging out of ROS refer to Section 2 3 Logging Out Main The main frame displays the parameters and or data related to the selected feature Each screen consists of a title the current user s access level parameters and or data in form or table format and controls e g add delete refresh etc The title provides access to context specific Help for the screen that provides imp...

Page 42: ...e GUI organized as a series of menus It is primarily accessible through a serial console connection but can also be accessed through IP services such as a Telnet RSH Remote Shell or SSH Secure Shell session NOTE IP services can be restricted to control access to the device For more information refer to Section 3 10 Configuring IP Services Each screen consists of a system identifier the name of the...

Page 43: ...s this Enter to enter the sub menu or screen beneath Esc Press Esc to return to the previous screen Configuring Parameters Use the following contorls to select and configure parameters in the Console interface Up Down Arrow Keys Use the up and down arrow keys to select parameters Enter Select a parameter and press Enter to start editing a parameter Press Enter again to commit the change Esc When e...

Page 44: ... 2 6 4 Using SQL Commands Section 2 6 1 Available CLI Commands The following commands are available at the command line Command Description alarms all Displays a list of available alarms Optional and or required parameters include all displays all available alarms arp Displays the IP to MAC address resolution table clearalarms Clears all alarms clearethstats all port Clears Ethernet statistics for...

Page 45: ... command ipconfig Displays the current IP address subnet mask and default gateway loaddflts Loads the factory default configuration logout Logs out of the shell ping address count timeout Sends an ICMP echo request to a remotely connected device For each reply received the round trip time is displayed Use this command to verify connectivity to the next connected device It is a useful tool for test...

Page 46: ... of information about the tables in the database insert enables new records to be inserted into a table save saves the database to non volatile memory storage select queries the dtabase and displays selected records update enable existing records in a table to be updated For more information about the sql command refer to Section 2 6 4 Using SQL Commands sshkeygen size Generates new SSH keys in ss...

Page 47: ...at are being traced enter the CLI command trace trace Supported commands noclear Starts the log without clearing it first alloff Disables all trace subsystems from tracing allon Enables all flags in all trace subsystems stp Traces STP operations link Displays switch fabric statistics mac Displays MAC Events forward Forwards trace messages to an IP UDP address igmp Displays IGMP Snooping events gvr...

Page 48: ...ax stp all verbose packets timers actions decodes ports port_number all STP Logging is disabled 3 Choose the option to use and type trace protocol option Where protocol is the protocol to trace option is the option to use durign the trace Example trace stp all STP Logging all conditions on port s 1 1 1 4 4 Start the trace For more information refer to Section 2 6 2 2 Starting a Trace Section 2 6 2...

Page 49: ...l auth_token command_string Where ipaddr is the address or resolved name of the device auth_token is the is the user name i e guest operator or admin and corresponding password separated by a comma For example admin secret command_string is the ROS CLI command to execute NOTE The access level corresponding to the user name selected must support the given command NOTE Any output from the command wi...

Page 50: ...essing Ctrl Z displays the name of the table The menu name and the corresponding database table name will be cited Another way to find a table name is to type the following in the CLI sql info tables This command also displays menu names and their corresponding database table names depending upon the features supported by the device For example Table Description alarms Alarms cpuDiags CPU Diagnost...

Page 51: ...re parameter is the name of the parameter table is the name of the table Example sql select ip address from ipSwitchIfCfg IP Address 192 168 0 1 1 records selected Retrieving Information from a Table Using the Where Clause Use the following command to display specific parameters from a table that have a specific value sql select from table where parameter value Where table is the name of the table...

Page 52: ...Use the following command to change the value of parameters in a table sql update table set parameter value Where table is the name of the table parameter is the name of the parameter value is the value of the parameter Example sql update vlanportcfg set pvid 2 8 records updated Conditions can also be included in the command to apply changes only to parameters that meet specific criteria In the fo...

Page 53: ...RPStatus 1 2 0 1 2 Edge 2 Untagged Disabled Disabled 1 records selected C rsh 10 0 1 2 l admin admin sql select from vlanportcfg where pvid 2 0 records selected C rsh 10 0 1 3 l admin admin sql select from vlanportcfg where pvid 2 Port Trnk Port s Type PVID PVID Format GVRP GVRPStatus 1 1 0 1 1 Edge 2 Untagged Disabled Disabled 1 2 0 1 2 Edge 2 Untagged Disabled Disabled 1 3 0 1 3 Edge 2 Untagged ...

Page 54: ...3C43C0 0x000006B2 1714 ssh keys 0xFE3C4B00 0x00000293 659 factory txt 0xFE3C4E20 0x00000280 640 main bin 0xFE3C5120 0x00280C93 2624659 bootoption txt 0xFE69EDE0 0x00000080 128 config csv 0xFE6A2CA0 0x00003D40 15680 Free Space 25528255 Used Space 5928825 Fragmented Space 380170 Section 2 7 2 Viewing a List of Flash File Details To view the details of a file currently stored in Flash memory do the f...

Page 55: ...e Interface 2 Defragment the flash memory by typing flashfiles defrag Section 2 8 Accessing BIST Mode BIST Built In Self Test mode is used by service technicians to test and configure internal functions of the device It should only be accessed for troubleshooting purposes NOTE Access to BIST mode and the boot loader is disabled at the factory All console inputs are ignored and users are directed a...

Page 56: ...eveloped by DENX http www denx de wiki U Boot NOTE Access to BIST mode and the boot loader is disabled at the factory All console inputs are ignored and users are directed automatically to the ROS user interface To enable access to BIST mode and the boot loader upload a file named bootoption txt to the device and make sure it contains the following security no Access to BIST and the boot loader ca...

Page 57: ...Supplies Section 3 4 Restoring Factory Defaults Section 3 5 Uploading Downloading Files Section 3 6 Managing Logs Section 3 7 Managing Ethernet Ports Section 3 8 Managing IP Interfaces Section 3 9 Managing IP Gateways Section 3 10 Configuring IP Services Section 3 11 Managing Remote Monitoring Section 3 12 Upgrading Downgrading Firmware Section 3 13 Resetting the Device Section 3 1 Viewing Product...

Page 58: ... Controlled indicates the main firmware is a Non Controlled release The Controlled main firmware can run on Controlled units but it can not run on Non Controlled units The Non Controlled main firmware can run on both Controlled and Non Controlled units Serial Number Synopsis Any 31 characters Shows the serial number of the device Boot Version Synopsis Any 47 characters Shows the version and the bu...

Page 59: ... 0 to 100 0 The percentage of available CPU cycles used for device operation as measured over the last second RAM Total Synopsis 0 to 4294967295 The total size of RAM in the system RAM Free Synopsis 0 to 4294967295 The total size of RAM still available RAM Low Watermark Synopsis 0 to 4294967295 The size of RAM that have never been used during the system runtime DMA RAM Free Synopsis 0 to 429496729...

Page 60: ...f range Good Specifies whether or not the power supply input voltage is in range For dual DC DC power supplies the input voltage range is between 36 and 72 V For dual AC DC power supplies the input voltage range for AC is between 85 and 264 VAC and for DC 95 and 300 VDC OutStatus Synopsis Out of range Good Specifies whether or not the power supply output voltage is in range The output voltage rang...

Page 61: ...plications This parameter allows user to choose to load defaults to Selected tables which would preserve configuration for tables that are critical for switch management applications or to force All tables to default settings 3 Click Apply Section 3 5 Uploading Downloading Files Files can be transferred between the device and a host computer using any of the following methods Xmodem using the CLI ...

Page 62: ...wing NOTE This method requires a host computer that has terminal emulation or Telnet software installed and the ability to perform XMODEM transfers NOTE Xmodem transfers can only be performed through the serial console which is authenticated during login 1 Establish a direct connection between the device and the host computer For more information refer to Section 2 1 1 Connecting to ROS Through a ...

Page 63: ...er running the TFTP server 2 Establish a direct connection between the device and a host computer For more information refer to Section 2 1 1 Connecting to ROS Through a Direct Connection 3 Log in to the device as an admin user and access the CLI shell For more information about accessing the CLI shell refer to Section 2 6 Using the Command Line Interface NOTE The get option sends files to the hos...

Page 64: ...er on the host computer and launch the TFTP transfer The server will indicate when the transfer is complete The following is an example of a successful TFTP server exchange C tftp i 10 1 0 1 put C files ROD CF52_Main_v3 7 0 bin main bin Transfer successful 1428480 bytes in 4 seconds 375617 bytes s Section 3 5 4 Uploading Downloading Files Using an SFTP Server SFTP Secure File Transfer Protocol is ...

Page 65: ...ave occurred The system log contains a record of significant events including startups configuration changes firmware upgrades and database re initializations due to feature additions The system log will accumulate information until it fills holding approximately 3 megabytes of characters The following sections describe how to configure and manage logs Section 3 6 1 Viewing Local Logs Section 3 6 ...

Page 66: ...s Confirm Section 3 6 3 Configuring the Local System Log To configure the severity level for the local system log do the following NOTE For maximum reliability use remote logging For more information refer to Section 3 6 4 Managing Remote Logging 1 Navigate to Administration Configure Syslog Configure Local Syslog The Local Syslog form appears 3 2 1 Figure 14 Local Syslog Form 1 Local Syslog Level...

Page 67: ... device to send event notification messages across IP networks to event message collectors also known as syslog servers The protocol is designed to simply transport these event messages from the generating device to the collector s The following sections describe how to configure a remote syslog client and server Section 3 6 4 1 Configuring the Remote Syslog Client Section 3 6 4 2 Viewing a List o...

Page 68: ...been configured add the servers as needed For more information refer to Section 3 6 4 3 Adding a Remote Syslog Server Section 3 6 4 3 Adding a Remote Syslog Server ROS supports up to 5 remote syslog servers or collectors Similar to the local system log a remote system log server can be configured to log information at a specific severity level Only messages of a severity level equal to or greater ...

Page 69: ...message The syslog facility is the application or operating system component that generates a log message ROS map all syslog logging information onto a single facility which is configurable by user to facilitate remote syslog server Severity Synopsis EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE INFORMATIONAL DEBUGGING Default DEBUGGING The severity level is the severity of the message that has be...

Page 70: ...ete Section 3 7 Managing Ethernet Ports The following sections describe how to set up and manage Ethernet ports Section 3 7 1 Controller Protection Through Link Fault Indication LFI Section 3 7 2 Viewing the Status of Ports Section 3 7 3 Viewing Statistics for All Ethernet Ports Section 3 7 4 Viewing Statistics for Specific Ethernet Ports Section 3 7 5 Clearing Statistics for Specific Ethernet Por...

Page 71: ...uation illustrates the need for a notification method that tells a link partner when the link integrity signal has stopped Such a method natively exists in some link media but not all 100Base TX 1000Base T 1000Base X Includes a built in auto negotiation feature i e a special flag called Remote Fault Indication is set in the transmitted auto negotation signal 100Base FX Links Includes a standard Fa...

Page 72: ...k partner will be waiting for the other to transmit a link signal The switch can also be configured to flush the MAC address table for the controller port Frames destined for the controller will be flooded to Switch B where they will be forward to the controller after the controller transmits its first frame Section 3 7 2 Viewing the Status of Ports To view the current status of each Ethernet port...

Page 73: ...Ethernet ports navigate to Ethernet Stats View Ethernet Statistics The Ethernet Statistics table appears Figure 23 Ethernet Statistics Table This table displays the following information Parameter Description Port Synopsis 1 1 to 8 2 The port number as seen on the front plate silkscreen of the switch State Synopsis Down Up InOctets Synopsis 0 to 4294967295 The number of octets in received good pac...

Page 74: ...ort Statistics The Ethernet Port Statistics table appears Figure 24 Ethernet Port Statistics Table This table displays the following information Parameter Description Port Synopsis 1 1 to 8 2 The port number as seen on the front plate silkscreen of the switch InOctets Synopsis 0 to 18446744073709551615 The number of octets in received good packets Unicast Multicast Broadcast and dropped packets Ou...

Page 75: ...wing conditions Packet data length is between 64 and 1536 octets inclusive Packet has invalid CRC Collision Event has not been detected Late Collision Event has not been detected OversizePkts Synopsis 0 to 4294967295 The number of packets received with data length greater than 1536 octets and valid CRC Fragments Synopsis 0 to 4294967295 The number of packets received which meet all the following c...

Page 76: ...ransmitted packets as well as dropped and local received packets This does not include rejected received packets Pkt1024to1536Octets Synopsis 0 to 4294967295 The number of received and transmitted packets with size of 1024 to 1536 octets This includes received and transmitted packets as well as dropped and local received packets This does not include rejected received packets DropEvents Synopsis 0...

Page 77: ...heck Boxes 2 Confirm Button 2 Select one or more Ethernet ports 3 Press Confirm Section 3 7 6 Configuring an Ethernet Port To configure an Ethernet port do the following 1 Navigate to Ethernet Ports Configure Port Parameters The Port Parameters table appears Figure 26 Port Parameters Table 2 Select an Ethernet port The Port Parameters form appears ...

Page 78: ...e port media State Synopsis Disabled Enabled Default Enabled Disabling a port will prevent all frames from being sent and received on that port Also when disabled link integrity signal is not sent so that the link activity LED will never be lit You may want to disable a port for troubleshooting or to secure it from unauthorized connections AutoN Synopsis Off On Default On Enable or disable IEEE 80...

Page 79: ...tiating peer will fall back to half duplex operation even when the fixed side is full duplex Full duplex operation requires that both ends are configured as such or else severe frame loss will occur during heavy network traffic At lower traffic volumes the link may display few if any errors As the traffic volume rises the fixed negotiation side will begin to experience dropped packets while the au...

Page 80: ... etc may not be mirrored To configure port mirroring do the following 1 Navigate to Ethernet Ports Configure Port Mirroring The Port Mirroring form appears 6 5 4 3 2 1 Figure 28 Port Mirroring Form 1 Port Mirroring Box 2 Source Port Box 3 Target Port Box 2 Configure the following parameter s as required Parameter Description Port Mirroring Synopsis Disabled Enabled Default Disabled Enabling port m...

Page 81: ...e a serious network problem as the unit s RSTP process may not be able to run thus allowing network loop to form Three different settings are available for this parameter ON_withPortGuard This is the recommended setting With this setting an extended period 2 minutes of excessive link state changes reported by a port will prompt Port Guard feature to disable FAST LINK DETECTION on that port and rai...

Page 82: ...s At times it may be necessary to reset a specific Ethernet port such as when the link partner has latched into an inappropriate state This is also useful for forcing a re negotiation of the speed and duplex modes To reset a specified Ethernet Port s do the following 1 Navigate to Ethernet Ports Reset Port s The Reset Port s form appears 1 2 Figure 30 Reset Port s Form 1 Ports 2 Apply Button 2 Sel...

Page 83: ...e Section 3 8 2 Managing Switch IP Interfaces Section 3 8 1 Configuring the Management IP Interface To configure the management IP interface do the following 1 Navigate to Administration Configure IP Interfaces Configure Mgmt IP Interfaces The Mgmt IP Interfaces table appears Figure 31 Mgmt IP Interfaces Table 2 Click the IP address for the management IP interface The Mgmt IP Interfaces form appea...

Page 84: ...2 Managing Switch IP Interfaces The following sections describe how to set up and manage switch IP interfaces Section 3 8 2 1 Viewing a List of Switch IP Interfaces Section 3 8 2 2 Adding a Switch IP Interface Section 3 8 2 3 Deleting a Switch IP Interface Section 3 8 2 1 Viewing a List of Switch IP Interfaces To view a list of switch IP interfaces configured on the device navigate to Administrati...

Page 85: ...he interface for which this IP interface is created ID Synopsis 1 to 4094 Default 1 Specifies the ID of the interface for which this IP interface is created If the interface type is VLAN this represents the VLAN ID Mgmt Synopsis No Yes Default No Specifies whether the IP interface is the device management interface IP Address Synopsis where ranges from 0 to 255 Default 192 168 0 1 Specifies the IP...

Page 86: ...te a switch IP interface configured on the device do the following 1 Navigate to Administration Configure IP Interfaces Configure Switch IP Interfaces The Switch IP Interfaces table appears Figure 36 Switch IP Interfaces Table 2 Select the IP interface from the table The Switch IP Interfaces form appears 1 Figure 37 Switch IP Interfaces Form 1 IP Address Type Box 2 IP Address Box 3 Subnet Box 4 Ap...

Page 87: ...l be set as the default interface The following sections describe how to set up and manage IP gateways Section 3 9 1 Viewing a List of IP Gateways Section 3 9 2 Adding an IP Gateway Section 3 9 3 Deleting an IP Gateway Section 3 9 1 Viewing a List of IP Gateways To view a list of IP gateways configured on the device navigate to Administration Configure IP Gateways The IP Gateways table appears Fig...

Page 88: ...ynopsis where ranges from 0 to 255 Specifies the IP address of destination network or host For default gateway both the destination and subnet are 0 Subnet Synopsis where ranges from 0 to 255 Specifies the destination IP subnet mask For default gateway both the destination and subnet are 0 Gateway Synopsis where ranges from 0 to 255 Specifies the gateway to be used to reach the destination 4 Click...

Page 89: ...IP Gateways form appears 6 4 5 2 1 3 Figure 42 IP Gateways Form 1 Destination Box 2 Subnet Box 3 Gateway Box 4 Apply Button 5 Delete Button 6 Reload Button 3 Click Delete Section 3 10 Configuring IP Services To configure the IP services provided by the device do the following 1 Navigate to Administration Configure IP Services The IP Services form appears ...

Page 90: ...n Limits the number of Telnet sessions A value of zero prevents any Telnet access Web Server Users Allowed Synopsis 1 to 4 Default 4 Limits the number of simultaneous web server users TFTP Server Synopsis Disabled Get Only Enabled Default Disabled As TFTP is a very insecure protocol this parameter allows user to limit or diasable TFTP Server access DISABLED disables read and write access to TFTP S...

Page 91: ...ection 3 11 1 Managing RMON History Controls The history controls for Remote Montoring take samples of the RMON MIB history statistics of an Ethernet port at regular intervals The following sections describe how to configure and manage RMON history controls Section 3 11 1 1 Viewing a List of RMON History Controls Section 3 11 1 2 Adding an RMON History Control Section 3 11 1 3 Deleting an RMON His...

Page 92: ...nsertRecord The RMON History Controls form appears 9 7 8 6 5 4 3 2 1 Figure 46 RMON History Controls Form 1 Index Box 2 Port Box 3 Requested Buckets Box 4 Granted Buckets Box 5 Interval Box 6 Owner Box 7 Apply Button 8 Delete Button 9 Reload Button 3 Configure the following parameter s as required Parameter Description Index Synopsis 1 to 65535 Default 1 The index of this RMON History Contol recor...

Page 93: ... 3600 Default 1800 The number of seconds in over which the data is sampled for each bucket The range is 1 to 3600 The default is 1800 Owner Synopsis Any 127 characters Default Monitor The owner of this record It is suggested to start this string withword monitor 4 Click Apply Section 3 11 1 3 Deleting an RMON History Control To delete an RMON history control do the following 1 Navigate to Ethernet...

Page 94: ... event which can generate an SNMP trap an entry in the event log or both The RMON event can also direct alarms towards different users defined for SNMP The alarm can point to a different event for each of the thresholds Therefore combinations such as trap on rising threshold or trap on rising threshold log and trap on falling threshold are possible Each RMON alarm may be configured such that its f...

Page 95: ...iod It may be desirable to alarm when the total or absolute number of events crosses a threshold In this case set the measurement period type to absolute The following sections describe how to configure and manage RMON alarms Section 3 11 2 1 Viewing a List of RMON Alarms Section 3 11 2 2 Adding an RMON Alarm Section 3 11 2 3 Deleting an RMON Alarm Section 3 11 2 1 Viewing a List of RMON Alarms To...

Page 96: ... Alarms form appears 8 12 13 7 6 5 4 3 2 1 10 9 11 14 Figure 52 RMON Alarms Form 1 Index Box 2 Variable Box 3 Rising Thr Box 4 Falling Thr Box 5 Value Box 6 Type Options 7 Interval Box 8 Startup Alarm List 9 Rising Event Box 10 Falling Event Box 11 Owner Box 12 Apply Button 13 Delete Button 14 Reload Button 3 Configure the following parameter s as required Parameter Description Index Synopsis 1 to...

Page 97: ...to this threshold and the associated startup alarm ils equal to falling After falling alarm is generated another such event will not be generated until the sampled value rises above this threshold and reaches the value of RisingThreshold Value Synopsis 2147483647 to 2147483647 The value of monitoring object during the last sampling period The presentation of value depends of sample type absolute o...

Page 98: ...rms The RMON Alarms table appears Figure 53 RMON Alarms Table 2 Select the alarm from the table The RMON Alarms form appears 8 12 13 7 6 5 4 3 2 1 10 9 11 14 Figure 54 RMON Alarms Form 1 Index Box 2 Variable Box 3 Rising Thr Box 4 Falling Thr Box 5 Value Box 6 Type Options 7 Interval Box 8 Startup Alarm List 9 Rising Event Box 10 Falling Event Box 11 Owner Box 12 Apply Button 13 Delete Button 14 R...

Page 99: ...ty Two traps are defined risingAlarm and fallingAlarm The following sections describe how to configure and manage RMON events Section 3 11 3 1 Viewing a List of RMON Events Section 3 11 3 2 Adding an RMON Event Section 3 11 3 3 Deleting an RMON Event Section 3 11 3 1 Viewing a List of RMON Events To view a list of RMON events navigate to Ethernet Stats Configure RMON Events The RMON Events table a...

Page 100: ...is 1 to 65535 Default 1 The index of this RMON Event record Type Synopsis none log snmpTrap logAndTrap Default logAndTrap The type of notification that the probe will make about this event In the case of log an entry is made in the RMON Log table for each event In the case of snmp_trap and SNMP trap is sent to one or more management stations Type Synopsis Any 31 characters Default public If the SN...

Page 101: ...withword monitor 4 Click Apply Section 3 11 3 3 Deleting an RMON Event To delete an RMON event do the following 1 Navigate to Ethernet Stats Configure RMON Events The RMON Events table appears Figure 58 RMON Events Table 2 Select the event from the table The RMON Events form appears 6 7 8 5 4 3 2 1 9 Figure 59 RMON Events Form 1 Index Box 2 Type List 3 Community Box 4 Last Time Sent Box 5 Descript...

Page 102: ... an NC firmware version To upgrade the ROS firmware do the following 1 Upload a different version of the binary firmware image to the device or insert a microSD card that contains the image For more information about uploading files refer to Section 3 5 Uploading Downloading Files 2 Reset the device to complete the installation For more information refer to Section 3 13 Resetting the Device 3 Acce...

Page 103: ...efer to Section 3 4 Restoring Factory Defaults 5 Upload and apply the older firmware version and its associated FPGA files using the same methods used to install newer firmware versions For more information refer to Section 3 12 1 Upgrading Firmware 6 Press Ctrl S to access the CLI 7 Clear all logs by typing clearlogs 8 Clear all alarms by typing clearalarms IMPORTANT After downgrading the firmwar...

Page 104: ...Chapter 3 Device Management RUGGEDCOM RSG2488 User Guide 92 Resetting the Device 1 Figure 60 Reset Device Form 1 Confirm Button 2 Click Confirm ...

Page 105: ...g an Authentication Server Section 4 1 Configuring the System Information To configure basic information that can be used to identify the device its location and or its owner do the following 1 Navigate to Administration Configure System Identification The System Identification form appears 5 4 3 2 1 Figure 61 System Idenfitication Form 1 System Name Box 2 Location Box 3 Contact Box 4 Apply Button...

Page 106: ...tio0n or any other information on the login page for the Web Interface add text to the banner txt file stored on the device If the banner txt file is empty only the Username and Password fields appear on the login page To update the banner txt file download the file from the device modify it and then load it back onto the device For information about uploading and downloading files refer to Sectio...

Page 107: ...ds form appears 9 11 8 7 6 5 4 3 2 1 1 10 12 Figure 62 Configure Passwords Form 1 Auth Type Box 2 Guest Username Box 3 Guest Password Box 4 Confirm Guest Password Box 5 Operator Username Box 6 Operator Password Box 7 Confirm Operator Password Box 8 Admin Username Box 9 Admin Password Box 10 Confirm Admin Password Box 11 Apply Button 12 Reload Button NOTE ROS requires that all user passwords meet s...

Page 108: ...st regardless of the device configuration If server authentication is required requests to the server will be sent only if local authentication fails Guest Username Synopsis Any 15 characters Default guest Related password is in field Guest Password view only cannot change settings or run any commands Guest Password Synopsis 15 character ASCII string Related username is in field Guest Username vie...

Page 109: ...onditions that occured in the past and do not affect th current operation state of the device Examples include authentication failures or error states that temporarily exceeded a certain threshold These alarms can be cleared from the list of alarms When either type of alarm occurs a message appears in the top right corner of the user interface If more than one alarm has occured the message will in...

Page 110: ...I using the alarms For more information refer to Section 2 6 1 Available CLI Commands For information about modifying a pre configured alarm refer toSection 4 4 3 Configuring an Alarm Section 4 4 2 Viewing and Clearing Latched Alarms To view a list of alarms that are configured to latch navigate to Diagnostics View Latched Alarms The Latched Alarms table appears Figure 64 Latched Alarms Table ...

Page 111: ...atched Alarms Screen 1 Confirm Button 2 Press Confirm Section 4 4 3 Configuring an Alarm While all alarms are pre configured on the device some alarms can be modified to suit the application This includes changing the severity and enabling disabling certain features To configuring an alarm do the following IMPORTANT Critical and Alert level alarms are not configurable and cannot be disabled 1 Navi...

Page 112: ...re 66 Alarms Table 2 Select an alarm The Alarms form appears 10 8 9 7 6 5 4 3 2 1 Figure 67 Alarms Form 1 Name Box 2 Level Box 3 Latch Box 4 Trap Box 5 Log Box 6 LED Relay Box 7 Refresh Time Box 8 Apply Button 9 Delete Button 10 Reload Button 3 Configure the following parameter s as required ...

Page 113: ...is not expected or not allowed INFO Event which is a part of normal operation e g cold start user login etc DEBUG Intended for factory troubleshooting only This parameter is not configurable Latch Synopsis On Off Default Off Enables latching occurrence of this alarm in the Alarms Table Trap Synopsis On Off Default Off Enables sending an SNMP trap for this alarm Log Synopsis On Off Default Off Enab...

Page 114: ...alid SNMP Authentication Failure NOTE All alarms and log messages related to login authentication are configurable For more information about configuring alarms refer to Section 4 4 3 Configuring an Alarm Weak Password Configured ROS generates this alarm and logs a message in the syslog when a weak password is configured in the Passwords table Table 8 Configurable Options Message Name Alarm SNMP T...

Page 115: ...nreachable ROS generates this alarm and logs a message in the syslog when the primary RADIUS server is unreachable Table 12 Configurable Options Message Name Alarm SNMP Trap Syslog Primary RADIUS Server Unreachable Yes Yes Yes TACACS Server Unreachable ROS generates this alarm and logs a message in the syslog when the primary TACACS server is unreachable Table 13 Configurable Options Message Name ...

Page 116: ...nfiguring Data Encryption To encrypt the configuration file and protect it with a password passphrase do the following NOTE Data encryption is not available in Non Controlled NC versions of ROS When switching between Controlled and Non Controlled NC versions of ROS make sure data encryption is disabled Otherwise the NC version of ROS will ignore the encrypted configuration file and load the factor...

Page 117: ...ation data Encrypted data can be decrypted by any device configured with the same passphrase 3 Click Apply Section 4 5 2 Updating the Configuration File Once downloaded from the device the configuration file can be updated using a variety of different tools NOTE For information about uploading downloading files refer to Section 3 5 Uploading Downloading Files Any text editing program capable of re...

Page 118: ...for carrying authentication authorization and configuration information between a Network Access Server NAS that desires to authenticate its links and a shared authentication server It provides centralized authentication and authorization for network access NOTE For more information about the RADIUS protocol refer to RFC 2865 IMPORTANT RADIUS messages are sent as UDP messages The switch and the RA...

Page 119: ... 1 2 Configuring the RADIUS Client The RADIUS client can be configured to use two RADIUS servers a primary server and a backup server If the primary server is unavailable the device will automatically attempt to connect with the backup server NOTE The RADIUS client uses the Password Authentication Protocol PAP to verify access To configure access to either the primary or backup RADIUS servers do t...

Page 120: ...TACACS Terminal Access Controller Access Control System Plus is a TCP based access control protocol that provides authentication authorization and acccounting services to routers Network Access Servers NAS and other networked computing devices via one or more centralized servers The following sections describe how to configure TACACs authentication Section 4 6 2 1 Configuring TACACS Section 4 6 2 ...

Page 121: ...scription Server Synopsis Any 8 characters Default Primary This field tells whether this configuration is for a Primary or a Backup Server IP Address Synopsis where ranges from 0 to 255 The Server IP Address Auth TCP Port Synopsis 1 to 65535 Default 49 The IP Port on server Auth Key Synopsis 31 character ascii string Default mySecret The authentication key to be shared with server Confirm Auth Key...

Page 122: ...e following 1 Navigate to Administration Configure Security Server Configure TacPlus Server Configure TACPLUS Serv Privilege Config The TACPLUS Serv Privilege Config form appears 5 4 3 2 1 Figure 73 TACPLUS Serv Privilege Config Form 1 Server Box 2 IP Address Box 3 Auth TCP Port Box 4 Apply Button 5 Reload Button 2 Configure the following parameter s as required Parameter Description Admin Priv Sy...

Page 123: ...AN segment VLANs are extremely flexible because they are based on logical connections rather than physical connections When VLANs are introduced all traffic in the network must belong to one VLAN or another Traffic on one VLAN cannot pass to another except through an inter network router or Layer 3 switch VLANs are created in two ways Explicitly Static VLANs can be created in the switch For more i...

Page 124: ...ion and a VID of 0 it is considered an untagged frame Section 5 1 1 2 Native VLAN Each port is assigned a native VLAN number the Port VLAN ID PVID When an untagged frame ingresses a port it is associated with the port s native VLAN By default when a switch transmits a frame on the native VLAN it sends the frame untagged The switch can be configured to transmit tagged frames on the native VLAN Sect...

Page 125: ...eived without the need for VLAN tags Edge 1 Native Configured Tagged VLAN traffic domains are enforced on a single VLAN Trunk All Configured Tagged or Untagged Switch to Switch Connections VLANs must be manually created and administered Multiple VLAN End Devices Implement connections to end devices that support multiple VLANs at the same time Section 5 1 1 5 Ingress and Egress Rules Ingress and eg...

Page 126: ...used for their ability to restrict traffic flows between groups of devices Unnecessary broadcast traffic can be restricted to the VLAN that requires it Broadcast storms in one VLAN need not affect users in other VLANs Hosts on one VLAN can be prevented from accidentally or deliberately assuming the IP address of a host on another VLAN The use of creative bridge filtering and multiple VLANs can car...

Page 127: ...minate the need for separate bridges The number of network hosts may often be reduced Often a server is assigned to provide services for independent networks These hosts may be replaced by a single multi horned host supporting each network on its own VLAN This host can perform routing between VLANs Multi VLAN hosts can assign different traffic types to different VLANs 199 85 245 1 25 199 85 245 12...

Page 128: ...d to an Ethernet port the VLAN appears in the VLAN Summary table where it can be further configured To configure a VLAN for an Ethernet port do the following 1 Navigate to Virtual LANs Configure Port VLAN Parameters The Port VLAN Parameters table appears Figure 77 Port VLAN Parameters Table 2 Select a port The Port VLAN Parameters form appears 6 5 4 3 2 1 Figure 78 Port VLAN Parameters Form 1 Port...

Page 129: ...port Frames tagged with a non zero VLAN ID will always be associated with the VLAN ID retrieved from the frame tag Modify this parameter with care By default the switch is programmed to use VLAN 1 for management and every port on the switch is programmed to use VLAN 1 If you modify a switch port to use a VLAN other than the management VLAN devices on that port will not be able to manage the switch...

Page 130: ... a Static VLAN Section 5 1 4 2 Adding a Static VLAN To add a static VLAN do the following 1 Navigate to Virtual LANs Configure Static VLANs The Static VLANs table appears 1 Figure 80 Static VLANs Table 1 InsertRecord 2 Click InsertRecord The Static VLANs form appears 7 5 6 4 3 2 1 Figure 81 Static VLANs Form 1 VID Box 2 VLAN Name Box 3 Forbidden Ports Box 4 MSTI Box 5 Apply Button 6 Delete Button ...

Page 131: ...rpose for example Engineering VLAN Forbidden Ports Synopsis Any combination of numbers valid for this parameter These are ports that are not allowed to be members of the VLAN Examples None all ports of the switch are allowed to be members of the VLAN 2 4 6 8 all ports except ports 2 4 6 7 and 8 are allowed to be members of the VLAN MSTI Synopsis 0 to 16 Default 0 This parameter is only valid for M...

Page 132: ... Section 5 2 8 Viewing STP Statistics for Ethernet Ports Section 5 2 9 Managing Multiple Spanning Tree Instances Section 5 2 10 Clearing Spanning Tree Protocol Statistics Section 5 2 1 RSTP Operation The 802 1D Spanning Tree Protocol STP was developed to enable the construction of robust networks that incorporate redundancy while pruning the active topology of the network to prevent loops While ST...

Page 133: ...estore network connectivity when a topology change occurred A revised and highly optimized RSTP version was defined in the IEEE standard 802 1D 2004 edition IEEE 802 1D 2004 RSTP reduces network recovery times to just milliseconds and optimizes RSTP operation for various scenarios ROS supports IEEE 802 1D 2004 RSTP The following sections further describe the operation of RSTP Section 5 2 1 1 RSTP ...

Page 134: ...le There are four RSTP port roles Root Designated Alternate and Backup If the bridge is not the root bridge it must have a single Root Port The Root Port is the best i e quickest way to send traffic to the root bridge A port is marked as Designated if it is the best port to serve the LAN segment it is connected to All bridges on the same LAN segment listen to each others messages and agree on whic...

Page 135: ...ch off Proposing Agreeing The port must transition through the learning and forwarding states spending one forward delay in each state There are circumstances in which RSTP will make an incorrect decision about the point to point state of the link simply by examining the half duplex status namely The port attaches only to a single partner but through a half duplex link The port attaches to a share...

Page 136: ...d can be represented with a value of 2 RuggedCom bridges support interoperability with legacy STP bridges by selecting the style to use In practice it makes no difference which style is used as long as it is applied consistently across the network or if costs are manually assigned Section 5 2 1 5 Bridge Diameter The bridge diameter is the maximum number of bridges between any two possible points o...

Page 137: ...twork including the root switch Relaxed ensures a deterministic root failover time in most network configurations but allows the use of a standard bridge in the root role NOTE To use RSTP Fast Root Failover all switches in the network must be RuggedCom switches and must have the same Fast Root Failover algorithm enabled In networks mixing RuggedCom and non RuggedCom switches or in those mixing Fas...

Page 138: ... 5 2 2 1 RSTP in Structured Wiring Configurations RSTP may be used to construct structured wiring systems where connectivity is maintained in the event of link failures For example a single link failure of any link betwen A and N in Figure 85 Example Structured Wiring Configuration would leave all the ports of bridges 555 through 888 connected to the network 1 3 2 2 1 1 444 B A 4 D 3 F 2 4 1 666 3...

Page 139: ...ablish the root bridge and then tune each bridge s priority to correspond to its distance from the root bridge 5 Identify desired steady state topology Identify the desired steady state topology taking into account link speeds offered traffic and QOS Examine of the effects of breaking selected links taking into account network loading and the quality of alternate links 6 Decide upon a port cost ca...

Page 140: ...overy times are to be minimized 3 Identify edge ports Ports that connect to host computers Intelligent Electronic Devices IEDs and controllers may be set to edge ports in order to guarantee rapid transitioning to forwarding as well as to reduce the number of topology change notifications in the network 4 Choose the root bridge The root bridge can be selected to equalize either the number of bridge...

Page 141: ... on port 3 port 4 will assume control of the LAN A 1 2 3 4 Figure 87 Example Port Redundancy Section 5 2 3 MSTP Operation The Multiple Spanning Tree MST algorithm and protocol provide greater control and flexibility than RSTP and legacy STP MSTP Multiple Spanning Tree Protocol is an extension of RSTP whereby multiple spanning trees may be maintained on the same bridged network Data traffic is allo...

Page 142: ...d at the MST region boundary versus that propagated inside the region For information received at the MST region boundary the R STP Message Age is incremented only once Inside the region a separate Remaining Hop Count is maintained one for each spanning tree instance The external Message Age parameter is referred to the R STP Maximum Age Time whereas the internal Remaining Hop Counts are compared ...

Page 143: ...te also that it is possible for the CIST Regional Root to be the CIST Root MSTI Regional Root The root bridge for an MSTI within an MSTP region A root bridge is independently elected for each MSTI in an MSTP region Port Roles Each port on an MSTP bridge may have more than one CIST role depending on the number and topology of spanning tree instances defined on the port Role Description CIST Port Ro...

Page 144: ...possible to control the topology of each MSTI within a region Load Balancing MSTP can be used to balance data traffic load among sets of VLANs enabling more complete utilization of a multiply interconnected bridged network A bridged network controlled by a single spanning tree will block redundant links by design in order to avoid harmful loops Using MSTP however any given link may have a differen...

Page 145: ...on 5 2 5 Configuring STP for Ethernet Ports NOTE Static VLANs must be used in an MSTP configuration GVRP is not supported 2 Add static VLANs and map them to MSTIs For more information refer to Section 5 1 4 2 Adding a Static VLAN NOTE The Region Identifier and Revision Level must be the same for each bridge in the MST region 3 Configure the revision level for the MST Region Identifier For more inf...

Page 146: ...des a way to control the topology of the STP connected network The desired Root and Designated bridges can be configured for a particular topology The bridge with the lowest priority will become root In the event of a failure of the root bridge the bridge with the next lowest priority will then become root Designated bridges that for redundancy purposes service a common LAN also use priority to de...

Page 147: ...addresses to all ports Max Hops Synopsis 6 to 40 Default 20 The maximum possible bridge diameter inside an MST region Only applicable to MSTP MSTP BPDUs propagating inside an MST region specify a Time To Live TTL that is decremented by every switch that propagates the BPDU If the maximum number of hops inside the region exceeds the configured maximum BPDUs may be discarded due to their TTL setting...

Page 148: ... but to configure the port as an edge port A good candidate for disabling STP would be a port that services only a single host computer Priority Synopsis 0 16 32 48 64 80 96 112 128 144 160 176 194 208 224 240 Default 128 Selects the STP port priority Ports of the same cost that attach to a common LAN will select the port to be used based upon the port priority STP Cost Synopsis 0 to 65535 or Auto...

Page 149: ...rameter false when the port operates the link in full duplex mode but is still not point to point e g a full duplex link to an unmanaged bridge that concentrates two other STP bridges Restricted Role Synopsis True or False Default False A boolean value set by management If TRUE causes the Port not to be selected as the Root Port for the CIST or any MSTI even if it has the best spanning tree priori...

Page 150: ...P standard does not address network security RSTP must process every received BPDU and take an appropriate action This opens a way for an attacker to influence RSTP topology by injecting RSTP BPDUs into the network BPDU Guard is a feature that protects the network from BPDUs received by a port where RSTP capable devices are not expected to be attached If a BPDU is received by a port for which Edge...

Page 151: ...defined in the IEEE 802 1w standard has minor differences from more recent enhanced standard s Those differences cause interoperability issues which although they do not completely break RSTP operation can lead to a longer recovery time from failures in the network eRSTP offers some enhancements to the protocol which make the switch fully interoperable with other vendors switches which may be runn...

Page 152: ... any of its ports Bridge ID Synopsis where is 0 to 65535 is 0 to FF Bridge Identifier of this bridge Root ID Synopsis where is 0 to 65535 is 0 to FF Bridge Identifier of the root bridge Root Port Synopsis 1 1 to 8 2 or empty string If the bridge is designated this is the port that provides connectivity towards the root bridge of the network Root Path Cost Synopsis 0 to 4294967295 Total cost of the...

Page 153: ...ge Synopsis 0 to 65535 The configured Maximum Age time from the Bridge RSTP Parameters menu Learned Max Age Synopsis 0 to 65535 The actual Maximum Age time provided by the root bridge as learned in configuration messages This time is used in designated bridges Total Topology Changes Synopsis 0 to 65535 A count of topology changes in the network as detected on this bridge through link failures or a...

Page 154: ...ding by Learning The port is learning MAC addresses in order to prevent flooding when it begins forwarding traffic Forwarding The port is forwarding traffic Role Synopsis Root Designated Alternate Backup Master Role of this port in Spanning Tree This may be one of the following Designated The port is designated for i e carries traffic towards the root for the LAN it is connected to Root The single...

Page 155: ...tion messages transmitted on this port RX Tcns Synopsis 0 to 4294967295 The count of STP topology change notification messages received on this port Excessively high or rapidly increasing counts signal network problems TX Tcns Synopsis 0 to 4294967295 The count of STP topology change notification messages transmitted on this port Desig Bridge ID Synopsis where is 0 to 65535 is 0 to FF Provided on ...

Page 156: ... is designated this is the port that provides connectivity towards the root bridge of the network Root Path Cost Synopsis 0 to 4294967295 Total cost of the path to the root bridge composed of the sum of the costs of each link in the path If custom costs have not been configured 1Gbps ports will contribute 4 100 Mbps ports will contribute 19 and 10 Mbps ports will contribute a cost of 100 to this f...

Page 157: ...g traffic Role Synopsis Root Designated Alternate Backup Master Role of this port in Spanning Tree This may be one of the following Designated The port is designated for i e carries traffic towards the root for the LAN it is connected to Root The single port on the bridge which provides connectivity towards the root bridge Backup The port is attached to a LAN that is serviced by another port on th...

Page 158: ...ion Identifier Form 1 Name Box 2 Revision Level Box 3 Digest Box 4 Apply Button 5 Reload Button 2 Configure the following parameter s as required Parameter Description Name Synopsis Any 32 characters Default 00 0A DC 11 12 21 Variable length text string You must configure an identical region name on all switches you want to be in the same MST region Revision Level Synopsis 0 to 65535 Default 0 Use...

Page 159: ... Description Bridge Priority Synopsis 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default 32768 Bridge Priority provides a way to control the topology of the STP connected network The desired Root and Designated bridges can be configured for a particular topology The bridge with the lowest priority will become root In the event of a failure of the root...

Page 160: ...fically to this instance ID 4 Configure the following parameter s as required Parameter Description Port s Synopsis Any combination of numbers valid for this parameter The port number as seen on the front plate silkscreen of the switch Priority Synopsis 0 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 Default 128 Selects the STP port priority Ports of the same cost that attach to a common L...

Page 161: ...d internal path cost 5 Click Apply Section 5 2 10 Clearing Spanning Tree Protocol Statistics To clear all spanning tree protocol statistics do the following 1 Navigate to Spanning Tree Clear Spanning Tree Statistics The Clear Spanning Tree Statistics form appears 1 Figure 100 Clear Spanning Tree Statistics Form 1 Confirm Button 2 Press Confirm Section 5 3 Managing Classes of Service Classes of Ser...

Page 162: ...f neither destination or source MAC address is in the Static MAC Address table the frame is then examined for 802 1Q tags and the priority field is mapped to a CoS If a tag is not present the default CoS for the port is used After inspection the frame is forwarded to the egress port for transmission 2 Forwarding Phase Once the CoS of the frame is determined the frame is forwarded to the egress por...

Page 163: ...ities This parameter specifies weighting algorithm for transmitting different priority CoS frames Examples 8 4 2 1 8 Critical 4 High 2 Medium and 1 Normal priority CoS frame Strict lower priority CoS frames will be only transmitted after all higher priority CoS frames have been transmitted 3 Click Apply Section 5 3 2 Configuring Classes of Service for Specific Ethernet Ports To configure Classes o...

Page 164: ...ritized based on the frames contents e g priority field in the VLAN tag DiffServ field in the IP header prioritized MAC address Inspect TOS Synopsis No Yes Default No This parameters enables or disables parsing of the Type Of Service TOS field in the IP header of the received frames to determine what Class of Service they should be assigned When TOS parsing is enabled the switch will use the Diffe...

Page 165: ...ity Synopsis 0 to 7 Default 0 Value of the IEEE 802 1p priority CoS Synopsis Normal Medium High Crit Default Normal CoS assigned to received tagged frames with the specified IEEE 802 1p priority value 4 Click Apply Section 5 3 4 Configuring DSCP to CoS Mapping Mapping CoS to the Differentiated Services DS field set in the IP header for each packet is done by defining Differentiated Services Code P...

Page 166: ... appears 4 3 2 1 Figure 107 DSCP to CoS Mapping Form 1 DSCP Box 2 CoS List 3 Alarm Button 4 Reload Button 3 Configure the following parameter s as required Parameter Description DSCP Synopsis 0 to 63 Default 0 Differentiated Services Code Point DSCP a value of the 6 bit DiffServ field in the Type Of Service TOS field of the IP header CoS Synopsis Normal Medium High Crit Default Normal ...

Page 167: ...ew MAC Addresses The MAC Addresses form appears Figure 108 Static MAC Address Table If a MAC address is not listed do the following Configure the MAC address learning options to dynamically detect the MAC addresses of other devices on the network For more information refer to Section 5 4 2 Configuring MAC Address Learning Options Configure the address on the device as a static MAC address For more...

Page 168: ...as those addresses are not aged out the switch will still be forwarding traffic to that port thus preventing that traffic from reaching its destination via the new network topology This parameter allows the aging out of all MAC addresses learned on a failed port immediately upon link failure detection 3 Click Apply Section 5 4 3 Managing Static MAC Addresses Static MAC addresses must be configured...

Page 169: ...ars Figure 110 Static MAC Address Table If static MAC addresses have not been configured add addresses as needed For more information refer to Section 5 4 3 2 Adding a Static MAC Address Section 5 4 3 2 Adding a Static MAC Address To add a static MAC adress to the Static MAC Address Table do the following 1 Navigate to MAC Address Tables Configure Static MAC Addresses The Static MAC Addresses tabl...

Page 170: ... port associated with this MAC address Type Synopsis Static Dynamic This describes how the MAC address has been learned by the switch STATIC the address has been learned as a result of a Static MAC Address Table configuration or some other management activity and can not be automatically unlearned or relearned by the switch DYNAMIC The address has been automatically learned by the switch and can b...

Page 171: ...2 1 Figure 114 Static MAC Addresses Form 1 MAC Address Box 2 VID Box 3 Port 4 Apply Button 5 Delete Button 6 Reload Button 3 Click Delete Section 5 4 4 Purging All Dynamic MAC Addresses To purge the dynamic MAC address list of all entries do the following 1 Navigate to MAC Address Tables Purge MAC Address Table The Purge MAC Address Table form appears 1 Figure 115 Purge MAC Address Table Form 1 Co...

Page 172: ...ate To set the time date and other time keeping related parameters do the following 1 Navigate to Administration System Time Manager Configure Time and Date The Time and Date form appears 7 6 5 4 3 2 1 Figure 116 Time and Date Form 1 Time 2 Date 3 Time Zone 4 DST Offset 5 DST Rule 6 Apply Button 7 Reload Button 2 Configure the following parameter s as required Parameter Description Time Synopsis H...

Page 173: ... last d day d day of the week 0 Sunday 6 Saturday HH hour of the day 0 24 MM minute of the hour 0 59 SS second of the minute 0 59 Example The following rule applies in most part of USA and Canada 03 2 0 02 00 00 11 1 0 02 00 00 DST begins on March s 2nd Sunday at 2 00am DST ends on November s 1st Sunday at 2 00am Section 5 5 2 Configuring the NTP Server ROS may be configured to refer periodically ...

Page 174: ...3 of the Simple Network Management Protocol SNMP otherwise referred to as SNMPv1 SNMPv2c and SNMPv3 respectively SNMPv3 provides secure access to the devices through a combination of authentication and packet encryption over the network Security features for this protocol incluce Feature Description Message Integrity Makes sure that a packet has not been tampered with in transit Authentication Det...

Page 175: ...ng sections describe how to setup and manage SNMP on the device Section 5 6 1 Managing SNMP Users Section 5 6 2 Managing Security to Group Mapping Section 5 6 3 Managing SNMP Groups Section 5 6 1 Managing SNMP Users The following sections describe how to configure and manage SNMP users refer to the following Section 5 6 1 1 Viewing a List of SNMP Users Section 5 6 1 2 Adding an SNMP User Section 5...

Page 176: ...ty name with the security group and access level To add a new SNMP user do the following 1 Navigate to Administration Configure SNMP Configure SNMP Users The SNMP Users table appears 1 Figure 120 SNMP Users Table 1 InsertRecord 2 Click InsertRecord The SNMP Users form appears 12 10 11 9 8 7 6 5 4 3 2 1 Figure 121 SNMP Users Form 1 Name Box 2 IP Address Box 3 v1 v2c Community Box 4 Auth Protocol Bo...

Page 177: ... verified by IP address as well SNMP Authentication trap will be generated to trap receivers if request was received from this user but from any other IP address If IP address is empty traps can not be generated to this user but SNMP requests will be served for this user from any IP address v1 v2c Community Synopsis Any 32 characters The community string which is mapped by this user security name ...

Page 178: ...1 3 Deleting an SNMP User To delete an SNMP user do the following 1 Navigate to Administration Configure SNMP Configure SNMP Users The SNMP Users table appears Figure 122 SNMP Users Table 2 Select the user from the table The SNMP Users form appears 12 10 11 9 8 7 6 5 4 3 2 1 Figure 123 SNMP Users Form 1 Name Box 2 IP Address Box 3 v1 v2c Community Box 4 Auth Protocol Box 5 Priv Protocol Box 6 Auth...

Page 179: ...ed on the device navigate to Administration Configure SNMP Configure SNMP Security to Group Maps The SNMP Security to Group Maps table appears Figure 124 SNMP Security to Group Maps Table If security to group maps have not been configured add maps as needed For more information refer to Section 5 6 2 2 Adding a Security to Group Map Section 5 6 2 2 Adding a Security to Group Map Multiple combinati...

Page 180: ...at provides the name referenced in this table Name Synopsis Any 32 characters The user name which is mapped by this entry to the specified group name Group Synopsis Any 32 characters The group name to which the security model and name belong This name is used as an index to the SNMPv3 VACM Access Table 4 Click Apply Section 5 6 2 3 Deleting an SNMP Security Model To delete a security to group map ...

Page 181: ... SNMP The following sections describe how to configure and manage SNMP groups on the device Section 5 6 3 1 Viewing a List of SNMP Groups Section 5 6 3 2 Adding an SNMP Group Section 5 6 3 3 Deleting an SNMP Group Section 5 6 3 1 Viewing a List of SNMP Groups To view a list of SNMP groups configured on the device navigate to Administration Configure SNMP Configure SNMP Access The SNMP Access table...

Page 182: ...ox 2 Security Model Box 3 Security Level Box 4 ReadViewName Box 5 WriteViewName Box 6 NotifyViewName Box 7 Apply Button 8 Delete Button 9 Reload Button 3 Configure the following parameter s as required Parameter Description Group Synopsis Any 32 characters The group name to which the security model and name belong This name is used as an index to the SNMPv3 VACM Access Table SecurityModel Synopsis...

Page 183: ...ewName Synopsis noView V1Mib allOfMib Default noView This parameter identifies the MIB tree s to which this entry authorizes write access If the value is noView then no write access is granted NotifyViewName Synopsis noView V1Mib allOfMib Default noView This parameter identifies the MIB tree s to which this entry authorizes access for notifications If the value is noView then no access for notific...

Page 184: ...ormation LLDP agent operation is typically implemented as two modules the LLDP transmit module and LLDP receive module The LLDP transmit module when enabled sends the local device s information at regular intervals in 802 1AB standard format Whenever the transmit module is disabled it transmits an LLDPDU LLDP data unit with a time to live TTL type length value TLV containing 0 in the information f...

Page 185: ... Delay Box 6 Apply Button 7 Reload Button 2 Configure the following parameter s as required Parameter Description State Synopsis Disabled Enabled Default Enabled Enables LLDP protocol Note that LLDP is enabled on a port when LLDP is enabled globally and along with enabling per port setting in Port LLDP Parameters menu Tx Interval Synopsis 5 to 32768 s Default 30 s The interval at which LLDP frames...

Page 186: ...uring LLDP for an Ethernet Port To configure LLDP for a specific Ethernet Port do the following 1 Navigate to Network Discovery Link Layer Discovery Protocol Configure Port LLDP Parameters The Port LLDP Parameters table appears Figure 135 Port LLDP Parameters Table 2 Select a port The Port LLDP Parameters form appears 5 4 3 2 1 Figure 136 Port LLDP Parameters Form 1 State Options 2 Port Box 3 Admi...

Page 187: ...receive LLDP frames Notifications Synopsis Disabled Enabled Default Disabled Disabling notifications will prevent sending notifications and generating alarms for particular port from the LLDP agent 4 Click Apply Section 5 7 3 Viewing Global Statistics and Advertised System Information To view global statistics for LLDP and the system information that is advertised to neighbors navigate to Network ...

Page 188: ...iew LLDP Neighbor Information The LLDP Neighbor Information table appears 1 6 2 3 4 5 Figure 138 LLDP Neighbor Information Table 1 Port Box 2 ChassisId Box 3 PortId Box 4 SysName Box 5 SysDesc 6 Reload Button This form displays the following information Parameter Description Port Synopsis 1 1 to 8 2 The local port associated with this entry ChassisId Synopsis Any 45 characters Chassis Id informati...

Page 189: ... of the switch FrmDrop Synopsis 0 to 4294967295 A counter of all LLDP frames discarded ErrFrm Synopsis 0 to 4294967295 A counter of all LLDPDUs received with detectable errors FrmIn Synopsis 0 to 4294967295 A counter of all LLDPDUs received FrmOut Synopsis 0 to 4294967295 A counter of all LLDPDUs transmitted Ageouts Synopsis 0 to 4294967295 A counter of the times that a neighbor s information has ...

Page 190: ...Chapter 5 Setup and Configuration RUGGEDCOM RSG2488 User Guide 178 Viewing Statistics for LLDP Ports ...

Page 191: ...been configured The switch is receiving the ping because the LEDs are flashing and the device statistics are logging the pings What is going on Is the switch being pinged through a router If so the switch gateway address must be configured as well The following figure illustrates the problem 192 168 0 1 10 10 0 1 10 10 0 2 192 168 0 2 1 2 3 Figure 140 Using A Router As A Gateway 1 Work Station 2 R...

Page 192: ... Occasionally the ports seem to experience significant flooding for a brief period of time A switch displays a strange behavior where the root port hops back and forth between two switch ports and never settles down Is it possible that one of the switches in the network or one of the ports on a switch in the network has STP disabled and accidentally connects to another switch If this has occurred ...

Page 193: ...ther are managed and the rest are unmanaged Why does the RSTP protocol work quickly when a link is broken between the managed bridges but not in the unmanaged bridge part of the ring A properly operating unmanaged bridge is transparent to STP configuration messages The managed bridges will exchange configuration messages through the unmanaged bridge part of the ring as if it is non existent When a...

Page 194: ...parate interface which will have its own associated IP address space On a network of 30 switches management traffic needs to be restricted to a separate domain What is the best method for doing this while staying in contact with these switches At the switch where the management station is located configure a port to use the new management VLAN as its native VLAN Configure a host computer to act as...

Search results

Summary of Contents for RSG2488

Reviews:

Related manuals for RSG2488

Brands by name

Popular brands

RuggedCom RSG2488, User Manual

Search results

Summary of Contents for RSG2488

Reviews:

Related manuals for RSG2488

Brands by name

Popular brands