Hirschmann MACH 4000 Series Скачать руководство пользователя страница 94 | Manualshive

Страница: 94 / 236

Hirschmann MACH 4000 Series Скачать руководство пользователя страница 94

Protection from unauthorized access

94

6.6 Access Control Lists (ACL)

Basic - L3P

Release 3.1 06/07

6.6.3 Configuring IP ACLs

Example: Extended ACL

B and C are not allowed to communicate with A.

enable
configure

Switch to the privileged EXEC mode.

Switch to the configuration mode.

access-list 100 permit ip
10.0.1.11 0.0.0.0
10.0.1.158 0.0.0.0

access-list 100 permit any
any

Create the extended ACL 100 with the first rule.
This denies data traffic from the IP source address
10.0.1.11 to the IP destination address 10.0.1.158.

Add to ACL 100 a further rule. This permits data
traffic from any IP source address to any IP desti-
nation address.

access-list 110 permit ip
10.0.1.11 0.0.0.0
10.0.1.158 0.0.0.0

access-list 100 permit any
any

Create the extended ACL 110 with the first rule.
This denies data traffic from the IP source address
10.0.1.13 to the IP destination address 10.0.1.158.

Add to ACL 110 a further rule. This permits data
traffic from any IP source address to any IP desti-
nation address.

exit
show ip access-lists 100

Switch to the privileged EXEC mode.

Display the rules of ACL 100.

C

B

D

A

IP: 10.0.1.13/24

IP: 10.0.1.158/24

IP: 10.0.1.11/24

IP: 10.0.1.159/24

Interface: 3.1

Interface: 2.1

Interface: 1.3

Interface: 2.3

«
...
92
93
94
95
96
...
»

Содержание MACH 4000 Series

Страница 1: ...Basic L3P Release 3 1 06 07 Technical Support HAC Support hirschmann de User Manual Basic Configuration Industrial ETHERNET Gigabit Switch Power MICE MACH 4000...

Страница 2: ...he end user license agreement on the enclosed CD applies The performance features described here are binding only if they have been expressly guaranteed in the contract This publication has been creat...

Страница 3: ...meter 27 2 1 1 IP address version 4 27 2 1 2 Network mask 28 2 1 3 Example of how the network mask is used 30 2 2 Entering the IP parameters via CLI 32 2 3 Entering the IP parameters via HiDiscovery 3...

Страница 4: ...lable 63 4 1 2 Starting the software 65 4 1 3 Performing a cold start 65 4 2 Loading the Software from the tftp Server 66 4 3 Loading Software via file selector 68 5 Configuring ports 69 6 Protection...

Страница 5: ...ering the Time 104 7 2 SNTP 106 7 2 1 Descripton SNTP 106 7 2 2 Preparing the SNTP configuration 107 7 2 3 Configuring SNTP 108 7 3 Precison Time Protocol 111 7 3 1 Funtion description PTP 111 7 3 2 P...

Страница 6: ...Description VLANs 151 8 6 2 Configuring VLANs 154 8 6 3 Setting up VLANs 156 8 6 4 Displaying the VLAN configuration 157 8 6 5 Deleting the VLAN settings 157 8 6 6 Example of a simple VLAN 158 9 Opera...

Страница 7: ...Server 196 A 2 Setting up DHCP Server Option 82 202 A 3 tftp server for software updates 207 A 3 1 Setting up the tftp process 208 A 3 2 Software access rights 211 A 4 Preparing for access via SSH 212...

Страница 8: ...Contents 8 Basic L3P Release 3 1 06 07 Appendix C Index 231...

Страница 9: ...network D Function diagnosis The Installation user manual contains a device description safety instructions a description of the display and all the other information that you need to install the devi...

Страница 10: ...nce manuals If you use Network Management Software HiVision you have further opportunities to D have an event logbook D configure the System Location and System Name D configure the network address ra...

Страница 11: ...heading Indicates a cross reference with a stored link Note A note emphasizes an important fact or draws your attention to a dependency Courier font ASCII representation in user interface Symbols used...

Страница 12: ...Key 12 Basic L3P Release 3 1 06 07 Hub A random computer Configuration computer Server...

Страница 13: ...Switch has been developed for practical application in a harsh industrial environment Accordingly the installation process has been kept simple Thanks to the selected default settings you only have t...

Страница 14: ...Introduction 14 Basic L3P Release 3 1 06 07...

Страница 15: ...user interfaces The Switch has three user interfaces which you can access via different interfaces D System monitor via the V 24 interface out of band D Command Line Interface CLI via the V 24 connect...

Страница 16: ...on U Opening the system monitor V Using a terminal cable see accessories connect the V 24 RJ11 socket to either a terminal or a COM port of a PC with terminal emulation according to VT 100 For the phy...

Страница 17: ...Release 3 1 06 07 1 1 System monitor 17 Fig 1 Screenshot during the boot process V Press within one second the 1 key to start system monitor 1 PowerMICE MS4128 5 Boot Release 1 00 Build 2005 09 17 15...

Страница 18: ...desired menu by entering the number V To leave a sub menu and return to the main menu of system monitor 1 press ESC System Monitor Selected OS L3P 01 0 00 K16 2005 10 31 19 32 1 Select Boot Operating...

Страница 19: ...and Line Interface can be accessed via D the V 24 out of band port or D Telnet in band D SSH in band Note To facilitate making entries the CLI offers the option of abreviating keywords Type in the fir...

Страница 20: ...alue for the password is private Press the Enter key You can change the username and the password later in the Com mand Line Interface Note that these entries are case sensitive The start screen then...

Страница 21: ...mmand Line Interface 21 Fig 4 CLI screen after login NOTE Enter for Command Help Command help displays all options that are valid for the normal and no command forms For the syntax of a particular com...

Страница 22: ...U Opening the Web based Interface To open the Web based interface you will need a Web browser a pro gram that can read hypertext for example Mozilla Firefox version 1 or higher or Microsoft Internet...

Страница 23: ...he connection by entering the IP address of the Switch that you want to administer via the Web based network management in the address field of the Web browser Enter the address in the following form...

Страница 24: ...password protects the Switch against unauthorized access V Click on OK The Website of the Switch appears on the screen Note The changes you make in the dialogs are taken over by the Switch when you c...

Страница 25: ...on page 35 D Using the AutoConfiguration Adapter ACA Choose this method if you are replacing the Switch with a Switch of the same type and have already saved the configuration on an ACA see Loading fr...

Страница 26: ...on 82 You need a DHCP server with Option 82 for this The DHCP server assigns the configuration data to the Switch using its physical connection see System Configuration via DHCP Option 82 on page 46 I...

Страница 27: ...s block contact your Internet Service Provider Internet Service Providers should contact their local higher level organization D APNIC Asia Pacific Network Information Centre Asia Pacific Region D ARI...

Страница 28: ...the uniqueness of the IP addresses he assigns 2 1 2 Network mask Routers and gateways subdivide large networks into subnetworks The net work mask assigns the IP addresses of the individual devices to...

Страница 29: ...is applied 255 255 192 0 Decimal notation 11111111 11111111 11000000 00000000 Binary notation Subnetwork mask bits Class B 129 218 65 17 Decimal notation 10000001 11011010 01000001 00010001 binary not...

Страница 30: ...P address and also knows that the router Lorenzo knows the way to Juliet Romeo therefore puts his message in an envelope and writes Juliet s IP address as the destination address For the source addres...

Страница 31: ...th Romeo s IP address Opening the inner envelope and reading its contents corresponds to transferring the message to the higher protocol layers of the ISO OSI layer model Juliet would now like to send...

Страница 32: ...IP addresses If there is no terminal or PC with terminal emulation available in the vicinity of the installation location the IP parameters can also be entered in your wor king environment prior to ul...

Страница 33: ...Netzmaske Gateway and press the Enter key D Locale IP address On delivery the local IP address of the Switch is 0 0 0 0 D Network mask If your network has been divided up into subnetworks and if these...

Страница 34: ...tup config and then press the Enter key Confirm that you want to save the configuration by pressing y After entering the IP parameters you can easily configure the Switch via the Web based Interface s...

Страница 35: ...e CD sup plied with the Switch V To install it you start the installation program on the CD Note The installation of HiDiscovery involves installing the WinPcap Version 3 0 software package If an earl...

Страница 36: ...the two green dots in the tool bar to set the LEDs for the selected device flashing To Switch off the flashing click on the symbol again By double clicking a line you open a window in which you can e...

Страница 37: ...ACA enables a very simple configuration data transfer by means of a substitute Switch of the same type When you start the switch it checks for an ACA If it detects an ACA with a valid password and va...

Страница 38: ...art loading configuration data from ACA ACA vorhanden Ja Konfiguration vom ACA laden ACA LEDs blinken synchron Nein Passwort im Switch und ACA identisch Ja Nein Voreingestelltes Passwort im Switch Ja...

Страница 39: ...ation via the Web based Interface on page 47 or see in the CLI V Make the following data for the Switch available to the BOOTP server etc bootptab for BOOTP daemon bootpd gw gateways ha hardware addre...

Страница 40: ...ines The lines under global make the configuration of several devices easier With the template tc you allocate the global configuration data tc global The direct allocation of hardware address and IP...

Страница 41: ...process part 1 see note on page 54 2 DHCP or BOOTP Send DHCP BOOTP Requests Reply from DHCP BOOTP server Yes Yes Save IP parameter and config file URL locally initialize IP stack with IP parameters N...

Страница 42: ...the BOOTP DHCP process part 2 see note on page 54 Load transferred config file No Yes Load remote configuration from URL of DHCP No Yes Start tftp process with config file URL of DHCP tftp successful...

Страница 43: ...Interface On startup an Switch receives its configuration data according to the BOOTP DHCP process flow chart see Fig 13 The Switch sends its system name to the DHCP server The DHCP server can then a...

Страница 44: ...ichever one happens to be availa ble is assigned On delivery DHCP is enabled As long as DHCP is activated the Switch attempts to obtain an IP address If it cannot find a DHCP server after restarting i...

Страница 45: ...p client identifier 00 68 75 67 6f fixed address 149 218 112 83 server name 149 218 112 11 filename agent config dat Lines that start with a character are comment lines The lines preceding the individ...

Страница 46: ...being configured see System configuration via DHCP on page 43 Option 82 is based on the network topology This procedure gives you the option of always assigning the same IP address to any device which...

Страница 47: ...ters and VLAN ID and configure the HiDiscovery access Fig 16 Dialog network parameter V Under Modus you enter where the Switch is to obtain its IP parameters D In the BOOTP mode the configuration come...

Страница 48: ...the VLAN ID frame you can assign a VLAN to the Switch If you enter the illegal VLAN ID 0 here the agent can be accessed by all VLANs V The HiDiscovery protocol see Entering the IP parameters via HiDi...

Страница 49: ...e same type Faulty Device Replacement D First you can configure the new switch using an AutoConfiguration Adapter see Loading the system configuration from the ACA on page 37 or D Second you can confi...

Страница 50: ...Entering the IP parameters 50 2 9 Faulty Device Replacement Basic L3P Release 3 1 06 07...

Страница 51: ...ings such as the IB parameters and the port configuration in the temporary memory These settings are lost when you switch off or reboot the device The Switch enables you to D save settings from the te...

Страница 52: ...owing sources D the local non volatile memory D the AutoConfiguration Adapter If an ACA is connected to the Switch the Switch always loads its configuration from the ACA D a file in the connected netw...

Страница 53: ...ion Adapter If an ACA is connected to the Switch the Switch always loads its configura tion from the ACA For information on how to save a configuration file onto an ACA refer to Sa ving Locally and on...

Страница 54: ...ation The URL identifies the path to the tftp server from which the Switch loads the configuration file The URL is in the form tftp IP address of the tftp server path name file name e g tftp 149 218 1...

Страница 55: ...Fig 17 Dialog Load Save V Enter the enable command to change to the Priviledged EXEC mode V Enter the command copy tftp 149 218 112 159 switch config dat nv ram startup config if you want the switch...

Страница 56: ...very After restarting the IP address is also in the original delivery state Setting in the System Monitor V Select 5 Erase main configuration file This menu offers you the possibility to set the Switc...

Страница 57: ...t memory and the ACA V Select the Basics Load Save dialog V Click in the Save frame to Switch V Click Save configuration As a result the Switch saves the current configuration data into the local nonv...

Страница 58: ...s the configuration file The URL is written as follows tftp IP address of the tftp server path name file name e g tftp 149 218 112 5 switch config dat Note The configuration file contains all configur...

Страница 59: ...nt configuration data in a editable and readable file on your PC V Select the Basics Load Save dialog V Click in the Save frame to PC binary V Enter in the Save window the file name under which you wa...

Страница 60: ...Loading saving settings 60 3 2 Saving settings Basic L3P Release 3 1 06 07...

Страница 61: ...w sysinfo Switch to Privileged EXEC mode Display the system information Alarm None System Description Hirschmann Rails witch System Name RS 1F1054 System Location Hirschmann Rails witch System Contact...

Страница 62: ...are The Switch gives you three options for loading the software D From the ACA 21 USB out of band D Via tftp from a tftp server in band D Via a file selector window from your PC Note The existing conf...

Страница 63: ...or on page 16 V Select 2 and press the ENTER key to copy the software from the ACA 21 USB into the local memory of the Switch On concluding the update the System Monitor prompts you to press any key t...

Страница 64: ...o load the other software with the next reboot U Copy image to backup Select 2 to save a copy of the active software U Test stored images in flash memory Select 3 to test if the stored images of the s...

Страница 65: ...nd store selection Select 5 to apply and store the selection of the software U Cancel selection Select Sie 6 to cancel selection and leave this dialogue without changes 4 1 2 Starting the software Thi...

Страница 66: ...stored see tftp server for software updates on page 207 V Select the Basics Software dialog The URL identifies the path to the software stored on the tftp server The URL is in the format tftp IP addr...

Страница 67: ...the new software as follows Select the Basics Restart dialog und and perform a cold start V After booting the switch click Reload in your browser to re enable your access to the Switch enable copy tft...

Страница 68: ...e selection window select the Switch software switch bin and click on Open V Click Update to transfer the software to the Switch The end of the update is indicated by one of the following messages D U...

Страница 69: ...o connect U Selecting the Operation Mode In the state on delivery all ports are switched to the Automatic Configu ration mode V Select the Basics Port Configuration dialog V Select in the Port on colu...

Страница 70: ...y default Systempower for MS20 MS30 and Power MICE The Switch provides the rated system performance for the sum of all PoE ports plus a surplus Because the PoE media module gets its operating voltage...

Страница 71: ...ovides for all PoE ports together V Reserved Power displays the maximum power that the Switch provides to all the connected PoE devices together on the basis of their classification V Delivered Power...

Страница 72: ...Configuring ports 72 Basic L3P Release 3 1 06 07 Fig 20 Power over Ethernet dialog...

Страница 73: ...om unauthorized access The Switch provides you with the following functions for protecting against unauthorized access D Password for SNMP access D Setting the SSH Telnet Web Based access D Disabling...

Страница 74: ...ord with the entries in the MIB of the Switch see Management Information BASE MIB on page 220 If the password has the appropriate access right and if the IP address of the sending com puter has been e...

Страница 75: ...V The Web based Interface and the User Interface communicate via SNMP version 3 V Select Modify read only password to enter the read only password V Enter the new read only password in the line New p...

Страница 76: ...the Web in terface in order to access the Switch Note For security reasons the passwords are not displayed Make a note of every change You cannot access the Switch without a valid password Note For se...

Страница 77: ...SNMPv2 in the table you can determine which IP addresses are allowed to access the Switch and which kind of pass words are to be used The table allows up to 8 entries For security reasons the read pas...

Страница 78: ...ized access 78 6 1 Password for SNMP access Basic L3P Release 3 1 06 07 Fig 22 Dialog SNMPv1 v2 access V To create a new line in the table click Create entry V To delete an entry select the line in th...

Страница 79: ...t connection is not possible An existing Telnet connection remains Note The command line interface out of band and the Security Tel net Web Access dialog in the Web based Interface allow you to to act...

Страница 80: ...r access via SSH on page 212 You can deactivate the SSH server to prevent SSH access to the Switch The server is deactivated by default After the SSH server has been deactivated you will no longer be...

Страница 81: ...itch off the server to which you wish to disable access V Enter the command enable to switch to the privileged EXEC mode V Enter the command transport input telnet to switch on the telnet server V Ent...

Страница 82: ...iDiscovery protocol The HiDiscovery protocol see Entering the IP parameters via HiDiscovery on page 35 allows you to assign an IP address to the Switch on the basis of its MAC address HiDiscovery is a...

Страница 83: ...or limit access to read only V Enter the command enable to switch to the privileged EXEC mode V Enter the command network protocol hidiscovery off to switch off the HiDiscovery function V Enter the c...

Страница 84: ...ddress or his IP address D What should happen after an unauthorized access attempt The Switch can respond in three selectable ways to an unauthorized access attempt non no response trapOnly message by...

Страница 85: ...ws the MAC address of the device from which data was last received By pressing the left mouse button you can copy an entry from the Current MAC address column into the Allowed MAC address column V If...

Страница 86: ...This entry in the port configuration table is part of the configuration Loading saving settings on page 51 and is saved together with the configuration Note An alarm trap can only be sent if at least...

Страница 87: ...ation is carried out by the Authenticator in this case the Switch This authenticates or does not authenticate the supplicant the querying device e g a PC which means that it permits the access to the...

Страница 88: ...erning the autherization D The Switch evaluates the reply and allows access to the supplicant at this port or leaves the port in the blocked state 6 5 3 Preparing the switch for the 802 1X port authen...

Страница 89: ...u enter the character string which you get as a key from the administrator of your Radius server V With Primary server you name this server as the first server which the Switch should contact for port...

Страница 90: ...to 100 ACLs D 10 rules per ACLs D Up to 100 rules per interface D Up to 1000 rules on all interfaces together D Possible actions permit and deny in combination with permit assign queue and redirect D...

Страница 91: ...des between standard and extended IP based ACLs ACLs with an ID number ACL ID D 1 to 99 are standard IP based ACLs and D 100 to 199 are extended IP based ACLs Standard IP based ACLs provide the follow...

Страница 92: ...erse This means that if you want to mask an individual IP address you select the network mask 0 0 0 0 6 6 2 Description of MAC based ACLs While you identify IP based ACLs using an ID number you identi...

Страница 93: ...e MRP Ring you add the following rule to the ACLs PERMIT Source MAC ANY Destination MAC 01 15 4E 00 00 00 Destination MAC mask 00 00 00 00 00 03 CLI command in the Config mac access mode permit any 01...

Страница 94: ...10 0 1 158 Add to ACL 100 a further rule This permits data traffic from any IP source address to any IP desti nation address access list 110 permit ip 10 0 1 11 0 0 0 0 10 0 1 158 0 0 0 0 access list...

Страница 95: ...terface 2 3 ip access group 100 in exit Switch to the configuration mode Switch to the interface configuration mode for Interface 2 3 Attach ACL 100 to interface 2 3 for received data Switch to the co...

Страница 96: ...L ipx apple Add the rule deny IPX to the list Add the rule deny AppleTalk to the list Add the rule permit all other data to the list Switch to the configuration mode mac access group ipx apple in exit...

Страница 97: ...y precedence 3 assign queue 3 access list 102 permit ip any any precedence 4 assign queue 4 access list 102 permit ip any any precedence 7 assign queue 7 Create the extended ACL 102 with the first rul...

Страница 98: ...mit Match All FALSE Protocol 255 ip IP Precedence 1 Assign Queue 0 Rule Number 3 Action permit Match All FALSE Protocol 255 ip IP Precedence 2 More or q uit Assign Queue 1 Rule Number 4 Action permit...

Страница 99: ...L ID Sequence Number IP 100 1 IP 102 3 Example Extended ACL with prioritizing using the Simple Network Management protocol Layer 4 enable configure Switch to the privileged EXEC mode Switch to the con...

Страница 100: ...on mode for Interface 2 1 Attach ACL 104 to nterface 2 1 Switch to the configuration modes Switch to the privileged EXEC mode Display the ACLs attached to interface 2 1 for incoming data show access l...

Страница 101: ...Protection from unauthorized access Basic L3P Release 3 1 06 07 6 6 Access Control Lists ACL 101 show access lists interface 2 1 in ACL Type ACL ID Sequence Number IP 100 10 IP 104 20 IP 102 30...

Страница 102: ...Protection from unauthorized access 102 6 6 Access Control Lists ACL Basic L3P Release 3 1 06 07...

Страница 103: ...milliseconds the Simple Net work Time Protocol SNTP offers a low cost solution Accuracy depends on signal running time Areas of application of this protocol are log entries time stamping of production...

Страница 104: ...stem time uses IEEE 1588 SNTPtime allowing for the lo cal time difference from IEEE 1588 SNTPtime System time IEEE 1588 SNTPtime Local offset D Time Source displays the origin of the following time Th...

Страница 105: ...enable to switch to the privileged EXEC mode V Enter the command configure to change to the configuration mo de V Enter the command sntp time YYYY MM DD HH MM SS to set the Switch system time V Enter...

Страница 106: ...disposal The UTC is the time which is refe renced to Universal Time Coordinated The display is the same worldwide Local time differences are not taken into account The SNTP Client obtains the UTC from...

Страница 107: ...function on all devices whose time you want to set using SNTP V If you do not have a reference clock at your disposal use a Switch as the reference clock and set its system time as accurately as possi...

Страница 108: ...Status D The Status message displays conditions such as Server cannot be reached U Configuration SNTP Server V In Anycast destination address you enter the IP address to which the SNTP server on the...

Страница 109: ...x ternal server address 0 5 seconds after making a request Note If you are receiving the system time from an external redun dant server address you do not accept any SNTP broadcasts see below Otherwis...

Страница 110: ...218 112 3 Function on on on Anycast destination address 0 0 0 0 0 0 0 0 0 0 0 0 Server VLAN ID 1 1 1 Anycast send interval 120 120 120 Client External server address 149 218 112 0 149 218 112 1 149 2...

Страница 111: ...their accuracy An algorithm that measures the accuracy of the available clocks in the network determines the most accurate time for the grandmaster clock Stratum number Specification 0 For temporary...

Страница 112: ...nsideration in relationship to the reference clock Fig 28 Delay and jitter problems when synchronizing clocks To get around the delay and jitter in the protocol stack IEEE 1588 recom mends inserting a...

Страница 113: ...into the devices These clocks are synchronized on the one side of the signal path and on the other side of the signal path are used to synchronize the subsequent clocks ordinary clocks Fig 29 Boundar...

Страница 114: ...t applications V Draw a network plan showing all devices involved in PTP to get an overview of the distribution of the clocks Note Connect all connections you need to distribute PTP information to dev...

Страница 115: ...to apply to all ports U PTP Global V Select the Time PTP Global dialog V Switch on the function in the Operation IEEE 1588 PTP frame V If you have designated this Switch to be the PTP reference clock...

Страница 116: ...2 to the time received from an NTP server Thus the left Switch becomes the reference clock for the PTP synchronization and is the preferred master The preferred master forwards the exact time signal...

Страница 117: ...SNTP Operation On Off Off Off Server destination address 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Server VLAN ID 1 1 1 1 Client External Server address 10 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 Request interval 30 arbi...

Страница 118: ...rce If you want the switch to receive the system time using PTP enter the external server address 0 0 0 0 and do not accept any SNTP broadcasts when performing the SNTP client configuration If you wan...

Страница 119: ...ctive in all three switches ensuring that relative to each other the system times of the switches are synchronized precisely As the con nectable terminal devices in the example exclusively support SNT...

Страница 120: ...Synchronizing the System Time of the 120 7 4 Interaction PTP and SNTP Basic L3P Release 3 1 06 07...

Страница 121: ...l To optimize the data transmission the Switch provides you with the following functions for controlling the network load D Settings for directed frame forwarding MAC address filter D Multicast settin...

Страница 122: ...ic packet distribution 8 1 1 Store and forward All data received by the Switch is stored and its validity is checked Invalid and defective data packets 1 522 Bytes or CRC errors as well as frag ments...

Страница 123: ...sses Address entries which exceed a certain age 30 seconds aging time are deleted by the Switch from its address table The Switch floods data packets with an unknown target address The Switch transmit...

Страница 124: ...red in the filter table Forwarding Database FDB The table has three parts a static part and two dynamic parts D The management administrator describes the static part of the filter table dot1qStaticTa...

Страница 125: ...s whose destination addresses are not in the table are sent from the receiving port to all other ports In the Create static entry dialog you can set up new filters The following status settings are po...

Страница 126: ...ts with a Multicast address to all the ports This leads to an increased bandwidth re quirement Protocols such as GMRP and processes such as IGMP Snooping enable the Switches to exchange information by...

Страница 127: ...camera sends its image data with a multicast address over the network To prevent the many images from slowing down the entire network the Switch uses the GMRP to distribute multicast address informat...

Страница 128: ...f a Leave message from IGMP version 2 and they do not transmit any more Report messages In IGMP versions 1 and 2 the router removes the routing table entry if it does not receive any Report messages w...

Страница 129: ...he ports Therefore the connected Switches know that they have to send this multicast address to this Switch The GMRP enables packets with a multicast address in the target address field to be sent to...

Страница 130: ...Con trol Block 224 0 0 0 224 0 0 255 This can have an effect on the higher level routing protocol U IGMP on per port This table column enables you to switch on off the IGMP for each port when the glob...

Страница 131: ...on the entire network D With the selective setting GMRP default setting forward all un registered groups the switch sends to this port all data packets with a multicast address in the target address...

Страница 132: ...Traffic control 132 8 2 Multicast application Basic L3P Release 3 1 06 07 Fig 35 IGMP dialog...

Страница 133: ...the Switch will discard the excessive data on this port A global setting activates deactivates the rate limiter function at all ports 8 3 2 Setting Rate Limiter for MACH 4000 and Power MICE V Select...

Страница 134: ...frame D 0 no ingress limit at this port D 0 maximum inbound traffic rate in kbit s that is allowed to be received by and forwarded from this port D Egress Limiter for broadcast packets D 0 no rate lim...

Страница 135: ...the VLAN tag when the receiving port was configured to trust dot1p D the QoS information ToS DiffServ contained in the IP header when the receiving port was configured to trust ip dscp in the MACH 40...

Страница 136: ...ation but no VLAN information VLAN ID 0 are known as Priority Tagged Frames Note Network logs and redundancy mechanisms use the highest priority classes 3 RS20 30 40 MS20 30 MACH 1000 OCTOPUS and 7 Po...

Страница 137: ...Octets Pream ble Field Start Fram e Delim iter Field Destination Address Field Source Address Field Tag Field Data Field Length Type Field Data Field Pad Field Fram e Check Sequence Field 42 1500 Octe...

Страница 138: ...s D The additional 4 byte VLAN tag enlarges the data packets With small data packets this leads to a larger bandwidth load D End to end prioritizing requires the transfer of the VLAN tags in the entir...

Страница 139: ...here was no need to use the ToS field Only with the real time requirements of today s networks has the ToS field become significant again Selecting the ToS byte of the IP header enables you to differe...

Страница 140: ...n contrast to the ToS byte DiffServ uses six bits for the division into classes This results in up to 64 different service classes Fig 40 Differentiated Services field in the IP header The different D...

Страница 141: ...lash Override 100 CS4 100000 Flash 011 CS3 011000 Immediate 010 CS2 010000 Priority 001 CS1 001000 Routine 000 CS0 000000 Table 10 Assigning the IP precedence values to the DSCP value DSCP Value DSCP...

Страница 142: ...t D no trust The Switch does not trust the priority information in the packet and always assigns the packets the port priority of the receiving port D trust ip dscp MACH 4002 24G 48G The Switch assign...

Страница 143: ...nsures that high priority data is sent immediately U Description of Weighted Fair Queuing With Weighted Fair Queuing also known as Weighted Round Robin WRR the user can assign every priority class a m...

Страница 144: ...the Switch ignores the bandwidths guaranteed for Weighted Fair Queuing 8 4 6 Setting Prioritization V Select the Basics Port Configuration dialog V In the Port Priority column you can specify the prio...

Страница 145: ...ent show classofservice dot1p mapping User Priority Traffic Class 0 4 1 4 2 1 3 3 4 4 5 5 6 6 7 7 Always assigning the port priority to received data packets enable configure interface 1 1 no classofs...

Страница 146: ...ping IP DSCP Traffic Class 0 be cs0 2 1 2 48 cs6 5 Always assigning the DSCP priority to received data packets MACH 4002 24G 48G enable configure classofservice ip dscp map ping cs6 5 Switch to the pr...

Страница 147: ...smits all the data packets with a high priority you can enter the weighting 0 for the Strict Priority priority classes and distribute 100 among the remaining priority classes The Switch distributes th...

Страница 148: ...ch to the interface configuration mode for Interface 1 2 Restrict the maximum bandwith of Interface 1 2 to 50 Switch to the configuration mode Switch to the privileged EXEC mode Display the configurat...

Страница 149: ...large amount of data to Workstation 4 The combined bandwidth of Workstations 1 2 and 3 is larger than the bandwidth of Workstation 4 to the Switch This leads to an overflow of the send queue of Port 4...

Страница 150: ...ween Work station 2 and the Switch Before the send queue of Port 2 overflows the Switch sends data so that workstation 2 detects a collision and thus interrupts the transmis sion 8 5 2 Setting flow co...

Страница 151: ...VLANs A virtual LAN VLAN consists of a group of network participants in one or more network segments who can communicate with each other as if they be longed to the same LAN Fig 42 Example of a VLAN M...

Страница 152: ...tag see fig 38 to 4094 Key words often used in association with VLANs are U Ingress Rule The ingress rules stipulate how incoming data is to be handled by the Switch U Egress Rule The egress rules st...

Страница 153: ...the ports of a VLAN which send data packets without a tag Every VLAN has an untagged set U GARP Generic Attribute Registration Protocol GARP is a general protocol for transporting attributes It descri...

Страница 154: ...te For Power MICE and MACH 4000 In transparent mode the devices ignore the VLAN tags when they receive data Set the VLAN membership of the ports of all VLANs to un tagged Note When configuring the VLA...

Страница 155: ...D Power MICE D MS 20 MS 30 D MACH 1000 D MACH 3000 from Rel 3 3 D MACH 4000 D OCTOPUS Note In the HIPER Ring configuration select for the ring ports VLAN ID 1 and Ingress Filtering disabled in the po...

Страница 156: ...a GVRP U a member of the VLAN packet is transmitted without tag V After setting up VLANs you specify the rules for received data in the VLAN Port table port D Port VLAN ID specifies to which VLAN a re...

Страница 157: ...ent table displays all locally configured VLANs and VLANs configured by GVRP V Select the Switching VLAN Global dialog The Delete button in the VLAN global dialog allows you to restore all the default...

Страница 158: ...ple VLAN The following example provides a quick insight into configuring a VLAN that is commonly found in practice The configuration is explained step by step Fig 43 Example of a VLAN 149 218 112 208...

Страница 159: ...Traffic control Basic L3P Release 3 1 06 07 8 6 VLANs 159 Fig 44 Creating a VLAN Fig 45 Entering a VLAN ID V Repeat the steps Creating a VLAN and Entering a VLAN ID for all VLANs...

Страница 160: ...Traffic control 160 8 6 VLANs Basic L3P Release 3 1 06 07 Fig 46 Assigning a VLAN any name and saving it...

Страница 161: ...ned to the terminal devices of the yellow VLAN and ports 2 1 to 2 4 to the terminal devices of the green VLAN As termi nal devices normally do not sent data packets with a tag the setting U must be se...

Страница 162: ...Traffic control 162 8 6 VLANs Basic L3P Release 3 1 06 07 Fig 48 Saving the VLAN configuration...

Страница 163: ...g you select the admitAll setting here Port 1 4 serves as an uplink port to the next Switch It belongs to the brown VLAN and is thus given the VLAN ID 1 Because terminal devices usually do not send da...

Страница 164: ...Traffic control 164 8 6 VLANs Basic L3P Release 3 1 06 07 Fig 50 Globally activating GVRP Fig 51 Saving the configuration to non volatile memory...

Страница 165: ...owing diagnostic tools for the function diagnosis D Sending traps D Monitoring Device Status D Out of band signaling via signal contact D Port status indication D Event counter on port level D SFP sta...

Страница 166: ...tations at regular intervals Traps make it possible to react quickly to critical situations Examples of such events are D a hardware reset D changing the basic device configuration D segmentation of a...

Страница 167: ...hold fallingAlarm is sent if an RMON alarm input falls below the lower threshold hmPortSecurityTrap is sent if a MAC address is detected at the port which does not correspond to the current settings o...

Страница 168: ...you to specify which events trigger an alarm trap and to whom these alarms should be sent V In the IP Address column enter the IP address of a network management station to which the traps should be s...

Страница 169: ...ed access attempt see the Access for IP Addresses und Port Security dialog Cold Start The Switch has been switched off Link Down At one port of the Switch the link to the device connected there has be...

Страница 170: ...ith the SNTP A media module has been added or removed The AutoConfiguration Adapter ACA has been inserted or removed The value exceeded fell below the temperature threshold Redundancy The status of th...

Страница 171: ...the failure of at least one of the two supply voltages or a permanent fault in the Switch internal supply voltage D The temperature threshold has been exceeded or has not been reached D Removing a mo...

Страница 172: ...V Select in the frame Monitoring correct operation the events which you want to have monitored V For temperature monitoring set in the Basics System dialog at the end of the system data the temperatu...

Страница 173: ...ic L3P Release 3 1 06 07 9 2 Monitoring Device Status 173 V Select the Basics System dialog Fig 53 Device Status display Time of the oldest existing alarm Cause of the oldest existing alarm Symbol ind...

Страница 174: ...atus can be masked by the management for each port see Displaying connection error messages on page 70 Link status is not monitored in the delivery condition D HIPER Ring event the loss of redundancy...

Страница 175: ...iagnostics Signal Contact 1 2 dialog V Select Manual setting in the Mode Signal Contact frame to switch the contact manually V Select Opened in the Manual setting frame to open the contact V Select Cl...

Страница 176: ...ng correct operation in the frame Mode Signal con tact to use the contact for function monitoring V Select in the frame Monitoring correct operation the events which you want to have monitored V For t...

Страница 177: ...ption enables you like in the function monitoring to monitor the device status see Monitoring Device Status on page 171 via the signal contact Fig 54 Signal contact dialog Display signal contact statu...

Страница 178: ...the Switch with the current configuration The symbols underneath the device view represent the status of the individu al ports Abb 55 Eaxample for a device view Meaning of the symbols The port 10 100...

Страница 179: ...Operation Diagnostics Basic L3P Release 3 1 06 07 9 4 Port status indication 179 The port is in autonegotiation mode...

Страница 180: ...received Counter Possible Problems Received Fragments The controller of the connected device is faulty Electromagnetic interference is injected into transfer medium CRC error The controller of the co...

Страница 181: ...Operation Diagnostics Basic L3P Release 3 1 06 07 9 5 Event counter on port level 181 Fig 56 Port statistic table...

Страница 182: ...displayed you can view the current connection to the SFP modules and their properties The properties include D module type D support provided in the media module D temperature in degrees Celsius D tr...

Страница 183: ...nce row contains the distance of the port from the cable error Prerequisites for a proper cable diagnosis D 1000BASE T port is connected via an 8 core cable with a 1000BASE T port or D 10BASE T 100BAS...

Страница 184: ...e LLDP activated The connection information contains as its most significant element the precise and unique ID of a connection endpoint MSAP MAC Service Access Point This is composed of the MAC addres...

Страница 185: ...ut LLDP support drop the LLDP packets Consequently a non LLDP capable device between two LLDP capable devices prevents the exchange of LLDP infor mation To avoid this Hirschmann Switch send additional...

Страница 186: ...s you the possibility to switch on off the function for topology discovery LLDP The topology table shows you the selected information to neighbour devices The option View LLDP entries exclusively allo...

Страница 187: ...discovery function are connected to a port the topology table hides the devices without ac tive topology discovery If D only devices without active topology discovery are connected to a port the tabl...

Страница 188: ...n has been made to a network or after an IP address has been configured the switch checks immediately if the IP address already exists within the network If the IP address already exists the switch wi...

Страница 189: ...ee Tab 16 on page 188 V Select the dialog Diagnostics IP Address Conflict Detection V This dialog logs the IP address conflicts which the Switch detects if it detects a conflict with its IP address Fo...

Страница 190: ...Operation Diagnostics 190 9 9 IP Address Conflict Detection Basic L3P Release 3 1 06 07 Fig 59 IP address conflict detection...

Страница 191: ...a data sheet in the XML format that has been standardized by IAONA Industrial Automation Open Networking Alliance Among other data it contains security related information on the accessible ports and...

Страница 192: ...1 159 514 3 logging syslog ex show logging hosts Switch to the privilege EXEC mode Switch to the configuration mode Select the receiver of the log message and its port 514 The 3 indicates the importan...

Страница 193: ...connected to the destination port such as an RMON probe can thus observe the data traffic at the source port The destination port forwards data to be sent and blocks received data Fig 60 Port Mirrori...

Страница 194: ...ase 3 1 06 07 V Select enabled to enable the function The Delete button in the dialog allows you to restore all the default port mirroring settings state on delivery Note In active port mirroring the...

Страница 195: ...Setting up the configuration Basic L3P Release 3 1 06 07 195 Apendix A Setting up the configuration environment...

Страница 196: ...and then decide whether you want to purchase a license V To install the DHCP server on your PC insert the CD ROM into the CD drive of your PC and under Additional Software select haneWIN DHCP Server T...

Страница 197: ...he menu bar Options Preferences and select the DHCP tab page Enter the settings shown in the illustration and click on OK Fig 63 DHCP setting V To enter the configuration profiles select manage in the...

Страница 198: ...7 V Enter the network mask and click on Accept Fig 65 Network mask in the configuration profile V Select the Boot tab page V Enter the IP address of your tftp server V Enter the path and the file name...

Страница 199: ...device type If devices of the same type have different configurations then you add a profile for each configuration To complete the addition of the configuration profiles click on OK Fig 67 Managing...

Страница 200: ...erver Basic L3P Release 3 1 06 07 V Click on New Fig 69 Adding static addresses V Enter the MAC address of the switch V Enter the IP address of the switch V Select the configuration profile of the swi...

Страница 201: ...ting up the configuration Basic L3P Release 3 1 06 07 A 1 Setting up DHCP BOOTP Server 201 V Add an entry for each device that will get its parameters from the DHCP server Fig 71 DHCP server with entr...

Страница 202: ...on and then decide whether you want to purchase a license V To install the DHCP server on your PC insert the CD ROM into the CD drive of your PC and under Additional Software select haneWIN DHCP Serve...

Страница 203: ...rver Option 82 203 V Select static Fig 73 Static address input V Open the window for the program settings in the menu bar Options Preferences and select the DHCP tab page V Select the DHCP tab page En...

Страница 204: ...2 Setting up DHCP Server Option 82 Basic L3P Release 3 1 06 07 V To enter the static addresses click on Add Fig 75 Adding static addresses V Select Circuit Identifier and Remote Identifier Fig 76 Def...

Страница 205: ...smmpprirlxxxxxxxxxxxx D ci sub identifier for the type of the circuit ID D cl length of the circuit ID D hh Hirschmann identifier 01 if a Hirschmann switch is connected to the port otherwise 00 D vvvv...

Страница 206: ...etting up DHCP Server Option 82 Basic L3P Release 3 1 06 07 Fig 78 Application example of using Option 82 PLC Switch Option 82 IP 149 218 112 100 IP 149 218 112 100 MAC address 00 80 63 10 9a d7 DHCP...

Страница 207: ...ou having to configure the tftp server The Switch requires the following information to be able to make a software update from the tftp server D its own IP address entered permanently D the IP address...

Страница 208: ...t check whether the tftp daemon background process is running i e whether the file etc inetd conf contains the following line see Fig 79 and whether the status of this process is IW SunOS tftp dgram u...

Страница 209: ...h it is actually running Special steps for HP workstations V During installation on an HP workstation enter the user tftp in the etc passwd file For example tftp 510 20 tftp server usr tftpdir bin fal...

Страница 210: ...the file etc inetd conf No Delete the comment character from this line Yes Re initialize inetd conf by entering kill 1 PID Is tftp commented out tftp dgram udp wait root usr etc in tftpd in tftpd tft...

Страница 211: ...tch software has been installed the tftp server should have the following directory structure with the stated access rights d directory r read w write x execute 1st position designates d directory 2nd...

Страница 212: ...is located on the product CD V Start the program by double clicking V In the main window of the program within the Parameter frame select the type SSH 1 RSA V In the Actions frame click Generate Move...

Страница 213: ...07 A 4 Preparing for access via SSH 213 Fig 80 PuTTY key generator The OpenSSH Suite offers experienced network administrators a further option of generating the key To generate the key enter the fol...

Страница 214: ...he command no ip ssh deactivate the SSH function on the Switch before you transfer the key to the Switch V With the command copy tftp 149 218 112 159 switch rsa1 key nvram sshkey rsa1 the Switch loads...

Страница 215: ...nnection to your Switch It may take up to a minute to set up a connection depending on the Switch and the time at which SSH was configured Shortly before the connection is setup PuTTY will display a s...

Страница 216: ...in the Category frame before you set up a connection in PuTTY In the Encryption options frame select DES and then click Up until Des is above the line warn below here In the Category frame go back to...

Страница 217: ...General Information Basic L3P Release 3 1 06 07 217 Appendix B General Information...

Страница 218: ...ion with its comprehensive spectrum of innovative services D Consulting incorporates comprehensive technical advice from system evaluation through network planning to project planning D Training offer...

Страница 219: ...can be found at the Hirschmann Website www hirschmann com Under Products Support inside Automation and Network Soluti ons is located on the pages Products the area FAQ For detailed information on all...

Страница 220: ...ject ID OID identifies the object class The subidentifier SID is used for instantiation Example The generic object class hmPSState OID 1 3 6 1 4 1 248 14 1 2 1 3 is the description of the abstract inf...

Страница 221: ...decimal number in accordance with ISO IEC 8802 3 Object Identifier x x x x e g 1 3 6 1 1 4 1 248 Octet String ASCII character string PSID Power Supply Identification number of the power supply unit Ti...

Страница 222: ...MIB can be found on the CD ROM that is included with the device 1 internet 1 iso 3 org 6 dod 2 mgmt 1 enterprises 248 hirschmann 4 private 3 modules 10 Framework 6 snmp V2 1 mib 2 4 ip 2 interfaces 1...

Страница 223: ...anagement Protocol IP Internet Protocoll LED Light Emitting Diode LLDP Link Layer Discovery Protocoll LWL Lichtwellenleiter MAC Media Access Control NTP Network Time Protocol PC Personal Computer PTP...

Страница 224: ...ed SNMP v2 D RFC 1905 Protocol Operations for SNMP v2 D RFC 1906 Transport Mappings for SNMP v2 D RFC 1907 Management Information Base for SNMP v2 D RFC 1908 Coexistence between SNMP v1 and SNMP v2 D...

Страница 225: ...2 D RFC 2580 Conformance statements for SMI v2 D RFC 2613 SMON D RFC 2618 RADIUS Authentication Client MIB D RFC 2620 RADIUS Accounting MIB D RFC 2674 Dot1p Q D RFC 2818 HTTP over TLS D RFC 2851 Inter...

Страница 226: ...AC bridges includes IEEE 802 1p Priority and Dynamic Multi cast Filtering GARP GMRP D IEEE 802 1 Q 1998 Virtual Bridged Local Area Networks VLAN Tagging Port Based VLANs GVRP D IEEE 802 1 w 2001 Rapid...

Страница 227: ...of VLANs max 256 simultaneously per switch max 256 simultaneously per port Number of VLANs with GMRP in VLAN 1 max 256 simultaneously per switch in VLAN 1 max 256 simultaneously per port U Access Cont...

Страница 228: ...the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies...

Страница 229: ...that will ensure trouble free operation Your comments and suggestions help us to further improve the quality of our documentation Your assessment of this manual excellent good satisfactory mediocre p...

Страница 230: ...l information General comments Company Department Name Telephone number Street Zip code City Date Signature Dear User Please fill out and return this page by fax to the number 49 0 7127 14 1798 or by...

Страница 231: ...ata 39 46 54 57 Configuration modifications 166 Coupling 170 D Destination address 124 125 Destination address field 122 Destination port 193 Device state 171 DHCP 25 33 DHCP client 43 DHCP Option 82...

Страница 232: ...ID 220 Option 82 26 46 202 Ordinary clock 113 Overload protection 149 P Password 20 74 75 PHB 140 PHY layer 112 Polling 166 Port Configuration 69 Port Mirroring 193 Port priority 145 Port Security 86...

Страница 233: ...gy 46 ToS 135 139 140 TP cable diagnosis 183 Traffic classes 135 Traffic Shaping 144 147 Transmission security 166 Trap 85 166 168 Trap destination table 166 Trivial File Transfer Protocol 207 trust d...

Страница 234: ...Index 234 Basic L3P Release 3 1 06 07...

Страница 235: ......

Страница 236: ......

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды