Manual Fast-Gigabit Advanced Line M Switch Series 1e 10 2021
Manual Fast-Gigabit Advanced Line M Switch Series 1e 10 2021
Manual Fast-Gigabit Advanced Line M Switch Series 1e 10 2021
Manual
for
Fast/Gigabit Advanced Line Switches
IE-SW-AL08M-8TX (2682280000)
IE-SW-AL08M-6TX-2GT (2682290000)
IE-SW-AL10M-8TX-2GC (2740420000)
IE-SW-AL16M-16TX (2682310000)
IE-SW-AL24M-24TX (2682320000)
IE-SW-AL18M-16TX-2GC (2682330000)
The software described in this manual is furnished under a license agreement and may be used only in
accordance with the terms of that agreement.
Copyright Notice
Disclaimer
Information in this document is subject to change without notice and does not represent a
commitment on the part of Weidmüller.
Weidmüller provides this document as is, without warranty of any kind, either expressed or implied,
including, but not limited to, its particular purpose. Weidmüller reserves the right to make
improvements and/or changes to this manual, or to the products and/or the programs described in
this manual, at any time.
Information provided in this manual is intended to be accurate and reliable. However, Weidmüller
assumes no responsibility for its use, or for any infringements on the rights of third parties that may
result from its use.
This product might include unintentional technical or typographical errors. Changes are periodically
made to the information herein to correct such errors, and these changes are incorporated into new
editions of the publication.
Contact Information
Table of Contents
1. About this Manual ............................................................................................. 5
1
User Manual Managed Switches
2
User Manual Managed Switches
3
User Manual Managed Switches
4
User Manual Managed Switches
2. Getting Started
The Fast/Gigabit Advanced Line Switches are specially designed to operate in harsh industrial
environments thanks to rugged design. The product comes with an IP30 rugged case, redundant
power supply, alarm relay and wide operating temperature range from -40 to 75ºC.
5
User Manual Managed Switches
6
User Manual Managed Switches
3. Web Management
In this chapter, we explain how to access the Weidmüller Switch’s through the Web console as well
as all the configuration, monitoring, and administration functions available when using this interface.
NOTE: To use the Switch's management and monitoring functions from a PC host
connected to the same LAN as the switch, you must make sure that the PC host and the
Switch are on the same logical subnet.
NOTE: If the Weidmüller switch is configured for other VLAN settings, you must make
sure your PC host is on the management VLAN.
NOTE: Before accessing the Switch’s web browser interface, first connect one of its
RJ45 Ethernet ports to your Ethernet LAN, or directly to your PC's Ethernet card (NIC).
You can establish a connection with either a straight-through or cross-over Ethernet
cable.
After making sure that the Weidmüller switch is connected to the same LAN and logical subnet as
your PC, open the switch’s web console as follows:
Open your web browser and type the Switch’s IP address in the Address or URL field. Press Enter
to establish the connection.
The web login page will open. Enter the default user name “admin” and password “Detmold”, and
then click OK to continue.
7
User Manual Managed Switches
After logging in, the main general information of the switch is shown including, among others, System
Name, Firmware version, MAC address and Serial number. It is also displayed the front side of the
switch (showing the active ports) in the right navigation panel.
In this home page is also available the button Enable location alert. When pressing it, the front
LEDs starts to flash and an acoustic signal is heard (periodic change of the output relay). When
clicking Disable location alert, the LEDs will stop flashing and the output relay will remain in its
original position.
Use the menu tree in the left navigation panel to open the function pages to access each of Ethernet
Switch's functions.
NOTE: The pages of the Web interface include a Help button that describes the
parameters and functions that can be programmed or monitored in each web page.
NOTE: After changing any parameter / function in a web page the button Apply
activates the change but does not save it. The changes have to be saved using the
Save Configuration option of the menu.
8
User Manual Managed Switches
Warning messages will pop out to warn the user that the security certificate was issued by a
company they have not chosen to trust.
Select “Continue to this website” to enter the Weidmüller switch´s web browser interface and
access the web browser interface secured via HTTPS.
System Name
Factory
Setting Description
Default
Max. 64
This option is useful for recording a name of the unit. Name of type
characters
System Description
Setting Description Factory
Default
9
User Manual Managed Switches
System Location
Setting Description Factory
Default
System contact
Setting Description Factory
Default
Max. 64 This option is useful for providing information about who None
characters is responsible for maintaining this unit and how to
contact this person.
NOTE: The Switch's default user name / password are “admin” / ”Detmold”. If
these are changed, then you will be required to type the new user name and password
when logging into the serial console, Telnet console, or Web console.
User Name
Factory
Setting Description
Default
Max. 31
Enter the new user name. admin
characters
10
User Manual Managed Switches
New Password
Setting Description Factory
Default
Confirm Password
Setting Description Factory
Default
3.3.3 IP Setting
The IPv4 settings allow the user to set manually the IP parameters or by means of a DHCP server.
IP Address
Factory
Setting Description
Default
11
User Manual Managed Switches
Subnet Mask
Factory
Setting Description
Default
Subnet mask for Identifies the type of network to which the Switch is
the Weidmüller connected (e.g., 255.255.0.0 for a Class B network, or 255.255.255.0
Switch 255.255.255.0 for a Class C network).
Gateway
Setting Description Factory
Default
IP address for the The IP address of the router that connects the LAN to None
gateway an outside network.
1st DNS Server’s The IP address of the DNS Server used by your
None
IP address network.
Auto Configuration
Factory
Setting Description
Default
12
User Manual Managed Switches
Address
Factory
Setting Description
Default
NOTE: The Weidmüller switch does not have a real time clock. The user must update
the Current Time and Current Date to set the initial time for the Weidmüller switch after
each reboot, especially when the network does not have an Internet connection for an
NTP server or there is no NTP server on the LAN.
13
User Manual Managed Switches
System clock
Factory
Setting Description
Default
SNTP/NTP mode
Setting Description Factory
Default
Client (SNTP) The Weidmüller Switch will synchronize its clock with
one of the Server IP Addresses fields.
UTC Timezone
Setting Description Factory
Default
User selectable Specifies the time zone, which is used to determine GMT
time zone the local time offset from GMT (Greenwich Mean (Greenwich
Time). Mean Time)
Server IP Addresses
Setting Description Factory
Default
Time Server IP (1 IP address of the SNTP servers. If the 1st SNTP None
to 5) Server fails to connect, the Weidmüller Switch will try
to locate the 2nd, 3rd, 4th and 5th Servers indicated.
14
User Manual Managed Switches
User-specified Specifies the beginning and end date of the Daylight None
date. Saving Time.
User-specified Specifies the number of hours that the time should be None
hour. set forward during Daylight Saving Time.
From the switch's web interface, users have the option of either enabling or disabling the LLDP, as
well as setting the LLDP transmit interval (as shown in the figure below). In addition, users are able to
view each switch's neighbor-list, which is reported by its network neighbors. Most importantly,
enabling the LLDP function allows a Network Management Software to automatically display the
network's topology as well as system setup details such as VLAN, and Trunking for the entire
network.
15
User Manual Managed Switches
General Settings
Mode
Tx Interval
Numbers from 1 To set the transmit interval of LLDP messages. Unit is 30 (sec)
to 9999 sec. in seconds.
16
User Manual Managed Switches
Modbus TCP is disabled by default. To enable Modbus TCP, select Enable in Mode and then click
Apply.
17
User Manual Managed Switches
After setting the desired file names, click Restore to download the prepared file from the remote
TFTP server or to load the configuration file already saved in the computer, or click Backup to upload
the desired file to the remote TFTP server or to save it to the local host.
After setting the IP address and file names click Upgrade to upgrade the firmware of the switch from
the remote TFTP server.
Upgrade Firmware from Local PC
To import a new firmware file into the Weidmüller switch, click Browse to select the firmware file that
is saved on your computer. The upgrade procedure will proceed automatically after clicking
Upgrade.
18
User Manual Managed Switches
State
Setting Description Factory
Default
Speed/Duplex
Setting Description Factory
Default
1000M-Full
Choose one of these fixed speed options if the Auto
1000M-Half
connected Ethernet device has trouble
100M-Full auto-negotiating for line speed.
Note: 1000M (Full and Half) only available in
100M-Half
models with Gigabit ports.
10M-Full
19
User Manual Managed Switches
10M-Half
Flow Control
Security
Setting Description Factory
Default
20
User Manual Managed Switches
Port alias
Setting Description Factory
Default
21
User Manual Managed Switches
Step 1: For each port select the desired Trunk Group (1, 2, 3, 4, …) from the Group ID drop-down
box.
Step 2: Select Static, or LACP from the Type drop-down box.
22
User Manual Managed Switches
Step 3: Select the maximum number of working ports for each Trunk Group (only applicable if
Trunk Groups are type LACP).
Step 4: Click Apply button.
Group ID
Setting Description Factory
Default
Type
Setting Description Factory
Default
Trunk Table
Setting Description
Trunk Member Displays which member ports belong to the trunk group.
23
User Manual Managed Switches
If Loop Guard is Active in one port, a loop in that port will be blocked if the loop happens on the
switch itself.
3.5 Redundancy
24
User Manual Managed Switches
When configuring O-Ring the user has to configure only one of the switches explicitly as master. If
more than one switch in the ring is configured as the master, then the protocol will automatically
assign master status to one of the switches (the one with the lowest MAC address).
25
User Manual Managed Switches
Ring coupling
Main Path
Backup Path
Switch A Switch C
Ring Coupling is activated by enabling the function in Switches A / B (Ring 1) and C / D (Ring 2) and
by defining one port of that switches as “Coupling Port”.
NOTE: Only two switches of a ring can enable Ring Coupling. More or less is invalid.
O-Ring protocol
Dual homing is activated by enabling the function in two switches of the ring using O-Ring protocol
and by defining one port of that switches as “Homing Port”.
NOTE: Only two switches of a ring can enable Dual Homing. More or less is invalid.
26
User Manual Managed Switches
27
User Manual Managed Switches
Redundant Ports
Setting Description Factory Default
1st Ring Port Select any port of the Switch to be one of the redundant Port 01
ports.
2nd Ring Port Select any port of the Switch to be one of the redundant Port 02
ports.
Status Description Factory Default
Inactive O-Ring redundancy disabled.
Link down No connection in this port.
Forwarding Normal transmission in this port. Inactive
Blocked The port is connected to a backup path and the path is
blocked.
Hello Time
Setting Description Factory Default
10 to 10,000ms Time interval between ring packets. 10ms
Coupling Port
Setting Description Factory Default
Coupling Port Select any port of the Switch to be the coupling port. Port 03
Status Description Factory Default
Inactive Ring Coupling is disabled.
Link down No connection in this port.
Forwarding Normal transmission in this port. Inactive
Blocked The port is connected to a backup path and the path is
blocked.
Homing Port
Setting Description Factory Default
Homing Port Select any port of the Switch to be the homing port. Port 04
Status Description Factory Default
Inactive Dual Homing is disabled.
Link down No connection in this port.
Forwarding Normal transmission in this port. Inactive
Blocked The port is connected to a backup path and the path is
blocked.
28
User Manual Managed Switches
Set Up O-Chain
Switch N
Switch 1
29
User Manual Managed Switches
Chain Ports
Setting Description Factory Default
1st Chain Port Select any port of the Switch to be one of the ports of the Port 01
daisy Chain.
2nd Chain Port Select any port of the Switch to be one of the ports of the Port 02
daisy Chain.
Status Description Factory Default
Inactive O-Chain redundancy disabled.
Link down No connection in this port.
Forwarding Normal transmission in this port. Inactive
Blocked The port is connected to a backup path and the path is
blocked.
Edge Port
Setting Description Factory Default
Check Configure a port of the daisy Chain as edge port.
Does not configure a port of the daisy Chain as edge Not checked
Uncheck
port.
30
User Manual Managed Switches
Rapid Spanning Tree Protocol (RSTP) implements the Spanning Tree Algorithm and Protocol
defined by IEEE 802.1D-2004. RSTP provides the following benefits:
• The topology of a bridged network will be determined much more quickly compared to STP.
• RSTP is backward compatible with STP, making it relatively easy to deploy.
For example:
• Defaults to sending 802.1D style BPDUs if packets with this format are received.
• STP (802.1D) and RSTP (802.1w) can operate on different ports of the same switch, which is
particularly helpful when switch ports connect to older equipment such as legacy switches.
You get essentially the same functionality with RSTP and STP. To see how the two systems differ,
see section ‘Differences between STP and RSTP’ later in this chapter.
NOTE: The STP protocol is part of the IEEE Std 802.1D, 2004 Edition bridge specification. The
following explanation uses “bridge” instead of “switch.”
STP (802.1D) is a bridge-based system that is used to implement parallel paths for network traffic.
STP uses a loop-detection process to:
• Locate and then disable less efficient paths (i.e., paths that have a lower bandwidth).
• Enable one of the less efficient paths if a more efficient path fails.
The figure below shows a network made up of three LANs separated by three bridges. Each segment
uses at most two paths to communicate with the other segments. Since this configuration can give
rise to loops, the network will overload if STP is NOT enabled.
L
A
N
Bridge B
1
Bridge A
L
A
N
Bridge C
2
L
A
N
If STP is enabled, it will detect duplicate paths and prevent, or block, one of the paths from forwarding
3
traffic. In the following example, STP determined that traffic from LAN segment 2 to LAN segment 1
should flow through bridges C and A since this path has a greater bandwidth and is therefore more
efficient.
31
User Manual Managed Switches
L
A
N
1 Bridge B
Bridge A
L
A
N
Bridge C
2
L
A
N
3
What happens if a link failure is detected? As shown in next figure, the STP process reconfigures the
network so that traffic from LAN segment 2 flows through bridge B.
L
A
N
1 Bridge B
Bridge A
L
A
N
Bridge C
2
L
A
N
STP will determine which path between each bridged segment is most efficient, and then assign a
3
specific reference point on the network. When the most efficient path has been identified, the other
paths are blocked. In the previous 3 figures, STP first determined that the path through bridge C was
the most efficient, and as a result, blocked the path through bridge B. After the failure of bridge C,
STP re-evaluated the situation and opened the path through Bridge B.
• All bridges must be able to communicate with each other. The communication is carried out
using Bridge Protocol Data Units (BPDUs), which are transmitted in packets with a known
multicast address.
• Each bridge must have a Bridge Identifier that specifies which bridge acts as the central
reference point, or Root Bridge, for the STP system—bridges with a lower Bridge Identifier are
more likely to be designated as the Root Bridge. The Bridge Identifier is calculated using the
MAC address of the bridge and a priority defined for the bridge. For example, the default priority
setting of Weidmüller switches is 32768.
32
User Manual Managed Switches
• Each port has a cost that specifies the efficiency of each link. The efficiency cost is usually
determined by the bandwidth of the link, with less efficient links assigned a higher cost. The
following table shows the default port costs for a switch:
STP Calculation
The first step of the STP process is to perform calculations. During this stage, each bridge on the
network transmits BPDUs. The following items will be calculated:
• Which bridge should be the Root Bridge. The Root Bridge is the central reference point from
which the network is configured.
• The Root Path Costs for each bridge. This is the cost of the paths from each bridge to the Root
Bridge.
• The identity of each bridge’s Root Port. The Root Port is the port on the bridge that connects to
the Root Bridge via the most efficient path. In other words, the port connected to the Root Bridge
via the path with the lowest Root Path Cost. The Root Bridge, however, does not have a Root
Port.
• The identity of the Designated Bridge for each LAN segment. The Designated Bridge is the
bridge with the lowest Root Path Cost from that segment. If several bridges have the same Root
Path Cost, the one with the lowest Bridge Identifier becomes the Designated Bridge. Traffic
transmitted in the direction of the Root Bridge will flow through the Designated Bridge. The port
on this bridge that connects to the segment is called the Designated Bridge Port.
STP Configuration
After all of the bridges on the network agree on the identity of the Root Bridge, and all other relevant
parameters have been established, each bridge is configured to forward traffic only between its Root
Port and the Designated Bridge Ports for the respective network segments. All other ports are
blocked, which means that they will not be allowed to receive or forward traffic.
STP Reconfiguration
Once the network topology has stabilized, each bridge listens for Hello BPDUs transmitted from the
Root Bridge at regular intervals. If a bridge does not receive a Hello BPDU after a certain interval (the
Max Age time), the bridge assumes that the Root Bridge, or a link between itself and the Root Bridge,
has ceased to function. This will trigger the bridge to reconfigure the network to account for the
change. If you have configured an SNMP trap destination, when the topology of your network
changes, the first bridge to detect the change will send out an SNMP trap.
RSTP is similar to STP, but includes additional information in the BPDUs that allow each bridge to
confirm that it has taken action to prevent loops from forming when it decides to enable a link to a
neighboring bridge. Adjacent bridges connected via point-to-point links will be able to enable a link
without waiting to ensure that all other bridges in the network have had time to react to the change.
33
User Manual Managed Switches
The main benefit of RSTP is that the configuration decision is made locally rather than network-wide,
allowing RSTP to carry out automatic configuration and restore a link faster than STP.
STP Example
The LAN shown in the following figure has three segments, with adjacent segments connected using
two possible links. The various STP factors, such as Cost, Root Port, Designated Bridge Port, and
Blocked Port are shown in the figure.
• Bridge A has been selected as the Root Bridge, since it was determined to have the lowest
Bridge Identifier on the network.
• Since Bridge A is the Root Bridge, it is also the Designated Bridge for LAN segment 1. Port 1 on
Bridge A is selected as the Designated Bridge Port for LAN Segment 1.
• Ports 1 of Bridges B, C, X, and Y are all Root Ports since they are nearest to the Root Bridge, and
therefore have the most efficient path.
• Bridges B and X offer the same Root Path Cost for LAN segment 2. However, Bridge B was
selected as the Designated Bridge for that segment since it has a lower Bridge Identifier. Port 2
on Bridge B is selected as the Designated Bridge Port for LAN Segment 2.
• Bridge C is the Designated Bridge for LAN segment 3, because it has the lowest Root Path Cost
for LAN Segment 3:
• The route through bridges C and B costs 200 (C to B=100, B to A=100)
• The route through bridges Y and B costs 300 (Y to B=200, B to A=100)
• The Designated Bridge Port for LAN Segment 3 is port 2 on bridge C.
34
User Manual Managed Switches
Bridge Setting
RSTP mode
Setting Description Factory Default
Priority
Setting Description Factory Default
Increase this device’s bridge priority by selecting a lower
Numerical value number. A device with a higher bridge priority has a
32768
selected by user greater chance of being established as the root of the
Spanning Tree topology.
Max. Age (sec)
35
User Manual Managed Switches
Port Setting
NOTE: We suggest not enabling the Spanning Tree Protocol once the port is connected to a device
(PLC, RTU, etc.) as opposed to network equipment. The reason is that it will cause unnecessary
negotiation.
Path Cost
36
User Manual Managed Switches
3.5.6.5 RSTP-Repeater
RSTP-repeater is a simple function to pass a BPDU packet directly from one RSTP device to another
as if they were directly connected.
Mode
Setting Description Factory Default
Enabled Enable the RSTP-repeater operation.
Disabled
Disabled Disable the RSTP-repeater operation.
Uplink Ports
Setting Description Factory Default
1st Uplink Port Select any port of the Switch according to the topology of Port 01
the network.
2nd Uplink Port Select any port of the Switch according to the topology of Port 02
the network.
3.5.7 MSTP
3.5.7.1 The MSTP concept
Multiple Spanning Tree Protocol (MSTP) is a standard protocol based on IEEE 802.1S. It defines an
extension to RSTP to further develop the usefulness of virtual LANs (VLANs). The calculations of
STP/RSTP only depend on the physical connections, whilst MSTP configures separate Spanning
Tree instances for different VLAN groups.
The main concepts that are specific of MSTP when comparing with STP/RSTP are:
37
User Manual Managed Switches
• Multiple Spanning Tree Instances (MSTIs). An MST instance (MSTI) is a particular set of
VLANs that are all using the same spanning tree.
• Regions. An MST region is a set of interconnected switches that all have the same values for all
following MST configuration elements:
o MST configuration name
o Revision level
o Mapping of which VLANs are mapped to which MST instances
Each of the MST instances created are identified by an MSTI number that identifies them only
inside the MST region. Therefore, an MSTI will never span across MST regions.
• Common and Internal Spanning Tree (CIST). The CIST is the default spanning tree of MSTP,
i.e. all VLANs that are not members of particular MSTIs are members of the CIST. Also, the
spanning tree that runs between MST regions is the CIST.
The following figure shows an example of an STP/RSTP network that contains VLANs 1 and 2. The
VLANs are connected using the 802.1Q-tagged link between switch B and Switch C. By default, this
link has a port cost of 100 and is automatically blocked by STP/RSTP because the other
switch-to-switch connections have a port cost of 36 (18+18). This means that both VLANs are now
subdivided—VLAN 1 on switches A and B cannot communicate with VLAN 1 on switch C, and VLAN
2 on switches A and C cannot communicate with VLAN 2 on switch B.
The above situation can be rectified by using MSTP. With MSTP, VLAN 1 and VLAN 2 can be
mapped to different MSTIs. Hence, each instance can have a topology independent of other
spanning tree instances.
Bridge Setting
The following figure indicates the general MSTP parameters that can be configured. A more detailed
explanation of each parameter follows.
38
User Manual Managed Switches
MSTP mode
Setting Description Factory Default
Configuration Name
Setting Description Factory Default
The name identifying the VLAN to MSTI mapping.
Bridges must share the name and revision (see below),
Name selected by
as well as the VLAN-to-MSTI mapping configurations in MSTP_SWITCH
user
order to share spanning trees for MSTIs (intra-region).
The name should not exceed 32 characters.
Revision Level
Setting Description Factory Default
Numerical value
The revision of the MSTI configuration named above. 32768
selected by user
Priority
Setting Description Factory Default
Increase this device’s bridge priority by selecting a lower
Numerical value number. A device with a higher bridge priority has a
32768
selected by user greater chance of being established as the root of the
Spanning Tree topology.
Max. Age (sec)
39
User Manual Managed Switches
Bridge Port
Configuration of MSTP parameters in each port of the switch for the Common and Internal Spanning
Tree (CIST).
Port No.
Priority
40
User Manual Managed Switches
Instance Setting
Instance
Setting Description Factory Default
State
Setting Description Factory Default
VLANs
Setting Description Factory Default
The list of VLANs mapped to the MSTI. You can use ‘-‘ for
Numerical value
consecutives VLANs (ex: 1-4) or ‘,’ for non-consecutive 1-4094
selected by the user
VLANs (ex: 5, 8)
41
User Manual Managed Switches
Priority
Setting Description Factory Default
Increase this device’s bridge priority by selecting a lower
Numerical value number. A device with a higher bridge priority has a
32768
selected by user greater chance of being established as the root of the
Spanning Tree topology.
Once the Apply button is pressed, in the Instance Information table of the page are displayed all the
MSTIs created and its mapping with the different VLANs.
Instance Port
Configuration of MSTP parameters of the ports for the different programmed MSTIs.
Instance
Setting Description Factory Default
Select the instance number for which you want to
CIST, 1 to 15 configure the ports. CIST is the default value (always CIST
active) and already programmed at Bridge Port option
Port No.
Priority
In the page is also displayed a Table showing the port information for each instance.
42
User Manual Managed Switches
Mode
Setting Description Factory Default
Recovery Priority
Setting Description Factory Default
Select the priority (number from 1 to total number of
Not included, 1 to ports) of each port. The connected port with the highest
Not included
Total number of ports priority (lowest number) will be the active one and the
others will be blocked.
When the Fast Recovery is Enabled, the page shows an additional text indicating the active port of
the switch. Besides the priority programmed, the switch will also consider the ports status to establish
the active port for the Fast Recovery. If a port is not connected (link down), it will never be the active
port regardless the priority programmed.
3.6 Multicast
Multicast filtering improves the performance of networks that carry multicast traffic. This section
explains multicasts, multicast filtering, and how multicast filtering can be implemented on your
Weidmüller switch.
What is an IP Multicast?
A multicast is a packet sent by one host to multiple hosts. Only those hosts that belong to a specific
multicast group will receive the multicast. If the network is set up correctly, a multicast can only be
sent to an end-station or a subset of end-stations on a LAN or VLAN that belong to the multicast
group. Multicast group members can be distributed across multiple subnets, so that multicast
transmissions can occur within a campus LAN or over a WAN. In addition, networks that support IP
multicast send only one copy of the desired information across the network until the delivery path that
43
User Manual Managed Switches
reaches group members diverges. To make more efficient use of network bandwidth, it is only at
these points that multicast packets are duplicated and forwarded. A multicast packet has a multicast
group address in the destination address field of the packet's IP header.
Benefits of Multicast
• It uses the most efficient, sensible method to deliver the same information to many receivers with
only one transmission.
• It reduces the load on the source (for example, a server) since it will not need to produce several
copies of the same data.
• It makes efficient use of network bandwidth and scales well as the number of multicast group
members increases.
• It works with other IP protocols and services, such as Quality of Service (QoS).
Multicast transmission makes more sense and is more efficient than unicast transmission for some
applications. For example, multicasts are often used for video-conferencing, since high volumes of
traffic must be sent to several end-stations at the same time, but where broadcasting the traffic to all
end-stations would cause a substantial reduction in network performance. Furthermore, several
industrial automation protocols, such as EtherNet/IP, Profibus, and Foundation Fieldbus HSE (High
Speed Ethernet), use multicast. These industrial Ethernet protocols use publisher/subscriber
communications models by multicasting packets that could flood a network with heavy traffic. IGMP
Snooping is used to prune multicast traffic so that it travels only to those end destinations that require
the traffic, reducing the amount of traffic on the Ethernet LAN.
Multicast Filtering
Multicast filtering ensures that only end-stations that have joined certain groups receive multicast
traffic. With multicast filtering, network devices only forward multicast traffic to the ports that are
connected to registered end-stations. The following two figures illustrate how a network behaves
without multicast filtering, and with multicast filtering.
Network without multicast filtering
All hosts receive the multicast traffic, even if they don’t need it.
44
User Manual Managed Switches
The Weidmüller switch supports both automatic multicast filtering with IGMP (Internet Group
Management Protocol) Snooping and manual multicast filtering by adding static multicast IP
addresses.
It additionally supports MVR (Multicast VLAN Registration) to enable Multicast traffic across different
VLANs.
Snooping Mode
Snooping Mode allows your switch to forward multicast packets only to the appropriate ports. The
switch "snoops" on exchanges between hosts and an IGMP device, such as a router, to find those
ports that want to join a multicast group, and then configure its filters accordingly.
Querier Mode
Querier mode allows the Weidmüller switch to work as the Querier if it has the lowest IP address on
the subnetwork to which it belongs. Enable query mode to run multicast sessions on a network that
does not contain IGMP routers (or queriers).
IGMP Multicast Filtering
IGMP is used by IP-supporting network devices to register hosts with multicast groups. It can be
used on all LANs and VLANs that contain a multicast capable IP router, and on other network
devices that support multicast filtering.
• The IP router (or querier) periodically sends query packets to all end-stations on the LANs or
VLANs that are connected to it. For networks with more than one IP router, the router with the
lowest IP address is the querier. A switch with IP address lower than the IP address of any other
IGMP querier connected to the LAN or VLAN can become the IGMP querier.
45
User Manual Managed Switches
• When an IP host receives a query packet, it sends a report packet back that identifies the
multicast group that the end-station would like to join.
• When the report packet arrives at a port on a switch with IGMP Snooping enabled, the switch
knows that the port should forward traffic for the multicast group, and then proceeds to forward the
packet to the router.
• When the router receives the report packet, it registers that the LAN or VLAN requires traffic for
the multicast groups.
• When the router forwards traffic for the multicast group to the LAN or VLAN, the switches only
forward the traffic to ports that received a report packet.
Static Multicast
Some devices may only support multicast packets, but may not support IGMP Snooping. The
Weidmüller switch supports adding multicast groups manually to enable multicast filtering.
The MVR feature enables more efficient distribution of multicast traffic across an Ethernet Layer-2
network. In standard Layer 2 networks, a multicast stream received on one VLAN is never distributed
to interfaces outside that VLAN. If hosts in different VLANs request the same multicast stream, a
separate copy of that multicast stream is distributed to each requesting VLAN.
The MVR creates a Multicast VLAN that becomes the only VLAN over which multicast traffic flows
through the Layer 2 network. In an Ethernet switch with MVR enabled we can configure both Source
ports (connected to a sender of multicast data to the Multicast VLAN) and Receiver ports (connected
to subscribers). MVR receiver ports can receive traffic from a port on the Multiple VLAN but cannot
send traffic to it.
MVR operates similarly and in conjunction with IGMP Snooping. Whereas IGMP Snooping operates
within a given VLAN to regulate multicast traffic, MVR can operate with different VLANs.
46
User Manual Managed Switches
IGMP Snooping
Setting Description Factory
Default
Enabled/Disabled The switch may be the IGMP querier. As only one Disabled
device can be the querier in an IGMP application, the
querier role will be taken by the device with the lowest
IP address.
Router Ports
Port number The user can also select/check the ports that will Unchecked
connect to the multicast routers (static router port).
These ports will receive all multicast packets from the
source. This option is only active when IGMP
Snooping is enabled.
47
User Manual Managed Switches
Multicast IP Address
Setting Description Factory
Default
Member Ports
In the same page is shown a table with the created Static Multicast Filter List indicating the ports of
each specific multicast group.
48
User Manual Managed Switches
MVR Mode
Setting Description Factory
Default
MVR VLAN
Setting Description Factory
Default
Port Type
Setting Description Factory
Default
Immediate leave
What is a VLAN?
A VLAN is a group of devices that can be located anywhere on a network, but which communicate as
if they are on the same physical segment. With VLANs, you can segment your network without being
restricted by physical connections—a limitation of traditional network design. With VLANs you can
segment your network according into:
• Departmental groups—You could have one VLAN for the marketing department, another for
the finance department, and another for the product development department.
• Hierarchical groups—You could have one VLAN for directors, another for managers, and
another for general staff.
• Usage groups—You could have one VLAN for email users and another for multimedia users.
49
User Manual Managed Switches
Switch A
1 2 3 4 5 6 7 8
Benefits of VLANs
The main benefit of VLANs is that they provide a network segmentation system that is far more
flexible than traditional networks. Using VLANs also provides you with three other benefits:
• VLANs ease the relocation of devices on networks: With traditional networks, network
administrators spend most of their time dealing with moves and changes. If users move to a
different subnetwork, the addresses of each host must be updated manually. With a VLAN setup,
if a host on VLAN Marketing, for example, is moved to a port in another part of the network, and
retains its original subnet membership, you only need to specify that the new port is on VLAN
Marketing. You do not need to carry out any re-cabling.
• VLANs provide extra security: Devices within each VLAN can only communicate with other
devices on the same VLAN. If a device on VLAN Marketing needs to communicate with devices
on VLAN Finance, the traffic must pass through a routing device or Layer 3 switch.
• VLANs help control traffic: With traditional networks, congestion can be caused by broadcast
traffic that is directed to all network devices, regardless of whether or not they need it. VLANs
increase the efficiency of your network because each VLAN can be set up to contain only those
devices that need to communicate with each other.
VLANs
Your Weidmüller switch provides support for VLANs using IEEE Std 802.1Q-1998. This standard
allows traffic from multiple VLANs to be carried across one physical link. The IEEE Std 802.1Q-1998
standard allows each port on your Weidmüller switch to be placed in:
Managing a VLAN
A new or initialized Weidmüller contains a single VLAN—the Default VLAN. This VLAN has the
following definition:
50
User Manual Managed Switches
The Weidmüller switch supports 802.1Q VLAN tagging, a system that allows traffic for multiple
VLANs to be carried on a single physical (backbone, trunk) link. When setting up VLANs you need to
understand when to use untagged and tagged membership of VLANs. Simply put, if a port is on a
single VLAN it can be an untagged member, but if the port needs to be a member of multiple VLANs,
tagged membership must be defined.
A typical host (e.g., clients) will be untagged members of one VLAN, defined as "Access Port" in the
Weidmüller switch, while inter-switch connections will be tagged members of all VLANs, defined as
"Trunk Port" in the Weidmüller switch.
The IEEE Std 802.1Q-1998 defines how VLANs operate within an open packet-switched network. An
802.1Q compliant packet carries additional information that allows a switch to determine which VLAN
the port belongs. If a frame is carrying the additional information, it is known as a tagged frame.
To carry multiple VLANs across a single physical (backbone, trunk) link, each packet must be tagged
with a VLAN identifier so that the switches can identify which packets belong to which VLAN. To
communicate between VLANs, a router must be used.
51
User Manual Managed Switches
GVRP Mode
Setting Description Factory
Default
Management VLAN ID
52
User Manual Managed Switches
53
User Manual Managed Switches
ATTENTION
For communication redundancy in the VLAN environment, set Redundant Port,
Coupling Port, and Homing Port as "Trunk Port," since these ports act as the
"backbone" to transmit all packets of different VLANs to different Weidmüller
switches.
PVID
Setting Description Factory
Default
VID ranges from 1 Sets the default VLAN ID for untagged devices that 1
to 4094 connect to the port. Incoming frames (Ingress) that do not
have a VLAN ID will be tagged with PVID value. Incoming
devices having a VLAN ID will be left unchanged.
Untagged VIDs
Setting Description Factory
Default
VID ranges from 1 This parameter may be used for link types Access and None
to 4094 Hybrid. It is only related to the port’s output traffic (Egress)
and defines that only frames may leave the port having a
VLAN ID configured in Untagged VIDs.
The VLAN ID of a frame which may leave the port
according to parameter Untagged VIDs always will be
removed (untagged).
Use commas to separate different VLAN IDs.
Tagged VIDs
Setting Description Factory
Default
VID range from 1 This parameter may be used for link types Trunk and None
to 4094 Hybrid. It is only related to the port’s output traffic (Egress)
and defines that only frames may leave the port having a
VLAN ID configured in Tagged VIDs.
The VLAN ID of a frame which may leave the port
according to parameter Tagged VIDs never will be
removed (stay tagged).
Use commas to separate different VLAN IDs.
54
User Manual Managed Switches
Port
Setting Description Factory Default
In 802.1Q VLAN table, you can review the VLAN groups that were created, Untagged Ports and
Tagged Ports. In Port-based VLAN table, you can review the VLAN group and assigned ports.
55
User Manual Managed Switches
Traffic prioritization allows you to prioritize data so that time-sensitive and system-critical data can be
transferred smoothly and with minimal delay over a network. The benefits of using traffic prioritization
are:
Traffic prioritization uses the four traffic queues that are present in your Weidmüller managed Switch
to ensure that high priority traffic is forwarded on a different queue from lower priority traffic. This is
what provides Quality of Service (QoS) to your network.
Weidmüller managed Switch traffic prioritization depends on two industry-standard methods:
• IEEE 802.1D → A layer 2 marking scheme.
• Differentiated Services (DiffServ) → A layer 3 marking scheme.
The IEEE Std 802.1D, 1998 Edition marking scheme, which is an enhancement to IEEE Std 802.1D,
enables Quality of Service on the LAN. Traffic service levels are defined in the IEEE 802.1Q 4-byte
tag, which is used to carry VLAN identification as well as IEEE 802.1p priority information. The 4-byte
tag immediately follows the destination MAC address and Source MAC address.
The IEEE Std 802.1D, 1998 Edition priority marking scheme assigns an IEEE 802.1p priority level
between 0 and 7 to each frame. The priority marking scheme determines the level of service that this
type of traffic should receive. Refer to the table below for an example of how different traffic types can
be mapped to the eight IEEE 802.1p priority levels.
1 Background
2 Standard (spare)
5 Video (interactive media); less than 100 milliseconds of latency and jitter
56
User Manual Managed Switches
Even though the IEEE 802.1D standard is the most widely used prioritization scheme in the LAN
environment, it still has some restrictions:
• It requires an additional 4-byte tag in the frame, which is normally optional for Ethernet
networks. Without this tag, the scheme cannot work.
• The tag is part of the IEEE 802.1Q header, so to implement QoS at layer 2, the entire
network must implement IEEE 802.1Q VLAN tagging.
• It is only supported on a LAN and not across routed WAN links, since the IEEE 802.1Q tags
are removed when the packets pass through a router.
DiffServ is a Layer 3 marking scheme that uses the DiffServ Code Point (DSCP) field in the IP header
to store the packet priority information. DSCP is an advanced intelligent method of traffic marking
that allows you to choose how your network prioritizes different types of traffic. DSCP uses 64 values
that map to user-defined service levels, allowing you to establish more control over network traffic.
The advantages of DiffServ over IEEE 802.1D are:
• You can configure how you want your switch to treat selected applications and types of traffic by
assigning various grades of network service to them.
• No extra tags are required in the packet.
• DSCP uses the IP header of a packet to preserve priority across the Internet
• DSCP is backward compatible with IPV4 ToS, which allows operation with existing devices that
use a layer 3 ToS enabled prioritization scheme.
Traffic Prioritization
Weidmüller managed Switches classify traffic based on layer 2 of the OSI 7 layer model, and the
switch prioritizes received traffic according to the priority information defined in the received packet.
Incoming traffic is classified based upon the IEEE 802.1D frame and is assigned to the appropriate
priority queue based on the IEEE 802.1p service level value defined in that packet. Service level
markings (values) are defined in the IEEE 802.1Q 4-byte tag, and consequently traffic will only
contain 802.1p priority markings if the network is configured with VLANs and VLAN tagging. The
traffic flow through the switch is as follows:
• A packet received by the switch may or may not have an 802.1p tag associated with it. If it does
not, then it is given a default 802.1p tag (which is usually 0). Alternatively, the packet may be
marked with a new 802.1p value, which will result in all knowledge of the old 802.1p tag being
lost.
• As the 802.1p priority levels are fixed to the traffic queues, the packet will be placed in the
appropriate priority queue, ready for transmission through the appropriate egress port. When the
packet reaches the head of its queue and is about to be transmitted, the device determines
whether or not the egress port is tagged for that VLAN. If it is, then the new 802.1p tag is used in
the extended 802.1D header.
• The Weidmüller Switch will check a packet received at the ingress port for IEEE 802.1D traffic
classification, and then prioritize it based upon the IEEE 802.1p value (service levels) in that tag.
It is this 802.1p value that determines to which traffic queue the packet is mapped to.
Traffic Queues
The hardware of Weidmüller switches has multiple traffic queues that allow packet prioritization to
occur. Higher priority traffic can pass through the Weidmüller switch without being delayed by lower
priority traffic. As each packet arrives in the Weidmüller switch, it passes through any ingress
processing (which includes classification, marking/re-marking), and is then sorted into the
appropriate queue. The switch then forwards packets from each queue.
57
User Manual Managed Switches
• Weight Fair: This method services all the traffic queues, giving priority to the higher priority
queues. Under most circumstances, the Weight Fair method gives high priority precedence over
low priority, but in the event that high priority traffic does not reach the link capacity, lower priority
traffic is not blocked.
• Strict: This method services high traffic queues first; low priority queues are delayed until no
more high priority data needs to be sent. The Strict method always gives precedence to high
priority over low priority.
3.8.2.1 Policy
In this page we can enable the QoS in the switch and we can also indicate how is determined the
priority of an ingress frame as well as the QoS policy.
QoS Mode
Factory
Setting Description
Default
58
User Manual Managed Switches
QoS Policy
Factory
Setting Description
Default
NOTE: This page has to be programmed if the selected QoS policy of the switch is Port-based.
Port-based Priority
Setting Description Factory
Default
Port priority The port priority has 4 priority queues. Lowest, Low,
Middle, High priority queue option can be applied to Lowest
each port.
NOTE: This page has to be programmed if the selected QoS policy of the switch is based on CoS
(CoS only, CoS first or ToS first). When CoS enabled, incoming packets without VLAN tag
(without IEEE 802.1p priority mark) will be treated according to this programming.
59
User Manual Managed Switches
Lowest / Low / Maps different CoS values to four different egress 0-1 Lowest
Middle / High queues. 2-3 Low
4-5 Middle
6-7 High
NOTE: This page has to be programmed if the selected QoS policy of the switch is based on ToS
(ToS only, ToS first or CoS first).
60
User Manual Managed Switches
61
User Manual Managed Switches
DHCP Mode
Factory
Setting Description
Default
IP range of the Assigns the start and end IP addresses of the pool that
192.168.1.120 /
DHCP address will be used to set the IP address of more than one
192.168.1.200
pool DHCP clients.
62
User Manual Managed Switches
Subnet Mask
Factory
Setting Description
Default
IP address of the
Subnet mask dynamically assigned to DHCP clients. 255.255.255.0
subnet mask
Gateway
Setting Description Factory
Default
DNS
Factory
Setting Description
Default
Lease time
Lease time of the Amount of time a network client will be allowed to use 168 hours
pool (hours) a dynamic IP address in the network.
63
User Manual Managed Switches
1st Server
IP address / VID Assigns the IP address and VID of the 1st DHCP 0.0.0.0 / 1
for the 1st server that the switch tries to access.
DHCP server
2nd Server
Setting Description Factory Default
IP address / VID Assigns the IP address and VID of the 2nd DHCP 0.0.0.0 / 1
for the 2nd DHCP server that the switch tries to access.
server
3rd Server
Setting Description Factory Default
IP address / VID Assigns the IP address and VID of the 3rd DHCP 0.0.0.0 / 1
for the 3rd DHCP server that the switch tries to access.
server
4th Server
Setting Description Factory Default
IP address / VID Assigns the IP address and VID of the 4th DHCP 0.0.0.0 / 1
for the 4th DHCP server that the switch tries to access.
server
64
User Manual Managed Switches
Type
Setting Description Factory
Default
Value
Setting Description Factory
Default
Max. 12 Displays the value that was set. Complete this field if Switch IP
characters type is set to Other. address
Display
Setting Description Factory Default
Option 82
Setting Description Factory
Default
Enable or Disable Enable or disable the DHCP Option 82 function for this Disable
port.
65
User Manual Managed Switches
NOTE: Port and IP binding will only be active if DHCP Server mode is enabled in the switch.
3.10 SNMP
Weidmüller managed Switches supports SNMP V1, V2c, and V3. SNMP V1 and SNMP V2c use a
community string match for authentication, which means that SNMP servers access all objects with
read-only or read/write permissions using the community strings public and private by default. SNMP
V3 requires that you select an authentication level of MD5 or SHA, and is the most secure protocol.
You can also enable data encryption to enhance data security.
Supported SNMP security modes and levels are shown in the following table. Select the security
mode and level that will be used to communicate between the SNMP agent and manager.
Protocol
UI Setting Authentication Encryption Method
version
V1, V2c Read Uses a community string
Community string No
SNMP V1, Community match for authentication.
V2c V1, V2c Write/Read Uses a community string
Community string No
Community match for authentication.
Uses an account with admin or
No-Auth No No
user to access objects
Provides authentication based
on HMAC-MD5, or
Authentication based HMAC-SHA algorithms.
MD5 or SHA No
on MD5 or SHA 8-character passwords are the
minimum requirement for
authentication.
SNMP V3 Provides authentication based
on HMAC-MD5 or HMAC-SHA
algorithms, and data
Data encryption key (DES or
Authentication based
MD5 or SHA encryption AES128). 8-character
on MD5 or SHA
key passwords and a data
encryption key are the
minimum requirements for
authentication and encryption.
These parameters are configured on the SNMP page. A more detailed explanation of each
parameter is given below the figure.
66
User Manual Managed Switches
Factory
Setting Description
Default
Factory
Setting Description
Default
Read Only
Read Only / Read (Public)
Specifies the privilege of each community string.
and Write Read and
Write (Private)
Up to four different sets of Community string / Privilege are supported in the switch.
SNMP V3 allows the user to create several groups of users and accesses with different levels of
security. Object IDs are associated with various levels of permissions and a single view can be
assigned to multiple objects. As a summary, in SNMP V3:
• Several users can be created with different security levels.
• Groups of users with the same privilege accesses can be created.
• More than one access to the same Group can be created.
• An access can have more than one MIB view for its read access, write access or notify access.
• A single MIB view can have multiple OIDs associated.
The figure below shows the configuring page when SNMP v3 is selected.
67
User Manual Managed Switches
Context Name
Factory
Setting Description
Default
Max. 32
A string identifying a user name. None
characters
68
User Manual Managed Switches
Max. 32
A string identifying the name of the Group. None
characters
Factory
Setting Description
Default
69
User Manual Managed Switches
Max. 32 The name of the MIB View defining the MIB objects
None
characters for which this request may get the current values.
Max. 32 The name of the MIB View defining the MIB objects
None
characters for which this request may set new values.
Max. 32 The name of the MIB View defining the MIB objects
None
characters which may be included in notification requests.
The buttons Add / Remove have to be used to create / delete Access Tables.
70
User Manual Managed Switches
Factory
Setting Description
Default
Factory
Setting Description
Default
The buttons Add / Remove have to be used to create / delete MIB Views.
NOTE: At the end of this programming page is shown the Private MIB Information of the switch as
well as the Engine ID (if SNMP V3 is used).
71
User Manual Managed Switches
Server IP
Setting Description Factory
Default
Trap Version
Setting Description Factory
Default
After indicating the IP address of the trap server, the community name for authentication and the
SNMP trap version, we press the Add button.
All the configured trap servers are shown in the table Trap Server Profile of the web page.
3.11 Security
Security can be categorized in two levels: the user name/password level, and the port access level.
For user name/password level security, Weidmüller switches provide the possibility to enable/disable
any possible access to the management of the device and also provide the login option through
Terminal Access Controller Access-Control System Plus (TACACS+). The TACACS+ mechanism is
a centralized “AAA” (Authentication, Authorization and Accounting) system for connecting to network
services.
Regarding the port access level, the switches provide two kinds of Port-Based Access Control:
• Static Port Lock, either using MAC or IP addresses
• IEEE 802.1X
A more detailed description about all the security options is provided in the following sections.
72
User Manual Managed Switches
73
User Manual Managed Switches
Secure IP List
Setting Description Factory
Default
NOTE: After programming IP addresses in the Secure IP List and before applying, be sure that the IP
address of the management PC is in the list. Otherwise the connection will be lost.
3.11.1.2 TACACS+
The detailed configuration settings of TACACS+ are displayed in the table below. As it can be seen in
the page below, up to five different TACACS+ servers can be configured in the switch.
Server Configuration
74
User Manual Managed Switches
verification.
Client Configuration
In this case the Weidmüller switch can be configured to protect both static MAC and IP addresses for
a specific port. With the Port Lock function, these locked ports will not learn any additional MAC
addresses, but only allow traffic from preset static MAC/IP addresses, helping to block hackers and
careless usage.
The IEEE 802.1X standard defines a protocol for client/server-based access control and
authentication. The protocol restricts unauthorized clients from connecting to a LAN through ports
that are open to the Internet, and which otherwise would be readily accessible. The purpose of the
authentication server is to check each client that requests access to the port. The client is only
allowed access to the port if the client's permission is authenticated.
Three components are used to create an authentication mechanism based on 802.1X standards:
Client/Supplicant, Authentication Server, and Authenticator.
Client/Supplicant: The end station that requests access to the LAN and switch services and
responds to the requests from the switch.
Authentication server: The server that performs the actual authentication of the supplicant.
Authenticator: Edge switch or wireless access point that acts as a proxy between the supplicant
and the authentication server, requesting identity information from the supplicant, verifying the
information with the authentication server, and relaying a response to the supplicant.
The Weidmüller switch acts as an authenticator in the 802.1X environment. A supplicant and an
authenticator exchange EAPOL (Extensible Authentication Protocol over LAN) frames with each
other.
Authentication can be initiated either by the supplicant or the authenticator. When the supplicant
initiates the authentication process, it sends an EAPOL-Start frame to the authenticator. When the
authenticator initiates the authentication process or when it receives an EAPOL Start frame, it sends
an EAP Request/Identity frame to ask for the username of the supplicant. The following actions are
described below:
75
User Manual Managed Switches
76
User Manual Managed Switches
3.11.2.3 IP Guard
IP Guard is a simple security option that consists in defining an IP allowed list. Any traffic from IP
addresses not belonging to this list will be discarded.
77
User Manual Managed Switches
Port Setting
The IP Guard function can be applied to each port of the switch through this Port Setting option.
Allow list
In the option Allow list the user can create the list of allowed IP addresses of a port applicable when
the IP Guard feature is enabled.
The user can Add and Delete rows of the allow list by using the corresponding buttons.
78
User Manual Managed Switches
Super-IP list
As it has been seen in the previous section, the IP addresses of the option Allow list have to match
the programmed MAC address and ingress port to be allowed by the IP Guard function.
The option Super-IP list allows the user to define IP addresses with special priority. Any IP traffic of
the Super-IP list is allowed regardless the MAC address and ingress port.
The user can Add and Delete IP addresses of the Super-IP list by using the corresponding buttons.
Monitor List
In this option is displayed a log of all the traffic blocked by the IP Guard function. The user can display
the IP address / MAC address / Port of the entry as well as the time when the entry was logged.
The user also has the possibility to add to the allow list any entry of the blocked traffic by checking
Add to allow list.
79
User Manual Managed Switches
3.11.2.4 802.1x
Radius Server
Server Port The UDP authentication port of the RADIUS server. 1812
Accounting Port The UDP accounting port of the RADIUS server. 1813
Advanced Setting
TX Period Time (in sec) that the switch can wait for a response 30
from the client of an EAP request/identify frame. If no
response after this time, the request is re-sent.
Supplicant Time (in sec) that the switch can wait for a supplicant 30
Timeout response to an EAP request.
80
User Manual Managed Switches
Server Timeout Time (in sec) that the switch can wait for a Radius 30
server response to an authentication request.
Re-Auth Period Specify how frequently (in sec) the end stations need 3600
to reenter usernames and passwords in order to stay
connected.
The user can define the behavior of each port of the switch according to the 802.1x programming.
81
User Manual Managed Switches
3.12 Warnings
Since industrial Ethernet devices are often located at the endpoints of a system, these devices will
not always know what is happening elsewhere on the network. This means that an industrial Ethernet
switch that connects to these devices must provide system maintainers with real-time alarm
messages. Even when control engineers are out of the control room for an extended period of time,
they can still be informed of the status of devices almost instantaneously when exceptions occur. The
Weidmüller switch supports different approaches to warn engineers automatically, such as email and
relay output. It also allows to store the log data of events both locally and in a SYSLOG server.
Alarm event types can be divided into two basic groups: Power Failure and Port Link
Down/Broken.
You can configure which events are related to the relay output.
NOTE: The events that are configured to activate the relay output also activate the
amber light in the FAULT LED of the front-plate of the switch.
PWR 1 No power input in the first power supply module of the switch.
PWR 2 No power input in the second power supply module of the switch.
Port number The port is disconnected (e.g., the cable is pulled out, or the
opposing device shuts down).
82
User Manual Managed Switches
Event Types can be divided into two basic groups: System Events and Port Events. System Events
are related to the overall function of the switch, whereas Port Events are related to the activity of a
specific port.
NOTE: For each event the user can decide if a log is registered (SYSLOG) and/or if a
warning Email is sent (SMTP). It is necessary to Enable Syslog and/or SMTP in the
switch to have the possibility to select events in the Event selection page.
83
User Manual Managed Switches
O-Ring Topology Change If the Master of the O-Ring has changed or the backup path is
activated.
O-Chain Topology Change If the configuration of the O-Chain has changed or the backup
path is activated.
Configuration Changed Any configuration item has been changed and saved.
and Saved
Disable Never.
Link Down The port is disconnected (e.g., the cable is pulled out, or the
opposing device shuts down).
Mode
84
User Manual Managed Switches
Mail Subject
Authentication
Max. of 45 You can set up to six email addresses to receive alarm None
characters emails from the Weidmüller switch.
85
User Manual Managed Switches
Mode
Server IP Address
3.13 Monitoring/Diagnosis
You can monitor statistics in real time from the Weidmüller switch as well as check its log register.
The Weidmüller switch also provides important tools for administrators to diagnose network systems.
Date The date is updated based on how the current date is set in the Basic Setting
menu (Time Setting page).
Time The time is updated based on how the current time is set in the Basic Setting
menu (Time Setting page).
86
User Manual Managed Switches
NOTE: The local Event Log Table is not stored in flash memory so is deleted when the
switch is rebooted. As explained, the user can save it as a .txt file using the Export
button.
The MAC Address table can be configured to display the following Weidmüller switch MAC address
groups, which are selected from the drop-down list Port No.:
ALL Select this item to show all of the Weidmüller switch’s MAC addresses.
Port n Select this item to show all of the MAC addresses dedicated ports.
Port This field shows the port that this MAC address belongs to.
Below the table is also shown the number of Static and Dynamic MAC Addresses. The button Flush
Table deletes all the MAC addresses shown in the table.
87
User Manual Managed Switches
In this page the user can also configure the MAC Address Aging Setting:
MAC Address Aging Time
Time (30 sec to 1 The time before an entry ages and is discarded from 5 min
hour) the MAC address table.
Enabled / When enabled, the switch will delete the MAC address Disabled
Disabled table if a port link gets down.
TX Packets Packets sent out from the port of the Weidmüller switch. It is distinguished
between good packets and bad packets. Bad packets are packets that did not
pass TCP/IP's error checking algorithm.
RX Packets Packets received in the port of the Weidmüller switch from connected
devices. It is distinguished between good packets and bad packets. Bad
packets are packets that did not pass TCP/IP's error checking algorithm.
The Clear button allows the user to reset all the port counters.
88
User Manual Managed Switches
InUnicasts The number of good frames received that have a Unicast destination MAC
address.
InBroadcasts The number of good frames received that have a Broadcast destination
MAC address.
InMulticasts The number of good frames received that have a Multicast destination
MAC address.
Octets127 Total frames received (and/or transmitted) with a length between 65 and
127 octets.
Octets255 Total frames received (and/or transmitted) with a length between 128 and
255 octets.
Octets511 Total frames received (and/or transmitted) with a length between 256 and
511 octets.
Octets1023 Total frames received (and/or transmitted) with a length between 512 and
1023 octets.
OctetsMax Total frames received (and/or transmitted) with a length between 1024 and
MaxSize octets.
89
User Manual Managed Switches
OutUnicasts The number of frames sent that have an Unicast destination MAC address.
Excessive The number frames dropped in the transmit MAC because the frame
experienced 16 consecutive collisions. This counter is applicable in
half-duplex only.
OutMulticasts The number of good frames sent that have a Multicast destination MAC
address.
OutBroadcasts The number of good frames sent that have a Broadcast destination MAC
address.
Multiple The total number of successfully transmitted frames that experienced more
than one collision. This counter is applicable in half-duplex only.
Undersize Total frames received with a length of less than 64 octets but with a valid
FCS/CRC.
Fragments Total frames received with a length of more than 64 octets and with an
invalid FCS/CRC.
Oversize Total frames received with a length of more than MaxSize octets but with a
valid FCS/CRC.
Jabber Total frames received with a length of more than MaxSize octets but with
an invalid FCS/CRC.
InMACRcvErr Total frames received with an RxErr signal from the physical interface.
InFCSErr Total frames received with an FCS/CRC error not counted in Fragments,
Jabber or RxErr.
Collisions The number of collision events seen by MAC not including those counted in
Single, Multiple, Excessive or Late. This counter is applicable in
half-duplex only.
Late The number of times a collision is detected later than 512 bit-times into the
transmission of a frame. This counter is applicable in half-duplex only.
The Clear button allows the user to reset all the port counters.
90
User Manual Managed Switches
Setting Description
Source Port Select one or several ports whose network activity will be monitored. It is
possible to select RX, TX or both.
• RX
Select this option to monitor only those data packets coming in through the
monitored port.
• TX
Select this option to monitor only those data packets being sent out
through the monitored port.
Select both RX and TX to monitor data packets both coming into, and
being sent out through, the monitored port.
Destination Select one port that will be used to monitor the activity of the monitored
Port port. It is possible to use different monitored / mirror ports for TX and RX
data.
NOTE: Port Monitoring is enabled by selecting at least one source port and pressing the
button Apply.
91
User Manual Managed Switches
The parameters that can be programmed in each port to set up this excessive traffic event are:
Monitored-Counter
Disabled / “Traffic To enable the traffic monitoring in the port of the Disabled
type” switch we have to select the type of traffic we want to
monitor:
• RX Octet (all received frames)
• RX Broadcast (broadcast received frames)
• RX Multicast (multicast received frames)
• RX Unicast (unicast received frames)
• RX Non-Unicast (broadcast and unicast
received frames)
Time Interval
Time between 1 Define the time that the switch will be 3 sec
and 300 sec monitoring/counting the number of received frames.
92
User Manual Managed Switches
Increasing Quantity
NOTE: This option is only available in the models including SFP ports.
Optical fiber is commonly used for long distance data transmission. However, when link issues occur,
it is very costly to trouble shoot the fiber cable and fiber transceiver at remote sites. To solve this
problem, Weidmüller industrial Ethernet switches provide digital diagnostic and monitoring (DDM)
functions on Weidmüller SFP optical fiber links and allow users to measure optical parameters and
its performance from center site. This function can greatly facilitate the trouble shooting process for
optical fiber links and reduce costs for onsite debug.
Parameter Description
Tx power (uW) The amount of light being transmitted into the fiber optic cable in uW
(dBm) The amount of light being transmitted into the fiber optic cable in
dBm
93
User Manual Managed Switches
Rx power (uW) The amount of light being received from the fiber optic cable in uW
(dBm) The amount of light being received from the fiber optic cable in dBm
Besides monitoring the SFP status, it is also possible to configure a high-temperature warning that
can be either logged in Syslog or sent as event by email.
Warning Temperature
Event Alarm
3.13.8 Ping
The Ping function uses the ping command to give users a simple but powerful tool for
troubleshooting network problems. The function's most unique feature is that even though the ping
command is entered from the user's PC keyboard, the actual ping command originates from the
Weidmüller switch itself. In this way, the user can essentially sit on top of the Weidmüller switch and
send ping commands out through its ports.
To use the Ping function, type in the desired IP address, and then click Send Ping.
In the page is always indicated if the current configuration is saved to flash memory or not.
94
User Manual Managed Switches
The user has the possibility to restore to factory defaults but keeping the current IP address and
username / password settings.
In the page are shown the active (running) and alternate firmware images and the user can decide
which one should be taken for the reboot.
3.17 Logout
This option can be used to leave the Web Management of the switch.
95
User Manual Managed Switches
• Speed: 9600
• Data: 8 bits
• Parity: None
• Stop bits: 1
• Flow Control: None
The console login screen will appear. Use the keyboard to introduce the “Username” and
“Password”.
NOTE: The same Username and password used to access to the Web
Management have to be used for the Console port.
The default Username / password are admin / Detmold
NOTE: When connecting to the switch’s Telnet ensure that your PC host and the
switch are on the same logical subnet.
NOTE: When connecting to the switch’s Telnet, first connect one of the switch’s
Ethernet ports to your Ethernet LAN or directly to your PC’s Ethernet port. You may
use either a straight-through or cross-over Ethernet cable.
96
User Manual Managed Switches
After making sure that the Weidmüller switch is connected to the same LAN and logical subnet as
your PC, open the Weidmüller switch’s Telnet console using any Telnet client (Windows Telnet
Client, PuTTY, TeraTermPro, etc.).
Specify interface,
Config Interface interface type and
(config-if)# number after (config)# End, exit, do logout
Mode
Keyboard Action
? Issue “?” to get a list of commands available in the current
mode.
Up arrow key To view the previous entered commands.
Down arrow key To view the previous entered commands.
Tab key To complete an unfinished command.
97
User Manual Managed Switches
98
User Manual Managed Switches
99
User Manual Managed Switches
100
User Manual Managed Switches
101
User Manual Managed Switches
102
User Manual Managed Switches
103
User Manual Managed Switches
104
User Manual Managed Switches
105
User Manual Managed Switches
106
User Manual Managed Switches
107
User Manual Managed Switches
108
User Manual Managed Switches
109
User Manual Managed Switches
110
User Manual Managed Switches
111
User Manual Managed Switches
8021x misc Global Config Use the 802.1x misc (config)# 8021x misc
maxrequest max request global maxrequest 3
[number] configuration
command to set the
MAX requests.
8021x misc Global Config Use the 802.1x misc (config)# 8021x misc
reauthperiod reauth period global reauthperiod 3000
[sec.] configuration
command to set the
reauth period.
112
User Manual Managed Switches
113
User Manual Managed Switches
114
User Manual Managed Switches
• Firmware Upgrades
• Private MIB files
• Documentation (User Manual and Hardware Installation Guide)
115