Manual Fast-Gigabit Advanced Line M Switch Series 1e 10 2021

Industrial Ethernet managed Switches
Manual
for
Fast/Gigabit Advanced Line Switches
IE-SW-AL08M-8TX (2682280000)
IE-SW-AL08M-6TX-2GT (2682290000)
IE-SW-AL10M-8TX-2GC (2740420000)
IE-SW-AL16M-16TX (2682310000)
IE-SW-AL24M-24TX (2682320000)
IE-SW-AL18M-16TX-2GC (2682330000)
First Edition, October 2021

Industrial Ethernet managed Switches
Manual
The software described in this manual is furnished under a license agreement and may be used only in
accordance with the terms of that agreement.
Copyright Notice
Copyright ©2016 Weidmüller Interface GmbH & Co. KG

All rights reserved.
Reproduction without permission is prohibited.
Disclaimer
Information in this document is subject to change without notice and does not represent a
commitment on the part of Weidmüller.
Weidmüller provides this document as is, without warranty of any kind, either expressed or implied,
including, but not limited to, its particular purpose. Weidmüller reserves the right to make
improvements and/or changes to this manual, or to the products and/or the programs described in
this manual, at any time.
Information provided in this manual is intended to be accurate and reliable. However, Weidmüller
assumes no responsibility for its use, or for any infringements on the rights of third parties that may
result from its use.
This product might include unintentional technical or typographical errors. Changes are periodically
made to the information herein to correct such errors, and these changes are incorporated into new
editions of the publication.
Contact Information
Weidmüller Interface GmbH & Co. KG

Postfach 3030
32760 Detmold
Klingenbergstraße 26
32758 Detmold
Germany
Phone +49 (0) 5231 14-0

Fax +49 (0) 5231 14-2083
E-Mail info@weidmueller.com
Internet www.weidmueller.com
User Manual Managed Switches
Table of Contents
1. About this Manual ............................................................................................. 5
2. Getting Started .................................................................................................. 5
2.1 Hardware features .................................................................................................................. 5

2.2 Software features ................................................................................................................... 6
3. Web Management .............................................................................................. 7
3.1 Accessing the Web interface via HTTP ................................................................................ 7

3.2 Accessing the Web interface via HTTPS ............................................................................. 8
3.3 Basic Settings ........................................................................................................................ 9
3.3.1 System Setting ................................................................................................................. 9
3.3.2 Admin Password ............................................................................................................10
3.3.3 IP Setting........................................................................................................................11
3.3.4 IPv6 Setting ....................................................................................................................12
3.3.5 Time Setting ...................................................................................................................13
3.3.6 LLDP Function ...............................................................................................................15
3.3.6.1 Overview ................................................................................................................15
3.3.6.2 Configuring LLDP Settings ....................................................................................16
3.3.7 Modbus TCP ..................................................................................................................16
3.3.8 Backup & Restore ..........................................................................................................17
3.3.9 Upgrade Firmware .........................................................................................................18
3.4 Port Settings .........................................................................................................................19
3.4.1 Port control .....................................................................................................................19
3.4.2 Port status ......................................................................................................................20
3.4.3 Port Alias ........................................................................................................................21
3.4.4 Rate Limit .......................................................................................................................21
3.4.5 Port Trunking .................................................................................................................22
3.4.5.1 Port Trunking Setting .............................................................................................22
3.4.5.2 Port Trunking Status ..............................................................................................23
3.4.6 Loop Guard ....................................................................................................................24
3.5 Redundancy ..........................................................................................................................24
3.5.1 Introduction to Communication Redundancy .................................................................24
3.5.2 The O-Ring Concept ......................................................................................................25
3.5.2.1 Topology Setup for “O-Ring” ..................................................................................25
3.5.2.2 Ring Coupling Configuration ..................................................................................25
3.5.2.3 Dual Homing Configuration ....................................................................................26
3.5.3 Configuring “O-Ring” ......................................................................................................27
3.5.4 The O-Chain Concept ....................................................................................................29
3.5.5 Configuring O-Chain ......................................................................................................29
3.5.6 STP / RSTP....................................................................................................................30
1
3.5.6.1 The STP / RSTP Concept ......................................................................................30

3.5.6.2 How STP Works .....................................................................................................32
3.5.6.3 Configuring RSTP ..................................................................................................35
3.5.6.4 Information RSTP ..................................................................................................36
3.5.6.5 RSTP-Repeater .....................................................................................................37
3.5.7 MSTP .............................................................................................................................37
3.5.7.1 The MSTP concept ................................................................................................37
3.5.7.2 Configuring MSTP .................................................................................................38
3.5.8 Fast Recovery ................................................................................................................43
3.6 Multicast ................................................................................................................................43
3.6.1 The Concept of Multicast Filtering .................................................................................43
3.6.2 Configuring IGMP Snooping ..........................................................................................46
3.6.3 Configuring Static Multicast Filtering .............................................................................47
3.6.4 Configuring MVR ............................................................................................................48
3.7 Virtual LAN ............................................................................................................................49
3.7.1 The Virtual LAN (VLAN) Concept ..................................................................................49
3.7.2 Configuring Virtual LAN .................................................................................................51
3.7.2.1 VLAN Settings........................................................................................................51
3.7.2.2 Port-Based VLAN Settings ....................................................................................55
3.7.2.3 VLAN Table............................................................................................................55
3.8 Traffic Prioritization .............................................................................................................55
3.8.1 The Traffic Prioritization Concept ..................................................................................56
3.8.2 Configuring Traffic Prioritization .....................................................................................58
3.8.2.1 Policy .....................................................................................................................58
3.8.2.2 Port Priority ............................................................................................................59
3.8.2.3 CoS Priority ............................................................................................................59
3.8.2.4 ToS Priority ............................................................................................................60
3.9 DHCP Server/Relay ..............................................................................................................61
3.9.1 Configuring DHCP Server ..............................................................................................62
3.9.2 DHCP Relay Agent (Option 82) .....................................................................................63
3.9.3 Client List .......................................................................................................................65
3.9.4 Port and IP binding ........................................................................................................65
3.10 SNMP ...................................................................................................................................66
3.10.1 SNMP Read/Write Settings..........................................................................................67
3.10.2 Trap Settings ................................................................................................................71
3.11 Security ...............................................................................................................................72
3.11.1 User Login Authentication ............................................................................................72
3.11.1.1 Management Security ..........................................................................................72
3.11.1.2 TACACS+ ............................................................................................................74
3.11.2 Using Port Access Control ...........................................................................................75
3.11.2.1 Static MAC Forwarding ........................................................................................76
3.11.2.2 MAC Blacklist .......................................................................................................77
3.11.2.3 IP Guard ...............................................................................................................77
3.11.2.4 802.1x ..................................................................................................................80
2
3.12 Warnings .............................................................................................................................82

3.12.1 Configuring Relay Warnings ........................................................................................82
3.12.2 Configuring Email Warning ..........................................................................................83
3.12.2.1 Event Selection ....................................................................................................83
3.12.2.2 Email Settings ......................................................................................................84
3.12.3 SYSLOG Setting ..........................................................................................................85
3.13 Monitoring/Diagnosis ........................................................................................................86
3.13.1 System Event Log ........................................................................................................86
3.13.2 MAC Address Table .....................................................................................................87
3.13.3 Port Overview ..............................................................................................................88
3.13.4 Port Counters ...............................................................................................................89
3.13.5 Port Monitoring (Mirror port).........................................................................................91
3.13.6 Traffic Monitor ..............................................................................................................92
3.13.7 SFP Monitor .................................................................................................................93
3.13.8 Ping ..............................................................................................................................94
3.14 Save Configuration ............................................................................................................94
3.15 Factory Default ...................................................................................................................95
3.16 System Reboot ...................................................................................................................95
3.17 Logout .................................................................................................................................95
4. Command Line Interface (CLI) Management ................................................ 96
4.1 CLI Management by Console port ......................................................................................96

4.2 CLI Management by Telnet..................................................................................................96
4.3 CLI Modes .............................................................................................................................97
4.4 Quick keys ............................................................................................................................97
4.5 System commands ..............................................................................................................98
4.6 Port commands ..................................................................................................................101
4.7 Port trunking commands...................................................................................................103
4.8 VLAN commands ...............................................................................................................104
4.9 Spanning Tree commands ................................................................................................105
4.10 O-Ring Redundancy commands ....................................................................................107
4.11 QoS commands ................................................................................................................108
4.12 IGMP commands ..............................................................................................................108
4.13 Static filtering commands ...............................................................................................109
4.14 SNMP commands .............................................................................................................110
4.15 Port Mirroring commands ...............................................................................................111
4.16 802.1x commands ............................................................................................................111
4.17 TFTP commands ..............................................................................................................112
4.18 Syslog / SMTP / Event commands .................................................................................113
3
4.19 SNTP commands ..............................................................................................................114
A. Downloads (Software and Documentation) ................................................ 115
4
1. About this Manual

Thank you for purchasing a Weidmüller managed Industrial Ethernet switch. Read this user’s manual
to learn how to connect your Weidmüller switch to Ethernet-enabled devices used for industrial
applications.
The following chapters are covered in this user manual:
 Getting Started
This chapter summarizes the main hardware and software features of the Fast/Gigabit
Advanced Line Switches. The information related with the Installation of each Switch (Front /
Rear side elements description and Connections) is described in the Hardware Installation
Guide delivered with every device and available in our online catalogue.
 Web Management
There are three ways to access the Weidmüller switch’s configuration settings: serial console,
Telnet console, or web console. The Web console is the most user-friendly way for configuring
and monitoring and is fully described in this chapter.
 Command Line Interface (CLI) Management
This chapter describes how to configure the Weidmüller switch using the Command Line
Interface (CLI) available through the console port or via Telnet.
2. Getting Started
The Fast/Gigabit Advanced Line Switches are specially designed to operate in harsh industrial
environments thanks to rugged design. The product comes with an IP30 rugged case, redundant
power supply, alarm relay and wide operating temperature range from -40 to 75ºC.
2.1 Hardware features

• Variety of port count and media type
o IE-SW-AL08M-8TX: 8 x 10/100Base-T(X) ports
o IE-SW-AL08M-6TX-2GT
▪ 6 x 10/100Base-T(X) ports
▪ 2 x 10/100/1000Base-T(X) ports
o IE-SW-AL10M-8TX-2GC
▪ 2 x combo-ports 10/100/1000Base-T(X) or 100/1000BaseSFP
o IE-SW-AL18M-16TX-2GC
▪ 2 x combo-ports 10/100/1000Base-T(X) or 100/1000BaseSFP
• RS232 interface with RJ45 connector for console access
• Redundant power input: 12 to 48 Vdc
• Alarm relay contact
• Operating temperature from -40 to 75ºC
5
2.2 Software features

• Management
o Web-interface (HTTP / HTTPS)
o SNMP v1/v2c/v3
o Telnet console
o Command Line Interface (CLI)
o Upload of a configuration file via web-interface or TFTP-Server
• Network redundancy
o Spanning Tree Protocol (STP)
o Rapid Spanning Tree Protocol (RSTP)
o Multiple Spanning Tree Protocol (MSTP)
o O-Ring (optimized protocol for ring topologies; recovery time < 10ms)
o O-Chain (allows multiple redundant network topologies; recovery time < 10ms)
o Link Aggregation Control Protocol (LACP)
o Fast Recovery
• IP-address management
o Static
o DHCP-Client
o DHCP-Server (port based, pool based)
o DHCP Option 82
o DHCP-Relay
• Time synchronization management
o NTP server
o SNTP client
• Monitoring functions
o SNMP v1/v2c/v3
o Link Layer Discovery Protocol (LLDP)
o Port mirroring
o Port statistics
o Port monitoring
o Syslog
o Event based warning (via e.mail / via output relay / via SNMP trap)
• Network traffic filter
o Quality of Service (QoS)
o Class of Service (CoS) according to IEEE 802.1p
o Type of Service (ToS) / Differentiated Services Code Point (DSCP)
o Port / Tag based VLAN
o IGMP v2/v3
o Multicast VLAN Registration (MVR)
o Traffic Rate Limiting
• Security functions
o VLAN segmentation
o Enable / Disable ports
o TACACS+ User Authentication
o Access Control (port based via IEEE 802.1X)
o Access Control List (IP based / MAC based)
o Loop protection
o Management access security via secure IP list
o Configuration of allowed access methods (web-interface, telnet, SSH)
6
3. Web Management
In this chapter, we explain how to access the Weidmüller Switch’s through the Web console as well
as all the configuration, monitoring, and administration functions available when using this interface.
3.1 Accessing the Web interface via HTTP

The Ethernet Switch’s web browser interface provides a convenient way to modify the switch's
configuration and access the built-in monitoring and network administration functions. The
recommended web browser is Microsoft Internet Explorer 8.0 or higher with JVM (Java Virtual
Machine) installed.
NOTE: To use the Switch's management and monitoring functions from a PC host
connected to the same LAN as the switch, you must make sure that the PC host and the
Switch are on the same logical subnet.
NOTE: If the Weidmüller switch is configured for other VLAN settings, you must make
sure your PC host is on the management VLAN.
NOTE: Before accessing the Switch’s web browser interface, first connect one of its
RJ45 Ethernet ports to your Ethernet LAN, or directly to your PC's Ethernet card (NIC).
You can establish a connection with either a straight-through or cross-over Ethernet
cable.
NOTE: The Weidmüller switch’s default IP address is 192.168.1.110.

The default username / password are admin / Detmold
After making sure that the Weidmüller switch is connected to the same LAN and logical subnet as
your PC, open the switch’s web console as follows:
Open your web browser and type the Switch’s IP address in the Address or URL field. Press Enter
to establish the connection.
The web login page will open. Enter the default user name “admin” and password “Detmold”, and
then click OK to continue.
7
After logging in, the main general information of the switch is shown including, among others, System
Name, Firmware version, MAC address and Serial number. It is also displayed the front side of the
switch (showing the active ports) in the right navigation panel.
In this home page is also available the button Enable location alert. When pressing it, the front
LEDs starts to flash and an acoustic signal is heard (periodic change of the output relay). When
clicking Disable location alert, the LEDs will stop flashing and the output relay will remain in its
original position.
Use the menu tree in the left navigation panel to open the function pages to access each of Ethernet
Switch's functions.
NOTE: The pages of the Web interface include a Help button that describes the
parameters and functions that can be programmed or monitored in each web page.
NOTE: After changing any parameter / function in a web page the button Apply
activates the change but does not save it. The changes have to be saved using the
Save Configuration option of the menu.
3.2 Accessing the Web interface via HTTPS

To secure your HTTP access, the Weidmüller switch supports HTTPS to encrypt all HTTP traffic.
Perform the following steps to access the Weidmüller switch web browser interface via HTTPS/SSL.
Open Internet Explorer and enter https://<Switch´s IP address> in the address field. Press Enter to
establish the connection.
8
Warning messages will pop out to warn the user that the security certificate was issued by a
company they have not chosen to trust.
Select “Continue to this website” to enter the Weidmüller switch´s web browser interface and
access the web browser interface secured via HTTPS.
3.3 Basic Settings

The Basic Settings section includes the most common settings required by administrators to
maintain and control a Weidmüller switch.
3.3.1 System Setting

The system identification items are displayed at the top of the web page. You can configure the
System Identification items to make it easier to identify different switches that are connected to your
network.
System Name
Factory
Setting Description
Default
Max. 64
This option is useful for recording a name of the unit. Name of type
characters
System Description
Setting Description Factory
Default
Max. 64 This option is useful for recording a more detailed Description of

characters description of the unit. type
9
System Location
Default
Max. 64 This option is useful for differentiating between the None

characters locations of different units. Example: Production Line 1.
System contact
Default
Max. 64 This option is useful for providing information about who None
characters is responsible for maintaining this unit and how to
contact this person.
3.3.2 Admin Password

The default values of the user name and password used to access to the management options of the
Weidmüller switch can be changed.
NOTE: The Switch's default user name / password are “admin” / ”Detmold”. If
these are changed, then you will be required to type the new user name and password
when logging into the serial console, Telnet console, or Web console.
User Name
Factory
Setting Description
Default
Max. 31
Enter the new user name. admin
characters
Confirm Old Password

Default
Max. 24 Enter the old password. Detmold

characters
10
New Password
Default
Max. 24 Enter the new password. None

characters
Confirm Password
Default
Max. 24 Enter the new password again. None

characters
3.3.3 IP Setting
The IPv4 settings allow the user to set manually the IP parameters or by means of a DHCP server.
See a brief explanation of each configuration item below.

IP assignment
Factory
Setting Description
Default
The Weidmüller switch’s IP address must be set

Static
manually.
Static
The Weidmüller switch’s IP address will be assigned
DHCP
automatically by the network’s DHCP server.
IP Address
Factory
Setting Description
Default
IP address for the

Assigns the Weidmüller Switch´s IP address on a
Weidmüller 192.168.1.110
TCP/IP network.
Switch
11
Subnet Mask
Factory
Setting Description
Default
Subnet mask for Identifies the type of network to which the Switch is
the Weidmüller connected (e.g., 255.255.0.0 for a Class B network, or 255.255.255.0
Switch 255.255.255.0 for a Class C network).
Gateway
Default
IP address for the The IP address of the router that connects the LAN to None
gateway an outside network.
DNS1 and DNS2

Factory
Setting Description
Default
1st DNS Server’s The IP address of the DNS Server used by your
None
IP address network.
The IP address of the secondary DNS Server used by

2nd DNS Server’s
your network. The Switch will use the 2nd DNS Server None
IP address
if the 1st DNS Server fails to connect.
3.3.4 IPv6 Setting

IPv6 setting includes two distinct address types—Link-Local Unicast address and “Global” address.
A Link-Local address makes the switch accessible over IPv6 for all devices attached to the same
local subnet. To connect to a larger network with multiple segments, the switch must be configured
with a “Global” address.
Auto Configuration
Factory
Setting Description
Default
The Weidmüller switch’s IP address must be set

Disabled
manually.
Disabled
The Weidmüller switch’s IP address will be assigned
Enabled
automatically by the network’s DHCPv6 server.
12
Address
Factory
Setting Description
Default
IP address for the

Assigns the Weidmüller Switch´s IPv6 “Global”
Weidmüller None
address.
Switch
Link Local Address

Factory
Setting Description
Default
The network portion of the Link-Local address is FE80

FE80 :: (EUI-64
and the host portion of the Link-Local address is
None form of the
automatically generated using the modified EUI-64
MAC address)
form of the interface identifier (Switch’s MAC address)
3.3.5 Time Setting

The Time Setting configuration page lets users set the time, date, and other settings. An explanation
of each setting is given below the figure.
NOTE: The Weidmüller switch does not have a real time clock. The user must update
the Current Time and Current Date to set the initial time for the Weidmüller switch after
each reboot, especially when the network does not have an Internet connection for an
NTP server or there is no NTP server on the LAN.
13
System clock
Factory
Setting Description
Default
Possibility to set the time of the switch directly from the

System
management laptop using the button Set Clock from None
Date/Time
PC.
Set System Date Time manually

Factory
Setting Description
Default
Allows configuration of the local date in yyyy-mm-dd None

System Date
format.
Allows configuration of the local time in 24-hour

System Time None
format.
SNTP/NTP mode
Default
Disabled No NTP/SNTP used in the switch.
Server (NTP) The Weidmüller switch can synchronize other

switches of the network with its programmed time
Disabled
clock.
Client (SNTP) The Weidmüller Switch will synchronize its clock with
one of the Server IP Addresses fields.
UTC Timezone
Default
User selectable Specifies the time zone, which is used to determine GMT
time zone the local time offset from GMT (Greenwich Mean (Greenwich
Time). Mean Time)
Server IP Addresses
Default
Time Server IP (1 IP address of the SNTP servers. If the 1st SNTP None
to 5) Server fails to connect, the Weidmüller Switch will try
to locate the 2nd, 3rd, 4th and 5th Servers indicated.
Daylight Saving Time

Default
Enabled / Automatically set the Weidmüller switch’s time forward Disabled

Disabled according to national standards.
14
Daylight Saving Period

Default
User-specified Specifies the beginning and end date of the Daylight None
date. Saving Time.
Daylight Saving Offset

Default
User-specified Specifies the number of hours that the time should be None
hour. set forward during Daylight Saving Time.
3.3.6 LLDP Function

3.3.6.1 Overview
Defined by IEEE 802.11AB, LLDP is an OSI Layer 2 Protocol that standardizes the methodology of
self-identity advertisement. It allows each networking device, e.g. a Weidmüller managed switch, to
periodically inform its neighbors about its self-information and configurations. As a result, all of the
devices would have knowledge about each other; and through SNMP, this knowledge can be
transferred to a Network Management Software for auto-topology and network visualization.
From the switch's web interface, users have the option of either enabling or disabling the LLDP, as
well as setting the LLDP transmit interval (as shown in the figure below). In addition, users are able to
view each switch's neighbor-list, which is reported by its network neighbors. Most importantly,
enabling the LLDP function allows a Network Management Software to automatically display the
network's topology as well as system setup details such as VLAN, and Trunking for the entire
network.
15
3.3.6.2 Configuring LLDP Settings
General Settings
Mode

Default
Enable or Disable Enables or disables the LLDP function. Enable
Tx Interval

Default
Numbers from 1 To set the transmit interval of LLDP messages. Unit is 30 (sec)
to 9999 sec. in seconds.
Neighbor Info Table

The LLDP Table displays the following information:
Port The port number that connects to the neighbor device.
System Name Hostname of the neighbor device.
MAC Address The MAC address that identifies a neighbor device.
IP Address The IP address of a neighbor device. By clicking on this IP address we

can reach the web interface of that neighbor.
3.3.7 Modbus TCP

Introduction
MODBUS TCP is a protocol commonly used for the integration of a SCADA system. It is also a
vendor-neutral communication protocol used to monitor and control industrial automation equipment
such as PLCs, sensors, and meters. In order to be fully integrated into industrial systems,
Weidmüller’s switches support Modbus TCP/IP protocol for real-time monitoring in a SCADA system.
16
Configuring MODBUS/TCP on Weidmüller Switches
Modbus TCP is disabled by default. To enable Modbus TCP, select Enable in Mode and then click
Apply.
3.3.8 Backup & Restore

Following saving and restoring functions are available in this web page.
• Download a new configuration from remote TFTP server

• Loading a new configuration by importing a file already saved in connected PC
• Upload the current configuration to remote TFTP server
• Save the current configuration in connected PC
TFTP Server IP Address

Factory
Setting Description
Default
Specifies the IP address or name of the remote

IP Address of
TFTP server. Must be set up before None
TFTP Server
downloading or uploading files.
17
Restore & Backup File Names

Factory
Setting Description
Default
Specifies the file name of the Weidmüller

File name Name of type
switch’s configuration file.
After setting the desired file names, click Restore to download the prepared file from the remote
TFTP server or to load the configuration file already saved in the computer, or click Backup to upload
the desired file to the remote TFTP server or to save it to the local host.
3.3.9 Upgrade Firmware

This page lets users upgrade the firmware of the Weidmüller’s switches, either from remote TFTP
server or from local file.
Upgrade firmware from TFTP server

TFTP Server IP
Factory
Setting Description
Default
Specifies the IP address of the remote TFTP

IP Address of
server. Must be set up before downloading the None
TFTP Server
firmware.
Firmware File Name

Factory
Setting Description
Default
Specifies the path and file name of the

File name None
Weidmüller switch’s firmware file.
After setting the IP address and file names click Upgrade to upgrade the firmware of the switch from
the remote TFTP server.
Upgrade Firmware from Local PC
To import a new firmware file into the Weidmüller switch, click Browse to select the firmware file that
is saved on your computer. The upgrade procedure will proceed automatically after clicking
Upgrade.
18
3.4 Port Settings

Port settings are included to give the user control over the different ports of the switch. Through this
menu the user can also configure IP loop guard and Port trunking.
3.4.1 Port control

Port Access, Port Transmission Speed, Flow Control and Security can be programmed from this
option.
State
Default
Enabled Allows data transmission through the port. Enabled
Disabled Immediately shuts off port access.
NOTE: If a connected device or sub-network is wreaking havoc on the rest of the

network, the Disabled option gives the administrator a quick way to shut off access
through this port immediately.
Speed/Duplex
Default
Allows the port to use the IEEE 802.3u protocol

to negotiate with connected devices. The port
AutoNegotiation
and connected devices will determine the best
speed for that connection.
1000M-Full
Choose one of these fixed speed options if the Auto
1000M-Half
connected Ethernet device has trouble
100M-Full auto-negotiating for line speed.
Note: 1000M (Full and Half) only available in
100M-Half
models with Gigabit ports.
10M-Full
19
10M-Half
Flow Control

Default
Disabled Disables flow control for this port. Disabled
Symetric Enables flow control for this port if flow control is

enabled in both linked up ports.
Asymetric Enables flow control for this port regardless the

flow control in the linked port is enabled or not.
Security
Default
Enabled MAC address learning is disabled in this port. Disabled

Accordingly, only the frames with MAC address
in port security list will be forwarded (others will
be discarded).
Disabled MAC address learning enabled in this port.
Auto Detect 100/1000SFP (only in models including SFP ports)

Default
Enabled Allows the automatic speed negotiation for Enabled

installed SFP transceivers.
Disabled No speed negotiation in SFP transceivers. This

option cannot be selected if the speed of the
port is set in AutoNegotiation status.
3.4.2 Port status

From this option the user can easily display the status of the different ports of the switch (Up/Down,
Enabled/Blocked/Disabled, Speed and Flow control).
20
3.4.3 Port Alias

From this option it can be specified an alias (name) for each port to help administrators differentiate
between different ports.
Port alias
Default
Max. 128 Name of the port. Example: PLC 1 None

characters
3.4.4 Rate Limit

This option allows the user to set for each port the ingress and egress rate limits of different packet
types.
Ingress Limit Frame Type Ingress / Egress rage Factory

Default
All Select the ingress and egress

Broadcast / Multicast / Flooded Unicast rate limits in kbps for different
All. 0 (no
packet types. The lowest range
Broadcast / Multicast limit)
is 100 kbps. Value 0 means not
Broadcast only limit.
21
3.4.5 Port Trunking

Link Aggregation allows one or more links to be aggregated together to form a Link Aggregation
Group. A MAC client can treat Link Aggregation Groups as if they were a single link.
The Weidmüller switch's Port Trunking feature allows devices to communicate by aggregating
several trunk groups (half of total number of ports), with a maximum of 4 ports for each group. If one
of the 4 ports fails, the other 3 ports will provide back up and share the traffic automatically.
Port Trunking can be used to combine up to 4 ports between two Weidmüller switches. If all ports on
both switch units are configured as 100BaseTX and they are operating in full duplex, the potential
bandwidth of the connection will be 800 Mbps.
The Port Trunking Concept
The Port Trunking protocol provides the following benefits:

• Gives you more flexibility in setting up your network connections, since the bandwidth of a
link can be increased.
• Provides redundancy—if one link is broken, the remaining trunked ports share the traffic
within this trunk group.
• Load sharing—MAC Client traffic may be distributed across multiple links.
To avoid broadcast storms or loops in your network while configuring a trunk, first disable or
disconnect all ports that you want to add to the trunk or remove from the trunk. After you finish
configuring the trunk, enable or re-connect the ports.
3.4.5.1 Port Trunking Setting

The Port Trunking Settings page is used to assign ports to a Trunk Group.
Step 1: For each port select the desired Trunk Group (1, 2, 3, 4, …) from the Group ID drop-down
box.
Step 2: Select Static, or LACP from the Type drop-down box.
22
Step 3: Select the maximum number of working ports for each Trunk Group (only applicable if
Trunk Groups are type LACP).
Step 4: Click Apply button.
Group ID
Default
Trk1, Trk2, Specifies the current trunk group None

Trk3, …Trkn
Type
Default
Static Selects proprietary trunking protocol Static
LACP Selects LACP (IEEE 802.3ad, Link Aggregation

Control Protocol).
802.3ad LACP Work Ports

Default
Max Select the number of active ports in Trunk Groups Max

type LACP. If the number is not the maximum
1
number of ports, the other inactive ports will be
2 suspended (no traffic). If the active port is broken,
the suspended port will be active automatically.
3
3.4.5.2 Port Trunking Status

This page shows a table with the status of the different Trunk Groups programmed in the switch.
Trunk Table
Setting Description
Group ID Displays the Trunk Group.
Trunk Member Displays which member ports belong to the trunk group.
Type Displays the Trunk Type
23
3.4.6 Loop Guard

Avoid maintenance/installation crews from mistakenly placing one cable on the same switch
generating a loop problem.
If Loop Guard is Active in one port, a loop in that port will be blocked if the loop happens on the
switch itself.
3.5 Redundancy
3.5.1 Introduction to Communication Redundancy

Setting up Communication Redundancy on your network helps protect critical links against failure,
protects against network loops, and keeps network downtime at a minimum.
Communication Redundancy allows you to set up redundant loops in the network to provide a
backup data transmission route in the event that a cable is inadvertently disconnected or damaged.
This is a particularly important feature for T&D applications, since it could take several minutes to
locate the disconnected or severed cable. For example, if the Weidmüller switch is used as a key
communications component in a production line, several minutes of downtime are totally
unacceptable. The Weidmüller switch supports following different protocols for communication
redundancy:
• O-Ring
• O-Chain
• RSTP (Rapid Spanning Tree), MSTP (Multiple Spanning Tree) and STP (Spanning Tree
Protocols) according to IEEE 802.1W/802.1S/802.1D-2004
• Fast Recovery
When configuring a redundant ring, all switches on the same ring must be configured to use the
same redundancy protocol. You cannot mix the O-Ring and STP/RSTP/MSTP protocols on the same
ring. The following table lists the key differences between the features of each protocol. Use this
information to evaluate the benefits of each, and then determine which features are most suitable for
your network.
O-Ring O-Chain STP RSTP/MSTP

Topology Ring Chain Ring, Mesh Ring, Mesh
Recovery Time < 10 ms < 10 ms Up to 30 sec. Up to 2 sec
24
All of Weidmüller’s managed switches support following proprietary redundancy

protocols:
O-Ring, which has a recovery time of under 10 ms.
O-Chain is a redundancy protocol with unlimited flexibility that allows you to construct any type of
redundant network topology. The recovery time is under 10 ms.
Note: By factory default no redundancy protocol is activated.
3.5.2 The O-Ring Concept

With the proprietary O-Ring protocol you can optimize communication redundancy and achieve a
faster recovery time on the network.
The O-Ring protocol defines one switch as the master of the network, and then automatically block
packets from traveling through any of the network’s redundant loops. In the event that one branch of
the ring gets disconnected from the rest of the network, the protocol automatically re-adjusts the ring
so that the part of the network that was disconnected can re-establish the contact with the rest of the
network.
3.5.2.1 Topology Setup for “O-Ring”
Initial setup of an "O-Ring" ring
1. Select one of the switches of the ring as

master of the network
2. For each switch in the ring, select any two
ports as the redundant ports.
3. Connect redundant ports on neighboring
switches to form the redundant ring.
When configuring O-Ring the user has to configure only one of the switches explicitly as master. If
more than one switch in the ring is configured as the master, then the protocol will automatically
assign master status to one of the switches (the one with the lowest MAC address).
3.5.2.2 Ring Coupling Configuration

In some applications it may not be convenient to connect all devices in the system to form one large
redundant ring, though some devices are located in a remote area. For these systems, “Ring
Coupling” can be used to separate the devices into different smaller redundant rings, but in such a
way that they can still communicate with each other.
25
Ring coupling
Ring Coupling for two "O-Ring" rings

Switch B Switch D
Coupling Port (Primary)
Main Path
Backup Path
Coupling Port (Backup)
Switch A Switch C
Ring Coupling is activated by enabling the function in Switches A / B (Ring 1) and C / D (Ring 2) and
by defining one port of that switches as “Coupling Port”.
NOTE: Only two switches of a ring can enable Ring Coupling. More or less is invalid.
3.5.2.3 Dual Homing Configuration

The “Dual homing” option allows the connection of a ring working with O-Ring protocol and an
Ethernet switch of a different redundant network using RSTP.
Dual-Homing for connection of an O-Ring ring with an RSTP network
Primary Path (RSTP)
O-Ring protocol
Backup Path (RSTP)
Dual homing is activated by enabling the function in two switches of the ring using O-Ring protocol
and by defining one port of that switches as “Homing Port”.
NOTE: Only two switches of a ring can enable Dual Homing. More or less is invalid.
26
3.5.3 Configuring “O-Ring”

Use the O-Ring page of the Redundancy menu.
1. Select Enabled in field Ring Redundancy.

2. If only a redundancy with 1 ring shall be created then do following:
• Activate checkbox ‘Set as Ring Master’ if the switch shall be assigned as ring master
• Select the ‘Redundant ports’ which shall be used
3. If the switch is used to connect 2 O-Rings (Ring Coupling) then additionally do following:
• Activate checkbox ‘Enable Ring Coupling’’

• Select the ‘Coupling port’ which shall be used to connect the two rings
4. If the switch is used to connect 1 O-Ring and a switch of a different redundant network using RSTP
(Dual Homing) then additionally do following:
• Activate checkbox ‘Enable Dual Homing’’

• Select the ‘Homing port’ which shall be used to connect the O-Ring with the RSTP switch
The Ring Status field indicates the operation of the ring. It shows N/A if Ring Redundancy is
Disabled, shows Healthy if the ring is operating normally, and shows Broken if the any of the two
links of the ring is not connected.
Explanation of ‘Setting’ and ‘Status’ items

Set as Ring Master
Setting Description Factory Default
Check Select this Switch as Master.
Not checked
Uncheck Do not select this Switch as Master.
Status Description Factory Default
N/A O-Ring redundancy disabled.
Master Switch programmed as Master. N/A
Slave Switch programmed as Slave.
27
Redundant Ports
1st Ring Port Select any port of the Switch to be one of the redundant Port 01
ports.
2nd Ring Port Select any port of the Switch to be one of the redundant Port 02
ports.
Inactive O-Ring redundancy disabled.
Link down No connection in this port.
Forwarding Normal transmission in this port. Inactive
Blocked The port is connected to a backup path and the path is
blocked.
Hello Time
10 to 10,000ms Time interval between ring packets. 10ms
Max Age Count

0 to 1000 The number of ring packets lost before attempting to 2
recover.
Enable Ring Coupling

Check Enables the Ring Coupling operation in the Switch.
Does not enable the Ring Coupling operation in the Not checked
Uncheck
Switch.
Coupling Port
Coupling Port Select any port of the Switch to be the coupling port. Port 03
Inactive Ring Coupling is disabled.
blocked.
Enable Dual Homing

Check Enables the Dual Homing operation in the Switch.
Does not enable the Dual Homing operation in the Not checked
Uncheck
Switch.
Homing Port
Homing Port Select any port of the Switch to be the homing port. Port 04
Inactive Dual Homing is disabled.
blocked.
28
3.5.4 The O-Chain Concept

O-Chain is an advanced software-technology that gives network administrators the flexibility of
constructing any type of redundant network topology. When using the “O-Chain” concept, you first
connect the Ethernet switches in a chain and then simply link the two ends of the chain to an Ethernet
network, as illustrated in the following figure.
O-Chain can be used on industrial networks that have a complex topology. If the industrial network
uses a multi-ring architecture, O-Chain can be used to create flexible and scalable topologies with a
fast media-recovery time.
How O-Chain generally works
• The Switches are connected as a daisy Chain to any other network
• Chain consists of two end switches (edge) and any number of member switches
• The configured edge ports of the two end switches of the daisy chain are connected to an
existing network
• One of the edge switches blocks its redundancy line (prevent frame looping) and opens only
when the main line on the other edge-switch is broken. The healing time inside the O-Chain is
below 10 ms
Set Up O-Chain
Edge port Switch 1 Edge port Switch N
Switch N
Switch 1
Switch 2 Switch 3 Switch 4
3.5.5 Configuring O-Chain

How to configure O-Chain generally:
1. Enable the Chain Redundancy in all the switches of the daisy chain.
2. Determine the switches that shall be used as edge switches.
3. Configure at all the switches of the daisy Chain the ports that will be part of the chain.
4. In the two edge switches, additionally configure the edge port.
There is no need to change anything in the configuration of the network on which the O-Chain
switches will be attached.
29
Explanation of ‘Setting’ and ‘Status’ items

Chain Redundancy
Enabled Enable the O-Chain operation.
Disabled
Disabled Disable the O-Chain operation.
N/A O-Chain redundancy disabled.
Healthy The Chain is operating normally. N/A
Broken Any of the two links of the Chain is not connected.
Chain Ports
1st Chain Port Select any port of the Switch to be one of the ports of the Port 01
daisy Chain.
2nd Chain Port Select any port of the Switch to be one of the ports of the Port 02
daisy Chain.
Inactive O-Chain redundancy disabled.
blocked.
Edge Port
Check Configure a port of the daisy Chain as edge port.
Does not configure a port of the daisy Chain as edge Not checked
Uncheck
port.
3.5.6 STP / RSTP

3.5.6.1 The STP / RSTP Concept
Spanning Tree Protocol (STP) was designed to help reduce link failures on a network, and provide
an automatic means of avoiding loops. This is particularly important for networks that have a
complicated architecture, since unintended loops in the network can cause broadcast storms.
Weidmüller switches’ STP feature is disabled by default. To be completely effective, you must enable
RSTP/STP on every Weidmüller switch connected to your network.
30
Rapid Spanning Tree Protocol (RSTP) implements the Spanning Tree Algorithm and Protocol
defined by IEEE 802.1D-2004. RSTP provides the following benefits:
• The topology of a bridged network will be determined much more quickly compared to STP.
• RSTP is backward compatible with STP, making it relatively easy to deploy.
For example:
• Defaults to sending 802.1D style BPDUs if packets with this format are received.
• STP (802.1D) and RSTP (802.1w) can operate on different ports of the same switch, which is
particularly helpful when switch ports connect to older equipment such as legacy switches.
You get essentially the same functionality with RSTP and STP. To see how the two systems differ,
see section ‘Differences between STP and RSTP’ later in this chapter.
NOTE: The STP protocol is part of the IEEE Std 802.1D, 2004 Edition bridge specification. The
following explanation uses “bridge” instead of “switch.”
STP (802.1D) is a bridge-based system that is used to implement parallel paths for network traffic.
STP uses a loop-detection process to:
• Locate and then disable less efficient paths (i.e., paths that have a lower bandwidth).
• Enable one of the less efficient paths if a more efficient path fails.
The figure below shows a network made up of three LANs separated by three bridges. Each segment
uses at most two paths to communicate with the other segments. Since this configuration can give
rise to loops, the network will overload if STP is NOT enabled.
L
A
N
Bridge B
1
Bridge A
L
A
N
Bridge C
2
L
A
N
If STP is enabled, it will detect duplicate paths and prevent, or block, one of the paths from forwarding
3
traffic. In the following example, STP determined that traffic from LAN segment 2 to LAN segment 1
should flow through bridges C and A since this path has a greater bandwidth and is therefore more
efficient.
31
L
A
N
1 Bridge B
Bridge A
L
A
N
Bridge C
2
L
A
N
3
What happens if a link failure is detected? As shown in next figure, the STP process reconfigures the
network so that traffic from LAN segment 2 flows through bridge B.
L
A
N
1 Bridge B
Bridge A
L
A
N
Bridge C
2
L
A
N
STP will determine which path between each bridged segment is most efficient, and then assign a
3
specific reference point on the network. When the most efficient path has been identified, the other
paths are blocked. In the previous 3 figures, STP first determined that the path through bridge C was
the most efficient, and as a result, blocked the path through bridge B. After the failure of bridge C,
STP re-evaluated the situation and opened the path through Bridge B.
3.5.6.2 How STP Works

When enabled, STP determines the most appropriate path for traffic through a network. The way it
does this is outlined in the sections below.
STP Requirements
Before STP can configure the network, the system must satisfy the following requirements:
• All bridges must be able to communicate with each other. The communication is carried out
using Bridge Protocol Data Units (BPDUs), which are transmitted in packets with a known
multicast address.
• Each bridge must have a Bridge Identifier that specifies which bridge acts as the central
reference point, or Root Bridge, for the STP system—bridges with a lower Bridge Identifier are
more likely to be designated as the Root Bridge. The Bridge Identifier is calculated using the
MAC address of the bridge and a priority defined for the bridge. For example, the default priority
setting of Weidmüller switches is 32768.
32
• Each port has a cost that specifies the efficiency of each link. The efficiency cost is usually
determined by the bandwidth of the link, with less efficient links assigned a higher cost. The
following table shows the default port costs for a switch:
Port Speed Path Cost 802.1D, Path Cost

1998 Edition 802.1w-2001
10 Mbps 100 2,000,000
100 Mbps 19 200,000
1000 Mbps 4 20,000
STP Calculation
The first step of the STP process is to perform calculations. During this stage, each bridge on the
network transmits BPDUs. The following items will be calculated:
• Which bridge should be the Root Bridge. The Root Bridge is the central reference point from
which the network is configured.
• The Root Path Costs for each bridge. This is the cost of the paths from each bridge to the Root
Bridge.
• The identity of each bridge’s Root Port. The Root Port is the port on the bridge that connects to
the Root Bridge via the most efficient path. In other words, the port connected to the Root Bridge
via the path with the lowest Root Path Cost. The Root Bridge, however, does not have a Root
Port.
• The identity of the Designated Bridge for each LAN segment. The Designated Bridge is the
bridge with the lowest Root Path Cost from that segment. If several bridges have the same Root
Path Cost, the one with the lowest Bridge Identifier becomes the Designated Bridge. Traffic
transmitted in the direction of the Root Bridge will flow through the Designated Bridge. The port
on this bridge that connects to the segment is called the Designated Bridge Port.
STP Configuration
After all of the bridges on the network agree on the identity of the Root Bridge, and all other relevant
parameters have been established, each bridge is configured to forward traffic only between its Root
Port and the Designated Bridge Ports for the respective network segments. All other ports are
blocked, which means that they will not be allowed to receive or forward traffic.
STP Reconfiguration
Once the network topology has stabilized, each bridge listens for Hello BPDUs transmitted from the
Root Bridge at regular intervals. If a bridge does not receive a Hello BPDU after a certain interval (the
Max Age time), the bridge assumes that the Root Bridge, or a link between itself and the Root Bridge,
has ceased to function. This will trigger the bridge to reconfigure the network to account for the
change. If you have configured an SNMP trap destination, when the topology of your network
changes, the first bridge to detect the change will send out an SNMP trap.
Differences between STP and RSTP
RSTP is similar to STP, but includes additional information in the BPDUs that allow each bridge to
confirm that it has taken action to prevent loops from forming when it decides to enable a link to a
neighboring bridge. Adjacent bridges connected via point-to-point links will be able to enable a link
without waiting to ensure that all other bridges in the network have had time to react to the change.
33
The main benefit of RSTP is that the configuration decision is made locally rather than network-wide,
allowing RSTP to carry out automatic configuration and restore a link faster than STP.
STP Example
The LAN shown in the following figure has three segments, with adjacent segments connected using
two possible links. The various STP factors, such as Cost, Root Port, Designated Bridge Port, and
Blocked Port are shown in the figure.
• Bridge A has been selected as the Root Bridge, since it was determined to have the lowest
Bridge Identifier on the network.
• Since Bridge A is the Root Bridge, it is also the Designated Bridge for LAN segment 1. Port 1 on
Bridge A is selected as the Designated Bridge Port for LAN Segment 1.
• Ports 1 of Bridges B, C, X, and Y are all Root Ports since they are nearest to the Root Bridge, and
therefore have the most efficient path.
• Bridges B and X offer the same Root Path Cost for LAN segment 2. However, Bridge B was
selected as the Designated Bridge for that segment since it has a lower Bridge Identifier. Port 2
on Bridge B is selected as the Designated Bridge Port for LAN Segment 2.
• Bridge C is the Designated Bridge for LAN segment 3, because it has the lowest Root Path Cost
for LAN Segment 3:
• The route through bridges C and B costs 200 (C to B=100, B to A=100)
• The route through bridges Y and B costs 300 (Y to B=200, B to A=100)
• The Designated Bridge Port for LAN Segment 3 is port 2 on bridge C.
34
3.5.6.3 Configuring RSTP

The following figure indicates the RSTP parameters that can be configured. A more detailed
explanation of each parameter follows.
Bridge Setting
RSTP mode
Enable/Disable Select to enable the RSTP redundancy in the switch. Disabled
Priority
Increase this device’s bridge priority by selecting a lower
Numerical value number. A device with a higher bridge priority has a
32768
selected by user greater chance of being established as the root of the
Spanning Tree topology.
Max. Age (sec)

If this device is not the root, and it has not received a hello
message from the root in an amount of time equal to
Numerical value “Max. Age,” then this device will reconfigure itself as a
20
input by user root. Once two or more devices on the network are
recognized as a root, the devices will renegotiate to set
up a new Spanning Tree topology.
Hello time (sec)

The root of the Spanning Tree topology periodically
sends out a “hello” message to other devices on the
Numerical value
network to check if the topology is healthy. The “hello 2
input by user
time” is the amount of time the root waits between
sending hello messages.
35
Forwarding Delay Time (sec)

Numerical value The amount of time this device waits before checking to
15
input by user see if it should change to a different state.
Port Setting
Enable RSTP per Port

Select to enable the port as a node on the Spanning Tree
Enable/Disable Disabled
topology.
NOTE: We suggest not enabling the Spanning Tree Protocol once the port is connected to a device
(PLC, RTU, etc.) as opposed to network equipment. The reason is that it will cause unnecessary
negotiation.
Path Cost

Input a higher cost to indicate that this port is less suitable
Numerical value
as a node for the Spanning Tree topology. The value 0 is 0
input by user
for automatic calculation.
Priority

Numerical value Increase this port’s priority as a node on the Spanning
128
selected by user Tree topology by entering a lower number.
Point to Point (P2P)

Auto Automatic detection if the link port is point to point or not.
True The port link is point to point and then is a candidate for
Auto
rapid transition to the forwarding state.
False The port link is not point to point.
Edge Port

True The port is fixed as an edge port and will always be in the
forwarding state True
False The port is set as the normal RSTP port
3.5.6.4 Information RSTP

It indicates the current Spanning Tree status of the switch and all the ports. “Forwarding” for normal
transmission and “Discarding” if the port is blocking.
36
3.5.6.5 RSTP-Repeater
RSTP-repeater is a simple function to pass a BPDU packet directly from one RSTP device to another
as if they were directly connected.
Mode
Enabled Enable the RSTP-repeater operation.
Disabled
Disabled Disable the RSTP-repeater operation.
Uplink Ports
1st Uplink Port Select any port of the Switch according to the topology of Port 01
the network.
2nd Uplink Port Select any port of the Switch according to the topology of Port 02
the network.
RSTP Edge Port

Check The port is directly connected to the RSTP device.
Not checked
Uncheck The port is not directly connected to the RSTP device.
3.5.7 MSTP
3.5.7.1 The MSTP concept
Multiple Spanning Tree Protocol (MSTP) is a standard protocol based on IEEE 802.1S. It defines an
extension to RSTP to further develop the usefulness of virtual LANs (VLANs). The calculations of
STP/RSTP only depend on the physical connections, whilst MSTP configures separate Spanning
Tree instances for different VLAN groups.
The main concepts that are specific of MSTP when comparing with STP/RSTP are:
37
• Multiple Spanning Tree Instances (MSTIs). An MST instance (MSTI) is a particular set of
VLANs that are all using the same spanning tree.
• Regions. An MST region is a set of interconnected switches that all have the same values for all
following MST configuration elements:
o MST configuration name
o Revision level
o Mapping of which VLANs are mapped to which MST instances
Each of the MST instances created are identified by an MSTI number that identifies them only
inside the MST region. Therefore, an MSTI will never span across MST regions.
• Common and Internal Spanning Tree (CIST). The CIST is the default spanning tree of MSTP,
i.e. all VLANs that are not members of particular MSTIs are members of the CIST. Also, the
spanning tree that runs between MST regions is the CIST.
The following figure shows an example of an STP/RSTP network that contains VLANs 1 and 2. The
VLANs are connected using the 802.1Q-tagged link between switch B and Switch C. By default, this
link has a port cost of 100 and is automatically blocked by STP/RSTP because the other
switch-to-switch connections have a port cost of 36 (18+18). This means that both VLANs are now
subdivided—VLAN 1 on switches A and B cannot communicate with VLAN 1 on switch C, and VLAN
2 on switches A and C cannot communicate with VLAN 2 on switch B.
The above situation can be rectified by using MSTP. With MSTP, VLAN 1 and VLAN 2 can be
mapped to different MSTIs. Hence, each instance can have a topology independent of other
spanning tree instances.
3.5.7.2 Configuring MSTP
Bridge Setting
The following figure indicates the general MSTP parameters that can be configured. A more detailed
explanation of each parameter follows.
38
MSTP mode
Enable/Disable Select to enable the MSTP redundancy in the switch. Disabled
Configuration Name
The name identifying the VLAN to MSTI mapping.
Bridges must share the name and revision (see below),
Name selected by
as well as the VLAN-to-MSTI mapping configurations in MSTP_SWITCH
user
order to share spanning trees for MSTIs (intra-region).
The name should not exceed 32 characters.
Revision Level
Numerical value
The revision of the MSTI configuration named above. 32768
selected by user
Priority
32768
Max. Age (sec)

If this device is not the root, and it has not received a hello
message from the root in an amount of time equal to
Numerical value “Max. Age,” then this device will reconfigure itself as a
20
input by user root. Once two or more devices on the network are
recognized as a root, the devices will renegotiate to set
up a new Spanning Tree topology.
39
Hello time (sec)

The root of the Spanning Tree topology periodically
sends out a “hello” message to other devices on the
Numerical value
network to check if the topology is healthy. The “hello 2
input by user
time” is the amount of time the root waits between
sending hello messages.
Forwarding Delay Time (sec)

Numerical value The amount of time this device waits before checking to
15
input by user see if it should change to a different state.
Max Hops

The maximum number of hops in the MST Region. It
Numerical value
defines how many bridges a root bridge can distribute its 20
input by user
BPDU information.
Bridge Port
Configuration of MSTP parameters in each port of the switch for the Common and Internal Spanning
Tree (CIST).
Port No.
Port of the Switch Select the port to be configured. None
Priority

Numerical value Increase this port’s priority as a node on the Spanning
128
selected by user Tree topology by entering a lower number.
Path Cost

Numerical value
as a node for the Spanning Tree topology. The value 0 is 0
input by user
for automatic calculation.
40
Admin Point to Point (P2P)

Auto Automatic detection if the link port is point to point or not.
True The port link is point to point and then is a candidate for
Auto
rapid transition to the forwarding state.
False The port link is not point to point.
Admin Edge

True The port is fixed as an edge port and will always be in the
forwarding state True
False The port is set as the normal RSTP port
Admin Non STP

True The port does not include the mathematic STP
calculation and then it does not participate in MSTP. False
False The port includes the mathematic STP calculation and
participates in MSTP.
Instance Setting
Configuration of Multiple Spanning Tree Instances (MSTIs).
Instance
1 to 15 Select the instance number that you want to configure. 1
State
Enabled/Disabled Select to enable the specific instant number. Enabled
VLANs
The list of VLANs mapped to the MSTI. You can use ‘-‘ for
Numerical value
consecutives VLANs (ex: 1-4) or ‘,’ for non-consecutive 1-4094
selected by the user
VLANs (ex: 5, 8)
41
Priority
32768
Once the Apply button is pressed, in the Instance Information table of the page are displayed all the
MSTIs created and its mapping with the different VLANs.
Instance Port
Configuration of MSTP parameters of the ports for the different programmed MSTIs.
Instance
Select the instance number for which you want to
CIST, 1 to 15 configure the ports. CIST is the default value (always CIST
active) and already programmed at Bridge Port option
Port No.
Port of the Switch Select the port to be configured. None
Priority

Increase this port’s priority as a node on the Spanning
Numerical value
Tree topology of the selected MSTI by entering a lower 128
selected by user
number.
Path Cost

Numerical value
as a node for the Spanning Tree topology of the selected 0
input by user
MSTI. The value 0 is for automatic calculation.
In the page is also displayed a Table showing the port information for each instance.
42
3.5.8 Fast Recovery

Fast Recovery is a function for port redundancy. Multiple ports can be connected to one or more
switches providing redundant links but only one of these ports will be active and the others will be
blocked.
Mode
Enabled/Disabled Select to enable the Fast Recovery function. Disabled
Recovery Priority
Select the priority (number from 1 to total number of
Not included, 1 to ports) of each port. The connected port with the highest
Not included
Total number of ports priority (lowest number) will be the active one and the
others will be blocked.
When the Fast Recovery is Enabled, the page shows an additional text indicating the active port of
the switch. Besides the priority programmed, the switch will also consider the ports status to establish
the active port for the Fast Recovery. If a port is not connected (link down), it will never be the active
port regardless the priority programmed.
3.6 Multicast
Multicast filtering improves the performance of networks that carry multicast traffic. This section
explains multicasts, multicast filtering, and how multicast filtering can be implemented on your
Weidmüller switch.
3.6.1 The Concept of Multicast Filtering
What is an IP Multicast?
A multicast is a packet sent by one host to multiple hosts. Only those hosts that belong to a specific
multicast group will receive the multicast. If the network is set up correctly, a multicast can only be
sent to an end-station or a subset of end-stations on a LAN or VLAN that belong to the multicast
group. Multicast group members can be distributed across multiple subnets, so that multicast
transmissions can occur within a campus LAN or over a WAN. In addition, networks that support IP
multicast send only one copy of the desired information across the network until the delivery path that
43
reaches group members diverges. To make more efficient use of network bandwidth, it is only at
these points that multicast packets are duplicated and forwarded. A multicast packet has a multicast
group address in the destination address field of the packet's IP header.
Benefits of Multicast
The benefits of using IP multicast are:
• It uses the most efficient, sensible method to deliver the same information to many receivers with
only one transmission.
• It reduces the load on the source (for example, a server) since it will not need to produce several
copies of the same data.
• It makes efficient use of network bandwidth and scales well as the number of multicast group
members increases.
• It works with other IP protocols and services, such as Quality of Service (QoS).
Multicast transmission makes more sense and is more efficient than unicast transmission for some
applications. For example, multicasts are often used for video-conferencing, since high volumes of
traffic must be sent to several end-stations at the same time, but where broadcasting the traffic to all
end-stations would cause a substantial reduction in network performance. Furthermore, several
industrial automation protocols, such as EtherNet/IP, Profibus, and Foundation Fieldbus HSE (High
Speed Ethernet), use multicast. These industrial Ethernet protocols use publisher/subscriber
communications models by multicasting packets that could flood a network with heavy traffic. IGMP
Snooping is used to prune multicast traffic so that it travels only to those end destinations that require
the traffic, reducing the amount of traffic on the Ethernet LAN.
Multicast Filtering
Multicast filtering ensures that only end-stations that have joined certain groups receive multicast
traffic. With multicast filtering, network devices only forward multicast traffic to the ports that are
connected to registered end-stations. The following two figures illustrate how a network behaves
without multicast filtering, and with multicast filtering.
Network without multicast filtering
All hosts receive the multicast traffic, even if they don’t need it.
44
Network with multicast filtering

Hosts only receive dedicated traffic from other hosts belonging to the same group.
The Weidmüller switch supports both automatic multicast filtering with IGMP (Internet Group
Management Protocol) Snooping and manual multicast filtering by adding static multicast IP
addresses.
It additionally supports MVR (Multicast VLAN Registration) to enable Multicast traffic across different
VLANs.
IGMP (Internet Group Management Protocol)
Snooping Mode
Snooping Mode allows your switch to forward multicast packets only to the appropriate ports. The
switch "snoops" on exchanges between hosts and an IGMP device, such as a router, to find those
ports that want to join a multicast group, and then configure its filters accordingly.
Querier Mode
Querier mode allows the Weidmüller switch to work as the Querier if it has the lowest IP address on
the subnetwork to which it belongs. Enable query mode to run multicast sessions on a network that
does not contain IGMP routers (or queriers).
IGMP Multicast Filtering
IGMP is used by IP-supporting network devices to register hosts with multicast groups. It can be
used on all LANs and VLANs that contain a multicast capable IP router, and on other network
devices that support multicast filtering.
• The IP router (or querier) periodically sends query packets to all end-stations on the LANs or
VLANs that are connected to it. For networks with more than one IP router, the router with the
lowest IP address is the querier. A switch with IP address lower than the IP address of any other
IGMP querier connected to the LAN or VLAN can become the IGMP querier.
45
• When an IP host receives a query packet, it sends a report packet back that identifies the
multicast group that the end-station would like to join.
• When the report packet arrives at a port on a switch with IGMP Snooping enabled, the switch
knows that the port should forward traffic for the multicast group, and then proceeds to forward the
packet to the router.
• When the router receives the report packet, it registers that the LAN or VLAN requires traffic for
the multicast groups.
• When the router forwards traffic for the multicast group to the LAN or VLAN, the switches only
forward the traffic to ports that received a report packet.
Static Multicast
Some devices may only support multicast packets, but may not support IGMP Snooping. The
Weidmüller switch supports adding multicast groups manually to enable multicast filtering.
MVR (Multicast VLAN Registration)
The MVR feature enables more efficient distribution of multicast traffic across an Ethernet Layer-2
network. In standard Layer 2 networks, a multicast stream received on one VLAN is never distributed
to interfaces outside that VLAN. If hosts in different VLANs request the same multicast stream, a
separate copy of that multicast stream is distributed to each requesting VLAN.
The MVR creates a Multicast VLAN that becomes the only VLAN over which multicast traffic flows
through the Layer 2 network. In an Ethernet switch with MVR enabled we can configure both Source
ports (connected to a sender of multicast data to the Multicast VLAN) and Receiver ports (connected
to subscribers). MVR receiver ports can receive traffic from a port on the Multiple VLAN but cannot
send traffic to it.
MVR operates similarly and in conjunction with IGMP Snooping. Whereas IGMP Snooping operates
within a given VLAN to regulate multicast traffic, MVR can operate with different VLANs.
3.6.2 Configuring IGMP Snooping

IGMP Snooping provides the ability to prune multicast traffic so that it travels only to those end
destinations that require that traffic, thereby reducing the amount of traffic on the Ethernet LAN.
46
IGMP Snooping
Default
Enabled/Disabled Enable the IGMP Snooping (v2 or v3) function Disabled

globally.
IGMP Query Mode

Default
Enabled/Disabled The switch may be the IGMP querier. As only one Disabled
device can be the querier in an IGMP application, the
querier role will be taken by the device with the lowest
IP address.
Router Ports

Default
Port number The user can also select/check the ports that will Unchecked
connect to the multicast routers (static router port).
These ports will receive all multicast packets from the
source. This option is only active when IGMP
Snooping is enabled.
Unregister Stream Flooding

Factory
Default
Enabled/Disabled Unregistered multicast packets (not learned by IGMP Disabled

and not configured statically) are handled according to
this programming. If Disabled, the unregistered
multicast packets will be discarded. If Enabled, the
unregistered multicast packets will be forwarded.
IGMP snooping table

In the page is also shown a table displaying the current IP multicast link indicating the IP address, the
VLAN ID and the Member ports.
3.6.3 Configuring Static Multicast Filtering

If required, the Weidmüller switch also supports adding multicast groups manually. Static multicast
filtering provides a method for users to configure multicast group memberships manually. The
function enables end devices to receive multicast traffic only if they register to join specific multicast
groups. With static multicast filtering, network devices only forward multicast traffic to the ports
connected to registered end devices.
47
Multicast IP Address
Default
IP Address Input a multicast group IP address in the range None

between 224.0.0.0 and 239.255.255.255.
Member Ports

Default
Check/Unchecked Checkmark the appropriate check boxes to select the None

join ports for this multicast group.
In the same page is shown a table with the created Static Multicast Filter List indicating the ports of
each specific multicast group.
3.6.4 Configuring MVR

MVR is a feature to enable a more efficient distribution of multicast traffic across an Ethernet Layer-2
network.
48
MVR Mode
Default
Enabled/Disabled Enable the MVR function. Disabled
MVR VLAN
Default
VLAN number Specify the VLAN ID of the source group 1
Port Type
Default
Inactive MVR not enabled in the port.
Receiver Port acting as Receiver.

Inactive
Source Port acting as Source.
Immediate leave

Default
Check/Uncheck Checkmark this check box to immediately stop Unchecked

forwarding traffic for the multicast group after the host
connected to that port leaves the group.
3.7 Virtual LAN

Setting up Virtual LANs (VLANs) on your Weidmüller switch increases the efficiency of your network
by dividing the LAN into logical segments, as opposed to physical segments. In general, VLANs are
easier to manage.
3.7.1 The Virtual LAN (VLAN) Concept
What is a VLAN?
A VLAN is a group of devices that can be located anywhere on a network, but which communicate as
if they are on the same physical segment. With VLANs, you can segment your network without being
restricted by physical connections—a limitation of traditional network design. With VLANs you can
segment your network according into:
• Departmental groups—You could have one VLAN for the marketing department, another for
the finance department, and another for the product development department.
• Hierarchical groups—You could have one VLAN for directors, another for managers, and
another for general staff.
• Usage groups—You could have one VLAN for email users and another for multimedia users.
49
Switch A
1 2 3 4 5 6 7 8
Backbone connects multiple switches

Switch B
1 2 3 4 5 6 7 8
Department
Department 1 Department 3
2
VLAN 1 VLAN 3
VLAN 2
Benefits of VLANs
The main benefit of VLANs is that they provide a network segmentation system that is far more
flexible than traditional networks. Using VLANs also provides you with three other benefits:
• VLANs ease the relocation of devices on networks: With traditional networks, network
administrators spend most of their time dealing with moves and changes. If users move to a
different subnetwork, the addresses of each host must be updated manually. With a VLAN setup,
if a host on VLAN Marketing, for example, is moved to a port in another part of the network, and
retains its original subnet membership, you only need to specify that the new port is on VLAN
Marketing. You do not need to carry out any re-cabling.
• VLANs provide extra security: Devices within each VLAN can only communicate with other
devices on the same VLAN. If a device on VLAN Marketing needs to communicate with devices
on VLAN Finance, the traffic must pass through a routing device or Layer 3 switch.
• VLANs help control traffic: With traditional networks, congestion can be caused by broadcast
traffic that is directed to all network devices, regardless of whether or not they need it. VLANs
increase the efficiency of your network because each VLAN can be set up to contain only those
devices that need to communicate with each other.
VLANs
Your Weidmüller switch provides support for VLANs using IEEE Std 802.1Q-1998. This standard
allows traffic from multiple VLANs to be carried across one physical link. The IEEE Std 802.1Q-1998
standard allows each port on your Weidmüller switch to be placed in:
• On a single VLAN defined in the Weidmüller switch

• On several VLANs simultaneously using 802.1Q tagging
The standard requires that you define the 802.1Q VLAN ID for each VLAN on your Weidmüller switch
before the switch can use it to forward traffic:
Managing a VLAN
A new or initialized Weidmüller contains a single VLAN—the Default VLAN. This VLAN has the
following definition:
• VLAN Name—Management VLAN ID

• 802.1Q VLAN ID—0 (if tagging is required)
50
Communication between VLANs
If devices connected to a VLAN need to communicate to devices on a different VLAN, a router or

Layer 3 switching device with connections to both VLANs needs to be installed. Communication
between VLANs can only take place if they are all connected to a routing or Layer 3 switching device.
VLANs: Tagged and Untagged Membership
The Weidmüller switch supports 802.1Q VLAN tagging, a system that allows traffic for multiple
VLANs to be carried on a single physical (backbone, trunk) link. When setting up VLANs you need to
understand when to use untagged and tagged membership of VLANs. Simply put, if a port is on a
single VLAN it can be an untagged member, but if the port needs to be a member of multiple VLANs,
tagged membership must be defined.
A typical host (e.g., clients) will be untagged members of one VLAN, defined as "Access Port" in the
Weidmüller switch, while inter-switch connections will be tagged members of all VLANs, defined as
"Trunk Port" in the Weidmüller switch.
The IEEE Std 802.1Q-1998 defines how VLANs operate within an open packet-switched network. An
802.1Q compliant packet carries additional information that allows a switch to determine which VLAN
the port belongs. If a frame is carrying the additional information, it is known as a tagged frame.
To carry multiple VLANs across a single physical (backbone, trunk) link, each packet must be tagged
with a VLAN identifier so that the switches can identify which packets belong to which VLAN. To
communicate between VLANs, a router must be used.
3.7.2 Configuring Virtual LAN

3.7.2.1 VLAN Settings
To configure 802.1Q VLAN and port-based VLANs on the Weidmüller switch, use the VLAN
Settings page to configure the ports.
51
VLAN Operation Mode

Default
802.1Q VLAN Set VLAN mode to 802.1Q VLAN 802.1Q VLAN
Port-based VLAN Set VLAN mode to Port-based VLAN
GVRP Mode
Default
Enable the GVRP function. GVRP allows automatic

VLAN configuration between the switch and nodes. If
Enabled/Disabled the switch is connected to a device with GVRP Disabled
enabled, the switch will automatically add that device
to the existing VLAN.
Management VLAN ID

Default
VLAN ID from 0 to Defines the Management VLAN ID of the CPU Interface of 0

4094 the switch.
If changed, only member ports of the Management
VLAN can access the device for management via
Ethernet (Ping, Web access, SSH, Telnet).
Note: Before you change the management VLAN ID,
you must add the port, to which the administrator is
connected, to the management VLAN. Otherwise the
switch no longer is accessible via the network.
Port VLAN Setting
Link Type
Factory
Setting Description
Default
Access ports are used to connect to end devices which

are not VLAN aware.
An access port does have the following characteristics:
At ingress, accepts frames having no VLAN ID (untagged)
which will be tagged by defined parameter PVID to
become a member of the PVID-related VLAN group.
Note: Already tagged frames having a VLAN ID (which
normally is not intended by design) also will be accepted.
Access Access
In this case a tagged packet only will be forwarded to the
output queue if it matches to any addressed port of a
VLAN group with this ID. Otherwise the frame will be
dropped immediately.
At egress:
• Only frames may leave the port having a VLAN ID

configured in parameter Untagged VIDs.
• The VLAN ID will be removed (untagged) from all
52
frames which leave the port.
Trunk ports are designed to carry traffic of multiple VLANs

simultaneously and are normally used for switch
interconnections.
A Trunk port does have following characteristics:
At ingress, accepts and expects frames having a VLAN ID
(tagged). Dependent on this ID the packet will be queued
if it matches to any addressed port of a VLAN group with
this ID. Otherwise the frame will be dropped.
Trunk Note: Accepts also untagged frames (which normally is
not intended by design) which will be tagged by
parameter PVID to become a member of the
PVID-assigned VLAN group.
At egress:
configured in parameter Tagged VIDs.
• Frames always are transmitted with VLAN ID
(tagged).
Hybrid ports are designed to connect either to switches or

hosts. This link type is a combination of Access and Trunk
port.
A Hybrid port does have following characteristics:
At ingress:
• Accepts frames having no VLAN ID (untagged)

which will be tagged by defined parameter PVID to
become a member of the PVID-related VLAN group.
• Tagged frames having a VLAN ID will be accepted

without any change. A tagged packet only will be
forwarded to the output queue if it matches to any
Hybrid addressed port of a VLAN group with this ID. Otherwise
the frame will be dropped immediately.
At egress:

configured in parameter Untagged VIDs or Tagged
VIDs.
• For all frames, allowed to leave the port by

parameter Untagged VIDs the VLAN ID will be removed
(untagged).
• For all frames, allowed to leave the port by

parameter Tagged VIDs, the VLAN ID not will be
removed (tagged).
53
ATTENTION
For communication redundancy in the VLAN environment, set Redundant Port,
Coupling Port, and Homing Port as "Trunk Port," since these ports act as the
"backbone" to transmit all packets of different VLANs to different Weidmüller
switches.
PVID
Default
VID ranges from 1 Sets the default VLAN ID for untagged devices that 1
to 4094 connect to the port. Incoming frames (Ingress) that do not
have a VLAN ID will be tagged with PVID value. Incoming
devices having a VLAN ID will be left unchanged.
Untagged VIDs
Default
VID ranges from 1 This parameter may be used for link types Access and None
to 4094 Hybrid. It is only related to the port’s output traffic (Egress)
and defines that only frames may leave the port having a
VLAN ID configured in Untagged VIDs.
The VLAN ID of a frame which may leave the port
according to parameter Untagged VIDs always will be
removed (untagged).
Use commas to separate different VLAN IDs.
Tagged VIDs
Default
VID range from 1 This parameter may be used for link types Trunk and None
to 4094 Hybrid. It is only related to the port’s output traffic (Egress)
and defines that only frames may leave the port having a
VLAN ID configured in Tagged VIDs.
The VLAN ID of a frame which may leave the port
according to parameter Tagged VIDs never will be
removed (stay tagged).
Use commas to separate different VLAN IDs.
54
3.7.2.2 Port-Based VLAN Settings

Check each specific port to assign its VLAN ID in the table. The maximum VLAN ID is the same as
your number of switch ports.
Port
Check/Uncheck Set port to specific VLAN Group by All ports belong to

activating checkbox. VLAN1
3.7.2.3 VLAN Table
In 802.1Q VLAN table, you can review the VLAN groups that were created, Untagged Ports and
Tagged Ports. In Port-based VLAN table, you can review the VLAN group and assigned ports.
3.8 Traffic Prioritization

The Weidmüller switch’s traffic prioritization capability provides Quality of Service (QoS) to your
network by making data delivery more reliable. You can prioritize traffic on your network to ensure
that high priority data is transmitted with minimum delay. Traffic can be controlled by a set of rules to
obtain the required Quality of Service for your network. The rules define different types of traffic and
specify how each type should be treated as it passes through the switch. The Weidmüller switch can
inspect both IEEE 802.1p/1Q layer 2 CoS tags, and even layer 3 ToS information to provide
consistent classification of the entire network. The implemented QoS capability improves the
performance and determinism of industrial networks for mission critical applications.
55
3.8.1 The Traffic Prioritization Concept
What is Traffic Prioritization?
Traffic prioritization allows you to prioritize data so that time-sensitive and system-critical data can be
transferred smoothly and with minimal delay over a network. The benefits of using traffic prioritization
are:
• Improve network performance by controlling a wide variety of traffic and managing

congestion.
• Assign priorities to different categories of traffic. For example, set higher priorities for
time-critical or business-critical applications.
• Provide predictable throughput for multimedia applications, such as video conferencing or
voice over IP, and minimize traffic delay and jitter.
• Improve network performance as the amount of traffic grows. This will save cost by reducing
the need to keep adding bandwidth to the network.
How Traffic Prioritization Works
Traffic prioritization uses the four traffic queues that are present in your Weidmüller managed Switch
to ensure that high priority traffic is forwarded on a different queue from lower priority traffic. This is
what provides Quality of Service (QoS) to your network.
Weidmüller managed Switch traffic prioritization depends on two industry-standard methods:
• IEEE 802.1D → A layer 2 marking scheme.
• Differentiated Services (DiffServ) → A layer 3 marking scheme.
IEEE 802.1D Traffic Marking
The IEEE Std 802.1D, 1998 Edition marking scheme, which is an enhancement to IEEE Std 802.1D,
enables Quality of Service on the LAN. Traffic service levels are defined in the IEEE 802.1Q 4-byte
tag, which is used to carry VLAN identification as well as IEEE 802.1p priority information. The 4-byte
tag immediately follows the destination MAC address and Source MAC address.
The IEEE Std 802.1D, 1998 Edition priority marking scheme assigns an IEEE 802.1p priority level
between 0 and 7 to each frame. The priority marking scheme determines the level of service that this
type of traffic should receive. Refer to the table below for an example of how different traffic types can
be mapped to the eight IEEE 802.1p priority levels.
IEEE 802.1p IEEE 802.1D Traffic Type

Priority Level
0 Best Effort (default)
1 Background
2 Standard (spare)
3 Excellent Effort (business critical)
4 Controlled Load (streaming multimedia)
5 Video (interactive media); less than 100 milliseconds of latency and jitter
6 Voice (interactive voice); less than 10 milliseconds of latency and jitter
7 Network Control Reserved traffic
56
Even though the IEEE 802.1D standard is the most widely used prioritization scheme in the LAN
environment, it still has some restrictions:
• It requires an additional 4-byte tag in the frame, which is normally optional for Ethernet
networks. Without this tag, the scheme cannot work.
• The tag is part of the IEEE 802.1Q header, so to implement QoS at layer 2, the entire
network must implement IEEE 802.1Q VLAN tagging.
• It is only supported on a LAN and not across routed WAN links, since the IEEE 802.1Q tags
are removed when the packets pass through a router.
Differentiated Services (DiffServ) Traffic Marking
DiffServ is a Layer 3 marking scheme that uses the DiffServ Code Point (DSCP) field in the IP header
to store the packet priority information. DSCP is an advanced intelligent method of traffic marking
that allows you to choose how your network prioritizes different types of traffic. DSCP uses 64 values
that map to user-defined service levels, allowing you to establish more control over network traffic.
The advantages of DiffServ over IEEE 802.1D are:
• You can configure how you want your switch to treat selected applications and types of traffic by
assigning various grades of network service to them.
• No extra tags are required in the packet.
• DSCP uses the IP header of a packet to preserve priority across the Internet
• DSCP is backward compatible with IPV4 ToS, which allows operation with existing devices that
use a layer 3 ToS enabled prioritization scheme.
Traffic Prioritization
Weidmüller managed Switches classify traffic based on layer 2 of the OSI 7 layer model, and the
switch prioritizes received traffic according to the priority information defined in the received packet.
Incoming traffic is classified based upon the IEEE 802.1D frame and is assigned to the appropriate
priority queue based on the IEEE 802.1p service level value defined in that packet. Service level
markings (values) are defined in the IEEE 802.1Q 4-byte tag, and consequently traffic will only
contain 802.1p priority markings if the network is configured with VLANs and VLAN tagging. The
traffic flow through the switch is as follows:
• A packet received by the switch may or may not have an 802.1p tag associated with it. If it does
not, then it is given a default 802.1p tag (which is usually 0). Alternatively, the packet may be
marked with a new 802.1p value, which will result in all knowledge of the old 802.1p tag being
lost.
• As the 802.1p priority levels are fixed to the traffic queues, the packet will be placed in the
appropriate priority queue, ready for transmission through the appropriate egress port. When the
packet reaches the head of its queue and is about to be transmitted, the device determines
whether or not the egress port is tagged for that VLAN. If it is, then the new 802.1p tag is used in
the extended 802.1D header.
• The Weidmüller Switch will check a packet received at the ingress port for IEEE 802.1D traffic
classification, and then prioritize it based upon the IEEE 802.1p value (service levels) in that tag.
It is this 802.1p value that determines to which traffic queue the packet is mapped to.
Traffic Queues
The hardware of Weidmüller switches has multiple traffic queues that allow packet prioritization to
occur. Higher priority traffic can pass through the Weidmüller switch without being delayed by lower
priority traffic. As each packet arrives in the Weidmüller switch, it passes through any ingress
processing (which includes classification, marking/re-marking), and is then sorted into the
appropriate queue. The switch then forwards packets from each queue.
57
The Weidmüller switches support two different queuing mechanisms:
• Weight Fair: This method services all the traffic queues, giving priority to the higher priority
queues. Under most circumstances, the Weight Fair method gives high priority precedence over
low priority, but in the event that high priority traffic does not reach the link capacity, lower priority
traffic is not blocked.
• Strict: This method services high traffic queues first; low priority queues are delayed until no
more high priority data needs to be sent. The Strict method always gives precedence to high
priority over low priority.
3.8.2 Configuring Traffic Prioritization

Quality of Service (QoS) provides a traffic prioritization capability to ensure that important data is
delivered consistently and predictably. The Weidmüller switch can inspect IEEE 802.1p/1Q layer 2
CoS tags, and even layer 3 ToS information, to provide a consistent classification of the entire
network. The implemented QoS capability improves your industrial network’s performance and
determinism for mission critical applications.
3.8.2.1 Policy
In this page we can enable the QoS in the switch and we can also indicate how is determined the
priority of an ingress frame as well as the QoS policy.
QoS Mode
Factory
Setting Description
Default
Disabled No traffic prioritization of the switch.
The output priority of the switch is handled according to the

Port-based
ingress port.
The output priority of the switch is determined inspecting

COS only
the 801.1p CoS tag in the MAC frame.

TOS only Disabled
the Type of Service bits in the IPv4 frame.

COS first both 802.1p CoS tag and ToS bits in the frame but checking
first the priority marking according to IEEE 802.1p.

TOS first both 802.1p CoS tag and ToS bits in the frame but checking
first the priority bits according to ToS.
58
QoS Policy
Factory
Setting Description
Default
The Weidmüller switch has 4 priority queues. In the weight

fair scheme, an 8, 4, 2, 1 weighting is applied to the four
Weight Fair priorities. This approach prevents the lower priority frames
from being starved of opportunity for transmission with only
a slight delay to the higher priority frames.
In the Strict-priority scheme, all top-priority frames egress a Strict

port until that priority’s queue is empty, and then the next
lower priority queue’s frames egress. This approach can
Strict
cause the lower priorities to be starved of opportunity for
transmitting any frames but ensures that all high priority
frames will egress the switch as soon as possible.
3.8.2.2 Port Priority
NOTE: This page has to be programmed if the selected QoS policy of the switch is Port-based.
Port-based Priority
Default
Port priority The port priority has 4 priority queues. Lowest, Low,
Middle, High priority queue option can be applied to Lowest
each port.
3.8.2.3 CoS Priority
NOTE: This page has to be programmed if the selected QoS policy of the switch is based on CoS
(CoS only, CoS first or ToS first). When CoS enabled, incoming packets without VLAN tag
(without IEEE 802.1p priority mark) will be treated according to this programming.
59
Priority assignment to COS value

Default
Lowest / Low / Maps different CoS values to four different egress 0-1 Lowest
Middle / High queues. 2-3 Low
4-5 Middle
6-7 High
Default COS value assignment to port

Default
0 to 7 For each port we define the priority level from 0 to 7 0

that will be assigned to one of the priority queues of
the switch (according to the mapping programmed).
This default CoS value will only be applied to those
incoming packets without VLAN tag.
3.8.2.4 ToS Priority
NOTE: This page has to be programmed if the selected QoS policy of the switch is based on ToS
(ToS only, ToS first or CoS first).
60
TOS/DSCP Value and Priority Queues

Lowest/Low/ Maps different ToS values to 4 0 to 15: Lowest

Middle/High different egress queues. 16 to 31: Low
32 to 47: Middle
48 to 63: High
3.9 DHCP Server/Relay

To reduce the effort required to set up IP addresses, the Weidmüller switch comes equipped with
DHCP server.
When enabled, the Weidmüller switch can assign specific IP addresses automatically to connected
devices that are equipped with DHCP Client. In effect, the Weidmüller switch acts as a DHCP server
by assigning a connected device with a specific IP address stored in its internal memory. Each time
the connected device is switched on or rebooted, the Weidmüller switch sends the device the desired
IP address.
The DHCP Relay Agent makes it possible for DHCP broadcast messages to be sent over routers.
The DHCP Relay Agent enables DHCP clients to obtain IP addresses from a DHCP server on a
remote subnet, or those that are not located on the local subnet.
61
DHCP Mode
Factory
Setting Description
Default
Disabled No DHCP Server/Relay.
The switch can assign IP addresses automatically to

DHCP Server
devices that are equipped with DHCP client. Disabled
DHCP clients and server can be located in different

DHCP Relay
subnets.
3.9.1 Configuring DHCP Server

STEP 1 → Set up the connected devices
Set up those Ethernet-enabled devices connected to the Weidmüller switch for which you would like
IP addresses to be assigned automatically. The devices must be configured to obtain their IP
address automatically.
You also need to decide which of the Weidmüller switch’s ports your Ethernet-enabled devices will
be connected to.
STEP 2
Configure the Weidmüller switch’s DHCP Server function. You simply need to enter the range of IP
addresses and indicate the ports that will be acting as DHCP servers.
Start IP Address / End IP address

Factory
Setting Description
Default
IP range of the Assigns the start and end IP addresses of the pool that
192.168.1.120 /
DHCP address will be used to set the IP address of more than one
192.168.1.200
pool DHCP clients.
62
Subnet Mask
Factory
Setting Description
Default
IP address of the
Subnet mask dynamically assigned to DHCP clients. 255.255.255.0
subnet mask
Gateway
Default
IP address for the Gateway IP address dynamically assigned to DHCP 0.0.0.0

gateway clients.
DNS
Factory
Setting Description
Default
DNS Server’s IP The IP address of the DNS Server dynamically

0.0.0.0
address assigned to DHCP clients.
Lease time

Default
Lease time of the Amount of time a network client will be allowed to use 168 hours
pool (hours) a dynamic IP address in the network.
3.9.2 DHCP Relay Agent (Option 82)

The DHCP Relay Agent makes it possible for DHCP broadcast messages to be sent over routers.
The DHCP Relay Agent enables DHCP clients to obtain IP addresses from a DHCP server on a
remote subnet, or those that are not located on the local subnet.
DHCP Option 82 is used by the relay agent to insert additional information into the client's DHCP
request. The Relay Agent Information option is inserted by the DHCP relay agent when forwarding
client-originated DHCP packets to a DHCP server. Servers can recognize the Relay Agent
Information option and use the information to implement IP addresses to Clients.
When Option 82 is enabled on the switch, a subscriber device is identified by the switch port through
which it connects to the network (in addition to its MAC address). Multiple hosts on the subscriber
LAN can be connected to the same port on the access switch and are uniquely identified.
The Option 82 information contains 2 sub-options: Circuit ID and Remote ID, which define the
relationship between end device IP and the DHCP Option 82 server. The Circuit ID is a 4-byte
number generated by the Ethernet switch whilst the Remote ID is to identify the relay agent itself and
it can be one of the following:
• The IP address of the relay agent.

• The MAC address of the relay agent.
• A combination of IP address and MAC address of the relay agent.
• A user-defined string.
63
Configuring DHCP Relay Agent
DHCP Server IP Address
1st Server
IP address / VID Assigns the IP address and VID of the 1st DHCP 0.0.0.0 / 1
for the 1st server that the switch tries to access.
DHCP server
2nd Server
IP address / VID Assigns the IP address and VID of the 2nd DHCP 0.0.0.0 / 1
for the 2nd DHCP server that the switch tries to access.
server
3rd Server
IP address / VID Assigns the IP address and VID of the 3rd DHCP 0.0.0.0 / 1
for the 3rd DHCP server that the switch tries to access.
server
4th Server
IP address / VID Assigns the IP address and VID of the 4th DHCP 0.0.0.0 / 1
for the 4th DHCP server that the switch tries to access.
server
64
DHCP Option 82 Remote ID
Type
Default
IP Uses the switch’s IP address as the remote ID sub. IP
MAC Uses the switch’s MAC address as the remote ID sub.
Client-ID Uses a combination of the switch’s MAC address and

IP address as the remote ID sub.
Other Uses the user-designated ID sub.
Value
Default
Max. 12 Displays the value that was set. Complete this field if Switch IP
characters type is set to Other. address
Display
read-only The actual hexadecimal value configured in the Depends on

DHCP server for the Remote-ID. This value is switch IP
automatically generated according to the Value field. address
Users cannot modify it.
DHCP Option 82 Circuit ID Table
Option 82
Default
Enable or Disable Enable or disable the DHCP Option 82 function for this Disable
port.
3.9.3 Client List

If the DHCP Server is enabled in the switch, the DHCP clients will be displayed in this page.
3.9.4 Port and IP binding

If is required to assign a fixed IP address to a client, this page allows to statically bind each port of the
switch to an IP address in a DHCP address pool.
65
NOTE: Port and IP binding will only be active if DHCP Server mode is enabled in the switch.
3.10 SNMP
Weidmüller managed Switches supports SNMP V1, V2c, and V3. SNMP V1 and SNMP V2c use a
community string match for authentication, which means that SNMP servers access all objects with
read-only or read/write permissions using the community strings public and private by default. SNMP
V3 requires that you select an authentication level of MD5 or SHA, and is the most secure protocol.
You can also enable data encryption to enhance data security.
Supported SNMP security modes and levels are shown in the following table. Select the security
mode and level that will be used to communicate between the SNMP agent and manager.
Protocol
UI Setting Authentication Encryption Method
version
V1, V2c Read Uses a community string
Community string No
SNMP V1, Community match for authentication.
V2c V1, V2c Write/Read Uses a community string
Community string No
Community match for authentication.
Uses an account with admin or
No-Auth No No
user to access objects
Provides authentication based
on HMAC-MD5, or
Authentication based HMAC-SHA algorithms.
MD5 or SHA No
on MD5 or SHA 8-character passwords are the
minimum requirement for
authentication.
SNMP V3 Provides authentication based
on HMAC-MD5 or HMAC-SHA
algorithms, and data
Data encryption key (DES or
Authentication based
MD5 or SHA encryption AES128). 8-character
on MD5 or SHA
key passwords and a data
encryption key are the
minimum requirements for
authentication and encryption.
These parameters are configured on the SNMP page. A more detailed explanation of each
parameter is given below the figure.
66
3.10.1 SNMP Read/Write Settings

SNMP Agent Versions
Factory
Setting Description
Default
Specifies the SNMP protocol version used to manage

V1/V2c, or V3 V1/V2c
the switch.
SNMP V1, V2c Community
Factory
Setting Description
Default
Specifies the community string to authenticate the

Max. 32 SNMP agent for read-only or read/write access. The Public
characters SNMP agent will access all objects using this Private
community string.
Factory
Setting Description
Default
Read Only
Read Only / Read (Public)
Specifies the privilege of each community string.
and Write Read and
Write (Private)
Up to four different sets of Community string / Privilege are supported in the switch.
SNMP V3 allows the user to create several groups of users and accesses with different levels of
security. Object IDs are associated with various levels of permissions and a single view can be
assigned to multiple objects. As a summary, in SNMP V3:
• Several users can be created with different security levels.
• Groups of users with the same privilege accesses can be created.
• More than one access to the same Group can be created.
• An access can have more than one MIB view for its read access, write access or notify access.
• A single MIB view can have multiple OIDs associated.
The figure below shows the configuring page when SNMP v3 is selected.
67
Context Name
Factory
Setting Description
Default
Max. 32 Specifies the name string to authenticate the SNMP

None
characters V3 agent.
User profile – User ID

Factory
Setting Description
Default
Max. 32
A string identifying a user name. None
characters
User profile – Authentication

Factory
Setting Description
Default
Max. 32 A string identifying the authentication pass phrase of

None
characters the created user.
Allows the user to access objects without

No-Auth
authentication.
MD5 Authentication will be based on the MD5 algorithms. No-Auth
Authentication will be based on the SHA1

SHA1
algorithms.
68
User profile – Privacy

Factory
Setting Description
Default
Max. 32 A string identifying the privacy pass phrase of the

None
characters created user.
No-Priv Allows the user to access objects without encryption.
DES Encryption will be based on DES protocol. No-Priv
AES128 Encryption will be based on AES128 protocol.
The buttons Add / Remove have to be used to create / delete Users.
Group Table – Security Name

Factory
Setting Description
Default
Max. 32 A string identifying the user name belonging to the

None
characters created Group.
Group Table – Group Name

Factory
Setting Description
Default
Max. 32
A string identifying the name of the Group. None
characters
The buttons Add / Remove have to be used to create / delete Groups.

Access Table – Group Name
Factory
Setting Description
Default
Max. 32 A string identifying the Group name belonging to the

None
characters created Access Table.
Access Table – Security Level

Factory
Setting Description
Default
No authentication and no encryption required.

NoAuthNoPriv Security configuration of group of users belonging to
this access must be None.
Authentication is required but no encryption.

AuthNoPriv Security configuration of group of users belonging to NoAuthNoPriv
this access must be in accordance.
Authentication and encryption required. Security

AuthPriv configuration of group of users belonging to this
access must be in accordance.
69
Access Table – Context Prefix

Factory
Setting Description
Default
The context name as defined in the context table.

Max. 32
The context name can be treated differently None
characters
depending on the setting of the Content Match Rule.
Access Table – Context Match Rule

Factory
Setting Description
Default
The context name is treated as a full-context name

Exact
string and must match exactly
Exact
Only a match between the prefix and the starting
Prefix
portion of context name is required
Access Table – Read View Name

Factory
Setting Description
Default
Max. 32 The name of the MIB View defining the MIB objects
None
characters for which this request may get the current values.
Access Table – Write View Name

Factory
Setting Description
Default
None
characters for which this request may set new values.
Access Table – Notify View Name

Factory
Setting Description
Default
None
characters which may be included in notification requests.
The buttons Add / Remove have to be used to create / delete Access Tables.
70
MIBView Table – View Name
Factory
Setting Description
Default
Max. 32 A string identifying the View name that will be used in

None
characters the Access Table.
MIBView Table – SubOid-Tree
Factory
Setting Description
Default
The object identifier (OID) value for the created view

Number (OID) None
table.
Included / We can indicate if the subtree indicated by the OID

Included
Excluded should be included or excluded in the created view.
The buttons Add / Remove have to be used to create / delete MIB Views.
NOTE: At the end of this programming page is shown the Private MIB Information of the switch as
well as the Engine ID (if SNMP V3 is used).
3.10.2 Trap Settings

SNMP traps allow an SNMP agent to notify a Network Management System (NMS) of a significant
event.
71
Server IP
Default
IP address Specifies the IP address of the trap server used by None

your network.
Community or V3 Security Name

Default
Character string Specifies the community string to use for None

authentication (maximum of 32 characters).
Trap Version
Default
V1 / V2C / V3 Specifies the SNMP trap supported version. V1
After indicating the IP address of the trap server, the community name for authentication and the
SNMP trap version, we press the Add button.
All the configured trap servers are shown in the table Trap Server Profile of the web page.
3.11 Security
Security can be categorized in two levels: the user name/password level, and the port access level.
For user name/password level security, Weidmüller switches provide the possibility to enable/disable
any possible access to the management of the device and also provide the login option through
Terminal Access Controller Access-Control System Plus (TACACS+). The TACACS+ mechanism is
a centralized “AAA” (Authentication, Authorization and Accounting) system for connecting to network
services.
Regarding the port access level, the switches provide two kinds of Port-Based Access Control:
• Static Port Lock, either using MAC or IP addresses
• IEEE 802.1X
A more detailed description about all the security options is provided in the following sections.
3.11.1 User Login Authentication

3.11.1.1 Management Security
The Management Security page allows the user to restrict the remote management of the switch. It is
possible to block any specific kind of management (eg: web or telnet) and is also possible to restrict
it to specific IP addresses. When the Secure IP list is enabled, only addresses on the list will be
allowed to access to the Weidmüller switch.
72
Management Security Mode

Default
Enabled or Enable or disable the control access to the Disabled

Disabled management of the switch. When disabled, the
access to the switch is allowed via HTTP, HTTPS,
TELNET and SSH. When enabled, it is possible to
restrict this access.
Enable WEB(HTTP) Management

Default
Check Web management through HTTP is allowed Check
Uncheck Web management through HTTP is not allowed
Enable HTTPS Management

Default
Check Web management through HTTPS is allowed Check
Uncheck Web management through HTTPS is not allowed
Enable Telnet Management

Default
Check Access through Telnet is allowed Check
Uncheck Access through Telnet is not allowed
73
Enable SSH Management

Default
Check Access through SSH is allowed Check
Uncheck Access through SSH is not allowed
Secure IP List
Default
IP address (up Defines an IP address that is allowed to access to the 0.0.0.0

to 10) management of the switch. It is active whenever any
IP address different from 0.0.0.0 is entered.
NOTE: After programming IP addresses in the Secure IP List and before applying, be sure that the IP
address of the management PC is in the list. Otherwise the connection will be lost.
3.11.1.2 TACACS+
The detailed configuration settings of TACACS+ are displayed in the table below. As it can be seen in
the page below, up to five different TACACS+ servers can be configured in the switch.
Server Configuration
Enable Check or uncheck the access through Unchecked

TACACS`server.
Server IP Address Set IP address of the external TACACS+ server 0.0.0.0

as the authentication database.
Port Set communication port of the external TACACS+ 49

server as the authentication database.
Secret Key Set specific characters for server authentication None
74
verification.
Client Configuration
Local / TACACS+ Indicate if the authentication verification to access Local

through Console / Telnet / Web is made using the
local database of the switch or a remote
TACACS+ server.
3.11.2 Using Port Access Control

The Weidmüller switches provide two kinds of Port-Based Access Control:
• Static Port Lock

• IEEE 802.1X
Static Port Lock
In this case the Weidmüller switch can be configured to protect both static MAC and IP addresses for
a specific port. With the Port Lock function, these locked ports will not learn any additional MAC
addresses, but only allow traffic from preset static MAC/IP addresses, helping to block hackers and
careless usage.
Access control according IEEE 802.1X
The IEEE 802.1X standard defines a protocol for client/server-based access control and
authentication. The protocol restricts unauthorized clients from connecting to a LAN through ports
that are open to the Internet, and which otherwise would be readily accessible. The purpose of the
authentication server is to check each client that requests access to the port. The client is only
allowed access to the port if the client's permission is authenticated.
Three components are used to create an authentication mechanism based on 802.1X standards:
Client/Supplicant, Authentication Server, and Authenticator.
Client/Supplicant: The end station that requests access to the LAN and switch services and
responds to the requests from the switch.
Authentication server: The server that performs the actual authentication of the supplicant.
Authenticator: Edge switch or wireless access point that acts as a proxy between the supplicant
and the authentication server, requesting identity information from the supplicant, verifying the
information with the authentication server, and relaying a response to the supplicant.
The Weidmüller switch acts as an authenticator in the 802.1X environment. A supplicant and an
authenticator exchange EAPOL (Extensible Authentication Protocol over LAN) frames with each
other.
Authentication can be initiated either by the supplicant or the authenticator. When the supplicant
initiates the authentication process, it sends an EAPOL-Start frame to the authenticator. When the
authenticator initiates the authentication process or when it receives an EAPOL Start frame, it sends
an EAP Request/Identity frame to ask for the username of the supplicant. The following actions are
described below:
75
1. When the supplicant receives an "EAP Request/Identity" frame, it sends an "EAP

Response/Identity" frame with its username back to the authenticator.
2. The authenticator relays the "EAP Response/Identity" frame from the supplicant by encapsulating
it into a "RADIUS Access-Request" frame and sends to the RADIUS server. When the
authentication server receives the frame, it looks up its database to check if the username exists.
If the username is not present, the authentication server replies with a "RADIUS Access-Reject"
frame to the authenticator if the server is a RADIUS server or just indicates failure to the
authenticator if the Local User Database is used. The authenticator sends an "EAP-Failure" frame
to the supplicant.
3. The RADIUS server sends a "RADIUS Access-Challenge," which contains an "EAP Request"
with an authentication type to the authenticator to ask for the password from the client.
4. The authenticator sends an "EAP Request/Challenge" frame to the supplicant. The "EAP
Request/Challenge" frame is retrieved directly from the "RADIUS Access-Challenge" frame.
5. The supplicant responds to the "EAP Request/Challenge" by sending an "EAP
Response/Challenge" frame that encapsulates the user's password.
6. The authenticator relays the "EAP Response/ Challenge" frame from the supplicant by
encapsulating it into a "RADIUS Access-Request" frame along with a "Shared Secret," which
must be the same within the authenticator and the RADIUS server, and sends the frame to the
RADIUS server. The RADIUS server checks against the password with its database, and replies
with "RADIUS Access-Accept" or "RADIUS Access-Reject" to the authenticator.
7. The authenticator sends "EAP Success" or "EAP Failure" based on the reply from the
authentication server.
3.11.2.1 Static MAC Forwarding

If port security is enabled in the option Port Control (menu Port Settings), this page has to be used
to indicate the list of MAC addresses that will not be discarded.
76

Default
MAC Address Add the static unicast MAC address. None
Port Associates the static address with a dedicated port. 1
3.11.2.2 MAC Blacklist

This option can be used to block any traffic to some specific device. Any frame forwarding to MAC
addresses of this blacklist will be discarded.

Default
MAC Address Add the static unicast MAC address. None
3.11.2.3 IP Guard
IP Guard is a simple security option that consists in defining an IP allowed list. Any traffic from IP
addresses not belonging to this list will be discarded.
77
Port Setting
The IP Guard function can be applied to each port of the switch through this Port Setting option.
Disabled IP Guard function disabled in the port.
Monitor IP monitoring in the port but no traffic discarding.

Disabled
Security IP Guard function fully enabled. Illegal IP traffic
will be blocked.
Allow list
In the option Allow list the user can create the list of allowed IP addresses of a port applicable when
the IP Guard feature is enabled.

Default
IP IP address of the allowed entry. None
MAC MAC address of the allowed entry. None
Port Port number for the allowed IP/MAC address 1
Status Active or Suspend. Active allows the IP traffic whilst Active

Suspend blocks it. If there are doubts about some IP
allowed traffic, it can be suspended.
The user can Add and Delete rows of the allow list by using the corresponding buttons.
78
Super-IP list
As it has been seen in the previous section, the IP addresses of the option Allow list have to match
the programmed MAC address and ingress port to be allowed by the IP Guard function.
The option Super-IP list allows the user to define IP addresses with special priority. Any IP traffic of
the Super-IP list is allowed regardless the MAC address and ingress port.

Default
IP IP address of the Super-IP list. None
The user can Add and Delete IP addresses of the Super-IP list by using the corresponding buttons.
Monitor List
In this option is displayed a log of all the traffic blocked by the IP Guard function. The user can display
the IP address / MAC address / Port of the entry as well as the time when the entry was logged.
The user also has the possibility to add to the allow list any entry of the blocked traffic by checking
Add to allow list.
79
3.11.2.4 802.1x
Radius Server
Radius Server Setting

Default
802.1x Protocol Enables or Disables the use of an external RADIUS Disabled

server as the authentication database.
Radius Server IP The IP address of the RADIUS server 0.0.0.0
Server Port The UDP authentication port of the RADIUS server. 1812
Accounting Port The UDP accounting port of the RADIUS server. 1813
Shared Key A key to be shared between the external RADIUS 12345678

server and the Weidmüller switch. Both ends must
be configured to use the same key.
NAS, identifier String used to identify the switch. NAS_L2_Switch
Advanced Setting

Default
Quiet Period Time interval (in sec) between an authentication 60

failure from a supplicant and the start of a new
authentication attempt.
TX Period Time (in sec) that the switch can wait for a response 30
from the client of an EAP request/identify frame. If no
response after this time, the request is re-sent.
Supplicant Time (in sec) that the switch can wait for a supplicant 30
Timeout response to an EAP request.
80
Server Timeout Time (in sec) that the switch can wait for a Radius 30
server response to an authentication request.
Max Requets Maximum number of authentication attempts that 2

must time-out before authentication fails.
Re-Auth Period Specify how frequently (in sec) the end stations need 3600
to reenter usernames and passwords in order to stay
connected.
Port Authorize Setting
The user can define the behavior of each port of the switch according to the 802.1x programming.
Port Authorize Setting

Default
Reject The port is forced to be unauthorized.
Accept The port is forced to be authorized.

Accept
Authorize The authorize status of the port depends on the
802.1x authentication.
Disabled The port is not participating in 802.1x authentication.
Port Authorize State
This option shows the 802.1x authorize setting of each port.
81
3.12 Warnings
Since industrial Ethernet devices are often located at the endpoints of a system, these devices will
not always know what is happening elsewhere on the network. This means that an industrial Ethernet
switch that connects to these devices must provide system maintainers with real-time alarm
messages. Even when control engineers are out of the control room for an extended period of time,
they can still be informed of the status of devices almost instantaneously when exceptions occur. The
Weidmüller switch supports different approaches to warn engineers automatically, such as email and
relay output. It also allows to store the log data of events both locally and in a SYSLOG server.
3.12.1 Configuring Relay Warnings

The Fault Relay Alarm function uses relay output to alert the user when certain user-configured
events take place.
Configuring Relay Warning Events Settings
Alarm event types can be divided into two basic groups: Power Failure and Port Link
Down/Broken.
You can configure which events are related to the relay output.
NOTE: The events that are configured to activate the relay output also activate the
amber light in the FAULT LED of the front-plate of the switch.
Power Failure Warning Relay output is triggered when…
PWR 1 No power input in the first power supply module of the switch.
PWR 2 No power input in the second power supply module of the switch.
Port Link Warning e-mail is sent when…

Down/Broken
Port number The port is disconnected (e.g., the cable is pulled out, or the
opposing device shuts down).
82
3.12.2 Configuring Email Warning

The Auto Email Warning function uses e-mail to alert the user when certain user-configured events
take place. Two basic steps are required to set up the Auto Warning function:
Configure Email Event Types
Select the desired Event types from the Event type page.
Configure Email Settings
To configure a Weidmüller switch’s email setup, enter your Mail Server IP, Account Name, Account
Password, Retype New Password, and the email addresses to which warning messages will be sent.
3.12.2.1 Event Selection
Event Types can be divided into two basic groups: System Events and Port Events. System Events
are related to the overall function of the switch, whereas Port Events are related to the activity of a
specific port.
NOTE: For each event the user can decide if a log is registered (SYSLOG) and/or if a
warning Email is sent (SMTP). It is necessary to Enable Syslog and/or SMTP in the
switch to have the possibility to select events in the Event selection page.
83
System Events Log is registered when / Warning e-mail is sent when…
System restart Weidmüller switch is rebooted.
Power Status Weidmüller switch is powered up or down.
SNMP Authentication Incorrect SNMP authentication.

Failure
O-Ring Topology Change If the Master of the O-Ring has changed or the backup path is
activated.
O-Chain Topology Change If the configuration of the O-Chain has changed or the backup
path is activated.
Configuration Changed Any configuration item has been changed and saved.
and Saved
Port Events Log is registered when / Warning e-mail is sent when…
Disable Never.
Link Up The port is connected to another device.
Link Down The port is disconnected (e.g., the cable is pulled out, or the
opposing device shuts down).
Link Up & Link Down The port is either connected or disconnected.
3.12.2.2 Email Settings
Mode

Default
Enabled or Enable or disable the Email warning function. Disabled

Disabled
84
SMTP Server Address

Default
IP address The IP Address of your email server. 0.0.0.0
Sender E-mail Address

Default
E-mail address Your email account None
Mail Subject

Default
Max. of 45 Subject of the email that will be sent. Automated

characters Email Alert
Authentication

Default
Check / Uncheck Check if the SMTP server needs authentication. Check
Username Type the username of the SMTP server. None
Password Type the password of the SMTP server. None
Confirm Retype the password of the SMTP server. None

password
Recipient Email Address

Default
Max. of 45 You can set up to six email addresses to receive alarm None
characters emails from the Weidmüller switch.
3.12.3 SYSLOG Setting
85
Mode

Default
Disabled No registration of event logs.
Client Only Events are logged only in the switch.

Client Only
Server Only Events are logged only in a remote SYSLOG server.
Both Events are logged both locally (switch) and in a

remote SYSLOG server.
Server IP Address

Default
IP address The IP address of Syslog Server used by your 0.0.0.0

network.
3.13 Monitoring/Diagnosis
You can monitor statistics in real time from the Weidmüller switch as well as check its log register.
The Weidmüller switch also provides important tools for administrators to diagnose network systems.
3.13.1 System Event Log

If the local SYSLOG setting is enabled (menu Warnings), in this page will be shown the Event Log
Table stored in the switch.
The Event Log Table displays the following information:
Date The date is updated based on how the current date is set in the Basic Setting
menu (Time Setting page).
Time The time is updated based on how the current time is set in the Basic Setting
menu (Time Setting page).
Events Events that have occurred.
86
The user can press any or the following buttons:
Refresh Reload the page to get the latest events.
Clear Delete all the events stored in the switch.
Export Save the Event Log in a file (.txt format).
NOTE: The local Event Log Table is not stored in flash memory so is deleted when the
switch is rebooted. As explained, the user can save it as a .txt file using the Export
button.
3.13.2 MAC Address Table

This section explains the information provided by the Weidmüller switch’s MAC address table.
The MAC Address table can be configured to display the following Weidmüller switch MAC address
groups, which are selected from the drop-down list Port No.:
ALL Select this item to show all of the Weidmüller switch’s MAC addresses.
Port n Select this item to show all of the MAC addresses dedicated ports.
The table displays the following information:
Type This field shows the type of this MAC address.
MAC This field shows the MAC address.
Port This field shows the port that this MAC address belongs to.
Below the table is also shown the number of Static and Dynamic MAC Addresses. The button Flush
Table deletes all the MAC addresses shown in the table.
87
In this page the user can also configure the MAC Address Aging Setting:
MAC Address Aging Time

Default
Time (30 sec to 1 The time before an entry ages and is discarded from 5 min
hour) the MAC address table.
Auto Flush Table When Ports Link Down

Default
Enabled / When enabled, the switch will delete the MAC address Disabled
Disabled table if a port link gets down.
MAC Address Auto Learning

Default
Enabled / Enable or disable the MAC learning function of the Enabled

Disabled switch.
3.13.3 Port Overview

This pages provides several traffic statistics for all the ports of the switch.
Users can display the following information for each port:
Type Port speed and media type.
Link Link status (up or down).
State Port enabled (forwarding) or disabled.
TX Packets Packets sent out from the port of the Weidmüller switch. It is distinguished
between good packets and bad packets. Bad packets are packets that did not
pass TCP/IP's error checking algorithm.
RX Packets Packets received in the port of the Weidmüller switch from connected
devices. It is distinguished between good packets and bad packets. Bad
packets are packets that did not pass TCP/IP's error checking algorithm.
Packets The number of times a collision is detected in the port.

collision
The Clear button allows the user to reset all the port counters.
88
3.13.4 Port Counters

This page provides more detailed statistic counters than Port Overview option. Use the port select
box to select which switch port details to display.
Users can display the following information for each port:
InGoodOctetsLo The lower 32-bits of the 64-bit InGoodOctets counter.
InGoodOctetsHi The upper 32-bits of the 64-bit InGoodOctets counter.
InBadOctets The sum of lengths of all bad Ethernet frames received.
OutFCSErr The number of frames transmitted with an invalid FCS/CRC.
InUnicasts The number of good frames received that have a Unicast destination MAC
address.
Deferred The total number of successfully transmitted frames that experienced no

collisions but are delayed because the medium is busy during the first
attempt.
InBroadcasts The number of good frames received that have a Broadcast destination
MAC address.
InMulticasts The number of good frames received that have a Multicast destination
MAC address.
Octets64 Total frames received (and/or transmitted) with a length of exactly 64

octets.
Octets127 Total frames received (and/or transmitted) with a length between 65 and
127 octets.
255 octets.
511 octets.
1023 octets.
OctetsMax Total frames received (and/or transmitted) with a length between 1024 and
MaxSize octets.
89
OutOctetsLo The lower 32-bit of the 64-bit OutOctets counter.
OutOctetsHi The upper 32-bit of the 64-bit OutOctets counter.
OutUnicasts The number of frames sent that have an Unicast destination MAC address.
Excessive The number frames dropped in the transmit MAC because the frame
experienced 16 consecutive collisions. This counter is applicable in
half-duplex only.
OutMulticasts The number of good frames sent that have a Multicast destination MAC
address.
OutBroadcasts The number of good frames sent that have a Broadcast destination MAC
address.
Single The total number of successfully transmitted frames that experienced

exactly one collision. This counter is applicable in half-duplex only.
OutPause The number of good Flow Control frames sent.
InPause The number of good Flow Control frames received.
Multiple The total number of successfully transmitted frames that experienced more
than one collision. This counter is applicable in half-duplex only.
Undersize Total frames received with a length of less than 64 octets but with a valid
FCS/CRC.
Fragments Total frames received with a length of more than 64 octets and with an
invalid FCS/CRC.
Oversize Total frames received with a length of more than MaxSize octets but with a
valid FCS/CRC.
Jabber Total frames received with a length of more than MaxSize octets but with
an invalid FCS/CRC.
InMACRcvErr Total frames received with an RxErr signal from the physical interface.
InFCSErr Total frames received with an FCS/CRC error not counted in Fragments,
Jabber or RxErr.
Collisions The number of collision events seen by MAC not including those counted in
Single, Multiple, Excessive or Late. This counter is applicable in
half-duplex only.
Late The number of times a collision is detected later than 512 bit-times into the
transmission of a frame. This counter is applicable in half-duplex only.
The Clear button allows the user to reset all the port counters.
90
3.13.5 Port Monitoring (Mirror port)

The Port Monitoring (Mirror port) function can be used to monitor data being transmitted through a
specific port. This is done by setting up another port (the monitored / mirror port) to receive the same
data being transmitted from, or both to and from, the port under observation. This allows the network
administrator to sniff the observed port and thus keep tabs on network activity.
Port Monitoring Settings
Setting Description
Source Port Select one or several ports whose network activity will be monitored. It is
possible to select RX, TX or both.
• RX
Select this option to monitor only those data packets coming in through the
monitored port.
• TX
Select this option to monitor only those data packets being sent out
through the monitored port.
Select both RX and TX to monitor data packets both coming into, and
being sent out through, the monitored port.
Destination Select one port that will be used to monitor the activity of the monitored
Port port. It is possible to use different monitored / mirror ports for TX and RX
data.
NOTE: Port Monitoring is enabled by selecting at least one source port and pressing the
button Apply.
91
3.13.6 Traffic Monitor

This page allows the user to set up an event when high volume of traffic is received during a short
period of time through any of the ports of the switch. This event can be either logged in the Syslog or
sent by email as a warning.
The parameters that can be programmed in each port to set up this excessive traffic event are:
Monitored-Counter

Default
Disabled / “Traffic To enable the traffic monitoring in the port of the Disabled
type” switch we have to select the type of traffic we want to
monitor:
• RX Octet (all received frames)
• RX Broadcast (broadcast received frames)
• RX Multicast (multicast received frames)
• RX Unicast (unicast received frames)
• RX Non-Unicast (broadcast and unicast
received frames)
Time Interval

Default
Time between 1 Define the time that the switch will be 3 sec
and 300 sec monitoring/counting the number of received frames.
92
Increasing Quantity

Default
Number between Threshold to define the minimum number of frames 1000

1 and 999999999 that have to be received during the time interval to
consider that excessive traffic is being received.
Event Settings (triggered by threshold)

Default
Syslog Check to register the event in Syslog. Unchecked
SMTP Check to send an email event. Unchecked
3.13.7 SFP Monitor
NOTE: This option is only available in the models including SFP ports.
Optical fiber is commonly used for long distance data transmission. However, when link issues occur,
it is very costly to trouble shoot the fiber cable and fiber transceiver at remote sites. To solve this
problem, Weidmüller industrial Ethernet switches provide digital diagnostic and monitoring (DDM)
functions on Weidmüller SFP optical fiber links and allow users to measure optical parameters and
its performance from center site. This function can greatly facilitate the trouble shooting process for
optical fiber links and reduce costs for onsite debug.
Parameter Description
Port No. Switch port number with SFP plugged in
Temperature (°C) SFP casing temperature
Vcc (V) Voltage supply to the SFP
Tx Bias (mA) The bias current of the optical transmitter
Tx power (uW) The amount of light being transmitted into the fiber optic cable in uW
(dBm) The amount of light being transmitted into the fiber optic cable in
dBm
93
Rx power (uW) The amount of light being received from the fiber optic cable in uW
(dBm) The amount of light being received from the fiber optic cable in dBm
Besides monitoring the SFP status, it is also possible to configure a high-temperature warning that
can be either logged in Syslog or sent as event by email.
Warning Temperature

Default
Number between Temperature threshold for warning event. 75 ºC

0 and 100 ºC
Event Alarm

Default
Syslog Check to register the event in Syslog. Unchecked
SMTP Check to send an email event. Unchecked
3.13.8 Ping
The Ping function uses the ping command to give users a simple but powerful tool for
troubleshooting network problems. The function's most unique feature is that even though the ping
command is entered from the user's PC keyboard, the actual ping command originates from the
Weidmüller switch itself. In this way, the user can essentially sit on top of the Weidmüller switch and
send ping commands out through its ports.
To use the Ping function, type in the desired IP address, and then click Send Ping.
3.14 Save Configuration

After changing any parameter / function in a web page the button Apply activates the change but
does not save it. The text “Configuration changed and applied but not saved!” is shown in all the
pages of the web interface. It means the changes would be lost after restarting the switch.
The Save Configuration option permanently saves the applied changes to flash memory.
In the page is always indicated if the current configuration is saved to flash memory or not.
94
3.15 Factory Default

This function provides users with a quick way of restoring the Weidmüller switch’s configuration to
factory defaults.
The user has the possibility to restore to factory defaults but keeping the current IP address and
username / password settings.
3.16 System Reboot

This function is used to restart the Ethernet Switch.
In the page are shown the active (running) and alternate firmware images and the user can decide
which one should be taken for the reboot.
3.17 Logout
This option can be used to leave the Web Management of the switch.
95
4. Command Line Interface (CLI) Management

Besides Web Management, the Fast/Gigabit Advanced Line Switches also support CLI Management
either from console port or Telnet.
4.1 CLI Management by Console port

Using the provided accessory cable, connect the “CONSOLE” port (RJ-45) to the PC terminal
communication port (DB9). Run any terminal emulation program (HyperTerminal, PuTTY,
TeraTermPro, etc.) and configure the communication parameters as follows:
• Speed: 9600
• Data: 8 bits
• Parity: None
• Stop bits: 1
• Flow Control: None
The console login screen will appear. Use the keyboard to introduce the “Username” and
“Password”.
NOTE: The same Username and password used to access to the Web
Management have to be used for the Console port.
The default Username / password are admin / Detmold
4.2 CLI Management by Telnet

Opening the Weidmüller switch’s Telnet over a network requires that the PC host and Weidmüller
switch are on the same logical subnet (same as with Web Management). You may need to adjust
your PC host’s IP address and subnet mask. By default, the Weidmüller switch’s IP address is
192.168.1.110 and the switch’s subnet mask is 255.255.255.0 (for a Class C network). If you do not
change these values, and your PC host's subnet mask is 255.255.255.0, then its IP address must
have the form 192.168.1.xxx
NOTE: When connecting to the switch’s Telnet ensure that your PC host and the
switch are on the same logical subnet.
NOTE: When connecting to the switch’s Telnet, first connect one of the switch’s
Ethernet ports to your Ethernet LAN or directly to your PC’s Ethernet port. You may
use either a straight-through or cross-over Ethernet cable.
NOTE: The Weidmüller switch’s default IP address is 192.168.1.110

The default username / password are admin / Detmold
96
After making sure that the Weidmüller switch is connected to the same LAN and logical subnet as
your PC, open the Weidmüller switch’s Telnet console using any Telnet client (Windows Telnet
Client, PuTTY, TeraTermPro, etc.).
4.3 CLI Modes

The Command Line Interface (CLI) of Advanced Line series is mainly divided into five basic modes;
these are User mode, EXEC mode, Configuration mode, VLAN database and Configuration Interface
mode. The commands available in User mode and EXEC mode are limited. For more advanced
configurations, you must enter Config mode, VLAN database or Config Interface mode. In each mode, a
question mark (?) at the system prompt can be issued to obtain a list of commands available for each
command mode. The following table provides a brief overview of modes available in this device.
Mode Prompt Enter Method Exit Method
User mode > enable disable

Enter authorized
EXEC mode # username and Exit, logout
password
Global Config Enter “configure
(config)# End, exit, do logout
Mode terminal” after “#”
Enter “vlan database”
VLAN Database (vlan)# after “#” Exit, do logout
Specify interface,
Config Interface interface type and
(config-if)# number after (config)# End, exit, do logout
Mode
4.4 Quick keys

There are several useful quick keys you can use when editing command lines.
Keyboard Action
? Issue “?” to get a list of commands available in the current
mode.
Up arrow key To view the previous entered commands.
Down arrow key To view the previous entered commands.
Tab key To complete an unfinished command.
97
4.5 System commands

Command Mode Description Example
show config User Show switch >show config

configuration
show terminal EXEC Show console #show terminal
information
write memory Save your

EXEC configuration into #write memory
permanent memory
(flash rom)
system name Global Config Configure system (config)#system
[System Name] name name xxx
system location Global Config Set switch system (config)#system

[System location string location xxx
Location]
system Global Config Set switch system (config)#system

description description string description xxx
[System
Description]
system contact Global Config Set switch system (config)#system
[System contact window string contact xxx
Contact]
show User Show system >show system-info

system-info information
ip address Global Config Configure the IP (config)#ip address

[Ip-address] address of switch 192.168.1.110
[Subnet-mask] 255.255.255.0
[Gateway] 192.168.1.254
ip dhcp Global Config Enable DHCP client (config)#ip dhcp

function of switch
show ip EXEC Show IP information #show ip

of switch
no ip dhcp Global Config Disable DHCP client (config)#no ip dhcp

function of switch
reload Global Config Halt and perform a (config)#reload

cold restart
default Global Config Restore to default (config)#default
98
admin Global Config Changes a login (config)#admin

username username.(maximum username xxxxxx
[Username] 10 words)
admin Global Config Specifies a password (config)#admin

password (maximum 10 words) password xxxxxx
[Password]
show admin EXEC Show administrator #show admin

information
dhcpserver Global Config Enable DHCP Server (config)#dhcpserver

enable enable
dhcpserver Global Config Configure low IP (config)# dhcpserver

lowip address for IP pool lowip 192.168.1.1
[Low IP]
dhcpserver Global Config Configure high IP (config)# dhcpserver

highip address for IP pool highip 192.168.1.50
[High IP]
dhcpserver Global Config Configure subnet (config)#dhcpserver

subnetmask mask for DHCP subnetmask
[Subnet mask] clients 255.255.255.0
dhcpserver Global Config Configure gateway (config)#dhcpserver

gateway for DHCP clients gateway
[Gateway] 192.168.1.254
dhcpserver Global Config Configure DNS IP for (config)# dhcpserver

dnsip DHCP clients dnsip 192.168.1.1
[DNS IP]
dhcpserver Global Config Configure lease time (config)#dhcpserver

leasetime (in hour) leasetime 1
[Hours]
dhcpserver Interface Set static IP for (config)#interface

ipbinding Config DHCP clients by port fastEthernet 2
[IP address] switch(config-if)#dhc
pserver ipbinding
192.168.1.1
show EXEC Show configuration of #show dhcpserver
dhcpserver DHCP server configuration
configuration
show EXEC Show client entries of #show dhcpserver

dhcpserver DHCP server clinets
clients
show EXEC Show IP-Binding #show dhcpserver

dhcpserver information of DHCP ip-binding
ip-binding server
99
no dhcpserver Global Config Disable DHCP server (config)#no

function dhcpserver
security enable Global Config Enable IP security (config)#security

function enable
security http Global Config Enable IP security of (config)#security http

HTTP server
security telnet Global Config Enable IP security of (config)#security

telnet server telnet
security ip Global Config Set the IP security list (config)#security ip 1

[Index(1..10)] 192.168.1.55
[IP Address]
show security EXEC Show the information #show security

of IP security
no security Global Config Disable IP security (config)#no security

function
no security http Global Config Disable IP security of (config)#no security

HTTP server http
no security Global Config Disable IP security of (config)#no security

telnet telnet server telnet
100
4.6 Port commands

interface Global Config Choose the port for (config)#interface

fastEthernet modification. fastEthernet 2
[Portid]
duplex Interface Use the duplex (config)#interface
[full | half] Config configuration fastEthernet 2
command to specify (config-if)#duplex full
the duplex mode of
operation for Fast
Ethernet.
speed Interface Use the speed (config)#interface
[10|100|1000|a Config configuration fastEthernet 2
uto] command to specify (config-if)#speed 100
the speed mode of
operation for Fast
Ethernet., the speed
can’t be set to 1000 if
the port isn’t a giga
port..
flowcontrol Interface Use the flowcontrol (config)#interface
mode Config configuration fastEthernet 2
[Symmetric|Asy command on (config-if)#flowcontrol
mmetric] Ethernet ports to mode Asymmetric
control traffic rates
during congestion.
no flowcontrol Interface Disable flow control (config-if)#no
Config of interface flowcontrol
security enable Interface Enable security of (config)#interface
Config interface fastEthernet 2
(config-if)#security
enable
no security Interface Disable security of (config)#interface
Config interface fastEthernet 2
(config-if)#no security
bandwidth type Interface Set interface ingress (config)#interface
all Config limit frame type to fastEthernet 2
“accept all frame” (config-if)#bandwidth
type all
broadcast-multi Config limit frame type to fastEthernet 2
cast-flooded-un “accept broadcast, (config-if)#bandwidth
icast multicast, and type
flooded unicast broadcast-multicast-fl
frame” ooded-unicast
broadcast-multi Config limit frame type to fastEthernet 2
cast “accept broadcast (config-if)#bandwidth
and multicast frame” type
broadcast-multicast
broadcast-only Config limit frame type to fastEthernet 2
“only accept (config-if)#bandwidth
broadcast frame” type broadcast-only
bandwidth in Interface Set interface input (config)#interface
[Value] Config bandwidth. Rate fastEthernet 2
Range is from 100 (config-if)#bandwidth
kbps to 102400 kbps in 100
or to 256000 kbps for
giga ports,
and zero means no
limit.
101
bandwidth out Interface Set interface output (config)#interface

[Value] Config bandwidth. Rate fastEthernet 2
Range is from 100 (config-if)#bandwidth
kbps to 102400 kbps out 100
or to 256000 kbps for
giga ports,
and zero means no
limit.
show Interface Show interfaces (config)#interface
bandwidth Config bandwidth control fastEthernet 2
(config-if)#show
bandwidth
state Interface Use the state (config)#interface
[Enable | Config interface fastEthernet 2
Disable] configuration (config-if)#state
command to specify Disable
the state mode of
operation for
Ethernet ports. Use
the disable form of
this command to
disable the port.
show interface Interface show interface (config)#interface

configuration Config configuration status fastEthernet 2
(config-if)#show
interface
configuration
show interface Interface show interface actual (config)#interface
status Config status fastEthernet 2
(config-if)#show
interface status
show interface Interface show interface (config)#interface
accounting Config statistic counter fastEthernet 2
(config-if)#show
interface accounting
no accounting Interface Clear interface (config)#interface
Config accounting fastEthernet 2
information (config-if)#no
accounting
102
4.7 Port trunking commands

aggregator Global Config Set port group (config)#aggregator

priority system priority priority 22
[1to65535]
aggregator Global Config Set activity port (config)#aggregator
activityport activityport 2
[Port Numbers]
aggregator Global Config Assign a trunk group (config)#aggregator
group with LACP active. group 1 1-4 lacp
[GroupID] [GroupID] :1to3 workp 2
[Port-list] [Port-list]:Member or
lacp port list, This (config)#aggregator
workp parameter could be a group 2 1,4,3 lacp
[Workport] port range(ex.1-4) or workp 3
a port list separate by
a comma(ex.2, 3, 6)
[Workport]: The
amount of work ports,
this value could not
be less than zero or
be large than the
amount of member
ports.
aggregator Global Config Assign a static trunk (config)#aggregator
group group. group 1 2-4 nolacp
[GroupID] [GroupID] :1to3 or
[Port-list] [Port-list]:Member (config)#aggreator
nolacp port list, This group 1 3,1,2 nolacp
parameter could be a
port range(ex.1-4) or
a port list separate by
a comma(ex.2, 3, 6)
show EXEC Show the information #show aggregator
aggregator of trunk group
no aggregator Global Config Disable the LACP (config)#no aggreator
lacp function of trunk lacp 1
[GroupID] group
no aggregator Global Config Remove a trunk (config)#no aggreator
group group group 2
[GroupID]
103
4.8 VLAN commands

vlan database EXEC Enter VLAN #vlan database

configure mode
vlan VLAN To set switch VLAN (vlan)# vlanmode
[8021q | gvrp] Database mode. 802.1q
or
(vlan)# vlanmode
gvrp
no vlan VLAN Disable vlan (vlan)#no vlan 2
[VID] Database group(by VID)
no gvrp VLAN Disable GVRP (vlan)#no gvrp
Database
vlan 8021q port VLAN Assign a access link (vlan)#vlan 802.1q
[PortNumber] Database for VLAN by port, if port 3 access-link
access-link the port belong to a untag 33
untag trunk group, this
[UntaggedVID] command can’t be
applied.
vlan 8021q port VLAN Assign a trunk link for (vlan)#vlan 8021q
[PortNumber] Database VLAN by port, if the port 3 trunk-link tag
trunk-link tag port belong to a trunk 2,3,6,99
[TaggedVID group, this command or
List] can’t be applied. (vlan)#vlan 8021q
port 3 trunk-link tag
3-20
vlan 8021q port VLAN Assign a hybrid link (vlan)# vlan 8021q
[PortNumber] Database for VLAN by port, if port 3 hybrid-link
hybrid-link the port belong to a untag 4 tag 3,6,8
untag trunk group, this or
[UntaggedVID] command can’t be (vlan)# vlan 8021q
tag applied. port 3 hybrid-link
[TaggedVID untag 5 tag 6-8
List]
vlan 8021q VLAN Assign a access link (vlan)#vlan 8021q
aggreator Database for VLAN by trunk aggreator 3
[TrunkID] group access-link untag 33
access-link
untag
[UntaggedVID]
vlan 8021q VLAN Assign a trunk link for (vlan)#vlan 8021q
aggreator Database VLAN by trunk group aggreator 3 trunk-link
[TrunkID] tag 2,3,6,99
trunk-link tag or
[TaggedVID (vlan)#vlan 8021q
List] aggreator 3 trunk-link
tag 3-20
vlan 8021q VLAN Assign a hybrid link (vlan)# vlan 8021q
aggreator Database for VLAN by trunk aggreator 3
[PortNumber] group hybrid-link untag 4
hybrid-link tag 3,6,8
untag or
[UntaggedVID] (vlan)# vlan 8021q
tag aggreator 3
[TaggedVID hybrid-link untag 5
List] tag 6-8
show vlan [VID] VLAN Show VLAN (vlan)#show vlan 23
or Database information
show vlan
104
4.9 Spanning Tree commands

spanning-tree Global Config Enable spanning tree (config)#spanning-tre

enable e enable
spanning-tree Global Config Configure spanning (config)#spanning-tre
priority tree priority e priority 32767
[0to61440] parameter
spanning-tree Global Config Use the (config)#spanning-tre
max-age spanning-tree e max-age 15
[seconds] max-age global
configuration
command to change
the interval between
messages the
spanning tree
receives from the
root switch. If a
switch does not
receive a bridge
protocol data unit
(BPDU) message
from the root switch
within this interval, it
recomputed the
Spanning Tree
Protocol (STP)
topology.
hello-time spanning-tree e hello-time 3
[seconds] hello-time global
configuration
command to specify
the interval between
hello bridge protocol
data units (BPDUs).
forward-time spanning-tree e forward-time 20
[seconds] forward-time global
configuration
command to set the
forwarding-time for
the specified
spanning-tree
instances. The
forwarding time
determines how long
each of the listening
and
learning states last
before the port
begins forwarding.
stp-path-cost Interface Use the (config)#interface
[1to200000000] Config spanning-tree cost fastEthernet 2
interface (config-if)#stp-path-c
configuration ost 20
command to set the
path cost for
Spanning Tree
Protocol (STP)
calculations. In the
event of a loop,
spanning tree
considers the path
105
cost when selecting

an interface to place
into the forwarding
state.
stp-path-priority Interface Use the (config)#interface
[Port Priority] Config spanning-tree fastEthernet 2
port-priority interface (config-if)#
configuration stp-path-priority 127
command to
configure a port
priority that
is used when two
switches tie for
position as the root
switch.
stp-admin-p2p Interface Admin P2P of STP (config)#interface
[Auto|True|Fals Config priority on this fastEthernet 2
e] interface. (config-if)#
stp-admin-p2p Auto
stp-admin-edge Interface Admin Edge of STP (config)#interface
[True|False] Config priority on this fastEthernet 2
interface. (config-if)#
stp-admin-edge True
stp-admin-non- Interface Admin NonSTP of (config)#interface
stp Config STP priority on this fastEthernet 2
[True|False] interface. (config-if)#
stp-admin-non-stp
False
Show User Display a summary of >show spanning-tree
spanning-tree the spanning-tree
states.
no Global Config Disable (config)#no
spanning-tree spanning-tree. spanning-tree
106
4.10 O-Ring Redundancy commands

Ring enable Global Config Enable O-Ring (config)# ring enable

Ring master Global Config Enable ring master (config)# ring master
Ring couplering Global Config Enable couple ring (config)# ring

couplering
Ring Global Config Enable dual homing (config)# ring
dualhoming dualhoming
Ring ringport Global Config Configure 1st/2nd (config)# ring ringport
[1st Ring Port] Ring Port 78
[2nd Ring Port]
Ring Global Config Configure Coupling (config)# ring
couplingport Port couplingport 1
[Coupling Port]
Ring controlport Global Config Configure Control (config)# ring
[Control Port] Port controlport 2
Ring Global Config Configure Dual (config)# ring
homingport Homing Port homingport 3
[Dual Homing
Port]
show Ring EXEC Show the information #show ring
of O-Ring
no Ring Global Config Disable O-Ring (config)#no ring
no Ring master Global Config Disable ring master (config)# no ring

master
no Ring Global Config Disable couple ring (config)# no ring
couplering couplering
no Ring Global Config Disable dual homing (config)# no ring
dualhoming dualhoming
107
4.11 QoS commands

qos policy Global Config Select QOS policy (config)#qos policy

[weighted-fair|st scheduling weighted-fair
rict]
qos prioritytype Global Config Setting of QOS (config)#qos
[port-based|cos priority type prioritytype
-only|tos-only|c
os-first|tos-first]
qos priority Global Config Configure Port-based (config)#qos priority
portbased Priority portbased 1 low
[Port]
[lowest|low|mid
dle|high]
qos priority cos Global Config Configure CoS (config)#qos priority
[Priority][lowest| Priority cos 22 middle
low|middle|high
]
qos priority tos Global Config Configure ToS (config)#qos priority
[Priority][lowest| Priority tos 3 high
low|middle|high
]
show qos User Display the >show qos
information of QoS
configuration
no qos Global Config Disable QoS function (config)#no qos
4.12 IGMP commands

igmp enable Global Config Enable IGMP (config)#igmp enable

snooping function
Igmp-query Global Config Set IGMP query to (config)#Igmp-query
auto auto mode auto
Igmp-query Global Config Set IGMP query to (config)#Igmp-query

force force mode force
show igmp EXEC Displays the details #show igmp
configuration of an IGMP configuration
configuration.
show igmp EXEC Displays the details #show igmp multi
multi of an IGMP snooping
entries.
no igmp Global Config Disable IGMP (config)#no igmp
snooping function
no igmp-query Global Config Disable IGMP query #no igmp-query
108
4.13 Static filtering commands

mac-address-ta Interface Configure MAC (config)#interface

ble static Config address table of fastEthernet 2
hwaddr interface (static). (config-if)#mac-addre
[MAC] ss-table static
hwaddr
000012345678
mac-address-ta Global Config Configure MAC (config)#mac-addres
ble filter hwaddr address table(filter) s-table filter hwaddr
[MAC] 000012348678
show EXEC Show all MAC #show
mac-address-ta address table mac-address-table
ble
show EXEC Show static MAC #show
mac-address-ta address table mac-address-table
ble static static
show EXEC Show filter MAC #show
mac-address-ta address table. mac-address-table
ble filter filter
no Interface Remove an entry of (config)#interface
mac-address-ta Config MAC address table of fastEthernet 2
ble static interface (static) (config-if)#no
hwaddr mac-address-table
[MAC] static hwaddr
000012345678
no Global Config Remove an entry of (config)#no
mac-address-ta MAC address table mac-address-table
ble filter hwaddr (filter) filter hwaddr
[MAC] 000012348678
no Global Config Remove dynamic (config)#no
mac-address-ta entry of MAC mac-address-table
ble address table
109
4.14 SNMP commands

snmp Global Config Select the agent (config)#snmp

agent-mode mode of SNMP agent-mode v1v2c
[v1v2c | v3]
snmp-server Global Config Configure SNMP (config)#snmp-server
host server host host 192.168.10.50
[IP address] information and community public
community community string trap-version v1
[Community-stri (remove)
ng] (config)#
trap-version no snmp-server host
[v1|v2c] 192.168.10.50
snmp Global Config Configure the (config)#snmp
community-stri community string community-strings
ngs right public right RO
[Community-stri or
ng] (config)#snmp
right community-strings
[RO|RW] public right RW
snmp Global Config Configure the (config)#snmp
snmpv3-user userprofile for snmpv3-user test01
[User Name] SNMPV3 agent. password AuthPW
password Privacy password PrivPW
[Authentication could be empty.
Password]
[Privacy
Password]
show snmp EXEC Show SNMP #show snmp
configuration
show EXEC Show specified trap #show snmp-server
snmp-server server information
no snmp Global Config Remove the specified (config)#no snmp
community-stri community. community-strings
ngs public
[Community]
no snmp Global Config Remove specified (config)# no snmp
snmpv3-user user of SNMPv3 snmpv3-user test01
[User Name] agent. Privacy password AuthPW
password password could be PrivPW
[Authentication empty.
Password]
[Privacy
Password]
no snmp-server Global Config Remove the SNMP (config)#no
host server host. snmp-server
[Host-address] 192.168.10.50
110
4.15 Port Mirroring commands

monitor rx Global Config Set RX destination (config)#monitor rx

port of monitor
function
monitor tx Global Config Set TX destination (config)#monitor tx
port of monitor
function
show monitor EXEC Show port monitor #show monitor
information
monitor Interface Configure source port (config)#interface
[RX|TX|Both] Config of monitor function fastEthernet 2
(config-if)#monitor
RX
show monitor Interface Show port monitor (config)#interface
Config information fastEthernet 2
(config-if)#show
monitor
no monitor Interface Disable source port (config)#interface
Config of monitor function fastEthernet 2
(config-if)#no monitor
4.16 802.1x commands

8021x enable Global Config Use the 802.1x (config)# 8021x

global configuration enable
command to enable
802.1x protocols.
8021x system Global Config Use the 802.1x (config)# 8021x
radiousip system radious IP system radiousip
[IP address] global configuration 192.168.1.1
command to change
the radious server IP.
serverport system server port system serverport
[port ID] global configuration 1815
command to change
the radious server
port
accountport system account port system accountport
[port ID] global configuration 1816
command to change
the accounting port
sharekey system share key system sharekey
[ID] global configuration 123456
command to change
the shared key value.
nasid system nasid global system nasid test1
[words] configuration
command to change
the NAS ID
8021x misc Global Config Use the 802.1x misc (config)# 8021x misc
quietperiod quiet period global quietperiod 10
[sec.] configuration
command to specify
111
the quiet period value

of the switch.
txperiod TX period global txperiod 5
command to set the
TX period.
supportimeout supp timeout global supportimeout 20
command to set the
supplicant timeout.
8021x misc Global Config Use the 802.1x misc (config)#8021x misc
servertimeout server timeout global servertimeout 20
command to set the
server timeout.
maxrequest max request global maxrequest 3
[number] configuration
command to set the
MAX requests.
reauthperiod reauth period global reauthperiod 3000
command to set the
reauth period.
8021x Interface Use the 802.1x port (config)#interface

portstate Config state interface fastethernet 3
[disable | reject configuration switch(config-if)#802
| accept | command to set the 1x portstate accept
authorize] state of the selected
port.
show 8021x User Display a summary of >show 8021x

the 802.1x properties
and also the port
sates.
no 8021x Global Config Disable 802.1x (config)#no 8021x
function
4.17 TFTP commands

backup Global Config Save configuration to (config)#backup

flash:backup_cf TFTP and need to flash:backup_cfg
g specify the IP of
TFTP server and the
file name of image.
restore Global Config Get configuration (config)#restore
flash:restore_cf from TFTP server flash:restore_cfg
g and need to specify
the IP of TFTP server
and the file name of
image.
upgrade Global Config Upgrade firmware by (config)#upgrade
flash:upgrade_f TFTP and need to flash:upgrade_fw
w specify the IP of
TFTP server and the
file name of image.
112
4.18 Syslog / SMTP / Event commands

systemlog ip Global Config Set System log (config)# systemlog

[IP address] server IP address. ip 192.168.1.100
systemlog Global Config Specified the log (config)# systemlog
mode mode mode both
[client|server|bo
th]
show User Display system log. >show systemlog
systemlog
show EXEC Show system log #show systemlog
systemlog client & server
information
no systemlog Global Config Disable systemlog (config)#no
functon systemlog
smtp enable Global Config Enable SMTP (config)#smtp enable
function
smtp serverip Global Config Configure SMTP (config)#smtp
[IP address] server IP serverip 192.168.1.5
smtp Global Config Enable SMTP (config)#smtp
authentication authentication authentication
smtp account Global Config Configure (config)#smtp
[account] authentication account User
account
smtp password Global Config Configure (config)#smtp
[password] authentication password
password
smtp rcptemail Global Config Configure Rcpt (config)#smtp
[Index] [Email e-mail Address rcptemail 1
address] Alert@test.com
show smtp EXEC Show the information #show smtp
of SMTP
no smtp Global Config Disable SMTP (config)#no smtp
function
event Global Config Set cold start event (config)#event
device-cold-sta type device-cold-start both
rt
[Systemlog|SM
TP|Both]
event Global Config Set Authentication (config)#event
authentication-f failure event type authentication-failure
ailure both
[Systemlog|SM
TP|Both]
event Global Config Set s ring topology (config)#event
O-Ring-topolog changed event type ring-topology-change
y-change both
[Systemlog|SM
TP|Both]
event Interface Set port event for (config)#interface
systemlog Config system log fastethernet 3
[Link-UP|Link-D (config-if)#event
own|Both] systemlog both
event smtp Interface Set port event for (config)#interface
[Link-UP|Link-D Config SMTP fastethernet 3
own|Both] (config-if)#event
smtp both
show event EXEC Show event selection #show event
113
no event Global Config Disable cold start (config)#no event

device-cold-sta event type device-cold-start
rt
no event Global Config Disable (config)#no event
authentication-f Authentication failure authentication-failure
ailure event typ
no event Global Config Disable O-Ring (config)#no event
O-Ring-topolog topology changed ring-topology-change
y-change event type
no event Interface Disable port event for (config)#interface
systemlog Config system log fastethernet 3
(config-if)#no event
systemlog
no event smpt Interface Disable port event for (config)#interface
Config SMTP fastethernet 3
(config-if)#no event
smtp
show EXEC Show system log #show systemlog
systemlog client & server
information
4.19 SNTP commands

sntp enable Global Config Enable SNTP (config)#sntp enable

function
sntp daylight Global Config Enable daylight (config)#sntp daylight
saving time, if SNTP
function is inactive,
this command can’t
be applied.
sntp Global Config Set period of daylight (config)# sntp
daylight-period saving time, if SNTP daylight-period
[Start time] function is inactive, 20060101-01:01
[End time] this command can’t 20060202-01-01
be applied.
Parameter format:
[yyyymmdd-hh:mm]
sntp Global Config Set offset of daylight (config)#sntp
daylight-offset saving time, if SNTP daylight-offset 3
[Minute] function is inactive,
this command can’t
be applied.
sntp ip Global Config Set SNTP server IP, (config)#sntp ip
[IP] if SNTP function is 192.169.1.1
inactive, this
command can’t be
applied.
sntp timezone Global Config Set timezone index, (config)#sntp
[Timezone] use “show sntp timezone 22
timzezone” command
to get more
information of index
number
show sntp EXEC Show SNTP #show sntp
information
show sntp EXEC Show index number #show sntp timezone
timezone of time zone list
no sntp Global Config Disable SNTP (config)#no sntp
function
no sntp daylight Global Config Disable daylight (config)#no sntp
saving time daylight
114
A. Downloads (Software and Documentation)

Using below described link you can download following items:
• Firmware Upgrades
• Private MIB files
• Documentation (User Manual and Hardware Installation Guide)
Download via Product Catalogue (Online Catalogue)
• Download latest Firmware version, Private MIB file or Documentation.

http://www.weidmueller.com
► Select Product Catalogue
 Select „Automation & Software“
 Select „Industrial Ethernet“
 Select „Advanced Line Managed Switches”
 Select Product model
 Click and expand section „Downloads“
 Download the needed items
115

Manual Fast-Gigabit Advanced Line M Switch Series 1e 10 2021

Uploaded by

Copyright:

Available Formats

Manual Fast-Gigabit Advanced Line M Switch Series 1e 10 2021

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manual Fast-Gigabit Advanced Line M Switch Series 1e 10 2021

Uploaded by

Copyright:

Available Formats

Industrial Ethernet managed Switches

First Edition, October 2021

Copyright ©2016 Weidmüller Interface GmbH & Co. KG

Weidmüller Interface GmbH & Co. KG

Phone +49 (0) 5231 14-0

2. Getting Started .................................................................................................. 5

2.1 Hardware features .................................................................................................................. 5

3. Web Management .............................................................................................. 7

3.1 Accessing the Web interface via HTTP ................................................................................ 7

3.5.6.1 The STP / RSTP Concept ......................................................................................30

3.12 Warnings .............................................................................................................................82

4. Command Line Interface (CLI) Management ................................................ 96

4.1 CLI Management by Console port ......................................................................................96

4.19 SNTP commands ..............................................................................................................114

A. Downloads (Software and Documentation) ................................................ 115

1. About this Manual

2.1 Hardware features

2.2 Software features

3.1 Accessing the Web interface via HTTP

NOTE: The Weidmüller switch’s default IP address is 192.168.1.110.

3.2 Accessing the Web interface via HTTPS

3.3 Basic Settings

3.3.1 System Setting

Max. 64 This option is useful for recording a more detailed Description of

Max. 64 This option is useful for differentiating between the None

3.3.2 Admin Password

Confirm Old Password

Max. 24 Enter the old password. Detmold

Max. 24 Enter the new password. None

Max. 24 Enter the new password again. None

See a brief explanation of each configuration item below.

The Weidmüller switch’s IP address must be set

IP address for the

DNS1 and DNS2

The IP address of the secondary DNS Server used by

3.3.4 IPv6 Setting

The Weidmüller switch’s IP address must be set

IP address for the

Link Local Address

The network portion of the Link-Local address is FE80

3.3.5 Time Setting

Possibility to set the time of the switch directly from the

Set System Date Time manually

Allows configuration of the local date in yyyy-mm-dd None

Allows configuration of the local time in 24-hour

Disabled No NTP/SNTP used in the switch.

Server (NTP) The Weidmüller switch can synchronize other

Daylight Saving Time

Enabled / Automatically set the Weidmüller switch’s time forward Disabled

Daylight Saving Period

Daylight Saving Offset

3.3.6 LLDP Function

3.3.6.2 Configuring LLDP Settings

Setting Description Factory

Enable or Disable Enables or disables the LLDP function. Enable

Setting Description Factory

Neighbor Info Table

Port The port number that connects to the neighbor device.

System Name Hostname of the neighbor device.