WAGO 852-1328 Скачать руководство пользователя страница 22 | Manualshive

Страница: 22 / 92

background image

852-1328

Functions

22

Product manual | Version: 1.2.0
Industrial Managed Switch

5

Functions

5.1 Security

5.1.1 IEEE 802.1X

IEEE 802.1X is an IEEE standard for port-based Network-Access Control protocol. It pro-
vides an authentication mechanism to devices that need to attach to a LAN. This protocol
restricts unauthorized clients from connecting to a LAN through ports that are opened to
the Internet. The authentication generally involves three parties (see Figure “RADIUS Au-
thentication Sequence” in Section

8

): a supplicant, an authenticator,

and an authentication server.
• Supplicant: A client device that requests access to the LAN
• Authentication Server: This server performs the actual authentication. We utilize RA-

DIUS („

R

emote

A

uthentication

D

ial-

I

n

U

ser

S

ervice“ as the authentication server.

• Authenticator: The Authenticator is a network device (i.e. the WAGO Industrial man-

aged switch) that acts as a proxy between the supplicant and the authentication server.
It passes around information, verifies information with the server, and relays responses
to the supplicant.

The authenticator acts like a security guard to a protected network. The supplicant is not
allowed accessing to the protected side of the network through the authenticator until the
supplicant’s identity has been validated and authorized. With IEEE802.1X authentication,
a supplicant and an authenticator exchange

EAP

(„

E

xtensible

A

uthentication

P

rotocol“,

an authentication framework widely used by IEEE) aus. Then the authenticator forwards
this information to the authentication server for verification. If the authentication server
confirms the request, the supplicant (client device) will be allowed to access resources lo-
cated on the protected side of the network.

5.1.2 RADIUS

The RADIUS is a networking protocol that provides authentication, authorization and ac-
counting (AAA) management for devices to connect and use a network services. Figure
“RADIUS Authentication Sequence” shows a diagram of RADIUS authentication se-
quence.

Figure 9: RADIUS Authentication Sequence

«
...
20
21
22
23
24
...
»

Содержание 852-1328

Страница 1: ...Product manual Version 1 2 0 Industrial Managed Switch 6 Ports 1000BASE T 2 Slots 1000BASE SX LX MAC Security 852 1328...

Страница 2: ...been taken to ensure the accuracy and completeness of this documentation However as errors can never be fully excluded we always appreci ate any information or suggestions for improving the documenta...

Страница 3: ...Connections 16 4 3 1 Grounding screw 16 4 3 2 Power Supply 16 4 3 3 Network Connections 17 4 3 3 1 10 100 1000BASE T X ports 18 4 3 3 2 100 1000BASE SX LX ZX MACsec ports 18 4 4 Display Elements 18 4...

Страница 4: ...Information 35 10 3 2 Legal Information 36 10 4 Configuration 36 10 4 1 System Settings 36 10 4 2 Device Discovery LLDP 37 10 4 3 System Management SNTP 38 10 4 3 1 General Information 38 10 4 3 2 SN...

Страница 5: ...lation 68 10 6 5 2 VLAN Setup 69 10 6 5 3 Management VLAN 71 10 7 Redundancy 73 10 7 1 RSTP 73 10 7 1 1 General Information 73 10 7 1 2 RSTP Setup 76 10 7 1 3 RSTP Port Setup 77 10 7 1 4 RSTP Failover...

Страница 6: ...rity Obligations of Installers Operators The installers and operators bear responsibility for the safety of an installation or a sys tem assembled with the products The installer operator is responsib...

Страница 7: ...ys Cross References Links Cross references links to a topic in a document Cross references links to a separate document Cross references links to a website Cross references links to an email address A...

Страница 8: ...s document as well as the use and communication of its content are strictly prohibited un less expressly authorized by prior agreement Third party products are always mentioned without any reference t...

Страница 9: ...ims for change or improvement of products that have already been delivered excepting change or improvement performed under guarantee agreement are excluded Licenses The products may contain open sourc...

Страница 10: ...med by qualified employees with sufficient knowledge in the administration of the PC system used in addition to file creation or modification Steps that change the PC system s behavior within a networ...

Страница 11: ...ped with ETHERNET or RJ 45 connectors in LANs Never con nect these devices with telecommunication networks Components Replace defective or damaged device module e g in the event of deformed contacts L...

Страница 12: ...i tional housing that is also resistant to these substances Before installation and operation please read the product documentation thoroughly and carefully In addition note the information on the pro...

Страница 13: ...switches In other words it can secure a network from a whole host of security threats including intrusion man in the middle masquerading passive wiretapping and playback attacks And because MACsec en...

Страница 14: ...852 1328 Properties 14 Product manual Version 1 2 0 Industrial Managed Switch 4 Properties 4 1 Views 4 1 1 Front View Figure 1 Front View of the Industrial Managed Switch...

Страница 15: ...18 3 ALM Status LED alarm 8 Display Elements 18 4 RJ 45 ports 10 100 1000BASE T X 6 8 Port LEDs 18 6 SFP slots 2 x MACsec SFP slots with 100 1000 Mbit s 8 Port LEDs 18 4 1 2 Top View Figure 2 Top View...

Страница 16: ...on right digit sequence 02 QR code Connect to product information by scanning this QR code 4 3 Connections 4 3 1 Grounding screw The switch must be grounded Connect the grounding screw to the ground p...

Страница 17: ...c Discharge ESD DC Powered Switch Power is supplied through an external DC power source Since the switch does not include a power switch plugging its power adapter into a power outlet will immediately...

Страница 18: ...g cable for the RJ 45 ports Cat 5e or better with a max cable length 100 m 4 3 3 2 100 1000BASE SX LX ZX MACsec ports The connections make encrypted data traffic using the MAC Security security standa...

Страница 19: ...Degree of protection IP30 4 5 2 System Data Table 9 Technical Data System Data Property Value MAC table 16384 entries Jumbo Frame Size 10 kB Wavelength optical fibers Depends on SFP module Maximum le...

Страница 20: ...for the product Conformity Marking Ordinary Locations UL62368 E482462 Note More information on approvals You can find detailed information on the approvals online at www wago com item number 4 6 2 Reg...

Страница 21: ...ty measures against electrostatic discharge according to EN 61340 5 1 3 When handling the modules ensure that environmental factors persons workplace and packing are well grounded The relevant valid a...

Страница 22: ...n the supplicant and the authentication server It passes around information verifies information with the server and relays responses to the supplicant The authenticator acts like a security guard to...

Страница 23: ...ed secure channel and connectivity association when set ting up a secure communication between two switches A secure channel in MACsec is unidirectional and used for transmitting outbound traffic or r...

Страница 24: ...all the may greatly affect its performance When selecting a site we recommend considering the following rules Install the at an appropriate place See Section 8 Environment requirements 20 for the acce...

Страница 25: ...during transport and storage Store the product in suitable packaging preferably the original packaging Only transport the product in suitable containers packaging Make sure the product contacts are n...

Страница 26: ...integrated into the system and the shielding of the internal data bus connections Place the onto the DIN rail from the top and snap it into position 8 2 Removal 8 2 1 Removal from Carrier Rail To remo...

Страница 27: ...bserve the corresponding standards for EMC compatible installations as well 2 Plug the female connector into the male connector of the switch if it has not already been plugged in Check the tight fit...

Страница 28: ...ds to re duced performance at the port 3 Connect one end of the fiber optic cable to the LC port of the industrial managed switch and the other end to the fiber optic port of the other device Note Pro...

Страница 29: ...tion The system must always be restarted for the changed configuration settings to take ef fect 10 1 Login 1 To open the WBM launch a Web browser e g Microsoft Edge Mozilla Firefox or Google Chrome 2...

Страница 30: ...s the device you may see a secu rity warning page Please click on the red box Advanced button and click on Accept the Risk and Continue button Figure 11 Security Warning Page 6 After pressing the Ente...

Страница 31: ...e if you logged in with the default password successfully the device will remind the user to change the password with a warning pop up dialog and redirect the user to the change password page as shown...

Страница 32: ...again buttons If you click the Try again button you will be re directed to the Login page with some waiting time which is determined by the number of times that the user failed to login The first and...

Страница 33: ...rity card You will need to look up the characters in the security card and use them to enter them in the Secure code textbox as shown in Figure Example of Dialog after Clicking Forget it But ton The s...

Страница 34: ...hange password tab page to immediately update the password as shown in Figure Re direction to Change Password Tab Page When you finished changing the new password click on the Submit button The system...

Страница 35: ...WAGO 852 1322 switch Table WBM Information Page System Information Tab summarizes the description of each field of system information Figure 21 WBM Information Page System Information Tab Table 14 WB...

Страница 36: ...urce Licenses Figure 23 WBM Information Page Legal Information Open Source License Tab 10 4 Configuration 10 4 1 System Settings Users can assign device s details to WAGO s industrial managed switch o...

Страница 37: ...to other stations connected to the same LAN The information includes essential system functions including the management address or addresses of an entity or entities that provide management of these...

Страница 38: ...abled devices that has been received on this port will then be shown 10 4 3 System Management SNTP 10 4 3 1 General Information The SNTP Simple Network Time Protocol is a protocol for synchronizing cl...

Страница 39: ...e pull down list Manual mode disables SNTP The time must then be set manually The Network Time Protocol mode enables SNTP Both of these modes are described below Mode Manual Select Manual mode to disa...

Страница 40: ...ngs or Disable to disable Daylight Saving Settings Start Day Enter the date and time for the start of daylight saving time if you have activated this op tion The time is displayed in 24 hour format En...

Страница 41: ...ion The time is displayed in 24 hour format End Day Enter the date and time for the end of daylight saving time if you have activated this op tion The time is displayed in 24 hour format 10 4 4 Networ...

Страница 42: ...anually Static IP Address 192 168 1 254 This field displays current IP address The user can also set a new static IP address for the device Subnet Mask 255 255 255 0 This field displays current subnet...

Страница 43: ...page are summarized in Table WBM Configuration Page Port Settings Tab Table 20 WBM Configuration Page Port Settings Tab Parameters Factory Default Description Port n Enable Port number on the industri...

Страница 44: ...select either Port 7 or Port 8 Speed 1000 The user can change the port speed as either 1000 Mbit s 1 Gbit s or 100 Mbit s from the drop down list Click the Submit button to apply the speed change 10 4...

Страница 45: ...Description Enable State Select Enable State to enable port mirroring Deselect Enable State to disable port mir roring Port mirroring must be enabled before the selected Source Port or Destination Por...

Страница 46: ...P Simple Network Management Protocol is used in network management systems to monitor the state of attached devices that require the attention of an adminis trator SNMP is a component of the internet...

Страница 47: ...ared WAGO s industrial managed switch support SNMP and can be configured in this tab page as shown in Figure WBM Diagnostics Page SNMP Tab The SNMP setting has four parts which are SNMP Agent SNMPv1 v...

Страница 48: ...852 1328 Configuration in the WBM 48 Product manual Version 1 2 0 Industrial Managed Switch Figure 33 WBM Diagnostics Page SNMP Setting Part 1 Tab...

Страница 49: ...852 1328 Configuration in the WBM Product manual Version 1 2 0 49 Industrial Managed Switch Figure 34 WBM Diagnostics Page SNMP Setting Part 2 Tab...

Страница 50: ...he SNMP version 1 V1 version 2c V2c and version 3 are supported by WAGO s managed switches as summarized in WBM Page Diagnostics SNMP Tab SNMP Agent Setting Fehler Verweisquelle konnte nicht gefunden...

Страница 51: ...le There are two levels of authentications or permission type in WAGO 852 1328 which are read all only or read write all For exam ple in our default setting as shown in Figure SNMP V1 V2c Community Se...

Страница 52: ...list read all only and read write all See notes below for a briefed explanation Choose a type from the dropdown list read all only and read write all See notes below for a briefed explanation Read wr...

Страница 53: ...iagnostics Page SNMP Tab SNMP Trap shows an Empty list The user can enter an IP address in the Trap server IP field port number of Trap server in the Port field and a string used as Community String f...

Страница 54: ...tion and encryption parameters MD5 Message Digest algorithm 5 is used for authentication password and DES Data Encryption Standard is used for data encryption algorithm Figure WBM Di agnostics Page SN...

Страница 55: ...d is left blank there will be no authentication Note that the authentication password is based on MD5 and the maxi mum length of the password is 31 characters Confirmed Password wago0852 Re entering t...

Страница 56: ...ons of the Modbus TCP s parameters Please refer to Appendix for the Modbus Memory mapping see chapter 8 Modbus Reg ister 86 Table 28 WBM Diagnostics Page Modbus TCP Tab Parameters Factory Default Desc...

Страница 57: ...Uncheck Checked Saving log event into flash memory The flash memory can keep the log event files even if the switch is rebooted Unchecked Saving log event into RAM memory The RAM mem ory cannot keep t...

Страница 58: ...This Re fresh button is only visible if the Automatic refresh cycle option is not enabled or stopped To enable cyclic refresh click the Start button The Start button is only visi ble if Automatic ref...

Страница 59: ...nly the last n 20 Activate the display of only the last n messages The user can also specify the number of messages to be displayed Automatic refresh cy cle sec Disable 20 Select the check box to enab...

Страница 60: ...tual connecting status for all available ports of the WAGO industrial man aged switch in this page The user can see that status whether a port is connected Link Up Green color or disconnected Link Dow...

Страница 61: ...n the lower part Figure 45 WBM Page Security Static SAK Tab The selected port s will use the given static SAK as the secure key to secure all the traf fic If any two switches have the same SCI and SAK...

Страница 62: ...naged switch will have eight secure codes Every code has three characters The security codes of every switch are unique An example of secure code is illustrated in Figure Example of Secure Codes They...

Страница 63: ...the user checks the Enabled box the rest of the option fields will become active The user then have to enter all the re quired fields to configure the 802 1X Setting which are the IP address of RADIUS...

Страница 64: ...cess Server NAS The maximum length is 30 characters Shared Key NULL A shared key between the managed switch and the RADIUS Server Both devices must be configured to use the same key where the maximum...

Страница 65: ...0 Waiting time for the authentication server to respond to the suppli cant s EAP packet The range is from 10 to 300 seconds Maximum Requests 2 The maximum number of the retransmissions that the authen...

Страница 66: ...nd click the Update button To check the latest status of the 802 1X port setting user can click on the Refresh button Table 36 WBM Security Page 802 1X 802 1X Port Setting Tab Parameters Factory Defau...

Страница 67: ...ort Once enabled the switch stores the MAC addresses of the sender in a table each time a link is established at the port until the permitted number defined by the user is reached When the state of a...

Страница 68: ...ed range of ports Maximum MAC Select the maximum number of MAC addresses for the selected range of ports 10 6 5 VLAN 10 6 5 1 Port Isolation Port Isolation is a port based virtual LAN function It part...

Страница 69: ...f requirements that com municate as if they were attached to a broadcast domain regardless of their physical lo cation A VLAN has the same attributes as a physical LAN but it allows end stations to be...

Страница 70: ...sys tem is duplicated only on ports that are subscribers of the VID except the ingress port it self thus confining the broadcast to a specific domain Port Based 802 1Q VLAN As a subscriber of a port...

Страница 71: ...ows Port to VLAN mapping at the hardware level Note Creating VLANs Up to 128 VLANs can be set up It is recommended to configure a trunk port with tag and have all ports join the VLAN Figure 54 WBM Sec...

Страница 72: ...gement VLAN configuration three times via LLDP DA when the system is booting up Interval time of 5 seconds Step 3 Use the network monitoring tool to monitor LLDP packets and find the manage ment VLAN...

Страница 73: ...e the device causing a topology change first notifies the root bridge which in turn notifies the rest of the network Both RSTP and STP remove unwanted learned addresses from the filter database To cre...

Страница 74: ...data RSTP still monitors incoming BPDUs which would indicate that the port should return to the Blocking state to prevent a loop RSTP Bridge Port Roles Root The Root Port is a forwarding port that can...

Страница 75: ...riority the switch with the lowest MAC address becomes the root switch Enter a value from 0 61440 The lower the numeric value you assign the higher the priority for this bridge The priority determines...

Страница 76: ...Enable State Select Enable State to enable RSTP on the switch Deselect Enable State to disable RSTP on the switch Mode Only one mode RSTP is supported Bridge Parameters Priority Define the priority o...

Страница 77: ...led or disabled on the selected port range BDPU Guard Select if the BDPU Guard setting should be enabled or disabled on the selected port range Root Guard Select if the Root Guard setting should be en...

Страница 78: ...Bidirectional traffic UDP Number of devices in the ring 852 1322 Average failover time ms Average recovery time ms Average failover time ms Average recovery time ms 10 1064 9 N A 1064 5 N A 20 1233 6...

Страница 79: ...ult setting by clicking on the Reset button as shown in Figure WBM Maintenance Page Reset to Default Tab When the switch is restarted the web browser will be re directed to the login web page as depic...

Страница 80: ...XX XXX ini by the Web browser Choosing to Save File will back up the switch s current configuration to your local drive on the local PC Figure 62 WBM Maintenance Page Backup Restore Tab To restore a c...

Страница 81: ...ed to ensure that the correct user settings will not be changed easily by unauthorized access or user The user can logout of the device by either browsing to the Logout page and click Lo gout button o...

Страница 82: ...al Managed Switch 11 Commissioning Note For important and useful information on commissioning see sections System Settings 8 System Settings 36 Network Settings 8 Network Settings 41 Port Settings 8 S...

Страница 83: ...s and troubleshooting see sections Diagnostics via LED Indicators Diagnostics using product LEDs 8 Unit LEDs 18 Diagnostics using connection LEDs 8 Port LEDs 18 Diagnostics via WBM Diagnostics using S...

Страница 84: ...vice Note The following topics are useful for maintenance for which the sections in the WBM de scription are given Update the firmware 8 Firmware Upgrade 78 Reset to factory settings 8 Reset to Defaul...

Страница 85: ...uipment sent to a local collection point The guidelines 2006 66 EG PPWD 2018 852 EU and WEEE 2012 19 EU apply throughout Europe National directives and laws may vary Table 44 WEEE Mark Logo Descriptio...

Страница 86: ...yte 0x03 Word 2 Hi byte 0x04 Word 2 Lo byte 0x05 0x0024 36 1 word R Kernel Version Ex Version 1 03 Word 0 Hi byte 0x01 Word 0 Lo byte 0x03 IP Information 0x0050 80 1 word R DHCP Status 0x0000 Disabled...

Страница 87: ...Speed Status 10M 0x01 Status 100M 0x02 Status 1000M 0x03 Word 0 Hi byte Port 1 Status Word 0 Lo byte Port 2 Status Word 1 Hi byte Port 3 Status Word 1 Lo byte Port 4 Status Word 2 Hi byte Port 5 Stat...

Страница 88: ...ation tab LLDP Settings page 38 Table 17 WBM Configuration page SNTP tab 39 Table 18 WBM Configuration tab SNTP page 41 Table 19 WBM Configuration Page System Settings Tab 42 Table 20 WBM Configuratio...

Страница 89: ...ort Security Settings tab 68 Table 38 WBM Security tab Port Isolation Settings page 69 Table 39 WBM Security tab VLAN Setup page 71 Table 40 WBM Security tab Management VLAN Setup page 72 Table 41 Oth...

Страница 90: ...8 Example of Security Card 34 Figure 19 Re direction to Change Password Tab Page 34 Figure 20 WAGO Login Dialog after Resetting Password 34 Figure 21 WBM Information Page System Information Tab 35 Fig...

Страница 91: ...802 1X Tab 63 Figure 49 WBM Security Page 802 1X Setting Tab 64 Figure 50 WBM Security Page 802 1X 802 1X Parameter Setting Tab 65 Figure 51 WBM Security Page 802 1X 802 1X Port Setting Tab 66 Figure...

Страница 92: ...s catalogs videos and other WAGO media are subject to copyright Distribution or modification of the contents of these pages and videos is prohibited Furthermore the content may neither be copied nor m...

Отзывы:

Нет отзывов

Похожие инструкции для 852-1328

Бренд: N-Tron Страницы: 20

Бренд: B&K Страницы: 2

Бренд: B&B Electronics Страницы: 45

Бренд: ABB Страницы: 10

Бренд: Ableconn Страницы: 16

Бренд: Erbe Страницы: 118

Бренд: Conrad Страницы: 8

Бренд: ATEN Страницы: 17

Бренд: Sangamo Страницы: 2

Бренд: I-Tech Страницы: 39

PMV WM Ultraswitch

Бренд: Flowserve Страницы: 16

S12500G-AF Series

Бренд: H3C Страницы: 105

Бренд: I-Tech Страницы: 29

Бренд: Pilz Страницы: 8

Бренд: nedis Страницы: 24

Бренд: Edge-Core Страницы: 2

Wormhole Station JUH-320

Бренд: j5 create Страницы: 9

Бренд: Clinton Electronics Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды