manualshive.com logo in svg

STRIDE SE-MC2U-SC, Руководство пользователя

Поделиться
Скачать
STRIDE SE-MC2U-SC Скачать руководство пользователя страница 142

•   Cipher:

 The cipher used to encrypt proposal exchanges.  You must choose a cipher.

•   Hash:

 The hash used to authenticate proposal exchanges.  You must choose a hash algorithm.

•  DH Group:

 The Diffie-Hellman group used for exponentiations.  Larger groups should be more 

secure, but may take so long to compute that completing negotiation becomes impossible due to 

timeouts, preventing connectivity to the switch management interface.  This should generally be set 

to the same value on both peers in a connection.

IKE Phase 2 Policies: 

 This section, together with IKE Phase 2 Algorithms is used to 

configure the parameters used to establish Security Associations between peers once they have 

authenticated each other in phase 1.
The policy to use is selected using the source and destination selectors from the Security 

Policy Database entry or the ID payload from the received IKE packet which triggered the 

negotiation. The match for any values other than “anonymous” must be exact.

•   Source:

  The source address to match against. The address specified should exactly match the 

Destination address field in a phase 2 policy on the peer, unless either value is “anonymous”. The 

value “anonymous” matches sources not handled by other rules.

•   Destination:

 The destination address to match against.  The address specified should exactly match 

the Source address field in a phase 2 policy on the peer, unless either value is “anonymous”.  The 

value “anonymous” matches the destinations not handled by other rules.

•  PFS Group:

 The Diffie-Hellman exponentiation group used for Perfect Forward Secrecy.  This 

may be disabled if not required, but any proposal suggesting it will still be accepted.  Larger groups 

may require an excessive amount of processing time during negotiation, causing timeouts.

IKE Phase 2 Algorithms: 

 This section is used to configure the algorithms which may be used 

for phase 2.  The exact algorithms chosen will be an intersection between the sets specified 

here and on a peer.
You must enable at least one algorithm from each category (cipher, hash, and compression), 

even if the switch’s IPsec policies do not require one of the given protocols to be used.
The default values should be compatible with most installations.

AES (default = Enabled) 

Cipher

3DES (default = Enabled) 

Cipher

SHA1 (default = Enabled)

 Hash

SHA256 (default = Enabled)

 Hash

MD5 (default = Disabled) 

Hash MD5 is known to be insecure and is included only for compatibility 

with old implementations.

Deflate (default = Enabled) 

Compression

4-58

Chapter 4 - Managed Switch Software Setup

Stride Industrial Ethernet Switches User Manual         2nd Ed. Rev. A

Содержание SE-MC2U-SC

Страница 1: ...Manual Number SE USER M Industrial Ethernet Switches and Media Converters USER MANUAL...

Страница 2: ......

Страница 3: ...in hazardous environments requiring fail safe performance such as in the operation of nuclear facilities aircraft navigation or communication systems air traffic control direct life support machines...

Страница 4: ...vida o sistemas de armamentos en las cuales la falla del producto puede resultar directamente en muerte heridas personales o da os f sicos o ambientales severos Actividades de Alto Riesgo AutomationD...

Страница 5: ...n cessitant une s curit absolue par exemple l exploitation d installations nucl aires les syst mes de navigation a rienne ou de communication le contr le de la circulation a rienne les quipements de...

Страница 6: ......

Страница 7: ...ssue Date 10 17 Publication History Issue Date Description of Changes 1st Edition 11 07 Original issue Rev A 01 08 Corrected table on page 4 Rev B 04 09 Added high temp WT models Rev C 07 11 Added SC...

Страница 8: ......

Страница 9: ...Wiring 1 27 Technical Specifications 1 31 Chapter 2 Managed Switch Quick Start 2 1 Connecting to the Switch for the first time 2 2 Connecting to the switch over Ethernet 2 2 Setting up PC for USB conn...

Страница 10: ...ummary 3 14 Chapter 4 Managed Switch Software Setup 4 1 Main Settings 4 2 System Settings 4 2 Remote Access Security 4 4 Port Settings 4 6 Port Mirroring 4 8 Set IP per Port 4 9 Switch Time Settings 4...

Страница 11: ...s 4 52 IPsec Settings 4 54 IKE Policy 4 57 IKE Pre shared Keys 4 59 IKE Certificates 4 60 Monitoring Settings 4 62 Alarm OK Output 4 62 Modbus 4 63 Register Mapping 4 64 SNMP Notifications 4 65 Chapte...

Страница 12: ...Appendix D CLI Commands D 1 Introduction D 2 Accessing the CLI D 2 CLI Commands D 3 Global Commands D 3 Access Configuration D 3 Alarm Configuration D 4 Modbus Configuration D 4 Info Configuration D...

Страница 13: ...ry E 2 libpcap Software E 3 lighttpd Software E 3 spawn fcgi Software E 4 ipsec tools Software E 4 net snmp Software E 6 FastCGI Library E 11 watchdog Software E 12 GPLv2 General Public License v2 E 1...

Страница 14: ......

Страница 15: ...onventions Used 1 2 Product Overview 1 3 Managed Switch Accessories 1 5 General Information 1 6 LED Indicators 1 9 Installation Plastic Case Switches 1 11 Installation Metal Case Switches 1 12 Power a...

Страница 16: ...to answer your questions They are available Monday through Friday from 9 00 A M to 6 00 P M Eastern Time We also encourage you to visit our web site where you can find technical and non technical inf...

Страница 17: ...ptic Port ST or SC type multimode fiber connector for links up to 4km Redundant power inputs with surge and spike protection Auto crossover 35 mm DIN rail mounting Supports store forward wire speed sw...

Страница 18: ...de 100BaseFX fiber ports ST or SC type multimode fiber connector for links up to 4km Redundant power inputs with surge and spike protection auto crossover 35 mm DIN rail mounting Supports Store and Fo...

Страница 19: ...e SFP Multi Source Agreement compliant 1 0625Gbps Fibre Channel FC PI 100 M5 SN I compliant 1 0625Gbps Fibre Channel FC PI 100 M6 SN I compliant 1 25Gbps IEEE802 3z 1000Base SX compliant 1 25Gbps IEEE...

Страница 20: ...nefits of this are increased bandwidth and speed reduction or elimination of message collisions and deterministic performance when tied with real time systems These industrial Ethernet switches can su...

Страница 21: ...ge Marine maritime and offshore These devices when installed in an appropriately IP rated enclosure Comply with DNV No 2 4 and equivalent Lloyds and ABS standards For marine and maritime compliance do...

Страница 22: ...e with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause...

Страница 23: ...nDirect for support Power LED On unmanaged models there is one power LED that is ON if either power input P1 or P2 has power applied to it On the managed models there are two Power LEDs that indicate...

Страница 24: ...r Ethernet device Make sure the cable has been plugged securely into the ports at both ends OK LED Managed Models This LED indicates the status of the power inputs There is an output screw terminal th...

Страница 25: ...follow for proper mounting NOTE Make sure to allow enough room to route your Ethernet copper or fiber optic cables DIN Rail Mounting DIN rail mounting steps 1 Hook top back of unit over the DIN rail 2...

Страница 26: ...efer to the mechanical drawings that follow for proper mounting NOTE Make sure to allow enough room to route your Ethernet copper or fiber optic cables DIN Rail Mounting DIN rail mounting steps 1 Hook...

Страница 27: ...o remove excess heat from the product and its components This technique effectively utilizes the heavy gauge all aluminum case as a large heat sink Therefore the case may be warm during operation espe...

Страница 28: ...nting to a flat surface 1 98 50 3 3 26 82 8 0 06 1 5 0 40 10 2 1 98 50 3 Snaps to standard 35 mm x 7 5 mm height DIN rail EN50022 Removable Screw Block Phoenix p n 1757035 SE SW5U ST SE SW5U SC SE SW9...

Страница 29: ...anel mounting to a flat surface 3 26 82 8 0 06 1 5 0 40 10 2 Snaps to standard 35 mm x 7 5 mm height DIN rail EN50022 4 35 110 5 1 98 50 3 1 98 50 3 1 01 25 7 1 01 25 7 Snaps to standard 35 mm x 7 5 m...

Страница 30: ...1 0 40 10 2 Dia 0 175 4 4 Use for direct panel mounting to a flat surface with up to 8 screw 0 175 4 4 4 50 114 3 4 00 101 6 0 30 7 6 1 10 27 9 4 35 110 5 Removable for direct panel mounting 1 50 3 8...

Страница 31: ...Stride Industrial Ethernet Switches User Manual 2nd Ed Rev B Chapter 1 Hardware Mechanical Dimensions for 5 Port Managed Model Inches mm 1 17 SE SW5M...

Страница 32: ...Mechanical Dimensions for 5 Port Managed Models with Fiber Inches mm SE SW5M 2ST and SE SW5M 2SC 1 18 Chapter 1 Hardware Stride Industrial Ethernet Switches User Manual 2nd Ed Rev B...

Страница 33: ...Mechanical Dimensions for 8 Port Managed Model Inches mm SE SW8M 1 19 Chapter 1 Hardware Stride Industrial Ethernet Switches User Manual 2nd Ed Rev B...

Страница 34: ...Mechanical Dimensions for 8 Port Managed Models with Fiber Inches mm SE SW8M 2ST and SE SW8M 2SC 1 20 Chapter 1 Hardware Stride Industrial Ethernet Switches User Manual 2nd Ed Rev B...

Страница 35: ...Mechanical Dimensions for 8 Port Managed Gigabit Switch with Four SFP Ports Inches mm SE SW8MG 4P 1 21 Chapter 1 Hardware Stride Industrial Ethernet Switches User Manual 2nd Ed Rev B...

Страница 36: ...Mechanical Dimensions for 10 Port Managed Gigabit Switch with Two SFP Ports Inches mm SE SW10MG 2P 1 22 Chapter 1 Hardware Stride Industrial Ethernet Switches User Manual 2nd Ed Rev B...

Страница 37: ...Mechanical Dimensions for 16 Port Managed Model Inches mm SE SW16M 1 23 Chapter 1 Hardware Stride Industrial Ethernet Switches User Manual 2nd Ed Rev B...

Страница 38: ...anical Dimensions for SFP Transceiver Modules Inches mm Chapter 1 Hardware Stride Industrial Ethernet Switches User Manual 2nd Ed Rev B SFP 4K FMF SFP 30K FSF SFP 500 GMF SFP 2K GMF SFP 10K GSF and SF...

Страница 39: ...reful to tighten to a max torque of 5 lb in 0 57 Nm Wire size should be between 24 AWG and 12 AWG Before performing any wiring to these switches make sure The area is currently nonhazardous especially...

Страница 40: ...plies Chassis GND panel OK P1 P2 Alarm Output Load opt Alarm Output Load opt SE SW8MG 4P P2 P1 One DC Supply Chassis GND panel OK Chassis GND panel Single DC Power Redundant DC Power Dual DC Supplies...

Страница 41: ...e products are metallic and connected to the Chassis GND terminal Therefore shielded cables may be used to provide further protection To prevent ground loops the cable shield should be tied to the met...

Страница 42: ...fer to the technical specifications for details For each fiber port there is a transmit TX and receive RX signal When making your fiber optic connections make sure that the transmit TX port of the swi...

Страница 43: ...are made check the LEDs corresponding to the ports that each of the devices are connected to Ensure that for each port that is in use the LED is on or blinking If a port LED is off go back and check f...

Страница 44: ...A type plug goes into a standard USB port on a computer The mini USB plug goes into the USB port on the switch The USB driver is available for download at automationdirect com NOTE The RS 232 and or U...

Страница 45: ...ldbus HSE and others Standards depends on model IEEE 802 3 802 3u 802 3ab z 802 3x 802 1D w 802 1p 802 1Q and others Management Interfaces managed models only Web text Telnet SSH CLI command line inte...

Страница 46: ...sover Yes allows you to use straight through or crossover wired cables Auto sensing operation Yes Full and half duplex Auto negotiating Yes 10BaseT and 100BaseT Auto polarity Yes on the TD and RD pair...

Страница 47: ...nsceivers Note 100 Mbps fiber transceiver modules are also supported on these ports Ethernet Compliance 1000BaseT and 1000BaseF SX LX LH Eye safety IEC 60825 1 Class 1 FDA 21 CFR 1040 10 and 1040 11 S...

Страница 48: ...C2U ST 2 0W SE SW5U 2 0W SE SW5U WT 2 0W SE SW5U SC 3 0W SE SW5U SC WT 3 0W SE SW5U ST 3 0W SE SW5U SC WT 3 0W SE SW8U 4 0W SE SW8U WT 4 0W SE SW9U SC 5 0W SE SW9U SC WT 5 0W SE SW9U ST 5 0W SE SW9U S...

Страница 49: ...H See mechanical drawings for details Environmental Storage Temperature Range 40 to 85 C 40 to 185 F Humidity non condensing 5 to 95 RH Electrical Safety UL508 CSA C22 EN61010 1 CE EMC emissions and i...

Страница 50: ......

Страница 51: ...over Ethernet 2 2 Setting up PC for USB connection to switch 2 7 PC to switch using Serial Port 2 8 USB and Serial connection to switch with Terminal Software Program 2 9 Default Setup 2 13 Why might...

Страница 52: ...nd subnet mask to access the web based switch configuration tool It is recommended that you connect your PC directly to the switch for the initial setup of the network settings An example IP address a...

Страница 53: ...that is connected to your switch and choose Properties 3 Scroll down and highlight the Internet Protocol Version 4 TCP IPv4 selection and click on the Properties button 4 Write down the current setti...

Страница 54: ...ork Connections window 6 Open up your web browser program such as Internet Explorer Mozilla Firefox or other and type in 192 168 0 1 in the URL line 7 Enter in admin for the User name and admin for th...

Страница 55: ...Stride Industrial Ethernet Switches User Manual 2nd Ed Rev B Chapter 2 Managed Switch Quick Start 8 Read the Software License Agreement and click the I Accept the License button 2 5...

Страница 56: ...network that the switch will go on or enable DHCP if that is the method you choose to assign the network settings Click on the Commit Changes button to enable the new settings NOTE Neither the Networ...

Страница 57: ...is method can be used to initially configure the switch settings It may also be needed if the switch has been previously configured and the network settings are unknown If the switch has been set to D...

Страница 58: ...rminal software tool PC to switch using Serial Port Serial Configuration Cable Switch RJ 45 Serial Port PC Serial Port 6 1 do not use 2 RXD 3 TXD 4 do not use 5 Signal GND 6 do not use 7 do not use 8...

Страница 59: ...be TeraTerm Any serial terminal software should work fine TeraTerm is free and can be downloaded from www teraterm org 1 Open the TeraTerm software and choose Serial and the COM port connected to the...

Страница 60: ...admin 5 Choose selection 4 for vt100 6 Highlight by using the up and down arrow keys on the PC keyboard the Quick Setup option and press Enter 7 To enable DHCP highlight the DHCP option and press Ent...

Страница 61: ...ubnet mask of 255 255 255 0 A 16 indicates a subnet mask of 255 255 0 0 and a 8 indicates a subnet mask of 255 0 0 0 Once the IP address and subnet mask have been configured press Enter Press the c ke...

Страница 62: ...r 2 Managed Switch Quick Start 11 Highlight the first option called System Information and press Enter 12 The IP address currently assigned to the switch will be shown here You are now able to use you...

Страница 63: ...Terminal Access SSH and telnet access Web Access Basic and secute SNMP access SNMP Firmware Loading Disabled Command Line Access Enabled Automatic Logout Disabled SNMP Read Only Name public No Passwo...

Страница 64: ...nt to Point Auto for all ports Real time Ring Settings Enable Off for all ports Ring Name Ring x x being port number Grayed out by default Primary Port none Backup Port none Ring Master Automatic Mast...

Страница 65: ...Settings PVID 1 Force Off for all ports Type Transparent for all ports Security Settings Remote Access Security Same settings as in Main Settings Port Security Enables Global Security Enable Off Port...

Страница 66: ...can apply tags to a packet coming into the switch to give that packet a higher priority going to another switch The last switch will then remove the tag before sending the packet to the device It can...

Страница 67: ...pon some network event is too slow The Real Time Ring is proprietary to the Stride managed switches but it has the advantage of changing paths very very quickly Security Network security has become a...

Страница 68: ...n be read from the switch to indicate the health of the network SNMP SNMP stands for Simple Network Management Protocol and is used for just that There are many software tools out there that can query...

Страница 69: ...rmation 3 2 Port and Power Status 3 4 Network Statistics 3 5 Spanning Tree Status 3 8 Real Time Ring Status 3 10 Multicast Filtering Status 3 11 IGMP Port Status 3 11 IGMP Group Status 3 12 MAC Table...

Страница 70: ...digits dashes and letters It is also available via SNMP as SYSTEM SYSNAME 0 Switch Location This field is configured by the user with the appropriate text for their application It is configured in the...

Страница 71: ...expands the number of addressing possibilities Instead of the standard 4 x 8 bit address format that is used IPv4 IPv6 uses 8 fields of 16 bit values separated by colons Each address display in hex fo...

Страница 72: ...ain Settings section If the negotiation settings have been set to Auto this tab will show what settings were negotiated between the switch and the attached device On this page the color highlighting t...

Страница 73: ...is port Multicast packets The number of multicast packets received into this port CRC Align errors The number of Ethernet packets received into this port with an invalid CRC Undersize packets The numb...

Страница 74: ...er like statistics provide information on possible hardware electrical and or noise problems on the network Alignment Errors These errors are more indicative of receiving the improper number of bits T...

Страница 75: ...it a frame 16 times if a collision is detected If the device is unsuccessful after 16 times it will give up and that frame will not be transmitted Internal MAC Transmit Errors This error occurs when f...

Страница 76: ...ed for The selections available are Spanning Tree Protocol Rapid Spanning Tree Protocol or None Designated root This field specifies which device is the Root switch and what the Bridge ID of that swit...

Страница 77: ...y of frames Frame relays are not performed to prevent the creation of temporary loops during the active topology of a changing bridged LAN In addition the forwarding process will discard all frames an...

Страница 78: ...dicates the ring is broken On the Port green indicates both ends of the link are connected and communicating Red indicates on side of the link is not connected or communicating For each ring configure...

Страница 79: ...are discussed in more detail in the Multicast Filtering IGMP configuration section Multicast suppression Displays the configured mode of Multicast suppression The three choices are None IP multicast g...

Страница 80: ...lticast group is active on Reporter Displays the IP address of the last host to report membership in this group on this port Hosts send IGMP reports to a switch or router for the purpose of having the...

Страница 81: ...ltered by the Filter Database ID FID Values that are applied as the devices are encountered no other significance to the value the port s of discovery or by all or part of the MAC address Please note...

Страница 82: ...of the switch The summary is generated in a print friendly format If an NTP Network Time Protocol server is configured the report will also report a timestamp To save these settings to a configuratio...

Страница 83: ...gs 4 14 Spanning Tree Settings 4 18 Spanning Tree Port Settings 4 21 Real Time Ring Settings 4 23 RSTP Examples 4 24 Traffic Priority Priority Queuing QoS CoS ToS DS 4 29 QoS CoS Settings 4 30 802 1p...

Страница 84: ...e Access Security 4 51 Port Security Enables and Port Security MAC Entries 4 52 IPsec Settings 4 54 IKE Policy 4 57 IKE Pre shared Keys 4 59 IKE Certificates 4 60 Monitoring Settings 4 62 Alarm OK Out...

Страница 85: ...This page intentionally left blank...

Страница 86: ...red with basic network settings including an IP address and subnet mask Refer to the quick start guide in Chapter 2 to learn how to initially access your switch To configure the switch for network acc...

Страница 87: ...A Domain Name System Server converts a name such as domainname org into an IP address that is usable in the Ethernet messaging Consult your network administrator for the proper DNS address for your n...

Страница 88: ...d Non secure access via telnet Non secure access via telnet protocol Remote access is possible through this protocol although all information being transacted between server and client will be sent as...

Страница 89: ...e fingerprint In this case via documentation The RSA fingerprint for the managed switch s encryption key is 1e 0f 31 39 26 3f 23 8c ba 7e e9 d1 56 ff 98 f6 Web access Choose the level of web access to...

Страница 90: ...lt password is admin Port Settings The switch comes with default port settings that allow you to connect to the Ethernet Ports without any configuration Should there be a need to change the name of th...

Страница 91: ...a row labeled SFP with radio buttons The SFP setting independently sets the speed at which a transceiver will operate if one is plugged in Otherwise the switch will use the fixed Ethernet port and the...

Страница 92: ...or more source ports to be replicated out the monitor port Choose a monitor port Choose the source ports to be mirrored monitored For each source port choose the data to monitor choose to monitor mess...

Страница 93: ...o function properly the host and network must meet the following criteria 1 A single host must be directly connected to the switch port 2 The host must not require a Subnet Mask to be offered 3 The ho...

Страница 94: ...ured in the switch Set Switch Date This is where the date is set for the switch The format of the date is Year Month Day YYYY MM DD Set Switch Time This is where the time is set for the switch The for...

Страница 95: ...lth of each firmware image The health can be one of the following Healthy The firmware is running or is expected to be in good enough shape to run Broken The firmware is known to be in a state that wo...

Страница 96: ...witch from the local system MD5 Checksum Optional If an MD5 checksum of the file is available it may be entered into this field Providing a checksum will ensure the firmware arrives at the switch inta...

Страница 97: ...Password Enter the password in this field if required by the server Note that this is not available for TFTP Anonymous Download Check this box if no User Name and Password are required by the remote...

Страница 98: ...will be sent around the loop again and again A single message circulating forever around a loop at high speed is clearly not a good thing so no loops are allowed The limitations of having only one pa...

Страница 99: ...ng Tree Protocol provides a standardized means for intelligent switches also called bridges to enable or disable network paths so there are no loops but there is an alternative path if it is needed Wh...

Страница 100: ...claiming to be the root If a switch receives a BPDU that is better than the one it is sending it will immediately stop claiming itself as the root and send the better root information instead Assuming...

Страница 101: ...akes for all of the switches to have a stable configuration and send network traffic is called the convergence time STP was developed when it was acceptable to have a convergence time of maybe a minut...

Страница 102: ...MSTP use BPDUs Bridge Protocol Data Units to keep bridges informed of the network status MSTP is compatible with RSTP and STP but adds the ability to route VLANs over distinct spanning trees within a...

Страница 103: ...k performance The goal is generally to have the network traffic pass through the network as directly as possible so the root should be central in the network If most messages are between one central s...

Страница 104: ...disrupted for a longer time The default value for the forward delay is 15 seconds If you change this setting the switch will not allow a value unless it satisfies the following formula 2 hello time 1...

Страница 105: ...Normally all ports should be included in determining the Spanning Tree network topology either as a normal port or an edge port It is possible to completely exclude a port so that it will always forwa...

Страница 106: ...l not put a port in the Forwarding state until enough time has passed for the spanning tree to stabilize twice the forwarding delay 30 seconds by default However if a port connects directly to a singl...

Страница 107: ...milliseconds Activate a ring by selecting the appropriate Enable check box You can configure one ring for every two ports on the switch When a ring is enabled be sure to choose the two ports being use...

Страница 108: ...y Max Age Since the largest value allowed for Max Age is 40 the largest RSTP network hop diameter is also 40 Number of Hops vs Recovery Time The diagram below shows a typical redundant ring network wi...

Страница 109: ...use You can assign a higher cost to pathways that are more expensive slower or less desirable in any way The managed switches will then add up the path costs to determine the best route back to the ro...

Страница 110: ...15 Path cost 10 Path cost 10 This is the backup path since it will cost 25 10 15 to reach the root This is a Designated Bridge with root path cost of 15 This is the Root Bridge because it either has...

Страница 111: ...ly one managed switch is used to connect to three or more unmanaged switches in the loop Figure below Device C Unmanaged Switch 3 Unmanaged Switch 2 Device B Unmanaged Switch 1 Managed Switch Device A...

Страница 112: ...hernet link The bottleneck has been discovered as we have to wait until the MAC table in switch 1 ages out its entries of device A and device B The same applies for devices connected to switch 2 B tal...

Страница 113: ...nt in all frames and contains a priority field which defaults to 0 and may be set as high as 255 This field is sometimes referred to as the Type of Service ToS field or the Differentiated Services DS...

Страница 114: ...64 Disable this setting to ignore IP priority fields Priority Precedence This setting controls which priority mark IEEE tag or IP header takes precedence if both are present and enabled It has no effe...

Страница 115: ...cation there are eight different priorities that are carried in the tag Configure each of the 802 1p priorities for the output queue that is appropriate More than one 802 1p priority may be configured...

Страница 116: ...storms by allowing you to limit the rate at which these messages are accepted by the switch For each port you may choose to limit the rate of broadcast and multicast messages accepted Messages over t...

Страница 117: ...delay critical data Goal To optimize the forwarding of critical real time control data and minimize or eliminate the impact of video data traversing the network Solution Configure the switch such tha...

Страница 118: ...video concentrator port as follows Output Tag Remove Tag Result Configuring the video data to have a lower priority than control data results in the QoS required for the control data In the following...

Страница 119: ...IPm Controller Video Concentrator Video Torque Coverter Managed Switch Managed Switch Camera Data Control Data Tagged Camera Data Tagged Control Data Destination 4 35 Chapter 4 Managed Switch Software...

Страница 120: ...uters to configure efficient forwarding of multicast traffic In active mode a switch will also send its own queries to speed network convergence Periodically routers and IGMP snooping switches in acti...

Страница 121: ...rship reports Multicast suppression This enhanced feature can intelligently suppress multicast packets that no host has requested with IGMP None Multicast packets will be sent to all ports unless IGMP...

Страница 122: ...ill allow a switch to function in a network with multicast groups Generally the switch will dynamically learn which ports have IGMP routers attached to them by listening for IGMP Query messages Under...

Страница 123: ...t data and forward multicast data out all ports This will slow down the network Take a look at the following diagram where the IGMP server is the source of the multicast data and the IGMP hosts are th...

Страница 124: ...h configures each port to be able to send data to all ports in all the port based VLANs in which it is a member For example if one VLAN had ports 1 5 and another had ports 5 9 traffic from port 1 4 co...

Страница 125: ...route frames VLAN IDs are ignored Standard Most commonly configured Port based VLANs are ignored all routing is done by VLAN ID The source port of a frame need not be part of a VLAN for the frame to b...

Страница 126: ...g database in independent learning mode Shared learning automatically assigns a different forwarding database to each MSTI This filtering ID allows multiple VLANs to be grouped for easy filtering in t...

Страница 127: ...ort s PVID will be used Typically a Network port will be a member of many or all tag based LANs on a switch and is used to forward VLAN traffic to another switch which then distributes it to other net...

Страница 128: ...rk Ports for VLAN 3 is being blocked see VLAN Port Settings topic in this section about Network type ports This prevents VLAN 3 from being able to forward data to all its members Blocked by RSTP T a g...

Страница 129: ...3 can forward to all its members through the other Network Port connections and is not affected by the block RSTP connection Blocked by RSTP Switch Switch Ethernet Device Ethernet Device V L A N 1 Swi...

Страница 130: ...LC Ethernet Interface 2 Remote I O Drive Configuration Diagnostic PC for VLAN Management Office PC for Data Logging E E E T N T E N E N T N E T T T E T N E T N E T Structured Wiring Tag based VLAN exa...

Страница 131: ...Switch Setup Switch1 4 47 Chapter 4 Managed Switch Software Setup Stride Industrial Ethernet Switches User Manual 2nd Ed Rev A...

Страница 132: ...Switch 2 4 48 Chapter 4 Managed Switch Software Setup Stride Industrial Ethernet Switches User Manual 2nd Ed Rev A...

Страница 133: ...Switch 3 4 49 Chapter 4 Managed Switch Software Setup Stride Industrial Ethernet Switches User Manual 2nd Ed Rev A...

Страница 134: ...ic Port based VLAN example VLAN 1 VLAN 2 VLAN 3 Solution We will use a Stride managed switch utilizing the Port based VLAN feature The question could be posed Why not just use two unmanaged switches W...

Страница 135: ...both password protection and encryption SNMP SNMPv3 This method accesses the Management Information Bases MIBs using an SNMP server or master utility Standard SNMPv1 or SNMPv2 has password security S...

Страница 136: ...that port is enabled on the Port Security Enables page that MAC address is disallowed access on any other port including ports for which security is not enabled on the Security Enables page For examp...

Страница 137: ...the configuration to the switch The switch will then begin limiting access according to the configuration on these two pages Once an entry has been configured and committed to the switch a power cycl...

Страница 138: ...ns the encryption compression and hash parameters needed to implement the policies required by the SPD for traffic between specific hosts Warning Misconfiguration on this screen may block network acce...

Страница 139: ...itch s address is in the destination field the direction should be In ESP Whether to require encryption for communication between the specified hosts Authentication AH Whether to require authenticatio...

Страница 140: ...t be the same on both peers in an association Mode The IPsec mode to use ESP AH ESP and AH or IPComp Cipher The cipher to use when an ESP mode is selected Encryption key The key to use when ESP is ena...

Страница 141: ...ill apply to all peers without a more specific policy Preferred Exchange Mode The preferred exchange mode is the one that will be sent in any proposal to a peer If other exchange modes are specified t...

Страница 142: ...es not handled by other rules Destination The destination address to match against The address specified should exactly match the Source address field in a phase 2 policy on the peer unless either val...

Страница 143: ...fe80 2 must have secret set as the pre shared key for peer fe80 1 Peer Identifier The identifier of the peer with which this pre shared key should be used Typically this will be the peer s address Se...

Страница 144: ...s Web interface cannot be changed on this screen Switch Certificate This section may be used to generate or view the details of an X 509 certificate which the switch uses to identify itself via IKE A...

Страница 145: ...te will be valid for starting from the current day according to the switch s clock This setting is used only for the self signed certificate CAs provides their own expiration dates for certificates th...

Страница 146: ...tion will be triggered when a ring failure occurs Ring failure on a local port will be triggered when one of this switch s neighbors in the ring goes down the general ring failure option will be trigg...

Страница 147: ...Connection Limit this determines what happens 0 The least recently active connection will be dropped in favor of the new connection 0 The least recently active connection will be dropped in favor of t...

Страница 148: ...port is passing data 10022 Ring 2 Second port is passing data 10023 Ring 3 Ring is complete 10024 Ring 3 First port is passing data 10025 Ring 3 Second port is passing data 10026 Ring 4 Ring is compl...

Страница 149: ...th a community string which is sent in clear text unencrypted and no password is required Some measure of security can be achieved by setting long obscure community strings SNMPv3 provides three level...

Страница 150: ...0 1 system sysDescr 0 The switch supports SNMPv1 v2 and v3 SNMPv1 and v2 access are essentially the same from a security standpoint and are enabled and disabled together SNMPv3 security may be separat...

Страница 151: ...Firmware Check this box to send a trap when the switch resets into the non default firmware image This can happen if the switch loses power while booting or if the default firmware image somehow becom...

Страница 152: ...e IP address of the host where the trap manager is located Community String The community string to use when contacting the trap manager on the host Version The SNMP trap version to send NOTE There ar...

Страница 153: ...ch Software Advanced Operations In This Chapter Configuration Management 5 2 Restore Factory Defaults 5 4 Reset Switch 5 5 Update Firmware 5 6 Update Firmware using a TFTP Server 5 6 5 5 5 Chapter Cha...

Страница 154: ...work settings or use the ones in the checkpoint file Download Checkpoint Saves a zipped file of the current configuration file external to the switch Upload Checkpoint Unzips the selected file and sto...

Страница 155: ...d TFTP server You must specify the name of a file on the server Retrieve from TFTP Retrieves a previously saved configuration checkpoint file from the defined TFTP server After retrieval the configura...

Страница 156: ...efaults This option sets the switch back to factory default settings The switch will automatically restart reset to put the default settings into effect You can optionally choose to maintain the IP ad...

Страница 157: ...d Rev B Chapter 5 Managed Switch Software Advanced Operations Reset Switch This feature will cause the switch to perform a soft restart software reset A software reset may take 30 seconds or more depe...

Страница 158: ...Update from File button to load and install the latest firmware files This method of updating the firmware will retain all your settings However it is still recommended that you save a checkpoint conf...

Страница 159: ...ubleshooting UL C US R In This Appendix Troubleshooting Fiber Connections A 2 Troubleshooting Real Time Ring A 4 Troubleshooting VLANs A 6 Installing Switch Firmware A 8 Appendix Appendix Appendix A A...

Страница 160: ...ser to this speed mismatch Verify the type of SFP Verify the port number Verify the Port Speed Setting on the Main Settings Port Settings page 2 Make sure that the speeds of both ends of a link match...

Страница 161: ...can cause permanent damage to your eyes should you look into the end face Additionally it is not necessary to scrub the end face rather to just gently wipe it clean and then double check the link If a...

Страница 162: ...her Real Time Ring or RSTP If Real Time Ring is configured on a switch disable RSTP On the Redundancy Settings Spanning Tree Settings page set Redundancy protocol to None 2 It is possible for Real Tim...

Страница 163: ...strial Ethernet Switches User Manual 2nd Ed Rev B Appendix A Troubleshooting On the Redundancy Settings Spanning Tree Port Settings page check the boxes to exclude the Real Time Ring ports from Spanni...

Страница 164: ...e configured leaving the Type selection Tag based In our example we are creating two VLANs called VLAN 20 and VLAN 30 The names are for your convenience The IDs on this page will match the PVIDs we co...

Страница 165: ...those devices ports 3 5 or 7 here or any device on a VLAN 20 port on the switch connected to port 2 can communicate with devices connected to ports 4 6 or 8 or VLAN 30 ports on the switch connected to...

Страница 166: ...ther on your local system or from a remote server The MD5 Checksum is an error detection value that your IT department may calculate and give you especially when they install firmware from a remote se...

Страница 167: ...on to the new version you installed 3 Either power cycle the switch or go to the Advanced Operations Reset Switch page There click the Yes check box then click the Reset Switch button After the switch...

Страница 168: ......

Страница 169: ...Glossary UL C US R In This Appendix Glossary of Terms B 2 B B B Appendix Appendix Appendix...

Страница 170: ...et Group Management Protocol IKE Internet Key Exchange a protocol in IPSec results in a Security Association between two devices that will communicate over IP IKE policy The parameters that will be al...

Страница 171: ...26 3f 23 8c ba 7e e9 d1 56 ff 98 f6 RSTP Rapid Spanning Tree Protocol RSTP terms Discarding In this state station location information is not added to the Filtering Database MAC table because any cha...

Страница 172: ...ate is about to participate in frame relay but it is not involved in any relay of frames Frame relays are not performed to prevent the creation of temporary loops during the active topology of a chang...

Страница 173: ...figuration Records UL C US R In This Appendix General Switch Information C 2 Alarm Configuration C 3 Mirror Configuration C 3 VLAN Configuration C 3 Port Configuration C 3 QOS Configuration C 4 C C C...

Страница 174: ...MAC Address MAC address IGMP Mode Active IGMP handling Multicast Suppression All unreserved multicast IGMP Version 2 Redundancy Protocol RSTP Bridge Priority 32768 Max Message Age 20 Hello Timer 2 Ror...

Страница 175: ...128 128 128 128 128 128 128 Path Cost 200000 200000 200000 200000 200000 200000 200000 200000 Type Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Point to Point Auto Auto Aut...

Страница 176: ...2 Tag 6 Priority 3 Tag 7 Priority 3 Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 Port 8 Use 802 1p Tag Priority Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Use IP ToS DiffServ...

Страница 177: ...guration D 4 Info Configuration D 4 Network Configuration D 5 Ring Configuration D 6 RSTP Configuration D 7 QoS Configuration D 7 VLAN Configuration D 8 IGMP Configuration D 9 Checkpoint Configuration...

Страница 178: ...mitted the current value is displayed Sections and parameter names are case sensitive e g Network is not the same as network Accessing the CLI To access the CLI establish an Ethernet or serial connect...

Страница 179: ...settings may be maintained by adding a savenw option In other words defaults restores all values but defaults savenw restores all defaults except the current settings for DHCP IP address etc Access C...

Страница 180: ...number transport tcp udp tcp udp tcp udp used to specify allowed transport layer for modbus timeout 0 0 to 3600 or none time is in seconds maxcon 4 1 to 20 sets maximum number of concurrent connection...

Страница 181: ...Allowable Values Description list n a List all current port security information enable n a Enables MAC based port security disable n a Disables MAC based port security add n a Any valid MAC and port...

Страница 182: ...ble in both modes For combo ports the SFP speed may be set as follows port port sftp speed Ring Configuration Ring Configuration Parameter Default Allowable Values Description list n a View the list o...

Страница 183: ...STP pprio 0 An integer in the range of 0 240 View or change this port s priority pcost none auto or integer in the range of 0 200 000 000 View or change this port s cost type 1 1 0 View or change thi...

Страница 184: ...ports all 1 9 View or set the management VLAN port The commands below require a vlan from vlist name n a A string of no more than 33 characters vtype n a port tag View or change the type of this VLAN...

Страница 185: ...a None saves a check point restore n a net nonet net saves current network settings nonet discards them ftpsave n a a file name ftprestore n a a file name Firmware Configuration Firmware Configuration...

Страница 186: ...lowed by mstid priority pprio varies Followed by mstid portno pprio used for per MSTI port priorities pcost varies Followed by mstid portno pcost used for per MSTI port costs name n a Followed by msti...

Страница 187: ...3 spawn fcgi Software E 4 ipsec tools Software E 4 net snmp Software E 6 FastCGI Library E 11 watchdog Software E 12 GPLv2 General Public License v2 E 12 Crossbrowser x tools Library E 18 OpenSSL Lic...

Страница 188: ...University of Cambridge All rights reserved THE C WRAPPER FUNCTIONS Contributed by Google Inc Copyright c 2007 2008 Google Inc All rights reserved THE BSD LICENCE Redistribution and use in source and...

Страница 189: ...copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 The names of the authors may not be used to endorse...

Страница 190: ...e copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of the incremental nor the names of...

Страница 191: ...TED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL WASABI SYSTEMS INC BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY...

Страница 192: ...SHALL CMU OR THE REGENTS OF THE UNIVERSITY OF CALIFORNIA BE LIABLE FOR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM THE LOSS OF USE DATA OR PROFITS WHETHER IN...

Страница 193: ...tation and or other materials provided with the distribution The name of Cambridge Broadband Ltd may not be used to endorse or promote products derived from this software without specific prior writte...

Страница 194: ...OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Part 5 Sparta Inc copyright notice BSD Copyright c 2003 2...

Страница 195: ...THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISC...

Страница 196: ...ons are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright...

Страница 197: ...RE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE FastCGI Library This FastCGI application library source and object code the Software and its documentation the Documentation are copyrighted by Ope...

Страница 198: ...d The GPLv2 is given below GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 51 Franklin St Fifth Floor Boston MA 02110 1301 USA Everyone is permitted t...

Страница 199: ...t must be licensed for everyone s free use or not licensed at all The precise terms and conditions for copying distribution and modification follow GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR...

Страница 200: ...orks But when you distribute the same sections as part of a whole which is a work based on the Program the distribution of the whole must be on the terms of this License whose permissions for other li...

Страница 201: ...your acceptance of this License to do so and all its terms and conditions for copying distributing or modifying the Program or works based on it 6 Each time you redistribute the Program or any work b...

Страница 202: ...on ever published by the Free Software Foundation 10 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write to the author to ask for...

Страница 203: ...Free Software Foundation Inc 51 Franklin St Fifth Floor Boston MA 02110 1301 USA Also add information on how to contact you by electronic and paper mail If the program is interactive make it output a...

Страница 204: ...nd that you know you can do these things To protect your rights we need to prevent others from denying you these rights or asking you to surrender the rights Therefore you have certain responsibilitie...

Страница 205: ...plicable copyright law except executing it on a computer or modifying a private copy Propagation includes copying distribution with or without modification making available to the public and in some c...

Страница 206: ...Program The output from running a covered work is covered by this License only if the output given its content constitutes a covered work This License acknowledges your rights of fair use or other equ...

Страница 207: ...invalidate such permission if you have separately received it d If the work has interactive user interfaces each must display Appropriate Legal Notices however if the Program has interactive interface...

Страница 208: ...ly or household purposes or 2 anything designed or sold for incorporation into a dwelling In determining whether a product is a consumer product doubtful cases shall be resolved in favor of coverage F...

Страница 209: ...rms of this License with terms a Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License or b Requiring preservation of specified reasonable legal n...

Страница 210: ...the Program Ancillary propagation of a covered work occurring solely as a consequence of using peer to peer transmission to receive a copy likewise does not require acceptance However nothing other t...

Страница 211: ...st either 1 cause the Corresponding Source to be so available or 2 arrange to deprive yourself of the benefit of the patent license for this particular work or 3 arrange in a manner consistent with th...

Страница 212: ...k will apply to the combination as such 14 Revised Versions of this License The Free Software Foundation may publish revised and or new versions of the GNU General Public License from time to time Suc...

Страница 213: ...for a fee END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program and you want it to be of the greatest possible use to the public the best way to achie...

Страница 214: ...ot allowed This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License supplemented by the additional permissions listed...

Страница 215: ...ary and its use are covered by this License b Accompany the object code with a copy of the GNU GPL and this license document 4 Combined Works You may convey a Combined Work under terms of your choice...

Страница 216: ...sions of the GNU Lesser General Public License The Free Software Foundation may publish revised and or new versions of the GNU Lesser General Public License from time to time Such new versions will be...

Страница 217: ...p www openssl org IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE OpenSSL PROJECT OR...

Страница 218: ...tory application code you must include an acknowledgement This product includes software written by Tim Hudson tjh cryptsoft com THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIE...

Страница 219: ...oved MD5 is now external in the OpenSSL library RC4 support has been replaced with ARC4 support from OpenSSL Blowfish is now external in the OpenSSL library The licence continues Note that any informa...

Страница 220: ...eveloped by Pedro Roque Marques pedro_m yahoo com THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN N...

Страница 221: ...USE OR PERFORMANCE OF THIS SOFTWARE Copyright c 2001 by Sun Microsystems Inc All rights reserved Non exclusive rights to redistribute modify translate and use this software in source and binary forms...

Страница 222: ...m this software without prior written permission For permission or any legal details please contact Office of Technology Transfer Carnegie Mellon University 5000 Forbes Avenue Pittsburgh PA 15213 3890...

Страница 223: ...poe author stated in a private email to Marco d Itri that as an exception to the license linking with OpenSSL is allowed pppd plugins winbind c is licensed under the GNU GPL version 2 or later and is...

Страница 224: ...s is without express or implied warranty C The Regents of the University of Michigan and Merit Network Inc 1992 1993 1994 1995 All Rights Reserved Permission to use copy modify and distribute this sof...

Страница 225: ...rce and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of condit...

Страница 226: ...ain com Effort in porting to AT T UNIX System V Release 4 has been provided by Andrew Herbert andrew werple pub uu oz au Special thanks to Marek Michalkiewicz marekm i17linuxb ists pwr wroc pl for tak...

Страница 227: ...NNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE Sponsored in part by the Defense Advanced Research Projects Agency DARPA and Air Force Research Laboratory Air Force Materiel Command USAF under a...

Страница 228: ...sclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the dis...

Страница 229: ......

Страница 230: ......

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды