UM BasicConfig L2P Rel90 en

User Manual
Basic Configuration
Industrial ETHERNET (Gigabit-)Switch
RS20/RS30/RS40, MS20/MS30, OCTOPUS, PowerMICE,
RSR20/RSR30, MACH 100, MACH 1000, MACH 4000
UM BasicConfig L2P Technical Support

Release 9.0 02/2015 https://hirschmann-support.belden.eu.com
The naming of copyrighted trademarks in this manual, even when not specially indicated, should
not be taken to mean that these names may be considered as free in the sense of the trademark
and tradename protection law and hence that they may be freely used by anyone.
© 2015 Hirschmann Automation and Control GmbH
Manuals and software are protected by copyright. All rights reserved. The copying, reproduction,
translation, conversion into any electronic medium or machine scannable form is not permitted,
either in whole or in part. An exception is the preparation of a backup copy of the software for
your own use. For devices with embedded software, the end-user license agreement on the
enclosed CD/DVD applies.
The performance features described here are binding only if they have been expressly agreed
when the contract was made. This document was produced by Hirschmann Automation and
Control GmbH according to the best of the company's knowledge. Hirschmann reserves the right
to change the contents of this document without prior notice. Hirschmann can give no guarantee
in respect of the correctness or accuracy of the information in this document.
Hirschmann can accept no responsibility for damages, resulting from the use of the network
components or the associated operating software. In addition, we refer to the conditions of use
specified in the license contract.
You can get the latest version of this manual on the Internet at the Hirschmann product site
(www.hirschmann.com).
Hirschmann Automation and Control GmbH

Stuttgarter Str. 45-51
72654 Neckartenzlingen
Germany
Tel.: +49 1805 141538
Rel. 9.0 - 02/2015 – 22.01.2015

Contents
Contents
Safety Information 9
About this Manual 11
Key 13
Introduction 15
1 Access to the user interfaces 17

1.1 System Monitor 18
1.2 Command Line Interface 21
1.3 Graphical User Interface 24
2 Entering the IP Parameters 27

2.1 IP Parameter Basics 29
2.1.1 IP Address (Version 4) 29
2.1.2 Netmask 30
2.1.3 Classless Inter-Domain Routing 34
2.2 Entering IP parameters via CLI 36
2.3 Entering the IP Parameters via HiDiscovery 39
2.4 Loading the system configuration from the ACA 41
2.5 System configuration via BOOTP 43
2.6 System Configuration via DHCP 48
2.7 DHCP-Server Pools per VLAN 51
2.7.1 Application Example 52
2.8 System Configuration via DHCP Option 82 55
2.9 Graphical User Interface IP Configuration 56
2.10 Faulty Device Replacement 59
UM BasicConfig L2P
Release 9.0 02/2015 3
Contents
3 Loading/saving settings 61
3.1 Loading settings 62
3.1.1 Loading from the local non-volatile memory 63
3.1.2 Loading from a file 64
3.1.3 Resetting the configuration to the default settings 66
3.1.4 Loading from the AutoConfiguration Adapter 67
3.1.5 Using the offline configurator 68
3.2 Saving settings 71
3.2.1 Saving locally (and on the ACA) 71
3.2.2 Saving in a binary file or a script file on a URL 73
3.2.3 Saving to a binary file on the PC 74
3.2.4 Saving as a script on the PC 74
3.2.5 Saving as an offline configuration file on the PC 75
3.3 Configuration Signature 76
4 Loading Software Updates 77

4.1 Loading the Software manually from the ACA 79
4.1.1 Selecting the software to be loaded 80
4.1.2 Starting the software 81
4.1.3 Performing a cold start 82
4.2 Automatic software update by ACA 83
4.3 Loading the software from the TFTP server 85
4.4 Loading the Software via File Selection 87
4.5 Bootcode Update via TFTP 88
4.5.1 Updating the Bootcode file 88
4.6 Software update OCTOPUS 90
5 Configuring the Ports 93
6 Assistance in the Protection from Unauthorized

Access 101
6.1 Protecting the device 102
6.2 Password for SNMP access 103
6.2.1 Description of password for SNMP access 103
6.2.2 Entering the password for SNMP access 104
6.3 Telnet/internet/SSH access 108
6.3.1 Description of Telnet Access 108
6.3.2 Description of Web Access (http) 108
UM BasicConfig L2P
4 Release 9.0 02/2015
Contents
6.3.3 Description of SSH Access 109

6.3.4 Switching Telnet/Internet/SSH access on/off 110
6.3.5 Web access through HTTPS 111
6.4 Restricted Management Access 114
6.5 HiDiscovery Access 117
6.5.1 Description of the HiDiscovery Protocol 117
6.5.2 Enabling/disabling the HiDiscovery function 117
6.6 Port access control 118
6.6.1 Description of the port access control 118
6.6.2 Application Example for Port Access Control 119
6.7 Port Authentication IEEE 802.1X 121
6.7.1 Description of Port Authentication according to
IEEE 802.1X 121
6.7.2 Authentication Process according to IEEE 802.1X 122
6.7.3 Preparing the Device for the
IEEE 802.1X Port Authentication 122
6.7.4 IEEE 802.1X Settings 123
6.8 Login Banner 124
6.9 CLI Banner 125
7 Synchronizing the System Time in the Network 127

7.1 Setting the time 128
7.2 SNTP 130
7.2.1 Description of SNTP 130
7.2.2 Preparing the SNTP Configuration 131
7.2.3 Configuring SNTP 132
7.3 Precision Time Protocol 135
7.3.1 Description of PTP Functions 135
7.3.2 Preparing the PTP Configuration 141
7.3.3 Application Example 143
7.4 Interaction of PTP and SNTP 148
8 Network Load Control 151

8.1 Direct Packet Distribution 152
8.1.1 Store and Forward 152
8.1.2 Multi-Address Capability 152
8.1.3 Aging of learned MAC addresses 153
8.1.4 Entering Static Addresses 154
8.1.5 Disabling the Direct Packet Distribution 155
UM BasicConfig L2P
Release 9.0 02/2015 5
Contents
8.2 Multicast Application 157

8.2.1 Description of the Multicast Application 157
8.2.2 Example of a Multicast Application 158
8.2.3 Description of IGMP Snooping 159
8.2.4 Setting IGMP Snooping 160
8.2.5 Description of GMRP 165
8.2.6 Setting GMRP 167
8.3 Rate Limiter 169
8.3.1 Description of the Rate Limiter 169
8.3.2 Rate limiter settings 170
8.3.3 Rate limiter settings for
RS20/RS30/RS40, MS20/MS30, RSR20/RSR30,
MACH 100, MACH 1000 and OCTOPUS 171
8.4 QoS/Priority 173
8.4.1 Description of Prioritization 173
8.4.2 VLAN tagging 174
8.4.3 IP ToS / DiffServ 177
8.4.4 Management prioritization 180
8.4.5 Handling of Received Priority Information 180
8.4.6 Handling of traffic classes 181
8.4.7 Setting prioritization 181
8.5 Flow Control 186
8.5.1 Description of Flow Control 186
8.5.2 Setting the Flow Control 188
8.6 VLANs 189
8.6.1 VLAN Description 189
8.6.2 Examples of VLANs 190
9 Operation Diagnosis 203

9.1 Sending Traps 204
9.1.1 List of SNMP traps 205
9.1.2 SNMP Traps when Booting 206
9.1.3 Configuring Traps 207
9.2 Monitoring the Device Status 209
9.2.1 Configuring the Device Status 210
9.2.2 Displaying the Device Status 211
9.3 Out-of-band Signaling 212
9.3.1 Controlling the Signal Contact 213
9.3.2 Monitoring the Device Status via the Signal Contact 214
9.3.3 Monitoring the Device Functions via the Signal
Contact 214
9.3.4 Monitoring the Fan 215
UM BasicConfig L2P
6 Release 9.0 02/2015
Contents
9.4 Port Status Indication 218

9.5 Event Counter at Port Level 220
9.5.1 Detecting Non-matching Duplex Modes 221
9.5.2 TP Cable Diagnosis 223
9.5.3 Port Monitor 225
9.5.4 Auto Disable 228
9.6 Displaying the SFP Status 230
9.7 Topology Discovery 231
9.7.1 Description of Topology-Detection 231
9.7.2 Displaying the Topology Discovery Results 232
9.8 Detecting IP Address Conflicts 234
9.8.1 Description of IP Address Conflicts 234
9.8.2 Configuring ACD 235
9.8.3 Displaying ACD 235
9.9 Detecting Loops 236
9.10 Reports 237
9.11 Monitoring Data Traffic on the Ports (Port Mirroring) 239
9.12 Syslog 243
9.13 Trap log 246
9.14 MAC Notification 247
A Setting up the Configuration Environment 249

A.1 Setting up a DHCP/BOOTP Server 250
A.2 Setting up a DHCP Server with Option 82 256
A.3 TFTP Server for Software Updates 260
A.3.1 Setting up the TFTP Process 261
A.3.2 Software Access Rights 264
A.4 Preparing access via SSH 265
A.4.1 Generating a key 265
A.4.2 Loading a key onto the device 267
A.4.3 Access through an SSH 267
A.5 HTTPS Certificate 270
A.6 Service Shell 271
UM BasicConfig L2P
Release 9.0 02/2015 7
Contents
B General Information 273

B.1 Management Information Base (MIB) 274
B.2 Abbreviations used 277
B.3 Technical Data 278
B.4 Readers’ Comments 279
C Index 281
D Further Support 285
UM BasicConfig L2P
8 Release 9.0 02/2015
Safety Information
Safety Information
WARNING
UNCONTROLLED MACHINE ACTIONS
To avoid uncontrolled machine actions caused by data loss, configure all
the data transmission devices individually.
Before you start any machine which is controlled via data transmission, be
sure to complete the configuration of all data transmission devices.
Failure to follow these instructions can result in death, serious injury,

or equipment damage.
UM BasicConfig L2P
Release 9.0 02/2015 9
Safety Information
UM BasicConfig L2P
10 Release 9.0 02/2015
About this Manual
About this Manual
The “Basic Configuration” user manual contains the information you need to
start operating the device. It takes you step by step from the first startup
operation through to the basic settings for operation in your environment.
The following thematic sequence has proven itself in practice:

 Set up device access for operation by entering the IP parameters
 Check the status of the software and update it if necessary
 Load/store any existing configuration
 Configure the ports
 Set up protection from unauthorized access
 Optimize the data transmission with network load control
 Synchronize system time in the network
 Perform an operation diagnosis
 Store the newly created configuration in the non-volatile memory
The “Installation” user manual contains a device description, safety

instructions, a description of the display, and the other information that you
need to install the device.
The “Redundancy Configuration” user manual document contains the

information you require to select the suitable redundancy procedure and
configure it.
The “Industry Protocols” user manual describes how the device is connected
by means of a communication protocol commonly used in the industry, such
as EtherNet/IP and PROFINET IO.
The “GUI” reference manual contains detailed information on using the

graphical interface to operate the individual functions of the device.
UM BasicConfig L2P
Release 9.0 02/2015 11
About this Manual
The “Command Line Interface” reference manual contains detailed

information on using the Command Line Interface to operate the individual
functions of the device.
The Industrial HiVision network management software provides you with

additional options for smooth configuration and monitoring:
 ActiveX control for SCADA integration
 Auto-topology discovery
 Browser interface
 Client/server structure
 Event handling
 Event log
 Simultaneous configuration of multiple devices
 Graphical user interface with network layout
 SNMP/OPC gateway
 Maintenance
Hirschmann are continually working on improving and developing their
software. Check regularly whether there is an updated version of the
software that provides you with additional benefits. You find information
and software downloads on the Hirschmann product pages on the
Internet (www.hirschmann.com).
UM BasicConfig L2P
12 Release 9.0 02/2015
Key
Key
The designations used in this manual have the following meanings:
 List
 Work step
 Subheading
Link Cross-reference with link
Note: A note emphasizes an important fact or draws your attention to a dependency.
Courier ASCII representation in the graphical user interface
Execution in the Graphical User Interface
Execution in the Command Line Interface
Symbols used:
WLAN access point
Router with firewall
Switch with firewall
Router
Switch
UM BasicConfig L2P
Release 9.0 02/2015 13
Key
Bridge
Hub
A random computer
Configuration Computer
Server
PLC -
Programmable logic
controller
I/O -
Robot
UM BasicConfig L2P
14 Release 9.0 02/2015
Introduction
Introduction
The device has been developed for use in a harsh industrial environment.
Accordingly, the installation process has been kept simple. Thanks to the
selected default settings, you only have to enter a few settings before starting
to operate the device.
Note: The changes you make in the dialogs are copied into the volatile
memory of the device when you click on "Set".
To save the changes to the device into permanent memory, select the saving
location in the Basic Settings:Load/Save dialog box and click on "Save".
UM BasicConfig L2P
Release 9.0 02/2015 15
Introduction
UM BasicConfig L2P
16 Release 9.0 02/2015
Access to the user interfaces
1 Access to the user interfaces
The device has 3 user interfaces, which you can access via different
interfaces:
 System monitor via the V.24 interface (out-of-band)
 Command Line Interface (CLI) via the V.24 connection (out-of-band) as
well as Telnet or SSH (in-band)
 Graphical User Interface via Ethernet (in-band).
UM BasicConfig L2P
Release 9.0 02/2015 17
Access to the user interfaces 1.1 System Monitor
1.1 System Monitor
The system monitor enables you to

 select the software to be loaded
 perform a software update
 start the selected software
 shut down the system monitor
 delete the configuration saved and
 display the boot code information.
 Starting the System Monitor

Prerequisites
 Terminal cable for connecting the device to your PC (available as an
optional accessory).
 PC with VT100 terminal emulation (such as PuTTY) or serial terminal
Perform the following work steps:
 Use the terminal cable to connect the V.24 port of the device with the
“COM” port of the PC.
 Start the VT100 terminal emulation on the PC.
 Define the following transmission parameters:
– Speed: 9600 Baud
– Data: 8 bit
– Parity: None
– Stopbit: 1 bit
– Flow control: None
Speed 9600 Baud

Data 8 bit
Parity None
Stopbit 1 bit
Handshake Off
Table 1: Data transfer parameters
UM BasicConfig L2P
18 Release 9.0 02/2015
 Start the terminal program on the PC and set up a connection with the
device.
When you boot the device, the message

"Press <1> to enter System Monitor 1"
appears on the terminal.
< Device Name (Boot) Release: 1.00 Build: 2005-09-17 15:36 >
Press <1> to enter System Monitor 1 ...

1
Figure 1: Screen display during the boot process
UM BasicConfig L2P
Release 9.0 02/2015 19
 Press the <1> key within one second to start system monitor 1.
System Monitor
(Selected OS: L3P-06.0.00 (2010-09-09 09:09))
1 Select Boot Operating System

2 Update Operating System
3 Start Selected Operating System
4 End (reset and reboot)
5 Erase main configuration file
sysMon1>
Figure 2: System monitor 1 screen display
 Select a menu item by entering the number.

 To leave a submenu and return to the main menu of system monitor 1,
press the <ESC> key.
UM BasicConfig L2P
20 Release 9.0 02/2015
Access to the user interfaces 1.2 Command Line Interface
1.2 Command Line Interface
The Command Line Interface enables you to use the functions of the device
via a local or remote connection.
The Command Line Interface provides IT specialists with a familiar
environment for configuring IT devices.
The script compatibility of the Command Line Interface enables you, among
other things, to feed multiple devices with the same configuration data, to
create and use partial configurations, or to compare 2 configurations using 2
script files.
You will find a detailed description of the Command Line Interface in the
“Command Line Interface” reference manual.
You can access the Command Line Interface via:

 the V.24 port (out-of-band)
 Telnet (in-band)
 SSH (in-band)
Note: To facilitate making entries, the CLI gives you the option of
abbreviating keywords. Type in the beginning of a keyword. When you press
the tab key, the CLI finishes the keyword.
UM BasicConfig L2P
Release 9.0 02/2015 21
 Opening the Command Line Interface

 Connect the device to a terminal or to a “COM” port of a PC using
terminal emulation based on VT100, and press any key (see on
page 18 “System Monitor”) or
call up the Command Line Interface via Telnet.
A window for entering the user name appears on the screen.
Up to 5 users can access the Command Line Interface.
Copyright (c) 2004-2010 Hirschmann Automation and Control GmbH
All rights reserved
PowerMICE Release L3P-06.0.00
(Build date 2010-09-09 12:13)
System Name: PowerMICE

Mgmt-IP : 10.0.1.105
1.Router-IP: 0.0.0.0
Base-MAC : 00:80:63:51:74:00
System Time: 2010-09-09 13:14:15
User:
Figure 3: Logging in to the Command Line Interface program
 Enter a user name. The default setting for the user name is admin .
Press the Enter key.
 Enter the password. The default setting for the password is private .
Press the Enter key.
You can change the user name and the password later in the
Command Line Interface.
Please note that these entries are case-sensitive.
The start screen appears.
UM BasicConfig L2P
22 Release 9.0 02/2015
NOTE: Enter '?' for Command Help. Command help displays all options
that are valid for the 'normal' and 'no' command forms. For
the syntax of a particular command form, please consult the
documentation.
(Hirschmann Product) >
Figure 4: CLI screen after login
UM BasicConfig L2P
Release 9.0 02/2015 23
Access to the user interfaces 1.3 Graphical User Interface
1.3 Graphical User Interface
The graphical user Interface (GUI) allows you to conveniently define and
monitor the settings of the device from a computer on the network.
You reach the graphical user interface (GUI) with the following programs:
 HiView
 Web browser
 System requirements
Use HiView to open the graphical user interface. This application offers
you the possibility to use the graphical user interface without other
applications such as a Web browser or an installed Java Runtime
Environment (JRE).
Alternatively you have the option to open the graphical user interface in a
Web browser, e.g. in Mozilla Firefox version 3.5 or higher or Microsoft
Internet Explorer version 6 or higher. You need to install the Java Runtime
Environment (JRE) in the most recently released version. You can find
installation packages for your operating system at http://java.com.
 Starting the graphical user interface

The prerequisite for starting the graphical user interface, first configure
the IP parameters of the device correctly.
Starting the graphical user interface in HiView:

 Start HiView.
 In the URL field of the start window, enter the IP address of your
device.
 Click "Open".
HiView sets up the connection to the device and displays the login
window.
UM BasicConfig L2P
24 Release 9.0 02/2015
Start the graphical user interface in the Web browser:

– This requires that Java is enabled in the security settings of your Web
browser.
 Start your Web browser.
 Write the IP address of the device in the address field of the Web
browser. Use the following form: https://xxx.xxx.xxx.xxx
The Web browser sets up the connection to the device and displays the
login window.
Figure 5: Login window
 Select the user name and enter the password.

– Select the user name user to have read access to the device.
– Select the user name admin to have read and write access to the
device.
 Select the language in which you want to use the graphical user
interface.
 Click "Ok".
The Web browser displays the graphical user interface.
UM BasicConfig L2P
Release 9.0 02/2015 25
UM BasicConfig L2P
26 Release 9.0 02/2015
Entering the IP Parameters
2 Entering the IP Parameters
When you install the device for the first time enter the IP parameters.
The device provides the following options for entering the IP parameters
during the first installation:
 Entry using the Command Line Interface (CLI).
You choose this “out of band” method if
 you preconfigure your device outside its operating environment, or
 you need to restore network access (“in-band”) to the device
 Entry using the HiDiscovery protocol.
You choose this “in-band” method on a previously installed network
device or if you have another Ethernet connection between your PC and
the device
 Configuration using the AutoConfiguration Adapter (ACA).
You choose this method if you are replacing a device with a device of the
same type and have already saved the configuration on anACA.
 Using BOOTP.
You choose this “in-band” method to configure the installed device using
BOOTP. You need a BOOTP server for this method. The BOOTP server
assigns the configuration data to the device using its MAC address. The
DHCP mode is the default mode for the configuration data reference, set
the parameter to the BOOTP mode for this method.
 Configuration via DHCP.
You choose this “in-band” method to configure the installed device using
DHCP. You need a DHCP server for this method. The DHCP server
assigns the configuration data to the device using its MAC address or its
system name.
UM BasicConfig L2P
Release 9.0 02/2015 27
Entering the IP Parameters
 Configuration via DHCP Option 82.

You choose this “in-band” method if you want to configure the installed
device using DHCP Option 82. You need a DHCP server with Option 82
for this. The DHCP server assigns the configuration data to the device
using its physical connection (see on page 55 “System Configuration via
DHCP Option 82”).
 Configuration using the graphical user interface.
If the device already has an IP address and is reachable via the network,
then the graphical user interface provides you with another option for
configuring the IP parameters.
UM BasicConfig L2P
28 Release 9.0 02/2015
Entering the IP Parameters 2.1 IP Parameter Basics
2.1 IP Parameter Basics
2.1.1 IP Address (Version 4)

The IP addresses consist of 4 bytes. These 4 bytes are written in decimal
notation, separated by a decimal point.
Since 1992, five classes of IP address have been defined in the RFC 1340.
Class Network Host address Address range

address
A 1 byte 3 bytes 0.0.0.0 to 127.255.255.255
B 2 bytes 2 bytes 128.0.0.0 to 191.255.255.255
C 3 bytes 1 byte 192.0.0.0 to 223.255.255.255
D 224.0.0.0 to 239.255.255.255
E 240.0.0.0 to 255.255.255.255
Table 2: IP address classes
The network address is the fixed part of the IP address. The worldwide
leading regulatory board for assigning network addresses is the IANA
(Internet Assigned Numbers Authority). If you require an IP address block,
contact your Internet service provider. Internet service providers should
contact their local higher-level organization:
 APNIC (Asia Pacific Network Information Center) - Asia/Pacific Region
 ARIN (American Registry for Internet Numbers) - Americas and Sub-
Sahara Africa
 LACNIC (Regional Latin-American and Caribbean IP Address Registry) –
Latin America and some Caribbean Islands
 RIPE NCC (Réseaux IP Européens) - Europe and Surrounding Regions
UM BasicConfig L2P
Release 9.0 02/2015 29
0 Net ID - 7 bits Host ID - 24 bits Class A
I 0 Net ID - 14 bits Host ID - 16 bits Class B
I I 0 Net ID - 21 bits Host ID - 8 bit s Class C
I I I 0 Multicast Group ID - 28 bits Class D
I I I I reserved for future use - 28 b its Class E
Figure 6: Bit representation of the IP address
All IP addresses belong to class A when their first bit is a zero, i.e. the first
decimal number is less than 128.
The IP address belongs to class B if the first bit is a one and the second bit
is a zero, i.e. the first decimal number is between 128 and 191.
The IP address belongs to class C if the first two bits are a one, i.e. the first
decimal number is higher than 191.
Assigning the host address (host ID) is the responsibility of the network
operator. He alone is responsible for the uniqueness of the IP addresses he
assigns.
2.1.2 Netmask
Routers and gateways subdivide large networks into subnetworks. The
netmask assigns the IP addresses of the individual devices to a particular
subnetwork.
The division into subnetworks with the aid of the netmask is performed in
much the same way as the division of the network addresses (net id) into
classes A to C.
UM BasicConfig L2P
30 Release 9.0 02/2015
The bits of the host address (host id) that represent the mask are set to one.
The remaining bits of the host address in the netmask are set to zero (see
the following examples).
Example of a netmask:
Decimal notation
255.255.192.0
Binary notation
11111111.11111111.11000000.00000000
Subnetwork mask bits
Class B
Example of IP addresses with subnetwork assignment when the above

subnet mask is applied:
UM BasicConfig L2P
Release 9.0 02/2015 31
Decimal notation
129.218.65.17
128 < 129 191 › Class B
Binary notation
10000001.11011010.01000001.00010001
Subnetwork 1
Network address
Decimal notation
129.218.129.17
128 < 129 191 › Class B
Binary notation
10000001.11011010.10000001.00010001
Subnetwork 2
Network address
UM BasicConfig L2P
32 Release 9.0 02/2015
 Example of how the network mask is used

In a large network it is possible that gateways and routers separate the
management agent from its management station. How does addressing
work in such a case?
Romeo
Juliet
Lorenzo
LAN 1
LAN 2
Figure 7: Management agent that is separated from its management station by a

router
The management station "Romeo" wants to send data to the

management agent "Juliet". Romeo knows Juliet's IP address and also
knows that the router "Lorenzo" knows the way to Juliet.
Romeo therefore puts his message in an envelope and writes Juliet's IP

address as the destination address. For the source address he writes his
own IP address on the envelope.
Romeo then places this envelope in a second one with Lorenzo's MAC
address as the destination and his own MAC address as the source. This
process is comparable to going from layer 3 to layer 2 of the ISO/OSI base
reference model.
Finally, Romeo puts the entire data packet into the mailbox. This is
comparable to going from layer 2 to layer 1, i.e. to sending the data packet
over the Ethernet.
UM BasicConfig L2P
Release 9.0 02/2015 33
Lorenzo receives the letter and removes the outer envelope. From the
inner envelope he recognizes that the letter is meant for Juliet. He places
the inner envelope in a new outer envelope and searches his address list
(the ARP table) for Juliet's MAC address. He writes her MAC address on
the outer envelope as the destination address and his own MAC address
as the source address. He then places the entire data packet in the mail
box.
Juliet receives the letter and removes the outer envelope. She finds the
inner envelope with Romeo's IP address. Opening the inner envelope and
reading its contents corresponds to transferring the message to the higher
protocol layers of the SO/OSI layer model.
Juliet would now like to send a reply to Romeo. She places her reply in an
envelope with Romeo's IP address as destination and her own IP address
as source. But where is she to send the answer? For she did not receive
Romeo's MAC address. It was lost when Lorenzo replaced the outer
envelope.
In the MIB, Juliet finds Lorenzo listed under the variable

hmNetGatewayIPAddr as a means of communicating with Romeo. She
therefore puts the envelope with the IP addresses in a further envelope
with Lorenzo's MAC destination address.
The letter now travels back to Romeo via Lorenzo, the same way the first
letter traveled from Romeo to Juliet.
2.1.3 Classless Inter-Domain Routing

Class C with a maximum of 254 addresses was too small, and class B with
a maximum of 65,534 addresses was too large for most users. This resulted
in ineffective usage of the class B addresses available.
Class D contains reserved multicast addresses. Class E is reserved for
experimental purposes. A gateway not participating in these experiments
ignores datagrams with these destination addresses.
UM BasicConfig L2P
34 Release 9.0 02/2015
Since 1993, RFC 1519 has been using Classless Inter-Domain Routing
(CIDR) to provide a solution. CIDR overcomes these class boundaries and
supports classless address ranges.
With CIDR, you enter the number of bits that designate the IP address range.
You represent the IP address range in binary form and count the mask bits
that designate the netmask. The netmask indicates the number of bits that
are identical to the network part for the IP addresses in a given address
range. Example:
IP address, decimal Network mask, IP address, binary
decimal
149.218.112.1 255.255.255.128 10010101 11011010 01110000 00000001
149.218.112.127 10010101 11011010 01110000 01111111
25 mask bits
CIDR notation: 149.218.112.0/25
Mask bits
The combination of a number of class C address ranges is known as

“supernetting”. This enables you to subdivide class B address ranges to a
very fine degree.
UM BasicConfig L2P
Release 9.0 02/2015 35
Entering the IP Parameters 2.2 Entering IP parameters via CLI
2.2 Entering IP parameters via

CLI
If you do not configure the system via BOOTP/DHCP, DHCP Option 82, the
HiDiscovery protocol or the AutoConfiguration Adapter ACA, then you
perform the configuration via the V.24 interface using the CLI.
Entering IP addresses
Connect the PC with terminal

program started to the RJ11 socket
Command Line Interface

starts after key press
Log in and change to the

Privileged EXEC Mode
Enter and save IP parameters
End of entering IP addresses
Figure 8: Flow chart for entering IP addresses
UM BasicConfig L2P
36 Release 9.0 02/2015
Note: If a terminal or PC with terminal emulation is unavailable in the vicinity

of the installation location, you can configure the device at your own
workstation, then take it to its final installation location.
 Set up a connection to the device (see on page 18 “Starting the System

Monitor”).
The start screen appears.
NOTE: Enter '?' for Command Help. Command help displays all options
that are valid for the 'normal' and 'no' command forms. For
the syntax of a particular command form, please consult the
documentation.
(Hirschmann PowerMICE) >
 Deactivate DHCP.
 Enter the IP parameters.

 Local IP address
On delivery, the device has the local IP address 0.0.0.0.
 Netmask
If you divided your network into subnetworks, and if these are
identified with a netmask, then enter the netmask here.
UM BasicConfig L2P
Release 9.0 02/2015 37
The default setting of the netmask is 0.0.0.0.

 IP address of the gateway.
You require this entry when installing the device in a different
subnetwork as the management station or TFTP server (see on
page 33 “Example of how the network mask is used”).
Enter the IP address of the gateway between the subnetwork with the
device and the path to the management station.
The default setting of the IP address is 0.0.0.0.
 Save the configuration entered using

copy system:running-config nvram:startup-config.
enable Switch to the privileged EXEC mode.

network protocol none Deactivate DHCP.
network parms 10.0.1.23 Assign the device the IP address 10.0.1.23 and
255.255.255.0 the netmask 255.255.255.0. You have the option
of also assigning a gateway address.
copy system:running-config Save the current configuration to the non-volatile
nvram:startup-config memory.
After entering the IP parameters, you easily configure the device via the
graphical user interface (see the “GUI” reference manual).
UM BasicConfig L2P
38 Release 9.0 02/2015
Entering the IP Parameters 2.3 Entering the IP Parameters via
HiDiscovery
2.3 Entering the IP Parameters

via HiDiscovery
The HiDiscovery protocol enables you to assign IP parameters to the device

via the Ethernet.
You can easily configure other parameters via the graphical user interface
(see the "GUI" Graphic User Interface reference manual).
Install the HiDiscovery software on your PC. The software is on the CD

supplied with the device.
 To install it, you start the installation program on the CD.
 Start the HiDiscovery program.

When you start HiDiscovery, it automatically searches the network for those
devices which support the HiDiscovery protocol.
HiDiscovery uses the first network interface found for the PC. If your
computer has several network cards, you select the one you desire in the
HiDiscovery toolbar.
HiDiscovery displays a line for every device that reacts to the HiDiscovery
protocol.
HiDiscovery enables you to identify the devices displayed.

 Select a device line.
 Click the „Signal“ symbol on the tool bar to set the LEDs for the selected
device to flashing on. To switch off the flashing, click on the symbol again.
 By double-clicking a line, you open a window in which you enter the
device name and the IP parameters.
Note: When the IP address is entered, the device copies the local
configuration settings (see on page 61 “Loading/saving settings”).
UM BasicConfig L2P
Release 9.0 02/2015 39
Entering the IP Parameters 2.3 Entering the IP Parameters via
HiDiscovery
Note: For security reasons, switch off the HiDiscovery function for the device
in the graphical user interface, after you have assigned the IP parameters to
the device (see on page 56 “Graphical User Interface IP Configuration”).
Note: Save the settings so that you will still have the entries after a restart
(see on page 61 “Loading/saving settings”).
UM BasicConfig L2P
40 Release 9.0 02/2015
Entering the IP Parameters 2.4 Loading the system configuration
from the ACA
2.4 Loading the system

configuration from the ACA
The AutoConfiguration Adapter (ACA) is a device for

 for saving the device configuration data and
 saving the device software.
If a device becomes inoperative, the ACA allows you to transfer the

configuration data to a replacement device of the same type.
When you start the device, it checks to see whether an ACA is present. If an
ACA is present with a valid password and valid software, the device loads the
configuration data from the ACA.
The password is valid if

 the entered password matches the password in the ACA, or
 the preset password in the device is entered.
To save the configuration data in the ACA, See 71 “Saving locally (and on the
ACA)”.
UM BasicConfig L2P
Release 9.0 02/2015 41
Entering the IP Parameters 2.4 Loading the system configuration
from the ACA
2 0
3 0 3a 0
1 1
4 4a
Figure 9: Flow chart of loading configuration data from the ACA

1 – Device start-up
2 – ACA plugged-in?
3 – Password in device and ACA identical?
3a – Default password in device?
4 – Load configuration from ACA,
ACA LEDs flashing synchronously
4a –Load configuration from local memory,
ACA LEDs flashing alternately
5 – Configuration data loaded
UM BasicConfig L2P
42 Release 9.0 02/2015
Entering the IP Parameters 2.5 System configuration via BOOTP
2.5 System configuration via

BOOTP
When it is started up via BOOTP (bootstrap protocol), a device receives its

configuration data in accordance with the “BOOTP process” flow chart (see
figure 10).
Note: In its delivery state, the device gets its configuration data from the
DHCP server.
 Activate BOOTP to receive the configuration data (see on page 56

“Graphical User Interface IP Configuration”), or see the CLI:

network protocol bootp Activate BOOTP.
copy system:running-config Activate BOOTP.
nvram:startup-config
y Confirm save.
 Provide the BOOTP server with the following data for a device:
# /etc/bootptab for BOOTP-daemon bootpd
#
# gw -- gateway
# ha -- hardware address
# ht -- hardware type
# ip -- IP address
# sm -- subnet mask
# tc -- template
.global:\
:gw=0.0.0.0:\
:sm=255.255.240.0:
UM BasicConfig L2P
Release 9.0 02/2015 43
switch_01:ht=ethernet:ha=008063086501:ip=10.1.112.83:tc=.global:
switch_02:ht=ethernet:ha=008063086502:ip=10.1.112.84:tc=.global:
.
.
Lines that start with a ‘#’ character are comment lines.
The lines under “.global:” make the configuration of several devices easier.
With the template (tc) you allocate the global configuration data (tc=.global:)
to each device .
The direct allocation of hardware address and IP address is performed in the
device lines (switch-0...).
 Enter one line for each device.

 After ha= enter the hardware address of the device.
 After ip= enter the IP address of the device.
In the appendix, you will find an example for the configuration of a

BOOTP/DHCP server.
See “Setting up a DHCP/BOOTP Server” on page 250.
UM BasicConfig L2P
44 Release 9.0 02/2015
Start-up
Load default
configuration
Device in initalization
Device runs with

settings from
local flash
Send
DHCP Yes DHCP/
or BOOTP
BOOTP? 1
Requests
No
No* Reply from Yes Save IP parameter

DHCP/BOOTP and config file URL
server? locally
initialize IP stack
with IP parameters
Device is manageable
Figure 10: Flow chart for the BOOTP/DHCP process, part 1

* see note figure 11
UM BasicConfig L2P
Release 9.0 02/2015 45
Start tftp process Load remote

with config configuration from
file URL of DHCP Yes URL of DHCP?
No
tftp
successful?
No*
Yes
Load transferred
config file
Save transferred
config file local
and set
boot configuration
to local
Loading of
configurations data
is complete
Figure 11: Flow chart for the BOOTP/DHCP process, part 2
UM BasicConfig L2P
46 Release 9.0 02/2015
Note: The loading process started by DHCP/BOOTP (see on page 43

“System configuration via BOOTP”) shows the selection of “from URL & save
locally” in the “Load” frame. If you get an error message when saving a
configuration, this could be due to an active loading process. DHCP/BOOTP
only finishes a loading process when a valid configuration has been loaded.
If DHCP/BOOTP does not find a valid configuration, then finish the loading
process by loading the local configuration in the “Load” frame.
UM BasicConfig L2P
Release 9.0 02/2015 47
Entering the IP Parameters 2.6 System Configuration via DHCP
2.6 System Configuration via

DHCP
The DHCP (Dynamic Host Configuration Protocol) is a further development

of BOOTP, which it has replaced. The DHCP additionally allows the
configuration of a DHCP client via a name instead of via the MAC address.
For the DHCP, this name is known as the “client identifier” in accordance with
RFC 2131.
The device uses the name entered under sysName in the system group of
the MIB II as the client identifier. You can enter this system name directly via
SNMP, the Web-based management (see system dialog), or the Command
Line Interface.
During startup operation, a device receives its configuration data according

to the “DHCP process” flowchart (see figure 10).
The device sends its system name to the DHCP server. The DHCP server
can then use the system name to allocate an IP address as an alternative to
the MAC address.
In addition to the IP address, the DHCP server sends

 the netmask
 the default gateway (if available)
 the tftp URL of the configuration file (if available)
The device accepts this data as configuration parameters (see on page 56
“Graphical User Interface IP Configuration”). If an IP address was assigned
by a DHCP server, it will be permanently saved locally.
Option Meaning
1 Subnet Mask
2 Time Offset
3 Router
4 Time server
Table 3: DHCP options which the device requests
UM BasicConfig L2P
48 Release 9.0 02/2015
Option Meaning
12 Host Name
42 NTP server
61 Client Identifier
66 TFTP Server Name
67 Bootfile Name
Table 3: DHCP options which the device requests
The advantage of using DHCP instead of BOOTP is that the DHCP server
can restrict the validity of the configuration parameters (“Lease”) to a specific
time period (known as dynamic address allocation). Before this period
(“Lease Duration”) elapses, the DHCP client can attempt to renew this lease.
Alternatively, the client can negotiate a new lease. The DHCP server then
allocates a random free address.
To help avoid this, DHCP servers provide the explicit configuration option of
assigning a specific client the same IP address based on a unique hardware
ID (known as static address allocation).
On delivery, DHCP is activated. As long as DHCP is activated, the device

attempts to obtain an IP address. If it cannot find a DHCP server after
restarting, it will not have an IP address. Activate or deactivate DHCP in the
Basic Settings:Network:Global dialog.
Note: When using Industrial HiVision network management, the user checks
to see that DHCP allocates the original IP address to each device every time.
The appendix contains an example configuration of the BOOTP/DHCP-

server .(see on page 250 “Setting up a DHCP/BOOTP Server”)
Example of a DHCP-configuration file:

# /etc/dhcpd.conf for DHCP Daemon
#
subnet 10.1.112.0 netmask 255.255.240.0 {
option subnet-mask 255.255.240.0;
option routers 10.1.112.96;
UM BasicConfig L2P
Release 9.0 02/2015 49
}
#
# Host berta requests IP configuration
# with her MAC address
#
host berta {
hardware ethernet 00:80:63:08:65:42;
fixed-address 10.1.112.82;
}
#
# Host hugo requests IP configuration
# with his client identifier.
#
host hugo {
#
option dhcp-client-identifier "hugo";
option dhcp-client-identifier 00:68:75:67:6f;
fixed-address 10.1.112.83;
server-name "10.1.112.11";
filename "/agent/config.dat";
}
Lines that begin with the #-character contain comments.

The lines that precede the individual devices indicate settings that apply to
the following device.
The fixed-address line assigns a fixed IP address to the device.
Please refer to your DHCP-Server manual for more details.
UM BasicConfig L2P
50 Release 9.0 02/2015
Entering the IP Parameters 2.7 DHCP-Server Pools per VLAN
2.7 DHCP-Server Pools per VLAN
Devices in the OCTOPUS, MS20/MS30, RS20/RS30/RS40, RSR20/RSR30,

MACH100 and MACH1020/1030 families allow you to configure one or more
IP-address-pools (or simply 'pools') for each VLAN, and switch them on or
off. The DHCP-server responds to requests from clients on the VLANs and
assigns the IP addresses in one of the pools. A pool consists of a list of
entries. An entry can define one IP-address or a series of IP addresses. You
can choose between static or dynamic IP address allocation.
 For dynamic IP-address allocation, you define a dynamic address range
for each VLAN. When a client on a VLAN logs on, the DHCP server
assigns an available IP address from one of the pool entries.
 In the case of static IP address allocation, the DHCP server always
assigns the same IP address to the client on the VLAN. The DHCP server
identifies the client by a unique hardware ID. A static address-entry can
contain only one IP address and can be applied to any VLAN or to a
specific VLAN.
UM BasicConfig L2P
Release 9.0 02/2015 51
2.7.1 Application Example
VLAN A
2
Pool 1
VLAN 2 tagged
DHCP server
Pool 3
1 2 3 4 5 6 7 8 9
Pool 2
VLAN 100 tagged Untagged
VLAN B C
100
Pool 4
DHCP client DHCP client
Figure 12: Example application of the DHCP-server: IP address pools per VLAN
The example application shows how you can set up DHCP-server pools for
each VLAN or interface.
 Configure the VLANs (see Section “VLANs” on page 189).
 Define the desired IP-address ranges and switch on the DHCP-server for
the desired VLANs.
Open the Advanced:DHCP Server:Pool dialog.
Click the Create button to create the desired pool entries.
UM BasicConfig L2P
52 Release 9.0 02/2015
Create
a new pool
Assign pool to Assign pool to Assign pool to

one interface all interfaces one VLAN
Set other
Pool-IDs
Figure 13: DHCP server: Create a pool per VLAN, or for one interface/all interfaces
 Define the DHCP server pools as follows:

 Pool 1: Dynamic. Assign Pool 1 to VLAN 2.
 Pool 2: Dynamic. Assign Pool 2 to all.
 Pool 3: Static. Assign Pool 3 to Interface 6.
 Configure the interfaces for Clients A and B as follows:
 Assign Interface 3 to VLAN 2.
 Assign Interface 6 to VLAN 100.
DHCP-requests from Client A are answered from Pool 1. If the pool is used
up, any subsequent requests are answered only if you have created another
pool.
DHCP-requests from Client B are ignored initially, since VLAN 100 does not
have access to the DHCP server yet.
 To allow DHCP access, add Pool 4:
 Pool 4: Dynamic. Assign Pool 4 to VLAN 100.
The first request is now answered from Pool 3. The next requests are
answered from Pool 4.
Requests from Client C are answered from Pool 2.
UM BasicConfig L2P
Release 9.0 02/2015 53
Note: If Client A (or B) sends an untagged DHCP request, the DHCP server
answers only if you have set the PVID (Port VLAN Identifier) for Interface 3
(or 6) to 2 (or 100). If you have assigned the PVID of an interface to the
Management-VLAN, the requests reach the DHCP server, but the client does
not receive an answer from the VLAN pool.
Note: Depending on the interface settings, the answer from the DHCP server
may be tagged or untagged even if the DHCP request is tagged.
Using the CLI, you configure the pools for each VLAN as follows (for detailed
information, see section “VLANs” on page 189):
 Switch to "VLAN Database" mode.
Create a VLAN, if this does not already exist.
 Switch to "Interface" mode.
Define the ports associated with the VLAN.
 Switch to "Configure" mode.
Create a new pool, if this does not already exist.
dhcp-server pool add <pool_id> dynamic <startIP>
<endIP>
At first, the device assigns "All Interfaces“ and "Management-VLAN" to
the pool.
 Assign the pool to a certain VLAN ID
dhcp-server pool modify <pool_id> mode vlan <vlan_id>
 Switch on the pool.
dhcp-server pool enable <pool_id>
 To reset the VLAN of a pool (i.e. assign "All Interfaces“ and
"Management-VLAN"):
dhcp-server pool modify <pool_id> mode vlan none
Note: When creating pools for VLANs, note that:

 VLANs only support dynamic pools.
 One dynamic pool is allowed for each VLAN.
 To make changes to a pool, switch it off first.
UM BasicConfig L2P
54 Release 9.0 02/2015
Option 82
2.8 System Configuration via

DHCP Option 82
As with the classic DHCP, on startup an agent receives its configuration data
according to the “BOOTP/DHCP process” flow chart (see figure 10).
While the system configuration is based on the classic DHCP protocol on the
device being configured (see on page 48 “System Configuration via DHCP”),
Option 82 is based on the network topology. This procedure gives you the
option of assigning the same IP address to any device which is connected to
a particular location (port of a device) on the LAN.
The installation of a DHCP server is described in the chapter “Setting up a
DHCP Server with Option 82” on page 256.
PLC Switch (Option 82)
Backbone Switch
MAC Address =
IP = 00:80:63:10:9a:d7
10.0.1.100
DHCP Server
IP =
10.0.1.1
IP =
10.0.1.100
Figure 14: Application example of using Option 82
UM BasicConfig L2P
Release 9.0 02/2015 55
Entering the IP Parameters 2.9 Graphical User Interface IP Confi-
guration
2.9 Graphical User Interface IP

Configuration
Use the Basic Settings:Network dialog to define the source from which
the device receives its IP parameters after startup, assign the IP parameters
and VLAN ID, and configure the HiDiscovery access.
UM BasicConfig L2P
56 Release 9.0 02/2015
guration
Figure 15: Network parameters dialog
 Under “Mode”, you enter where the device gets its IP parameters:
 In the BOOTP mode, the configuration is via a BOOTP or DHCP
server on the basis of the MAC address of the device.
See “Setting up a DHCP/BOOTP Server” on page 250.
 In the DHCP mode, the configuration is via a DHCP server on the
basis of the MAC address or the name of the device.
See “Setting up a DHCP Server with Option 82” on page 256.
 In the “local” mode the net parameters in the device memory are used.
 Enter the parameters on the right according to the selected mode.
 You enter the name applicable to the DHCP protocol in the “Name” line in
the Basic Settings:System dialog of the graphical user interface.
 The “VLAN” frame enables you to assign a VLAN to the management

CPU of the device. If you enter 0 here as the VLAN ID (not included in the
VLAN standard version), the management CPU will then be accessible
from all VLANs.
 The HiDiscovery protocol allows you to allocate an IP address to the

device. Activate the HiDiscovery protocol if you want to allocate an IP
address to the device from your PC with the enclosed HiDiscovery
software (default setting: "Operation" On, "Access" read-write).
UM BasicConfig L2P
Release 9.0 02/2015 57
guration
Note: Save the settings so that you will still have the entries after a restart
(see on page 61 “Loading/saving settings”).
UM BasicConfig L2P
58 Release 9.0 02/2015
Entering the IP Parameters 2.10 Faulty Device Replacement
2.10 Faulty Device Replacement
The device provides 2 plug-and-play solutions for replacing a faulty device

with a device of the same type (faulty device replacement):
 Configuring the new device using an AutoConfiguration Adapter (see on
page 41 “Loading the system configuration from the ACA”) or
 configuration via DHCP Option 82 (see on page 256 “Setting up a DHCP
Server with Option 82”)
In both cases, when the new device is started, it is given the same
configuration data that the replaced device had.
Note: If you are replacing a device with DIP switches, check the DIP switch
settings to ensure they are the same.
Note: If you want to access the device via SSH, you also need an SSH key.
To transfer the SSH key of the old device to the new one, you have the
following options:
- If you have already created the key and saved it outside the device (e.g. on
your administration workstation), load the saved key onto the new device
(see on page 267 “Loading a key onto the device”).
- Otherwise create a new SSH key and load it onto the new device (see on
page 265 “Preparing access via SSH”). Note that the new device now
identifies itself by means of another key.
UM BasicConfig L2P
Release 9.0 02/2015 59
Entering the IP Parameters 2.10 Faulty Device Replacement
UM BasicConfig L2P
60 Release 9.0 02/2015
Loading/saving settings
3 Loading/saving settings
The device saves settings such as the IP parameters and the port
configuration in the temporary memory. These settings are lost when you
switch off or reboot the device.
The device allows you to do the following:
 Load settings from a non-volatile memory into the temporary memory
 Save settings from the temporary memory in a non-volatile memory
If you change the current configuration (for example, by switching a port off),
the graphical user interface changes the “load/save” symbol in the navigation
tree from a disk symbol to a yellow triangle. After saving the configuration,
the graphical user interface displays the “load/save” symbol as a disk again.
UM BasicConfig L2P
Release 9.0 02/2015 61
Loading/saving settings 3.1 Loading settings
3.1 Loading settings
When it is restarted, the device loads its configuration data from the local
non-volatile memory. The prerequisites for this are:
 You have not connected an AutoConfiguration Adapter (ACA) and
 the IP configuration is “local”.
During a restart, the device also allows you to load settings from the following
sources:
 a binary file of the AutoConfiguration Adapter. If an ACA is connected to
the device, the device automatically loads its configuration from the ACA
during the boot procedure.
 from a script file of the AutoConfiguration Adapter. If an ACA is connected
to the device, the device automatically loads its configuration from the
script file of the ACA during the boot procedure (see on page 67 “Loading
a script from the ACA”).
Note: Details of times required for a reboot:

 The time required for a cold start is the time taken by the device from the
moment power is switched on until it is fully connected and its
Management-CPU is fully accessible.
 Depending on the device type and the extent of the configuration settings,
a cold start takes at least about 10 seconds.
 Extensive configuration settings will increase the time required for a
reboot, especially if they contain a high number of VLANs. In extreme
cases, a reboot can take up to about 200 seconds.
 A warm start is quicker, since in this case the device skips the software
loading from NVRAM.
UM BasicConfig L2P
62 Release 9.0 02/2015
During operation, the device allows you to load settings from the following
sources:
 the local non-volatile memory
 a file in the connected network (setting on delivery)
 a binary file or an editable and readable script on the PC and
 the firmware (restoration of the configuration on delivery).
Note: When loading a configuration, hold off any accesses to the device until
it has loaded the configuration file and applied the new configuration settings.
Depending on the device type and the extent of the configuration settings,
this process can take between 10 and 200 seconds.
3.1.1 Loading from the local non-volatile memory

When loading the configuration data locally, the device loads the
configuration data from the local non-volatile memory if no ACA is connected
to the device.
 Select the
Basics: Load/Save dialog.
 In the “Load” frame, click “from Device”.
 Click “Restore”.

copy nvram:startup-config The device loads the configuration data from the
system:running-config local non-volatile memory.
UM BasicConfig L2P
Release 9.0 02/2015 63
3.1.2 Loading from a file

The device allows you to load the configuration data from a file in the
connected network if there is no AutoConfiguration Adapter connected to the
device.
 Select the
 In the “Load” frame, click
 “from URL” if you want the device to load the configuration data from a file and
retain the locally saved configuration.
 “from URL & save to Switch” if you want the device to load the configuration data
from a file and save this configuration locally.
 “via PC” if you want the device to load the configuration data from a file on the PC
and retain the locally saved configuration.
 In the “URL” frame, enter the path under which the device will find
the configuration file, if you want to load from the URL.
 Click “Restore”.
Note: When restoring a configuration using one of the options in the

“Load” frame, note the following particulars:
 The device can restore the configuration from a binary or script file:
– The option “from Device” restores the configuration exclusively from the device-
internal binary file.
– The 3 options “from URL”, “from URL and save to Device” or “via PC” can restore
the configuration both from a binary file and from a script file. The script file can
be an offline configuration file (*.ocf) or a CLI script file (*.cli). The device
determines the file type automatically.
 When restoring the configuration from a script file, you first delete
the device configuration so that the default settings are overwritten
correctly. For further information (see on page 66 “Resetting the
configuration to the default settings”)
The URL identifies the path to the tftp server from which the device
loads the configuration file. The URL is in the format
tftp://IP address of the tftp server/path name/file name
(e.g. tftp://10.1.112.5/switch/config.dat).
UM BasicConfig L2P
64 Release 9.0 02/2015
Example of loading from a tftp server

 Before downloading a file from the tftp server, you have to save the
configuration file in the corresponding path of the tftp servers with
the file name, e.g. switch/switch_01.cfg (see on page 73
“Saving in a binary file or a script file on a URL”).
 In the “URL” line, enter the path of the tftp server, e.g.
tftp://10.1.112.214/switch/switch_01.cfg.
Figure 16: Load/Save dialog

copy The device loads the configuration data from a
tftp://10.1.112.159/switch/c tftp server in the connected network.
onfig.dat
nvram:startup-config
UM BasicConfig L2P
Release 9.0 02/2015 65
Note: The loading process started by DHCP/BOOTP (see on page 43

“System configuration via BOOTP”) shows the selection of “from URL & save
locally” in the “Load” frame. If you get an error message when saving a
configuration, this could be due to an active loading process. DHCP/BOOTP
only finishes a loading process when a valid configuration has been loaded.
If DHCP/BOOTP does not find a valid configuration, then finish the loading
process by loading the local configuration in the “Load” frame.
3.1.3 Resetting the configuration to the default

settings
The device enables you to
 reset the current configuration to the default setting. The locally saved
configuration is kept.
 reset the device to the default setting. After the next restart, the IP
address is also in the default setting.
 Select the
 Make your selection in the "Delete" frame.
 Click "Delete configuration". The device will delete its configuration
immediately.
Resetting the device using the system monitor

 Select 5 “Erase main configuration file”
This menu item allows you to reset the current configuration, stored in non
volatile memory, to its default setting. The device also stores a backup
configuration, and a configuration associated with the firmware, in its
Flash memory.
 Press the Enter key to delete the configuration file.
UM BasicConfig L2P
66 Release 9.0 02/2015
3.1.4 Loading from the AutoConfiguration Adapter
 Loading a configuration during the boot procedure

If you connect an ACA to the device and if the passwords on the device
are in the default setting, missing, or the same as those on the ACA, the
device automatically loads its configuration from the ACA during the boot
procedure. After booting, the device updates its configuration in the local
non-volatile memory with the configuration from the ACA.
Note: During the boot procedure, the configuration on the ACA has
priority over the configuration in the local non-volatile memory.
The chapter “Saving locally (and on the ACA)” on page 71 describes how
you can save a configuration file on an ACA.
 Loading a script from the ACA

If the ACA contains a script file, the device automatically loads its
configuration from the script file on the ACA during the boot procedure.
The prerequisites for this are:
 The ACA is connected during the boot procedure.
 There is no binary configuration in the main directory of the ACA.
 The main directory of the ACA contains a file with the name
“autoupdate.txt”.
 The file “autoupdate.txt” is a text file and contains a line whose content
has the format script=<file_name>. Here <file_name> stands
for the name of the script file to be loaded, e.g. custom.cli.
 The file specified using script=<file_name>, e.g. custom.cli, is
located in the main directory of the ACA and is a valid script file.
If the local non-volatile memory of the device contains a configuration, the
device ignores this.
After applying the script, the device updates the configuration in the local
non-volatile memory with the configuration from the script.
In the process, it also writes the current binary configuration to the ACA.
Note: During the boot procedure, a binary configuration on the ACA has
priority over a script on the ACA.
UM BasicConfig L2P
Release 9.0 02/2015 67
The chapter “Saving locally (and on the ACA)” describes how you can
save a script file on an ACA.
 Reporting configuration differences

The device allows you to trigger the following events when the
configuration stored on the ACA does not match the configuration on the
device:
 send a trap (see on page 207 “Configuring Traps”),
 update the device status (see on page 210 “Configuring the Device
Status”),
 update the status of the signal contacts (see on page 213 “Controlling
the Signal Contact”).
3.1.5 Using the offline configurator

The offline configurator allows you to create configurations for devices in
advance. You create the configuration virtually on your PC and load it onto
your device in a 2nd step.
In this way you can prepare and manage the device configuration efficiently,
thus saving time and effort both when creating the configuration and loading
it to the devices.
For more details on using the offline configurator, see the chapter “Loading
a configuration from the offline configurator” in the “GUI” Reference Manual.
UM BasicConfig L2P
68 Release 9.0 02/2015
 Example of using the offline configurator

An IT employee already creates the configuration files for the devices of
a production cell during the planning phase. In doing so, he uses existing
configuration files for a similar production cell and modifies these.
He makes the offline configuration files available to the field service
employee, who mounts the devices on site and then loads the
configuration to the devices. All that is required for this is for the devices
to be reachable and have received an IP address, e.g. via HiDiscovery.
 Data format
The offline configurator reads and writes configuration data in an XML-
based format. The file name extension of these files is “.ocf” (Offline
Configurator Format).
You can use the graphical user interface of the devices to load these files
and thus configure your devices very quickly.
The XML format also allows you to use other tools to create, edit and
manage the offline configuration files and thus optimize your
administration processes.
 Installation and operating requirements

A requirement for the installation is a PC with a Windows™ XP operating
system (with Service Pack 3) or higher.
You install the offline configurator from the product CD included with the
device. To do so, start the “Setup.exe” installation file from the “ocf_setup”
folder.
The offline configurator - like the graphical user interface - uses Java
software 6 (“Java™ Runtime Environment (JRE) Version 1.6.x”).
Install the software from www.java.com.
 Using the offline configurator

Start the offline configurator by double-clicking the “Offline Management”
desktop symbol.
UM BasicConfig L2P
Release 9.0 02/2015 69
For more details on using the offline configurator, see the chapter
“Loading a configuration from the offline configurator” in the “GUI”
Reference Manual.
UM BasicConfig L2P
70 Release 9.0 02/2015
Loading/saving settings 3.2 Saving settings
3.2 Saving settings
In the “Save” frame, you have the option to
 save the current configuration on the device,

 save the current configuration in binary form in a file under the specified
URL, or as an editable and readable script,
 save the current configuration in binary form or as an editable and
readable CLI script on the PC,
 save the current configuration for the offline configurator on the PC in
XML format.
3.2.1 Saving locally (and on the ACA)

The device allows you to save the current configuration data in the local non-
volatile memory and in the ACA.
 Select the
 In the "Load" options, click on "From device".
 Click on "Save".
The device saves the current configuration data in the local non-
volatile memory and also, if a ACA is connected, in the ACA.

copy system:running-config The device saves the current configuration data
nvram:startup-config in the local non-volatile memory and also, if a
ACA is connected, in the ACA
UM BasicConfig L2P
Release 9.0 02/2015 71
Note: After you have successfully saved the configuration on the device, the
device sends a trap hmConfigurationSavedTrap together with the
information about the AutoConfiguration Adapter (ACA), if one is connected.
When you change the configuration for the first time after saving it, the device
sends a trap hmConfigurationChangedTrap.
Note: The device allows you to trigger the following events when the
configuration stored on the ACA does not match the configuration on the
device:
 send a trap (see on page 207 “Configuring Traps”),
 update the device status (see on page 210 “Configuring the Device
Status”),
 update the status of the signal contacts (see on page 213 “Controlling the
Signal Contact”).
 Skip ACA21 during the boot phase

The device allows you to skip the ACA21 AutoConfiguration Adapter (if
connected) during the boot phase. In this case, the device ignores the
ACA21 during the boot phase. This shortens the boot phase of the device
by 1 to 4 seconds. If you have enabled this function, ACA21-functionality
becomes available as usual after the boot phase. The device simply skips
the ACA21-loading procedures during the boot phase.
enable Switch to Privileged EXEC mode..

configure Switch to Global Configure mode.
#boot skip-aca-on-boot Skip ACA during the boot phase.
enable (default setting: disabled).
#boot skip-aca-on-boot Include the ACA during the boot phase.
disable
#show boot skip-aca- Show whether the "Skip ACA during boot phase"function
on-boot is enabled.
UM BasicConfig L2P
72 Release 9.0 02/2015
3.2.2 Saving in a binary file or a script file on a

URL
The device allows you to save the current configuration data in a file in the
connected network.
Note: The configuration file includes all configuration data, including the
password. Therefore pay attention to the access rights on the tftp server.
 Select the
 In the “Save” frame, choose “to URL (binary)”
to create a binary file, or “to URL (script)”
to create an editable and readable script file.
 In the “URL” frame, enter the path under which you want the device
to save the configuration file.
The URL identifies the path to the tftp server on which the device saves
the configuration file. The URL is in the format
(e.g. tftp://10.1.112.5/switch/config.dat).
 Click "Save".

copy nvram:startup-config The device saves the configuration data in a
tftp://10.1.112.159/ binary file on a tftp server in the connected
switch/config.dat network
copy nvram:script The device saves the configuration data in a
tftp://10.0.1.159/switch/ script file on a tftp server in the connected
config.txt network.
UM BasicConfig L2P
Release 9.0 02/2015 73
Note: If you save the configuration in a binary file, the device saves all
configuration settings in a binary file.
In contrast to this, the device only saves those configuration settings that
deviate from the default setting when saving to a script file.
When loading script files, these are only intended for overwriting the default
setting of the configuration.
3.2.3 Saving to a binary file on the PC

The device allows you to save the current configuration data in a binary file
on your PC.
 Select the
 In the "Save" frame, click "on the PC (binary)".
 In the save dialog, enter the name of the file in which you want the
device to save the configuration file.
 Click "Save".
3.2.4 Saving as a script on the PC

The device allows you to save the current configuration data in an editable
and readable file on your PC.
UM BasicConfig L2P
74 Release 9.0 02/2015
 Select the
 In the “Save” frame, click “to PC (script)”.
 Click "Save".
3.2.5 Saving as an offline configuration file on the

PC
The device allows you to save the current configuration data for the offline
configurator in XML form in a file on your PC.
 Select the
 In the “Save” frame, click “to PC (ocf)”.
 Click "Save".
UM BasicConfig L2P
Release 9.0 02/2015 75
Loading/saving settings 3.3 Configuration Signature
3.3 Configuration Signature
The device assigns a checksum or signature to identify a configuration so

that changes to that configuration are visible. Every time you save a
configuration, the device generates a random sequence of numbers and/or
letters for the configuration signature. This signature changes every time you
change the configuration. Each configuration has a unique identifier.
The device stores the random generated signature with the configuration to
verify that the device maintained the configuration after a reboot.
The signature consists of a configuration file checksum and a random
number. The device checks the signature to verify that it is different from
previous generated numbers.
UM BasicConfig L2P
76 Release 9.0 02/2015
Loading Software Updates
4 Loading Software Updates
Hirschmann is working constantly to improve the performance of their

procucts. Therefore, on the Hirschmann web page (www.hirschmann.com)
you may find a newer release of the device software than the one installed
on your device.
 Checking the installed Software Release
 Open the Basic Settings:Software dialog.

 This dialog indicates the Release Number of the software installed
in the device.
enable Switch to Privileged EXEC mode.

show sysinfo Show system information.
Alarm...................................... None
System Description......................... Hirschmann Railswitch

System Name................................ RS-1F1054
System Location............................ Hirschmann Railswitch
System Contact............................. Hirschmann Automation
and Control GmbH
System Up Time............................. 0 days 0 hrs 45 mins
57 secs
System Date and Time (local time zone)..... 2009-11-12 14:15:16
System IP Address.......................... 10.0.1.13
Boot Software Release...................... L2B-05.2.00
Boot Software Build Date................... 2009-11-12 13:14
OS Software Release........................ L2B-03.1.00
OS Software Build Date..................... 2009-11-12 13:14
Hardware Revision.......................... 1.22 / 4 / 0103
Hardware Description....................... RS20-1600T1T1SDAEHH
Serial Number.............................. 943434023000001191
Base MAC Address........................... 00:80:63:1F:10:54
Number of MAC Addresses.................... 32 (0x20)
UM BasicConfig L2P
Release 9.0 02/2015 77
Loading Software Updates
 Loading the software

The device gives you 4 options for loading the software:
 manually from the ACA (out-of-band),
 automatically from the ACA (out-of-band),
 via TFTP from a tftp server (in-band) and
 via a file selection dialog from your PC.
Note: The existing configuration of the device is still there after the new
software is installed.
UM BasicConfig L2P
78 Release 9.0 02/2015
Loading Software Updates 4.1 Loading the Software manually
from the ACA
4.1 Loading the Software

manually from the ACA
You can connect the AutoConfiguration Adapter (ACA) to a USB port of your
PC like a conventional USB stick and copy the device software into the main
directory of the ACA.
 Copy the device software from your computer to the ACA.
 Now connect the ACA to the device‘s USB port.
 Open the system monitor (see on page 18 “Starting the System Monitor”).
 Select 2 and press the Enter key to copy the software from the ACA into
the local memory of the device.
At the end of the update, the system monitor asks you to press any key to
continue.
 Select 3 to start the new software on the device.
The system monitor offers you additional options in connection with the
software on your device:
 selecting the software to be loaded
 starting the software
 performing a cold start
UM BasicConfig L2P
Release 9.0 02/2015 79
from the ACA
4.1.1 Selecting the software to be loaded

In this menu item of the system monitor, you select one of two possible
software releases that you want to load.
The following window appears on the screen:
Select Operating System Image
(Available OS: Selected: 05.0.00 (2009-08-07 06:05), Backup: 04.2.00

(2009-07-06 06:05 (Locally selected: 05.0.00 (2009-08-07 06:05))
1 Swap OS images
2 Copy image to backup
3 Test stored images in Flash mem.
4 Test stored images in USB mem.
5 Apply and store selection
6 Cancel selection
Figure 17: Update operating system screen display
UM BasicConfig L2P
80 Release 9.0 02/2015
from the ACA
 Swap OS images
The memory of the device provides space for two images of the software.
This allows you, for example, to load a new version of the software without
deleting the existing version.
 Select 1 to load the other software in the next booting process.
 Copy image to backup

 Select 2 to save a copy of the active software.
 Test stored images in flash memory

 Select 3 to check whether the images of the software stored in the
flash memory contain valid codes.
 Test stored images in USB memory

 Select 4 to check whether the images of the software stored in the
ACA contain valid codes.
 Apply and store selection

 Select 5 to confirm the software selection and to save it.
 Cancel selection
 Select 6 to leave this dialog without making any changes.
4.1.2 Starting the software

This menu item (Start Selected Operating System) of the system monitor
UM BasicConfig L2P
Release 9.0 02/2015 81
from the ACA
allows you to start the software selected.
4.1.3 Performing a cold start

This menu item (End (reset and reboot)) of the system monitor allows you to
reset the hardware of the device and perform a restart.
UM BasicConfig L2P
82 Release 9.0 02/2015
Loading Software Updates 4.2 Automatic software update by
ACA
4.2 Automatic software update

by ACA
 For a software update via the ACA, first copy the new device software into
the main directory of the AutoConfiguration Adapter. If the version of the
software on the ACA is newer or older than the version on the device, the
device performs a software update.
Note: Software versions with release 06.0.00 and higher in the non-
volatile memory of the device support the software update via the ACA. If
the device software is older, you have the option of loading the software
manually from the ACA. See “Loading the Software manually from the
ACA” on page 79.
 Give the file the name that matches the device type and the software
variant, e.g. rsL2P.bin for device type RS2 with the software variant L2P.
Please note the case-sensitivity here.
If you have copied the software from a product CD or from a Web server
of the manufacturer, the software already has the correct file name.
 Also create an empty file with the name “autoupdate.txt” in the main
directory of the ACA. Please note the case-sensitivity here.
 Connect the AutoConfiguration Adapter to the device and restart the
device.
 The device automatically performs the following steps:
– During the booting process, it checks whether an ACA is connected.
– It checks whether the ACA has a file with the name “autoupdate.txt” in
the main directory.
– It checks whether the ACA has a software file with a name that
matches the device type in the main directory.
– If compares the software version stored on the ACA with the one
stored on the device.
– If these conditions are fulfilled, the device loads the software from the
ACA to its non-volatile memory as the main software.
– The device keeps a backup of the existing software in the non-volatile
memory.
– The device then performs a cold start, during which it loads the new
software from the non-volatile memory.
UM BasicConfig L2P
Release 9.0 02/2015 83
Loading Software Updates 4.2 Automatic software update by
ACA
One of the following messages in the log file indicates the result of the update
process:
 S_watson_AUTOMATIC_SWUPDATE_SUCCESSFUL: Update
completed successfully.
 S_watson_AUTOMATIC_SWUPDATE_FAILED_WRONG_FILE: Update
failed. Reason: incorrect file.
 S_watson_AUTOMATIC_SWUPDATE_FAILED_SAVING_FILE: Update
failed. Reason: error when saving.
 In your browser, click on “Reload” so that you can use the graphical user
interface to access the device again after it is booted.
UM BasicConfig L2P
84 Release 9.0 02/2015
Loading Software Updates 4.3 Loading the software from the
TFTP server
4.3 Loading the software from

the TFTP server
For a software update via TFTP, you need a TFTP server on which the
software to be loaded is stored (see on page 260 “TFTP Server for Software
Updates”).
 Select the Basics:Software dialog.
The URL identifies the path to the software stored on the tftp server. The URL
is in the format
(e.g. tftp://192.168.1.1/device/device.bin).
 Enter the path of the device software.
 Click on “tftp Update” to load the software from the tftp server to the
device.
UM BasicConfig L2P
Release 9.0 02/2015 85
Loading Software Updates 4.3 Loading the software from the
TFTP server
Figure 18: Software update dialog
 After successfully loading it, you activate the new software:

Select the dialog Basic Settings:Restart and perform a cold
start.
In a cold start, the device reloads the software from the permanent
memory, restarts, and performs a self-test.
 After booting the device, click “Reload” in your browser to access the
device again.

copy Transfer the “product.bin” software file to the
tftp://10.0.1.159/product.b device from the tftp server with the IP address
in system:image 10.0.1.159.
UM BasicConfig L2P
86 Release 9.0 02/2015
Loading Software Updates 4.4 Loading the Software via File
Selection
4.4 Loading the Software via File

Selection
For a software update via a file selection window, the device software must
be on a data carrier that you can access from your PC.
 Select the Basics:Software dialog.

 In the file selection frame, click on “...”.
 In the file selection window, select the device software (name type:
*.bin, e.g. device.bin) and click on “Open”.
 Click on “Update” to transfer the software to the device.
The end of the update is indicated by one of the following messages:
 Update finished.
 Update aborted. Reason: incorrect file.
 Update aborted. Reason: saving unsuccessful.
 File not found (reason: file name not found or does not exist).
 Unsuccessful Connection (reason: path without file name).
 After the update is completed successfully, you activate the new
software:
Select the Basic settings: Restart dialog and perform a cold
start.
In a cold start, the device reloads the software from the non-volatile
memory, restarts, and performs a self-test.
 In your browser, click on “Reload” so that you can access the device
again after it is booted.
UM BasicConfig L2P
Release 9.0 02/2015 87
Loading Software Updates 4.5 Bootcode Update via TFTP
4.5 Bootcode Update via TFTP
In very rare cases, a bootcode with an expanded functionality is required to

perform a software update. In such a case the service desk requests that you
update the bootcode before performing the software update.
4.5.1 Updating the Bootcode file

For a tftp update, you need a tftp server to store the bootcode.
The URL identifies the path to the bootcode stored on the tftp server. The
URL is in the format
(for example: ).tftp://192.168.1.1/device/device_bootrom.img
 Open the Basic Settings:Software dialog.

 In the "tftp Software Update" frame, click the "Bootcode" radio
button.
 Enter the path to the bootcode bin file in the "URL" text box.
 To start the update, click "Update".
 To start the new bootcode after loading, open the Basic
Settings:Restart dialog and click "Cold start...".
Note: You need read-write access for this dialog.
enable Change to the privileged EXEC mode.
UM BasicConfig L2P
88 Release 9.0 02/2015
Loading Software Updates 4.5 Bootcode Update via TFTP
configure Change to the Configuration mode.

copy <url> system:bootcode Copy the bootcode bin file from the tftp server to
the device.
UM BasicConfig L2P
Release 9.0 02/2015 89
Loading Software Updates 4.6 Software update OCTOPUS
4.6 Software update OCTOPUS
 Designations for the software images of the OCTOPUS

family devices
Device Designation Rel. 7.0 Designation Rel. 7.1
OCTOPUS 8M, omL2P.bin octL2P.bin
OCTOPUS 16M,
OCTOPUS 24M
OCTOPUS OS 20, orL2P.bin osL2P.bin
OCTOPUS OS 30
OCTOPUS OS 32 omL2P.bin -
Table 4: Designations for the software images of the OCTOPUS family devices
UM BasicConfig L2P
90 Release 9.0 02/2015
 Update instruction for the OCTOPUS 8M, OCTOPUS 16M

and OCTOPUS 24M devices
Note: Requirements for the software update:

The device has the device software version 07.0.03 (or higher) and the
boot software version 05.0.00 (or higher) installed.
 The currently installed version of the device software and boot

software you find in the CLI with the command "show sysinfo".
Example:
show sysinfo......
...
Boot Software Release................. L2P-06.0.03
...
Running Software Release.............. L2P-07.0.03
...
 Step 1:
 Update the device software to version 07.0.03.
 Restart the device.
 Step 2:
 Update the boot software. Use the CLI only; type the command:
copy tftp://<server IP>/<path>/octL2P_boot.img
system:bootcode
 Restart the device.
 Step 3:
 Update the device software to version 07.1.00. Consider the
designations of the software images.
UM BasicConfig L2P
Release 9.0 02/2015 91
UM BasicConfig L2P
92 Release 9.0 02/2015
Configuring the Ports
5 Configuring the Ports
The port configuration consists of:

 Switching the port on and off
 Selecting the operating mode
 Activating the display of connection error messages
 Configuring Power over ETHERNET.
 Switching the port on and off

In the default setting, every port is switched on. For a higher level of
access security, switch off the ports for which you are not making any
connection.
 Select the
Basics:Port Configuration dialog.
 In the "Port on" column, select the ports that are connected to
another device.
 Selecting the operating mode

In the default setting, the ports are set to "Automatic Configuration"
operating mode.
Note: The active automatic configuration has priority over the manual
configuration.
 Select the
 If the device connected to this port requires a fixed setting
– select the operating mode (transmission rate, duplex mode) in the "Manual
configuration" column and
– deactivate the port in the "Automatic configuration" column.
UM BasicConfig L2P
Release 9.0 02/2015 93
 Disable unused module slots

This function is available for the MS, PowerMICE, MACH102 and
MACH4000 devices.
When you plug a module in an empty slot on modular devices, the device
configures the module with the default settings. The default settings allow
access to the network. To help prevent network access, the feature adds
the possibility to disable an unused slot.
 Open the Basics:Modules dialog.

 Deactivate the unused slots in the "Enabled" column.
 Displaying detected loss of connection

In the default setting, the device displays a detected connection error via
the signal contact and the LED display. The device allows you to suppress
this display, because you do not want to interpret a switched off device as
an interrupted connection, for example.
 Select the
 In the "Propagate connection error" column, select the ports for
which you want to have link monitoring.
 Power over Ethernet konfigurieren

Devices with Power over ETHERNET (PoE) media modules or PoE ports
enable you to supply current to terminal devices such as IP phones via
the twisted-pair cable. PoE media modules and PoE ports support Power
over ETHERNET in accordance with IEEE 802.3af.
The Power over ETHERNET function is globally active and the PoE-
capable ports are active on delivery.
For devices MACH 102 and MACH 104:

The device supports Power over ETHERNET according to IEEE 802.3at
(PoE+) and allows you to supply current to devices such as IP phones via
the twisted-pair cable.
On delivery, the Power over ETHERNET function is activated globally and
on all PoE-capable ports.
UM BasicConfig L2P
94 Release 9.0 02/2015
Nominal power for MS20/30, MACH 1000 and PowerMICE:

The device provides the nominal power for the sum of all PoE ports plus
a surplus. Because the PoE media module gets its PoE voltage
externally, the device does not know the possible nominal power.
The device therefore assumes a “nominal power” of 60 Watt per PoE
media module for now.
Nominal power for OCTOPUS 8M-PoE:

The device provides the nominal power for the sum of all PoE ports, plus
a power reserve. Since the device draws its PoE voltage from outside, it
cannot know what the nominal power is.
Instead, the device therefore assumes a nominal power value of 15 Watt
per PoE port.
Nominal power for MACH 102 with modules M1-8TP-RJ45-PoE:

The device can take 2 PoE modules M1-8TP-RJ45 PoE and provides a
nominal power of 124 W plus a surplus for each module. Should the
connected devices require more PoE power than is provided, the device
then switches PoE off at the ports. Initially, the device switches PoE off at
the ports with the lowest PoE priority. If multiple ports have the same
priority, the device first switches PoE off at the ports with the higher port
number.
Nominal power for MACH 104 16TX-PoEP:

The device provides a nominal power of 248 W for the sum of all PoE
ports plus a surplus. Should the connected devices require more PoE
power than is provided, the device then switches PoE off at the ports.
Initially, the device switches PoE off at the ports with the lowest PoE
priority. If multiple ports have the same priority, the device first switches
PoE off at the ports with the higher port number.
Nominal power for MACH 104 20TX-F-4PoE:

a surplus. Should the connected devices require more PoE power than is
provided, the device then switches PoE off at the ports. Initially, the device
switches PoE off at the ports with the lowest PoE priority. If multiple ports
have the same priority, the device first switches PoE off at the ports with
the higher port number.
UM BasicConfig L2P
Release 9.0 02/2015 95
Nominal power for MACH 4000:

a surplus. Should the connected devices require more PoE power than is
provided, the device then switches PoE off at the ports. Initially, the device
switches PoE off at the ports with the lowest PoE priority. If multiple ports
have the same priority, the device first switches PoE off at the ports with
the higher port number.
 Global settings
– For devices with PoE select the
Basic Settings:Power over Ethernet dialog.
Basic Settings:Power over Ethernet Plus:Global dialog.
Frame "Operation":
 With “Function On/Off” you turn the PoE on or off.
Frame "Configuration":
 With “Send Trap” you can get the device to send a trap in the
following cases:
– If a value exceeds/falls below the performance threshold.
– If the PoE supply voltage is switched on/off on at least one port.
 Enter the power threshold in “Threshold”. When the device exceeds
or is below this value, the device will send a trap, provided that you
enable the “Send Trap” function. For the power threshold you enter
the power yielded as a percentage of the nominal power.
 “Budget [W]” displays the power that the device nominally provides
to the PoE ports.
 “Reserved [W]” displays the maximum power that the device
provides to the connected PoE devices on the basis of their
classification.
 “Delivered [W]” shows how large the current power requirement is
on the PoE ports.
The difference between the "nominal" and "reserved" power indicates
how much power is still available to the free PoE+ ports.
UM BasicConfig L2P
96 Release 9.0 02/2015
 Port settings
Basic Settings:Power over Ethernet dialog.
– For devices with PoE+ select the
Basic Settings:Power over Ethernet Plus:Port dialog.
The table only shows ports that support PoE.
 In the “POE on” column, you can enable/disable PoE at this port.
 The “Status” column indicates the PoE status of the port.
 In the “Priority” column (MACH 4000), set the PoE priority of the port
to “low”, “high” or “critical”.
 The "Class" column indicates the class of the connected device:
Class: Maximum delivered power
0: 15.4 W = As-delivered state
1: 4.0 W
2: 7.0 W
3: 15.4 W
4: reserved, treated as Class 0
 For devices MACH 102 and MACH 104:

The "Class" column indicates the class of the connected device:
Class: Maximum delivered power
0: 15.4 W = As-delivered state
1: 4.0 W
2: 7.0 W
3: 15.4 W
4: 30.0 W
 The column „Consumption [W]“ displays the current power
delivered at the respective port.
 The “Name” column indicates the name of the port, see
Basic settings:Port configuration.
UM BasicConfig L2P
Release 9.0 02/2015 97
Figure 19: Power over Ethernet dialog
Figure 20: Power over Ethernet Plus, Global dialog (MACH 102 and
MACH 104)
UM BasicConfig L2P
98 Release 9.0 02/2015
Figure 21: Power over Ethernet Plus, Port dialog (MACH 102 and MACH 104)
 Switch on PoE power supply

OCTOPUS PoE devices let you switch on the PoE power supply before
loading and starting the software. This means that the connected PoE
devices (powered devices) are supplied with the PoE voltage more
quickly and the start phase of the whole network is shorter.

#inlinepower fast-startup Switch on Inline Power Fast Startup (disabled in
enable the as-delivered state).
#inlinepower fast-startup Switch off Inline Power Fast Startup.
disable
#show inlinepower Show Power over Ethernet System Information
(Fast Startup and other information).
UM BasicConfig L2P
Release 9.0 02/2015 99
 Cold start with detected errors

This function lets you reset the device automatically with a cold start in the
following cases:
 if an error is detected
(selftest reboot-on-error enable)
or
 only if a serious error is detected
(selftest reboot-on-error seriousOnly)
If the function selftest reboot-on-error seriousOnly is

enabled, the device behaves as follows:
 If an error is detected in a subsystem (for example, if an HDX/FDX
mismatch is detected on a port), cold starts of the device are dropped.
 However, if an error affecting the function of the entire device is
detected, the device still carries out a cold start.
 The device sends a trap (see on page 204 “Sending Traps”).
Note: If the selftest reboot-on-error seriousOnly function is

enabled and the device detects an HDX/FDX mismatch, automatic cold
starts of the device are dropped. In this case, to return the affected port(s)
to a usable condition, open the Basic Settings:Reboot dialog and
carry out a cold start of the device.

#selftest reboot-on-error Switch on the "Cold start if error detected“ function.
enable
#selftest reboot-on-error Switch on the "Cold start only if serious error
seriousOnly detected“ function.
#selftest reboot-on-error Switch off the "Cold start if error detected“ function
disable (enabled in the as-delivered state).
#show selftest Show status of the "Cold start if error detected"
function (Enabled/Disabled/seriousOnly).
UM BasicConfig L2P
100 Release 9.0 02/2015
Assistance in the Protection from
Unauthorized Access
6 Assistance in the Protection

from Unauthorized Access
The device provides the following functions to help prevent unauthorised

accesses.
 Password for SNMP access
 Telnet/internet/SSH access can be switched off
 Restricted Management access
 HiDiscovery-Function can be switched off
 Port access control by IP or MAC address
 IEEE 802.1X standard port authentication
 Login Banner
UM BasicConfig L2P
Release 9.0 02/2015 101
Assistance in the Protection from 6.1 Protecting the device
Unauthorized Access
6.1 Protecting the device
If you want to maximize the protection of the device against unauthorized

access in just a few steps, you can perform the following steps on the device
as required:
 Deactivate SNMPv1 and SNMPv2 and select a password for SNMPv3
access other than the standard password (see on page 104 “Entering the
password for SNMP access”).
 Deactivate the Web access after you have downloaded the applet for the
graphical user interface onto your management station. You can start the
applet as an independent program in order to have SNMPv3 access to the
device.
Deactivate Telnet access.
If necessary, deactivate SSH access.
See “Switching Telnet/Internet/SSH access on/off” on page 110.
 Deactivate HiDiscovery access.
Note: Retain at least one option to access the device. Connecting to the
device via V.24 serial access is possible, since it cannot be deactivated.
UM BasicConfig L2P
102 Release 9.0 02/2015
Assistance in the Protection from 6.2 Password for SNMP access
Unauthorized Access
6.2 Password for SNMP access
6.2.1 Description of password for SNMP access

A network management station communicates with the device via the Simple
Network Management Protocol (SNMP).
Every SNMP packet contains the IP address of the sending computer and the
password with which the sender of the packet wants to access the device
MIB.
The device receives the SNMP packet and compares the IP address of the
sending computer and the password with the entries in the device MIB.
If the password has the appropriate access right, and if the IP address of the
sending computer has been entered, then the device will allow access.
In the delivery state, the device is accessible via the password "public" (read
only) and "private" (read and write) to every computer.
To help protect your device from unwanted access:
 First define a new password with which you can access from your
computer with all rights.
 Treat this password as confidential, because everyone who knows the

password can access the device MIB with the IP address of your
computer.
 Limit the access rights of the known passwords or delete their entries.
UM BasicConfig L2P
Release 9.0 02/2015 103
Unauthorized Access
6.2.2 Entering the password for SNMP access
 Select the Security:Password/SNMP Access dialog.

This dialog gives you the option of changing the read and read/write
passwords for access to the device via the graphical user interface, via
the CLI, and via SNMPv3 (SNMP version 3).
Set different passwords for the read password and the read/write
password so that a user that only has read access (user name “user”)
does not know, or cannot guess, the password for read/write access
(user name “admin”).
If you set identical passwords, when you attempt to write this data the
device reports a general error.
The graphical user interface and the command line interface (CLI) use
the same passwords as SNMPv3 for the users “admin” and “user”.
Note: Passwords are case-sensitive.

 Select “Modify Read-Only Password (User)” to enter the read
password.
 Enter the new read password in the “New Password” line and repeat
your entry in the “Please retype” line.
 Select “Modify Read-Write Password (Admin)” to enter the
read/write password.
 Enter the read/write password and repeat your entry.
 The "Accept only encrypted requests" function encrypts the data of
the Web-based management that is transferred between your PC
and the device with SNMPv3. You can set the funtion differently for
access with a read password and access with a read/write
password.
 When you activate the "Synchronize password to v1/v2 community"
function, when the password is changed the device synchronizes
the corresponding community name.
– When you change the password for the read/write access, the device updates the
readWrite community for the SNMPv1/v2 access to the same value.
– When you change the password for the read access, the device updates the
readOnly community for the SNMPv1/v2 access to the same value.
UM BasicConfig L2P
104 Release 9.0 02/2015
Unauthorized Access
Figure 22: Password/SNMP Access dialog

Note: If you do not know a password with “read/write” access, you will
not have write access to the device.
Note: For security reasons, the device does not display the passwords.
Make a note of every change. You cannot access the device without a
valid password.
Note: For security reasons, SNMPv3 encrypts the password. With the
“SNMPv1” or “SNMPv2” setting in the dialog Security:SNMPv1/v2
access, the device transfers the password unencrypted, so that this
can also be read.
Note: Use between 5 and 32 characters for the password in SNMPv3,

since many applications do not accept shorter passwords.
UM BasicConfig L2P
Release 9.0 02/2015 105
Unauthorized Access
 Select the Security:SNMPv1/v2 access dialog.

With this dialog you can select the access via SNMPv1 or SNMPv2.
In the state on delivery, both protocols are activated. You can thus
manage the device with HiVision and communicate with earlier
versions of SNMP.
If you select SNMPv1 or SNMPv2, you can specify in the table via which
IP addresses the device may be accessed, and what kinds of
passwords are to be used.
Up to 8 entries can be made in the table.
For security reasons, the read password and the read/write password
must not be identical.
Please note that passwords are case-sensitive.
Index Serial number for this table entry

Community Password with which this computer can access the
Name device. This password is independent of the SNMPv3
password. If you activate the "Synchronize community to
v3 password" function in the "Configuration" frame, the
device synchronizes the corresponding SNMPv3
password when you change the community name.
IP Address IP address of the computer that can access the device.
IP Mask IP mask for the IP address
Access The access mode determines whether the computer has
Mode read-only or read-write access.
Active Enable/disable this table entry.
UM BasicConfig L2P
106 Release 9.0 02/2015
Unauthorized Access
Figure 23: SNMPv1/v2 access dialog
 To create a new line in the table click “Create”.

 To delete an entry, select the line in the table and click “Remove”.
UM BasicConfig L2P
Release 9.0 02/2015 107
Assistance in the Protection from 6.3 Telnet/internet/SSH access
Unauthorized Access
6.3 Telnet/internet/SSH access
6.3.1 Description of Telnet Access

The Telnet server of the device allows you to configure the device using the
Command Line Interface (in-band). You can deactivate the Telnet server to
inactivate Telnet access to the device.
The server is activated in its default setting.
After the Telnet server has been deactivated, you will no longer be able to
access the device via a new Telnet connection. If a Telnet connection already
exists, it is retained.
Note: The Command Line Interface (out-of-band) and the

Security:Telnet/Web/SSH Access dialog in the graphical user
interface allows you to reactivate the Telnet server.
6.3.2 Description of Web Access (http)

The device's Web server allows you to configure the device by using the
graphical user interface. You can deactivate the Web server to prevent Web
access to the device.
The server is activated in its default setting.
UM BasicConfig L2P
108 Release 9.0 02/2015
Unauthorized Access
After you switch the http Web server off, it is no longer possible to log in via
a http Web browser. The http session in the open browser window remains
active.
6.3.3 Description of SSH Access

The device's SSH server allows you to configure the device using the
Command Line Interface (in-band). You can deactivate the SSH server to
prevent SSH access to the device.
The server is deactivated in its default setting.
After the SSH server has been deactivated, you will no longer be able to
access the device via a new SSH connection. If an SSH connection already
exists, it is retained.
Note: The Command Line Interface (out-of-band) and the

Security:Telnet/Web/SSH Access dialog in the graphical user
interface allows you to reactivate the SSH server.
Note: To be able to access the device via SSH, you require a key that has to
be installed on the device. See “Preparing access via SSH” on page 265.
The device supports SSH version 1 and version 2. You have the option to
define the protocol to be used.
 Open the Security:Telnet/Web/SHH Access dialog.
 Select the protocol to be used in the "Configuration" frame, "SSH
Version" field.
UM BasicConfig L2P
Release 9.0 02/2015 109
Unauthorized Access

no ip ssh Deactivates the SSH server.
ip ssh protocol 2 The SSH server uses SSH version 2.
ip ssh protocol 1 The SSH server uses SSH version 1.
ip ssh protocol 1 2 The SSH server uses SSH versions 1 and 2.
ip ssh Activates the SSH server.
6.3.4 Switching Telnet/Internet/SSH access on/off

The Web server copies a Java applet for the graphical user interface onto
your computer. The applet then communicates with the device by SNMPv3
(Simple Network Management Protocol). The Web server of the device
allows you to configure the device using the graphical user interface. You can
switch off the Web server in order to prevent the applet from being copied.
 Select the Security:Telnet/Web/SHH access dialog.
 Disable the server to which you want to refuse access.

configure Switch to the Configuration mode.
lineconfig Switch to the configuration mode for CLI.
transport input telnet Enable Telnet server.
no transport input telnet Disable Telnet server.
exit Switch to the Configuration mode.
exit Switch to the privileged EXEC mode.
ip http server Enable Web server.
no ip http server Disable Web server.
ip ssh Enable SSH function on Switch
no ip ssh Disable SSH function on Switch
UM BasicConfig L2P
110 Release 9.0 02/2015
Unauthorized Access
6.3.5 Web access through HTTPS

The HTTPS communication protocol (HyperText Transfer Protocol Secure)
helps protect data transfers from interception. The device uses the HTTPS
protocol to encrypt and authenticate the communications between web
server and browser.
The Web server uses HTTP to load a Java applet for the graphical user
interface onto your computer. This applet then communicates with the device
by SNMP (Simple Network Management Protocol). If you have enabled the
Web Server (HTTPS) function, the Java applet starts setting up a
connection to the device via HTTPS. The device creates an HTTPS tunnel
through the SNMP. It uses DES encoding on 56 bits. You can upload HTTPS
certificates to the device.
 Certificate
An X.509/PEM Standard certificate (Public Key Infrastructure) is required
for the encryption. In the as-delivered state, a self-generated certificate is
already present on the device.
 You can create an X509/PEM certificate using the following CLI
command: # ip https certgen
 You can upload a new certificate using the following CLI command:
copy tftp://<server_ip>/<path_to_pem>
nvram:httpscert
 You can switch the HTTPS server off and on again using the following
CLI command sequence:
# no ip https server
# ip https server
Note: If you upload a new certificate, reboot the device or the HTTPS
server in order to activate the certificate.
UM BasicConfig L2P
Release 9.0 02/2015 111
Unauthorized Access
 HTTPS connection
Note: The standard port for HTTPS connection is 443. If you change the
number of the HTTPS port, reboot the device or the HTTPS server in
order to make the change effective.
 You can change the HTTPS port number using the following CLI-
command (where <port_no> is the number of the HTTPS port):
#ip https port <port_no>
Note: If you want to use HTTPS, switch on both HTTPS and HTTP. This
is required in order to load the applet. In the as-delivered state, HTTPS is
switched off.
 Open the Security:Telnet/Internet/SSH Access dialog.
 Tick the boxes Telnet Server active, Web Server(http)

and Web Server(https). In the HTTPS Port Number box, enter
the value 443.
 To access the device by HTTPS, enter HTTPS instead of HTTP in

your browser, followed by the IP address of the device.

# ip https server Switch on HTTPS-server.
# ip https port <port_no> Set the HTTPS port number for a secure HTTP
connection.
- As-delivered state: 443.
- Value range: 1-65535
# no ip https server If you change the HTTPS port number, switch the
# ip https server HTTPS server off and then on again in order to
make the change effective.
# show ip https Optional: Show the status of the HTTPS server
and HTTPS port number.
# ip https certgen Create X509/PEM certificates.
# copy Upload an X509/PEM certificate for HTTPS using
tftp://<server_ip>/<path_to_ TFTP.
pem> nvram:httpscert
# no ip https server After uploading the HTTPS certificate, switch the
# ip https server HTTPS server off and then on again in order to
activate the certificate.:
The device uses HTTPS protocol and establishes a new connection.

When the session is ended and the user logs out, the device terminates
the connection.
UM BasicConfig L2P
112 Release 9.0 02/2015
Unauthorized Access
Note: The device allows you to open HTTPS- and HTTP connections at
the same time. The maximum number of HTTP(S) connections that can
be open at the same time is 16.
UM BasicConfig L2P
Release 9.0 02/2015 113
Assistance in the Protection from 6.4 Restricted Management Access
Unauthorized Access
6.4 Restricted Management

Access
The device allows you to differentiate the management access to the device
based on IP address ranges, and to differentiate these in turn based on
management services (http, snmp, telnet, ssh). You thus have the option to
set finely differentiated management access rights.
If you only want the device, which is located, for example, in a production
plant, to be managed from the network of the IT department via the Web
interface, but also want the administrator to be able to access it remotely via
SSH, you can achieve this with the “Restricted management access”
function.
You can configure this function using the graphical user interface or the CLI.
The graphical user interface provides you with an easy configuration option.
Make sure you do not unintentionally block your access to the device. The
CLI access to the device via V.24 provided at all times is excluded from the
function and cannot be restricted.
In the following example, the IT network has the address range

192.168.1.0/24 and the remote access is from a mobile phone network with
the IP address range 109.237.176.0 - 109.237.176.255.
The device is already prepared for the SSH access (see on page 265
“Preparing access via SSH”) and the SSH client application already knows
the fingerprint of the host key on the device.
Parameter IT network Mobile phone
network
Network address 192.168.1.0 109.237.176.0
Netmask 255.255.255.0 255.255.255.0
Desired management access http, snmp ssh
Table 5: Example parameter for the restricted management access
 Select the Security:Restricted Management Access dialog.
UM BasicConfig L2P
114 Release 9.0 02/2015
Unauthorized Access
 Leave the existing entry unchanged and use the “Create” button to
create a new entry for the IT network.
 Enter the IP address 192.168.1.0.
 Enter the netmask 255.255.255.0.
 Leave the HTTP and SNMP management services activated and
deactivate the Telnet and SSH services by removing the
checkmarks from the respective boxes.
 Use the “Create” button to create a new entry for the mobile phone
network.
 Enter the IP address 109.237.176.0.
 Enter the netmask 255.255.255.0.
 Deactivate the HTTP, SNMP and Telnet services and leave SSH
activated.
 Make sure you have CLI access to the device via V.24.
 Deactivate the preset entry, because this allows everything and
would cause your subsequent entries to have no effect.
 Activate the function.
 Click on “Write” to temporarily save the data.
 If your current management station is also located in the IT network,
you continue to have access to the graphical user interface.
Otherwise the device ignores operations via the graphical user
interface, and it also rejects a restart of the graphical user interface.
 Check whether you can access the device from the IT network via
http and snmp: Open the graphical user interface of the device in a
browser, login on the start screen, and check whether you can read
data (as user “user”) or read and write data (as user “admin”).
Check whether the device rejects connections via telnet and ssh.
 Check whether you can access the device from the mobile phone
network via ssh: Open an SSH client, make a connection to the
device, login, and check whether you can read data, or read and
write data.
Check whether the device rejects connections via http, snmp and
telnet.
 When you have successfully completed both tests, save the settings
in the non-volatile memory. Otherwise check your configuration. If
the device rejects access with the graphical user interface, use the
CLI of the device to initially deactivate the function via V.24.
UM BasicConfig L2P
Release 9.0 02/2015 115
Unauthorized Access

show network mgmt-access Display the current configuration.
network mgmt-access add Create an entry for the IT network. This is given
the smallest free ID - in the example, 2.
network mgmt-access modify 2 Set the IP address of the entry for the IT network.
ip 192.168.1.0
network mgmt-access modify 2 Set the netmask of the entry for the IT network.
netmask 255.255.255.0
network mgmt-access modify 2 Deactivate telnet for the entry of the IT network.
telnet disable
network mgmt-access modify 2 Deactivate SSH for the entry of the IT network.
ssh disable
network mgmt-access add Create an entry for the mobile phone network. In
the example, this is given the ID 3.
network mgmt-access modify 3 Set the IP address of the entry for the mobile
ip 109.237.176.0 phone network.
network mgmt-access modify 3 Set the netmask of the entry for the mobile phone
netmask 255.255.255.0 network.
network mgmt-access modify 3 Deactivate http for the entry of the mobile phone
http disable network.
network mgmt-access modify 3 Deactivate snmp for the entry of the mobile phone
snmp disable network.
network mgmt-access modify 3 Deactivate telnet for the entry of the mobile phone
telnet disable network.
network mgmt-access status 1 Deactivate the preset entry.
disable
network mgmt-access Activate the function immediately.
operation enable
show network mgmt-access Display the current configuration of the function.
copy system:running-config Save the entire configuration in the non-volatile
UM BasicConfig L2P
116 Release 9.0 02/2015
Assistance in the Protection from 6.5 HiDiscovery Access
Unauthorized Access
6.5 HiDiscovery Access
6.5.1 Description of the HiDiscovery Protocol

The HiDiscovery protocol allows you to allocate an IP address to the device
(see on page 39 “Entering the IP Parameters via HiDiscovery”). HiDiscovery
v1 is a Layer 2 protocol. HiDiscovery v2 is a Layer 3 protocol.
Note: For security reasons, restrict the HiDiscovery function for the device or
disable it after you have assigned the IP parameters to the device.
6.5.2 Enabling/disabling the HiDiscovery function
 Select the Basic settings:Network dialog.
 Disable the "HiDiscovery function in the “HiDiscovery Protocol

v1/v2" frame or limit the access to read-only.

network protocol hidiscovery Disable HiDiscovery function.
off
network protocol hidiscovery Enable HiDiscovery function with “read-only”
read-only access
network protocol hidiscovery Enable HiDiscovery function with “read-write”
read-write access
UM BasicConfig L2P
Release 9.0 02/2015 117
Assistance in the Protection from 6.6 Port access control
Unauthorized Access
6.6 Port access control
6.6.1 Description of the port access control

You can configure the device in such a way that it helps to protect every port
from unauthorized access. Depending on your selection, the device checks
the MAC address or the IP address of the connected device.
The following functions are available for monitoring every individual port:
 The device can distinguish between authorized and unauthorized access
and supports 2 types of access control:
 Access for all:
– No access restriction.
– MAC address 00:00:00:00:00:00 or
– IP address 0.0.0.0.
 Access exclusively for defined MAC and IP addresses:
– Only devices with defined MAC or IP addresses have access.
– You can define up to 10 IP addresses and up to 50 MAC addresses
or maskable MAC addresses.
 The device reacts to an unauthorized access with the following selectable
actions:
 none: no reaction
 trapOnly: message by sending a trap
 portDisable: message by sending a trap and disabling the port
 autoDisable: disabling the port via the AutoDisable function with the
option to enable the port again after a definable time has elapsed.
UM BasicConfig L2P
118 Release 9.0 02/2015
Unauthorized Access
6.6.2 Application Example for Port Access Control

You have a LAN connection in a room that is accessible to everyone. To set
the device so that only defined users can use this LAN connection, activate
the port access control on this port. An unauthorized access attempt will
cause the device to shut down the port and alert you with an alarm message.
The following is known:
Parameter Value Explanation

Allowed IP Addresses 10.0.1.228 The defined users are the device with the
10.0.1.229 IP address 10.0.1.228 and the device with the
IP address 10.0.1.229
Action portDisable Disable the port with the corresponding entry in the
port configuration table (see on page 93
“Configuring the Ports”) and send an alarm
Prerequisites for further configuration:

 The port for the LAN connection is enabled and configured correctly (see
on page 93 “Configuring the Ports”)
 Prerequisites for the device to be able to send an alarm (trap) (see on
page 207 “Configuring Traps”):
– You have entered at least one recipient
– You have set the flag in the “Active” column for at least one recipient
– In the “Selection” frame, you have selected “Port Security”
 Configure the port security.
 Select the Security:Port Security dialog.
 In the “Configuration” frame, select “IP-Based Port Security”.
UM BasicConfig L2P
Release 9.0 02/2015 119
Unauthorized Access
 In the table, click on the row of the port to be protected, in the

“Allowed IP addresses” cell.
 Enter in sequence:
– the IP subnetwork group: 10.0.1.228
– a space character as a separator
– the IP address: 10.0.1.229
Entry: 10.0.1.228 10.0.1.229
 In the table, click on the row of the port to be protected, in the
“Action” cell, and select portDisable.
Figure 24: Port Security dialog
 Save the settings in the non-volatile memory.
 Select the dialog

Basic Settings:Load/Save.
 In the “Save” frame, select “To Device” for the location and click
“Save” to permanently save the configuration in the active
configuration.
UM BasicConfig L2P
120 Release 9.0 02/2015
Assistance in the Protection from 6.7 Port Authentication IEEE 802.1X
Unauthorized Access
6.7 Port Authentication

IEEE 802.1X
6.7.1 Description of Port Authentication

according to IEEE 802.1X
The port-based network access control is a method described in norm IEEE
802.1X to help protect IEEE 802 networks from unauthorized access. The
protocol controls the access to this port by authenticating and authorizing a
terminal device that is connected to one of the device's ports.
The authentication and authorization is carried out by the authenticator, in
this case the device. The device authenticates the supplicant (the querying
device, e.g. a PC, etc.), which means that it permits the access to the
services it provides (e.g. access to the network to which the device is
connected) or denies it. In the process, the device accesses an external
authentication server (RADIUS server), which checks the authentication data
of the supplicant. The device exchanges the authentication data with the
supplicant via the Extensible Authentication Protocol over LANs (EAPOL),
and with the RADIUS server via the RADIUS protocol.
RADIUS Server Switch/Authenticator 802.1X Supplicant
Figure 25: Radius server connection
UM BasicConfig L2P
Release 9.0 02/2015 121
Unauthorized Access
6.7.2 Authentication Process according to

IEEE 802.1X
A supplicant attempts to communicate via a device port.
 The device requests authentication from the supplicant. At this time, only
EAPOL traffic is allowed between the supplicant and the device.
 The supplicant replies with its identification data.
 The device forwards the identification data to the authentication server.
 The authentication server responds to the request in accordance with the
access rights.
 The device evaluates this response and provides the supplicant with
access to this port (or leaves the port in the blocked state).
6.7.3 Preparing the Device for the

IEEE 802.1X Port Authentication
 Configure your own IP parameters (for the device).
 Globally enable the 802.1X port authentication function.
 Set the 802.1X port control to "auto". The default setting is "force-
authorized".
 Enter the "shared secret" between the authenticator and the Radius
server. The shared secret is a text string specified by the RADIUS server
administrator.
 Enter the IP address and the port of the RADIUS server. The default UDP
port of the RADIUS server is port 1812.
UM BasicConfig L2P
122 Release 9.0 02/2015
Unauthorized Access
6.7.4 IEEE 802.1X Settings
 Configurating the RADIUS Server

 Select the Security:802.1x Port Authentication:RADIUS
Server dialog.
This dialog allows you to enter the data for 1, 2 or 3 RADIUS servers.
 Click "Create entry" to open the dialog window for entering the IP
address of a RADIUS server.
 Confirm the IP address entered using "OK".
You thus create a new row in the table for this RADIUS server.
 In the "Shared secret" column you enter the character string which
you get as a key from the administrator of your RADIUS server.
 With "Primary server" you name this server as the first server which
the device should contact for port authentication queries. If this
server is not available, the device contacts the next server in the
table.
 "Selected server" shows which server the device actually sends its
queries to.
 With "Delete entry" you delete the selected row in the table.
 Selecting Ports
 Select the Security:802.1x Port Authentication:Port
Configuration dialog.
 In the "Port control" column you select "auto" for the ports for which
you want to activate the port-related network access control.
 Activating Access Control

 Select the Security:802.1x Port
Authentication:Global dialog.
 With "Function" you enable the function.
UM BasicConfig L2P
Release 9.0 02/2015 123
Assistance in the Protection from 6.8 Login Banner
Unauthorized Access
6.8 Login Banner
The device gives you the option of displaying a greeting text to users before
they login to the device. The users see this greeting text in the login dialog of
the graphical user interface (GUI) and of the Command Line Interface (CLI).
Users logging in with SSH see the greeting text - depending on the client
used - before or during the login.
 Open the Security:Login Banner dialog, "Login Banner" tab.

 Enter the greeting text in the "Banner Text" frame.
Max. 255 characters allowed.
 To switch on the function, in the "Operation" frame, mark the "On"
radio button.
 Click "Set" to save the changes temporarily.

set pre-login-banner text Assign the greeting text:
"<string>" – Put the text in quotation marks.
– Max. 255 characters allowed.
– Insert tab using string \\t.
– Insert line break using string \\n.
set pre-login-banner Switching the function on.
operation
logout Logout from device.
The text is visible before you login again.
UM BasicConfig L2P
124 Release 9.0 02/2015
Assistance in the Protection from 6.9 CLI Banner
Unauthorized Access
6.9 CLI Banner
In the default setting, the CLI start screen shows information about the
device, such as the software version and the device settings. The "CLI
Banner" function allows you to replace this information with an individual text.
 Open the Security:Login/CLI Banner dialog, "CLI Banner" tab.

 In the "Banner Text" frame, enter the text of your choice.
Max. 2048 characters allowed.
 To switch on the function, in the "Operation" frame, mark the "On"
radio button.

set clibanner text Assign the text to:
"<string>" – Put the text in quotation marks.
– Max. 2048 characters allowed.
– Insert tab using string \\t.
– Insert line break using string \\n.
set clibanner operation Switching the function on.
logout Logout from device.
The text is visible before you login again.
UM BasicConfig L2P
Release 9.0 02/2015 125
Assistance in the Protection from 6.9 CLI Banner
Unauthorized Access
UM BasicConfig L2P
126 Release 9.0 02/2015
Synchronizing the System Time in the
Network
7 Synchronizing the System

Time in the Network
The actual meaning of the term “real time” depends on the time requirements
of the application.
The device provides two options with different levels of accuracy for
synchronizing the time in your network.
The Simple Network Time Protocol (SNTP) is a simple solution for low
accuracy requirements. Under ideal conditions, SNTP achieves an accuracy
in the millisecond range. The accuracy depends on the signal delay.
IEEE 1588 with the Precision Time Protocol (PTP) achieves accuracies on
the order of fractions of microseconds. This method is suitable even for
demanding applications up to and including process control.
Examples of application areas include:

 Log entries
 Time stamping of production data
 Process control
Select the method (SNMP or PTP) that best suits your requirements. You can
also use both methods simultaneously if you consider that they interact.
UM BasicConfig L2P
Release 9.0 02/2015 127
Synchronizing the System Time in the 7.1 Setting the time
Network
7.1 Setting the time
If no reference clock is available, you have the option of entering the system
time in a device and then using it like a reference clock (see on page 132
“Configuring SNTP”), (see on page 143 “Application Example”).
The device is equipped with a buffered hardware clock. This keeps the
current time
 if the power supply fails or
 if you disconnect the device from the power supply.
Thus the current time is available to you again, e.g. for log entries, when the
device is started.
The hardware clock bridges a power supply downtime of 1 hour. The
prerequisite is that the power supply of the device has been connected
continually for at least 5 minutes beforehand.
Note: When setting the time in zones with summer and winter times, make
an adjustment for the local offset. The device can also get the SNTP server
IP address and the local offset from a DHCP server.
 Open the Time:Basic Settings dialog.
With this dialog you can enter time-related settings independently of the
time synchronization protocol selected.
UM BasicConfig L2P
128 Release 9.0 02/2015
Synchronizing the System Time in the 7.1 Setting the time
Network
 “System time (UTC)” displays the time determined using SNTP or

PTP.
The display is the same worldwide. Local time differences are not
taken into account.
Note: If the time source is PTP, consider that the PTP time uses the
TAI time scale. TAI time is 34 s ahead of UTC time (as of
01.01.2011).
If the UTC offset is configured correctly on the PTP reference clock,
the device corrects this difference automatically when displaying
“System time (UTC)”.
 The "System Time" uses "System Time (UTC)", allowing for the local
time difference from "System Time (UTC)".
"System Time" = "System Time (UTC)" + "Local Offset".
 Time Source displays the source of the following time data. The
device automatically selects the source with the greatest accuracy.
Possible sources are: local, ptp and sntp. The source is initially
local.
If PTP is activated and the device receives a valid PTP frame, it sets
its time source to ptp. If SNTP is activated and if the device receives
a valid SNTP packet, the device sets its time source to sntp. The
device gives the PTP time source priority over SNTP.
 With "Set Time from PC", the device takes the PC time as the
system time and calculates the "System Time (UTC)" using the local
time difference.
"System Time (UTC)" = "System Time" - "Local Offset"
 The "Local Offset" is for displaying/entering the time difference
between the local time and the "System Time (UTC)".
With "Set Offset from PC", the device determines the time zone on
your PC and uses it to calculate the local time difference.

sntp time <YYYY-MM-DD Set the system time of the device.
HH:MM:SS>
sntp client offset Enter the time difference between the local time
<-1000 to 1000> and the "System Time (UTC)".
UM BasicConfig L2P
Release 9.0 02/2015 129
Synchronizing the System Time in the 7.2 SNTP
Network
7.2 SNTP
7.2.1 Description of SNTP

The Simple Network Time Protocol (SNTP) enables you to synchronize the
system time in your network.
The device supports the SNTP client and the SNTP server function.
The SNTP server makes the UTC (Universal Time Coordinated) available.
UTC is the time relating to the coordinated world time measurement. The
time displayed is the same worldwide. Local time differences are not taken
into account.
SNTP uses the same packet format as NTP. In this way, an SNTP client can
receive the time from an SNTP server as well as from an NTP server.
GPS
PLC Client
NTP-
Server
Switch Switch Switch
192.168.1.0
Client
Client Server Client Server Client Server
192.168.1.1 192.168.1.2 192.168.1.3
Figure 26: SNTP cascade
UM BasicConfig L2P
130 Release 9.0 02/2015
Network
7.2.2 Preparing the SNTP Configuration

 To get an overview of how the time is passed on, draw a network plan with
the devices participating in SNTP. When planning, bear in mind that the
accuracy of the time depends on the signal runtime.
GPS PLC
Client
Client
192.168.1.1
Switch Switch Switch
Figure 27: Example of SNTP cascade
 Enable the SNTP function on the devices whose time you want to set
using SNTP.
The SNTP server of the device responds to Unicast requests as soon as
it is enabled.
 If no reference clock is available, specify a device as the reference clock

and set its system time as accurately as possible.
Note: For accurate system time distribution with cascaded SNTP servers
and clients, use only network components (routers, switches, hubs) in the
signal path between the SNTP server and the SNTP client which forward
SNTP packets with a minimized delay.
UM BasicConfig L2P
Release 9.0 02/2015 131
Network
7.2.3 Configuring SNTP
 Select the Time:SNTP dialog.

 Operation
 In this frame you switch the SNTP function on/off globally.
 SNTP Status
 The “Status message” displays statuses of the SNTP client as one or more test
messages, e.g. Server 2 not responding.
 Configuration SNTP Client
 In “Client status” you switch the SNTP client of the device on/off.
 In “External server address” you enter the IP address of the SNTP server from
which the device periodically requests the system time.
 In “Redundant server address” you enter the IP address of the SNTP server from
which the device periodically requests the system time, if it does not receive a
response to a request from the “External server address” within 1 second.
Note: If you are receiving the system time from an

external/redundant server address, enter the dedicated server
adress(es) and disable the setting Accept SNTP Broadcasts
(see below). You thus ensure that the device uses the time of the
server(s) entered and does not synchronize to broadcasts that might
not be trustworthy.
 In “Server request interval” you specify the interval at which the device requests
SNTP packets (valid entries: 1 s to 3600 s, on delivery: 30 s).
 With “Accept SNTP Broadcasts” the device takes the system time from SNTP
Broadcast/Multicast packets that it receives.
 With “Deactivate client after synchronization”, the device only synchronizes its
system time with the SNTP server one time after the client status is activated,
then it switches the client off.
Note: If you have enabled PTP at the same time, the SNTP client
first collects 60 time stamps before it deactivates itself. The device
thus determines the drift compensation for its PTP clock. With the
preset server request interval, this takes about half an hour.
UM BasicConfig L2P
132 Release 9.0 02/2015
Network
 SNTP server configuration

 In "Server-Status", switch the device's SNTP server on/off.
 In “Anycast destination address” you enter the IP address to which the SNTP
server of the device sends its SNTP packets (see table 6).
 In "VLAN ID", enter the VLAN over which the device will be cyclically sending its
SNTP packets.
 In “Anycast send interval” you specify the interval at which the device sends
SNTP packets (valid entries: 1 s to 3600 s, on delivery: 120 s).
 With “Disable Server at local time source” the device disables the SNTP server
function if the source of the time is local (see Time dialog).
IP destination address Send SNTP packet to

0.0.0.0 Nobody
Unicast address (0.0.0.1 - 223.255.255.254) Unicast address
Multicast address (224.0.0.0 - 239.255.255.254), Multicast address
especially 224.0.1.1 (NTP address)
255.255.255.255 Broadcast address
Table 6: Destination address classes for SNTP and NTP packets
UM BasicConfig L2P
Release 9.0 02/2015 133
Network
Figure 28: SNTP Dialog
Device 192.168.1.1 192.168.1.2 192.168.1.3

Operation On On On
Server destination address 0.0.0.0 0.0.0.0 0.0.0.0
Server VLAN ID 1 1 1
Send interval 120 120 120
Client external server address 192.168.1.0 192.168.1.1 192.168.1.2
Request interval 30 30 30
Accept Broadcasts No No No
Table 7: Settings for the example (see figure 27)
UM BasicConfig L2P
134 Release 9.0 02/2015
Synchronizing the System Time in the 7.3 Precision Time Protocol
Network
7.3 Precision Time Protocol
7.3.1 Description of PTP Functions

Precise time management is required for running time-critical applications via
a LAN.
The IEEE 1588 standard with the Precision Time Protocol (PTP) describes a
procedure that determines the best master clock in a LAN and thus enables
precise synchronization of the clocks in this LAN.
This procedure enable the synchronization of the clocks involved to an

accuracy of a few 100 ns. The synchronization messages have virtually no
effect on the network load. PTP uses Multicast communication.
Factors influencing precision are:

 Accuracy of the reference clock
IEEE 1588 classifies clocks according to their accuracy. An algorithm that
measures the accuracy of the clocks available in the network specifies the
most accurate clock as the "Grandmaster" clock.
PTPv1 PTPv2 Specification

Stratum Clock class
number
0 – (priority 1 = For temporary, special purposes, in order to assign a higher
0) accuracy to one clock than to all other clocks in the network.
1 6 Indicates the reference clock with the highest degree of
accuracy. The clock can be both a boundary clock and an
ordinary clock. Stratum 1/ clock class 6 clocks include GPS
clocks and calibrated atomic clocks. A stratum 1 clock cannot be
synchronized using the PTP from another clock in the PTP
system.
2 6 Indicates the second-choice reference clock.
Table 8: Stratum – classifying the clocks
UM BasicConfig L2P
Release 9.0 02/2015 135
Network
PTPv1 PTPv2 Specification

Stratum Clock class
number
3 187 Indicates the reference clock that can be synchronized via an
external connection.
4 248 Indicates the reference clock that cannot be synchronized via an
external connection. This is the standard setting for boundary
clocks.
5–254 – Reserved.
255 255 Such a clock should never be used as the so-called best master
clock.
Table 8: Stratum – classifying the clocks
 Cable delays; device delays

The communication protocol specified by IEEE 1588 enables delays to be
determined. Algorithms for calculating the current time cancel out these
delays.
 Accuracy of local clocks
The communication protocol specified by IEEE 1588 takes into account
the inaccuracy of local clocks in relation to the reference clock.
Calculation formulas permit the synchronization of the local time, taking
into account the inaccuracy of the local clock in relation to the reference
clock.
UM BasicConfig L2P
136 Release 9.0 02/2015
Network
Reference Local
(Master clock) (Slave clock)
PTP PTP
UDP UDP
Delay + Jitter Delay + Jitter
IP IP
MAC MAC
Delay + Jitter
Phy Phy
LAN
PTP Precision Time Protocol (Application Layer)

UDP User Datagramm Protocol (Transport Layer)
IP Internet Protocol (Network Layer)
MAC Media Access Control
Phy Physical Layer
Figure 29: Delay and jitter for clock synchronization
To get around the delay and jitter in the protocol stack, IEEE 1588
recommends inserting a special hardware time stamp unit between the MAC
and Phy layers.
Devices/modules with the “-RT” suffix in their names are equipped with this
time stamp unit and support PTP version 1. Media modules MM23 and
MM33 support PTP version 1 and PTP version 2.
The delay and jitter in the LAN increase in the media and transmission
devices along the transmission path.
UM BasicConfig L2P
Release 9.0 02/2015 137
Network
With the introduction of PTP version 2, two procedures are available for the
delay measurement:
 End-to-End (E2E)
E2E corresponds to the procedure used by PTP version 1. Every slave
clock measures only the delay to its master clock.
 Peer-to-Peer (P2P)
With P2P, like in E2E, every slave clock measures the delay to its master
clock. In addition, in P2P every master clock measures the delay to the
slave clock. For example, if a redundant ring is interrupted, the slave clock
can become the master clock and the master clock can become the slave
clock. This switch in the synchronization direction takes place without any
loss of precision, as with P2P the delay in the other direction is already
known.
The cable delays are relatively constant. Changes occur very slowly.
IEEE 1588 takes this fact into account by regularly making measurements
and calculations.
IEEE 1588 eliminates the inaccuracy caused by delays and jitter by defining
boundary clocks. Boundary clocks are clocks integrated into devices. These
clocks are synchronized on the one side of the signal path, and on the other
side of the signal path they are used to synchronize the subsequent clocks
(ordinary clocks).
PTP version 2 also defines what are known as transparent clocks. A
transparent clock cannot itself be a reference clock, nor can it synchronize
itself with a reference clock. However, it corrects the PTP messages it
transmits by its own delay time and thus removes the jitter caused by the
transmission. When cascading multiple clocks in particular, you can use
transparent clocks to achieve greater time precision for the connected
terminal devices than with boundary clocks
The Power Profile TLV Check is available on Mice, PowerMICE, MACH1040,

MACH104 devices. When enabled this function checks for the presents of
Power TLVs. Use the following worksteps to enable the device to check for
announce messages containing Power Profile TLVs and use the TLVs for
syntonization:
 Open the Time:PTP:Version 2(TC):Global dialog.
 Select the "Power TLV Check" checkbox
 Select the "Syntonize" checkbox
UM BasicConfig L2P
138 Release 9.0 02/2015
Network
GPS
PLC
Reference
(Grandmaster Clock)
Switch Ordinary Clock
Ordinary Clock
Slave Master
Boundary Clock
Figure 30: Position of the boundary clock in a network
Irrespective of the physical communication paths, the PTP allocates logical

communication paths which you define by setting up PTP subdomains. The
purpose of subdomains is to form groups of clocks which are chronologically
independent from the other domains. The clocks in one group typically use
the same communication paths as other clocks.
UM BasicConfig L2P
Release 9.0 02/2015 139
Network
GPS Ordinary Clock

PLC
Reference
(Grandmaster Clock)
Switch
PTP Subdomain 1
Boundary
Clock
PTP Subdomain 2
Figure 31: PTP subdomains
UM BasicConfig L2P
140 Release 9.0 02/2015
Network
7.3.2 Preparing the PTP Configuration

After the function is activated, the PTP takes over the configuration
automatically.
 To gain an overview of the distribution of clocks, draw a network plan with

the devices involved in PTP.
Note: Connect all the connections you need to distribute the PTP information
to connections with an integrated time stamp unit (RT modules).
Devices without a time stamp unit take the information from the PTP and use
it to set their clocks. They are not involved in the protocol.
 Enable the PTP function on devices whose time you want to synchronize
using PTP.
 Select the PTP version and the PTP mode. Select the same PTP version
for all the devices that you want to synchronize.
PTP mode Application

v1-simple-mode Support for PTPv1 without special hardware. The device
synchronizes itself with received PTPv1 messages.
Select this mode for devices without a timestamp unit
(RT module).
v1-boundary-clock Boundary Clock function based on IEEE 1588-2002 (PTPv1).
v2-boundary-clock-onestep Boundary Clock function based on IEEE 1588-2008 (PTPv2) for
devices with MM23 and MM33 media modules.
The one-step mode determines the precise PTP time with one
message.
v2-boundary-clock-twostep Boundary Clock function based on IEEE 1588-2008 (PTPv2) for
devices with RT modules.
The two-step mode determines the precise PTP time with
two messages.
Table 9: Selecting a PTP mode
UM BasicConfig L2P
Release 9.0 02/2015 141
Network
PTP mode Application

v2-simple-mode Support for PTPv2 without special hardware. The device
synchronizes itself with received PTPv2 messages.
Select this mode for devices without a timestamp unit
(RT module).
v2-transparent-clock Transparent Clock (one-step) function based on IEEE 1588-2008
(PTPv2) for devices with MM23 and MM33 media modules.
Table 9: Selecting a PTP mode
 If no reference clock is available, you specify a device as the reference

clock and set its system time as accurately as possible.
UM BasicConfig L2P
142 Release 9.0 02/2015
Network
7.3.3 Application Example

PTP is used to synchronize the time in the network. As an SNTP client, the
left device (see figure 32) gets the time from the NTP server via SNTP. The
device assigns PTP clock stratum 2 (PTPv1) or clock class 6 (PTPv2) to the
time received from an NTP server. Thus the left device becomes the
reference clock for the PTP synchronization and is the “preferred master”.
The “preferred master” forwards the exact time signal via its connections to
the RT module. The device with the RT module receives the exact time signal
at a connection of its RT module and thus has the clock mode “v1-boundary-
clock”. The devices without an RT module have the clock mode “v1-simple-
mode”.
GPS
Reference
(Grandmaster Clock)
A
10.0.1.116
A
10.0.1.112
10.0.1.2
Boundary
Clock Ordinary Clock
B B
10.0.1.105 10.0.1.106
Figure 32: Example of PTP synchronization

A: Device with RT module
B: Device without RT module:
UM BasicConfig L2P
Release 9.0 02/2015 143
Network
Device 10.0.1.112 10.0.1.116 10.0.1.105 10.0.1.106

PTP Global
Operation on on on on
Clock Mode v1-boundary- v1-boundary- v1-simple-mode v1-simple-mode
clock clock
Preferred Master true false false false
SNTP
Operation on off off off
Client Status on off off off
External server 10.0.1.2 0.0.0.0 0.0.0.0 0.0.0.0
address
Server request 30 any any any
interval
Accept SNTP No any any any
Broadcasts
Server status on off off off
Anycast destination 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
address
VLAN ID 1 1 1 1
Table 10: Settings for the example (see figure 32)
The following configuration steps apply to the device with the IP address
10.0.1.112. Configure the other devices in the same way with the values from
the table above.
 Enter the SNTP parameters.
 Select the Time:SNTP dialog.

 Activate SNTP globally in the “Operation” frame.
 Activate the SNTP client (client status) in the “Configuration SNTP
Client” frame.
 In the “Configuration SNTP Client” frame, enter:
– “External server address”: 10.0.1.2
– “Request interval”: 30
– “Accept SNTP Broadcasts”: No
UM BasicConfig L2P
144 Release 9.0 02/2015
Network
 Activate the SNTP server (server status) in the “Configuration SNTP

Server” frame.
 In the “Configuration SNTP Server” frame, enter:
– “Anycast destination address”: 0.0.0.0
– “VLAN ID”: 1

sntp operation on Switch on SNTP globally.
sntp operation client on Switch on SNTP client.
sntp client server primary Enter the IP address of the external SNTP server
10.0.1.2 10.0.1.2.
sntp client request-interval Enter the value 30 seconds for the SNTP server
30 request interval.
sntp client accept-broadcast Deactivate “Accept SNTP Broadcasts”.
off
sntp operation server on Switch on SNTP server.
sntp anycast address 0.0.0.0 Enter the SNTP server Anycast destination
address 0.0.0.0.
sntp anycast vlan 1 Enter the SNTP server VLAN ID 1.
 Enter the global PTP parameters.
 Select the Time:PTP:Global dialog.

 Activate the function in the “Operation IEEE 1588 / PTP” frame.
 Select v1-boundary-clock for “PTP version mode”.
ptp operation enable Switch on PTP globally.

ptp clock-mode v1-boundary- Select PTP version and clock mode.
clock
UM BasicConfig L2P
Release 9.0 02/2015 145
Network
 In this example, you have chosen the device with the IP address
10.0.1.112 as the PTP reference clock. You thus define this device as the
“Preferred Master”.
 Select the Time:PTP:Version1:Global dialog.

 In the “Operation IEEE 1588 / PTP” frame, select true for the
“Preferred Master”.
ptp v1 preferred-master true Define this device as the “Preferred Master”.
 Get PTP to apply the parameters.
 In the Time:PTP:Version1:Global dialog, click on “Reinitialize”

so that PTP applies the parameters entered.
ptp v1 re-initialize Apply PTP parameters.
 Save the settings in the non-volatile memory.
 Select the
UM BasicConfig L2P
146 Release 9.0 02/2015
Network
configuration.
copy system:running-config Save the current configuration to the non-volatile

UM BasicConfig L2P
Release 9.0 02/2015 147
Synchronizing the System Time in the 7.4 Interaction of PTP and SNTP
Network
7.4 Interaction of PTP and SNTP
According to the PTP and SNTP standards, both protocols can exist in
parallel in the same network. However, since both protocols affect the
system time of the device, situations may occur in which the two protocols
compete with each other.
Note: Configure the devices so that each device only receives the time from
one source.
If the device gets its time via PTP, you enter the “External server address”
0.0.0.0 in the SNTP client configuration and do not accept SNTP Broadcasts.
If the device gets its time via SNTP, make sure that the “best” clock is
connected to the SNTP server. Then both protocols will get the time from the
same server. The example (see figure 33) shows such an application.
GPS
PLC SNTP-Client
NTP-
Server
SNTP
SNTP
PTP PTP SNTP
149.218.112.0
SNTP-Client
SNTP Client SNTP Server SNTP Server
SNTP Server PTP PTP
PTP
149.218.112.1 149.218.112.2 149.218.112.3
Figure 33: Example of the coexistence of PTP and SNTP
 Application Example
The requirements with regard to the accuracy of the time in the network
are quite high, but the terminal devices only support SNTP (see
figure 33).
UM BasicConfig L2P
148 Release 9.0 02/2015
Network
Device 149.218.112.1 149.218.112.2 149.218.112.3

PTP
Operation on on on
Clock Mode v1-boundary-clock v1-boundary-clock v1-boundary-clock
Preferred Master false false false
SNTP
Operation on on on
Client Status on off off
External server address 149.218.112.0 0.0.0.0 0.0.0.0
Server request interval any any any
Accept SNTP Broadcasts No No No
Server status on on on
Anycast destination address 224.0.1.1 224.0.1.1 224.0.1.1
VLAN ID 1 1 1
Anycast send interval 30 30 30
Table 11: Settings for the example
In the example, the left device, as an SNTP client, gets the time from the
NTP server via SNTP. The device assigns PTP clock stratum 2 (PTPv1)
or clock class 6 (PTPv2) to the time received from an NTP server. Thus
the left device becomes the reference clock for the PTP synchronization.
PTP is active for all 3 devices, thus enabling precise time synchronization
between them. As the connectable terminal devices in the example only
support SNTP, all 3 devices act as SNTP servers.
UM BasicConfig L2P
Release 9.0 02/2015 149
Network
UM BasicConfig L2P
150 Release 9.0 02/2015
Network Load Control
8 Network Load Control
To optimize the data transmission, the device provides you with the following
functions for controlling the network load:
 Settings for direct packet distribution (MAC address filter)
 Multicast settings
 Rate limiter
 Prioritization - QoS
 Flow control
 Virtual LANs (VLANs)
UM BasicConfig L2P
Release 9.0 02/2015 151
Network Load Control 8.1 Direct Packet Distribution
8.1 Direct Packet Distribution
With direct packet distribution, you help protect the device from unnecessary
network loads. The device provides you with the following functions for direct
packet distribution:
 Store-and-forward
 Multi-address capability
 Aging of learned addresses
 Static address entries
 Disabling the direct packet distribution
8.1.1 Store and Forward

The device stores receive data and checks the validity. The device rejects
invalid and defective data packets (> 1522 bytes or CRC errors) as well as
fragments (> 64 bytes). The device then forwards valid data packets.
8.1.2 Multi-Address Capability

The device learns all the source addresses for a port. Only packets with
 unknown destination addresses
 these destination addresses or
 a multi/broadcast destination address
in the destination address field are sent to this port. The device enters
learned source addresses in its filter table (see on page 154 “Entering Static
Addresses”).
UM BasicConfig L2P
152 Release 9.0 02/2015
The device can learn up to 8,000 addresses. This is necessary if more than
one terminal device is connected to one or more ports. It is thus possible to
connect several independent subnets to the device.
8.1.3 Aging of learned MAC addresses

The device monitors the age of the learned addresses. Address entries
which exceed a particular age - the aging time - are deleted by the device
from its address table.
Data packets with an unknown destination address are flooded by the
device.
Data packets with known destination addresses are selectively transmitted
by the device.
Note: A reboot deletes the learned address entries.
 Select the Switching:Global dialog.
 Enter the aging time for all dynamic entries in the range from 10 to
630 seconds (unit: 1 second; default setting: 30).
In connection with the router redundancy, select a time ≥ 30
seconds.
UM BasicConfig L2P
Release 9.0 02/2015 153
8.1.4 Entering Static Addresses

An important function of the device is the filter function. It selects data
packets according to defined patterns, known as filters. These patterns are
assigned distribution rules. This means that a data packet received by a
device at a port is compared with the patterns. If there is a pattern that
matches the data packet, a device then sends or blocks this data packet
according to the distribution rules at the relevant ports.
The following are valid filter criteria:

 Destination address
 Broadcast address
 Multicast address
 VLAN membership
The individual filters are stored in the filter table (Forwarding Database,
FDB). It consists of 3 parts: a static part and two dynamic parts.
 The management administrator describes the static part of the filter table
(dot1qStaticTable).
 During operation, the device is capable of learning which of its ports
receive data packets from which source address (see on page 152 “Multi-
Address Capability”). This information is written to a dynamic part
(dot1qTpFdbTable).
 Addresses learned dynamically from neighboring agents and those
learned via GMRP are written to the other dynamic part.
Addresses already located in the static filter table are automatically

transferred to the dynamic part by the device.
An address entered statically cannot be overwritten through learning.
Note: If the ring manager is active, it is not possible to make permanent

unicast entries.
Note: The filter table allows you to create up to 100 filter entries for Multicast
addresses.
UM BasicConfig L2P
154 Release 9.0 02/2015
 Select the
Switching:Filters for MAC Addresses dialog.
Each row of the filter table represents one filter. Filters specify the way
in which data packets are sent. They are set automatically by the Switch
(learned status) or created manually. Data packets whose destination
address is entered in the table are sent from the receiving port to the
ports marked in the table. Data packets whose destination address is
not in the table are sent from the receiving port to all other ports. In the
"Create filter" dialog you can set up new filters. The following status
settings are possible:
 learned: The filter was created automatically by the device.

 permanent: The filter is stored permanently in the device or on the
URL (see on page 71 “Saving settings”)
 invalid: With this status you delete a manually created filter.
 gmrp: The filter was created by GMRP.
 gmrp/permanent: GMRP added further port markings to the filter
after it was created by the administrator. The port markings added
by the GMRP are deleted by a restart.
 igmp: The filter was created by IGMP Snooping.
To delete entries with the "learned" status from the filter table, select the
Basics:Restart dialog and click "Reset MAC address table".
8.1.5 Disabling the Direct Packet Distribution

To enable you to observe the data at all the ports, the device allows you to
disable the learning of addresses. When the learning of addresses is
disabled, the device transfers all the data from all ports to all ports.
UM BasicConfig L2P
Release 9.0 02/2015 155
UnCheck "Address Learning" to observe the data at all ports.
UM BasicConfig L2P
156 Release 9.0 02/2015
Network Load Control 8.2 Multicast Application
8.2 Multicast Application
8.2.1 Description of the Multicast Application

The data distribution in the LAN differentiates between 3 distribution classes
on the basis of the addressed recipients:
 Unicast - one recipient
 Multicast - a group of recipients
 Broadcast - every recipient that can be reached
In the case of a Multicast address, the device forwards all data packets with
a Multicast address to all ports. This leads to an increased bandwidth
requirement.
Protocols such as GMRP and procedures such as IGMP Snooping enable
the device to exchange information via the direct transmission of Multicast
data packets. The bandwidth requirement can be reduced by distributing the
Multicast data packets only to those ports to which recipients of these
Multicast packets are connected.
You can recognize IGMP Multicast addresses by the range in which the
address lies:
 MAC Multicast Address
01:00:5E:00:00:00 - 01:00:5E:FF:FF:FF
(in mask form 01:00:5E:00:00:00/24)
 Class D IP Multicast address
224.0.0.0 - 239.255.255.255
(in mask form 224.0.0.0/4)
UM BasicConfig L2P
Release 9.0 02/2015 157
8.2.2 Example of a Multicast Application

The cameras for monitoring machines normally transmit their images to
monitors located in the machine room and to the control room.
In an IP transmission, a camera sends its image data with a Multicast
address via the network.
To prevent all the video data from slowing down the entire network, the
device uses the GMRP to distribute the Multicast address information. As a
result, the image data with a Multicast address is only distributed to those
ports that are connected to the associated monitors for surveillance.
1st floor
h H h H h H
MICE
2nd floor
h H h H h H
MICE
Control room
Figure 34: Example: Video surveillance in machine rooms
UM BasicConfig L2P
158 Release 9.0 02/2015
8.2.3 Description of IGMP Snooping

The Internet Group Management Protocol (IGMP) describes the distribution
of Multicast information between routers and terminal devices on Layer 3.
Routers with an active IGMP function periodically send queries to find out
which IP Multicast group members are connected to the LAN. Multicast
group members reply with a Report message. This Report message contains
all the parameters required by the IGMP. The router records the IP Multicast
group address from the Report message in its routing table. The result of this
is that it transfers frames with this IP Multicast group address in the
destination field only in accordance with the routing table.
Devices which no longer want to be members of a Multicast group can cancel
their membership by means of a Leave message (from IGMP version 2), and
they do not transmit any more Report messages. In IGMP versions 1 and 2,
the router removes the routing table entry if it does not receive any Report
messages within a specified period of time (aging time).
If there are a number of routers with an active IGMP function in the network,
then they work out among themselves (in IGMP version 2) which router
carries out the Query function. If there is no router in the network, then a
suitably equipped Switch can perform the Query function.
A Switch that connects a Multicast receiver with a router can evaluate the
IGMP information using the IGMP Snooping procedure.
IGMP Snooping translates IP Multicast group addresses into MAC Multicast
addresses, so that the IGMP functions can also be used by Layer 2 Switches.
The Switch records the MAC addresses of the Multicast receivers, with are
obtained via IGMP Snooping from the IP addresses, in the static address
table. The Switch thus transmits these Multicast packets exclusively at the
ports at which Multicast receivers are connected. The other ports are not
affected by these packets.
A special feature of the device is that you can specify whether it should drop
data packets with unregistered Multicast addresses, transmit them to all
ports, or only to those ports at which the device received query packets. You
also have the option of additionally sending known Multicast packets to query
ports.
Default setting: “Off”.
UM BasicConfig L2P
Release 9.0 02/2015 159
8.2.4 Setting IGMP Snooping
 Select the Switching:Multicast:IGMP dialog.
 Operation
The “Operation” frame allows you to enable/disable IGMP Snooping
globally for the entire device.
If IGMP Snooping is disabled, then
 the device does not evaluate Query and Report packets received,
and
 it sends (floods) received data packets with a Multicast address as
the destination address to every port.
 Settings for IGMP Querier and IGMP

With these frames you can enter global settings for the IGMP settings and
the IGMP Querier function.
Prerequisite: The IGMP Snooping function is activated globally.
IGMP Querier
“IGMP Querier active” allows you to enable/disable the Query function.
“Protocol version” allow you to select IGMP version 1, 2 or 3.
In “Send interval [s]” you specify the interval at which the device sends
query packets (valid entries: 2-3,599 s, default setting: 125 s).
Note the connection between the parameters Max. Response Time,
Send Interval and Group Membership Interval (see on page 161
“Parameter Values”).
IGMP-capable terminal devices respond to a query with a report
message, thus generating a network load.
Select large sending intervals if you want to reduce the load on your
network and can accept the resulting longer switching times.
Select small sending intervals if you require short switching times and
can accept the resulting network load.
UM BasicConfig L2P
160 Release 9.0 02/2015
IGMP Settings
“Current querier IP address” shows you the IP address of the device
that has the query function.
In “Max. Response Time” you specify the period within which the
Multicast group members respond to a query (valid values: 1-3,598 s,
default setting: 10 s).
The Multicast group members select a random value within the
maximum response time for their response, to prevent all the Multicast
group members responding to the query at the same time.
Select a large value if you want to reduce the load on your network and
can accept the resulting longer switching times.
Select a small value if you require short switching times and can accept
the resulting network load.
In “Group Membership Interval” you specify the period for which a
dynamic Multicast group remains entered in the device if it does not
receive any report messages (valid values: 3-3,600 s, default setting:
260 s).
 Parameter Values
The parameters
– Max. Response Time,
– Transmit Interval and
– Group Membership Interval
have a relationship to one another:
Max. Response Time < Transmit Interval < Group Membership
Interval.
If you enter values that contradict this relationship, the device then
replaces these values with a default value or with the last valid values.
UM BasicConfig L2P
Release 9.0 02/2015 161
Parameter Protocol Version Value Range Default Setting

Max. Response Time 1, 2 1-25 seconds 10 seconds
3 1-3,598 seconds
Transmit Interval 1, 2, 3 2-3,599 seconds 125 seconds
Group Membership Interval 1, 2, 3 3-3,600 seconds 260 seconds
Table 12: Value range for Max. Response Time, Transmit Interval and Group
Membership Interval
 Multicasts
With these frames you can enter global settings for the Multicast
functions.
Prerequisite: The IGMP Snooping function is activated globally.
Unknown Multicasts
In this frame you can determine how the device in IGMP mode sends
packets with known and unknown MAC/IP Multicast addresses that
were not learned through IGMP Snooping..
“Unknown Muilticasts” allows you to specify how the device transmits
unknown Multicast packets:
 “Send to Query Ports”.
The device sends the packets with an unknown MAC/IP Multicast
address to all query ports.
 “Send to All Ports”.
The device sends the packets with an unknown MAC/IP Multicast
address to all ports.
 “Discard”.
The device discards all packets with an unknown MAC/IP Multicast
address.
Note: The way in which unlearned Multicast addresses are handled

also applies to the reserved IP addresses from the “Local Network
Control Block” (224.0.0.0 - 224.0.0.255). This can have an effect on
higher-level routing protocols.
UM BasicConfig L2P
162 Release 9.0 02/2015
Known Multicasts
In this frame you can determine how the device in IGMP mode sends
packets with known MAC/IP Multicast addresses that were learned
through IGMP Snooping.
 “Send to query and registered ports”.
The device sends the packets with a known MAC/IP Multicast
address to all query ports and to registered ports.
This standard setting sends all Multicasts to all query ports and to
registered ports. The advantage of this is that it works in most
applications without any additional configuration.
Application: “Flood and Prune” routing in PIM-DM.
 “Send to registered ports”.
The device sends the packets with a known MAC/IP Multicast
address to registered ports.
The advantage of this setting, which deviates from the standard, is
that it uses the available bandwidth optimally through direct
distribution. It requires additional port settings.
Application: Routing protocol PIM-SM.
 Settings per Port (Table)

 “IGMP on”
This table column enables you to enable/disable the IGMP for each
port when the global IGMP Snooping is enabled. Port registration
will not occur if IGMP is disabled.
UM BasicConfig L2P
Release 9.0 02/2015 163
 “IGMP Forward All”

This table column enables you to enable/disable the “Forward All”
IGMP Snooping function when the global IGMP Snooping is
enabled. With the “Forward All” setting, the device sends to this port
all data packets with a Multicast address in the destination address
field.
Note: If a number of routers are connected to a subnetwork, you

must use IGMP version 1 so that all the routers receive all the IGMP
reports.
Note: If you use IGMP version 1 in a subnetwork, then you must also
use IGMP version 1 in the entire network.
 “IGMP Automatic Query Port”

This table column shows you which ports the device has learned as
query ports, if “automatic” is selected in “Static Query Port”.
 "Static Query Port“

The device sends IGMP Report messages to the ports on which it
receives IGMP requests (disabled=as-delivered state).
This table column also lets you send IGMP Report messages to:
other selected ports (enable) or
connected Hirschmann devices (automatic).
 “Learned Query Port”

This table column shows you at which ports the device has received
IGMP queries, if “disable” is selected in “Static Query Port”.
Note: If the device is incorporated into a HIPER-Ring, you can use the
following settings to quickly reconfigure the network for data packets
with registered Multicast destination addresses after the ring is
switched:
 Switch on the IGMP Snooping on the ring ports and globally, and
 activate “IGMP Forward All” per port on the ring ports.
UM BasicConfig L2P
164 Release 9.0 02/2015
Figure 35: IGMP Snooping dialog
8.2.5 Description of GMRP

The GARP Multicast Registration Protocol (GMRP) describes the distribution
of data packets with a multicast address as the destination address on Layer
2.
Devices that want to receive data packets with a multicast address as the
destination address use the GMRP to perform the registration of the
multicast address. For a switch, registration involves entering the multicast
addresses in the filter table. When you enter a multicast address in the filter
table, the switch sends this information in a GMRP packet to the ports. As a
result, the connected switches forward the multicast address entered in the
filter table to this switch. The GMRP sends packets with a Multicast address
in the destination address field to the ports entered.
UM BasicConfig L2P
Release 9.0 02/2015 165
The feature is available on MS, RS, MACH102, MACH1020/30, Octopus,

RSR and MACH1040, MACH104 devices. Depending on the configuration,
the switch either discards unknown multicast addresses, or sends the data
packets with unknown multicast addresses to the ports.
Default setting: “Off”.
UM BasicConfig L2P
166 Release 9.0 02/2015
8.2.6 Setting GMRP
 Select the Switching:Multicasts:GMRP dialog.
 Operation
The “Operation” frame allows you to enable GMRP globally for the
entire device.
If GMRP is disabled, then

 the device does not generate any GMRP packets,
 does not evaluate any GMRP packets received, and
 sends (floods) received data packets to all ports.
The device is transparent for received GMRP packets, regardless of the

GMRP setting.
 Multicasts
The "Multicasts" frame allows you to configure GMRP to discard
multicasts addresses or send them to the ports.
Enable GMRP, then:

 when you select "Discard", the device deletes unknown multicasts
 when you select "Send To All Ports", the device evaluates the
GMRP packets received, and sends (floods) received data packets
to the ports.
UM BasicConfig L2P
Release 9.0 02/2015 167
 Settings per Port (Table)

 „GMRP”
This table column enables you to enable/disable the GMRP for each
port when the GMRP is enabled globally. When you switch off the
GMRP at a port, no registrations can be made for this port, and
GMRP packets cannot be forwarded at this port.
 “GMRP Service Requirement”

Devices that do not support GMRP can be integrated into the
Multicast addressing by means of
 a static filter address entry on the connecting port.
 selecting “Forward all groups” in the table column “GMRP Service Requirement”.
The device enters ports with the selection “Forward all groups” in all Multicast
filter entries learned via GMRP.
Note: If the device is incorporated into a HIPER-Ring, you can use the
following settings to quickly reconfigure the network for data packets
with registered Multicast destination addresses after the ring is
switched:
 Activate GMRP on the ring ports and globally, and
 activate “Forward all groups” on the ring ports.
Figure 36: Multicasts dialog
UM BasicConfig L2P
168 Release 9.0 02/2015
Network Load Control 8.3 Rate Limiter
8.3 Rate Limiter
8.3.1 Description of the Rate Limiter

To ensure reliable operation at a high level of traffic, the device allows you to
limit the rate of traffic at the ports.
Entering a limit rate for each port determines the amount of traffic the device
is permitted to transmit and receive.
If the traffic at this port exceeds the maximum rate entered, then the device
suppresses the overload at this port.
A global setting enables/disables the rate limiter function at all ports.
Note: The limiter functions only work on Layer 2 and are used to limit the
effect of storms by frame types that the Switch floods (typically broadcasts).
In doing so, the limiter function disregards the protocol information of higher
layers, such as IP or TCP. This can affect on TCP traffic, for example.
To minimize these effects, use the following options:
 limiting the limiter function to particular frame types (e.g. to broadcasts,
multicasts and unicasts with unlearned destination addresses) and
receiving unicasts with destination addresses established by the
limitation,
 using the output limiter function instead of the input limiter function
because the former works slightly better together with the TCP flow
control due to switch-internal buffering.
 increasing the aging time for learned unicast addresses.
UM BasicConfig L2P
Release 9.0 02/2015 169
8.3.2 Rate limiter settings
 Select the Switching:Rate Limiter dialog.

 "Ingress Limiter (kbit/s)" allows you to enable or disable
the ingress limiter function for all ports and
to select the ingress limitation on all ports (either broadcast packets
only or broadcast packets and Multicast packets).
 "Egress Limiter (Pkt/s)" allows you to enable or disable the egress
limiter function for broadcasts on all ports.
Setting options per port:
 Ingress Limiter Rate for the packet type selected in the Ingress
Limiter frame:
 = 0, no ingress limit at this port.
 > 0, maximum ingress traffic rate in kbit/s that can be sent at this port.
 Egress Limiter Rate for broadcast packets:
 = 0, no rate limit for egress broadcast packets at this port.
 > 0, maximum number of egress broadcasts per second sent at this port.
Figure 37: Rate Limiter dialog
UM BasicConfig L2P
170 Release 9.0 02/2015
8.3.3 Rate limiter settings for

RS20/RS30/RS40, MS20/MS30,
RSR20/RSR30, MACH 100, MACH 1000 and
OCTOPUS
 Select the Switching:Rate Limiter dialog.

 "Ingress Limiter (kbit/s)" allows you to enable or disable the input
limiting function for all ports.
 "Egress Limiter (Pkt/s)" allows you to enable or disable the
broadcast output limiter function at all ports.
 "Egress Limiter (kbit/s)" allows you to enable or disable the output
limiter function for all packet types at all ports.
Setting options per port:
 "Ingress Packet Types" allows you to select the packet type for
which the limit is to apply:
 All, limits the total ingress data volume at this port.
 BC, limits the broadcast packets received at this port.
 BC + MC, limits broadcast packets and multicast packets received on this port.
 BC + MC + uUC, limits broadcast packets, multicast packets, and unknown
unicast packets received on this port.
 Ingress Limiter Rate (kbit/s) for the ingress packet type selected:
 = 0, no ingress limit at this port.
 > 0, maximum ingress traffic rate in kbit/s that can be received on this port.
 Egress Limit (Pkt/s) for broadcast packets:

 = 0, no rate limit for egress broadcast packets at this port.
 > 0, maximum number of egress broadcasts per second that can be sent on this
port.
 Egress Limit (kbit/s) for the entire data stream:

 = 0, no rate limit for egress data stream at this port.
 > 0, maximum egress traffic rate in kbit/s sent on this port.
UM BasicConfig L2P
Release 9.0 02/2015 171
Figure 38: Rate limiter
UM BasicConfig L2P
172 Release 9.0 02/2015
Network Load Control 8.4 QoS/Priority
8.4 QoS/Priority
8.4.1 Description of Prioritization

This function helps prevent time-critical data traffic such as language/video
or real-time data from being disrupted by less time-critical data traffic during
periods of heavy traffic. By assigning high traffic classes for time-critical data
and low traffic classes for less time-critical data, this provides optimal data
flow for time-critical data traffic.
The device supports 4 priority queues (IEEE 802.1D traffic classes) (8 with
MACH 4000, MACH 104, MACH 1040 and PowerMICE). Received data
packets are assigned to these classes by
 the priority of the data packet contained in the VLAN tag when the
receiving port was configured to “trust dot1p”.
 the QoS information (ToS/DiffServ) contained in the IP header when the
receiving port was configured to “trust ip-dscp”.
 the port priority when the port was configured to “untrusted”.
 the port priority when receiving non-IP packets when the port was
configured to “trust ip-dscp”.
 the port priority when receiving data packets without a VLAN tag (see on
page 93 “Configuring the Ports”) and when the port was configured to
“trust dot1p”.
Default setting: “trust dot1p”.
The device takes account of the classification mechanisms in the above

order.
UM BasicConfig L2P
Release 9.0 02/2015 173
Data packets can contain prioritizing/QoS information:

 VLAN priority based on IEEE 802.1Q/ 802.1D (Layer 2)
8.4.2 VLAN tagging

The VLAN tag is integrated into the MAC data frame for the VLAN and
Prioritization functions in accordance with the IEEE 802 1Q standard. The
VLAN tag consists of 4 bytes. It is inserted between the source address field
and the type field.
For data packets with a VLAN tag, the device evaluates:

 the priority information and
 the VLAN information if VLANs have been set.
Data packets with VLAN tags containing priority information but no VLAN
information (VLAN ID = 0), are known as Priority Tagged Frames.
Priority Traffic class for Traffic Class for IEEE 802.1D traffic type
entered RS20/RS30/RS4 PowerMICE,
0, MACH
MACH 1000, 104/MACH 1040
MS20/MS30, and MACH 4000
OCTOPUS default setting)
(default)
0 1 2 Best effort (default)
1 0 0 Background
2 0 1 Standard
3 1 3 Excellent effort (business critical)
4 2 4 Controlled load
(streaming multimedia)
5 2 5 Video, less than 100 milliseconds of
latency and jitter
Table 13: Assignment of the priority entered in the tag to the traffic classes
UM BasicConfig L2P
174 Release 9.0 02/2015
Priority Traffic class for Traffic Class for IEEE 802.1D traffic type
entered RS20/RS30/RS4 PowerMICE,
0, MACH
MACH 1000, 104/MACH 1040
MS20/MS30, and MACH 4000
OCTOPUS default setting)
(default)
6 3 6 Voice, less than 10 milliseconds of
latency and jitter
7 3 7 Network control reserved traffic
Table 13: Assignment of the priority entered in the tag to the traffic classes
Note: Network protocols and redundancy mechanisms use the highest traffic
classes 3 (RS20/30/40, MS20/30, RSR20/RSR30, MACH 1000, OCTOPUS)
or 7 (PowerMICE, MACH 104/MACH 1040, MACH 4000). Therefore, select
other traffic classes for application data.
ld
F ie ield
r F ld
ite ess ie
i m r F ld
l d Del dd e ss F ie
e A r k
Fi e n dd d pe ec ield
l e am tio A l / Ty ld el
d ld h
C F
b Fr na e ie th ie Fi e
m t t i r c F F Fi me nce
ea ar s u g ng ta at
a d a e
Pr St De So Ta Le Da D Pa Fr equ
S
7 1 6 6 4 2 42-1500 Octets 4
t
min. 64, max. 1522 Octets
Figure 39: Ethernet data packet with tag
UM BasicConfig L2P
Release 9.0 02/2015 175
r
ifie
r nt
ifie Ide
nt Bi
t
at
Ide , 3 rm e r
ol ir ty l Fo t ifi
oc en
r ot P rio nica Id
P it
a g B
r
se an it
o
L AN it
T x8 U C B V B
2 1 12
4 Octets
Figure 40: Tag format
When using VLAN prioritizing, note the following special features:

 End-to-end prioritizing requires the VLAN tags to be transmitted to the
entire network, which means that all network components must be VLAN-
capable.
 Routers cannot receive or send packets with VLAN tags via port-based
router interfaces.
UM BasicConfig L2P
176 Release 9.0 02/2015
8.4.3 IP ToS / DiffServ
 TYPE of Service
The Type of Service (ToS) field in the IP header (see table 14) has been
part of the IP protocol from the start, and it is used to differentiate various
services in IP networks. Even back then, there were ideas about
differentiated treatment of IP packets, due to the limited bandwidth
available and the unreliable connection paths. Because of the continuous
increase in the available bandwidth, there was no need to use the ToS
field. Only with the real-time requirements of today's networks has the
ToS field become significant again. Selecting the ToS byte of the IP
header enables you to differentiate between different services. However,
this field is not widely used in practice.
Bits 0 1 2 3 4 5 6 7
Precedence Type of Service MBZ
Bits (0-2): IP Precedence Defined Bits (3-6): Type of Service Defined Bit (7)
111 - Network Control 0000 - [all normal] 0 - Must be zero
110 - Internetwork Control 1000 - [minimize delay]
101 - CRITIC / ECP 0100 - [maximize throughput]
100 - Flash Override 0010 - [maximize reliability]
011 - Flash 0001 - [minimize monetary cost]
010 - Immediate
001 - Priority
000 - Routine
Table 14: ToS field in the IP header
UM BasicConfig L2P
Release 9.0 02/2015 177
 Differentiated Services
The Differentiated Services field in the IP header (see figure 41) newly
defined in RFC 2474 - often known as the DiffServ code point or DSCP -
replaces the ToS field and is used to mark the individual packets with a
DSCP. Here the packets are divided into different quality classes. The first
3 bits of the DSCP are used to divide the packets into classes. The next
3 bits are used to further divide the classes on the basis of different
criteria. In contrast to the ToS byte, DiffServ uses 6 bits for the division
into classes. This results in up to 64 different service classes.
Bits 0 1 2 3 4 5 6 7
Differentiated Services Codepoint Explicit
(DSCP) RFC 2474 Congestion
Class Selector Notification
Codepoints (ECN)
Figure 41: Differentiated Services field in the IP header
The different DSCP values get the device to employ a different

forwardingbehavior, namely Per-Hop Behavior (PHB). PHB classes:
 Class Selector (CS0-CS7): For reasons of compatibility to TOS/IP
Precedence
 Expedited Forwarding (EF): Premium service.
Reduced delay, jitter + packet loss (RFC 2598)
 Assured Forwarding (AF): Provides a differentiated schema for
handling different data traffic (RFC 2597).
 Default Forwarding/Best Effort: No particular prioritizing.
The PHB class selector assigns the 7 possible IP precedence values from
the old ToS field to specific DSCP values, thus ensuring the downwards
compatibility.
ToS Meaning Precedence Value Assigned DSCP

Network Control 111 CS7 (111000)
Internetwork Control 110 CS6 (110000)
Critical 101 CS5 (101000)
Table 15: Assigning the IP precedence values to the DSCP value
UM BasicConfig L2P
178 Release 9.0 02/2015
ToS Meaning Precedence Value Assigned DSCP

Flash Override 100 CS4 (100000)
Flash 011 CS3 (011000)
Immidiate 010 CS2 (010000)
Priority 001 CS1 (001000)
Routine 000 CS0 (000000)
Table 15: Assigning the IP precedence values to the DSCP value
DSCP value DSCP name Traffic Class for Traffic Class for
MACH 4000, RS20/RS30/RS40,
MACH 104, RSR20/RSR30,
MACH 1040, MS20/MS30,
PowerMICE OCTOPUS,
(default setting) MACH 1000
(default setting)
0 Best Effort /CS0 2 1
1-7 2 1
8 CS1 0 0
9,11,13,15 0 0
10,12,14 AF11,AF12,AF13 0 0
16 CS2 1 0
17,19,21,23 1 0
18,20,22 AF21,AF22,AF23 1 0
24 CS3 3 1
25,27,29,31 3 1
26,28,30 AF31,AF32,AF33 3 1
32 CS4 4 2
33,35,37,39 4 2
34,36,38 AF41,AF42,AF43 4 2
40 CS5 5 2
41,42,43,44,45,47 5 2
46 EF 5 2
48 CS6 6 3
49-55 6 3
56 CS7 7 3
57-63 7 3
Table 16: Mapping the DSCP values onto the traffic classes
UM BasicConfig L2P
Release 9.0 02/2015 179
8.4.4 Management prioritization

To have full access to the management of the device, even in situations of
high network load, the device enables you to prioritize management packets.
In prioritizing management packets (SNMP, SSH, etc.), the device sends the
management packets with priority information.
 On Layer 2 the device modifies the VLAN priority in the VLAN tag.
For this function to be useful, the configuration of the corresponding ports
must permit the sending of packets with a VLAN tag.
 On Layer 3 the device modifies the IP-DSCP value.
8.4.5 Handling of Received Priority Information

The device offers three options, which can be applied globally to all ports
(each port on the PowerMICE, MACH 104, MACH 1040 and MACH 4000)
and determine how it treats received data packets that contain a priority
indicator.
 trust dot1p
The device assigns VLAN-tagged packets to the different traffic classes
according to their VLAN priorities. The assignment is based on the pre-
defined table (see on page 174 “VLAN tagging”). You can modify this
assignment. The device assigns the port priority to packets that it receives
without a tag.
 untrusted
The device ignores the priority information in the packet and always
assigns the packets the port priority of the receiving port.
 trust ip-dscp
The device assigns the IP packets to the different traffic classes according
to the DSCP value in the IP header, even if the packet was also VLAN-
tagged. The assignment is based on the pre-defined values (see
table 16). You can modify this assignment.
The device prioritizes non-IP packets according to the port priority.
UM BasicConfig L2P
180 Release 9.0 02/2015
8.4.6 Handling of traffic classes

For the handling of traffic classes, the device provides:
 Strict Priority
 Description of Strict Priority

With the Strict Priority setting, the device first transmits data packets that
have a higher traffic class (higher priority) before transmitting a data
packet with the next highest traffic class. The device transmits a data
packet with the lowest traffic class (lowest priority) when there are no
other data packets remaining in the queue. In unfortunate cases, the
device never sends packets with a low priority if there is a high volume of
high-priority traffic waiting to be sent on this port.
In delay-sensitive applications, such as VoIP or video, Strict Priority
allows Strict Priority data to be sent immediately.
8.4.7 Setting prioritization
 Assigning the Port Priority
 Select the QoS/Priority:Port Configuration dialog.

 In the “Port Priority” column, you can specify the priority (0-7) with
which the device sends data packets which it receives without a
VLAN tag at this port.
 In the column "Trust Mode“, you have the option to control which
criterion the the device uses to assign a traffic class to received data
packets (see on page 173 “Description of Prioritization”).
Note: If you have set up VLANs, pay attention to the “VLAN 0

Transparent mode” (see Switching:VLAN:Global)
UM BasicConfig L2P
Release 9.0 02/2015 181

interface 1/1 Switch to the Interface Configuration mode of
interface 1/1.
vlan priority 3 Assigns port priority 3 to interface 1/1.
 Assigning VLAN priority to a traffic class
 Select the
QOS/Priority:802.1D/p-Mapping dialog.
 In the "Traffic Class" column, enter the desired values.

classofservice dot1p- Assign traffic class 2 to VLAN priority 0.
mapping 0 2
classofservice dot1p- Also assign traffic class 2 to VLAN priority 1.
mapping 1 2
show classofservice dot1p- Display the assignment.
mapping
User Priority Traffic Class

------------- -------------
0 2
1 2
2 0
3 1
4 2
5 2
6 3
7 3
 Always assign port priority to received data packets

(PowerMICE, MACH 104, MACH 1040 and MACH 4000)

interface 1/1.
UM BasicConfig L2P
182 Release 9.0 02/2015
no classofservice trust Assign the “no trust” mode to the interface.

vlan priority 1 Set the port priority to 1.
show classofservice trust Display the trust mode on interface 1/1.
1/1
Class of Service Trust Mode: Untrusted
Untrusted Traffic Class: 4
 Assigning the traffic class to a DSCP
 Select the
QOS/Priority:IP DSCP Mapping dialog.
 In the "Traffic Class" column, enter the desired values.

classofservice Assign traffic class 1 to DSCP CS1.
ip-dscp-mapping cs1 1
show classofservice ip-dscp-mapping
IP DSCP Traffic Class

------------- -------------
0(be/cs0) 2
1 2
.
.
8(cs1) 1
.
 Always assign DSCP priority per interface to received IP

data packets (PowerMICE, MACH 104, MACH 1040 and
MACH 4000)
interface 6/1 Switch to the interface configuration mode of
classofservice trust interface 6/1.
ip-dscp Assign the “trust ip-dscp” mode to the interface.
UM BasicConfig L2P
Release 9.0 02/2015 183

show classofservice trust Display the trust mode on interface 6/1.
6/1
Class of Service Trust Mode: IP DSCP
Non-IP Traffic Class: 2
 Always assign the DSCP priority to received IP data

packets globally
 Open the QoS/Priority:Global dialog.

 Select trustIPDSCP in the "Trust Mode" line.

classofservice trust ip- Assign the "trust ip-dscp" mode globally.
dscp
show classofservice trust Display the trust mode.
Class of Service Trust Mode: IP DSCP
 Configuring Layer 2 management priority

 Configure the VLAN ports to which the device sends management
packets as a member of the VLAN that sends data packets with a tag
(see on page 190 “Examples of VLANs”).

 In the "VLAN Priority for Management packets" field, you enter the
value of the VLAN priority.

network priority dot1p-vlan Assign the value 7 to the management priority so
7 that management packets with the highest priority
are sent.
show network Displays the management VLAN priority.
UM BasicConfig L2P
184 Release 9.0 02/2015
System IP Address.............................. 10.0.1.116

Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 10.0.1.200
Burned In MAC Address.......................... 00:80:63:51:7A:80
Network Configuration Protocol (BootP/DHCP).... None
DHCP Client ID (same as SNMP System Name)...... "PowerMICE-517A80"
Network Configuration Protocol HiDiscovery..... Read-Write
HiDiscovery Version............................ v1, v2
Management VLAN ID............................. 1
Management VLAN Priority....................... 7
Management IP-DSCP Value....................... 0(be/cs0)
Web Mode....................................... Enable
 Configuring Layer 3 management priority

 In the "IP DSCP Value for Management packets" field, you enter the
IP DSCP value with which the device sends management packets.

network priority ip-dscp Assign the value cs7 to the management priority so
cs7 that management packets with the highest priority
are handled.
show network Displays the management VLAN priority.
System IP Address.............................. 10.0.1.116

Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 10.0.1.200
Burned In MAC Address.......................... 00:80:63:51:7A:80
Network Configuration Protocol (BootP/DHCP).... None
DHCP Client ID (same as SNMP System Name)...... "PowerMICE-517A80"
Network Configuration Protocol HiDiscovery..... Read-Write
HiDiscovery Version............................ v1, v2
Management VLAN ID............................. 1
Management VLAN Priority....................... 7
Management IP-DSCP Value....................... 56(cs7)
Web Mode....................................... Enable
UM BasicConfig L2P
Release 9.0 02/2015 185
Network Load Control 8.5 Flow Control
8.5 Flow Control
8.5.1 Description of Flow Control

Flow control is a mechanism which acts as an overload protection for the
device. During periods of heavy traffic, it holds off additional traffic from the
network.
The example (see figure 42) shows a graphic illustration of how the flow
control works. Workstations 1, 2 and 3 want to simultaneously transmit a
large amount of data to Workstation 4. The combined bandwidth of
Workstations 1, 2 and 3 to the device is larger than the bandwidth of
Workstation 4 to the device. This leads to an overflow of the send queue of
port 4. The funnel on the left symbolizes this status.
If the flow control function at ports 1, 2 and 3 of the device is turned on, the
device reacts before the funnel overflows. Ports 1, 2 and 3 send a message
to the connected devices that no data can be received at present.
UM BasicConfig L2P
186 Release 9.0 02/2015
Port 1 Port 4
Switch
Port 2 Port 3
Workstation 1 Workstation 2 Workstation 3 Workstation 4
Figure 42: Example of flow control
 Flow Control with a full duplex link

In the example (see figure 42) there is a full duplex link between
Workstation 2 and the device.
Before the send queue of port 2 overflows, the device sends a request to
Workstation 2 to include a small break in the sending transmission.
Note: The devices RS20/30/40, MS20/30, Octopus, MACH 100, RSR

and MACH 1000 support flow control in full duplex mode only.
 Flow Control with a half duplex link

In the example (see figure 42) there is a half duplex link between
Workstation 2 and the device.
Before the send queue of port 2 overflows, the device sends data back so
that Workstation 2 detects a collision and interrupts the sending process.
UM BasicConfig L2P
Release 9.0 02/2015 187
Note: The devices RS20/30/40, MS20/30, Octopus, MACH 100, RSR

and MACH 1000 do not support flow control in half duplex mode.
8.5.2 Setting the Flow Control
 Select the
In the "Flow Control on" column, you checkmark this port to specify
that flow control is active here. You also activate the global "Flow
Control" switch in the
Switching:Global dialog.

With this dialog you can
 switch off the flow control at all ports or
 switch on the flow control at those ports for which the flow control is selected in
the port configuration table.
Note: When you are using a redundancy function, you deactivate the flow
control on the participating device ports. If the flow control and the
redundancy function are active at the same time, there is a risk that the
redundancy function will not operate as intended.
UM BasicConfig L2P
188 Release 9.0 02/2015
Network Load Control 8.6 VLANs
8.6 VLANs
8.6.1 VLAN Description

In the simplest case, a virtual LAN (VLAN) consists of a group of network
participants in one network segment who can communicate with each other
as if they belonged to a separate LAN.
More complex VLANs span out over multiple network segments and are also
based on logical (instead of only physical) connections between network
participants. Thus VLANs are an element of flexible network design, as you
can reconfigure logical connections centrally more easily than cable
connections.
The IEEE 802.1Q standard defines the VLAN function.
The most important benefits of VLANs are:
 Network load limiting

VLANs reduce the network load considerably as the devices transmit
broadcast, multicast, and unicast packets with unknown (unlearned)
destination addresses exclusively inside the virtual LAN. The rest of the
data network forwards traffic as normal.
 Flexibility
You have the option of forming user groups flexibly based on the function
of the participants and not on their physical location or medium.
 Clarity
VLANs give networks a clear structure and make maintenance easier.
UM BasicConfig L2P
Release 9.0 02/2015 189
8.6.2 Examples of VLANs

The following practical examples provide a quick introduction to the structure
of a VLAN.
 Example 1
A VLAN D
2
1 2 3 4 5
B C VLAN
3
Figure 43: Example of a simple port-based VLAN
The example shows a minimal VLAN configuration (port-based VLAN).

An administrator has connected multiple terminal devices to a
transmission device and assigned them to 2 VLANs. This effectively
prohibits any data transmission between the VLANs, whose members
communicate only within their own VLANs.
When setting up the VLANs, you create communication rules for every
port, which you enter in incoming (ingress) and outgoing (egress) tables.
The ingress table specifies which VLAN ID a port assigns to the incoming
data packets. Hereby, you use the port address of the terminal device to
assign it to a VLAN.
The egress table specifies at which ports the Switch may send the frames
from this VLAN. Your entry also defines whether the Switch marks (tags)
the Ethernet frames sent from this port.
 T = with tag field (T = tagged, marked)
 U = without tag field (U = untagged, not marked)
For this example, the status of the TAG field of the data packets has no
relevance, so you set it to "U“.
UM BasicConfig L2P
190 Release 9.0 02/2015
Terminal Port Port VLAN

identifier (PVID)
A 1 2
B 2 3
C 3 3
D 4 2
5 1
Table 17: Ingress table
VLANID Port
1 2 3 4 5
1 U
2 U U
3 U U
Table 18: Egress table
Proceed as follows to perform the example configuration:
 Configure VLAN
 Open the Switching:VLAN:Static dialog.
UM BasicConfig L2P
Release 9.0 02/2015 191
Figure 44: Creating and naming new VLANs

 Click on "Create" to open the window for entering the VLAN ID.
 Assign VLAN ID 2 to the VLAN.
 Click "OK".
 You give this VLAN the name VLAN2 by clicking on the field and
entering the name. Also change the name for VLAN 1 from Default
to VLAN1.
 Repeat the previous steps and create another VLAN with the VLAN
ID 3 and the name VLAN3.

vlan database Switch to the VLAN configuration mode.
vlan 2 Create a new VLAN with the VLAN ID 2.
vlan name 2 VLAN2 Give the VLAN with the VLAN ID 2 the name
VLAN2.
VLAN3.
VLAN1.
exit Leave the VLAN configuration mode.
UM BasicConfig L2P
192 Release 9.0 02/2015
show vlan brief Display the current VLAN configuration.

Max. VLAN ID................................... 4042
Max. supported VLANs........................... 255
Number of currently configured VLANs........... 3
VLAN 0 Transparent Mode (Prio. Tagged Frames).. Disabled
VLAN ID VLAN Name VLAN Type VLAN Creation Time
---- -------------------------------- --------- ------------------
1 VLAN1 Default 0 days, 00:00:05
2 VLAN2 Static 0 days, 02:44:29
 Configuring the ports
Figure 45: Defining the VLAN membership of the ports.

 Assign the ports of the device to the corresponding VLANs by
clicking on the related table cell to open the selection menu and
define the status. The selection options are:
 - = currently not a member of this VLAN (GVRP allowed)
 T = member of VLAN; send data packets with tag
 U = Member of the VLAN; send data packets without tag
 F = not a member of the VLAN (also disabled for GVRP)
Because terminal devices usually interpret untagged data packets
exclusivly, you select the U setting here.
 To temporarily save the changes, click "Set".
 Open the Switching:VLAN:Port dialog.
UM BasicConfig L2P
Release 9.0 02/2015 193
Figure 46: Assigning and saving "Port VLAN ID", "Acceptable Frame Types"
and "Ingress Filtering"
 Assign the Port VLAN ID of the related VLANs (2 or 3) to the
individual ports - see table.
 Because terminal devices usually send data packets as untagged,
you select the admitAll setting for the "Acceptable Frame Types".
 The settings for GVRP and Ingress Filter do not affect how this
example functions.
 Select the
configuration.

interface 1/1.
vlan participation include 2 Port 1/1 becomes member untagged in VLAN 2.
vlan pvid 2 Port 1/1 is assigned the port VLAN ID 2.
UM BasicConfig L2P
194 Release 9.0 02/2015
interface 1/2 Switch to the interface configuration mode for

port 1.2.
Interface 1/3.
interface 1/4.
show VLAN 3 Show details for VLAN 3.
VLAN ID : 3
VLAN Name : VLAN3
VLAN Type : Static
VLAN Creation Time: 0 days, 02:52:26 (System Uptime)
Interface Current Configured Tagging
---------- -------- ----------- --------
1/1 Exclude Autodetect Tagged
1/2 Include Include Untagged
UM BasicConfig L2P
Release 9.0 02/2015 195
 Example 2
A D VLAN E G
2
Management
Station (optional)
1 2 3 4 5 1 2 3 4 5
VLAN 1
B C VLAN F H
3
Figure 47: Example of a more complex VLAN configuration
The second example shows a more complex configuration with 3 VLANs

(1 to 3). Along with the Switch from example 1, you use a 2nd Switch (on
the right in the example).
The simple network divides the terminal devices, A - H, of the individual

VLANs over 2 transmission devices (Switches). VLANs configured in this
manner are „distributed VLANs“. When configured correctly the VLANs
allow the optional Management Station to access the network
components.
Note: In this case, VLAN 1 has no significance for the terminal device
communication, but it is required for the administration of the transmission
devices via what is known as the Management VLAN.
As in the previous example, uniquely assign the ports with their connected
terminal devices to a VLAN. With the direct connection between the 2
transmission devices (uplink), the ports transport packets for both VLANs.
To differentiate these uplinks you use “VLAN tagging”, which handles the
frames accordingly. Thus, you maintain the assignment to the respective
VLANs.
Add Uplink Port 5 to the ingress and egress tables from example 1.
Create new ingress and egress tables for the right switch, as described in
the first example.
UM BasicConfig L2P
196 Release 9.0 02/2015
The egress table specifies at which ports the Switch may send the frames
from this VLAN. Your entry also defines whether the Switch marks (tags)
the Ethernet frames sent from this port.
 T = with tag field (T = tagged, marked)
 U = without tag field (U = untagged, not marked)
In this example, the devices use tagged frames in the communication

between the transmission devices (uplink), the ports differentiate the
frames for different VLANs.

identifier (PVID)
A 1 2
B 2 3
C 3 3
D 4 2
Uplink 5 1
Table 19: Ingress table for device on left

identifier (PVID)
Uplink 1 1
E 2 2
F 3 3
G 4 2
H 5 3
Table 20: Ingress table for device on right
VLAN ID Port
1 2 3 4 5
1 U
2 U U T
3 U U T
Table 21: Egress table for device on left
VLAN ID Port
1 2 3 4 5
1 U
Table 22: Egress table for device on right
UM BasicConfig L2P
Release 9.0 02/2015 197
VLAN ID Port
2 T U U
3 T U U
Table 22: Egress table for device on right
The communication relationships here are as follows: terminal devices at

ports 1 and 4 of the left device and terminal devices at ports 2 and 4 of the
right device are members of VLAN 2 and can thus communicate with each
other. The behavior is the same for the terminal devices at ports 2 and 3
of the left device and the terminal devices at ports 3 and 5 of the right
device. These belong to VLAN 3.
The terminal devices “see” their respective part of the network.

Participants outside this VLAN cannot be reached. The device also sends
broadcast, multicast, and unicast packets with unknown (unlearned)
destination addresses exclusively inside a VLAN.
Here, VLAN tagging (IEEE 801.1Q) is used within the VLAN with the ID 1
(Uplink). You can see this from the letter T in the egress table of the ports.
The configuration of the example is the same for the device on the right.
Proceed in the same way, using the ingress and egress tables created
above to adapt the previously configured left device to the new
environment.
 Configure VLAN
 Open the Switching:VLAN:Static dialog.
UM BasicConfig L2P
198 Release 9.0 02/2015
Figure 48: Creating and naming new VLANs

 Click on "Create" to open the window for entering the VLAN ID.
 Assign VLAN ID 2 to the VLAN.
 You give this VLAN the name VLAN2 by clicking on the field and
entering the name. Also change the name for VLAN 1 from Default
to VLAN1.
 Repeat the previous steps and create another VLAN with the VLAN
ID 3 and the name VLAN3.

vlan database Switch to the VLAN configuration mode.
VLAN2.
VLAN3.
VLAN1.
UM BasicConfig L2P
Release 9.0 02/2015 199
show vlan brief Display the current VLAN configuration.

Max. VLAN ID................................... 4042
Max. supported VLANs........................... 255
Number of currently configured VLANs........... 3
VLAN 0 Transparent Mode (Prio. Tagged Frames).. Disabled
VLAN ID VLAN Name VLAN Type VLAN Creation Time
---- -------------------------------- --------- ------------------
1 VLAN1 Default 0 days, 00:00:05
 Configuring the ports
Figure 49: Defining the VLAN membership of the ports.

 Assign the ports of the device to the corresponding VLANs by
clicking on the related table cell to open the selection menu and
define the status. The selection options are:
 - = currently not a member of this VLAN (GVRP allowed)
 T = member of VLAN; send data packets with tag
 U = Member of the VLAN; send data packets without tag
 F = not a member of the VLAN (also disabled for GVRP)
Because terminal devices usually interpret untagged data packets,
you select the U setting. You select the Tsetting on the uplink port on
which the VLANs communicate with each other.
UM BasicConfig L2P
200 Release 9.0 02/2015
 Open the Switching:VLAN:Port dialog.
Figure 50: Assigning and saving "Port VLAN ID", "Acceptable Frame Types"
and "Ingress Filtering"
 Assign the ID of the related VLANs (1 to 3) to the individual ports.
 Because terminal devices usually send data packets as untagged,
you select the admitAll setting for the terminal device ports.
Configure the uplink port with admit only VLAN tags.
 To evaluate the VLAN tag on this port, activate "Ingress Filtering" on
the uplink port.
 Select the
configuration.

interface 1/1.
vlan tagging 2 Port 1/1 becomes member tagged in VLAN 2.
UM BasicConfig L2P
Release 9.0 02/2015 201

vlan tagging 3 Port 1/1 becomes member tagged in VLAN 3.
vlan ingressfilter Port 1/1 ingress filtering is activated.
vlan acceptframe vlanonly Port 1/1 only forwards frames with a VLAN tag.
interface 1/2 Switch to the interface configuration mode for
port 1.2.
Interface 1/3.
interface 1/4.
interface 1/5 Switch to the interface configuration mode for port
1.5.
show vlan 3 Show details for VLAN 3.
VLAN ID : 3
VLAN Name : VLAN3
VLAN Type : Static
VLAN Creation Time: 0 days, 00:07:47 (System Uptime)
Interface Current Configured Tagging
---------- -------- ----------- --------
1/1 Include Include Tagged
1/2 Exclude Autodetect Untagged
1/4 Exclude Autodetect Untagged
For further information on VLANs, see the reference manual and the
integrated help function in the program.
UM BasicConfig L2P
202 Release 9.0 02/2015
Operation Diagnosis
9 Operation Diagnosis
The device provides you with the following diagnostic tools:

 Sending traps
 Monitoring the device status
 Out-of-band signaling via signal contact
 Port status indication
 Event counter at port level
 Detecting non-matching duplex modes
 SFP status display
 TP cable diagnosis
 Topology Discovery
 Detecting IP address conflicts
 Detecting loops
 Reports
 Monitoring data traffic at a port (port mirroring)
 Syslog
 Event log
UM BasicConfig L2P
Release 9.0 02/2015 203
Operation Diagnosis 9.1 Sending Traps
9.1 Sending Traps
The device reports unusual events which occur during normal operation
immediately to the management station. This is done by messages called
traps that bypass the polling procedure ("Polling" means querying the data
stations at regular intervals). Traps allow you to react quickly to unusual
events.
Examples of such events are:
 Hardware reset
 Changes to the configuration
 Segmentation of a port
The device sends traps to various hosts to increase the transmission

reliability for the messages. The unacknowledged trap message consists of
a packet containing information about an unusual event.
The device sends traps to those hosts entered in the trap destination table.
The device allows you to configure the trap destination table with the
management station via SNMP.
UM BasicConfig L2P
204 Release 9.0 02/2015
9.1.1 List of SNMP traps

The following table shows a list of the traps that can be sent by the device.
Trap name Meaning
authenticationFailure this is sent if a station attempts to access an agent without
authorisation.
coldStart this is sent during the boot phase for both cold starts and warm
starts, after successful initialisation of the network management.
hmAutoconfigAdapterTrap this is sent when the AutoConfiguration AdapterACA is
disconnected or connected.
linkDown this is sent if the connection to a port is interrupted.
linkUp this is sent when connection is established to a port.
hmTemperature this is sent if the temperature exceeds the set threshold limits.
hmPowerSupply this is sent if the power supply status changes.
hmSigConRelayChange this is sent if the status of the signal contact changes in the
function monitoring.
newRoot this is sent if the sending agent becomes the new root of the
spanning tree.
topologyChange this is sent if the switching mode of a port changes.
risingAlarm this is sent if an RMON alarm input exceeds its upper threshold.
fallingAlarm this is sent if an RMON alarm input goes below its lower threshold.
hmPortSecurityTrap this is sent if an MAC/IP address detected on this port does not
correspond to the current settings for
– hmPortSecPermission and
– hmPorSecAction is set to either trapOnly (2) or portDisable (3).
hmModuleMapChange this is sent if the hardware configuration changes.
hmBPDUGuardTrap this is sent if a BPDU is received on a port while the BPDU Guard
function is active.
hmMrpReconfig this is sent if the configuration of the MRP Ring changes.
hmRingRedReconfig this is sent if the configuration of the HIPER Ring changes.
hmRingRedCplReconfig this is sent if the configuration of the redundant ring/network
coupling changes.
hmSNTPTrap this is sent if an error occurs in relation to the SNTP (e.g. server
not available).
hmRelayDuplicateTrap this is sent if a duplicate IP address is detected in relation to DHCP
Option 82.
lldpRemTablesChangeTra this is sent if an entry in the Remote Table topology changes.
p
hmConfigurationSavedTra this is sent after the device has successfully saved its
p configuration locally.
hmConfigurationChangedT this is sent if you change the configuration of the device after
rap saving locally for the first time.
Table 23: Possible traps
UM BasicConfig L2P
Release 9.0 02/2015 205
Trap name Meaning

hmAddressRelearnDetectT this is sent if Address Relearn Detection is active and the relearn
rap threshold for MAC addresses on different ports is exceeded. This
process indicates high probability of a loop situation on the
network.
hmDuplexMismatchTrap this is sent if the device detects a possible problem with duplex
mode on a port.
hmTrapRebootOnError this is sent if the device detects an error which is to be corrected
by a cold start.
Table 23: Possible traps
9.1.2 SNMP Traps when Booting

The device sends the ColdStart trap during every booting.
UM BasicConfig L2P
206 Release 9.0 02/2015
9.1.3 Configuring Traps
 Open the Diagnostics:Alarms (Traps) dialog.

This dialog allows you to determine which events trigger an alarm (trap)
and where these alarms should be sent.
 Click "Create".
 In the "IP Address“ column, enter the IP address of the management
station to which the traps should be sent.
 In the "Enabled“ column, you mark the entries that the device should
take into account when it sends traps. Default setting: inactive.
 In the column "Password", enter the community name that the
device uses to identify itself as the trap's source.
 In the “Configuration” frame, select the trap categories from which
you want to send traps. Default setting: all trap categories are active.
Note: You need read-write access for this dialog.
Figure 51: Alarms dialog
UM BasicConfig L2P
Release 9.0 02/2015 207
The events which can be selected are:
Name Meaning
Authentication The device has rejected an unauthorized access attempt (see the Access
for IP Addresses and Port Security dialog).
Link Up/Down At one port of the device, the link to another device has been
established/interrupted.
Spanning Tree The topology of the Rapid Spanning Tree has changed.
Chassis Summarizes the following events:
– The status of a supply voltage has changed (see the System dialog).
– The status of the signal contact has changed.
To take this event into account, you activate “Create trap when status
changes” in the Diagnostics:Signal Contact 1/2 dialog.
- The AutoConfiguration Adapter (ACA), has been added or removed.
- The configuration on the AutoConfiguration Adapter(ACA) does not
match that in the device.
– The temperature thresholds have been exceeded/not reached.
– A media module has been added or removed (only for modular devices).
– The receiver power status of a port with an SFP module has changed
(see dialog Diagnostics:Ports:SFP Modules).
The redundancy status of the ring redundancy (redundant line
active/inactive) or (for devices that support redundant ring/network
coupling) the redundant ring/network coupling (redundancy exists) has
changed.
Port security On one port a data packet has been received from an unauthorized
terminal device (see the Port Security dialog).
Table 24: Trap categories
UM BasicConfig L2P
208 Release 9.0 02/2015
Operation Diagnosis 9.2 Monitoring the Device Status
9.2 Monitoring the Device Status
The device status provides an overview of the overall condition of the device.
Many process visualization systems record the device status for a device in
order to present its condition in graphic form.
The device displays its current status as "Error" or "OK" in the "Device
Status" frame. The device determines this status from the individual
monitoring results.
The device enables you to
 signal the device status out-of-band via a signal contact
(see on page 214 “Monitoring the Device Status via the Signal Contact”)
 signal the device status by sending a trap when the device status changes
 detect the device status in the graphical user interface on the system side.
 query the device status in the Command Line Interface.
The Diagnostics:Device Status dialog of the device includes:

 Incorrect supply voltage
- at least one of the 2 supply voltages is not operating,
- the internal supply voltage is not operating.
 The temperature threshold has been exceeded or has not been reached.
 The removal of a module (for modular devices).
 The removal of the ACA.
 The configuration on the external memory does not match that in the
device.
 The interruption of the connection at at least one port. In the Basic
Settings:Port Configuration menu, you define which ports the
device signals if the connection is down (see on page 94 “Displaying
detected loss of connection”). On delivery, there is no link monitoring.
 Events for ring redundancy:
Loss of the redundancy (in ring manager mode). On delivery, ring
redundancy monitoring is inactive.
The device is a normal ring participant and detects an error in the local
configuration.
UM BasicConfig L2P
Release 9.0 02/2015 209
 Event in the ring/network coupling:

Loss of the redundancy. On delivery, there is no ring redundancy
monitoring.
The following conditions are also reported by the device in standby mode:
– Defective link status of the control line
– Partner device is in standby mode
 Failure of a fan (MACH 4000).
Select the corresponding entries to decide which events the device status
includes.
Note: With a non-redundant voltage supply, the device reports the absence
of a supply voltage. If you do not want this message to be displayed, feed the
supply voltage over both inputs or switch off the monitoring (see on page 214
“Monitoring the Device Status via the Signal Contact”).
9.2.1 Configuring the Device Status
 Open the Diagnostics:Device Status dialog.

 In the “Monitoring” field, you select the events you want to monitor.
 To monitor the temperature, you also set the temperature thresholds
in the Basic settings:System dialog at the end of the system
data.

device-status monitor all Include all the possible events in the device
error status determination.
device-status trap enable Enable a trap to be sent if the device status
changes.
UM BasicConfig L2P
210 Release 9.0 02/2015
Note: The above CLI commands activate the monitoring and the trapping
respectively for all the supported components. If you want to activate or
deactivate monitoring only for individual components, you will find the
corresponding syntax in the CLI manual or in the help of the CLI console
(enter a question mark “?“ at the CLI prompt).
9.2.2 Displaying the Device Status
 Select the Basics:System dialog.
1 2 3
Figure 52: Device status and alarm display

1 - The symbol displays the device status
2 - Cause of the oldest existing alarm
3 - Start of the oldest existing alarm
exit Change to the privileged EXEC mode.

show device-status Display the device status and the setting for the
device status determination.
UM BasicConfig L2P
Release 9.0 02/2015 211
Operation Diagnosis 9.3 Out-of-band Signaling
9.3 Out-of-band Signaling
The signal contact is used to control external devices and monitor the
operation of the device. Function monitoring enables you to perform remote
diagnostics.
The device reports the operating status via a break in the potential-free signal
contact (relay contact, closed circuit):
 Incorrect supply voltage
- at least one of the 2 supply voltages is not operating,
- the internal supply voltage is not operating.
 The temperature threshold has been exceeded or has not been reached.
 The removal of a module (for modular devices).
 The removal of the ACA.
 The configuration on the external memory does not match that in the
device.
 The interruption of the connection at at least one port. In the Basic
Settings:Port Configuration menu, you define which ports the
device signals if the connection is down (see on page 94 “Displaying
detected loss of connection”). On delivery, there is no link monitoring.
 Events for ring redundancy:
Loss of the redundancy (in ring manager mode). On delivery, ring
redundancy monitoring is inactive.
The device is a normal ring participant and detects an error in the local
configuration.
 Event in the ring/network coupling:
Loss of the redundancy. On delivery, there is no ring redundancy
monitoring.
The following conditions are also reported by the device in standby mode:
– Defective link status of the control line
– Partner device is in standby mode
 Failure of a fan (MACH 4000).
Select the corresponding entries to decide which events the device status
includes.
UM BasicConfig L2P
212 Release 9.0 02/2015
Note: With a non-redundant voltage supply, the device reports the absence
of a supply voltage. If you do not want this message to be displayed, feed the
supply voltage over both inputs or switch off the monitoring (see on page 214
“Monitoring the Device Status via the Signal Contact”).
9.3.1 Controlling the Signal Contact

With this mode you control this signal contact remotely.
Application options:
 Simulation of an error detected during SPS error monitoring
 Remote control of a device via SNMP, such as switching on a camera
 Select the Diagnostics:Signal Contact 1/2) dialog.
 In the "Mode Signal contact" frame, you select the "Manual setting"
mode to switch the contact manually.
 Select "Opened" in the "Manual setting" frame to open the contact.
 Select "Closed" in the "Manual setting" frame to close the contact.

signal-contact 1 mode manual Select the manual setting mode for signal contact
1.
signal-contact 1 state open Open signal contact 1.
signal-contact 1 state close Close signal contact 1.
UM BasicConfig L2P
Release 9.0 02/2015 213
9.3.2 Monitoring the Device Status via the Signal

Contact
The "Device Status" option enables you, like in the operation monitoring, to
monitor the device state (see on page 214 “Monitoring the Device Status via
the Signal Contact”) via the signal contact.
9.3.3 Monitoring the Device Functions via the

Signal Contact
 Configuring the operation monitoring
 Select the Diagnostics:Signal Contact dialog.

 Select "Monitoring correct operation" in the "Mode signal contact"
frame to use the contact for operation monitoring.
 In the "Monitoring correct operation" frame, you select the events
you want to monitor.
 To monitor the temperature, you set the temperature thresholds in
the Basics:System dialog at the end of the system data.

signal-contact 1 monitor all Includes all the possible events in the operation
monitoring.
signal-contact 1 trap enable Enables a trap to be sent if the status of the
operation monitoring changes.
 Displaying the signal contact’s status

The device gives you 3 additional options for displaying the status of the
signal contact:
 LED display on device,
 display in the graphical user interface,
 query in the Command Line Interface.
UM BasicConfig L2P
214 Release 9.0 02/2015
Figure 53: Signal Contact dialog
exit Change to the privileged EXEC mode.

show signal-contact 1 Displays the status of the operation monitoring
and the setting for the status determination.
9.3.4 Monitoring the Fan

Devices in the Mach 4000 family have a replaceable plug-in fan unit. This
plug-in fan helps considerably in reducing the internal temperature of the
device.
Fans are subject to natural wear. The failure of one or more fans in the plug-
in fan can have a negative effect on the operation and life span of the device,
or can lead to a total failure of the device.
UM BasicConfig L2P
Release 9.0 02/2015 215
The device enables you

 to signal changes to the status of the plug-in fan out-of-band (outside the
data flow) via a signal contact (see on page 214 “Monitoring the Device
Status via the Signal Contact”)
 to signal changes to the status of the plug-in fan by sending a trap when
the device status changes
 to detect status changes to the plug-in fan in the Web-based interface on
the system side and
 to query changes to the status of the plug-in fan in the Command Line
Interface.
Proceed as follows to signal changes to the fan status via a signal contact
and with an alarm message:
 Select the Diagnostics:Signal Contact dialog.

 Select the signal contact you want to use (in the example, signal
contact 1) in the corresponding tab page “Signal contact 1” or
“Signal contact 2”.
 In the “Signal contact mode” frame, select “Function monitoring”.
 In the “Function monitoring” frame, select the fan monitoring.
 Select the
configuration.
UM BasicConfig L2P
216 Release 9.0 02/2015
Figure 54: Monitoring the fan with the signal contact and trap
UM BasicConfig L2P
Release 9.0 02/2015 217
Operation Diagnosis 9.4 Port Status Indication
9.4 Port Status Indication
 Select the Basics:System dialog.

The device view shows the device with the current configuration. The
status of the individual ports is indicated by one of the symbols listed
below. You will get a full description of the port's status by positioning
the mouse pointer over the port's symbol.
Figure 55: Device View
UM BasicConfig L2P
218 Release 9.0 02/2015
Operation Diagnosis 9.4 Port Status Indication
Meaning of the symbols:
The port (10, 100 Mbit/s, 1, 10 Gbit/s) is enabled

and the connection is OK.
The port is disabled by the management

and it has a connection.
The port is disabled by the management

and it has no connection.
The port is in autonegotiation mode.
The port is in HDX mode.
The port (100 MBit/s) is in the discarding mode of a redundancy

protocol such as Spanning Tree or HIPER-Ring.
The port is in routing mode (100 Mbit/s).
UM BasicConfig L2P
Release 9.0 02/2015 219
Operation Diagnosis 9.5 Event Counter at Port Level
9.5 Event Counter at Port Level
The port statistics table enables experienced network administrators to

identify possible detected problems in the network.
This table shows you the contents of various event counters. In the Restart
menu item, you can reset the event counters to zero using "Warm start",
"Cold start" or "Reset port counter".
The packet counters add up the events sent and the events received.
Counter Indication of known possible weakness

Received fragments – Non-functioning controller of the connected device
– Electromagnetic interference in the transmission medium
CRC error – Non-functioning controller of the connected device
– Electromagnetic interference in the transmission medium
– Inoperable component in the network
Collisions – Non-functioning controller of the connected device
– Network over extended/lines too long
– Collision or a detected fault with a data packet
Table 25: Examples indicating known weaknesses
 Select the Diagnostics:Ports:Statistics dialog.
 To reset the counters, click on “Reset port counters” in the Basic

Settings:Restart dialog.
UM BasicConfig L2P
220 Release 9.0 02/2015
Figure 56: Port Statistics dialog
9.5.1 Detecting Non-matching Duplex Modes

If the duplex modes of 2 ports directly connected to each other do not match,
this can cause problems that are difficult to track down. The automatic
detection and reporting of this situation has the benefit of recognizing it
before problems occur.
This situation can arise from an incorrect configuration, e.g. if you deactivate
the automatic configuration at the remote port.
A typical effect of this non-matching is that at a low data rate, the connection
seems to be functioning, but at a higher bi-directional traffic level the local
device records a lot of CRC errors, and the connection falls significantly
below its nominal capacity.
UM BasicConfig L2P
Release 9.0 02/2015 221
The device allows you to detect this situation and report it to the network
management station. In the process, the device evaluates the error counters
of the port in the context of the port settings.
 Possible causes of port error events

The following table lists the duplex operating modes for TX ports, with the
possible fault events. The meanings of terms used in the table are as
follows:
 Collisions: In half-duplex mode, collisions mean normal operation.
 Duplex problem: Mismatching duplex modes.
 EMI: Electromagnetic interference.
 Network extension: The network extension is too great, or too many
cascading hubs.
 Collisions, late collisions: In full-duplex mode, no incrementation of the
port counters for collisions or late collisions.
 CRC error: The device evaluates these errors as non-matching duplex
modes in the manual full duplex mode.
No. Automatic Current Detected error Duplex modes Possible causes

configuration duplex events (≥ 10
mode after link up)
1 On Half duplex None OK
2 On Half duplex Collisions OK
3 On Half duplex Late collisions Duplex problem Duplex problem, EMI,
detected network extension
4 On Half duplex CRC error OK EMI
5 On Full duplex None OK
6 On Full duplex Collisions OK EMI
7 On Full duplex Late collisions OK EMI
8 On Full duplex CRC error OK EMI
9 Off Half duplex None OK
10 Off Half duplex Collisions OK
11 Off Half duplex Late collisions Duplex problem Duplex problem, EMI,
detected network extension
12 Off Half duplex CRC error OK EMI
13 Off Full duplex None OK
14 Off Full duplex Collisions OK EMI
Table 26: Evaluation of non-matching of the duplex mode
UM BasicConfig L2P
222 Release 9.0 02/2015
No. Automatic Current Detected error Duplex modes Possible causes

configuration duplex events (≥ 10
mode after link up)
15 Off Full duplex Late collisions OK EMI
16 Off Full duplex CRC error Duplex problem Duplex problem, EMI
detected
Table 26: Evaluation of non-matching of the duplex mode (cont.)
 Activating the detection
 Select the Switching:Switching Global dialog.

 Select “Activate Duplex Mismatch Detection”. The device then
checks whether the duplex mode of a port might not match that of
the remote port.
If the device detects a potential mismatch, it creates an entry in the
event log and sends an alarm (trap).

bridge duplex-mismatch-detect Activates the detection and reporting of non-
operation enable matching duplex modes.
bridge duplex-mismatch-detect Deactivates the detection and reporting of non-
operation disable matching duplex modes.
9.5.2 TP Cable Diagnosis

The TP cable diagnosis allows you to check the connected cables for short-
circuits or interruptions.
Note: While the check is running, the data traffic at this port is suspended.
UM BasicConfig L2P
Release 9.0 02/2015 223
The check takes a few seconds. After the check, the "Result" row contains
the result of the cable diagnosis. If the result of the check shows a cable
problem, then the "Distance" row contains the cable problem location’s
distance from the port.
Result Meaning
normal The cable is okay.
open The cable is interrupted.
short circuit There is a short-circuit in the cable.
unknown No cable check was performed yet, or it is
currently running
Table 27: Meaning of the possible results
Prerequisites for correct TP cable diagnosis:

 1000BASE-T port, connected to a 1000BASE-T port via 8-core cable or
 10BASE-T/100BASE-TX port, connected to a 10BASE-T/100BASE-TX
port.
UM BasicConfig L2P
224 Release 9.0 02/2015
9.5.3 Port Monitor

When you enable this feature the device monitors the port states. The device
offers you the ability to disable individual ports or send a trap when user-
defined conditions occur.
Definable port conditions are:
 Link Flap
 CRC/Fragments
 Overload Detection
 Speed and duplex combination
In the Global dialog, you activate the configurations defined in the "Link Flap",
"CRC/Fragments" and "Overload Detection" tabs. The device detects these
conditions when you activate the functions. If the device detects the user
defined condition on a port, it produces the response defined for that port.
Link Flapping occurs when a link alternately advertises its link state as up and
down. You configure the device to detect this condition and then define
whether to send a trap or shut the port off.
Using the Cyclical Redundancy Check (CRC) the device detects data
packets modified during the transmission based on the checksum. The
device detects the total number of packets received that were less than 64
octets in length, excluding framing bits, but including FCS octets, and had
either a FCS error or an Alignment Error.
 A FCS error is a bad Frame Check Sequence (FCS) with an integral
number of octets.
 An Alignment Error is a bad FCS with a non-integral number of octets.
The device monitors both criteria if you enable the function in the "Global"
tab. If the number of occurred CRC/fragment errors exceeds the specified
threshold, the device executes the user-specified action.
Overload Detection prevents a broadcast, multicast, or unicast storm from
disrupting traffic on a port. The Overload Detection function monitors packets
passing from a port to the switching bus to determine if the packet is unicast,
multicast, or broadcast. The switch counts the number of user-defined
packets received within the "Sampling Interval "and compares the
measurement with a user-defined threshold. The port blocks traffic after
reaching the "Upper Threshold". When you activate the recovery function for
Overload Detection, the port remains blocked until the traffic rate drops
below the "Lower Threshold" and then forwards traffic as normal.
UM BasicConfig L2P
Release 9.0 02/2015 225
The device allows you to define which duplex mode is allowed for which
speed for a specific port. The monitoring of the combination of speed and
duplex mode prevents any undesired connections.
 Open the Diagnositics:Ports:Port Monitor dialog.
 Open the "Link Flap" tab.

 Define the number of times that a port cycles between link up and
link down before the function disables the port, in the "Link Flap
Count" text box, in the "Parameter" frame.
 Define the elapse time in the "Sample Interval [s]" text box in the
"Parameter" frame.
 Open the "CRC/Fragments" tab.

 Define the number of packets received containing changes in raw
data or fragment packets received before the function disables the
port, in the "CRC/Fragments count [ppm]" text box, in the
"Parameter" frame.
"Parameter" frame.
 Open the "Overload Detection" tab.

"Parameter" frame.
 For each port, define the type of traffic to monitor in the "Traffic Type"
column.
 For each port, define the type of threshold to use in the "Threshold
Type" column.
 For each port, define the threshold at which the device enables the
port in the "Lower Threshold" column.
 For each port, define the threshold at which the device disables the
port in the "Upper Threshold" column.
 Open the "Speed Duplex" tab.
UM BasicConfig L2P
226 Release 9.0 02/2015
 You define for each port which duplex mode is allowed for which
speed.
– "hdx" = half duplex
– "fdx" = full duplex
– "10" = 10 Mbit/s
– "100" = 100 Mbit/s
etc.
 Open the "Global" tab.

 In the "Port Monitor on" column of the "Global" tab, select the ports
to monitor.
 To activate the Port Monitor function, click On in the "Operation"
frame.
UM BasicConfig L2P
Release 9.0 02/2015 227
9.5.4 Auto Disable

If the configuration shows a port as enabled, but the device detects an error,
the software shuts down that port. In other words, the device software
disables the port because of a detected error condition.
When a port is auto-disabled, the device effectively shuts down the port and
the port blocks traffic. The port LED blinks green 3 times per period and
identifies the reason for the shutdown. In addition, the device generates a log
entry listing the reason for the auto-disable. When you enable the port after
a timeout by auto-disable, the device generates a log entry.
This feature provides a recovery function which automatically enables an
auto-disabled port after a user-defined time. When this function enables a
port, the device sends a trap with the port number and an empty "Reason"
entry.
The auto-disable function serves the following purposes:
 It assists the network administrator in port analysis.
 It eliminates the possibility that this port causes other ports on the module
(or the entire module) to shut down.
Note: The "Reset" button allows you to enable the port before the "Reset
Timer [s]" counts down.
So that the device enables the ports again that were disabled because of a
detected error state, complete the following steps:
 Open the Diagnositics:Ports:Auto Disable dialog.
 To enable ports again that the device has disabled due to link flaps,
in the "Configuration" frame mark the "Link Flap" checkbox.
You define the parameters that cause the ports to be disabled due
to link flaps in the Diagnostics:Ports:Port Monitor dialog, on the
"Link Flap" tab.
UM BasicConfig L2P
228 Release 9.0 02/2015
 To enable ports again that the device has disabled due to CRC or
fragment errors, on the "Configuration" frame mark the "CRC Error"
checkbox.
to CRC or fragment errors in the Diagnostics:Ports:Port Monitor
dialog, on the "CRC/Fragments" tab.
 To enable ports again that the device has disabled due to an
overload, in the "Configuration" frame mark the "Overload
Detection" checkbox.
to an overload in the Diagnostics:Ports:Port Monitor dialog, on
the "Overload Detection" tab.
 To enable ports again that the device disabled due to an incorrect
speed and duplex combination, in the "Configuration" frame mark
the "Speed Duplex" checkbox.
to an incorrect speed and duplex combination in the
Diagnostics:Ports:Port Monitor dialog, on the "Speed Duplex"
tab.
 To enable ports again that the device disabled due to an
unauthorized access to the port, in the "Configuration" frame you
mark the "Port Security" checkbox.
to unauthorized access in the Security:Port Security dialog.
 You define the time until each port is automatically enabled again in
the "Reset Timer [s]" column in the table.
UM BasicConfig L2P
Release 9.0 02/2015 229
Operation Diagnosis 9.6 Displaying the SFP Status
9.6 Displaying the SFP Status
The SFP status display allows you to look at the current SFP module
connections and their properties. The properties include:
 module type
 support provided in media module
 temperature in º C
 transmission power in mW
 receive power in mW
 Select the Diagnostics:Ports:SFP modules dialog.
Figure 57: SFP Modules dialog
UM BasicConfig L2P
230 Release 9.0 02/2015
Operation Diagnosis 9.7 Topology Discovery
9.7 Topology Discovery
9.7.1 Description of Topology-Detection

IEEE 802.1AB defines the Link Layer Discovery Protocol (LLDP). LLDP
allows the user to automatically detect the LAN network topology.
Devices with LLDP active

 broadcast their connection and management information to adjacent
devices on the shared LAN. These devices can then be evaluated
provided they also have LLDP active.
 receive connection and management information from adjacent devices
on the shared LAN, provided these devices also have LLDP active.
 builds a management-information table and object definitions for storing
information about adjacent devices with LLDP active.
As the main element, the connection information contains an exact, unique

identifier for the connection end point: MSAP (MAC Service Access Point).
This is made up of a device identifier which is unique on the entire network
and a unique port identifier for this device.
Content of the connection and management-information:
 Chassis identifier (its MAC address)
 Port identifier (its port-MAC address)
 Description of port
 System name
 System description
 Supported system capabilities
 System capabilities currently active
 Interface ID of the management address
 VLAN-ID of the port
 Auto-negotiation status at the port
 Medium, half/full duplex setting and port speed setting
UM BasicConfig L2P
Release 9.0 02/2015 231
 Indication whether a redundancy protocol is enabled at the port, and

which one (e.g. RSTP, HIPER-Ring, FastHIPER Ring, MRP, ring
coupling).
 Information about the VLANs installed in the device (VLAN-ID and VLAN
name, irrespective of whether the port is a VLAN participant).
A network management station can query this information from devices that
have LLDP active. This information allows the network management station
to form a description of the network topology.
For information exchanges, the LLDP uses an IEEE MAC address, which
devices do not normally communicate. Devices without LLDP therefore do
not allow support for LLDP packets. If a device without LLDP capability is
located between two devices with LLDP capability, then LLDP information
exchanges are prevented between these two devices. To work around this,
Hirschmann devices send and receive additional LLDP packets with the
Hirschmann Multicast-MAC address 01:80:63:2F:FF:0B. Hirschmann-
Devices with the LLDP function are therefore able to exchange LLDP
information with each other even across devices that do not have LLDP
capability.
The Management Information Base (MIB) for a Hirschmann device with
LLDP capability holds the LLDP information in the lldp MIB and in the private
hmLLDP.
9.7.2 Displaying the Topology Discovery Results
 Select the Diagnostics:Topology Discovery dialog.

The table on the “LLDP” tab page shows you the collected LLDP
information for neighboring devices. This information enables the
network management station to map the structure of your network.
Activating “Display FDB entries” below the table allows you to add
entries for devices without active LLDP support to the table. In this case,
the device also includes information from its FDB (forwarding
database).
UM BasicConfig L2P
232 Release 9.0 02/2015
If several devices are connected to one port, for example via a hub, the
table will contain one line for each connected device.
If
 devices with active topology discovery function and
 devices without active topology discovery function are connected to
a port
then
 the topology table hides the devices without active topology
discovery.
If
 only devices without active topology discovery are connected to a
port
then
 the table will contain one line for this port to represent all devices.
This line contains the number of connected devices.
MAC addresses of devices that the topology table hides for the sake
of clarity, are located in the address table (FDB), (see on page 154
“Entering Static Addresses”).
UM BasicConfig L2P
Release 9.0 02/2015 233
Operation Diagnosis 9.8 Detecting IP Address Conflicts
9.8 Detecting IP Address

Conflicts
9.8.1 Description of IP Address Conflicts

By definition, each IP address may only be assigned once within a
subnetwork. Should two or more devices erroneously share the same IP
address within one subnetwork, this will inevitably lead to communication
disruptions with devices that have this IP address. In his Internet draft, Stuart
Cheshire describes a mechanism that industrial Ethernet devices can use to
detect and eliminate address conflicts (Address Conflict Detection, ACD).
Mode Meaning
enable Enables active and passive detection.
disable Disables the function
activeDetectionOnly Enables active detection only. After connecting to a network or after an
IP address has been configured, the device immediately checks whether
its IP address already exists within the network.
If the IP address already exists, the device will return to the previous
configuration, if possible, and make another attempt after 15 seconds.
The device therefore avoids to participate in the network traffic with a
duplicate IP address.
passiveOnly Enables passive detection only. The device listens passively on the
network to determine whether its IP address already exists. If it detects a
duplicate IP address, it will initially defend its address by employing the
ACD mechanism and sending out gratuitous ARPs. If the remote device
does not disconnect from the network, the management interface of the
local device will then disconnect from the network. Every 15 seconds, it
will poll the network to determine if there is still an address conflict. If there
isn't, it will connect back to the network.
Table 28: Possible address conflict operation modes
UM BasicConfig L2P
234 Release 9.0 02/2015
Operation Diagnosis 9.8 Detecting IP Address Conflicts
9.8.2 Configuring ACD
 Select the Diagnostics:IP Address Conflict Detection dialog.

 With "Status" you enable/disable the IP address conflict detection or
select the operating mode (see table 28).
9.8.3 Displaying ACD
 Select the
Diagnostics:IP Address Conflict Detection dialog.
 In the table, the device logs IP address conflicts with its IP address.
The device logs the following data for each conflict:
 the time („Timestamp“ column)
 the conflicting IP address („IP Address“ column)
 the MAC address of the device with which the IP address conflicted („MAC
Address“ column).
For each IP address, the device logs a line with the last conflict that
occurred.
 During a restart, the device deletes the table.
Figure 58: IP Address Conflict Detection dialog
UM BasicConfig L2P
Release 9.0 02/2015 235
Operation Diagnosis 9.9 Detecting Loops
9.9 Detecting Loops
Loops in the network, even temporary loops, can cause connection

interruptions or data losses that may cause unintended equipment operation.
The automatic detection and reporting of this situation allows you to detect it
faster and diagnose it more easily.
An incorrect configuration can cause a loop, for example, if you deactivate
Spanning Tree.
The device allows you to detect the effects typically caused by loops and
report this situation automatically to the network management station. You
have the option here to specify the magnitude of the loop effects that triggers
the device to send a report.
A typical effect of a loop is that frames from multiple different MAC source
addresses can be received at different ports of the device within a short time.
The device evaluates how many of the same MAC source addresses it has
learned at different ports within a time period. This process detects loops
when the same MAC address is received at different ports.
Conversely, the same MAC address being received at different ports can
also have other causes than a loop.
 Select the Switching:Switching Global dialog.

 Select “Enable address relearn detection”. Enter the desired
threshold value in the “Address relearn threshold” field.
If the address relearn detection is enabled, the device checks whether
it has repeatedly learned the same MAC source addresses at different
ports. This process very probably indicates a loop situation.
If the device detects that the threshold value set for the MAC addresses
has been exceeded at its ports during the evaluation period (a few
seconds), the device creates an entry in the log file and sends an alarm
(trap). The preset threshold value is 1.
UM BasicConfig L2P
236 Release 9.0 02/2015
Operation Diagnosis 9.10 Reports
9.10 Reports
The following reports and buttons are available for the diagnostics:
 Log file.
The log file is an HTML file in which the device writes all the important
device-internal events.
 System information.
The system information is an HTML file containing the system-relevant
data.
 Download Support Information.
This button allows you to download system information as files in a ZIP
archive.
In service situations, these reports provide the technician with the necessary
information.
The following button is available as an alternative for operating the Web-

based interface:
 Download JAR file.

This button allows you to download the applet of the Web-based interface
as a JAR file. Then you have the option to start the applet outside of a
browser.
This facilitates the device administration even when you have disabled its
web server for security reasons.
 To display the HTML file with system-relevant data, select the dialog
Diagnosis:Report:System Information.
 To view the log file with important device-internal events, select the
dialog Diagnosis:Report:Event Log.
UM BasicConfig L2P
Release 9.0 02/2015 237
Operation Diagnosis 9.10 Reports
 Select the Diagnosis:Report dialog.

 Click “Download Switch Dump”.
 Select the directory in which you want to save the switch dump.
 Click “Save”.
The device creates the file name of the switch dumps automatically in
the format <IP address>_<system name>.zip, e.g. for a device of the
type PowerMICE: “10.0.1.112_PowerMICE-517A80.zip”.
 Click “Download JAR-File”.

 Select the directory in which you want to save the applet.
 Click “Save”.
The device creates the file name of the applet automatically in the format
<device type><software variant><software version)>_<software
revision of applet>.jar, e.g. for a device of type PowerMICE with software
variant L3P: “pmL3P06000_00.jar”.
UM BasicConfig L2P
238 Release 9.0 02/2015
Operation Diagnosis 9.11 Monitoring Data Traffic on the
Ports (Port Mirroring)
9.11 Monitoring Data Traffic on

the Ports (Port Mirroring)
The MACH4002 24/48 + 4G and the Power MICE support up to 8 ports.
The port mirroring function enables you to review the data traffic from a group
of ports on the device for diagnostic purposes (N:1). The device forwards
(mirrors) the data for these ports to another port. This process is port
mirroring.
The ports from which the device copies the traffic are source ports. The port
on which you review the data is the destination port. You use physical ports
as source or destination ports.
In port mirroring, the device copies valid data packets of the source port to
the destination port. The device does not affect the data traffic on the source
ports during port mirroring.
A management tool connected at the destination port, e.g. an RMON probe,
can thus monitor the data traffic of the source ports in the sending and
receiving directions.
When selecting "RX" as the monitoring direction on a source port, only
frames received on the source port will be copied/mirrored to the destination
port ( monitoring ingress).
When selecting "TX" as the monitoring direction on a source port, only
frames transmitted on the source port will be copied/mirrored to the
destination port (monitoring egress).
With port mirroring active, the device copies the traffic received and/or
forwarded on a source port to the destination port.
The PowerMICE and MACH4000 devices use the destination port for the port
mirroring task exclusively. The source port forwards and receives traffic as
normal.
UM BasicConfig L2P
Release 9.0 02/2015 239
Switch PLC
Backbone
RMON-Probe
Figure 59: Port mirroring
 Select the Diagnostics:Port Mirroring dialog.
This dialog allows you to configure and activate the port mirroring
function of the device.
UM BasicConfig L2P
240 Release 9.0 02/2015
 Select the source ports whose data traffic you want to review from the
physical ports list by checkmarking the relevant boxes.
The device displays the "Source Port" currently used as the
"Destination Port" as grayed out in the table. Default setting: no
source ports.
 Select the destination port to which you have connected your
management tool from the drop-down menu in the "Destination Port"
frame.
Selecting a destination port is mandatory for a valid port mirroring
configuration. The drop-down menu displays available ports
exclusively, for example, the list excludes the ports currently in use
as source ports. Default setting: port - (no destination port).
 To select the monitoring traffic direction, checkmark the relevant
"RX" and "TX" boxes for ingress and egress monitoring directions.
 To switch on the function, select On in the "Operation" frame. Default
setting: Off.
The “Reset configuration” button in the dialog allows you to reset all the
port mirroring settings of the device to the state on delivery.
UM BasicConfig L2P
Release 9.0 02/2015 241
Figure 60: Port Mirroring dialog
UM BasicConfig L2P
242 Release 9.0 02/2015
Operation Diagnosis 9.12 Syslog
9.12 Syslog
The device enables you to send messages about important device-internal

events to one or more syslog servers (up to 8). Additionally, you can also
include SNMP requests to the device as events in the syslog.
Note: You will find the actual events that the device has logged in the “Event
Log” (see on page 246 “Trap log”) and in the log file (see on page 237
“Reports”), a HTML page with the title “Event Log”.
 Select the Diagnostics:Syslog dialog.
 Activate the syslog function in the “Operation” frame.

 Click on “Create”
 In the “IP Address” column, enter the IP address of the syslog server
to which the log entries should be sent.
 In the “Port” column, enter the UDP port of the syslog server at which
the syslog receives log entries. The default setting is 514.
 In the “Minimum level to report” column, you enter the minimum level
of seriousness an event must attain for the device to send a log entry
to this syslog server.
 In the “Active” column, you select the syslog servers that the device
takes into account when it is sending logs.
UM BasicConfig L2P
Release 9.0 02/2015 243
“SNMP Logging” frame:

 Activate “Log SNMP Get Request” if you want to send reading
SNMP requests to the device as events to the syslog server.
 Select the level to report at which the device creates the events from
reading SNMP requests.
 Activate “Log SNMP Set Request” if you want to send writing SNMP
requests to the device as events to the syslog server.
 Activate “Log SNMP Set Request” if you want to send writing SNMP
requests to the device as events to the syslog server.
Note: For more details on setting the SNMP logging, see the “Syslog”
chapter in the “GUI” (Graphical User Interface / Web-based Interface)
reference manual.

logging host 10.0.1.159 514 3 Select the recipient of the log messages and its
port 514. The “3” indicates the seriousness of the
message sent by the device. “3” means “error”.
logging syslog Enable the Syslog function.
show logging hosts Display the syslog host settings.
Index IP Address Severity Port Status
----- ----------------- ---------- ---- -------------
1 10.0.1.159 error 514 Active

logging snmp-requests get Create log events from reading SNMP requests.
operation enable
logging snmp-requests get The “5” indicates the seriousness of the message
severity 5 that the device allocates to messages from
reading SNMP requests. “5” means “note”.
logging snmp-requests set Create log events from writing SNMP requests.
operation enable
logging snmp-requests set The “5” indicates the seriousness of the message
severity 5 that the device allocates to messages from
writing SNMP requests. “5” means “note”.
show logging snmp-requests Display the SNMP logging settings.
UM BasicConfig L2P
244 Release 9.0 02/2015
Log SNMP SET requests : enabled

Log SNMP SET severity : notice
Log SNMP GET requests : enabled
Log SNMP GET severity : notice
UM BasicConfig L2P
Release 9.0 02/2015 245
Operation Diagnosis 9.13 Trap log
9.13 Trap log
The device allows you to call up a log of the system events. The table of the
“Trap Log” dialog lists the logged events with a time stamp.
 Click “Reload” to update the content of the trap log.
 Click “Clear” to delete the content of the trap log.
Note: You have the option to also send the logged events to one or more
syslog servers (see on page 243 “Syslog”).
UM BasicConfig L2P
246 Release 9.0 02/2015
Operation Diagnosis 9.14 MAC Notification
9.14 MAC Notification
MAC notification, also known as MAC address change notification, tracks

users on a network by storing the MAC address change activity. When the
switch learns or removes a MAC address, the device sends an SNMP trap to
a configured trap destination. The device generates MAC address change
notifications for dynamic unicast MAC addresses.
The device buffer contains up to 20 addresses. If the buffer is full before the
user -defined interval expires, then the device sends a trap to the
management station.
This function is intended solely for ports on which you connect end devices
and thus the MAC address changes infrequently.
 Open the Diagnositics:MAC Notification dialog.

 Select the activity for which the device sends a trap in the
"Mode"column.
 To select the ports for which the device sends a trap, activate the
checkbox in the "Enabled" column.
 Define the number of seconds between trap transmissions in the
"Interval [s]" textbox.
 To enable the function, click On in the "Operation" frame.

mac notification interval 20 Set MAC notification interval to 20 seconds.
interface 1/1 Change to the Interface Configuration mode of
port 1/1.
mac notification mode Set the mode for which the device sends a MAC
notification.
mac notification operation Enable sending of MAC notification traps for this
port.
exit Change to the Configuration mode.
mac notification operation Enable the MAC notification function globally.
UM BasicConfig L2P
Release 9.0 02/2015 247
Operation Diagnosis 9.14 MAC Notification
UM BasicConfig L2P
248 Release 9.0 02/2015
Setting up the Configuration
Environment
A Setting up the Configuration

Environment
UM BasicConfig L2P
Release 9.0 02/2015 249
Setting up the Configuration A.1 Setting up a DHCP/BOOTP
Environment Server
A.1 Setting up a DHCP/BOOTP

Server
On the product CD supplied with the device you will find the software for a
DHCP server from the software development company IT-Consulting Dr.
Herbert Hanewinkel. You can test the software for 30 calendar days from the
date of the first installation, and then decide whether you want to purchase a
license.
 To install the DHCP servers on your PC
put the product CD in the CD drive of your PC and
under Additional Software select “haneWIN DHCP-Server”.
To carry out the installation, follow the installation assistant.
 Start the DHCP Server program.
Figure 61: Start window of the DHCP server
UM BasicConfig L2P
250 Release 9.0 02/2015
Environment Server
Note: The installation procedure includes a service that is automatically

started in the basic configuration when Windows is activated. This service is
also active if the program itself has not been started. When started, the
service responds to DHCP queries.
 Open the window for the program settings in the menu bar:
Options:Preferences and select the DHCP tab page.
 Enter the settings shown in the illustration and click OK.
Figure 62: DHCP setting
 To enter the configuration profiles, select Options:Configuration

Profiles in the menu bar.
 Enter the name of the new configuration profile and click Add.
UM BasicConfig L2P
Release 9.0 02/2015 251
Environment Server
Figure 63: Adding configuration profiles
 Enter the netmask and click Apply.
Figure 64: Netmask in the configuration profile
 Select the Boot tab page.

 Enter the IP address of your tftp server.
 Enter the path and the file name for the configuration file.
 Click Apply and then OK.
UM BasicConfig L2P
252 Release 9.0 02/2015
Environment Server
Figure 65: Configuration file on the tftp server
 Add a profile for each device type.

If devices of the same type have different configurations, then you add a
profile for each configuration.
To complete the addition of the configuration profiles, click OK.
Figure 66: Managing configuration profiles
 To enter the static addresses, click Static in the main window.
UM BasicConfig L2P
Release 9.0 02/2015 253
Environment Server
Figure 67: Static address input
 Click New.
Figure 68: Adding static addresses
 Enter the MAC address of the device.

 Enter the IP address of the device.
 Select the configuration profile of the device.
 Click Apply and then OK.
UM BasicConfig L2P
254 Release 9.0 02/2015
Environment Server
Figure 69: Entries for static addresses
 Add an entry for each device that will get its parameters from the DHCP
server.
Figure 70: DHCP server with entries
UM BasicConfig L2P
Release 9.0 02/2015 255
Setting up the Configuration A.2 Setting up a DHCP Server with
Environment Option 82
A.2 Setting up a DHCP Server

with Option 82
On the product CD supplied with the device you will find the software for a
DHCP server from the software development company IT-Consulting Dr.
Herbert Hanewinkel. You can test the software for 30 calendar days from the
date of the first installation, and then decide whether you want to purchase a
license.
 To install the DHCP servers on your PC
put the product CD in the CD drive of your PC and
under Additional Software select “haneWIN DHCP-Server”.
To carry out the installation, follow the installation assistant.
 Start the DHCP Server program.
Figure 71: Start window of the DHCP server
Note: The installation procedure includes a service that is automatically

started in the basic configuration when Windows is activated. This service is
also active if the program itself has not been started. When started, the
service responds to DHCP queries.
UM BasicConfig L2P
256 Release 9.0 02/2015
Figure 72: DHCP setting
 To enter the static addresses, click New.
Figure 73: Adding static addresses
 Select Circuit Identifier and Remote Identifier.
UM BasicConfig L2P
Release 9.0 02/2015 257
Figure 74: Default setting for the fixed address assignment
 In the Hardware address field, you enter the Circuit Identifier

and the Remote Identifier (see "DHCP Relay Agent" in the "Web-
based Interface" reference manual).
With Hardware address you identify the device and the port to which
that device is connected, to which you want the assign the IP address
in the line below it.
The hardware address is in the following form:
ciclhhvvvvssmmpprirlxxxxxxxxxxxx
 ci: sub-identifier for the type of the circuit ID

 cl: length of the circuit ID
 hh: Hirschmann ID: 01 if a Hirschmann device is connected to the port,
otherwise 00.
 vvvv: VLAN ID of the DHCP request (default: 0001 = VLAN 1)
 ss: socket of device at which the module with that port is located to
which the device is connected. Enter the value 00.
 mm: module with the port to which the device is connected.
 pp: port to which the device is connected.
 ri: sub-identifier for the type of the remote ID
 rl: length of the remote ID
 xxxxxxxxxxxx: remote ID of the device (e.g. MAC address) to which a
device is connected.
UM BasicConfig L2P
258 Release 9.0 02/2015
Figure 75: Entering the addresses
PLC Switch (Option 82)
MAC =
IP = 00:80:63:10:9a:d7
149.218.112.100
DHCP Server
IP =
149.218.112.1
IP =
149.218.112.100
Figure 76: Application example of using Option 82
UM BasicConfig L2P
Release 9.0 02/2015 259
Setting up the Configuration A.3 TFTP Server for Software
Environment Updates
A.3 TFTP Server for Software

Updates
On delivery, the device software is held in the local flash memory. The device
boots the software from the flash memory.
Software updates can be performed via a TFTP server. This presupposes
that a TFTP server has been installed in the connected network and that it is
active.
Note: An alternative to the TFTP update is the HTTP update. The HTTP
update saves you having to configure the TFTP server.
The device requires the following information to be able to perform a software

update from the TFTP server:
 its own IP address (entered permanently),
 the IP address of the TFTP server or of the gateway to the TFTP server,
 the path in which the operating system of the TFTP server is kept
The file transfer between the device and the TFTP server is performed via
the Trivial File Transfer Protocol (tftp).
The management station and the TFTP server may be made up of one or
more computers.
The preparation of the TFTP server for the device software involves the
following steps:
 Setting up the device directory and copying the device software
 Setting up the TFTP process
UM BasicConfig L2P
260 Release 9.0 02/2015
Environment Updates
A.3.1 Setting up the TFTP Process

General prerequisites:
 The local IP address of the device and the IP address of the TFTP server
or the gateway are known to the device.
 The TCP/IP stack with tftp is installed on TFTP server.
The following sections contain information on setting up the TFTP process,
arranged according to operating system and application.
 SunOS and HP
 First check whether the tftp daemon (background process) is running,
i.e. whether the file /etc/inetd.conf contains the following line (see
figure 77) and whether the status of this process is "IW":
SunOS
tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -

s /tftpboot
HP
tftp dgram udp wait root /usr/etc/in.tftpd tftpd
If the process is not entered or only entered as a comment line (#), modify
/etc/inetd.conf accordingly and then re-initialize the INET daemon. This is
performed with the command "kill -1 PID", where PID is the process
number of inetd.
This re-initialization can be executed automatically by entering the
following UNIX commands:
SunOS
ps -ax | grep inetd | head -1 | awk -e {print $1} |

kill -1
HP
/etc/inetd -c
UM BasicConfig L2P
Release 9.0 02/2015 261
Environment Updates
You can obtain additional information about the tftpd daemon tftpd with
the UNIX command "man tftpd".
Note: The command "ps" does not show the tftp daemon every time,
although it is actually running.
Special steps for HP workstations:

 During installation on an HP workstation, enter the user tftp in the
/etc/passwd file.
For example:
tftp:*:510:20:tftp server:/usr/tftpdir:/bin/false
tftpuser ID,
* is in the password field,
510 sample user number,
20 sample group number.,
tftp server any meaningful name ,
/bin/false mandatory entry (login shell)
 Test the tftp process with, for example:cd /tftpboot/device

tftp <tftp-Servername>
get device/device.bin
rm device.bin
UM BasicConfig L2P
262 Release 9.0 02/2015
Environment Updates
Checking the tftp process
Edit the file

/etc/inetd.conf
No Is tftp*
commented
out?
Yes
Delete the comment

character »#« from this line
Re-initialize inetd.conf
by entering
kill-1 PID
No Problems with
the tftp server?
Yes
e.g
cd /tftpboot/device
tftp <tftp-Servername>
Test the tftp process get device/device.bin
Response if the process is running: Received …
rm device.bin
Checking of the
tftp process
completed
* tftp dgram udp wait root/usr/etc/in.tftpd in.tftpd /tftpboot
Figure 77: Flow chart for setting up TFTP server with SunOS and HP
UM BasicConfig L2P
Release 9.0 02/2015 263
Environment Updates
A.3.2 Software Access Rights

The agent needs read permission for the TFTP directory on which the device
software is stored.
 Example of a UNIX tftp Server

Once the device software has been installed, the TFTP server should
have the following directory structure with the stated access rights:
File name Access

device.bin -rw-r--r--
Table 29: Directory structure of the software
l = link; d = directory; r = read; w = write; x = execute

1st position denotes the file type (- = normal file),
2nd to 4th positions designate user access rights,
5th to 7th positions designate access rights for users from other groups,
8th to 10th positions designate access rights of every other user.
UM BasicConfig L2P
264 Release 9.0 02/2015
Setting up the Configuration A.4 Preparing access via SSH
Environment
A.4 Preparing access via SSH
To be able to access the device via SSH, perform the following steps:
 Generate a key (SSH host key).
 Install the key on the device.
 Enable access via SSH on the device.
 Install a program for executing the SSH protocol (SSH client) on your
computer.
A.4.1 Generating a key

The device gives you the option to use your own self-generated keys for the
SSH server. If there is no SSH key on the device, the device generates the
required keys automatically when the SSH server is switched on for the first
time.
The PuTTYgen program allows you to generate the key. This program is
located on the product CD.
 Start the program by double-clicking on it.

 In the “Parameters” frame you select the type of key to be generated.
 To generate a key for SSH version 2, you select "SSH-2 (RSA)" or
"SSH-2 (DSA)".
 To generate a key for SSH version 1, you select "SSH-1 (RSA)".
 Make sure that the field "Number of bits in a generated key" in the
"Parameters" frame is showing the value 1024.
 In the "Actions" box, click on "Generate". Move the mouse pointer over the
PuTTYgen-window, so that PuTTYgen can create the key using random
numbers.
 Leave the "Key passphrase" and "Confirm passphrase" input boxes
empty.
UM BasicConfig L2P
Release 9.0 02/2015 265
Environment
 Save the key:

 To save a key for SSH version 2, click the Conversions:Export
OpenSSH key menu.
 To save a key for SSH version 1, click the "Save private key" button in
the "Actions" frame.
 Answer the question about saving the key without a passphrase with
"Yes".
 Select the Save location and enter a file name for the key file.
 Note down the key fingerprint, so that you can check it when establishing
a connection.
 You should also store the key in a location separate from the device so
that, if the device is being replaced, the key can be transferred to the new
device.
Figure 78: PuTTY key generator
For experienced network administrators, another way of creating the key is

with the OpenSSH Suite. To generate the key, enter the following command:
ssh-keygen(.exe) -q -t rsa1 -f rsa1.key -C '' -N ''
UM BasicConfig L2P
266 Release 9.0 02/2015
Environment
A.4.2 Loading a key onto the device

You load the SSH key onto the device with the Command Line Interface via
TFTP.
SSH version 1 works with an RSA key. However, SSH version 2 works with
an RSA key and a DSA key. For SSH version 2, you always load both keys
to the device.
 Store the keys on your tftp server.
 Load the keys from the tftp server onto the device.
no ip ssh Deactivates the SSH server.
copy tftp://ip/filepath/key Loads the key to the non-volatile memory of the
nvram:sshkey-rsa2 device.
 nvram:sshkey-rsa2 is the storage
copy tftp://ip/filepath/key location of the RSA key for SSH version 2.
nvram:sshkey-dsa  nvram:sshkey-dsa is the storage location
of the DSA key for SSH version 2.
copy tftp://ip/filepath/key  nvram:sshkey-rsa1 is the storage
nvram:sshkey-rsa1 location of the RSA key for SSH version 1.
ip ssh Activates the SSH server.
A.4.3 Access through an SSH

One way of accessing your device through an SSH is by using the PuTTY
program. This program is provided on the product-CD.
 Start the program by double-clicking on it.

 Enter the IP address of your device.
 Select "SSH".
 Click on "Open" to set up the connection to your device.
Depending on the device and the time at which SSH was configured, it
can take up to a minute to set up the connection.
UM BasicConfig L2P
Release 9.0 02/2015 267
Environment
Just before the connection is established, the PuTTY program displays a

security alarm message and gives you the option of checking the key
fingerprint.
Figure 79: Security alert prompt for the fingerprint
 Check the fingerprint of the key to ensure that you have actually
connected to the desired device. You will find the fingerprint of your key
in the "Key fingerprint" field of the PuTTY key generator.
 If the fingerprint matches your key, click on "Yes".
PuTTY also displays another security alarm message at the defined warning
threshold.
UM BasicConfig L2P
268 Release 9.0 02/2015
Environment
Figure 80: Security query at the defined warning threshold
 Click on "Yes" in the security alarm message.
To suppress this message when establishing subsequent connections,

select "SSH" in the "Category" box in the PuTTY program before opening the
connection. In the "Encryption options" box, select "DES" and click on "Up"
until "DES" comes above the line "-- warn below here --". In the "Category"
box, switch back to "Session" and establish the connection as usual.
For experienced network administrators, another way of accessing your

device through an SSH is by using the OpenSSH Suite. To open the
connection, enter the following command:
ssh [email protected] -cdes
 admin for the user name.
 10.0.112.53 is the IP address of your device.

 -cdes sets the encryption type for SSHv1.
UM BasicConfig L2P
Release 9.0 02/2015 269
Setting up the Configuration A.5 HTTPS Certificate
Environment
A.5 HTTPS Certificate
The encryption of HTTPS connections requires an X.509 certificate. The

device allows you to use your own X.509 certificate. If there is no X.509
certificate on the device, the device generates this automatically when the
HTTPS server is switched on for the first time.
You load your own X.509 certificate onto the device with the Command Line
Interface via TFTP.
 Store the certificate on your tftp server.
 Load the certificate from the tftp server onto the device.
no ip https Deactivates the HTTPS function before
transferring the certificate to the device.
copy tftp://ip/filepath/cert Loads the certificate to the non-volatile memory
nvram:httpscert of the device.
nvram:httpscert is the storage location of
the X.509 certificate.
ip https Activates the HTTPS function after transferring
the certificate to the device.
UM BasicConfig L2P
270 Release 9.0 02/2015
Setting up the Configuration A.6 Service Shell
Environment
A.6 Service Shell
When you need assistance with your device, then the service personnel use
the Service Shell function to monitor internal conditions, for example switch
or CPU registers.
The CLI Reference Manual contains a description of deactivating the Service
Shell.
Note: When you deactivate the Service Shell, then you are still able to
configure the device, but you limit the service personnel to system
diagnostics. In order to reactivate the Service Shell function, the device
requires disassembly by the manufacturer.
UM BasicConfig L2P
Release 9.0 02/2015 271
Setting up the Configuration A.6 Service Shell
Environment
UM BasicConfig L2P
272 Release 9.0 02/2015
General Information
B General Information
UM BasicConfig L2P
Release 9.0 02/2015 273
General Information B.1 Management Information Base
(MIB)
B.1 Management Information

Base (MIB)
The Management Information Base (MIB) is designed in the form of an

abstract tree structure.
The branching points are the object classes. The "leaves" of the MIB are
called generic object classes.
If this is required for unique identification, the generic object classes are
instantiated, i.e. the abstract structure is mapped onto reality, by specifying
the port or the source address.
Values (integers, time ticks, counters or octet strings) are assigned to these
instances; these values can be read and, in some cases, modified. The
object description or object ID (OID) identifies the object class. The
subidentifier (SID) is used to instantiate them.
Example:
The generic object class
hmPSState (OID = 1.3.6.1.4.1.248.14.1.2.1.3)
is the description of the abstract information "power supply status". However,
it is not possible to read any information from this, as the system does not
know which power supply is meant.
Specifying the subidentifier (2) maps this abstract information onto reality
(instantiates it), thus indicating the operating status of power supply 2. A
value is assigned to this instance and can then be read. The instance "get
1.3.6.1.4.1.248.14.1.2.1.3.2" returns the response "1", which
means that the power supply is ready for operation.
The following abbreviations are used in the MIB:

Comm Group access rights
con Configuration
Descr Description
Fan Fan
ID Identifier
Lwr Lower (e.g. threshold value)
PS Power supply
Pwr Power supply
sys System
UM BasicConfig L2P
274 Release 9.0 02/2015
(MIB)
The following abbreviations are used in the MIB:

UI User interface
Upr Upper (e.g. threshold value)
ven Vendor = manufacturer (Hirschmann)
Definition of the syntax terms used:

Integer An integer in the range -231 - 231-1
IP Address xxx.xxx.xxx.xxx
(xxx = integer in the range 0-255)
MAC Address 12-digit hexadecimal number in accordance with ISO/IEC 8802-3
Object identifier x.x.x.x… (e.g. 1.3.6.1.1.4.1.248...)
Octet string ASCII character string
PSID Power supply identifier
(number of the power supply unit)
TimeTicks Stopwatch,
Elapsed time (in seconds) = numerical value / 100
Numerical value = integer in range 0-232-1
Timeout Time value in hundredths of a second
Time value = integer in range 0-232-1
Type field 4-digit hexadecimal number in accordance with ISO/IEC 8802-3
Counter Integer (0-232-1), whose value is increased by 1 when certain events occur.
UM BasicConfig L2P
Release 9.0 02/2015 275
(MIB)
1 iso
3 org
6 dod
1 internet
2 mgmt 4 private 6 snmp V2
1 mib-2 1 enterprises 3 modules
1 system 248 hirschmann 10 Framework
2 interfaces 14 hmConfiguration 11 mpd
3 at 15 hmPlatform4 12 Target
4 ip 13 Notification
5 icmp 15 usm
6 tcp 16 vacm
7 udp
11 snmp
16 rmon
17 dot1dBridge
26 snmpDot3MauMGT
Figure 81: Tree structure of the Hirschmann MIB
A complete description of the MIB can be found on the product CD provided

with the device.
UM BasicConfig L2P
276 Release 9.0 02/2015
General Information B.2 Abbreviations used
B.2 Abbreviations used
ACA AutoConfiguration Adapter

BOOTP Bootstrap Protocol
CLI Command Line Interface
DHCP Dynamic Host Configuration Protocol
FDB Forwarding Database
GARP General Attribute Registration Protocol
GMRP GARP Multicast Registration Protocol
HTTP Hypertext Transfer Protocol
ICMP Internet Control Message Protocol
IGMP Internet Group Management Protocol
IP Internet Protocol
LED Light Emitting Diode
LLDP Link Layer Discovery Protocol
F/O Optical Fiber
MAC Media Access Control
MSTP Multiple Spanning Tree Protocol
NTP Network Time Protocol
PC Personal Computer
PTP Precision Time Protocol
QoS Quality of Service
RFC Request For Comment
RM Redundancy Manager
RS Rail Switch
RSTP Rapid Spanning Tree Protocol
SFP Small Form-factor Pluggable
SNMP Simple Network Management Protocol
SNTP Simple Network Time Protocol
TCP Transmission Control Protocol
TFTP Trivial File Transfer Protocol
TP Twisted Pair
UDP User Datagram Protocol
URL Uniform Resource Locator
UTC Coordinated Universal Time
VLAN Virtual Local Area Network
UM BasicConfig L2P
Release 9.0 02/2015 277
General Information B.3 Technical Data
B.3 Technical Data
You will find the technical data in the document “GUI Reference Manual”.
UM BasicConfig L2P
278 Release 9.0 02/2015
General Information B.4 Readers’ Comments
B.4 Readers’ Comments
What is your opinion of this manual? We are constantly striving to provide as

comprehensive a description of our product as possible, as well as important
information to assist you in the operation of this product. Your comments and
suggestions help us to further improve the quality of our documentation.
Your assessment of this manual:
Very Good Satisfactory Mediocre Poor

Good
Precise description O O O O O
Readability O O O O O
Understandability O O O O O
Examples O O O O O
Structure O O O O O
Comprehensive O O O O O
Graphics O O O O O
Drawings O O O O O
Tables O O O O O
Did you discover any errors in this manual?

If so, on what page?
UM BasicConfig L2P
Release 9.0 02/2015 279
General Information B.4 Readers’ Comments
Suggestions for improvement and additional information:
General comments:
Sender:
Company / Department:
Name / Telephone number:
Street:
Zip code / City:
E-mail:
Date / Signature:
Dear User,
Please fill out and return this page
 as a fax to the number +49 (0)7127/14-1600 or
 per mail to
Hirschmann Automation and Control GmbH
Department 01RD-NT
Stuttgarter Str. 45-51
72654 Neckartenzlingen
UM BasicConfig L2P
280 Release 9.0 02/2015
Index
C Index
A D
ACA 62, 79, 81, 208 Data transfer parameters 18
ACA31 41 Destination address 152, 154, 155, 165
ACD 234 Device Status 209
Access 208 DHCP 27, 48, 55
Access rights 73, 103 DHCP Client 48
Access security 93 DHCP Option 82 55
Address Conflict Detection 234 DHCP server 128, 250, 256
Address table 153 Differentiated management access 114
AF 178 Differentiated Services 178
Aging Time 153, 159, 159 DiffServ 173
Alarm 207 DiffServ codepoint 178
Alarm messages 204 DSCP 178, 180, 183, 184
APNIC 29 Dynamic 154
ARIN 29
ARP 34 E
ASF Finder 62 E2E 138
Assured Forwarding 178 EF 178
Authentication 208 End-to-End 138
AutoConfiguration Adapter 41, 208 Event Log 246
Automatic Configuration 93 Expedited Forwarding 178
B F
Bandwidth 157, 186 FAQ 285
BOOTP 27 Fan 215
Booting 19 Faulty device replacement 59
Boundary clock 138 FDB 154
Broadcast 152, 154, 157 Filter 154
Broadcast Limiter 171 Filter table 154, 165
First installation 27
C Flash memory 66, 81
CD-ROM 250, 256 Flow control 186
CIDR 34 Forwarding database 154
CLI Banner 125
Classless Inter-Domain Routing 34 G
Class Selector 178 Gateway 30, 38
Clock 135 Generic object classes 274
Clock synchronization 137 GMRP 157, 165
Closed circuit 212 GMRP per port 168
Cold start 82 Grandmaster 135
Command Line Interface 21
Configuration 66 H
Configuration changes 204 HaneWin 250, 256
Configuration data 43, 55, 64, 71 Hardware address 44
Configuration file 48, 67, 68 Hardware clock (buffered) 128
Connection error 94 Hardware reset 204
HIPER-Ring (source for alarms) 208
UM BasicConfig L2P
Release 9.0 02/2015 281
Index
HiDiscovery 39, 117 O

HiView 24 Object classes 274
Host address 30 Object description 274
Object ID 274
I Offline configuration 68
IANA 29 Operation monitoring 212
IEEE 1588 time 129 Option 82 28, 55, 256
IEEE 802.1 Q 174 Ordinary clock 138
IEEE MAC Address 232 Out-of-band 21
IGMP 159 Overload protection 186
IGMP Querier 160
IGMP Snooping 157, 159 P
Industrial HiVision 12, 49 P2P 138
Industry Protocols 11 Password 22, 73, 104, 105
Instantiation 274 Peer-to-Peer 138
Internet Assigned Numbers Authority 29 PHB 178
Internet service provider 29 Phy 137
In-band 21 Polling 204
IP Address 29, 37, 44, 48, 234 Port authentication 121
IP header 173, 177, 178 Port Configuration 93
IP Parameter 27 Port Mirroring 239
ISO/OSI layer model 34 Port Priority 180, 182
Power over ETHERNET 94
J PROFINET IO 11
Java Runtime Environment 69 Precedence 178
JRE 69 Precision Time Protocol 135
Priority 174, 180
L Priority Queues 173
LACNIC 29 Priority tagged frames 174
Leave 159 Protocol stack 137
Link monitoring 209, 212 PTP 127, 129, 135
Loading a script file from the ACA 67 PTP Subdomains 139
Local clock 136
Login banner 124 Q
Login window 25 QoS 174
Query 159
M Query function 160
MAC 137 Queue 181
MAC destination address 34
Media module for modular devices (source for R
alarms) 208 Rate Limiter Settings 170, 171
Message 204 Real time 127, 173
Mode 93 Reboot 82
Multicast 132, 154, 157, 159 Receiver power status (source for alarms)
Multicast address 165 208
Receiving port 155
N Redundancy 11
Netmask 30, 38 Reference clock 128, 131, 135, 142
Network address 29 Relay contact 212
Network Management 49 Release 77
Network management station 232 Remote diagnostics 212
Network topology 55 Report 159, 237
Request interval (SNTP) 132
Reset 82
UM BasicConfig L2P
282 Release 9.0 02/2015
Index
Restart 82 Topology 55
RIPE NCC 29 ToS 173, 177, 178
Ring manager 154 TP cable diagnosis 223
Ring/Network coupling (source for alarms) Traffic Classes 173, 181, 183
208 Training Courses 285
RMON probe 239 Transmission reliability 204
Router 30 Transparent Clock 138
Trap 204, 207
S Trap target table 204
Segmentation 204 Trivial File Transfer Protocol 260
Service 237 Trust dot1p 180
Service provider 29 Trust ip-dscp 180
Service shell reactivation 271 Type Field 174
SFP Module (source for alarms) 208 Type of Service 177
SFP module 230
SFP status display 230 U
Signal contact 94, 212 Unicast 157
Signal contact (source for alarm) 208 Untrusted 180
Signal runtime 131 Update 18
SNMP 24, 103, 204 USB stick 79
SNTP 127, 132 User name 22
SNTP client 132 UTC 129
SNTP server 148
Software 264 V
Software release 77 Video 181
Source address 152 VLAN 174, 180, 189
SSH 21 VLAN 0 57
Starting the graphical user interface 24 VLAN ID (network parameter) 56
State on delivery 66, 66, 103 VLAN priority 182
Static 154 VLAN tag 174, 189
Strict Priority 181 VoIP 181
Subdomains 139 V.24 21
Subidentifier 274
Subnet 38, 153 W
Summer time 128 Web-based Interface 24
Supply voltage 208 Winter time 128
Symbol 13
System Monitor 18 X
System Name 48 XML (Offline Configurator Format) 69
System requirements (GUI) 24
System time 131, 132
T
TAI 129
Target table 204
TCP/IP stack 261
Technical Questions 285
Telnet 21
TFTP 260
TFTP Update 85
Time difference 129
Time Management 135
Time Stamp Unit 137, 141
Time zone 128
UM BasicConfig L2P
Release 9.0 02/2015 283
Index
UM BasicConfig L2P
284 Release 9.0 02/2015
Further Support
D Further Support
 Technical Questions
For technical questions, please contact any Hirschmann dealer in your
area or Hirschmann directly.
You will find the addresses of our partners on the Internet at
http://www.hirschmann.com
Contact our support at
https://hirschmann-support.belden.eu.com
You can contact us

in the EMEA region at
 Tel.: +49 (0)1805 14-1538
 E-mail: [email protected]
in the America region at
 Tel.: +1 (717) 217-2270
in the Asia-Pacific region at
 Tel.: +65 6854 9860
 Hirschmann Competence Center

The Hirschmann Competence Center is ahead of its competitors:
 Consulting incorporates comprehensive technical advice, from system
evaluation through network planning to project planning.
 Training offers you an introduction to the basics, product briefing and
user training with certification.
The current technology and product training courses can be found at
http://www.hicomcenter.com
 Support ranges from the first installation through the standby service
to maintenance concepts.
UM BasicConfig L2P
Release 9.0 02/2015 285
Further Support
With the Hirschmann Competence Center, you have decided against

making any compromises. Our client-customized package leaves you
free to choose the service components you want to use.
Internet:
http://www.hicomcenter.com
UM BasicConfig L2P
286 Release 9.0 02/2015
Further Support
UM BasicConfig L2P
Release 9.0 02/2015 287

UM BasicConfig L2P Rel90 en

Uploaded by

Copyright:

Available Formats

UM BasicConfig L2P Rel90 en

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

UM BasicConfig L2P Rel90 en

Uploaded by

Copyright:

Available Formats

User Manual

UM BasicConfig L2P Technical Support

© 2015 Hirschmann Automation and Control GmbH

Hirschmann Automation and Control GmbH

Rel. 9.0 - 02/2015 – 22.01.2015

About this Manual 11

1 Access to the user interfaces 17

2 Entering the IP Parameters 27

4 Loading Software Updates 77

5 Configuring the Ports 93

6 Assistance in the Protection from Unauthorized

6.3.3 Description of SSH Access 109

7 Synchronizing the System Time in the Network 127

8 Network Load Control 151

8.2 Multicast Application 157

9 Operation Diagnosis 203

9.4 Port Status Indication 218

A Setting up the Configuration Environment 249

B General Information 273

D Further Support 285

Failure to follow these instructions can result in death, serious injury,

About this Manual

The following thematic sequence has proven itself in practice:

The “Installation” user manual contains a device description, safety

The “Redundancy Configuration” user manual document contains the

The “GUI” reference manual contains detailed information on using the

The “Command Line Interface” reference manual contains detailed

The Industrial HiVision network management software provides you with

The designations used in this manual have the following meanings:

WLAN access point

Router with firewall

Switch with firewall

1 Access to the user interfaces

1.1 System Monitor

The system monitor enables you to

 Starting the System Monitor

Speed 9600 Baud

Table 1: Data transfer parameters

When you boot the device, the message

Press <1> to enter System Monitor 1 ...

Figure 1: Screen display during the boot process

(Selected OS: L3P-06.0.00 (2010-09-09 09:09))

1 Select Boot Operating System

Figure 2: System monitor 1 screen display

 Select a menu item by entering the number.

1.2 Command Line Interface

You can access the Command Line Interface via:

 Opening the Command Line Interface

Copyright (c) 2004-2010 Hirschmann Automation and Control GmbH

All rights reserved

PowerMICE Release L3P-06.0.00

(Build date 2010-09-09 12:13)

System Name: PowerMICE

Figure 3: Logging in to the Command Line Interface program

The start screen appears.

(Hirschmann Product) >

Figure 4: CLI screen after login

1.3 Graphical User Interface

 Starting the graphical user interface