GE Reason H49 Скачать руководство пользователя

Страница: 106 / 158

Technical Manual

GE Reason H49

106

H49/EN M/C22

8.1.4

Authentication

User authentication is a process that verifies the identity of a user who connects to a
device.

Any user interaction with Reason H49 requires authentication through a login and
password, whatever the interaction service (protocol) and regardless of the
interaction type (read, write).

8.1.4.1

Central Authentication

Reason H49 operates with LDAP for central authentication.

Centralized username/password management reduces the maintenance, as all user
credentials are stored in a server and not in each individual device.

To use centralized accounts, check the

LDAP Server Enabled

option in the

Security

> Security Settings

page.

When central authentication is used, then central authorization is applied. The
central authorization service provides the list of user’s roles.

The configuration of the LDPA server address, encryption mode, access account, etc.
is done in the

Security > LDPA Server

page.

Redundant LDAP server can be configured to ensure system redundancy.

RedBox

LAN_2A

LAN_2B

RedBox

S1514ENa

RedBox

Role: Administrator

Enters username & password

Security Server

Log Server

Cyber security : authentication & authorization

Grand Master Clock

V-DANH

DANH

SAN

Figure 86: Network Architecture with Centralized Authentication

Содержание Reason H49

Страница 1: ...GE Grid Solutions GE Reason H49 PRP HSR QuadBox Ethernet Switches Technical Manual Publication Reference H49 EN M C22 ...

Страница 2: ...tions technical sales office and request the necessary information Refer to the System Release Notes for new features Any agreements commitments and legal relationships and any obligations on the part of GE Grid Solutions including settlement of warranties result solely from the applicable purchase contract which is not affected by the contents of the guide LICENSES The Reason H49 software may con...

Страница 3: ...4 3 High availability Seamless Redundancy HSR Protocol 22 4 4 HSR Quadbox 24 4 5 PRP HSR Coupling 26 4 5 1 Connecting several PRP Networks to an HSR Ring 28 4 5 2 Connecting one PRP Networks to several HSR Rings 29 4 6 Standard Switch 30 4 7 Time Synchronization 30 4 7 1 Precision time synchronization PTP 31 4 7 2 NTP time synchronization 32 4 8 SNMP 33 4 8 1 Supported MIB 33 4 8 2 SNMP Traps 34 C...

Страница 4: ...rization 104 8 1 4 Authentication 106 8 1 5 Password Management 108 8 1 6 Security Logs 110 8 1 7 Local Logs 110 8 1 8 Remote Logs 110 8 1 9 Other Security Measures 111 CHAPTER 9 MAINTENANCE 112 9 1 Maintenance period 112 9 2 Product checks 113 9 2 1 Visual checks 113 9 2 2 Functional checks 113 9 3 Firmware Upgrade 113 9 4 Error detection 113 9 5 Testing the LEDs 114 9 6 Method of Repair 114 9 6 ...

Страница 5: ...ng an HSR Ring to two PRP LANs 27 Figure 9 Coupling one HSR ring to several PRP Networks 28 Figure 10 Coupling Several HSR Rings to a PRP Network 29 Figure 11 Example of PRP HSR Architecture with the Precision Time Protocol PTP 31 Figure 12 Example of NTP Synchronization 32 Figure 13 Front Face and side with dimensions 35 Figure 14 Example of Device Labeling 36 Figure 15 Manufacturing Label 37 Fig...

Страница 6: ...r Interface Start the Upgrade Process 77 Figure 57 Reason H49 Web User Interface Firmware Upload Confirmation 77 Figure 58 Reason H49 Web User Interface Select the Configuration File to be imported 78 Figure 59 Reason H49 Web User Interface Start the Upgrade Process 78 Figure 60 Reason H49 Web User Interface New Configuration Notification 79 Figure 61 Reason H49 Web User Interface New Configuratio...

Страница 7: ...ure 87 Reason H49 Web User Interface User Account Settings Icon 109 Figure 88 SSH Console Establish the connection with the H49 134 Figure 89 SSH Console Add the SSH Key 134 Figure 90 SSH Console Error during the Login Process 135 Figure 91 SSH Console Enforced Password Policy 135 Figure 92 SSH Console Agreement Conditions 136 Figure 93 SSH Console H49 Main Menu 136 Figure 94 SSH Console Informati...

Страница 8: ...lutions to specific requirements such as network redundancy management The products can be used independently or can be integrated to form a DS Agile system which is a Digital Control System DCS 1 1 Key Features Ports Up to 6 1Gbps ports copper or fiber Redundancy Communication Protocols Parallel Redundancy Protocol accordingly to IEC 62439 3 2016 Clause 4 PRP High Availability Seamless Redundancy...

Страница 9: ...tric system IEEE 1686 2013 Standard for IED Cyber security capabilities WIB 2 0 Process industry security standard Working party on Instrument Behavior The main parts of the WIB requirements will be merged under the roof of IEC 62443 Industrial Network and System Security CIS Hardened following Center for Internet Security recommendations Safety and environment IEC 61850 3 2013 General requirement...

Страница 10: ...Technical Manual GE Reason H49 10 H49 EN M C22 1 2 Ordering Options ...

Страница 11: ...h it is being connected Are familiar with accepted safety engineering practices and are authorized to energize and de energize equipment in the correct manner Are trained in the care and use of safety apparatus in accordance with safety engineering practices Are trained in emergency procedures first aid Although the documentation provides instructions for installing commissioning and operating the...

Страница 12: ...repetitively 2 3 2 Electrical Hazards Caution All personnel involved in installing commissioning or servicing this equipment must be familiar with the correct working procedures Caution Consult the equipment documentation before installing commissioning or servicing the equipment Caution Always use the equipment in a manner specified by the manufacturer Failure to do so will jeopardize the protect...

Страница 13: ...cting the test leads Caution Operate the equipment within the specified electrical and environmental limits Caution Before cleaning the equipment ensure that no connections are energised Use a lint free cloth dampened with clean water 2 4 Decommissioning and Disposal Caution Before decommissioning completely isolate the equipment power supplies both poles of any Vdc supply The auxiliary supply inp...

Страница 14: ...ng but not limited to fluctuations in electrical power supply computer hardware malfunctions computer operating system malfunctions software suitability suitability of compilers and development software used to develop an application installation errors software and hardware compatibility problems malfunctions or failures of electronic monitoring or control devices transient failures of electronic...

Страница 15: ...n designer is ultimately responsible for verifying and validating the suitability of GE Grid Solutions products whenever they are incorporated in a system or application even without limitation of the appropriate design process and safety levels of such system or application ...

Страница 16: ...H49 EN M C22 Chapter 4 Functional Description 4 1 Hardware The following section show different views of the device together with its components 4 1 1 Front Panel 2 1 3 9 S1601ENb 19 20 21 22 23 18 A B Figure 1 Front View and Rear View ...

Страница 17: ...atus of the product and its ports LED rank Signification Color Description Activity 1 Power 1 LED Green Powered on Off Switch is off 2 Operating state 1 LED boot ok alarm Amber default As long as the CPU board has not booted Green Healthy board works no contact alarm 3 Time Synchronization 1 LED Green PTP or NTP synchronization Red No synchronization or Switch in Grandmaster 4 to 9 Port activity 6...

Страница 18: ...atively Red Green and Amber LED chaser 4 1 2 Bottom view Reason H49 is a 6 port switch supporting any combination of 100Mbps and 1Gbps RJ45 copper or LC optical fiber ports The following figure presents the bottom view of the device together with its components S1602ENa Alarm Relay Slot A Slot B Slot C Figure 2 Reason H49 Bottom View ...

Страница 19: ...or distances up to 15km Description of the slots Slot Board Description A SRPV3 Communication port Port 1 to port 6 SFP transceiver optical copper Alarm Relay Connector Pin1 Normally Open Pin2 Common Pin3 Normally Closed B BIU261D Secondary Power Supply Pin2 In Pin1 In C BIU261D Primary Power Supply Pin1 to Pin21 Not Connected Pin22 Earth Pin23 In Pin24 In ...

Страница 20: ...oubly Attached Node running PRP to such devices Critical devices should be doubly attached using two ports The two LANs have no connection between them and are assumed to be fail independent A source DANP sends the same frame over both LANs and a destination DANP receives it from both LANs within a certain time consumes the first frame and discards the duplicate In the following figure DANP1 and D...

Страница 21: ... may be connected into the PRP network via a RedBox as shown in the following figure This is the case for SAN2 and SAN3 Because these SANs connect to both LANs they can be considered as Virtual Doubly Attached Nodes and described as VDANs Reason H49 can be configured as PRP RedBox and connect up to four SANs to the PRP network as shown in the following figure DANP 2 DANP 1 SAN 1 SAN 4 SAN 3 S1604E...

Страница 22: ...SAN 1 and SAN 2 can only send and receive frames without HSR header Singly attached nodes can however be connected to HSR ring via a device which converts a singly attached node into a doubly attached node Devices performing this function are often referred to as redundancy boxes or RedBoxes Thus devices with single network cards such as personal computers printers etc are singly attached nodes th...

Страница 23: ...e in the network Frames sent by a SAN device see C frames in the following figure are converted into two A and B frames and sent over the HSR network Received frames that are addressed to a SAN managed by a Redbox such as MMS messages are not forwarded on to the HSR network There are two basic operation principles depending on whether the broadcasted frames are multicast e g GOOSE or unicast e g M...

Страница 24: ...ning of MAC addresses on specific ports of a QuadBox device could lead to a short break in communication if the QuadBox that has learned an address and is forwarding network traffic fails With QuadBoxes realized as single physical entities the two interconnected rings share the same redundancy domain concerning fault tolerance If one QuadBox breaks down both interconnected rings are in a degraded ...

Страница 25: ...ected into the ring or a frame that the other QuadBox inserted into the ring it forwards it to the interlink and to its other port if it did not already send a copy This duplicate will be discarded at the other end of the interlink This scheme may cause some additional traffic on the interlink but it allows to simplify the design of the logic Note The maximum time skew between two frames of a pair...

Страница 26: ...nce number from the PRP RCT is reused for the HSR tag and vice versa to allow frame identification from one network to the other and to identify pairs and duplicates on the HSR ring introduced by a twofold injection into the ring through the two HSR RedBoxes DANH S1607ENa DANH DANH DANH A B H49 RedBox A Destination LAN A LAN B AB BA DANP DANP Source A frames B frames duplicated redundant frames fr...

Страница 27: ... previously received the same frame as AB from the ring or conversely RedBox B will generate an AB frame if it did not previously receive an A frame from the ring which is the case whenever frame A is not a multicast frame Multicast frames or unicast frames without a receiver in the ring see figure here above are removed by the RedBox that inserted them into the ring if they originated from outsid...

Страница 28: ...o RedBoxes that connect a PRP network with an HSR ring are configured with the NetId 1 7 and the LanId A 0 B 1 see the following figure DANH S1609ENa DANH DANH DANH H49 RedBox 1A LAN A LAN B H49 RedBox 1B DANP DANP DANH DANH DANH DANH H49 RedBox 2A LAN A LAN B H49 RedBox 2B DANP DANP DANH DANH Figure 9 Coupling one HSR ring to several PRP Networks To prevent reinjection of frames coming from one P...

Страница 29: ...rks to several HSR Rings A PRP network can be connected to any number of HSR rings but these rings cannot be connected between themselves neither by QuadBoxes nor by another PRP network since this would create loops DANH S1610ENa DANH DANH DANH DANH H49 RedBox A LAN A LAN B H49 RedBox B DANP DANP Source DANH DANH DANH DANH DANH H49 RedBox A H49 RedBox B Source Ring A Ring B Figure 10 Coupling Seve...

Страница 30: ...e MAC address in a received frame and stores it Once an address is recognized and stored the switch will forward frames to the appropriate port Up to 512 MAC addresses can be stored and monitored at any time 4 7 Time Synchronization Reason H49 supports real time clock synchronization for the timestamp of logs or events through the following network protocols Precision Time Protocol PTP in accordan...

Страница 31: ...nchronizes all clocks within a network by adjusting distributed clocks to a grandmaster clock PTP enables distributed clocks to be synchronized and maintained to sub microsecond accuracy Figure 11 Example of PRP HSR Architecture with the Precision Time Protocol PTP Note On PTP protocol a time discrepancy of 60 milliseconds per 24h is reported on Reason H49 equipped with a SRPv3 version x and used ...

Страница 32: ...er packet switched variable latency data networks Reason H49 supports NTP as shown in the figure below Figure 12 Example of NTP Synchronization 4 7 2 1 Time Zone The internal clock of Reason H49 can be synchronized using NTP protocol which sends the UTC time Greenwich Mean Time When using the equipment in other regions the time zone may be set manually to correct the internal clock ...

Страница 33: ...dentifier OID Each OID identifies a variable that can be read or set via SMP with the appropriate software 4 8 1 Supported MIB The SNMP MIB consists of distinct OIDs each of which refers to a defined collection of specific information used to manage devices over the network GE Grid Solutions management information bases MIB use the following types of object identifiers OID BRIDGE MIB RFC 1493 SNMP...

Страница 34: ...he management station Traps are change of state messages alerting the SNMP manager to a condition on the network A trap message is sent to alert the management station to some event or condition on the switch such as Loss of communication on one port Loss of power supply input Loss of time synchronization PTP Resource exhaustion ...

Страница 35: ...GE Reason H49 Technical Manual H49 EN M C22 35 Chapter 5 Installation 5 1 Dimensions Figure 13 Front Face and side with dimensions ...

Страница 36: ...e Reason H49 switch S1616ENa Manufacturer Label Firmware Label Manufacturing Label Figure 14 Example of Device Labeling Main information present in these labels includes Company Product name Cortec code Voltage range Serial number Caution notice Firmware version MAC address The following tables give the details of the label components ...

Страница 37: ...001_B Reference of the product GP0067001 Version of the product B Serial number 11111158 06 16 Unique serial number 8 numerical digits 11111158 Date of manufacturing MM YY 06 16 Barcode content description DSAGILEH4900000000000B_11111158_80B32AFF0000 Cortec number DSAGILEH4900000000000B Serial number without the manufacturing date 11111158 MAC Address 80B32AFF0000 ...

Страница 38: ...rsion 2 Second digit Compatibility indicator version 0 Third digit Maintenance Evolution Bug fix version 0 Fourth digit Second level maintenance version 0 Note Firmware label is given as an example Check last issue of datapack for correct firmware label 5 2 3 Manufacturer Label Figure 17 Manufacturer Label Label3 Manufacturer Label Label 28x50mm Font Alstom regular black Content manufacturer conta...

Страница 39: ...g brackets are located on the back of the H49 one at the top and one at the bottom of the rear face as shown below Figure 18 H49 DIN Rail Mounting Details Rear View with Mounting Rack Optional Weidmuller FM4 TS35 mounting clip can also be used as shown in the following figure to be ordered separately Figure 19 H49 DIN Rail Mounting Details Rear View with Weidmuller Clip ...

Страница 40: ... that 1 5 cm of space be kept between each switch mounted within the DIN Rail to allow for a small amount of airflow A closer spacing will result in higher device operating temperature Caution The orientation in which the Reason H49 is fitted on the DIN Rail is a key factor to optimal performance Reason H49 requires to be installed vertically on the DIN rail Other position would lead to inadequate...

Страница 41: ... IEC 60269 The fuses must be connected in series with the positive auxiliary supply input connections for both primary Pin 23 and secondary Pin 1 BIU261D inputs Wires should be connected with the power supply connectors unplugged Each wired signal has to be tested before plugging and fixing the connectors The connectors have to be fixed on the H49 case with the screws available at each extremity o...

Страница 42: ...earth conductors such as cable screens to the PCT stud The protective conductor must be connected first in such a way that it is unlikely to be loosened or removed during installation commissioning or maintenance This MAY be achieved by use of an additional locking nut Caution Always place the protective conductor earth as shown on the diagram below Figure 20 Protective Earth Screw The protective ...

Страница 43: ...es each Reason H49 must be carefully and correctly interconnected Within Reason H49 equipment earth and casing must be connected to a grid like grounding system in the shortest possible way using low impedance at high frequencies wide and short electrical connections wires or braids as specified in the IEC 61000 5 standard S1645ENa 1 5 cm 1 5 cm 1 5 cm 1 5 cm Figure 22 Recommended mounting and Cas...

Страница 44: ...Interface Unit BIU261D board which includes two redundant power supply inputs as shown in the following figure Figure 23 Reason H49 Power Supply Wiring BIU261D primary power supply The primary power supply is connected using a 24 way connector block S1613ENa Figure 24 Typical 24 way Female Connector ...

Страница 45: ...y connector block characteristics are as follows Continuous rating 10A Connection method M3 screws Cable section 2 5mm2 Connection pitch 5 08mm Insulation between terminals and to the earth 300 V basic insulation Standards UL CSA Note The connector is fixed using 2 M3 screws located at each end of the connector BIU261D secondary power supply The secondary power supply is connected using a 2 way co...

Страница 46: ...ch back to the primary power supply when the latter becomes available again and has been stable for a few seconds If the secondary power supply is lost while being used the BIU261 instantly switches to the primary power supply It will continue to use the primary power supply source as long as it is available even when the secondary power supply becomes available again Reason H49 supports the follo...

Страница 47: ...defect Kernel crash processor overload memory leak 2 Common 3 Normally Closed Closed Power supply defect both input voltage sources are down Operating System defect Kernel crash processor overload memory leak Open Normal Operation 6 4 1 Using Terminal Blocks Printed circuit board connectors can be used Figure 27 Pluggable Terminal Block The relay alarm connector shall be plugged with MSTB 2 5 HC 3...

Страница 48: ... insulated crimped ferrule suitable for 2 5mm2 wire size Figure 28 Pluggable Terminal Block Insulated wire ferrules must be slipped over the stripped cable and crimped to prevent stranded wire from fraying Caution Refer to section 10 5 3 Auxiliary Fault Relays Optical Port Alarm page 128 for electrical characteristics of alarm circuit ...

Страница 49: ...e the switch is powered and operating S1353ENa Figure 29 SFP Module Connection The SFP module is a hot swappable connector that provides high speed performance Reason H49 supports two kinds of modules Optical LC type SFP RJ45 type SFP The table below lists the supported LC type SFP and references Reference Manufacturer Description Connector Type Image AFBR 5715ALZ fit foxconn 1Gbps Multimode 850nm...

Страница 50: ...LZ fit foxconn 100Mbps Single mode IR 1 up to 15 km 1300 nm wavelength LC Duplex The table below lists the supported RJ45 type SFP and references Reference Manufacturer Description Connector Type Image ABCU 5741ARZ fit foxconn 10 100 1000Mbps RJ45 Caution Reason H49 is delivered with SFP cap inserted in each SFP cage The cap must be inserted in each SFP cage unused It is a protection against dust ...

Страница 51: ... kind of cable may disrupt time synchronization S1355ENa Figure 30 RJ45 SFP Module Caution When SFP Copper Ethernet modules are used the connected cables shall be shortened to minimum possible length We recommend that cables such as RJ45 category 6 or 5e do not exceed 3 meters to comply with Electromagnetic compatibility EMC requirements Connected cables shall not extend beyond the cabinet where t...

Страница 52: ...n observance of this rule could possibly result in personal injury Signals transmitted via optical fibers are unaffected by interference The fibers guarantee electrical isolation between the connections If electrical to optical converters are used they must have management of character idle state capability for when the fiber optic cable interface is Light off LC type small form factor pluggable S...

Страница 53: ...loss as shown in the figure below Transmitted Power Received Power S0525ENb Optical Transmitter Optical loss Connectors fibers Optical Receiver Figure 33 Fiber Budget For this product the optical budget is given in the table below Fiber type Multimode 62 5 125 micron Single mode 9 125 micron Power coupled into fiber 19 dBm 15 dBm Sensitivity 31 dBm 34 dBm In calculating the maximum distance the fo...

Страница 54: ...isplayed LED 1 is green LED 2 is amber LED 18 indicates the state of the redundant power supply At the end of the power up process the following indicators are displayed The LCD screen displays H49 and the device s IP address LED 1 is green LED 2 is green Refer to section 4 1 1 Front Panel page 16 for LEDs indications ...

Страница 55: ...mbedded web server from a PC connected to the same LAN as the Reason H49 switch the PC and the H49 must be on the same subnet The default IP address of the Reason H49 switch is 192 168 254 254 and the sub mask is 255 255 0 0 Your PC IP address must be set in the same LAN for initial configuration Note The device connects to the network through a Small Form factor Pluggable module SFP Refer to the ...

Страница 56: ...ult H49 s IP address 192 168 254 254 and press Enter on your keyboard Note The embedded web server only supports the secure HTTPS protocol When you access the server via https you may see a warning dialogue indicating that the certificate was signed by an unknown authority This is expected as the certificate provided by default is self signed To avoid this message in the future you can choose to i...

Страница 57: ...ason H49 Web User Interface Error during Login Process When connecting to Reason H49 for the first time the system prompts the user to change the default password Enter a new password and confirm Note The new password must match the Password complexity parameter which is enabled by default in H49 web user interface Refer to section 8 1 5 Password Management page 108 for more information Upon succe...

Страница 58: ...consists of two areas A configuration menu on the left side of the window which is organized into three main sections System Network Security A setting panel on the right Navigate through the configuration menu to access each of the switch s functions Figure 36 Reason H49 Web User Interface Start Page ...

Страница 59: ...ince last reboot Firmware Version Version of the firmware currently running on the device LED Chaser The LED chaser of the H49 is a function used to identify correctly a given device amongst others It consists in sequentially lighting all the LEDs in the front panel one after the other eight at a time Click Enable LED Chaser to activate the LED chaser and make the device s LEDs blink in sequence C...

Страница 60: ...iption Button color Display the port type in accordance of colors Red Redundant interface Port A Green Redundant interface Port B Blue PRP coupling interface White Standard interface Grey The port is not available in the selected redundancy mode Media and speed state of interfaces X1 to X6 Copper 10 100 1000 Mbps Fiber 100 Mbps Fiber 1000 Mbps Connection state of interfaces X1 to X6 Green Connecte...

Страница 61: ...splays read only information about the device s time synchronization protocol Figure 40 Reason H49 Web User Interface Time Synchronization Status This information comes from the configuration done in the System Global Settings page The following attributes are also displayed according to the selected value Note when the device uses its Local clock as time source then no other attribute is displaye...

Страница 62: ...rent clock E2E Transparent clock P2P A label Slave or Master indicates the current state as time Master or Slave Status Synchronized to a Master clock Not synchronized to a Master clock Grandmaster ID Grandmaster MAC address Time Source Atomic clock GPS Terrestrial radio Hand set Internal oscillator Other Clock Accuracy Case time error its magnitude between time that the device provided a traceabl...

Страница 63: ...tatus The following table gives a description of each table columns Attribute Description Date Time Date and time of log generation Severity Log s severity level Alert Critical Debugging Emergency Error Informational Notice Warning Group Group name of the Syslog message defined in the Cyber Security system specifications Authentication Security System Command Login Username at the origin of the Sy...

Страница 64: ...anual GE Reason H49 64 H49 EN M C22 7 4 1 2 Global Settings To configure the global settings of the Reason H49 switch click Global Settings in the System section Figure 42 Reason H49 Web User Interface Logs Status ...

Страница 65: ...e H49 is connected 255 255 0 0 Class B network Gateway IP address of the router that connects the LAN to an outside network 0 0 0 0 DNS IP address of the DNS Server used by your network 10 5 6 78 Time The Time area allows the user to set the time date and other time source attributes for the system and the PTP settings Attribute Description Timezone Allows conversion from GMT Greenwich Mean Time t...

Страница 66: ...vice will not postulate as time master during a selection campaign Enabled Domain Enter the PTP domain between 0 and 255 0 Priority 1 Enter the priority level to turn the H49 as the Master clock Priority 1 goes from 0 to 255 Lowest values increase the probability for the device to be elected Master clock 255 Priority 2 Enter the priority level to turn the H49 as the Master clock Priority 2 goes fr...

Страница 67: ...dBox Ports 1 and 2 are reserved for redundant connection to LAN A and LAN B respectively 4 Ports are available for SAN connections HSR PRP Coupling RedBox Ports 1 and 2 are reserved for redundant connection to HSR ring Port 3 is reserved for one of the PRP LANs 3 Ports are available for SAN connections HSR RedBox Ports 1 and 2 are reserved for redundant connection to HSR ring 4 Ports are available...

Страница 68: ...tate identification each port is colored in relation to its configured function Color Description Red Redundant port Green Redundant port Blue HSR PRP coupling port White Standard port Grey OFF port Figure 44 Reason H49 Web User Interface No Redundancy Mode Selected ...

Страница 69: ...avoid duplicated packages Note When coupling rings with two RedBoxes both RedBoxes must be configured with the same Network ID LAN ID Only displayed for HSR PRP coupling redundancy mode It identifies the PRP LAN to be connected to the device Note When coupling a ring with two RedBoxes one shall be set on LAN A and the other one shall be set on LAN B Pay attention not to configure both RedBoxes on ...

Страница 70: ... Management Protocol SNMP and is capable of exchanging information with other SNMP devices on the network This information is saved in the Management Information Base MIB of the switch To configure the SNMP settings of the switch click System SNMP Figure 46 Reason H49 Web User Interface SNMP Page ...

Страница 71: ...ecure protocol It supports the View Based Access Control Model and User Based Security Model along with encryption and Authentication features The following table summarizes the sections corresponding to each SNMP version V1 V2C V3 Communities Yes Yes No Groups Yes Yes Yes Users No No Yes Views Yes Yes Yes Access configurations Yes Yes Yes Throughout the page Click the button to add a new element ...

Страница 72: ...mmunity name and the community string access mode Figure 48 Reason H49 Web User Interface SNMP Community Section Attribute Description Community Name Name of the community Community String Authentication key to access the device acts as a password Groups Manage user groups by defining the group name and the related community name Figure 49 Reason H49 Web User Interface SNMP Group Section for SNMP ...

Страница 73: ...ttributes as detailed below Attribute Description User name User name Auth Type Authentication protocol Select the encryption algorithm for the authentication key MD5 Message digest algorithm SHA Secure hash algorithm Auth Password User s authentication Password Priv Protocol Select the privacy protocol to be used to encrypt the data of the SNMP message AES Advanced Encryption Standard DES Data En...

Страница 74: ...P versions Views This section allows the user to manage Views by defining their name and their related OID A given View is linked to a single OID and its sub OIDs Figure 52 Reason H49 Web User Interface SNMP View Section Attribute Description View name A unique View name Type Include or Exclude mode Include The given OID and all its tree will be visible for the group gathering this view Exclude Th...

Страница 75: ...all be careful not gathering two contradictory view in the same group for example gathering a View including a given OID and another view excluding the same OID Figure 53 Reason H49 Web User Interface SNMP Access Configuration Section Attribute Description Group name List of existing groups View name List of existing Views Access Mode Access mode to the view Read Write ...

Страница 76: ...ment Firmware Update The Firmware section allows an authorized user to keep Reason H49 up to date with the latest firmware from General Electric or revert the switch to factory settings and firmware When firmware update is required the first step to be done is requiring GE for the firmware file tar gz After this file is received copy the file to the PC on which management interface of the switch i...

Страница 77: ...gure 56 Reason H49 Web User Interface Start the Upgrade Process The package signature is verified before allowing the firmware to be installed A popup prompts the user to decide whether he she wants to keep the existing switch configuration settings user accounts logs date time Check the box to save the existing switch configuration and click Confirm Figure 57 Reason H49 Web User Interface Firmwar...

Страница 78: ...figuration was performed and it is requested to maintain the Running Configuration at the Startup Configuration the user must save it using the Save Running as Startup option in the Management page Import a New Configuration File To import a new configuration file to the device perform the following steps Click the button to navigate to the folder that contains the configuration file and then sele...

Страница 79: ...as shown in the following figure Figure 60 Reason H49 Web User Interface New Configuration Notification A message warms the user in the Management page as shown in the following figure Figure 61 Reason H49 Web User Interface New Configuration Notification Export Reason H49 Configuration File It is possible to export the Running and or the Startup configurations of the switch yaml file Click the co...

Страница 80: ... H49 Web User Interface Configuration Export By default the file is saved to the Downloads folder onto your local host System Reboot The user can reboot the device by clicking the Reboot button Figure 64 Reason H49 Web User Interface Reboot Button The system will ask for confirmation before proceeding Figure 65 Reason H49 Web User Interface Confirmation Button ...

Страница 81: ...re 66 Reason H49 Web User Interface Interface Configuration Note When the device is configured in QuadBox mode ports 5 and 6 are deactivated thus they are not displayed in the list Caution Be careful not to disable the port you are using for configuring the device In the same manner do not disable all the ports since it will not be possible to connect to the device afterwards If for any reason you...

Страница 82: ...y Usually trunk link connection is used to connect two switches or switch to router Reason H49 Reason H49 Port 4 Trunk port VLAN ID 1 Caution Wrong VLAN setting on access ports may cause communication failure with Reason H49 In such a case you shall reset the switch to factory default configuration as explained in section Revert to Default Factory Configuration Link Mode Select the link mode to be...

Страница 83: ...h h49 x x x x buildxx xx tar gz file After this file is received Copy the h49 x x x x buildxx xx tar gz file to a PC Unzip the file until you get the h49 x x x x buildxx raw file Download and install Win32DiskImager exe application from the link https sourceforge net projects win32diskimager This free of charge program is designed to write a raw disk image to a removable device Disconnect all the ...

Страница 84: ...icro SD Card Insert the micro SD card into your Windows PC s card reader You may use an SD card adapter to fit into the SD card slot Run the unzipped Win32DiskImager exe application From the Device drop down list select the SD card ensure that the correct driver is selected Figure 69 Win32DiskImage Program Select the SD Card Driver ...

Страница 85: ...select the unzipped raw file Click Open Figure 70 Win32DiskImage Program Select the Raw Image of the Switch Click Write to copy the RAW image on the SD card Figure 71 Win32DiskImage Program Start the File Copy An information message appears on screen click Yes to continue Figure 72 Win32DiskImage Program Confirm Overwrite process ...

Страница 86: ...te process in progress Once the process is complete click OK Figure 74 Win32DiskImage Program Overwrite process done successfully In the task bar of your PC click the icon to safely remove hardware and eject media Remove the micro SD card from your PC and insert it into the SRPV3 board Screw the eight 8 M6 screws on the switch case ...

Страница 87: ...Supply Input Slot B 1 and 2 2 Alarm Relay Slot A 1 2 and 3 3 Using an insulation resistance tester and taking care to follow the manufacturer s safety precautions test between the following isolation groups with the output set to 500 V DC Test First Isolation Group Second Isolation Group 1 Primary Power Supply Input Group 1 Groups 2 and 3 connected to Case PCT 2 Secondary Power Supply Input Group ...

Страница 88: ...ontinuity tester or Digital Multimeter check that the resistance from the PCT to all other conductive case components on the unit is 1Ω If any of the test measurements are not 1Ω then the root cause must be identified and rectified before the unit can be returned to active service ...

Страница 89: ...cate with other devices on the same VLAN If a device on VLAN A needs to communicate with devices on VLAN B the traffic must pass through a routing device Restricted traffic with traditional networks traffic is directed to all network devices regardless of whether or not they need it and may cause network congestion VLANs are set up to contain only those devices that need to communicate with each o...

Страница 90: ...r display purposes only X1 to X6 Check the box for each port you wish to include in this VLAN Note in QuadBox configuration the ports 5 and 6 might be disabled Thus we highly recommend to check the interfaces implied in the VLAN configuration against the selected redundancy mode It is possible to remove a VLAN by clicking on the corresponding Remove icon 7 4 2 3 Multicast Filtering Ethernet protoc...

Страница 91: ...e filter relies on a range of MAC addresses applied to one or more device ports interfaces To manage Multicast filtering rules click Network Multicast Filtering Figure 77 Reason H49 Web User Interface Multicast Filtering Configuration Add multicast MAC addresses manually Attribute Description MAC Address Set the forbidden MAC addresses for the selected port s Mask Length Number of bytes of the MAC...

Страница 92: ...To configure priority queues click Network Priority Figure 78 Reason H49 Web User Interface Priority Configuration Set the priority mechanism as described below Attribute Description Queue 0 to Queue 3 Select the queue for which the PCP is set A given queue can be associated with 0 or more PCPs PCP0 to PCP7 Priority Code Point PCP Only one Queue can be selected for each row Click the Default Value...

Страница 93: ...lick Security Security Settings From this page you can set the user and system management parameters and manage TLS and trusted certificates Figure 79 Reason H49 Web User Interface Security Configuration System Set the system security settings as described below Attribute Description Inactivity Period Sets the inactivity period before disconnecting a user If Period equals 0 then no disconnection t...

Страница 94: ...ed in Syslog page Certificate Management Certificates are used in a network to provide secure access This is an electronic document that identifies an entity machine server or other and associates that entity with a key Reason H49 uses certificates for communicating with external servers such as the syslog and LDAP server or upgrading HTTPS To upgrade certificates perform the following steps Click...

Страница 95: ...le If local authentication is used then its associated authorization will also be local Set the user account properties as described below Attribute Description Password Complexity Enables account password complexity When checked user s password shall fit the following restrictions Minimum length of password At least 4 character types Upper Lower Numeric Special Minimum Length Sets the minimum num...

Страница 96: ...on shown there is no special issue concerning the account The account has been disabled by the security administrator see Edit User Account section The account has been locked by the system after some login attempts The user has to wait until the end of the security time see Locking Period in Security Settings section However the security administrator can manually unlock the account see Security ...

Страница 97: ...Unique login name Full Name User s name Password User s password Automatic default password is generated when opening the New window Special characters will not be accepted Roles User s role Viewer Engineer Security Administrator Security Auditor Disable the user account A new disabled account can be generated by checking this option Click Save to save the new user account Modifications are immedi...

Страница 98: ...n the Account Settings popup make the relevant changes Figure 95 Reason H49 Web User Interface Change Settings of a Local User Account If the selected user s account is locked an unlock button is available for users with Security administrator role A Reset password option is also available for users with Security administrator role In this case the system generates a new automatic password that th...

Страница 99: ...eir own account settings These attributes are accessible by clicking on the user icon in the top right corner of the web server application Figure 82 Reason H49 Web User Interface User Account Settings Icon The attributes displayed in the Account Settings window are Login Full Name Current Password New Password Confirm Password Figure 83 Reason H49 Web User Interface Account Settings ...

Страница 100: ... the LDAP Server using the Fully Qualified Domain Name FQDN for instance kiwi dsagile intern Port Communication port used by the LDAP servers TLS Enables the TLS encryption over the LDAP communication channel Base DN Base Distinguished Name in the LDAP server Authentication Mode Authentication access mode to the LDAP server Simple Anonymous User DN User account authorized to request data to the LD...

Страница 101: ...sful User account changes password reset change of role User account created locked unlocked removed Time date change Logout Timeout User log off Role assigned to and removed from user account Firmware application update Certificate management Database switch Central authentication server activity reachable or not System stopped rebooted Syslog server activity reachable or not This Syslog Server f...

Страница 102: ...t to the server on the fly in other words messages are not buffered and sent in batch to the server When TCP or TCP TLS is used If the log server is unavailable the log messages are temporarily buffered and they are sent to the server upon service reestablishment Figure 85 Reason H49 Web User Interface Syslog Server Settings ...

Страница 103: ...ge or unauthorized access Various standards and recommendations apply to substation cyber security and consist in maintaining the Availability Integrity and Confidentiality of the substation data and automation processes 8 1 Reason H49 Cyber Security Implementation At the Reason H49 level the following cyber security measures have been implemented Encryption and Credential Secured File Transfer Au...

Страница 104: ...can interact with it When successfully authenticated the user can only perform actions for which privileges have been explicitly granted to him her These permissions are set by a security administrator and stored locally or on the authentication server 8 1 3 1 Role Based Access Reason H49 uses the concept of Roles and Rights This process consists in assigning local authorized users to one predefin...

Страница 105: ...eters and visualize the security logs The Security Administrator is not allowed to display any data of DS Agile system load a database nor change a sub system operating mode Security Auditor A Security Auditor can only display data or read information A Security Auditor is authorized to visualize the security logs Note If the roles assigned to a user change the user must logout and log back in to ...

Страница 106: ...r and not in each individual device To use centralized accounts check the LDAP Server Enabled option in the Security Security Settings page When central authentication is used then central authorization is applied The central authorization service provides the list of user s roles The configuration of the LDPA server address encryption mode access account etc is done in the Security LDPA Server pa...

Страница 107: ...er Enabled option is not selected in the Security Security settings page Reason H49 uses a local account service for local authentication It means that information about user s is stored on the system Note Local user accounts are applied only if no LDAP account management has been defined or if the LDAP server is not accessible If local authentication is used then its associated authorization will...

Страница 108: ...disabled to accommodate customers that do not require complex passwords Password Expiration Period The security administrator can force users to change regularly their password He she can set the password lifetime after which it expires Consecutive Login Attempts The security administrator can set the number of consecutive login attempts before locking a user account and the locking period Inactiv...

Страница 109: ...be modified Full name Current password New password Confirm password Reset a Password To reset a password the old and new passwords are required Only a user with Security Administrator privileges can reset a user s password by clicking Reset password in the user Security User Account Account Setting page In this case the system will automatically generate a new password that can be changed by the ...

Страница 110: ...ogged 8 1 8 Remote Logs Reason H49 supports logging to a remote Syslog server Refer to the Security Settings section for more details At any time the security administrator can enable disable logging to a central syslog server Syslog implementation supports UDP TCP and TCP over TLS If the log server is reachable then the log messages are sent to the server on the fly in other words messages are no...

Страница 111: ...n is done from the Network Interface page Every interface is represented by a row in the table Note When the device is configured in QuadBox mode ports 5 and 6 are deactivated thus they are not displayed in the list Firmware Update Reason H49 firmware is digitally signed When uploading and installing a new firmware version on the device the package signature is verified before allowing the firmwar...

Страница 112: ...gular intervals to confirm that it is operating correctly The device is self supervising and so requires less maintenance than earlier devices Most problems will result in a reboot However some periodic tests should be carried out to ensure that they are functioning correctly and that the external wiring is intact It is the responsibility of the customer to define the interval between maintenance ...

Страница 113: ...anel give correct indications see the Hardware section Check that the network connectors are correctly fitted 9 3 Firmware Upgrade Follow the procedure described in the Management section 9 4 Error detection Most of the faults are indicated through the LEDs in the front panel See the Hardware section for more details on LEDs indication Reason H49 supports monitoring access through SNMP It is the r...

Страница 114: ... it will need to be replaced with an equivalent device 9 6 1 Replacing Reason H49 The case and connectors have been designed for ease of use so removing Reason H49 is very simple 9 6 1 1 Removing Reason H49 Before disconnecting check that labels correctly identify the connections and match the descriptions Note the IP Address Subnet settings etc to configure the replacement Proceed by 1 Disconnect...

Страница 115: ...ons com multilin support ret_proc htm 2 Fill in the RMA form Fill in only the white part of the form Please ensure that all fields marked M are completed such as Equipment model Model No and Serial No Description of failure or modification required please be specific Value for customs in case the product requires export Delivery and invoice addresses Contact details 3 Send the RMA form to your loc...

Страница 116: ...cified by your local contact Make sure all items are packaged in an anti static bag and foam protection Make sure a copy of the import invoice is attached with the returned unit Make sure a copy of the RMA form is attached with the returned unit E mail or fax a copy of the import invoice and airway bill document to your local contact ...

Страница 117: ...tions Storage conditions Ambient Air Temperature5 25 C 55 C 40 C 70 C1 Solar radiation Negligible Altitude 2 000 m Relative humidity 24 h average From 5 to 95 RH2 Atmospheric pressure 86kPa to 106kPa Air pollution by dust salt smoke corrosive flammable gas vapours No significant air pollution4 Vibration earth tremors Class 13 Note 1 The GE Reason H49 should be stored in its supplied packaging Note...

Страница 118: ... 2013 Mechanical ports 60s Test voltage 12Vdc or 12 Vrms ac 10 3 2 Electromagnetic Compatibility 10 3 2 1 Standard compliance Reason H49 is compliant with European Commission Directive on EMC IEC 61000 5 standard 10 3 2 2 DC Auxiliary supply Description Test Standard Group Test Level DC voltage interruptions IEC 61000 4 29 2000 IEC 60255 26 2013 DC Power port Supply Interruptions ΔU100 for 50ms DC...

Страница 119: ...own start up IEC 60255 26 2013 AC DC Power port Shut down ramp 60s Power off 5 min Start up ramp 60s Reversal of DC Power Supply IEC 60255 27 2013 10 6 6 AC DC Power port Duration 60s Burden for binary input Binary inputs PSU 110Vdc load Max 1VA PSU 220Vdc load Max 1VA 10 3 2 5 Fast Transient Description Test Standard Mode Group Test Level Fast Transient IEC 61000 4 4 2012 IEC 60255 26 2013 CDN DC...

Страница 120: ... at 10m and 3m measuring distances 1 GHz to 3 GHz 56dB μV 76dB μV m 3 GHz to 6 GHz 60dB μV m average at 3m easuring distance 80dB μV m 10 3 2 7 Immunity Description Test Standard Mode Group Test Level Conduced disturbances induced by radiofrequency fields IEC 61000 4 6 2013 IEC 60255 26 2013 DC and AC Power ports earth port signal ports Level 3 10V rms Disturbance signal 80 AM with a 1KHz sine wav...

Страница 121: ... Signal ports Level 4 Source impedance 2Ω Line to ground 4kV coupling resistor 40Ω coupling capacitance 0 5 µF Power frequency magnetic field IEC 61000 4 8 2009 IEC 60255 26 2013 Enclosure port Level 5 100A m continuous 60s 1000A m for 1s Pulsed magnetic field immunity IEC 61000 4 9 2001 Enclosure port Level 5 1000A m peak Applied 6 4 16µs magnetic field pulses in all planes for the EUT in a quies...

Страница 122: ...N M C22 Main frequency voltage IEC 61000 4 16 compil 2011 IEC 60255 26 2013 DC Power port Signal ports Level 4 30 Vrms cont 300 Vrms for 1 s Coupling resistor 200Ω and coupling capacitor 1uF DC and inputs Coupling resistor 50Ω Ethernet ports ...

Страница 123: ...lectric type test Earth and all others AC DC Power binary input output alarm ports 2kV before and after environmental tests Earth and all others Serial and internet ports 0 5kV before and after environmental tests Protective bonding resistance Mechanical ports 60s Test voltage 12Vdc or 12 Vrms ac before and after environmental tests 10 3 4 2 Climatic Description Test Standard Test Level Dry heat M...

Страница 124: ... 3 RH 6 of 24 hours 12 h 12 h cycles 10 3 4 3 Mechanical Description Test Standard Test Level Vibration response IEC 60255 21 1 1988 Class 2 Vibration endurance sinusoidal IEC 60255 21 1 1988 Class 1 Shock response IEC 60255 21 2 1988 Class 2 Shock withstand and bump IEC 60255 21 2 1988 Class 1 Seismic IEC 60255 21 3 1993 Class 2 Enclosure protection IEC 60529 2013 IP2x ...

Страница 125: ...ng successfully over a minimum range of 85 to 110 of rated voltage at rated frequency AC rated control power inputs AC Power port Operating successfully over a minimum range of 85 to 110 of rated voltage at rated frequency Dielectric power frequency DC and AC Power ports Binary input output Alarm output 2kV AC between 45Hz and 65Hz 1min Signal ports RJ45 serial com 500V AC between 45Hz and 65Hz 1m...

Страница 126: ...und 4kV coupling resistor 40Ω coupling capacitance 0 5 µF RF susceptibility tests IEEE C37 90 2 2004 B10 6 faces Enclosure ports a Field strength 20 V m 0 to 6 dB un modulated b Sine wave amplitude modulation 80 AM at 1 kHz rate c Range of 80 MHz to 1000 MHz d Spot frequency tests 80 160 and 450MHz 0 5 900MHz 5 MHz e Dwell time 0 5s 6 faces Enclosure ports a Field strength 10 V m 0 to 6 dB un modu...

Страница 127: ...61000 4 10 2001 Enclosure port Level 5 100A m peak Applied in all planes at 100kHz repetition rate 40Hz during 60s 1MHz repetition rate 400Hz during 60s Immunity to common mode disturbances IEC 61000 4 16 2002 DC AC Power port Signal ports Level 4 30 Vrms cont 300 Vrms for 1 s Frequency range 0Hz to 150kHz Coupling resistor 200Ω and coupling capacitor 1uF DC and inputs Coupling resistor 50Ω Ethern...

Страница 128: ...Rail EN50022 10 5 2 Auxiliary Power Supply Item Description Supply voltage range 85 220 Vdc 85 230 Vac Power consumption 10 W Input Frequency voltage The nominal frequency fn for the AC auxiliary voltage is dual rated at 50 60 Hz the operating range is 44 Hz to 66 Hz 10 5 3 Auxiliary Fault Relays Optical Port Alarm Item Description Connector NC contact potential free Max switching voltage 250 VAC ...

Страница 129: ...ak current A Power up duration ms 110 19 4 110 220 43 8 92 10 5 4 3 Maximum measured inrush current Vac Power input voltage Vac Measured peak current A Power up duration ms 110 12 84 126 230 14 8 109 10 6 Ethernet Management Item Description Standards IEEE802 3 802 3u 802 3x Forwarding mode Store and forward Memory bandwidth 800 Mbps MAC Address 512 Address learning Automatic Illegal frame Dropped...

Страница 130: ...EN M C22 10 7 Manufacturer General Electric Grid Solutions Worldwide Contact Centre St Leonards Building Red Hill Business Park Stafford ST16 1WT United Kingdom UK Tel 44 0 1785 25 00 70 Fax 44 0 1785 27 09 40 www gegridsolutions com contact ...

Страница 131: ...erate at 100 Mbps FQDN A fully Qualified Domain Name FQDN sometimes also referred to as an absolute domain name is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System DNS It specifies all domain levels including the top level domain and the root zone Half duplex A system that allows packets to be transmitted and received but not at the same time Contrast...

Страница 132: ... gathered at a single workstation Whereas SNMP gathers network data from a single type of Management Information Base MIB RMON 1 defines nine additional MIBs that provide a much richer set of data about network usage For RMON to work network devices such as hubs and switches must be designed to support it The newest version of RMON RMON 2 provides data about traffic at the network layer in additio...

Страница 133: ...ur computer 2 Go to Network Connections 3 Right click Local Area Connection and select Properties 4 Select Internet Protocol Version 4 TCP IP and click Properties 5 Select Use the following IP address and type a compatible IP address and a sub mask of 255 255 0 0 6 Click OK to save the change Reboot your PC if prompted 7 Connect an Ethernet cable between your PC and any port on the Reason H49 swit...

Страница 134: ...d type the IP address of the switch 192 168 254 254 4 Set the port to 22 5 Check the SSH connection type and click Open to establish the connection Figure 88 SSH Console Establish the connection with the H49 When starting the SSH console for the first time a security popup window appears on screen 6 Click Yes to accept the SSH key and carry on connecting Figure 89 SSH Console Add the SSH Key ...

Страница 135: ...ge the user name and the password later in the Command Line Interface If an error occurs during the authentication process an information message appears on screen as shown in the following figure Figure 90 SSH Console Error during the Login Process When connecting to Reason H49 for the first time the system prompts the user to change the default password Enter a new password and confirm Figure 91...

Страница 136: ...igure 92 SSH Console Agreement Conditions The Reason H49 s start screen appears Figure 93 SSH Console H49 Main Menu Note To modify the appearance of the SSH console select Appearance under the Window menu and change the desired formatting options or go to Colours to change the use of Foreground and Background colours ...

Страница 137: ...e effect as s 12 1 4 1 Common parameters All commands support the following parameters Parameter Effect d Displays the command description i Displays information about the configuration h Displays all parameters and values valid for the command v Displays the command version S Saves the settings make the modifications permanent D Enables debugging mode iy Displays the configuration in YAML format ...

Страница 138: ...r Description Values alarmContact c Contact number 1 2 f Force Logic Output State unforced energized unenergized Global Status The system command allows you to configure the global settings of the system system a IP Address n netmask g gateway s DNS IP Address m MAC Address t name S i command parameter Description Values Default system a Sets the Reason H49 IP Address 192 168 254 254 n Sets the Re...

Страница 139: ...ptp m Sets the IEEE1588 v2 operating mode disable ordinary boundary f Sets the IEEE1588 v2 profile power_2011 default_12 l Sets the IEEE1588 v2 delay disabled p2p TC peer to peer e2e TC end to end s Sets the IEEE1588 v2 steps 1 2 p1 Sets the IEEE1588 v2 prority1 0 to 255 p2 Sets the IEEE1588 v2 priority2 0 to 255 a Sets the IEEE1588 v2 domain 0 to 255 n Sets VLAN used for PTP 0 to 4094 c Sets PCP ...

Страница 140: ...command Great care shall be exercised in using such commands P Prepares a new configuration from scratch C Copies the current configuration to a new configuration L Adds the single quoted configuration_line to the new configuration The line must be valid as it is not checked prior to being inserted in the new configuration The line must NOT contain single quote characters A Applies the new configu...

Страница 141: ...ed settings are passed directly to the SNMP configuration without further checking In the same manner unsupported settings cannot be modified by using the set command they shall be deleted prior to being re set The list of currently supported settings may evolve over time Use the snmp i command to see which settings are currently supported For further detail please refer to http www net snmp org d...

Страница 142: ...h a file bin r Changes the redundancy operating mode You must restart Reason H49 to apply changes HSR HSR_PRP PRP NONE QUADBOX U Upgrades the firmware from a tar gz file Restart is needed u Url of the upgrade file tar gz file 12 1 4 3 Network Commands VLAN The following values can be set to configure the Reason H49 VLANs vlan c vlan name l vlan Id r vlan Id p port 1 port2 S i command parameter Des...

Страница 143: ... link mode Autoneg 1000full 100full 10full l Sets default VLAN 1 to 4095 n Sets default PCP 0 to 7 t Sets VLAN tagging Enable disable o Sets default VLAN for VLAN0 0 to 4095 0 Sets priority for PCP 0 0 to 3 1 Sets priority for PCP 1 0 to 3 2 Sets priority for PCP 2 0 to 3 3 Sets priority for PCP 3 0 to 3 4 Sets priority for PCP 4 0 to 3 5 Sets priority for PCP 5 0 to 3 6 Sets priority for PCP 6 0 ...

Страница 144: ...e the MAC table When the aging time for a MAC address in the table expires the address is removed For each MAC address in the Ethernet switching table the switch records a timestamp of when the information about the network node was learned Each time the switch detects traffic from a MAC address that is in its Ethernet switching table it updates the timestamp of that MAC address A timer on the swi...

Страница 145: ...eter Description Values filtering e Sets the filter entry 4 to 9 s Sets the filter entry state enable disable a Sets the filter MAC Address xx xx xx xx xx xx f Sets the filter ports allowed interfaces into which the matching frame can be forwarded None SE01 CE01 CE02 CE03 CE04 CE05 CE06 l Sets the filter length mask length from the start of the MAC addresses for incoming frame 0 to 48 t Sets the f...

Страница 146: ...rs 1 to 999 L Minimum user s password length P Enables Disables password policy Enable Disable c sets a new LDAP certificate s sets a new syslog certificate k sets a new key store for Reason web user interface User Account The following values can be set to configure and manage all user accounts create modify or delete user or user group command parameter Description Values account c Creates a new...

Страница 147: ... calls to synchronous LDAP APIs will abort if no response is received In seconds s Turns SSL on e Turns LDAP on x Turns LDAP off Note Refer to Appendix 2 for additional information about use cases of LDAP configurations SysLog Server The Log command allows you to manage the log feature such as configuring the remote syslog information enabling disabling central logs command parameter Description V...

Страница 148: ...rver m Updates the banner text with a message text p Protocol to be used for the remote FTP SFTP server r Sets the banner text with a remote file s Enables disables the banner enable disable Communication Protocol The following values can be set in the Communication Protocol configuration command parameter Description Values Communicationprotocol f Sets the port for the FTP protocol u Defines the ...

Страница 149: ...cy The example below shows the use of the redundany command line Command Description redundany l n a Sets the Reason H49 redundancy mode the network ID and the redundancy supervision MAC address Example redundancy l HSR PRP A n 2 a 01 15 4E 00 01 00 12 2 1 2 System The example below shows the use of the system command line Command Description system a n g c t Sets the switch IP address netmask nam...

Страница 150: ...mand line Command Description switch m Sets the switching mode Example switch m adaptative 12 2 1 4 Alarm Contact The example below shows the use of the alarmContact command line Command Description alarmContact c f c f Sets the Logic Output State of each contact Example alarmContact c 1 f unforced c 2 f unforced ...

Страница 151: ...chnical Manual H49 EN M C22 151 12 2 2 Networks Commands 12 2 2 1 Interface The example below shows the use of the interface command line Command Description Interface i Shows the interface status VLAN settings Example ...

Страница 152: ...xample below shows the use of the macAdressTable command line Command Description macAddressTable a b f Sets the MAC address lifetime aging base time and HSR entry forgetTime Example macAddressTable a 48 b4 f 10 12 2 2 4 NTP The example below shows the use of the ntp command line Command Description ntp s c a p Disables or enables the local NTP server and client and sets the IP address of remote N...

Страница 153: ...P frames and the VLAN used Example ptp m ordinary l p2p f power_2011 p1 128 p2 128 a 0 s 2 c 4 n 0 s 1 12 2 2 6 Timezone The examples below show the use of the timezone command line Example of command Description timezone z time zone Sets the H49 time zone Example timezone z Europe Andorra 12 2 2 7 Banner Text The examples below show the use of the bannertext command line 12 2 2 7 1 Change Banner ...

Страница 154: ...tion Example of command Description account i Displays information about account configuration Example Figure 94 SSH Console Information about the account configuration Create a new user Example of command Description account u user_name c user_group p password Creates a new user with a user group and a password Example account u JohnDoe c secadm p General ...

Страница 155: ...AP Base DN Example of command Description ldap b ou dc dc Sets the base DN for the LDAP connection Example ldap b ou DSAGILE dc VMADSYSLOGRADIUS DC DSAGILE Configure User DN and Password and Timeout Example of command Description ldap r cn cn dc dc P t Sets the user DN to connect to the LDAP database then configures the password of the user DN and the connection timeout Example ldap r cn Administr...

Страница 156: ... command line Information Example of command Description security i Displays information about security configuration Example Figure 95 SSH Console Information about the security configuration Lock Period Example of command Description security l 10 Sets the lock period to 10 minutes Example root h49 security l 10 ...

Страница 157: ......

Страница 158: ... Information contained in this document is indicative only No representation or warranty is given or should be relied on that it is complete or correct or will apply to any particular project This will depend on the technical and commercial circumstances It is provided without liability and is subject to change without notice Reproduction use or disclosure to third parties without express written ...

Результаты поиска

Содержание Reason H49

Отзывы:

Похожие инструкции для Reason H49

Бренды по названию

Популярные бренды

GE Reason H49, Техническое руководство

Результаты поиска

Содержание Reason H49

Отзывы:

Похожие инструкции для Reason H49

Бренды по названию

Популярные бренды