GE Multinet 4, Instruction Manual

Page 1: ...a Fax 905 201 2098 Internet http www GEmultilin com Manual P N 1601 9075 A1 GEK 113502 Copyright 2008 GE Multilin Digital Energy Multilin 1601 9075 A1 GE Multilin s Quality Management System is registered to ISO9001 2000 QMI 005094 UL A3775 Multinet4 Multi Port Serial Server Managed Switch Instruction Manual ...

Page 2: ...al are the property of GE Multilin Inc This documentation is furnished on license and may not be reproduced in whole or in part without the permission of GE Multilin The content of this manual is for informational use only and is subject to change without notice Part numbers contained in this manual are subject to change without notice and should therefore be verified by GE Multilin before orderin...

Page 3: ...NSTALLATION 2 1 TOOLS 2 1 SITE SUITABILITY 2 1 WIRING AND GROUNDING GUIDELINES 2 2 FIBER OPTIC SAFETY 2 2 FIBER OPTIC HANDLING 2 3 EXTERNAL CONNECTIONS 2 3 UNPACKING 2 4 INSTALLATION OF THE MULTINET4 UNIT 2 5 MOUNTING 2 5 Mounting Hardware 2 5 Mounting in a 19 Rail System General 2 5 Mounting in a 19 Rail System Conventional Mounting 2 6 Mounting in a 19 Rail System Reverse Mounting 2 7 Mounting o...

Page 4: ...A MULTINET4 SETUP SOFTWARE PC REQUIREMENTS 3 1 INSTALLATION 3 2 CONFIGURING ETHERNET COMMUNICATION 3 3 USING THE QUICK CONNECT FEATURE 3 6 CONNECTING TO THE MULTINET4 3 7 PORT SETTING 3 8 ADVANCED SETTING 3 10 FIRMWARE UPGRADE 3 11 OFF LINE FEATURE 3 12 READING DEVICE SETTINGS 3 12 WRITING SETTINGS TO A DEVICE 3 13 CONFIGURE A NEW IP ADDRESS THROUGH CONSOLE PORT 3 14 4 SYSTEM ADMINISTRATION VIRTUA...

Page 5: ... Rate Limits 4 55 BRIDGE 4 56 Bridge Global Settings 4 57 Bridge Static MACs 4 57 Bridge Station Cache 4 59 RSTP 4 60 RSTP Bridge Settings 4 60 RSTP Port Settings 4 62 RSTP Bridge Status 4 63 RSTP Port Status 4 64 VLAN 4 65 VLAN Global Settings 4 65 VLAN VIDs 4 66 VLAN Port Settings 4 67 SERIAL TASKS 4 70 PORTS 4 70 Ports Profiles 4 70 Ports Settings 4 74 Ports Statistics 4 75 TERMINAL SERVER 4 76...

Page 6: ...dge Command 5 6 The config Command 5 7 The Ethernet Command 5 8 The ip Command 5 9 The log Command 5 10 The monitor Command 5 11 Protocol Monitor Output Example 5 14 The ping Command 5 15 The rstp Command 5 15 The session Command 5 17 The ssh Command 5 18 The sw command 5 19 The system Command 5 23 The terminal Command 5 23 The vlan Command 5 24 The web Command 5 25 6 OPERATIONAL GUIDE QUALITY OF ...

Page 7: ...Certificates 6 15 Certificate Authority 6 15 Multinet4 Certificate Files 6 15 Multinet4 Key Files 6 16 Key Exchange 6 18 Peer Authentication 6 18 Certificate and Key File Generation 6 18 Certificate and Key File Installation 6 21 RADIUS SUPPORT 6 21 MULTINET4 CIPHER SUPPORT 6 21 SSH 6 23 MODBUS 6 24 NETWORK TOPOLOGIES 6 24 SERIAL PROTOCOL VARIANTS 6 24 NETWORK PROTOCOL 6 25 EXCEPTION HANDLING 6 25...

Page 8: ...NAL SERVER SSL CONNECTIONS 7 15 APPENDIX A PORT AND TYPE REFERENCE WELL KNOWN TCP UDP NETWORK PORTS A 1 ICMP TYPES A 5 APPENDIX B THIRD PARTY LICENSES GNU LESSER GENERAL PUBLIC LICENSE B 1 PREAMBLE B 1 TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION B 4 NO WARRANTY B 8 END OF TERMS AND CONDITIONS B 9 How to Apply These Terms to Your New Libraries B 9 APPENDIX C MODBUS MEMORY MAP GLO...

Page 9: ...ibe the features and requirements of the Multinet4 1 1 1 Connectivity The Multinet4 is equipped with 4 Ethernet Ports 2 100FX multi single mode Fiber LC ST and SC 2 10 100 BaseT RJ45 Auto negotiation and Auto MDIX OR 4 10 100 BaseT RJ45 Auto negotiation and Auto MDIX 4 programmable RS232 485 serial ports These ports are all located on the front face of the device as illustrated in the figure below...

Page 10: ...e primary ground stud and labels including serial number model number and port and power specifications as illustrated in the figure below For detailed power specifications see Table 1 2 Environmental Specifications FIGURE 1 2 Rear View 1 1 3 Indicators The operational status of the ports of the Multinet4 is indicated by LEDs located near the physical ports on the front of the Multinet4 as illustr...

Page 11: ...rack reverse mount see section 2 3 1 4 Mounting in a 19 Rail System Reverse Mounting Panel mount see section 2 3 1 5 Mounting on a Panel DIN rail mount see section 2 3 1 6 Mounting in a DIN Rail System Each of these options requires specific accessory hardware Each type of accessory hardware mates up with a specific set of screw holes on the sides of the chassis illustrated in the figure below FIG...

Page 12: ...m Width 9 5 inches 24 13 cm Depth 9 5 inches 24 13 cm Weight 5 0 lbs 2 3 kg Table 1 2 Environmental Specifications Operating Temperature UL cUL CE Safety Rating 50 C 122 F maximum Storage Temperature 40 C to 85 C 40 F to 185 F Operating Humidity 95 non condensing Standard Name Standard Number Date code Severity levels Tested Electrostatic Discharge Air and Direct EN IEC61000 4 2 1995 Level 4 8Kv c...

Page 13: ...0MHz EN IEC 61000 4 3 1998 Level 3 10V m RF Immunity 80 1000MHz IEEE C37 90 2 2004 35V m Conducted RF Immunity 150Khz 80 MHz IEC61000 4 6 1996 Level 3 10Vrms Conducted RF Immunity 0 150Khz EN IEC 61000 4 16 1998 Level 3 15Hz 150Khz 1 10V Level 4 15Hz 150KHz 1 30V Power Frequency Magnetic Field Immunity EN IEC 61000 4 8 1993 2001 Level 5 100 200 A m continuous 1000 A m for 1s Damped Magnetic Immuni...

Page 14: ... IEC 60255 21 2 1996 1988 Class 2 30G bump 17G shock Shock NEMA TS2 2 2 9 10G x y z axis Vibration MIL STD 167 1 0 5G 5 30 Hz FUNCTIONAL TESTS Operating Voltage NEMA TS2 2 1 2 Max nominal rating Operational frequency NEMA TS2 2 1 3 Nominal 3Hz SAFETY TESTS Dielectric IEEE C37 90 2kV on Hi model 500V on Lo model Dielectric IEC60255 5 2kV H V Impulse IEEE C37 90 5kV H V Impulse IEC60255 5 5kV OTHERS...

Page 15: ...ts 10 10 Max Amperage Amps 0 3 1 3 Table 1 3 Power Requirements High Voltage AC DC Low Voltage DC Table 1 4 Ports and External Connectors Port Name Connector Description Ethernet E1 and E2 LC SC ST 100FX multi single mode option card for fiber optic Ethernet capable devices or Networks Ethernet E3 and E4 RJ45 10 100 Mbps Ethernet port for connection to copper Ethernet capable devices Serial S1 thr...

Page 16: ...Port is down Flashing Data is passing through the port E1 E4 Ethernet Ports Green Port is connected to an active Ethernet device Off Port is down Flashing Data is passing through the port Console Green Connected to an active local terminal Off Not connected Flashing Data is passing through the port Alarm Off No power is applied to unit Red Reset state System is not loaded Orange System is being bo...

Page 17: ...th the Multinet4 RJ45 connectors are used on ports E3 and E4 for 10 100 BaseT connections to copper Ethernet capable devices 1 3 2 Fiber Optic The figure below defines the pinout of the Fiber connector used with the Multinet4 Fiber connectors are used on ports E1 and E2 for 100FX multi single mode for connections to fiber optic Ethernet capable devices or networks Table 1 6 RJ45 Pinout Pin Signal ...

Page 18: ...larm Port The figure below defines the pinout of the Phoenix 3 pin plug used with the alarm port on the Multinet4 Table 1 7 LC Pinout Port Signal Tx Transmit Rx Receive Table 1 8 DB9 Pinout Pin Name Dir Description 1 DCD In Data Carrier Detect from DCE 2 RXD In Receive Data from DCE 3 TXD Out Transmit Data to DCE 4 DTR Out Data Terminal Ready to DCE 5 GND Pwr Signal Ground 6 DSR In Data Set Ready ...

Page 19: ...er is required to connect disconnect serial cables to from the Phoenix 6 pin connector Serial ports can be configured as RS232 or RS485 interfaces Make sure to configure the correct interface standard before connecting to the device Improper setup can result in damage to the unit Pin Signal 1 NC1 normally closed 1 2 COM1 common 1 3 NO1 normally opened 1 Table 1 9 Phoenix 6 pin Pinout Pin RS232 RS4...

Page 20: ...utomation applications such as Supervisory Control and Data Acquisition SCADA systems They support a wide range of communications interfaces used by industrial devices enabling multiple generations of remote devices and support systems to be consolidated onto a single integrated network infrastructure The Multinet4 also operates effectively in extremely harsh environmental conditions such as those...

Page 21: ... OR 4 10 100 BaseT RJ45 Auto Negotiation and Auto MDIX 4 programmable RS232 485 serial ports Power Options High 90 250 VAC or VDC Low 24 48 VDC Mounting Options Panel DIN rail 19 rack 19 rack reverse Table 1 11 Software Features Summary Feature Details Serial Port Management Up to 16 serial profiles Serial data statistics RS 232 Full Half RS 485 Full Half supported via software selection Data rate...

Page 22: ...compliant Learning Bridge Rapid Spanning Tree Protocol RSTP STP RSTP VLANs Up to 16 different VLANs Tagged and untagged operation VLAN security tag based filtering Optional egress tag stripping QoS Flexible flow based DiffServ marking for all routed packets Configurable mapping of DiffServ marking to 802 1p priority tag for all routed packets 4 Level priority queuing for Ethernet switching based o...

Page 23: ...3 SNTP servers can be specified for redundancy Event Logging Flexible logging options Log files stored in flash file system SYSLOG capability Up to 5 remote collectors may be specified SNMP v1 v2c v3 Agent Supports User based Security Model USM when v3 is enabled MIB II and SNMPv2 Traps Up to 4 remote management trap destinations may be specified Proprietary Enterprise MIB Modbus TCP Modbus TCP to...

Page 24: ...1 16 MULTINET4 MULTI PORT SERIAL SERVER MANAGED SWITCH INSTRUCTION MANUAL OVERVIEW CHAPTER 1 OVERVIEW ...

Page 25: ...system you are using you will need the following tools Two screw drivers one phillips head and one slot A torque wrench rated for ten and 32 inch pounds or 1 1 Nm and 3 6 Nm A wrench to connect a ground wire from the device chassis to a ground The instructions in this chapter cover only the physical installation System configuration is handled through a web based interface and is described in Chap...

Page 26: ...follows DO NOT LOOK INTO A FIBER OPTIC CABLE OR PORT These can produce invisible light that may do serious eye damage Always assume that fiber optic cables or ports are actively radiating light energy Fiber The fiber cables connected to the Multinet4 must be non dispersion shifted single mode SM or multi mode MM fiber cables defined by the Telcordia Technologies General Recommendation 20 CORE stan...

Page 27: ... in 2 4 2 2 Cleaning Optical Ports if contaminants or degraded performance are noted on the interface Fiber optic connectors should be cleaned after each use and optical ports should be cleaned if you notice contamination or degraded performance Fiber optic cables and connectors are fragile and can be easily broken through rough handling When handling fiber optic media take the following precautio...

Page 28: ...iate mounting brackets 19 rail or DIN rail or panel with screws Document CD ROM Console Cable DB9 terminations 10 long Ethernet cable RJ45 terminations 10 long Be sure that all the equipment you have ordered is included in the shipment Remove the unit from the styrofoam end caps and inspect the Multinet4 chassis for dents or other shipping related damage Report any damage immediately to GE Multili...

Page 29: ...hould be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on overcurrent protection and supply wiring Appropriate consideration of equipment nameplate ratings should be used when addressing this concern 5 Reliable Earthing Reliable earthing of rack mounted equipment should be maintained Particular attention should be given to...

Page 30: ...a 19 inch rail system attach with two screws to the screw holes located toward the front of the Multinet4 You can adjust the depth of the device within the mounting system to four positions By your selection of which pair of screw holes on the short side of the bracket that is the side that attaches to the Multinet4 to use By setting the long side of the bracket that is the side that attaches to t...

Page 31: ...URE 2 3 19 Rail Conventional Mounting Dimensional Drawing 2 3 1 4 Mounting in a 19 Rail System Reverse Mounting The brackets provided for reverse mounting have an opening in their forward projecting parts to accommodate the power cable CONSOLE ALARM S1 S2 S3 S4 E1 E2 E3 E4 18 9in 48cm 9 4in 23 9cm 4 75in 12 07cm 4 75in 12 07cm 1 7in 4 32cm 1 25in 3 18cm 18 2in 46 2cm ...

Page 32: ...he brackets for mounting on a panel attach with two screws to the screw holes located toward the rear of the Multinet4 You can adjust the distance of the Multinet4 from the panel to two positions by your selection of which pair of screw holes to use in attaching the bracket to the Multinet4 18 9in 48cm 9 4in 23 9cm 4 75in 12 07cm 4 75in 12 07cm 1 7in 4 32cm 1 25in 3 18cm 18 2in 46 2cm 24 48V 1 3A ...

Page 33: ...ORT SERIAL SERVER MANAGED SWITCH INSTRUCTION MANUAL 2 9 FIGURE 2 6 Panel Mounting brackets FIGURE 2 7 Panel Mounting Dimensional Drawing 12 7in 32 26cm 11 1in 28 2cm 9 4in 23 88cm 8 8in 22 35cm 5 48in 13 9cm 0 5in 1 27cm 0 5in 1 27cm 1 65in 4 2cm 0 85in 2 16cm ...

Page 34: ...top of the rail Then while depressing the spring loaded release mechanism as illustrated in the figure below press the Multinet4 flush against the DIN rail and remove the screwdriver to allow the release mechanism to close Check to make sure that the top and bottom prongs on the bracket are securely attached to the DIN rail When the Multinet4 is fastened into the DIN rail system it can be released...

Page 35: ...or to connecting facility power to the Multinet4 The ground provides a protective circuit connection to ground in cases of transients and power surges Connect the facility power to a DC or AC unit as described in the following sections 2 3 2 1 Making the Ground and Power Connections The Multinet4 provides a hardened DC or AC power supply for industrial applications and or hostile environments The ...

Page 36: ...Making the Power Connection The power wires should be 14 AWG terminated with a 6 ring lug Smaller wires may be used down to 18 AWG but verify that they meet your local electrical requirements Connect the power to the unit as follows ELECTRICAL WARNING Ensure that power is disconnected from wiring prior to handling Check the voltage rating next to the power connector verify that it matches the powe...

Page 37: ...onnection separately 2 3 4 1 Connecting Serial Cables This procedure assumes that one end of the Serial device cable is already attached to the end unit Be aware of the serial port numbering scheme when installing the cables see see section1 3 Pinouts The ports are configured in software later on and if a device is accidentally connected to the wrong port it will be difficult to detect Connect cab...

Page 38: ...e is the same for both unshielded and shielded twisted pair cables Z Using standard twisted pair media insert either end of the cable with an RJ45 plug into the RJ45 connector of the port Even though the connector is shielded either unshielded or shielded cables may be used Z Connect the other end of the cable to the corresponding device Z Use the LINK LED to ensure connectivity by noting that the...

Page 39: ...nnectors When connecting fiber media to SC LC connectors simply snap the two square male connectors into the module s SC LC female jacks until the click and secure 2 3 4 5 Connecting Single mode Fiber Optics When using single mode fiber cable be sure to use single mode fiber port connectors Single mode figer cable has a smaller diameter than multi mode fiber cable 9 125 microns for single mode ver...

Page 40: ...rst been turned off Failure to shut power off prior to removing the power connections could expose you to dangerous voltages causing injury or death Follow the procedure below to disconnect the power and ground lines Z Verify that power to the Multinet4 is turned off Z Use a screw driver to loosen the two screws that tighten the wire clamps in the non polarized power connector Z Remove the wires f...

Page 41: ...t GE Multilin has no responsibility for the product during return shipping 2 4 2 Cleaning Fiber Optic Devices This section covers the cleaning requirements and procedures for the fiber optic cable connectors and the optical ports on the Multinet4 Clean the connectors after each use and the optical ports when contamination is suspected or there is a performance degradation which may be attributable...

Page 42: ...ector from the optical port and clean the connector as described in Cleaning Connectors above Z Insert the extension tube supplied with the canned air into the canned air nozzle and blow out the optical port Use care not to touch the bottom of the optical port Z Reconnect the fiber optic connector removed in step 1 If degraded performance persists perform the following additional steps Z Remove th...

Page 43: ...ault IP address with another that places your PC and the Multinet4 on the same subnet You can then access the Multinet4 s supervisory software and begin to configure your system 2 5 1 Configuring a New IP Address The Multinet4 Serial Port Server Managed Switch is delivered with a default IP address 192 168 1 2 The user must change this address to one that is valid on the user s network The Multine...

Page 44: ...ANAGED SWITCH INSTRUCTION MANUAL GETTING STARTED CHAPTER 2 GETTING STARTED 4 Click Save to configure the new IP address information to the Multinet4 wait until the new IP address is read back and showing in the IP Address field as shown below ...

Page 45: ...T SERIAL SERVER MANAGED SWITCH INSTRUCTION MANUAL 2 21 5 Click Read Order Code to connect the Multinet4 to read the Order Code and firmware Version The information will display if the new IP address has been configured successfully 6 Click OK to exit Device Setup ...

Page 46: ...is the preferred method to manage and configure the system Its main window supports the following primary display components 1 Title bar which shows the pathname of the active data bar 2 Main window tool bar 3 Site list control bar window 4 Setting list control bar window 5 Device data view windows with common tool bar 6 Workspace area with data view tabs 7 Status Bar 8 Communication status indica...

Page 47: ...anced Setting Administrator Interface enables you to view and edit system parameters through the embedded web browser 2 7 1 Logging in for the First Time For the first time logging the secure site will issue the certificate check shown below FIGURE 2 12 Security certificate Once you click Yes on the security certificate the browser will prompt you to login FIGURE 2 13 Login Screen ...

Page 48: ...as long as its unique and less than 24 characters e g WEB_CERT_2008 Algorithm Recommend changing this to SHA Number of Days Valid 180 is default this can be more or less but remember that once the certificate is invalid IE will start harassing you again Serial Number Leave Blank Subject Country Enter the two letter ISO 3166 country code e g US Subject State Locality Organization and Organization U...

Page 49: ...on 21 Press the Finish button A warning dialog will pop up asking if you really want to install the certificate 22 Click Yes A popup will alert you that The import was successful 23 Click OK 24 Close the Certificate dialog by clicking OK 25 Exit IE 7 26 Re open IE 7 and surf back to the Multinet4 server 27 Log in The warning message will no longer appear until your certificate expires 2 7 2 Admini...

Page 50: ...nterface Navigation Area Global Area Interaction Area Table 2 1 The Administrator Interface Area Name Area Function Navigation The Navigation area contains a menu tree that can be expanded or collapsed to show all of the available interaction screens Clicking on a leaf of the menu tree brings up the corresponding screen in the Interaction area ...

Page 51: ...box to enable you to delete the contents of a row in the table Buttons labeled clickable areas of the screen Clicking a button performs the action described in its label Most screens include buttons labeled Apply Settings to save any changes you have made and Reset Settings to undo any changes you have made that have not yet been applied Interaction The Interaction area contains an HTML form where...

Page 52: ... Global Settings Configure mode and frequency of time synchronization SNTP Servers Designate servers that will provide the correct time SNMP SNMP Global Settings Configure network management enable SNMP agent control MIB access SNMP Management Stations Specify address es of station s to query SNMP agents SNMP Trap Stations Specify address es of station s to receive SNMP traps SNMP Users Manage use...

Page 53: ... Ports Status Check capabilities and operational status of each Ethernet port Ports Summary Statistics View basic performance statistics for each Ethernet port Ports Extended Statistics View detailed performance statistics for each Ethernet port Ports Mirroring Forward packets from one port on a Multinet4 to another for analysis Ports Rate Limits Specify limits on the throughput of certain types o...

Page 54: ...f configured terminal server channels Terminal Server Connections Check status of currently active TCP IP connections Modbus Modbus Global Settings Enable Disable Modbus management Modbus Fixed Mappings configure fixed mappings between serial ports and TCP port numbers Modbus Local Masters Configure a Modbus local master Modbus Local Slaves Configure a Modbus local slave Modbus Remote Slaves Confi...

Page 55: ...es Ethernet Port Configure conditions for a security lockout on an Ethernet port Serial SSL Configure Secure Sockets Layer for a serial port Web Server Configure HTTP or SSL preference and SSL key CLI Configure SSH security on the command line interface RADIUS RADIUS Global Settings Configure remote authentication RADIUS Servers Configuration authentication servers Wizards The Certificate Creation...

Page 56: ...2 32 MULTINET4 MULTI PORT SERIAL SERVER MANAGED SWITCH INSTRUCTION MANUAL GETTING STARTED CHAPTER 2 GETTING STARTED ...

Page 57: ...etting 3 1 PC Requirements The following requirements must be met to ensure correct operation of the EnerVista MultiNet4 setup software Pentium class or higher processor Pentium II 300 MHz or higher recommended Support Windows 2000 Windows XP and Windows Vista Internet Explorer 4 0 or higher 128 MB of RAM 256 MB recommended 40 MB of available hard drive space 100 MB recommended Video capable of di...

Page 58: ...he Install Now button and follow the installation instructions to install the no charge EnerVista Multinet4 Setup software 3 Select the complete path including the new directory name where the EnerVista Multinet4 Setup will be installed 4 Click on Next to begin the installation The files will be installed in the directory indicated and the installation program will automatically create icons and a...

Page 59: ...on details To setup the Multinet4 for Ethernet communications it will be necessary to define a Site and then add the Multinet4 as a Device at that site 1 Launch the EnerVista Multinet4 Setup Program from the PC 2 Click the Device Setup button to open the Device Setup window and then click the Add Site button to define a new site 3 Enter the desired site name in the Site Name field If desired a sho...

Page 60: ...d the current IP Address in the IP Address field 9 New IP address information can be configured at this setup as well Specify the new IP address Subnet mask and Gateway in the Network Setting frame and then click Save 10 Click the Read Order Code button to connect to the Multinet4 device and upload the order code If a communications error occurs ensure that the IP address correspond to the Multine...

Page 61: ...saving settings to switch from Online configuration screens while saving settings from offline file to online switch using Write Settings File to Device while reading settings from online switch to offline file using Read Device Settings firmware upload and Configure I P features 12 Click OK when the Multinet4 order code has been received The new device will be added to the Site List window or Onl...

Page 62: ...ess assigned to the Multinet4 then click Connect 3 When Quick Connect device is added it gets added under already existing first site If no site exists then a new site Quick Connect Site will be created and Quick Connect Device gets added under Quick Connect Site Expand the sections to view data directly from the Multinet4 device 4 Each time the EnerVista Multinet4 Setup software is initialized cl...

Page 63: ...ill open by clicking the Ethernet under Setting Ports as shown below 3 The Ethernet window will open with a status indicator on the lower left of the EnerVista Multinet4 Setup window 4 If the status indicator is red verify that the Ethernet network cable is properly connected to the Ethernet port of the Multinet4 and that the IP address on both sides has been properly setup for communications step...

Page 64: ... state for each Ethernet ports can be configured on this screen 4 Make sure to click the Save button to make the change permanently Note Please refer to Chapter 4 in this manual for advanced setting for Ethernet Ports Serial Port Setting 1 Serial port setting window will open by clicking the Serial under Setting Ports as shown below 2 The serial interface type and COM setting such as Baud Rate Dat...

Page 65: ... MULTINET4 SETUP SOFTWARE ENERVISTA MULTINET4 SETUP SOFTWARE MULTINET4 MULTI PORT SERIAL SERVER MANAGED SWITCH INSTRUCTION MANUAL 3 9 Note Please refer to Chapter 4 in this manual for the advanced setting for Serial Ports ...

Page 66: ...user to login the web interface of Multinet4 by clicking the Advance Setting through the Site List tree 1 An embedded web browser window will open with a status indicator 2 The Multinet4 Web Management Logon screen will appear as shown below 3 Login with username manager password manager Note Please refer to Chapter 4 in this manual for more information about using the Advanced Setting Administrat...

Page 67: ...intenance through the Site List tree as shown below 2 An Open File window will open to allow the user to browse and choose the new firmware binary file 3 Choose the desired file and then click the Open button to continue 4 The uploading status is showing with the progress bar on the bottom of the main window 5 Wait until this process complete and then click the Quick Connect to refresh the firmwar...

Page 68: ... Settings File Properties Duplicate Settings File Settings files are organized on the basis of file names assigned by the user A settings file contains data pertaining to the following types of Multinet4 settings Device definition Settings Note Please refer to the EnerVista Multinet4 Setup Help File for more information about the use of Off Line Feature 3 9 1 Reading Device Settings The EnerVista ...

Page 69: ...be created or an existing settings file must be selected from the Settings List tree directory To Write a Settings File to a Device Z Choose a desired settings file from the Setting List directory under Offline windows Z Select Write Settings to Device either from the menu of main window or right click Mouse on the desired settings file in the Off Line Window Z Select Write Settings to Device from...

Page 70: ... serial cable See your Installation Guide for details Z Click the Configure IP under the Communication menu a pop up window will appear Z Choose the correct COM port of your PC that you use to connect to the console port on the Multinet4 Z Press the Connect button to read the original IP information of the Multinet4 device The original IP address subnet mask and gateway will appear on correspondin...

Page 71: ...3 The Administrator Interface Navigation Tree 4 1 Virtual Front Panel The Virtual Front Panel is displayed when you log on to Multinet4 This screen provides an animated pseudo real time view of the device s ports and LEDs The status of the ports and LEDs is updated once per second The table locates beneath the graphical depiction of the front panel provides a summary of information related to iden...

Page 72: ...n the System Status screen both shown below 4 2 2 System Information This screen enables you to view and edit information that identifies the system under management FIGURE 4 1 Administration System Information The table below describes the information that can be entered in the fields of the System Information screen Each field can contain up to 256 printable ASCII characters Table 4 1 System Inf...

Page 73: ...del number and current software version Upgrade State The current software upgrade state IP Address The system IP address This may be changed from the 4 6 1 Settings screen MAC Address The System MAC Address This address is defined at the factory You cannot change this address All packets sourced from the management and terminal server functions use this MAC address as the Ethernet Source Address ...

Page 74: ...ltinet4 has an onboard RTC with a full battery backup The RTC will preserve the current time and date for the life of the battery Table 4 2 System Status Field Name Field Value System Memory Utilization The percentage of dynamic system memory currently in use Ethernet CPU Buffer Utilization The software maintains a fixed size queue of buffers for received ethernet frames This parameter is the perc...

Page 75: ...eachable the system time and date will be refreshed from the server upon power up 4 2 4 2 Time Zone and DST This screen enables you to specify the standard time for your location as an offset from Universal Coordinated Time UTC and to specify the part of the year during which Daylight Savings Time DST will be in effect FIGURE 4 4 Administration Time Zone and DST ...

Page 76: ... time and date were to come up in an undefined state it is likely that the VPN authentication would fail because the system s time and date would not match the valid dates on the VPN peer certificate The system would then not be able to access the NTP server and would be permanently cut off Table 4 4 Time Zone and DST Field Name Field Value Standard Time UTC Your offset from the UTC Value is in ho...

Page 77: ...ameter that you can set in the Time Persistence screen 4 2 5 SNTP The SNTP Simple Network Time Protocol screens enable you to maintain the correct time on your system by specifying and configuring SNTP servers 4 2 5 1 SNTP Global Settings This screen enables you to configure Simple Network Time Protocol SNTP functionality to obtain the correct time from an SNTP server FIGURE 4 6 Administration SNT...

Page 78: ...5 2 SNTP Servers This screen allows you to add and delete SNTP servers FIGURE 4 7 Administration SNTP Servers Table 4 6 SNTP Global Settings Field Name Field Value Mode Indicates if and how the SNTP client should be used to set the system s time and date information This parameter takes one of the following values Active system time and date information is taken from a configured SNTP server Passi...

Page 79: ...P Global Settings The SNMP Global Settings screen enables you to set up the system s SNMP V1 V2 or V3 agent FIGURE 4 8 Administration SNMP Global Settings Table 4 7 SNTP Servers Field Name Field Value Add Server Form Server IP Enter the IP address of an SNTP server to be accessed Click Apply Settings to add this server to the Existing SNTP Servers Table Up to 3 servers may be added If a server is ...

Page 80: ... Enabled agent sends traps to the configured trap stations Default value Disabled Read Community String An arbitrary text string of up to 15 printable ASCII characters The community string sent by the SNMP client must match this text for the MIB to be accessible for reading Write Community String An arbitrary text string of up to 15 printable ASCII characters The community string sent by the SNMP ...

Page 81: ...ement Stations screen Engine Boots The number of times the system has booted since the current engine ID was set Engine Time The number of seconds elapsed since the engine ID was changed or the system booted whichever occurred most recently Table 4 9 SNMP Management Stations Field Name Field Value Add Station Form IP Address Enter the IP address of a management station that are allowed to query th...

Page 82: ...ation SNMP Trap Stations The table below describes the parameters you can view and edit in the SNMP Trap Stations screen Existing Stations Table IP Address This table lists the IP addresses of management stations that have been configured in the system Delete Set the Delete checkbox in a row and click Apply Settings to delete that management station Table 4 10 SNMP Trap Stations Field Name Field V...

Page 83: ...sent with security mode and auth priv passwords of that user For v2 mode this is the trap community string for the trap destination Delete Set the Delete checkbox in a row and click Apply Settings to delete that trap station Table 4 10 SNMP Trap Stations Field Name Field Value Table 4 11 SNMP Users Field Name Field Value User Name A unique security name for an SNMP user Security Mode level of secu...

Page 84: ...password length is 8 to 40 characters Retype Password Re type the authentication password to confirm it Privacy Password Enter a password to be used for generating the encryption keys Allowed password length is 8 to 40 characters Retype Password Re type the privacy password to confirm it Delete Set the Delete checkbox in a row and click Apply Settings to delete that user Table 4 11 SNMP Users Fiel...

Page 85: ...T SERIAL SERVER MANAGED SWITCH INSTRUCTION MANUAL 4 15 4 2 6 5 SNMP Statistics This screen below allows you to view detailed SNMP performance statistics FIGURE 4 12 Administration SNMP Statistics The table below describes the values you can view in the SNMP Statistics screen ...

Page 86: ...raps The value of this object overrides any configuration information thus it provides a means whereby all authentication failure traps may be disabled Out Packets The total number of SNMP Messages which were passed from the SNMP protocol entity to the transport service In Bad Types The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error ...

Page 87: ...ts The total number of SNMP Get Request PDUs which have been generated by the SNMP protocol entity In Get Nexts The total number of SNMP Get Next PDUs which have been accepted and processed by the SNMP protocol entity Out Get Nexts The total number of SNMP Get Next PDUs which have been generated by the SNMP protocol entity In Set Requests The total number of SNMP Set Request PDUs which have been a...

Page 88: ...s received by the SNMP engine which were dropped because they referenced a securityModel that was not known to or supported by the SNMP engine Invalid Messages The total number of packets received by the SNM engine which were dropped because there were invalid or inconsistent components in the SNMP message for example noauth priv Multinet4 allows noauth nopriv auth nopriv and auth priv but does no...

Page 89: ... In Time Windows The total number of packets received by the SNMP engine which were dropped because they appeared outside of the authoritative SNMP engine s window Unknown Usernames The total number of packets received by the SNMP engine which were dropped because they referenced a user that was not known to the SNMP engine Unknown Engine IDs The total number of packets received by the SNMP engine...

Page 90: ... a user is locked out A user is locked out by setting the Locked Out field in the user s account to Yes Valid range 1 5 Default value 5 Lockout Time The amount of time a user account spends in the suspended state after being locked out This parameter takes the following values 5 minutes default 30 minutes 1 hour Enforce Secure Passwords Setting this value to Yes forces password changes to comply t...

Page 91: ...d to change the password prior to accessing any other configuration screens Valid settings for this option are None 30 Days 60 Days 90 Days Default value None Existing accounts will start the password ageing on the login attempt after this change is made Inactive User Expiration Days Newly created accounts that are not part of the administration group can optionally expire logins that are inactive...

Page 92: ...e login name manager and password manager The Authentication Accounts screen is available only to the administrator The table below describes the parameters you can configure in creating a new account or editing an existing account Table 4 14 Authentication Accounts Field Name Field Value Add Edit User Account s Forms User ID A unique ID for a user This read only value is assigned by the system Lo...

Page 93: ... administrator Locked Out This flag also determines whether or not a user is allowed to log in to the system The Locked Out flag is set and cleared by the system based on the failed login attempts policy This flag may also be manually cleared by an administrator Unlike the Suspended flag it is not stored in non volatile memory and therefore its state does not persist across resets Password The pas...

Page 94: ...th name of a user definition file 2 Click Upload Uploading a new file will be successful if the following conditions are met 1 The uploaded file contains valid XML formatting consisting of Only one instance of the UserAccountTable tag Only one instance per tag in each UserAccountEntry Only one instance of each login 2 The number of users contained in the file does not exceed the maximum number of ...

Page 95: ...FIGURE 4 16 Administration Sessions Polices The table below describes the parameter you can configure in the Sessions Polices screen 4 2 8 2 Sessions Active Logins This screen enables you to view the active login sessions on the device FIGURE 4 17 Administration Sessions Active Logins Table 4 16 Sessions Policies Field Name Field Value Maximum Idle Time The amount of time a user session may be idl...

Page 96: ...Change Password The table below describes the parameters you can configure in the Change Password screen Table 4 17 Sessions Active Logins Field Name Field Value Session A unique identifier for a session Username The username that is logged in Client Host The IP address of the remote client Login Time The time at which the user logged in to the system Last Activity The last time the user was activ...

Page 97: ... button The system will reboot Z Reconnect your browser to the system and return immediately to the Administration Software Upgrade window Z Click the Finalize button Note Remember that a successful upgrade requires the clicking of three buttons Upload Upgrade and after a reboot Finalize Because some time passes while the system reboots and you reconnect your browser it is easy to overlook the thi...

Page 98: ...e finite state machine FIGURE 4 19 Software Upgrade State Machine Table 4 19 Upgrade States and User Actions Event Description New Software User copies a valid software image Reboot User reboots the system Upgrade User clicks Upgrade button Finalize User clicks Finalize button approving upgrade Fallback User clicks the Fallback button Next system reboot loads the Fallback image Retry User clicks t...

Page 99: ...n Table 4 20 Software Upgrade Field Name Field Value Install Form File To install a new software image 1 Browse to a file on you local system or enter the full path name of a configuration file 2 Click Upload The system checks to make sure that the uploaded software is valid for this hardware and that it appears to be a good image not corrupt If it is valid then 1 The filename is added to the Exis...

Page 100: ...e system See Table 4 21 Software Upgrade States Software Upgrade Table State This field reports the state of the upgrade process Button The buttons displayed below the State field enable you to initiate a change in the state of the software upgrade The number and purpose of the buttons displayed depends on the state of the software Table 4 21 Software Upgrade States State Button INITIAL none READY...

Page 101: ...e with factory default values called config0 xml Subsequent configuration files will contain the administrator s saved settings FIGURE 4 21 Administration Configuration Files The table below describes the tasks you can perform in the Configuration Files screen Table 4 22 Configuration Files Field Name Field Value The Install Form File To install a configuration file 1 Browse to a file on you local...

Page 102: ...Gateway Set to the default gateway configured in the boot menu The Configurations Table Filename This column lists all configuration files present in the system Version This value identifies the software version that was running when the system wrote this configuration file Fallback Yes identifies the Fallback configuration file This file is used to save a copy of the configuration during initiali...

Page 103: ...M ADMINISTRATION SYSTEM ADMINISTRATION MULTINET4 MULTI PORT SERIAL SERVER MANAGED SWITCH INSTRUCTION MANUAL 4 33 FIGURE 4 22 Administration Configuration Defaults Z Click the Restore button to restore system defaults ...

Page 104: ...ITCH INSTRUCTION MANUAL SYSTEM ADMINISTRATION CHAPTER 4 SYSTEM ADMINISTRATION 4 2 12 System Reboot This Reboot screen enables you to shut down and restart the system FIGURE 4 23 Administration System Reboot Z Click the Reboot button to reset the system ...

Page 105: ...iption Login User loginname logged in A user with login name loginname logged into the system through the web interface Logout User loginname logged out A user with login name loginname logged out of the system through the web interface Maximum Users Maximum number of users reached The maximum number of user accounts has already been reached and an administrator has tried to add an additional user...

Page 106: ...d Suspended Account User loginname was suspended A user was suspended by an administrator Hacking Attempt Possible hacking attempt n failed login attempts in m minutes A number of unsuccessful logins have occurred within some time interval This pattern is recognized by the system and logged as a warning to administrators Ethernet Link Up Ethernet port Ex is up Link was detected on Ethernet port Ex...

Page 107: ...te host The remote host may have actively torn down the connection or the connection may have been flagged as dead due to lack of response to TCP keep alive messages Handshake Failed Serial port Sx reports that the host at ipaddr tcpport did not respond to the SSL handshake The terminal server channel for Serial port Sx is configured for SSL security During the authentication phase of the SSL hand...

Page 108: ...sible alerts include certificate expired certificate is not yet valid unknown ca See the SSL troubleshooting section Section 7 9 Troubleshooting Terminal Server SSL Connections for more information RADIUS Server Unreachable Unable to contact any of the configured RADIUS servers The system is configured to contact a RADIUS server to perform user authentication but none of the configured servers are...

Page 109: ...d The soft life time for the tunnel has expired The tunnel will re key the next time a packet is received that must go through the tunnel This is part of the normal operation of the tunnel Hard Life Time Expired The hard lfe time for the tunnel has expired The tunnel state will be deleted and must be re negotiated Link Loss Alert Link Loss Alert on port Ex The Link Loss Alert state machine trigger...

Page 110: ... are Enabled record events in the system log Disabled do not record events in the system log default Create New Log File Indicates how often a new log file should be started regardless of the size of the current file This parameter takes one of the following values Daily start a new log file at the beginning of each day default Weekly start a new log file at the beginning of each week Monthly star...

Page 111: ...an that of a correctly sized daily log file When choosing the amount of space to allocate for logs keep in mind that space should be allowed for system files to grow for example software images configuration files PEM files internal system files etc We suggest allocating a maximum of 2 MB for logs Note that if you do not set the Delete Old Files to Yes the default Multinet4 will stop creating log ...

Page 112: ...essages over an IP network to remote servers called event message collectors The syslog protocol is defined in RFC 3164 You enable syslog functionality with the 4 3 2 1 Syslog Global Settings screen described in Section 4 3 2 1 Syslog Global Settings You specify the IP addresses of the remote devices that will serve as syslog collectors in the 4 3 2 2 Syslog Collectors screen described in Section ...

Page 113: ...al Settings This screen enables you to enable syslog functionality FIGURE 4 26 Events Syslog Global Settings Table 4 24 Logs Global Settings describes the parameter you can configure in the Syslog Global Settings screen 4 3 2 2 Syslog Collectors This screen enables you to specify the IP addresses of up to five syslog collectors FIGURE 4 27 Events Syslog Collectors Table 4 26 Configure Syslog Field...

Page 114: ...reen Table 4 27 Syslog Collectors Field Name Field Value Add Collector Form Collector IP The IP address of the server to which syslog messages will be sent Existing Collector Table Collector IP This column lists the addresses of existing configured collectors The maximum number of collectors is 5 By default no collectors are configured Delete Set the Delete checkbox in a row and click Apply Settin...

Page 115: ...s screen enables you to configure the system s Ethernet ports FIGURE 4 28 Ethernet Ports Settings Table 4 28 Ethernet Ports Settings describes the fields you can view and edit in the Ports Settings form Table 4 28 Ethernet Ports Settings Field Name Field Value Port ID Uniquely identifies a physical labeled interface on the exterior of the product chassis The Port ID string should exactly match the...

Page 116: ...r 10 100T 10T Half 10 100BaseTX 10T Full 10 100BaseTX 100TX Half 10 100BaseTX 100TX Full 10 100BaseTX 100FX Full 100BaseFX default for 100FX Flow Control This parameter applies to full duplex ports only Flow control is optionally implemented using the 802 3x specification for PAUSE packets When congested the switch will send PAUSE packets to attached devices to request temporary suspension of tran...

Page 117: ...y of relays have redundant Ethernet ports that allow automatic switching to their secondary ports when they detect that the primary path is broken The Multinet4 can compensate for situations where only the switch receiver fiber cable is broken Upon detection of the broken receiver link the Multinet4 will cease sending link pulses through the relay s receive fiber cable thereby allowing the relay t...

Page 118: ...logical Ethernet port that corresponds to a physical labeled interface on the exterior of the product chassis Interface Type A READ ONLY field that indicates what interface is physically installed for the port specified in the Port ID column This parameter is based on the product model and can be one of the following 10 100BaseT 100BaseFX Speed A READ ONLY field that indicates the actual speed of ...

Page 119: ...viewable in the Summary Statistics screens Duplex A READ ONLY field that indicates the actual duplex of the communication channel If you selected a particular Media Type in the 4 4 1 1 Ports Settings screen the displayed duplex value will match that selection If you selected Auto this field will display the actual negotiated duplex value This parameter may take one of the following values Half Ful...

Page 120: ...Packets The total number of packets including bad packets broadcast packets and multicast packets received Rx Octets The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets Tx Packets The total number of packets including broadcast packets and multicast packets transmitted Tx Octets The total number of octets of data...

Page 121: ...tics Field Name Field Value Rx Octets The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets Rx Packets The total number of packets including bad packets broadcast packets and multicast packets received Rx Broadcast The total number of good packets received that were directed to the broadcast address Note that this ...

Page 122: ...al number of packets including bad packets received that were between 511 and 1023 octets in length inclusive excluding framing bits but including FCS octets Rx1023 to Max The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets Tx Octets The total number of octets of data transmitted on th...

Page 123: ... 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets Alignment Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a a bad FCS with a non integral number of octets Undersized The total number of packets received that were less than 64 octets long excl...

Page 124: ...nation port Discards The total number of valid frames that were discarded due to lack of buffer space Collisions The total number of collisions on this Ethernet segment Excessive The total number of frames not transmitted because the frame experienced too many transmission attempts and was discarded Single The total number of successfully transmitted frames that experienced exactly one collision M...

Page 125: ...re limited Rate limits are configured as pre defined values This screen enables you to view and edit the parameters that control port rate limits FIGURE 4 33 Ethernet Ports Rate Limits The table below describes the parameters available in the Ethernet Ports Rate Limits screen Table 4 32 Ports Mirroring Field Name Field Value Port ID Uniquely identifies a logical Ethernet port that corresponds to a...

Page 126: ...c This is an address that is added to the station cache when the bridge detects a new address from a packet s source address field The bridge stores this address along with the ID of the port on which it was received A learned address is maintained in the Table 4 33 Ethernet Ports Rate Limits Field Name Field Value Port ID Unique port identifier Ingress Limit Type This parameter can take one of fo...

Page 127: ...plied to MAC addresses learned by the bridge and enables you to edit that setting FIGURE 4 34 Ethernet Bridge Global Settings Table 4 34 Ethernet Bridge Global Settings describes the parameter you can configure in the Ethernet Bridge Global Settings screen 4 4 2 2 Bridge Static MACs The bridge station cache is a database that stores information about MAC addresses and their associated ports This s...

Page 128: ... are entered in their hexadecimal representation Each octet must be separated by a colon or a hyphen e g 01 02 03 04 05 06 or 01 02 03 04 05 06 Source Port Select a Source Port designation from the drop down menu Existing Static MAC Addresses Table Static Source Address Lists the static MAC addresses already recognized in the system Source Port Lists the source ports associated with static MAC add...

Page 129: ...tton You might want to purge these learned addresses if you make changes to the network that are completed before the configured aging interval In such a case it could be true that the cache record of a port station relationship could be incorrect from the time you complete your changes until the old information ages out with the expiration of the aging interval FIGURE 4 36 Ethernet Bridge Station...

Page 130: ...es the port associated with the address in the Source Address column Entry Type There are three entry types Static Entries that are set by the user These are not removed automatically Dynamic Entries that are learned by the bridge These are removed automatically from the cache if they are not refreshed in the aging interval The aging interval is specified in the 4 4 2 1 Bridge Global Settings scre...

Page 131: ...ridged LAN Valid range 0 65535 Default value 32768 Numerically lower values indicate higher priorities Hello Time The amount of time between the transmission of configuration BPDUs on any port Valid range 1 10 seconds Default value 2 seconds Forward Delay Controls how long the bridge waits after any state or topology change before forwarding the information to the network Valid range 4 30 seconds ...

Page 132: ...ntifies an Ethernet interface Mode The mode the switch will use on this port for RSTP operation This parameter can take one of the following values Legacy The port uses STP only Auto The port automatically determines the correct mode based on received BPDUs Edge The port uses RSTP and is connected to an end system where no loops are possible Point The port uses RSTP and is connected to another swi...

Page 133: ...Table 4 39 RSTP Bridge Status Field Name Field Value Bridge Status This parameter can take one of the following values Root Designated Not Designated Bridge ID The bridge identifier which consists of the bridge priority and the bridge address Root ID The bridge identifier of the root Root Port The Ethernet port that provides connectivity towards the root bridge for this network Root Path Cost The ...

Page 134: ...Delay The actual Forward Delay provided by the root bridge through configuration BPDUs The learned Forward Delay is used in all designated bridges Configured Maximum Age The locally configured Maximum Age Learned Maximum Age The actual Maximum Age provided by the root bridge through configuration BPDUs The learned Maximum Age is used in all designated bridges Topology Changes The total number of t...

Page 135: ...ate This parameter can take one of the following values Disabled Blocking Forwarding Learning Listening Role This parameter can take one of the following values Root Designated Backup Alternate Cost The cost metric associated with this port This is automatically determined based on the speed of the interface and the configured cost style 32 bit or 16 bit Rx CFGs The number of STP configuration BPD...

Page 136: ...is screen enables you to add and delete up to 16 VLAN IDs VIDs It also serves to show a summary of the VLAN configuration FIGURE 4 41 Ethernet VLAN VIDs Table 4 41 VLANs Global Settings Field Name Field Value Mode Indicates whether or not the switch is VLAN aware Enabled perform ethernet switching based on VLAN tags and configured port membership Disabled ignore VLAN tags and port memberships when...

Page 137: ...le characters Existing VLANs Table VID A unique numerical identifier assigned to this VLAN Valid range 1 4094 VLAN Name An administratively assigned name You can modify this name in the Existing VLANs table The change will take effect when you click Apply Settings Tagged Ports Lists the Ethernet ports that have Tagged set to Yes and are members of this VLAN The Tagged parameter is set in the 4 4 4...

Page 138: ...PVID When a port receives a tagged frame on an access port the frame is discarded unless its VID matches the port s PVID When a port receives a priority tagged frame the tag s VID is set to the port s PVID Default value 1 Mode This is the port type with respect to VLAN operation An access port is typically connected to an end station and supports a single VLAN When a port is set to Access mode the...

Page 139: ...e No Prohibited VLANs This is a list of VLANs to prohibit from a Trunk port By default this field is blank and the port allows all configured VLANs By setting the Prohibited VLANs list the user can filter certain VLANs on the trunk The Trunk s PVID is not allowed in the Prohibited VLANs list for the port This field is disabled when the port mode is set to Access Enter the VID numbers of prohibited...

Page 140: ...tton and the profile is added to the Edit Existing Profiles table The Edit Existing Profiles table enables you to change one or more of the parameters in a profile Each profile entry has a checkbox in the Delete column You can delete one or more profiles by checking the appropriate box and pressing the Apply Settings button You can make any number of changes to the table however none of these chan...

Page 141: ...you assign a profile to a port in the 4 5 1 2 Ports Settings screen you select this name in the Profile drop down box Interface Standard The physical interface standard used by the port This parameter may take one of three values RS 232 RTS always asserted RS 232 Half RTS asserted only when transmitting RS 485 2 wire half duplex operation RS 485 4 wire full duplex operation Default value RS 232 WA...

Page 142: ... 115200 Default value 9600 Data Bits The total number of bits in a character This parameter may take one of the following values 7 8 Default value 8 Stop Bits The duration of the MARK condition on the line after character transmission is complete This parameter may take one of the following values 1 1 5 2 Default value 1 Parity This parameter may take one of the following values None Even Odd Defa...

Page 143: ...t Char This parameter defines a special character in the data stream that forces a packetization event This parameter may take any value from 0 to 255 If this parameter is set to the label None packetization will not occur based on a received character Default value None Pkt Time ms This parameter defines a timeout value in milliseconds If an additional character is not received before the timer e...

Page 144: ...ime ms This parameter defines a turnaround time for the serial port The turnaround time is an enforced minimum delay between received network packets that are sent out the serial port The purpose of the minimum delay is to give legacy RTUs a chance to recover from the previous packet reception Default value 0 off Delete Set the Delete checkbox in a row in the Edit Existing Profiles table and click...

Page 145: ... to this port The assigned profile defines all of the communication parameters associated with this serial port The default value is the default factory profile Default Profiles are set in the 4 5 1 1 Ports Profiles screen Admin Status The desired status of the port This parameter is used to enable or disable the port This parameter can take the following values Enabled Port is UP Disabled Port is...

Page 146: ...and view your TCP IP connections 4 5 2 1 Terminal Server Channel Settings This screen enables you to configure the terminal server channel settings For more on terminal server applications see section 7 1 What is a Terminal Server Breaks The number of times a break was detected in the middle of receiving a character A break is detected when an all zero character with no stop bit is received Parity...

Page 147: ...rm is used to add new Terminal Server channels and to modify parameters for channels that have already been added to the system Each channel has the capability to make a single outgoing connection and accept multiple incoming connections By default a single channel exists for each serial port Table 4 44 Ports Profiles shown above describes the parameters in the Terminal Server Channel Settings scr...

Page 148: ...e This parameter takes one of the following values Raw Provides a transparent pipe for serial data Telnet Enables basic Telnet negotiation and control character processing ECHO and BINARY modes supported Default value Raw Priority DiffServ Each IP packet generated on this port will be assigned a DiffServ Code Point DSCP based on the priority set by the user The priorities are Default Best Effort S...

Page 149: ...0 0 Remote TCP The remote TCP port to which the client attempts to connect This parameter may be set to any value between 0 and 65535 Default value 0 Max Conn The maximum number of incoming TCP connections to accept for this serial port This parameter may be set to a value ranging from 1 to 10 Default value 5 Retry Time The number of seconds the client waits for a connection to succeed before timi...

Page 150: ...Server Channels Status The Terminal Server Channel Status screen is similar to the 4 5 2 1 Terminal Server Channel Settings screen However it displays two types of information not included in the Terminal Server screen the state of each channel and the number of established connections These two fields are explained in the table below For explanations of the other fields in the Services Channels s...

Page 151: ... a passive server and is waiting for incoming connection requests Refusing The channel is acting as a passive server and is actively refusing new connections because it has reached the maximum number of connections for the channel Waiting The channel is acting as an active client and is waiting for the re try timer to expire After the timer expires the channel will attempt again to establish the c...

Page 152: ...ed as follows Table 4 49 Terminal Server Connections Field Name Field Value Port ID A unique identifier for this serial port Connection Type Indicates whether or not the connection is encrypted and if so which cipher is being used Session Type This parameter can take one of the following values Raw Provides a transparent pipe for serial data Telnet Enables basic Telnet negotiation and control char...

Page 153: ...eld Value Port ID Identifier of the serial port to which the device is connected Protocol Variant Specifies the protocol variant spoken by the device RTU messages are binary encoded with CRC and begin with a silent interval of 3 5 character times Default ASCII messages are ASCII encoded with LRC and begin with a character and end with a CRLF sequence Priority DiffServ Each IP packet generated by t...

Page 154: ...s Local Masters screen TCP Port The TCP port upon which this serial port can be accessed Be sure to disable the fixed mapping before swapping ports State Whether or not the fixed mapped TCP port is enabled Table 4 50 Modbus Local Masters Field Name Field Value Port ID A unique identifier for the serial port to which the device is connected Protocol Variant Specify a serial transmission mode Valid ...

Page 155: ...be assigned a DiffServ Code Point DSCP based on the priority set by the user The priorities are Default Best Effort Service DSCP 0 This is normal queuing Expedited Expedited Forwarding DSCP 0x2E RFC2598 This will also result in data from this port having a higher priority on WAN ports Exception Support Specify whether or not the attached master understands Modbus exception messages In some cases M...

Page 156: ...with LRC and begin with a character and end with a CRLF sequence Default value RTU Priority DiffServ Each IP packet generated by this device will be assigned a DiffServ Code Point DSCP based on the priority set by the user The priorities are Default Best Effort Service DSCP 0 This is normal queuing Expedited Expedited Forwarding DSCP 0x2E RFC2598 This will also result in data from this port having...

Page 157: ...e TCP connection for this device is torn down if the idle time time between messages exceeds the value specified here This parameter allows multiple successive requests to the same remote device to re use a single TCP connection thereby reducing latency As a special case if this value is set to 0 a TCP connection is immediately made to the remote that is the client does not wait for a request and ...

Page 158: ...en Table 4 53 Modbus Connections Field Name Field Value Connection Mode Indicates whether this connection was established in client or server mode Local Address The IP address of the local Modbus TCP client server Local Port The TCP port of the local Modbus TCP client server Remote Address The IP address of the remote Modbus TCP client server Remote Port The TCP port of the remote Modbus TCP clien...

Page 159: ...rameters are defined as follows 4 6 2 ARP Table The screen enables you to view and flush the Address Resolution Protocol ARP table FIGURE 4 54 IP ARP Table Table 4 54 Field Name Field Value Management VLAN The VLAN associated with the configured system IP address By default the Management VLAN is set to the Default VLAN VID 1 Address The IP address assigned to the system Subnet Mask The subnet mas...

Page 160: ...on to clear the table This forces the software to re execute an ARP for all hosts The table below describes the fields displayed in the Routing ARP Table screen Table 4 55 Routing ARP Table Field Name Field Value IP Address The IP address associated with the MAC address in this row MAC Address The MAC address associated with the IP address in this row IP Interface The IP interface upon which the h...

Page 161: ...asks that you can perform using the screens of the QoS branch 4 7 0 1 DiffServ This screen is used to define DiffServ Code Points DSCPs and assign each code point to a priority queue The priority mapping applies to all IP packets transmitted by the system regardless of whether they were generated by Multinet4 routed or bridged If a packet is received that has a DSCP marking that is not defined in ...

Page 162: ... are 0 63 Priority The queuing priority of a packet tagged with this DSCP 802 1p Marking When an IP packet is generated by Multinet4 it is assigned a DSCP by default Best Effort 0x00 is used The packet may optionally be assigned an 802 1p priority based on the DSCP as specified by this field This field can take the value 0 7 or the special value None meaning that no mapping between DSCP and 802 1p...

Page 163: ...igns a priority to an incoming frame It maps a Port ID to one of the four available switch priority queues All Ethernet frames incoming on a specified port will have the priority assigned to that port FIGURE 4 57 QoS Ethernet Port Table 4 57 QoS 802 1p Field Name Field Value Ingress 802 1p Tag Ethernet priority Priority Priority queue assignment The defaults are as follows Priority 1 802 1p 6 and ...

Page 164: ...d DiffServ marking is applied This marking overrides any markings created by specific applications such as the terminal server FIGURE 4 58 QoS IP Flows Table 4 58 QoS Ethernet Port Field Name Field Value Port ID Ethernet port ID PriorityAssignment Rule A rule for assigning the priority of packets that are received by the specified port Default always use the default priority for the port Default D...

Page 165: ...nk and the destination address field is not blank then only one destination address matches the flow Protocol dir This parameter takes one of seven values which determine the meaning of the TCP or UDP Ports or ICMP Types TCP dest TCP destination ports in the flow TCP source TCP source ports in the flow UDP dest UDP destination ports in the flow UDP source UDP source ports in the flow ICMP type ICM...

Page 166: ...upload SSL keys and certificates in PEM format to the system and to view and delete installed files You can assign a certificate file to a serial port or the embedded web server as part of the procedure for configuring Secure Sockets Layer SSL See the 4 8 3 Serial SSL screen 4 8 1 1 Certificates Local This screen enables you to upload X 509 certificates in PEM format to the system and to view and ...

Page 167: ...herefore the installed keys will not change if a new configuration file is selected or the system configuration is reset to default values FIGURE 4 60 Security Certificates Trusted Table 4 60 Certificates Local Field Name Field Value Install Form Browse for a PEM file on your local system and click Upload to copy the file to the system If the PEM file does not contain a valid RSA private key and m...

Page 168: ...and click Upload to copy the file to the system If the PEM file does not contain a valid self signed X 509 certificate the file is rejected Existing Local Certificates Table Certificate Name The names of previously installed PEM files that are classified as usable certificates All filenames are hypertext links Click the link to display the contents of the file Trusted Indicate whether or not you t...

Page 169: ...type of security to enable on the port None default Address This port will be locked out if a frame is received with a Source Address other than one of the authorized MACs for this port either a configured static MAC or a learned authorized MAC A learned authorized MAC is the first dynamic MAC address learned on the port after address based port security is enabled for the port A port that is lock...

Page 170: ...RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA In addition the following groups which are combinations of the standard cipher suites may be specified ANY any supported cipher suite ANY_STRONG any supported cipher suite with at least 128 bit keys ANY_STRONG_S...

Page 171: ...b Server The table below specifies the values you can view and edit in the Security Web Server screen Table 4 64 Web Server Field Name Field Value Mode Indicates if the server accepts non secure HTTP requests This parameter takes the following values Allow HTTP The server accepts requests on port 80 http or on port 443 https SSL Only The server will only allow connections over SSL Any requests sen...

Page 172: ...yption to support on the server This parameter takes the following values ANY RC4 3DES AES128 or AES256 Default RC4 3DES AES128 AES256 Assigned Key This is the key file containing an RSA key and matching certificate used by the web server when running over SSL that is when a browser accesses the server through the https URL and or on port 443 When this parameter is set to Default a default certifi...

Page 173: ...GURE 4 65 Security RADIUS Global Settings Table 4 65 CLI Field Name Field Value CLI Mode Specify whether or not the server accepts non secure telnet connections This parameter takes the following values Allow Telnet The server accepts requests on port 23 Telnet or on port 22 SSH SSH Only The server will only allow connections over SSH If a client connects on port 23 that client is sent instruction...

Page 174: ... for authentication Default value 1812 Valid Range 0 65536 Challenge Type The protocol to be used when validating user credentials It can take the following values PAP Username password sent in the clear default CHAP Uses challenge and MD5 hash User Authentication Control This parameter determines whether the system uses its own local user database or a RADIUS server for authentication It can take...

Page 175: ...rt 1812 Accounting servers use port 1813 It is not recommended to use the legacy port 1645 where it conflicts with Datametrics service Request Retry Limit The number of times the client will retry a request in the event a server is not responding or is slow to respond Request Timeout The time in seconds the client will wait for each retry attempt Shared Secret The plain text shared secret used to ...

Page 176: ...rds 4 9 1 The Certificate Creation Wizard The Certificate Creation Wizard enables you to create RSA key pairs and matching signed certificates for use with SSL and IPsec You can 1 Create a new RSA key pair and a certificate request that can be submitted to your Certificate Authority for signing 2 Create a new RSA key pair and your own self signed certificate The Certificate Creation wizard automat...

Page 177: ...ial connection from your PC to a serial port on the device Use a terminal emulator such as HyperTerminal or Procomm configured to the following settings Speed 38400 Data bits 8 Stop bits 1 Parity None Z Connect your PC to the Console port on the Multinet4 device by a null modem serial cable See your Installation Guide for details When the terminal emulator is properly configured the CLI Login prom...

Page 178: ...FTP server implements a virtual file system on the Multinet4 device containing the following directory structure logs config swupgrade These directories cannot be renamed or deleted and no other directories may be created by any user Logs Directory The contents of the logs directory can be displayed by all users The directory listing contains all of the log file names as they would be displayed by...

Page 179: ...browser based management system Executing a put command for a file that already exists will be rejected The rename command is always rejected in the config directory For more on managing configuration files through the CLI see section 5 2 2 2 The config Command Swupgrade Directory The swupgrade directory is always empty when displayed by any user Executing the put command in the swupgrade director...

Page 180: ... commands that enable you to configure manage and monitor your system They are described in the tables contained in section 5 2 2 3 The Ethernet Command through section 5 2 2 16 The web Command Keyboard Navigation in the CLI Some keys have special uses in the CLI The table below explains how to use these keys 5 2 1 Global Commands Global commands take no parameters and can be entered from any prom...

Page 181: ...story Display previous command line input logout Log out of the system and display the Login prompt reboot Shutdown and restart the system restore Restore configuration to default settings revert Undo changes since last save save Save current configuration whoami Show current user information Table 5 3 Basic CLI Commands bridge ethernet bridge management config configuration file management ethern...

Page 182: ...mple MN4 session MN4 session set timeout 30min MN4 session While the CLI is displaying a specialized mode prompt you can type to see a list of the commands specific to that basic command For example typing a at the MN4 session prompt produces the following list of available commands and parameters FIGURE 5 1 Session Commands Example 5 2 2 1 The bridge Command The table below explains the commands ...

Page 183: ...ow cache Display the contents of the bridge station cache Table 5 5 CLI config Commands Command Synopsis Description delete delete filename Delete the configuration file specified by filename dump dump filename Display the entire contents of the configuration file filename to the screen restore restore Restore system defaults Note Default values do not necessarily mean factory default values While...

Page 184: ... MN4 prompt using an ethernet prefix For example MN4 ethernet show all port status or MN4 ethernet set port e1 flow enabled show show Display the names versions and status of configuration files switch switch filename Switch from the current configuration file to the configuration file specified by filename write write filename Create a new configuration file named filename After entering write fi...

Page 185: ...abled Enable or disable far end fault indication fefi flow enabled disabled Enable or disable flow control media Specify media type from among the following options auto autonegotiate 10 100BaseTX default for 10 100T 10half 10 100BaseTX 10full 10 100BaseTX 100half 10 100BaseTX 100full 10 100BaseTX 100FX Full 100BaseFX default for 100FX name Supply a name for the port in up to 15 printable characte...

Page 186: ... parameter to configure the system IP address Where parameter can be ipaddress A valid IP address netmask A valid subnet mask gateway parameter Sets the IP address of the default gateway IP packets are sent to the default gateway when the destination IP address of the packet is on a subnet other than the local subnet Where parameter can be ipaddress A valid IP address management vlan parameter Set...

Page 187: ...otocol Monitor command set to control the display of information on Ethernet port 3 After you have configured the display to show the type and format of information you want you begin the display of information with the start command While you are in monitor mode you have exclusive access to the monitor feature The following example illustrates three configuration commands given in monitor mode fo...

Page 188: ...dr Display packets that have the matching destination IP address in the IP header The IP address is specified in standard dotted notation for example 192 168 1 1 dstmac macaddr Display packets that have the matching destination MAC address in the Ethernet header The MAC address is specified as hex octets separated by colons for example 00 20 61 54 3A CD dstport portnum Display packets that have th...

Page 189: ...load to be dumped in ASCII This is especially useful for textual protocols such as HTTP mode terse verbose Verbose mode changes the display formatting so that more white space is used Payloads are also automatically dumped in both hex and ASCII format In some cases it may make the monitor output more readable at the expense of more transmitted characters per packet framenum enabled disabled When t...

Page 190: ... shown in the figure below FIGURE 5 2 Protocol Monitor Example Configuration Sample output is illustrated in the figure below FIGURE 5 3 Protocol Monitor Example Output start start Begin monitoring Once the command has been issued packets will be displayed You can pause the display by pressing the Enter key You can abort the monitor and return to the CLI by pressing the ESC key Table 5 9 Protocol ...

Page 191: ...N4 prompt 5 2 2 9 The rstp Command The table below explains the commands available for managing and monitoring Rapid Spanning Tree Protocol RSTP functionality when the MN4 rstp prompt is displayed or from the MN4 prompt using an rstp prefix For example MN4 rstp set bridge hello 20 or MN4 rstp show port e1 settings Table 5 10 CLI ping Command Command Synopsis Description ping ping ipaddress Test th...

Page 192: ...TP cost style or 32 bit RSTP cost style delay n Specify a delay before forwarding state or topology change information in a range of 4 30 seconds hello n Specify interval between transmission of configuration BPDUs mode enable disable Enable or disable RSTP on this bridge priority n Specify a priority value for this bridge in the range of 0 highest priority to 65535 The available port parameters a...

Page 193: ...in or MN4 session show active show show param Display information about the settings or status of the bridge or ports The available parameters are bridge settings Display information about bridge RSTP settings bridge status Display information about bridge RSTP status all port settings Display information about the RSTP settings of all ports all port status Display information about the RSTP statu...

Page 194: ...mmand Synopsis Description delete delete sessionID Delete the session identified by sessionID set set timeout duration Specify the number of minutes a session may be idle before being automatically ended where duration can be none 5min 30min 1hour 24hour show show active policies Display information of active sessions or on configured policies Table 5 13 CLI ssh Commands Command Synopsis Descripti...

Page 195: ...that entering sw at the Multinet4 prompt does not produce a Multinet4 sw prompt All sw commands are entered at the Multinet4 prompt You must enter sw plus a specific command For example MN4 sw finalize show show Show current SSH server setting and state CLI Mode Possible values are Allow Telnet and SSH Only SSH Server State Possible values are No Key and Running No Key is seen only when no Digital...

Page 196: ...mand does not show the result displayed in Figure 5 4 use the ssh keygen command to generate an SSH key 2 View the current software upgrade state In the Multinet4 CLI run the sw show command to view the current software upgrade state Figure 5 5 illustrates a typical system before the beginning of the upgrade process FIGURE 5 5 CLI sw show command output Before Upgrading retry sw retry When the sw ...

Page 197: ...e to the swupgrade directory may take a long time Your experience will vary with the sftp client used but the image file is large and some sftp clients will make the transfer in many packets Be prepared to wait ten or more minutes for the transfer to complete 4 View the changed software upgrade state In the Multinet4 CLI run the sw show command to view the software upgrade state now that the softw...

Page 198: ...st Reconnect and run the sw show command FIGURE 5 8 CLI sw show command output UPGRADING 7 Finalize Complete the upgrade procedure by entering the sw finalize command to approve the new software image Run the sw show command one last time to confirm the new configuration FIGURE 5 9 CLI sw show command output UPGRADED MN4 sw show Filename Version Use dx800v140rc3 elf 1 4 0 Current dx800v140rcQ elf ...

Page 199: ...e commands available for terminal settings when the MN4 terminal prompt is displayed or from the MN4 prompt using a terminal prefix These commands enable you to control the display of CLI command output in your virtual terminal window For example MN4 terminal set lines 18 or MN4 terminal show Table 5 15 CLI system Commands Command Synopsis Description set set name location contact The available pa...

Page 200: ...n the terminal window on execution of a CLI command Default value 24 paging y n Control scrolling in the CLI terminal window If y is specified output will display one page at a time that is the scrolling of information will pause at the number of lines specified by the lines parameter and resume after a key is pressed If n is specified output will scroll to the screen without pausing until command...

Page 201: ...upports a single VLAN A trunk port is typically connected to another switch and by default supports all configured VLANs pvid The ID number of the native VLAN assigned to this port tagged y n If y the port ensures that a VLAN tag is present in a frame before transmission If n the port strips all VLAN tags before transmitting frames prohibit A list of VLANs to prohibit from a Trunk port Enter the V...

Page 202: ...erver security management in section 4 8 4 Web Server Table 5 18 CLI web Commands Command Synopsis Description set set mode http sslonly Specify whether the server will accept non secure HTTP requests http Accept both non secure HTTP port 80 requests and secure SSL port 443 requests sslonly Accept only secure requests show show Display the current security setting of the embedded web server ...

Page 203: ...es based on the DiffServ marking found in the IP header For Serial over frame packets are placed in one of four priority queues based on the priority assigned to that particular serial over frame channel For Ethernet in addition to the DiffServ marking in the IP header each Ethernet header may contain an IEEE 802 3ac tag containing IEEE 802 1p priority information Using this field a priority of 0 ...

Page 204: ...that services a certain number of packets from each queue and then moves on to the next queue The weighting is 8 4 2 1 meaning that up to 8 priority 1 packets are sent followed by up to 4 priority 2 packets followed by up to 2 priority 3 packets followed by a single priority 4 packet In this way low priority packets still have a chance albeit at a lower rate to egress the port when there is a heav...

Page 205: ... is not explicitly configured and mapped to a priority the packet is treated as if it were marked as Best Effort The mapping of DiffServ markings to priority queues is configurable by the user Packets generated by Multinet4 are always assigned a priority based on their DiffServ marking 6 1 3 2 DiffServ to 802 1p Mapping When an IP packet is generated by the Multinet4 the DiffServ marking may optio...

Page 206: ...t supported at this time You have the option of completely disabling the SNMP agent enabling the agent to accept SNMP v1 or v2c PDUs or enabling the agent to only accept SNMP v3 PDUs When configured for v1 v2c operation access to the MIB is controlled via community string When configured for v3 operation access to the MIB is controlled on a per user basis The total number of user accounts is limit...

Page 207: ...ions Multinet4 supports both protocols so that you can configure a port to use the older STP if it is necessary to accommodate a legacy bridge This appendix provides a high level summary of the protocol to enable understanding of your options in configuring RSTP For a more detailed understanding see the freely available IEEE 802 1D 2004 standard Access RSTP functionality in Multinet4 with the foll...

Page 208: ...west path cost The measurement takes into account the bandwidth on intervening segments When the spanning tree is being calculated the bridges exchange configuration BPDUs Other types of BPDUs are exchanged during normal operation Multinet4 supports a choice of cost style 6 3 1 2 Bridge Roles Each configured spanning tree has a single root bridge All other bridges active in the system are designat...

Page 209: ...s a single root port This is the port with the lowest root path cost the best way to the root All traffic to and from the root bridge passes through the root port of the designated bridge Designated Each bridge except the root bridge has at least one designated port If only one port is connected to the segment it is the designated port If more than one port is connected to the segment then the por...

Page 210: ...Age The length of time a configuration BPDU remains valid before it is discarded 6 3 3 Design Considerations The RSTP protocol can make network decisions automatically In fact in the absence of manual intervention the protocol will completely configure the network however you may want to specify the settings for some or all of your bridges and ports For instance you may want to ensure that a parti...

Page 211: ...bridge Maximum Age The default Maximum Age value is 20 seconds in a valid range of 6 40 In a network that includes some slow links it could be useful to set a higher value for Maximum Age Cost Style Specifies whether 16 bit STP style or 32 bit RSTP style path cost values are used 6 3 3 2 Configuring Port Settings Use the 4 4 3 2 RSTP Port Settings screen to configure the following parameters Mode ...

Page 212: ... as the NULL VID that is used in priority tagged frames Add a VLAN to the switch in the following steps Z Go to the 4 4 4 2 VLAN VIDs screen Z Enter a valid VID and VLAN Name in the fields provided in the Add VLAN form Z Click the Apply Settings button 6 4 2 Configuring Ports for VLAN Membership Each port to be included in a VLAN must be assigned a VID They can also be configured to expect tagged ...

Page 213: ...rt of the criteria used by the bridge forwarding process Specifically a frame will only be forwarded on a port that is a member of its tagged VLAN Note that other criteria such as destination MAC address and port state may prevent a frame from being forwarded on a port even if it has a matching VID Default Configuration By default all ports are configured with Tagging set to No Mode set to Access ...

Page 214: ...ou want to specify VLANS to be filtered from this trunk do so now Click the Apply Settings button 6 4 3 VLANs and Serial Ports This section describes the concept of Serial VLANs a network design in which SCADA traffic is segregated from other network traffic by placing it on a separate VLAN It also presents an example network application Multinet4 offers the capability of segregating serial traffi...

Page 215: ...t that MAC address as the single authorized MAC for the port Learned authorized MACs persist across resets If a static MAC is configured after a port has learned an authorized MAC the learned MAC is forgotten and the configured static MACs are treated as the list of authorized MACs If all static MACs are removed from a port the port will learn a new authorized MAC 6 5 1 2 Link Locking In link lock...

Page 216: ... SSL and its successor Transport Layer Security defined in RFC 2246 TLS are cryptographic protocols to protect traffic on the Internet SSL and non SSL access to the web server is always available The system is shipped with a default web server key and certificate We recommend that you generate and install a new key file You can do this by uploading the file to the keys page and then selecting the ...

Page 217: ...ng the digital signature on an electronic document known as an X 509 certificate 6 5 3 3 X 509 Certificates An X 509 certificate is an electronic document used to publish a public key It generally contains additional information that describes the certificate owner s name organization and contact information The certificate is digitally signed by a trusted third party to prove its authenticity Cer...

Page 218: ... ZYrpHvLfkg8ljdLjlGNUdBl kwN7 8H6KN5J IJWBq2C cNfvfyUJ2 95a6TNYwt9 k K3r70A6iuzFM0wVFpM0q H7tPOFStc9IygR36FOPasCoNxze9DofIfC8IypSf2S6B6tL6 8LXAgMBAAEwDQYJ KoZIhvcNAQEFBQADgYEAEq3kTPfT5i1Z5XtXtOabwkAcWW tCw wDhC6DME2XY5E OnuJchpFGgTPmA1z5neUTYT9pHX50rutrk28vvj6ELn1XLD5sp6Hqxj5Wslo4jDb LFxgft46TUgISqRHiSbixWfsLSNq7lfdlyH f3cpGjMQjWO8xtEExNDuk7NUVbM END CERTIFICATE 6 5 3 6 Multinet4 Key Files You mus...

Page 219: ...FAYDVQQHEw1Ob3J0aCBBbmRv dmVyMRQwEgYDVQQKEwtEeW1lYywgSW5jLjEbMBkGA1UECxMSVGVjaG5pY2FsIFNl cnZpY2VzMRowGAYDVQQDExFNYXR0aGV3IFNjaGlja2xlcjEjMCEGCSqGSIb3DQEJ ARYUbXNjaGlja2xlckBkeW1lYy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBALy0cZ8jmna5xpj1v4Zq8L9bCek65biwWh3Ll7rmJ94gS VpQQV7x6l3YcE qbi7hP2WUEA9lzLhCLTvNeOoY U69R zRBRP39G2Lc2HesBPzftLwOdNoQnKim2L EkdWa4HgpmjlPc7u33W8xcCEeZK37u61JrAKxIjmkR7QCDq AgM...

Page 220: ... By default peer authentication is not performed When peer authentication is required the SSL handshake fails and the connection is closed unless the following conditions are met 1 The entity being authenticated must prove that it owns the public key in the certificate that it presented This is accomplished by using its private key to encrypt some data that the authenticator decrypts and verifies ...

Page 221: ...de AU US State or Province Name full name Some State MA Locality Name eg city North Andover Organization Name eg company Internet Widgits Pty Ltd DYMEC Inc Organizational Unit Name eg section Technical Services Common Name eg YOUR name Support Email Address support dymec com Please enter the following extra attributes to be sent with your certificate request A challenge password An optional compan...

Page 222: ...ill be a default value If you enter the field will be left blank Country Name 2 letter code AU US State or Province Name full name Some State MA Locality Name eg city North Andover Organization Name eg company Internet Widgits Pty Ltd DYMEC Inc Organizational Unit Name eg section Network Planning Common Name eg YOUR name Planner Email Address planner dymec com Please enter the following extra attr...

Page 223: ...ername and password provided are authentic using a shared secret and one of two authentication schemes Authorization After successful authentication the RADIUS authorizes the requesting user to begin a session on the system Use the 4 8 6 1 RADIUS Global Settings screen and the 4 8 6 2 RADIUS Servers screen to add RADIUS servers and to configure them 6 5 5 Multinet4 Cipher Support The following lis...

Page 224: ... size of at least 128 bits ANY_STRONG_SSL all cipher suites listed above that are defined by the SSLv3 standard and have a key size of at least 128 bits ANY_STRONG_TLS all cipher suites listed above that are defined by the TLSv1 standard and have a key size of at least 128 bits ANY_AES all cipher suites that use AES128 or AES256 for encryption Multinet4 always uses RSA public key cryptography and ...

Page 225: ...ith Secure SHell SSH technology Typically a key has been generated at the factory so that your Multinet4 device is delivered with SSH enabled that is the SSH Server State value is Running If the SSH Server State value is No Key you must run the keygen command in the CLI Once a key has been generated SSH can be enabled or disabled through the browser interface or through the CLI ...

Page 226: ...s masters initiate requests to the slaves These requests are encapsulated and forwarded by the Modbus TCP client software to the appropriate Modbus TCP server At the server the request is de encapsulated analyzed and sent over the appropriate serial port to the serial Modbus slave When the slave device responds the response is encapsulated and sent back to the Modbus TCP client that in turn de enc...

Page 227: ...eferred to as the unit identifier and the function byte are preserved and are followed by a variable amount of data This information is then delivered as the payload of a TCP IP packet The Modbus LRC CRC is not included because it is redundant with the CRC provided by the link layer that is Ethernet FIGURE 6 6 Format of a Modbus TCP Packet 6 7 4 Exception Handling The Modbus TCP client and server ...

Page 228: ...received it is forwarded back to the master After the transaction is complete the TCP connection remains open in anticipation of a subsequent request If another request is not made within the user configured idle time the TCP connection is closed and will be re opened when a new request is received The client may also be configured so that it immediately makes a connection for a configured device ...

Page 229: ...ite operator can access all features except the following web menu items and any related CLI commands Administration SNMP Administration Authentication Administration Sessions Administration Software Upgrade Administration Configuration Administration System Reboot Events Logs Global Settings Security Keys Security Certificates Security RADIUS Read Only read only operator can access all features t...

Page 230: ...6 28 MULTINET4 MULTI PORT SERIAL SERVER MANAGED SWITCH INSTRUCTION MANUAL OPERATIONAL GUIDE CHAPTER 6 OPERATIONAL GUIDE ...

Page 231: ...re EIA 232 also know as RS 232 and EIA 485 also known as RS 485 Interfaces that support RS 232 or some subset of the standard are ubiquitous and found on nearly all personal computers They also appear on many embedded computing devices where they are used to carry streaming data or provide access to a user console An RS 232 link provides full duplex data and asymmetric control One device on the li...

Page 232: ...ation networks In the past these networks have been constructed using a number of available technologies but industrial applications are increasingly shifting toward running the Internet Protocol IP over Ethernet based technologies This enables the deployment of highly interoperable reliable and secure high speed networks at extremely low cost The IEEE is responsible for publishing standards relat...

Page 233: ...mputer system and the end device is increased significantly The effective maximum range of an RS 232 link is about 10 meters With a terminal server the computer system connects to the device over a network and the effective maximum range is limited only by the latency requirements of the communicating end systems 2 Multiple computer systems can communicate with a single RS 232 device This would be...

Page 234: ...ration parameters also affect the operation of the port in passive mode Local IP the IP address at which the server listens for connections If the system has only a single assigned IP address this parameter defaults to the system IP address and cannot be changed If the system has multiple assigned IP addresses this parameter can be set to any of those addresses In this case the software will only ...

Page 235: ...mote IP the IP address to which the terminal server attempts to connect Remote TCP the TCP port to which the terminal server attempts to connect Retry Time when a connection attempt fails for any reason this is the minimum amount of time the terminal server will wait before re trying the attempt 7 3 3 Mixed Mode You can configure a terminal server port to operate in a mixed mode in which it simult...

Page 236: ...ION NOTES CHAPTER 7 TERMINAL SERVER APPLICATION NOTES 7 4 Application 1 Device Console Access The terminal server is used to remotely access the console on an RTU using telnet FIGURE 7 2 Device Console Access The Multinet4 is configured as follows FIGURE 7 3 Configuration for Device Console Access ...

Page 237: ...ERVER MANAGED SWITCH INSTRUCTION MANUAL 7 7 The user then executes a telnet client application on the host system to open a connection to 192 168 1 2 on port 10201 If serial port S1 is UP and the terminal server is reachable by the host a TCP connection will be established FIGURE 7 4 TCP Connection Confirmed ...

Page 238: ...S 7 5 Application 2 Serial over TCP IP Tunnel Two Multinet4 Multi Port Serial Server Managed Switch devices are used to connect a user s host system to an RTU console over a TCP IP network FIGURE 7 5 Serial over TCP IP Tunnel The Multinet4 is configured as illustrated in the figure below FIGURE 7 6 Multinet4 Configured for Serial over TCP IP Tunnel ...

Page 239: ...IGURE 7 7 TCP Connection Established After the connection is established the computer system acting as a terminal can communicate with the RTU through its local serial port Note When creating a TCP IP tunnel between two serial ports you should always choose one node to be the client the OUT channel and the other to be the server the IN channel Configuring a client and a server for the port on each...

Page 240: ...DA Three Multinet4 devices are used to connect three serial devices over a TCP IP network One of the serial devices is a SCADA master and the other two are slaves The MN4 1 connected to the master is configured to make one active connection to MN4 2 and MN4 3 each connected to one slave device FIGURE 7 8 Multipoint SCADA The Multinet4 is configured as illustrated in the figure below ...

Page 241: ... APPLICATION NOTES MULTINET4 MULTI PORT SERIAL SERVER MANAGED SWITCH INSTRUCTION MANUAL 7 11 FIGURE 7 9 Multinet4 Configured for Multipoint SCADA The Multinet4 is configured as illustrated in the figure below FIGURE 7 10 MN4 2 3 Configured for Multipoint SCADA ...

Page 242: ... MANAGED SWITCH INSTRUCTION MANUAL TERMINAL SERVER APPLICATION NOTES CHAPTER 7 TERMINAL SERVER APPLICATION NOTES 7 7 Using Multinet4 Secure Serial Ports For a detailed discussion of serial port security see section 6 5 2 Serial Port Security ...

Page 243: ... encrypted In addition the initial connection includes an SSL handshake that forces each side to authenticate using RSA keys and X 509 certificates This setup not only prevents intruders from snooping on active serial sessions but it also prevents them from connecting to an open terminal server port and impersonating a host FIGURE 7 11 Serial over Secure TCP Tunnel Both sides of the terminal serve...

Page 244: ...ER APPLICATION NOTES The basic terminal server parameters are configured as in Application 2 When serial port S1 is UP on each side the TCP connection is established the SSL handshake is performed and then encrypted serial data can be passed over the network as shown in the figure below FIGURE 7 13 Serial over SSL Tunnel Connection ...

Page 245: ...8 1 2 10201 was refused The local Multinet4 unit attempted to connect to the remote unit but it was unreachable or the TCP port is not open Verify that the remote unit is reachable by logging into the Command Line Interface CLI and using the ping command Verify that the specified port is open available on the remote unit by using a PC to telnet to the port If the connection is refused your remote ...

Page 246: ... system s time and date are set properly Check your key file and make sure that the enclosed certificate file has appropriate notBefore and notAfter dates Event Serial port S1 reports that the certificate presented by the host at 192 168 1 2 10201 was invalid self signed certificate in certificate chain The SSL handshake failed during certificate verification because an un trusted self signed cert...

Page 247: ...pler message based connectionless protocol that is UDP simply sends a packet of data to a specified address and port UDP does not provide the reliability of TCP but it can deliver data with less overhead Network port numbers are assigned to specific uses by the Internet Assigned Numbers Authority IANA Port numbers 0 1023 are called Well Known Ports and have standard uses such as port 80 for HTML t...

Page 248: ...tocol 38 TCP UDP Route Access Protocol 39 TCP UDP Resource Location Protocol 41 TCP UDP Graphics 42 TCP UDP Host Name Server 43 TCP WHOIS protocol 49 TCP UDP TACACS Login Host protocol 53 TCP UDP DNS Domain Name System 67 UDP BOOTP BootStrap Protocol server also used by DHCP Dynamic Host Configuration Protocol 68 UDP BOOTP client also used by DHCP 69 UDP TFTP Trivial File Transfer Protocol 70 TCP ...

Page 249: ...c2portmap 371 TCP UDP ClearCase albd 389 TCP UDP LDAP Lightweight Directory Access Protocol 401 TCP UDP UPS Uninterruptible Power Supply 427 TCP UDP SLP Service Location Protocol 443 TCP UDP HTTPS HTTP Protocol over TLS SSL encrypted transmission 445 TCP Microsoft DS Active Directory Windows shares Sasser worm Agobot Zobotworm 445 UDP Microsoft DS SMB file sharing 464 TCP UDP Kerberos Change Set p...

Page 250: ...e see port 80 593 TCP UDP HTTP RPC Ep Map 636 TCP UDP LDAP over SSL encrypted transmission 691 TCP MS Exchange Routing 873 TCP rsync File synchronization protocol 989 TCP UDP FTP Protocol data over TLS SSL 990 TCP UDP FTP Protocol control over TLS SSL 992 TCP UDP Telnet protocol over TLS SSL 993 TCP IMAP4 over SSL encrypted transmission 995 TCP POP3 over SSL encrypted transmission Table A 1 Well K...

Page 251: ...e ping application The table below is a list of the ICMP types Table A 2 ICMP Types Port Description 0 Echo Reply 1 Unassigned 2 Unassigned 3 Destination Unreachable 4 Source Quench 5 Redirect 6 Alternate Host Address 7 Unassigned 8 Echo 9 Router Advertisement 10 Router Selection 11 Time Exceeded 12 Parameter Problem 13 Timestamp 14 Timestamp Reply 15 Information Request 16 Information Reply 17 Ad...

Page 252: ...PORT AND TYPE REFERENCE CHAPTER A PORT AND TYPE REFERENCE 33 IPv6 Where Are You 34 IPv6 I Am Here 35 Mobile Registration Request 36 Mobile Registration Reply 37 Domain Name Request 38 Domain Name Reply 39 SKIP 40 Photuris 41 255 Reserved Table A 2 ICMP Types Port Description ...

Page 253: ...eneral Public License applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it too but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case based on the explanations below When we speak of free...

Page 254: ... Public License applies to certain designated libraries and is quite different from the ordinary General Public License We use this license for certain libraries in order to permit linking those libraries into non free programs When a program is linked with a library whether statically or using a shared library the combination of the two is legally speaking a combined work a derivative of the orig...

Page 255: ...program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library The precise terms and conditions for copying distribution and modification follow Pay close attention to the difference between a work based on the library and a work that uses the library The former contains code derived from the library whereas the latter must b...

Page 256: ...vered by this License they are outside its scope The act of running a program using the Library is not restricted and output from such a program is covered only if its contents constitute a work based on the Library independent of the use of the Library in a tool for writing it Whether that is true depends on what the Library does and what the program that uses the Library does 2 You may copy and ...

Page 257: ...on medium does not bring the other work under the scope of this License 5 You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library To do this you must alter all the notices that refer to this License so that they refer to the ordinary GNU General Public License version 2 instead of to this License If a newer version than versi...

Page 258: ...choice provided that the terms permit modification of the work for the customer s own use and reverse engineering for debugging such modifications You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License You must supply a copy of this License If the work during execution displays copyright notices you must...

Page 259: ...lities This must be distributed under the terms of the Sections above 2 Give prominent notice with the combined library of the fact that part of it is a work based on the Library and explaining where to find the accompanying uncombined form of the same work 3 You may not copy modify sublicense link with or distribute the Library except as expressly provided under this License Any attempt otherwise...

Page 260: ...r use of the Library is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if wri...

Page 261: ...w Libraries If you develop a new library and you want it to be of the greatest possible use to the public we recommend making it free software that everyone can redistribute and change You can do so by permitting redistribution under these terms or alternatively under the terms of the ordinary General Public License To apply these terms attach the following notices to the library It is safest to a...

Page 262: ...B 10 MULTINET4 MULTI PORT SERIAL SERVER MANAGED SWITCH INSTRUCTION MANUAL THIRD PARTY LICENSES CHAPTER B THIRD PARTY LICENSES ...

Page 263: ... String Markham Ontario 0024 6 Software Version String Varies 002A 1 IP Address 0 0 255 1 F1 0 002B 1 IP Address 1 0 255 1 F1 0 002C 1 IP Address 2 0 255 1 F1 0 002D 1 IP Address 3 0 255 1 F1 0 002E 1 NetMask 0 0 255 1 F1 0 002F 1 NetMask 1 0 255 1 F1 0 0030 1 NetMask 2 0 255 1 F1 0 0031 1 NetMask 3 0 255 1 F1 0 0032 1 GateWay 0 0 255 1 F1 0 0033 1 GateWay 1 0 255 1 F1 0 0034 1 GateWay 2 0 255 1 F...

Page 264: ... 6 1 F1 Varies 005E 1 Port 9 Type 0 6 1 F1 Varies 005F 1 Port 10 Type 0 6 1 F1 Varies 0060 1 Port 11 Type 0 6 1 F1 Varies 0061 1 Port 12 Type 0 6 1 F1 Varies 0062 1 Port 13 Type 0 6 1 F1 Varies 0063 1 Port 14 Type 0 6 1 F1 Varies 0064 1 Port 15 Type 0 6 1 F1 Varies 0065 1 Port 16 Type 0 6 1 F1 Varies 0066 1 Port 17 Type 0 6 1 F1 Varies 0067 1 Port 18 Type 0 6 1 F1 Varies 0068 1 Port 19 Type 0 6 1 ...

Page 265: ... 1 1 F1 0 0080 1 Port 11 Link Status 0 1 1 F1 0 0081 1 Port 12 Link Status 0 1 1 F1 0 0082 1 Port 13 Link Status 0 1 1 F1 0 0083 1 Port 14 Link Status 0 1 1 F1 0 0084 1 Port 15 Link Status 0 1 1 F1 0 0085 1 Port 16 Link Status 0 1 1 F1 0 0086 1 Port 17 Link Status 0 1 1 F1 0 0087 1 Port 18 Link Status 0 1 1 F1 0 0088 1 Port 19 Link Status 0 1 1 F1 0 0089 1 Port 20 Link Status 0 1 1 F1 0 008A 1 Por...

Page 266: ... STP State 0 1 1 F1 0 00A2 1 Port 13 STP State 0 1 1 F1 0 00A3 1 Port 14 STP State 0 1 1 F1 0 00A4 1 Port 15 STP State 0 1 1 F1 0 00A5 1 Port 16 STP State 0 1 1 F1 0 00A6 1 Port 17 STP State 0 1 1 F1 0 00A7 1 Port 18 STP State 0 1 1 F1 0 00A8 1 Port 19 STP State 0 1 1 F1 0 00A9 1 Port 20 STP State 0 1 1 F1 0 00AA 1 Port 21 STP State 0 1 1 F1 0 00AB 1 Port 22 STP State 0 1 1 F1 0 00AC 1 Port 23 STP...

Page 267: ...Port 14 Activity 0 1 1 F1 0 00C4 1 Port 15 Activity 0 1 1 F1 0 00C5 1 Port 16 Activity 0 1 1 F1 0 00C6 1 Port 17 Activity 0 1 1 F1 0 00C7 1 Port 18 Activity 0 1 1 F1 0 00C8 1 Port 19 Activity 0 1 1 F1 0 00C9 1 Port 20 Activity 0 1 1 F1 0 00CA 1 Port 21 Activity 0 1 1 F1 0 00CB 1 Port 22 Activity 0 1 1 F1 0 00CC 1 Port 23 Activity 0 1 1 F1 0 00CD 1 Port 24 Activity 0 1 1 F1 0 00CE 1 Port 25 Activit...

Page 268: ...eived 0 429496 7295 1 F9 0 00EE 2 Port1 Number of collisions occured 0 429496 7295 1 F9 0 00F0 2 Port1 Number of late collisions occured 0 429496 7295 1 F9 0 00F2 2 Port1 Number of 64 byte frames rcvd sent 0 429496 7295 1 F9 0 00F4 2 Port1 Number of 65 127 byte frames rcvd sent 0 429496 7295 1 F9 0 00F6 2 Port1 Number of 128 255 byte frames rcvd sent 0 429496 7295 1 F9 0 00F8 2 Port1 Number of 256...

Page 269: ...ytes 0 429496 7295 1 F9 0 011E 2 Port2 Number of jabber frames received 0 429496 7295 1 F9 0 0120 2 Port2 Number of collisions occured 0 429496 7295 1 F9 0 0122 2 Port2 Number of late collisions occured 0 429496 7295 1 F9 0 0124 2 Port2 Number of 64 byte frames rcvd sent 0 429496 7295 1 F9 0 0126 2 Port2 Number of 65 127 byte frames rcvd sent 0 429496 7295 1 F9 0 0128 2 Port2 Number of 128 255 byt...

Page 270: ...ed 0 429496 7295 1 F9 0 014E 2 Port3 Number of bad fragments rcvd 64 bytes 0 429496 7295 1 F9 0 0150 2 Port3 Number of jabber frames received 0 429496 7295 1 F9 0 0152 2 Port3 Number of collisions occured 0 429496 7295 1 F9 0 0154 2 Port3 Number of late collisions occured 0 429496 7295 1 F9 0 0156 2 Port3 Number of 64 byte frames rcvd sent 0 429496 7295 1 F9 0 0158 2 Port3 Number of 65 127 byte fr...

Page 271: ... 429496 7295 1 F9 0 017E 2 Port4 Number of oversized frames received 0 429496 7295 1 F9 0 0180 2 Port4 Number of bad fragments rcvd 64 bytes 0 429496 7295 1 F9 0 0182 2 Port4 Number of jabber frames received 0 429496 7295 1 F9 0 0184 2 Port4 Number of collisions occured 0 429496 7295 1 F9 0 0186 2 Port4 Number of late collisions occured 0 429496 7295 1 F9 0 0188 2 Port4 Number of 64 byte frames rc...

Page 272: ... 0 429496 7295 1 F9 0 01AE 2 Port5 Number of frames with CRC error 0 429496 7295 1 F9 0 01B0 2 Port5 Number of oversized frames received 0 429496 7295 1 F9 0 01B2 2 Port5 Number of bad fragments rcvd 64 bytes 0 429496 7295 1 F9 0 01B4 2 Port5 Number of jabber frames received 0 429496 7295 1 F9 0 01B6 2 Port5 Number of collisions occured 0 429496 7295 1 F9 0 01B8 2 Port5 Number of late collisions o...

Page 273: ...9496 7295 1 F9 0 01DE 2 Port6 Number of multicast frames received 0 429496 7295 1 F9 0 01E0 2 Port6 Number of frames with CRC error 0 429496 7295 1 F9 0 01E2 2 Port6 Number of oversized frames received 0 429496 7295 1 F9 0 01E4 2 Port6 Number of bad fragments rcvd 64 bytes 0 429496 7295 1 F9 0 01E6 2 Port6 Number of jabber frames received 0 429496 7295 1 F9 0 01E8 2 Port6 Number of collisions occu...

Page 274: ...496 7295 1 F9 0 020E 2 Port7 Number of broadcast frames received 0 429496 7295 1 F9 0 0210 2 Port7 Number of multicast frames received 0 429496 7295 1 F9 0 0212 2 Port7 Number of frames with CRC error 0 429496 7295 1 F9 0 0214 2 Port7 Number of oversized frames received 0 429496 7295 1 F9 0 0216 2 Port7 Number of bad fragments rcvd 64 bytes 0 429496 7295 1 F9 0 0218 2 Port7 Number of jabber frames...

Page 275: ...ytes received 0 429496 7295 1 F9 0 023E 2 Port8 Total frames received 0 429496 7295 1 F9 0 0240 2 Port8 Number of broadcast frames received 0 429496 7295 1 F9 0 0242 2 Port8 Number of multicast frames received 0 429496 7295 1 F9 0 0244 2 Port8 Number of frames with CRC error 0 429496 7295 1 F9 0 0246 2 Port8 Number of oversized frames received 0 429496 7295 1 F9 0 0248 2 Port8 Number of bad fragme...

Page 276: ...6C 2 Port9 Number of frames sent 0 429496 7295 1 F9 0 026E 2 Port9 Total bytes received 0 429496 7295 1 F9 0 0270 2 Port9 Total frames received 0 429496 7295 1 F9 0 0272 2 Port9 Number of broadcast frames received 0 429496 7295 1 F9 0 0274 2 Port9 Number of multicast frames received 0 429496 7295 1 F9 0 0276 2 Port9 Number of frames with CRC error 0 429496 7295 1 F9 0 0278 2 Port9 Number of oversi...

Page 277: ... F9 0 029C 2 Port10 Number of frames received 0 429496 7295 1 F9 0 029E 2 Port10 Number of frames sent 0 429496 7295 1 F9 0 02A0 2 Port10 Total bytes received 0 429496 7295 1 F9 0 02A2 2 Port10 Total frames received 0 429496 7295 1 F9 0 02A4 2 Port10 Number of broadcast frames received 0 429496 7295 1 F9 0 02A6 2 Port10 Number of multicast frames received 0 429496 7295 1 F9 0 02A8 2 Port10 Number ...

Page 278: ...eceived 0 429496 7295 1 F9 0 02CC 2 Port11 Number of bytes sent 0 429496 7295 1 F9 0 02CE 2 Port11 Number of frames received 0 429496 7295 1 F9 0 02D0 2 Port11 Number of frames sent 0 429496 7295 1 F9 0 02D2 2 Port11 Total bytes received 0 429496 7295 1 F9 0 02D4 2 Port11 Total frames received 0 429496 7295 1 F9 0 02D6 2 Port11 Number of broadcast frames received 0 429496 7295 1 F9 0 02D8 2 Port11...

Page 279: ...ragments w good CRC 0 429496 7295 1 F9 0 02FC 2 Port12 Number of bytes received 0 429496 7295 1 F9 0 02FE 2 Port12 Number of bytes sent 0 429496 7295 1 F9 0 0300 2 Port12 Number of frames received 0 429496 7295 1 F9 0 0302 2 Port12 Number of frames sent 0 429496 7295 1 F9 0 0304 2 Port12 Total bytes received 0 429496 7295 1 F9 0 0306 2 Port12 Total frames received 0 429496 7295 1 F9 0 0308 2 Port1...

Page 280: ...st frames sent 0 429496 7295 1 F9 0 032C 2 Port12 Number of 64 byte fragments w good CRC 0 429496 7295 1 F9 0 032E 2 Port13 Number of bytes received 0 429496 7295 1 F9 0 0330 2 Port13 Number of bytes sent 0 429496 7295 1 F9 0 0332 2 Port13 Number of frames received 0 429496 7295 1 F9 0 0334 2 Port13 Number of frames sent 0 429496 7295 1 F9 0 0336 2 Port13 Total bytes received 0 429496 7295 1 F9 0 ...

Page 281: ...st frames sent 0 429496 7295 1 F9 0 035C 2 Port13 Number of broadcast frames sent 0 429496 7295 1 F9 0 035E 2 Port13 Number of 64 byte fragments w good CRC 0 429496 7295 1 F9 0 0360 2 Port14 Number of bytes received 0 429496 7295 1 F9 0 0362 2 Port14 Number of bytes sent 0 429496 7295 1 F9 0 0364 2 Port14 Number of frames received 0 429496 7295 1 F9 0 0366 2 Port14 Number of frames sent 0 429496 7...

Page 282: ...eived packets 0 429496 7295 1 F9 0 038C 2 Port14 Number of multicast frames sent 0 429496 7295 1 F9 0 038E 2 Port14 Number of broadcast frames sent 0 429496 7295 1 F9 0 0390 2 Port14 Number of 64 byte fragments w good CRC 0 429496 7295 1 F9 0 0392 2 Port15 Number of bytes received 0 429496 7295 1 F9 0 0394 2 Port15 Number of bytes sent 0 429496 7295 1 F9 0 0396 2 Port15 Number of frames received 0...

Page 283: ...Error Packets 0 429496 7295 1 F9 0 03BC 2 Port15 Number of dropped received packets 0 429496 7295 1 F9 0 03BE 2 Port15 Number of multicast frames sent 0 429496 7295 1 F9 0 03C0 2 Port15 Number of broadcast frames sent 0 429496 7295 1 F9 0 03C2 2 Port15 Number of 64 byte fragments w good CRC 0 429496 7295 1 F9 0 03C4 2 Port16 Number of bytes received 0 429496 7295 1 F9 0 03C6 2 Port16 Number of byt...

Page 284: ... byte frames rcvd sent 0 429496 7295 1 F9 0 03EC 2 Port16 Number of Mac Error Packets 0 429496 7295 1 F9 0 03EE 2 Port16 Number of dropped received packets 0 429496 7295 1 F9 0 03F0 2 Port16 Number of multicast frames sent 0 429496 7295 1 F9 0 03F2 2 Port16 Number of broadcast frames sent 0 429496 7295 1 F9 0 03F4 2 Port16 Number of 64 byte fragments w good CRC 0 429496 7295 1 F9 0 03F6 2 Port17 N...

Page 285: ...rames rcvd sent 0 429496 7295 1 F9 0 041C 2 Port17 Number of 1023 MAX byte frames rcvd sent 0 429496 7295 1 F9 0 041E 2 Port17 Number of Mac Error Packets 0 429496 7295 1 F9 0 0420 2 Port17 Number of dropped received packets 0 429496 7295 1 F9 0 0422 2 Port17 Number of multicast frames sent 0 429496 7295 1 F9 0 0424 2 Port17 Number of broadcast frames sent 0 429496 7295 1 F9 0 0426 2 Port17 Number...

Page 286: ...cvd sent 0 429496 7295 1 F9 0 044C 2 Port18 Number of 512 1023 byte frames rcvd sent 0 429496 7295 1 F9 0 044E 2 Port18 Number of 1023 MAX byte frames rcvd sent 0 429496 7295 1 F9 0 0450 2 Port18 Number of Mac Error Packets 0 429496 7295 1 F9 0 0452 2 Port18 Number of dropped received packets 0 429496 7295 1 F9 0 0454 2 Port18 Number of multicast frames sent 0 429496 7295 1 F9 0 0456 2 Port18 Numb...

Page 287: ...sent 0 429496 7295 1 F9 0 047C 2 Port19 Number of 256 511 byte frames rcvd sent 0 429496 7295 1 F9 0 047E 2 Port19 Number of 512 1023 byte frames rcvd sent 0 429496 7295 1 F9 0 0480 2 Port19 Number of 1023 MAX byte frames rcvd sent 0 429496 7295 1 F9 0 0482 2 Port19 Number of Mac Error Packets 0 429496 7295 1 F9 0 0484 2 Port19 Number of dropped received packets 0 429496 7295 1 F9 0 0486 2 Port19 ...

Page 288: ...96 7295 1 F9 0 04AC 2 Port20 Number of 128 255 byte frames rcvd sent 0 429496 7295 1 F9 0 04AE 2 Port20 Number of 256 511 byte frames rcvd sent 0 429496 7295 1 F9 0 04B0 2 Port20 Number of 512 1023 byte frames rcvd sent 0 429496 7295 1 F9 0 04B2 2 Port20 Number of 1023 MAX byte frames rcvd sent 0 429496 7295 1 F9 0 04B4 2 Port20 Number of Mac Error Packets 0 429496 7295 1 F9 0 04B6 2 Port20 Number...

Page 289: ...DC 2 Port21 Number of 65 127 byte frames rcvd sent 0 429496 7295 1 F9 0 04DE 2 Port21 Number of 128 255 byte frames rcvd sent 0 429496 7295 1 F9 0 04E0 2 Port21 Number of 256 511 byte frames rcvd sent 0 429496 7295 1 F9 0 04E2 2 Port21 Number of 512 1023 byte frames rcvd sent 0 429496 7295 1 F9 0 04E4 2 Port21 Number of 1023 MAX byte frames rcvd sent 0 429496 7295 1 F9 0 04E6 2 Port21 Number of Ma...

Page 290: ...mber of 64 byte frames rcvd sent 0 429496 7295 1 F9 0 050E 2 Port22 Number of 65 127 byte frames rcvd sent 0 429496 7295 1 F9 0 0510 2 Port22 Number of 128 255 byte frames rcvd sent 0 429496 7295 1 F9 0 0512 2 Port22 Number of 256 511 byte frames rcvd sent 0 429496 7295 1 F9 0 0514 2 Port22 Number of 512 1023 byte frames rcvd sent 0 429496 7295 1 F9 0 0516 2 Port22 Number of 1023 MAX byte frames r...

Page 291: ...te collisions occured 0 429496 7295 1 F9 0 053E 2 Port23 Number of 64 byte frames rcvd sent 0 429496 7295 1 F9 0 0540 2 Port23 Number of 65 127 byte frames rcvd sent 0 429496 7295 1 F9 0 0542 2 Port23 Number of 128 255 byte frames rcvd sent 0 429496 7295 1 F9 0 0544 2 Port23 Number of 256 511 byte frames rcvd sent 0 429496 7295 1 F9 0 0546 2 Port23 Number of 512 1023 byte frames rcvd sent 0 429496...

Page 292: ...ons occured 0 429496 7295 1 F9 0 056E 2 Port24 Number of late collisions occured 0 429496 7295 1 F9 0 0570 2 Port24 Number of 64 byte frames rcvd sent 0 429496 7295 1 F9 0 0572 2 Port24 Number of 65 127 byte frames rcvd sent 0 429496 7295 1 F9 0 0574 2 Port24 Number of 128 255 byte frames rcvd sent 0 429496 7295 1 F9 0 0576 2 Port24 Number of 256 511 byte frames rcvd sent 0 429496 7295 1 F9 0 0578...

Page 293: ...eived 0 429496 7295 1 F9 0 059E 2 Port25 Number of collisions occured 0 429496 7295 1 F9 0 05A0 2 Port25 Number of late collisions occured 0 429496 7295 1 F9 0 05A2 2 Port25 Number of 64 byte frames rcvd sent 0 429496 7295 1 F9 0 05A4 2 Port25 Number of 65 127 byte frames rcvd sent 0 429496 7295 1 F9 0 05A6 2 Port25 Number of 128 255 byte frames rcvd sent 0 429496 7295 1 F9 0 05A8 2 Port25 Number ...

Page 294: ...ytes 0 429496 7295 1 F9 0 05CE 2 Port26 Number of jabber frames received 0 429496 7295 1 F9 0 05D0 2 Port26 Number of collisions occured 0 429496 7295 1 F9 0 05D2 2 Port26 Number of late collisions occured 0 429496 7295 1 F9 0 05D4 2 Port26 Number of 64 byte frames rcvd sent 0 429496 7295 1 F9 0 05D6 2 Port26 Number of 65 127 byte frames rcvd sent 0 429496 7295 1 F9 0 05D8 2 Port26 Number of 128 2...

Page 295: ...d 0 429496 7295 1 F9 0 05FE 2 Port27 Number of bad fragments rcvd 64 bytes 0 429496 7295 1 F9 0 0600 2 Port27 Number of jabber frames received 0 429496 7295 1 F9 0 0602 2 Port27 Number of collisions occured 0 429496 7295 1 F9 0 0604 2 Port27 Number of late collisions occured 0 429496 7295 1 F9 0 0606 2 Port27 Number of 64 byte frames rcvd sent 0 429496 7295 1 F9 0 0608 2 Port27 Number of 65 127 by...

Page 296: ...429496 7295 1 F9 0 062E 2 Port28 Number of oversized frames received 0 429496 7295 1 F9 0 0630 2 Port28 Number of bad fragments rcvd 64 bytes 0 429496 7295 1 F9 0 0632 2 Port28 Number of jabber frames received 0 429496 7295 1 F9 0 0634 2 Port28 Number of collisions occured 0 429496 7295 1 F9 0 0636 2 Port28 Number of late collisions occured 0 429496 7295 1 F9 0 0638 2 Port28 Number of 64 byte fram...

Page 297: ...0 429496 7295 1 F9 0 065E 2 Port29 Number of frames with CRC error 0 429496 7295 1 F9 0 0660 2 Port29 Number of oversized frames received 0 429496 7295 1 F9 0 0662 2 Port29 Number of bad fragments rcvd 64 bytes 0 429496 7295 1 F9 0 0664 2 Port29 Number of jabber frames received 0 429496 7295 1 F9 0 0666 2 Port29 Number of collisions occured 0 429496 7295 1 F9 0 0668 2 Port29 Number of late collisi...

Page 298: ...496 7295 1 F9 0 068E 2 Port30 Number of multicast frames received 0 429496 7295 1 F9 0 0690 2 Port30 Number of frames with CRC error 0 429496 7295 1 F9 0 0692 2 Port30 Number of oversized frames received 0 429496 7295 1 F9 0 0694 2 Port30 Number of bad fragments rcvd 64 bytes 0 429496 7295 1 F9 0 0696 2 Port30 Number of jabber frames received 0 429496 7295 1 F9 0 0698 2 Port30 Number of collisions...

Page 299: ...96 7295 1 F9 0 06BE 2 Port31 Number of broadcast frames received 0 429496 7295 1 F9 0 06C0 2 Port31 Number of multicast frames received 0 429496 7295 1 F9 0 06C2 2 Port31 Number of frames with CRC error 0 429496 7295 1 F9 0 06C4 2 Port31 Number of oversized frames received 0 429496 7295 1 F9 0 06C6 2 Port31 Number of bad fragments rcvd 64 bytes 0 429496 7295 1 F9 0 06C8 2 Port31 Number of jabber f...

Page 300: ...tes received 0 429496 7295 1 F9 0 06EE 2 Port32 Total frames received 0 429496 7295 1 F9 0 06F0 2 Port32 Number of broadcast frames received 0 429496 7295 1 F9 0 06F2 2 Port32 Number of multicast frames received 0 429496 7295 1 F9 0 06F4 2 Port32 Number of frames with CRC error 0 429496 7295 1 F9 0 06F6 2 Port32 Number of oversized frames received 0 429496 7295 1 F9 0 06F8 2 Port32 Number of bad f...

Page 301: ...06 2 Serial Port Activity Map Bitmap 0 0808 1 Serial Port 1 Type 0 6 1 F1 Varies 0809 1 Serial Port 2 Type 0 6 1 F1 Varies 080A 1 Serial Port 3 Type 0 6 1 F1 Varies 080B 1 Serial Port 4 Type 0 6 1 F1 Varies 080C 1 Serial Port 5 Type 0 6 1 F1 Varies 080D 1 Serial Port 6 Type 0 6 1 F1 Varies 080E 1 Serial Port 7 Type 0 6 1 F1 Varies 080F 1 Serial Port 8 Type 0 6 1 F1 Varies 0810 1 Serial Port 9 Type...

Page 302: ...l Port 3 Link Status 0 1 1 F1 0 082B 1 Serial Port 4 Link Status 0 1 1 F1 0 082C 1 Serial Port 5 Link Status 0 1 1 F1 0 082D 1 Serial Port 6 Link Status 0 1 1 F1 0 082E 1 Serial Port 7 Link Status 0 1 1 F1 0 082F 1 Serial Port 8 Link Status 0 1 1 F1 0 0830 1 Serial Port 9 Link Status 0 1 1 F1 0 0831 1 Serial Port 10 Link Status 0 1 1 F1 0 0832 1 Serial Port 11 Link Status 0 1 1 F1 0 0833 1 Serial ...

Page 303: ...4 Activity 0 1 1 F1 0 084C 1 Serial Port 5 Activity 0 1 1 F1 0 084D 1 Serial Port 6 Activity 0 1 1 F1 0 084E 1 Serial Port 7 Activity 0 1 1 F1 0 084F 1 Serial Port 8 Activity 0 1 1 F1 0 0850 1 Serial Port 9 Activity 0 1 1 F1 0 0851 1 Serial Port 10 Activity 0 1 1 F1 0 0852 1 Serial Port 11 Activity 0 1 1 F1 0 0853 1 Serial Port 12 Activity 0 1 1 F1 0 0854 1 Serial Port 13 Activity 0 1 1 F1 0 0855 ...

Page 304: ...0 429496 7295 1 F9 0 0870 2 Serial Port 1 framing errors 0 429496 7295 1 F9 0 0872 2 Serial Port 1 overruns 0 429496 7295 1 F9 0 0874 2 Serial Port 2 number of bytes sent 0 429496 7295 1 F9 0 0876 2 Serial Port 2 number of bytes received 0 429496 7295 1 F9 0 0878 2 Serial Port 2 breaks 0 429496 7295 1 F9 0 087A 2 Serial Port 2 parity errors 0 429496 7295 1 F9 0 087C 2 Serial Port 2 framing errors ...

Page 305: ...ors 0 429496 7295 1 F9 0 08A0 2 Serial Port 5 framing errors 0 429496 7295 1 F9 0 08A2 2 Serial Port 5 overruns 0 429496 7295 1 F9 0 08A4 2 Serial Port 6 number of bytes sent 0 429496 7295 1 F9 0 08A6 2 Serial Port 6 number of bytes received 0 429496 7295 1 F9 0 08A8 2 Serial Port 6 breaks 0 429496 7295 1 F9 0 08AA 2 Serial Port 6 parity errors 0 429496 7295 1 F9 0 08AC 2 Serial Port 6 framing err...

Page 306: ...429496 7295 1 F9 0 08D0 2 Serial Port 9 framing errors 0 429496 7295 1 F9 0 08D2 2 Serial Port 9 overruns 0 429496 7295 1 F9 0 08D4 2 Serial Port 10 number of bytes sent 0 429496 7295 1 F9 0 08D6 2 Serial Port 10 number of bytes received 0 429496 7295 1 F9 0 08D8 2 Serial Port 10 breaks 0 429496 7295 1 F9 0 08DA 2 Serial Port 10 parity errors 0 429496 7295 1 F9 0 08DC 2 Serial Port 10 framing erro...

Page 307: ...s 0 429496 7295 1 F9 0 0900 2 Serial Port 13 framing errors 0 429496 7295 1 F9 0 0902 2 Serial Port 13 overruns 0 429496 7295 1 F9 0 0904 2 Serial Port 14 number of bytes sent 0 429496 7295 1 F9 0 0906 2 Serial Port 14 number of bytes received 0 429496 7295 1 F9 0 0908 2 Serial Port 14 breaks 0 429496 7295 1 F9 0 090A 2 Serial Port 14 parity errors 0 429496 7295 1 F9 0 090C 2 Serial Port 14 framin...

Page 308: ...s 0 429496 7295 1 F9 0 0930 2 Serial Port 17 framing errors 0 429496 7295 1 F9 0 0932 2 Serial Port 17 overruns 0 429496 7295 1 F9 0 0934 2 Serial Port 18 number of bytes sent 0 429496 7295 1 F9 0 0936 2 Serial Port 18 number of bytes received 0 429496 7295 1 F9 0 0938 2 Serial Port 18 breaks 0 429496 7295 1 F9 0 093A 2 Serial Port 18 parity errors 0 429496 7295 1 F9 0 093C 2 Serial Port 18 framin...

Page 309: ...s 0 429496 7295 1 F9 0 0960 2 Serial Port 21 framing errors 0 429496 7295 1 F9 0 0962 2 Serial Port 21 overruns 0 429496 7295 1 F9 0 0964 2 Serial Port 22 number of bytes sent 0 429496 7295 1 F9 0 0966 2 Serial Port 22 number of bytes received 0 429496 7295 1 F9 0 0968 2 Serial Port 22 breaks 0 429496 7295 1 F9 0 096A 2 Serial Port 22 parity errors 0 429496 7295 1 F9 0 096C 2 Serial Port 22 framin...

Page 310: ...s 0 429496 7295 1 F9 0 0990 2 Serial Port 25 framing errors 0 429496 7295 1 F9 0 0992 2 Serial Port 25 overruns 0 429496 7295 1 F9 0 0994 2 Serial Port 26 number of bytes sent 0 429496 7295 1 F9 0 0996 2 Serial Port 26 number of bytes received 0 429496 7295 1 F9 0 0998 2 Serial Port 26 breaks 0 429496 7295 1 F9 0 099A 2 Serial Port 26 parity errors 0 429496 7295 1 F9 0 099C 2 Serial Port 26 framin...

Page 311: ...s 0 429496 7295 1 F9 0 09C0 2 Serial Port 29 framing errors 0 429496 7295 1 F9 0 09C2 2 Serial Port 29 overruns 0 429496 7295 1 F9 0 09C4 2 Serial Port 30 number of bytes sent 0 429496 7295 1 F9 0 09C6 2 Serial Port 30 number of bytes received 0 429496 7295 1 F9 0 09C8 2 Serial Port 30 breaks 0 429496 7295 1 F9 0 09CA 2 Serial Port 30 parity errors 0 429496 7295 1 F9 0 09CC 2 Serial Port 30 framin...

Page 312: ... 0 429496 7295 1 F9 0 09DE 2 Serial Port 32 number of bytes received 0 429496 7295 1 F9 0 09E0 2 Serial Port 32 breaks 0 429496 7295 1 F9 0 09E2 2 Serial Port 32 parity errors 0 429496 7295 1 F9 0 09E4 2 Serial Port 32 framing errors 0 429496 7295 1 F9 0 09E6 2 Serial Port 32 overruns 0 429496 7295 1 F9 0 Address Qty Description Min Max Step Unit Format Default ...

Page 313: ... NIST standard cryptographic cipher that uses a block length of 128 bits and key lengths of 128 192 or 256 bit ANSI American National Standards Institute ARP Address Resolution Protocol Enables discovery of a device s MAC address when only its IP address is known AS Autonomous System A set of routers under a single technical administration with an apparently coherent interior routing plan ASCII Am...

Page 314: ...with a DTE DDS Digital Data Service A private line digital service from carriers other than AT T DES Data Encryption Standard DES A NIST standard cryptographic cipher that uses a 56 bit key DHCP Dynamic Host Configuration Protocol DiffServ DIFFerentiated SERVices A type of Quality of Service QoS functionality DLCI Data Link Connection Identifier An identifying number for a private or switched virt...

Page 315: ... Group Management Protocol One of the communications protocols of the Internet Protocol Suite Used to manage membership in multicast groups IKE Internet Key Exchange The protocol used to set up a Security Association in the IPsec protocol suite IP Internet Protocol IPIP IP in IP encapsulation One of the communications protocols of the Internet Protocol Suite Encloses an inner IP header with an out...

Page 316: ...the Internet PFS Perfect Forward Secrecy A property of public key cryptography whereby the compromise of one key does not lead to the compromise of any other keys PoE Power over Ethernet A technology for delivering power along with data to remote devices over the twisted pair cabling of an Ethernet network PVC A point to point connection that is established before its first use and maintained rega...

Page 317: ...ns CTS RTU Remote Terminal Unit A device that collects data from data acquisition equipment and sends it to the main system over a network SA Security Association In IPSec an SA defines a secure unidirectional communication channel between two entities SADB Security Association Database An IPSec database containing security information specific to particular connections Compare to SPD SFP Small Fo...

Page 318: ...he communications protocols of the Internet Protocol Suite Replaces TCP when a reliable delivery is not required URL Uniform Resource Locator VID VLAN Identifier VLAN Virtual Local Area Network A logical subgroup within a local area network that is created with software rather than by physically manipulating cables WAN Wide Area Network WFQ Weighted Fair Queueing A packet scheduling technique that...