Page 1
User Manual
Original Instructions
Stratix 2500 Lightly Managed Switches
Catalog Numbers 1783-LMS5, 1783-LMS8
Page 2
Important User Information
Read this document and the documents listed in the additional resources section about installation, configuration, and
operation of this equipment before you install, configure, operate, or maintain this product. Users are required to
familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws,
and standards.
Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are
required to be carried out by suitably trained personnel in accordance with applicable code of practice.
If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may
be impaired.
In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from
the use or application of this equipment.
The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and
requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or
liability for actual use based on the examples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or
software described in this manual.
Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation,
Inc., is prohibited
Throughout this manual, when necessary, we use notes to make you aware of safety considerations.
WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous
environment, which may lead to personal injury or death, property damage, or economic loss.
ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property
damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.
IMPORTANT Identifies information that is critical for successful application and understanding of the product.
Labels may also be on or inside the equipment to provide specific precautions.
SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous
voltage may be present.
BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may
reach dangerous temperatures.
ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to
potential Arc Flash. Arc Flash will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL
Regulatory requirements for safe work practices and for Personal Protective Equipment (PPE).
Page 3
Table of Contents
Preface
Summary of Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Access Product Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Chapter 1
About the Switches EtherNet/IP CIP Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
CIP Network Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
RSLinx Software and Network Who Support. . . . . . . . . . . . . . . . 11
Electronic Data Sheet (EDS) Files . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Data Accessible with CIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 2
Get Started Out-of-the-box Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Express Setup
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Express Setup Button . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Express Setup Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Express Setup Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Run Express Setup in Short Press Mode . . . . . . . . . . . . . . . . . . . . . 19
Run Express Setup in Medium Press Mode . . . . . . . . . . . . . . . . . . 21
Run Express Setup in Long Press Mode. . . . . . . . . . . . . . . . . . . . . . 22
Network Settings in Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Plug and Play Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Express Setup Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Configure Network Settings in the Logix Designer Application . . . 26
Configuration in Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Access Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Configure Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Configuration in the Studio 5000 Environment . . . . . . . . . . . . . . . . . 35
General Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Connection Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Switch Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
User Administration in Device Manager . . . . . . . . . . . . . . . . . . . . . . . . 42
Configuration Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Manage Configuration Files in Device Manager . . . . . . . . . . . . . . 44
Manage Configuration Files in the Logix Designer Application 46
Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Apply a Software Update. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Apply a Backup Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Access Management in Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . 50
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 3
Page 4
Table of Contents
Chapter 3
Configure Switch Features 802.1X Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . . . . . . 56
DHCP Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Configure DHCP Persistence Via Device Manager . . . . . . . . . . . 57
DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Assign an IP Address to a Switch Port and Enable Snooping Via
Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Bootstrap Protocol (BOOTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Configure DHCP Persistence Via Logix Designer . . . . . . . . . . . . 62
EtherChannels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Configure EtherChannels in the Logix Designer Application. . 69
Internet Group Management Protocol (IGMP) Snooping
with Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Port Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configure Port Security in Device Manager. . . . . . . . . . . . . . . . . . 75
Configure Port Security in the Logix Designer Application. . . . 77
Quality of Service (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Simple Network Management Protocol (SNMP) . . . . . . . . . . . . . . . . 79
Smartports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Avoid Smartport Mismatches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Assign Smartport Roles and VLANs in Device Manager . . . . . . 90
Assign Smartport Roles and VLANs in the Logix Designer
Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Spanning Tree Protocol (STP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Spanning Tree Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
PortFast Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Configure STP in Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Storm Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Terminal Access Controller Access Control System Plus/Remote
Authentication Dial-In User Service (TACACS+/RADIUS). . . . . 99
Virtual Local Area Networks (VLANs) . . . . . . . . . . . . . . . . . . . . . . . . 100
Configure VLANs in Device Manager. . . . . . . . . . . . . . . . . . . . . . 101
Configure VLANs in the Logix Designer Application . . . . . . . 102
Chapter 4
Monitor the Switch Dashboard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Switch Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Switch Health. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Port Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
System Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Port Security Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
4 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 5
Table of Contents
CIP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
DHCP Clients Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
System Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Configure the System Log Server. . . . . . . . . . . . . . . . . . . . . . . . . . . 118
View System Log Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Ping Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Switch Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Module Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Port Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Port Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Chapter 5
Troubleshoot the Switch Troubleshoot the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Status Indicators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Power-on Self-test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Bad or Damaged Cable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Ethernet Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Link Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Troubleshoot IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Troubleshoot Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Restart or Reset the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Restart or Reset the Switch from Device Manager . . . . . . . . . . . 132
Reset the Switch with the Express Setup Button. . . . . . . . . . . . . 132
Restart the Switch from the Logix Designer Application . . . . . 133
Troubleshoot a Firmware Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Troubleshoot with the Command-line Interface . . . . . . . . . . . . . . . . 134
Appendix A
Status Indicators Port Status Indicators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
System Status Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Appendix B
Data Types 1783-LMS5 Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
1783-LMS8 Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Appendix C
Port Assignments for CIP Data 1783-LMS5 Port Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
1783-LMS8 Port Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Appendix D
Port Numbering 1783-LMS5 Port Numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
1783-LMS8 Port Numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 5
Page 6
Table of Contents
Appendix E
Cables and Connectors 10/100 Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Connect to 10BASE-T- and 100BASE-TX-Compatible Devices . 146
Index
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
6 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 7
Preface
This publication describes the features and tools to help you configure and
monitor Stratix® 2500 lightly managed switches. In addition, this publication
provides troubleshooting information to help you resolve basic switch and
network issues.
This manual assumes that you understand the following :
• Local area network (LAN) switch fundamentals
• Concepts and terminology of the Ethernet protocol and local area
networking
Summary of Changes
Access Product Release Notes
This manual contains new and updated information.
Top ic Pag e
Plug and Play Mode in Device Manager 22
Access product release notes from the Product Compatibility and Download
Center at http://www.rockwellautomation.com/rockwellautomation/
support/pcdc.page.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 7
Page 8
Preface
Additional Resources
These documents contain additional information concerning related products
from Rockwell Automation.
Resource Description
Stratix Ethernet Device Specifications Technical Data,
publication 1783-TD001
Stratix 2500 Managed Switches Installation Instructions,
publication 1783-IN011
Ethernet Design Considerations Reference Manual,
publication ENET-RM002
Device Manager web interface online help (provided with
the switch)
Industrial Automation Wiring and Grounding Guidelines,
publication 1770-4.1
Product Certifications website, http://
www.rockwellautomation.com/global/certification/
overview.page
Provides specification information for the switches.
Provides installation instructions for the switches.
Provides information about implementing a system
based on the EtherNet/IP platform.
Provides context-sensitive information about how to
configure and use the switch, including system
messages.
Provides general guidelines for installing a Rockwell
Automation industrial system.
Provides declarations of conformity, certificates, and
other certification details.
You can view or download publications at
http://www.rockwellautomation.com/global/literature-library/overview.page
To order paper copies of technical documentation, contact your local
Allen-Bradley distributor or Rockwell Automation sales representative.
.
8 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 9
Chapter 1
About the Switches
Top ic Pa ge
EtherNet/IP CIP Interface 10
Software Features 13
Hardware Features 13
Stratix® 2500 lightly managed switches provide a secure switching
infrastructure for harsh environments. You can connect the switches to
network devices such as servers, routers, and other switches. In industrial
environments, you can connect Ethernet-enabled industrial communication
devices, including programmable logic controllers (PLCs), human machine
interfaces (HMIs), drives, sensors, and I/O.
The switches are available in 5- and 8-port versions. You can install the switches
in two ways:
• As unmanaged switches that require no configuration, but still provide
traffic prioritization and multicast optimization
• As lightly managed switches configurable in the Device Manager web
interface or the Studio 5000 Logix Designer® application
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 9
Page 10
Chapter 1 About the Switches
EtherNet/IP CIP Interface
Stratix 2500 switches contain an EtherNet/IP network interface. The
EtherNet/IP network is an industrial automation network specification from
the Open DeviceNet Vendor Association (ODVA). The network uses the
Common Industrial Protocol (CIP) for its application layer and TCP/UDP/
IP for its transport and network layers. This interface is accessible from any of
the Ethernet ports by using the IP address of the switch.
CIP Network Connections
CIP is an object-oriented, connection-based protocol that supports two basic
types of messaging:
•Explicit
•Implicit (I/O)
A maximum of 128 connections is available. Both connection types must use
the switch password before any switch parameters can be written. The
password is the same one you enter during Express Setup.
Table 1 - CIP Network Connections
Connection Description
Explicit Messaging Explicit Messaging connections provide generic, multi-purpose communication paths
Implicit messaging
(I/O connections)
between two devices. These connections are often referred to as messaging connections.
Explicit messages provide request/response-oriented network communication. Each
request is typically directed at another data item. Explicit messages can be used to
configure, monitor, and troubleshoot the switch.
The Explicit Messaging interface is used by the Studio 5000 Logix Designer application.
I/O connections provide dedicated, special purpose communication paths between a
producing application and one or more consuming applications. The application-specific
I/O data that moves through these connections is typically a fixed, cyclical structure.
The switch supports two I/O connection choices.
•Input Only
•Exclusive Owner
Both connections are cyclic and adjustable from 300...5000 ms.
The Input Only connection contains a data structure with status information on the switch
in general and specific status on each of the ports. This connection is multicast. Multiple
controllers can share the connection.
The Exclusive Owner connection uses the same Input data structure as the Input Only
connection, but adds an Output data structure. The Output data contains a bit for each port
that lets you enable or disable each port separately. While the Input data on this
connection can be shared via multic ast by multiple controllers, only one controller can own
the Output data. If a second controller attempts to open this connection, the connection is
rejec ted.
IMPORTANT Because the controller sends output data cyclically, the output data
overrides attempts by other software tools or visualization stations
to enable or disable a port.
10 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 11
About the Switches Chapter 1
RSLinx Software and Network Who Support
The EtherNet/IP network interface supports the RSLinx® software RSWho
feature. RSWho enables you to locate and identify your switch on the network
by using the electronic data sheet (EDS) files.
To access the RSWho function, from the RSLinx software toolbar, choose
Communications > RSWho.
IMPORTANT After using the RSWho feature, if you access the switch and view the
Ethernet link counters, you see the counts for only the first port (Port Fe1/1).
Electronic Data Sheet (EDS) Files
Electronic Data Sheet (EDS) files are text files that are used by network
configuration tools, such as RSNetWorx™ for EtherNet/IP software. EDS files
help you identify products and commission them on a network. EDS files
contain details about the readable and configurable parameters of the device.
They also provide information about the I/O connections the device supports
and the content of the associated data structures.
If you are using the switch in a system without a Rockwell Automation Logix
controller, you cannot use the add-on profile (AOP) supplied with Logix
controllers. You must use information from the EDS files to configure the I/O
connection.
EDS files for the Stratix switches are included with the following software
packages:
•RSLinx software
• RSLogix 5000® software
• RSNetWorx for EtherNet/IP software
You can also obtain the EDS files in either of these two ways:
• By downloading it from
http://www.rockwellautomation.com/resources/eds/
• By using the RSLinx EDS Hardware Installation tool.
To upload the EDS files directly from the switch over the network, follow these
steps.
1. From the Start menu, choose Programs >
Rockwell Software >RSLinx >Tools > EDS Hardware Installation Tool.
.
2. To launch the EDS Wizard and add the selected hardware description
and associated files, click Add.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 11
Page 12
Chapter 1 About the Switches
Data Accessible with CIP
The CIP interface enables you to access the information in Ta b l e 2 .
Table 2 - Data Accessible with CIP
Data Type Details
Input data via I/O connection • Link status per port: not connected, connected
Output data via I/O connection Port disable per port: enabled, disabled
Other status data • Module identification (vendor ID, device type, product code, product name, revision, serial number)
Configuration data • Major and minor revision of switch
Smartport assignment per port • Role
Save and restore of switch configuration Via File Obj
• Unauthorized device per port: OK, not OK
• Unicast threshold that is exceeded per port: OK, exceeded
• Multicast threshold that is exceeded on each port: OK, exceeded
• Broadcast threshold that is exceeded on each port: OK, exceeded
• Port bandwidth utilization per port: value in %
• Alarm major: OK, tripped
• Multicast groups active: quantity
• Major/minor fault status, I/O connection, module identity match
• Active alarms
•Active faults
• Switch uptime since last restart
• Switch internal temperature in deg rees Centigrade
• Power supply is present: yes, no
• Firmware release version
• CIP connection counters: open/close requests, open/close rejects, timeouts
• Port alarm status per port: OK, Link Fault, Not Forwarding, Not Operating, High Bit Error Rate
• Port fault status per port: Error Disable, Native VLAN Mismatch, MAC address Flap Condition, Security Violation
• Port diagnostic counters per port: Ethernet interface counters (10), Ethernet media counters (12)
•Link status
• Electronic keying (Exact Match, Disable Keying)
• Connection (Input Data, Data)
• Data connection password
• Requested packet interval (RPI)
•Inhibit module
• Major fault on controller if connection fails while in Run mode
• Use unicast connections over EtherNet/IP
•Module fault display
• IP addressing method: Manual, DHCP
• IP address, subnet mask, primary and secondary DNS server address, default gateway (all if static)
• Host name
• Administration: contact name, geographic location
• Spanning Tree Mode (MST, RSTP)
• Port configuration per port: enable/disable, auto-negotiate, speed, duplex
• Smartports and VLANs: assign roles per port, VLAN ID and name
• Port security: enable, allowed MAC IDs per port, dynamic, static
•VLAN
12 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 13
About the Switches Chapter 1
Software Features
Switch software features can be configured in Device Manager, the
Logix Designer application, or both:
•SeeConfiguration
in Device Manager on page 29
•SeeConfiguration in the Studio 5000 Environment on page 35
Feature Device Manager Logix Designer
802.1X Authentication
Alarm Configuration
Alarm Monitoring
Dynamic Host Configuration
Protocol (DHCP)
EtherChannels
Internet Group Management Protocol (IGMP Snooping
with Querier
Port Mirror ing
Port Secur ity
Quality of Service (QoS)
Simple Network Management Protocol (SNMP)
Smartports
Spanning Tree Protocol (STP)
• —
• —
••
••
•
•
• —
• —
••
• —
• —
••
• —
Hardware Features
Storm Control
Ter mi na l Ac ces s C ont ro lle r
Access Con trol System Plus/
Remote Authentication DialIn Use r Servi ce (TACACS+/
RADIUS)
Virtual Loc al Area Net works ( VLANs)
• —
•—
••
For technical specifications, see the Stratix Ethernet Device Specifications
Technical Data, publication 1783-TD001.
Feature Description
Power connector You connect the power to the top panel of a switch. One connector provides DC power.
10/100 copper por ts You can set the 10/100 cop per ports to operate at 10 Mbps or 100 Mbps, full-duplex, or half-
duplex. You can also set these ports for speed and duplex autonegotiation in compliance
with IEEE 802.3-2002. The default setting is autonegotiate.
When set for autonegotiation, the port senses the speed and duplex settings of the
attached device. If the connected device also supports autonegotiation, the switch port
negotiates the connection with the fastest line speed that both devices support. The port
also negotiates full-duplex transmission if the attached device supports it. The por t then
configures itself accordingly. In all cases, the attached device must be within 100 m (328 ft)
of the switch.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 13
Page 14
Chapter 1 About the Switches
Notes:
14 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 15
Get Started
Top ic Pag e
Out-of-the-box Configuration 16
Express Setup Configuration 16
Network Settings in Device Manager 22
Configure Network Settings in the Logix Designer Application 26
Configuration in Device Manager 29
Configuration in the Studio 5000 Environment 35
User Administration in Device Manager 42
Configuration Files 44
Software Updates 48
Access Management in Device Manager 50
Chapter 2
You can install a Stratix® 2500 switch in your network in two ways:
• Use the out-of-the-box configuration. User-defined configuration is not
required. See Out-of-the-box Configuration
on page 16.
• Use the Express Setup configuration. You can then configure and
monitor the switch with software. See Express Setup Configuration
page 16.
on
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 15
Page 16
Chapter 2 Get Started
Out-of-the-box Configuration
Express Setup Configuration
The out-of-the-box configuration for the switch provides these features:
• Configures Quality of Service (QoS) settings to prioritize EtherNet/IP,
Precision Time Protocol (PTP), and industrial traffic. For more
information about QoS, see page 78
• Enables Internet Group Management Protocol (IGMP) snooping with
querier. For more information about IGMP with querier, see page 71
Management protocols (HTTPS and SNMP) are disabled with the out-ofthe-box configuration. However, these protocols are enabled if you apply the
Express Setup configuration to the switch.
You can install the switch in your network with no user-defined configuration.
The Express Setup configuration for the switch provides the same features as
the out-of-the-box configuration, and the following :
•Enables CIP
• Enables message logging (SYSLOG) and Simple Network Management
Protocol (SNMP) notifications
.
.
• Enables Multiple Spanning Tree Protocol (MSTP), Bridge Protocol
Data Unit (BPDU) Guard, BPDU Filter
• Encrypts administrator traffic during SNMP sessions and provides
increased network security by enabling these protocols:
–SNMPv3
–HTTPS
The switch does not support Telnet and HTTP protocols.
Once you run Express Setup, you can complete the configuration of the switch
by using the Device Manager web interface or the Studio 5000 Logix Designer®
application.
16 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 17
Get Started Chapter 2
Express Setup Button
Express Setup Button
Use the Express Setup button on the physical switch to perform Express Setup.
The Express Setup button is recessed behind the front panel. To reach the
button, use a small tool, such as a paper clip.
WARNING: When you press the Express Setup button while power is on, an
electric arc can occur. This could cause an explosion in hazardous location
installations.
Express Setup Modes
Express Setup has three modes:
IMPORTANT The Studio 5000 Logix Designer application supports only Medium-press
• Short Press mode—Use a direct connection to enter the initial IP
address of the switch. You can then configure additional network
settings in Device Manager. To run Short Press mode, see page 19
• Medium Press mode—You can use a DHCP server to assign the switch
an IP address. You can then configure additional network settings in
Device Manager or the Logix Designer application. FactoryTalk®
Network Manager (FTNM) also supports Plug and Play (PnP) in
Medium Press mode. To run Medium Press mode, see page 21
• Long Press mode—Reset the switch to use factory default settings. To
run Long Press mode, see page 22
mode.
.
.
.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 17
Page 18
Chapter 2 Get Started
Ta b l e 3 summarizes the function of each mode.
Table 3 - Express Setup Modes
Attribute Short Press Mode Medium Press Mode Long Press Mode
Enable method Press and hold the Express Setup button until the
Setup status indicator flashes green during
seconds 1…5, and then release.
Setup status indicator Flashes green between seconds 1…5. Flashes red between seconds 6…10. Flashes green and red between seconds 16…20.
Function • The Express Setup management interface is
selected.
• The switch acts as a DHCP ser ver on VLAN 1
with an address of 169.254.0.1.
• Once the DHCP session is successfully
established, the switch assigns the computer
an IP address of 169.254.0.2 on VLAN 1.
• The default login credentials are set to the
following:
– User name: [no user name/blank]
– Password: switch
• Express Setup parameters are completed in
Device Manager.
Press and hold the Express Setup button until the
Setup status indicator flashes red during seconds
6…10, and then release.
Between seconds 11…15 and after 21 seconds, the Setup status indicator turns off. If you release the
Express Setup button while the Setup status indicator is off, no Express Setup mode is enabled.
• A DHCP client request is sent out of all switch
ports on VLAN 1.
• VLAN 1 is configured for the IP address that is
returne d by DHCP.
• The default login credentials are set to the
following:
– User name: [no user name/blank]
–Password: switch
• CIP is enabled on VLAN 1 with the CIP Security
password set to switch.
• Express Setup parameters are completed in
Device Manager or the Logix Designer
application. FTNM also supports PnP in
Medium Press mode.
Press and hold the Express Setup button until the
Setup status indicator flashes alternating green
and red during seconds 16…20, and then
release.
• All configuration settings in internal memor y
are reset to factory defaults.
• The switch restarts with factory default
settings.
Express Setup Requirements
To run Express Setup in Short Press mode, do the following:
• Disable other networks in your system.
• Set your computer to determine its IP address automatically versus
statically.
• Disable any static domain name servers (DNS).
• Disable any wireless interface on your computer.
• Disable browser proxy settings.
• Make at least one switch port available for Express Setup.
18 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 19
Get Started Chapter 2
Confirm the following hardware and software requirements.
Table 4 - Express Setup Hardware Requirements
Component Requirement
Processor 1 GHz or faster 32 bit (x86) or 64 bit (x64)
RAM 1 GB RAM (32-bit) or 2 GB RAM (64-bit)
Hard disk space 16 GB (32 bit) or 20 GB (64 bit)
Computer-to-switch connection
(Required for Express Setup in
Short Press mode)
Table 5 - Express Setup Software Requirements
Component Requirement
Operating system Microsoft Windows 7 or Windows 10
Web browser Latest version of Internet Explorer™ or Firefox with JavaScript enabled.
Straight-through or crossover Category 5 Ethernet cable
Express Setup verifies the browser version when starting a session, and it does
not require a plug-in.
Run Express Setup in Short Press Mode
The following conditions cause the switch to exit Short Press mode.
Table 6 - Conditions Cause the Switch to Exit Short Press Mode
Condition Status Indicator Behavior
A non-default configuration exists on the switch. The Setup status indicator turns red for 10 seconds.
You do not connect to the Express Setup port within two
minutes from when the port status indicator flashes
green.
No DHCP request is received for two minutes from when
you connect to the Express Setup port.
No browser session is started for t wo minutes after an IP
address is assigned to the computer.
You disconnect your computer from the switch before
the setup process is complete.
The unconnected port status indicator and the Setup
status indicator turn off.
The Setup status indicator turns red for 10 seconds.
The unconnected port status indicator and the Setup
status indicator turn off.
All Express Setup temporary configurations, such as
DHCP server, are removed.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 19
Page 20
Chapter 2 Get Started
To run Express Setup in Short Press mode, follow these steps.
1. Apply power to the switch.
When the switch powers on, it begins its power-on sequence. The
power-on sequence can take as many as 45 seconds to complete.
2. Make sure that the power-on sequence has completed by verifying that
the EIP Mod indicator is flashing green.
If the switch fails the power-on sequence, the EIP Mod status indicator
turns red.
3. Press and hold the Express Setup button until the Setup status indicator
flashes green during seconds 1…5, and then release.
The switch selects a port to use for Express Setup.
4. Connect a Category 5 Ethernet cable from the flashing switch port to
the Ethernet port on a computer.
Once you connect the switch to the computer, the Setup status indicator
and the status indicator for the port connected to the computer change
from flashing green to solid green.
The switch acts as a DHCP server on VLAN 1 with the address of
169.254.0.1, and serves address 169.254.0.2 to the computer.
5. Access Device Manager by starting a web browser session and typing the
switch IP address, 169.254.0.1. The default login credentials are:
• User name: [no user name/blank]
• Password: switch
For detailed steps about how to access Device Manager, see page 30
.
IMPORTANT If the Device Manager window does not appear, try the following:
• Verify that your network adapter is set to accept a DHCP address.
• Verify that any wireless interface is disabled on the computer.
• Verify that any proxy settings or popup blockers are disabled on your
browser.
• Enter the URL of a well-known website in your browser to be sure that
the browser is working correctly. Your browser then redirects to Device
Manager.
6. Proceed to Network Settings in Device Manager
on page 22.
20 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 21
Get Started Chapter 2
Run Express Setup in Medium Press Mode
The following conditions cause the switch to exit Medium Press mode.
Table 7 - Conditions Cause the Switch to Exit Medium Press Mode
Condition Status Indicator Behavior
A non-default configuration exists on the switch. The Setup status indicator turns red for 10 seconds.
No DHCP response is received for 10 minutes from when
the switch broadcast the request.
IMPORTANT Before you begin, confirm that your system has a DHCP server that is
configured to assign the switch an IP address.
To run Express Setup in Medium Press mode, follow these steps.
1. Apply power to the switch.
When the switch powers on, it begins its power-on sequence. The
power-on sequence can take as many as 45 seconds to complete.
2. Make sure that the power-on sequence has completed by verifying that
the EIP Mod and Setup status indicators are flashing green:
• If the switch fails the sequence, the EIP Mod status indicator turns
red.
• If you do not press the Express Setup button within 5 minutes after
the sequence completes, the Setup status indicator turns off.
3. Press and hold the Express Setup button until the Setup status indicator
flashes red during seconds 6…10, and then release:
IMPORTANT You must complete the switch setup within 60 minutes of releasing
the Express Setup button. Otherwise, the switch exits Express Setup.
• The Setup status indicator flashes green during seconds 1…5, and
then red during seconds 6…10.
• The switch broadcasts a DHCP request out of all ports on VLAN 1.
• VLAN 1 is configured with the IP address that is returned by the
DHCP server.
• The default login credentials are set to the following:
– User name: [no user name/blank]
–Password: switch
• CIP is enabled on VLAN 1 with CIP Security password set to
switch.
4. Configure network settings:
• To use Device Manager, see page 22
• To use the Logix Designer application, see page 26
.
.
FTNM also supports PnP in Medium Press mode.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 21
Page 22
Chapter 2 Get Started
Run Express Setup in Long Press Mode
IMPORTANT Long Press mode overwrites all existing configuration files in internal or
external memory and resets the switch to use factory default settings.
Press and hold the Express Setup button until the Setup status indicator flashes
alternating green and red during seconds 16…20, and then release.
Upon release of the Express Setup button, the switch restarts with factory
default settings.
Network Settings in Device Manager
To populate the network settings in Device Manager, you can choose the Plugn-Play (PnP) option, or you can configure the network settings.
Plug and Play Mode
The PnP agent is a software component that is embedded on the device. The
PnP agent prompts the switch to acquire the IP address of the PnP server. After
a connection with the server is established, the PnP agent communicates with
the server to acquire deployment-related information and perform the
associated activities. Deployment activities include configuration, image,
license, and file updates.
If the PnP agent is unable to establish a connection, you can create a PnP
profile. Enter the configuration information into the fields on the Express
Setup page.
The PnP function is not active by default. To choose PnP after you run Express
Setup (see page 17
1. Access Device Manager, as described on page 30
2. On the Express Setup page, from the Select device initial setup mode
menu, choose PnP.
• To prompt the PnP agent to start communication, click Submit.
• If the PnP agent cannot establish a connection, complete the fields
that are described in Ta b l e 8
), follow these steps.
.
.
22 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 23
Get Started Chapter 2
Express Setup Mode
To configure network settings in Device Manager after you run Express Setup
(see page 17
1. Access Device Manager, as described on page 30
2. On the Express Setup page, from the Select device initial setup mode
3. Complete the fields that are described in Ta b l e 8
), follow these steps.
.
menu, choose Express Setup.
.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 23
Page 24
Chapter 2 Get Started
Table 8 - Express Setup Fields—Device Manager
Field Description
Network Settings
Delete PnP Profile (Displayed only if the Select device in itial setup mode is PnP). You can complete the Network Settin gs fields to create a PnP profile. Click Dele te
Host Name Enter a name for the switch within these guidelines:
Management Interface ( VLAN) Choose the ID of the management VLAN through which the switch is managed. The management VLAN is the broadcast domain through
IP Assignment Mode Click an IP Assignment mode to determine whether the switch IP information is manually assigned (static) or is automatically assigned by a
PnP Profile to delete this profile.
• Cannot be longer than 63 characters
• Cannot contain the characters _,!,@,#,$,%,^,&,&,*,(,) ]
• Cannot start with numbers followed by characters. Numbers can follow characters
which management traffic is sent between specific users or devices. It provides broadcast control and security for management traffic that
must be limited to a specific group of users, such as the administrators of your network. It also provides secure administrative access to all
devices in the network.
Choose an existing VLAN as the management VLAN. The default management VLAN ID is 1.
IMPORTANT: Be sure that the switch and your network management station are in the same VLAN. Otherwise, you lose management
connectivity to the switch.
Dynamic Host Configuration Protocol (DHCP) server. The default mode is Static.
We recommend that you check Static and manually assign the IP address for the switch. You can then use the same IP address whenever you
want to access Device Manager.
If you check DHCP, the DHCP server automatically assigns an IP address, subnet mask, default gateway, primary and secondary DNS server to
the switch. Unless restarted, the switch continues to use the DHCP-assigned information, and you are able to use the DHCP-assigned address
to access Device Manager.
For a manually assigned IP address in a network that uses a DHCP server, the IP address cannot be within the range of addresses that the DHCP
server assigns. Otherwise, IP address conflicts can occur between the switch and another device.
24 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 25
Get Started Chapter 2
Table 8 - Express Setup Fields—Device Manager (continued)
Field Description
IP Address (Editable only if the IP Assignment Mode is Static). Enter the IP address and associated subnet mask to assign to the switch:
• The IP address format is a 32-bit numeric address that is written as four numbers that are separated by periods. Each number can be from
0…255.
• The subnet mask is the network address that identifies the subnetwork (subnet) to which the switch belongs. Subnets are used to segment
the devices in a network into smaller groups. The default is 255.255.255.0.
IMPORTANT: If you run multi-mode Express Setup in Medium Press mode, the IP Address field displays the address that is received from the
DHCP server. If you change the address, the connection drops. To re-establish the connection with the new address, close your web browser
and go to the address you specified.
Make sure that the IP address that you assign to the switch is not assigned to another device in your network. The IP address and the default
gateway cannot be the same.
Default Gateway (Editable only if the IP Assignment Mode is Static). Enter the IP address for the default gateway. A gateway is a router or a dedicated network
Primary DNS Server (Editable only if the IP Assignment Mode is Static). Enter the IP address of the primary Domain Name Service (DNS) server. The primary DNS
Secondary DNS Server (Editable only if the IP Assignment Mode is Static). Enter the IP address of the secondary Domain Name Service (DNS) server. The secondary
PnP Server IP (Displayed only if the Select device initial setup mode is PnP) Enter the IP address of the PnP server.
PnP Server Port (Displayed only if the Select device initial setup mode is PnP) Enter the port number that is used to connect to the PnP server.
NTP Server Enter the IP address of the Network Time Protocol (NTP) server. NTP is a networking protocol for clock synchronization between computer
Admin User (Appears only during initial setup in Short Press mode; not editable). The default user name is ‘admin.’
Password, Confirm Password (Appears only during initial setup in Short Press mode). Enter a password for the user name ‘admin.’
Submit Click when your changes to Express Setup fields are complete.
Advanced Settings
Enable CIP To enable CIP on a VLAN, check Enable CIP. You can specify the settings that are required for CIP or check Same As Management VLAN.
CIP VLAN (Editable only if Same as Management VLAN is not checked). Choose the VLAN on which to enable CIP. The CIP VLAN can be the same as the
IP Address (Editable only if Same as Management VLAN is not checked). If the CIP VLAN differs from the management VLAN, enter the IP address and
Same As Management VLAN To make the settings for the CIP VLAN the same as the management VLAN, check Same As Management VLAN. By default, the CIP VLAN
Security Timeout Enter the CIP Security timeout.
device that enables the switch to communicate with devices in other networks or subnetworks. The default gateway IP address must be part of
the same subnet as the switch IP address. The switch IP address and the default gateway IP address cannot be the same.
If all of your devices are in the same network and a default gateway is not used, you do not need to enter an IP address in this field.
If your network management station and the switch are in different networks or subnetworks, you must specify a default gateway. Otherwise,
the switch and your network management station cannot communicate with each other.
server transforms host names into IP addresses.
DNS server is the backup for the primary DNS server.
systems over packet-switched, variable-latency data networks.
Once Express Setup is complete, you can manage user names and passwords from the User page under the Admin menu in Device Manager.
Once Express Setup is complete, you can manage user names and passwords from the User page under the Admin menu in Device Manager.
Enter a password within these guidelines:
• Must be at least eight alphanumeric characters long
• Must contain an uppercase character, a lowercase character, a special character such as @$!%*+=_?&, and a number
• Is case-sensitive
• Cannot contain a tab, nor space at the beginning or end
management VLAN or you can isolate CIP traffic on another VLAN that is already configured on the switch.
For Short Press and Medium Press modes, enter the VLAN ID in the following format: VLAN<space>ID
EXAMPLE: VLAN 136
For Long Press mode, choose a VLAN ID from the pull-down menu.
subnet mask for the CPI VLAN. The format is a 32-bit numeric address that is written as four numbers that are separated by periods. Each
number can be from 0…255.
Make sure that the IP address that you assign to this device is not being used by another device in your network.
settings are the same as the management VLAN settings.
If you enable this option, the CIP VLAN and IP Address fields are auto-populated and cannot be edited.
The range is 1…3600. The default is 600 for Short Press and Medium Press modes.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 25
Page 26
Chapter 2 Get Started
Table 8 - Express Setup Fields—Device Manager (continued)
Field Description
Security Password,
Confirm S ecurity Password
Same as Admin Password (Appears only during initial setup in Short and Medium Press modes).
Enable SSH (Appears only during initial setup in Short and Medium Press modes).
Enter the password to use for the CIP Security string. Enter a password within these guidelines:
• Must be at least eight alphanumeric characters long
• Must contain an uppercase character, a lowercase character, a special character such as @$!%*+=_?&, and a number
• Is case-sensitive
• Cannot contain a tab, nor space at the beginning or end
If you leave this field blank, the password from the initial setup is used by default.
To use the password that is specified in the Admin User field under Network Settings as the CIP Security password, check Same as Admin
Pass word.
If you enable this option, the Security Password and Confirm Security Password fields become unavailable.
To allow Secure Shell (SSH) sessions on the switch, check Enable SSH.
SSH provides a secure, remote connection to the switch. SSH provides more security for remote connections than Telnet does by providing
strong encryption when a device is authenticated.
Once Express Setup is complete, you can enable or disable SSH from the Access Management page under the Admin menu in Device Manager.
Configure Network Settings in the Logix Designer Application
To configure network settings in the Logix Designer application after you run
Express Setup in Medium Press mode, follow these steps.
1. If you have not yet added the switch to a controller project, complete
Steps 1
…4 on page 35.
2. Configure general properties, as described page 36
.
Specify the IP address that is assigned to the switch by the DHCP
server.
3. Go online with the controller, and then open the Module Properties
dialog box for the switch.
4. In the navigation pane, click Switch Configuration.
5. Complete the fields that are described in Ta b l e 9
.
26 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 27
Get Started Chapter 2
Table 9 - Express Setup Fields—Logix Designer Application
Field Description
Internet Protocol (IP) Settings Click the method to use for assigning the switch an IP address:
• Manually Configure IP settings (default)—The switch uses a manually assigned, static IP address.
If you manually assign the IP address of the switch and your network uses a DHCP server, the IP address cannot be within the range of
addresses that the DHCP server assigns. Otherwise, IP address conflicts can occur between the switch and another device.
• Obtain IP settings automatically through DHCP—A Dynamic Host Configuration Protocol (DHCP) server automatically assigns the switch an
IP address, subnet mask, and default gateway.
Unless restarted, the switch continues to use the DHCP-assigned information.
Physical Module IP Address Displays the IP address that is assigned to the switch by the DHCP server during Express Setup. This value must match the IP address on the
Subnet Mask Displays the IP address that is assigned to the switch by the DHCP server during Express Setup. The subnet mask is the network address that
Host Name Enter a name to identify the switch. The name can be up to 64 characters and can include alphanumeric and special characters (comma and
Gateway Address Displays the gateway address that is assigned to the switch by the DHCP server during Express Setup. A gateway is a router or a dedicated
Network Time Protocol (NTP)
Server
User Displays the default user name: Admin
General view. If you change the assigned IP address, make sure that the new IP address is not assigned to another device in your network. The
IP address and the default gateway cannot be the same.
IMPORTANT: If you reconfigure your switch with another IP address, you can lose communication with the switch when you click Set. To
correct this problem, you must return to the Express Setup and General view, set the new IP address, and download to the controller.
identifies the subnetwork (subnet) to which the switch belongs. Subnets are used to segment the devices in a network into smaller groups.
The subnet mask is a 32-bit number. Set each octet between 0…255. The default is 255.255.255.0.
dash).
network device that enables the switch to communicate with devices in other networks or subnetworks. The default gateway IP address must
be part of the same subnet as the switch IP address. The switch IP address and the default gateway IP address cannot be the same.
If all of your devices are in the same network and a default gateway is not used, you do not need to enter an IP address in this field. This field is
enabled only if the IP assignment mode is Static.
If your network management station and the switch are in different networks or subnetworks, you must specify a default gateway. Otherwise,
the switch and your network management station cannot communicate with each other.
IMPORTANT: Communication is disrupted when you change the gateway (IP) address.
Enter the IP address of the NTP server. NTP is a networking protocol for clock synchronization between computer systems over packetswitched, variable-latency data networks.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 27
Page 28
Chapter 2 Get Started
Table 9 - Express Setup Fields—Logix Designer Application (continued)
Field Description
Password, Co nfirm Password Enter a password for the sw itch. To complete initial setup, you must change the password from the default password. The default password is
Management Interface (VLAN) Choose a management VLAN. The default management VLAN ID is 1.
switch.
This password is also used as the Common Industrial Protocol (CIP) security password. You must provide a password to the switch to secure
access to Device Manager.
Enter a password within these guidelines:
• Must be at least eight alphanumeric characters long
• Must contain an uppercase character, a lowercase character, a special character such as @$!%*+=_?&, and a number
• Is case-sensitive
• Cannot contain a tab, nor space at the beginning or end
The management VLAN through which the switch is managed. The management VLAN is the broadcast domain through which management
traffic is sent between specific users or devices. It provides broadcast control and security for management traffic that must be limited to a
specific group of users, such as the administrators of your network. It also provides secure administrative access to all devices in the network.
IMPORTANT: Be sure that the switch and your network management station are in the same VLAN. Otherwise, you lose management
connectivity to the switch.
6. Click OK.
The switch initializes its configuration for typical industrial
EtherNet/IP applications. You can then use the Logix Designer
application for further configuration or exit the application.
7. Turn off power at the source, disconnect any cables to the switch, and
install the switch in your network.
28 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 29
Get Started Chapter 2
Configuration in Device Manager
Device Manager is a web-based management tool for configuring, monitoring,
and troubleshooting individual switches. You can display Device Manager
from anywhere in your network through a web browser.
Device Manager displays real-time views of switch configuration and
performance. It simplifies configuration tasks with features such as Smartports.
It uses graphical, color-coded displays, including the front panel view, graphs,
and animated indicators to simplify the monitoring of tasks. It provides alert
tools to help you to identify and to solve networking problems.
Table 10 - Device Manager Hardware Requirements
Attribute Requirement
Processor speed 1 GHz or faster (32 bit or 64 bit)
RAM 1 GB (32 bit) or 2 GB (64 bit)
Available hard disk space 16 GB (32 bit) or 20 GB (64 bit)
Number of colors 256
Resolution 1024 x 768
Font s ize Small
Table 11 - Device Manager Software Requirements
Web Browser Version
Microsoft Internet Explorer Latest version with JavaScript enabled
Mozilla Firefox Latest version with JavaScript enabled
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 29
Page 30
Chapter 2 Get Started
Access Device Manager
Device Manager provides a secure connection with the latest version of
Internet Explorer or Firefox. Security messages from your browser can appear
when you access Device Manager.
To make sure that Device Manager runs properly, disable any pop-up blockers
or proxy settings in your browser and any wireless clients on your computer.
Device Manager verifies the browser version when starting a session to be sure
that the browser is supported.
To access Device Manager, follow these steps.
1. Start a web browser session and go to the switch IP address, 169.254.0.1.
2. (Internet Explorer). If the following message appears, click Continue to
this website.
(Firefox). If the following message appears, do the following:
a. Click Advanced.
30 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 31
b. Click Add Exception.
c. Click Confirm Security Exception.
Get Started Chapter 2
3. On the Device Manager Login, enter the switch name and password.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 31
Page 32
Chapter 2 Get Started
Configure Port Settings
Port settings determine how data is sent and received between the switch and
the connected device. You can change port settings as based on your network
needs or use them and to troubleshoot network problems. The settings on a
switch port must be compatible with the port settings of the connected device.
To configure port settings, follow these steps.
1. From the Configure menu, under Network, choose Port Settings.
2. To disable a port automatically that encounters a link flap error, check
Error Disable.
A link flap error occurs when an interface continually goes up and down
more than 5 times in 10 seconds. A single link flap event includes the
complete cycling up and down of the link.
3. To re-enable an interface automatically that is disabled by a link flap
error, check Auto Recovery. After a specified timeout period, the reenable occurs.
Auto Recovery is editable only if you check Error Disable.
4. To disable a port automatically that encounters a DHCP rate limit error,
check Error Disable.
A DHCP rate limit error occurs when the rate of DHCP packets per
second rate exceeds the value set for the port. This value is set in the
DHCP Port Configurations tab. See Ta b l e 2 6
.
5. To re-enable an interface automatically that is disabled by a DHCP rate
limit error, check Auto Recovery. After a specified timeout period, the
re-enable occurs.
Auto Recovery is editable only if you check Error Disable.
6. In the Recovery Interval field, enter the number of seconds for a port
with a link flap error, or DHCP rate limit error, to remain disabled
before the Auto Recovery feature re-enables the port.
Valid values are 30…86400 seconds. The default recovery interval is 300
seconds.
7. Click Submit.
8. To edit basic settings for a specific port, click the radio button next to
the port name and click Edit.
9. Edit the fields on the Edit Physical Port dialog box and click OK.
32 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 33
Get Started Chapter 2
For more information about a field on the Port Settings page or Edit Physical
Port dialog box, see Table 12 on page 34
.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 33
Page 34
Chapter 2 Get Started
Table 12 - Port Settings
Field Description
Port Name Displays the port type (Fa for Fast Ethernet) and number.
MTU The Maximum Transmission Unit (MTU) of the port.
The range is 1518…1998 bytes. The default is 1998.
MTU sizes larger than 1518 are jumbo frames.
Administrative (Appears only on the Edit Physical Port dialog box).
Indicates whether the port is enabled or disabled:
• Checked—The port is enabled.
• Cleared—The port is disabled.
By default, all ports are enabled.
Port Status (Appears only on the Port Settings page; not editable).
The state of the switch port:
• Green—Link is up.
• Gray—No link or not connected.
• Brown—Link is administratively shut down.
Speed The operating speed of the switch port:
Duplex The Duplex mode of the switch port:
Administrative Mode The administrative mode of the port:
Access VLAN The VLAN that an interface belongs to and carries traffic for, when the link is configured as or is acting as a nontrunking interface.
Allowed VLAN (Appears only on the Edit Physical Port dialog box).
Native VLAN (Appears only on the Edit Physical Port dialog box).
• 10 Mbps
• 100 Mbps
• Auto—Enables a connected device to negotiate the link speed.
The default speed is Auto.
• Auto (autonegotiation)—The connected device can negotiate the duplex setting with the switch. If the port is not connected or has not co mpleted
negotiation, the status is Auto.
• Full (Full-duplex mode)—Both devices can send data simultaneously.
• Half (Half-duplex mode) —The connected device must alternate sending or receiving data. Both devices cannot send data simultaneously.
The default is Duplex mode is Auto.
We recommend that you use the default so that the duplex setting on the switch port automatically matches the setting on the connected device.
Change the Duplex mode on the switch port if the connected device requires a specific mode.
An example of when to change this setting is during troubleshooting. If you are troubleshooting a connectivity problem, you can change this setting to
verify if the switch port and connected device have a duplex mismatch.
• Access—The interface is in permanent non-trunk mode and negotiates to convert the neighboring link into a non-trunk link even if the
neighboring interface is a trunk interface. If you choose this option, also choose an Access VLAN. Access ports have the following characteristics:
– Member of exactly one VLAN (the Access VLAN). The Access VLAN is 1 by default.
– Accepts untagged frames only.
– Discards all frames that are not classified to the Access VLAN.
– On egress, all frames are transmitted untagged.
• Trunk—The interface is in permanent trunk mode and negotiates to convert the neighboring link into a trunk link even if the neighboring interface
is not a trunk interface. If you choose this option, also choose whether to allow All VLANs or specified VLAN IDs. Trunk ports have the following
characteristics:
– By default, a trunk port is member of all VLANs (1…4094).
– Limit the VLANs that a trunk por t is a member of by using Allowed VLANs.
– Frames that are classified to a VLAN that the port is not a member of are discarded.
– By default, all frames except frames that are classified to the Port VLAN (the Native VLAN) get tagged on egress. Frames that are classified to the
Port VLAN do not get C-tagged on egress.
– Egress can be changed to tag all frames, in which case only tagged frames are accepted on ingress.
• Hybrid—Similar to a trunk port, with the default configuration being VLAN tag unaware.
The default administrative mode is Access.
The VLAN or VLANs for which the interface handles traffic when the link is configured as or is dynamically acting as a trunking interface.
To allow traffic on all available VLANs, click All VLANs.
To limit traffic to specific VLANs, click VLAN IDs and enter the VLAN numbers.
The VLAN that transports untagged packets.
34 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 35
Get Started Chapter 2
Configuration in the Studio 5000 Environment
You can manage the switch by using the Logix Designer application in the
Studio 5000® environment. The Logix Designer application is IEC 61131-3
compliant and offers relay ladder, structured text, Function Block Diagram,
and sequential function chart editors for you to develop application programs.
To add the switch to a controller project in the Logix Designer application,
follow these steps.
IMPORTANT These steps are required before you can go online to configure and monitor
the switch. You must be online to view and configure most switch
parameters in the Logix Designer application.
1. Open the project file for the controller to monitor the switch.
2. Right-click Ethernet and choose New Module.
3. On the Select Module Type dialog box, select the switch and click
Create.
If you do not see the switch on the list, you can obtain the AOP from the
Rockwell Automation support website:
http://www.rockwellautomation.com/support/
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 35
Page 36
Chapter 2 Get Started
General Properties
To configure general properties, follow these steps.
1. In the navigation pane, click General.
2. Complete the fields, and then click Apply.
IMPORTANT The IP address and host name must match the values that you used during
Express Setup. On the Module Properties dialog box, you can choose either
an IP address or host name.
Table 13 - General Fields
Field Descri ption
Name Enter a name to identify the switch.
Description Enter a description for the switch.
Ethernet Address Displays the IP address or host name for the switch that was specified during Express Setup.
• Private Network—The IP address of your private network.
• IP Address—The IP address that was specified during Express Setup.
• Host Name—The host name that was specified during Express Setup. The host name
requires that you have a DNS server that is configured on the network for the Ethernet
interface module of the controller.
36 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 37
Get Started Chapter 2
3. In the Module Definition area, click Change.
4. On the Module Definition dialog box, complete the fields and click
OK.
Table 14 - Module Definition Fields
Field Description
Revision The major and minor revision of the switch:
Electronic Keying Choose one of the following:
Connection Choose one of the following:
Data Connection Password (Data connections only). Enter the password for accessing the switch.
•Major revision: 1…128
• Minor revision: 1…255
• Compatible Module (default)
• Exact Match
• Disable Keying
• Input Data (default): Enables only an input data connection.
• Data: Enables an input and output data connection.
ATT EN TI ON : This selection enables output tags, which can disable ports and interrupt connections to and through the switch. You can
disable a switch port by setting the corresponding bit in the output tag. The output bits are applied every time that the switch receives the
output data from the controller when the controller is in Run mode. When the controller is in Program mode, the output bits are not applied.
If the corresponding output bit is 0, the port is enabled. If you enable or disable a port by using Device Manager, the port setting is
overridden by the output bits from the controller on the next cyclic update of the I/O connection. The output bits always take precedence.
Enter a password within these guidelines:
• Must be at least eight alphanumeric characters long
• Must contain an uppercase character, a lowercase character, a special character such as @$!%*+=_?&, and a number
• Is case-sensitive
• Cannot contain a tab, nor space at the beginning or end
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 37
Page 38
Chapter 2 Get Started
Connection Properties
To configure connection properties, follow these steps.
1. In the navigation pane, click Connection.
2. Complete the fields, and then click Apply.
Table 15 - Connection Fields
Field Description
Requested Packet Interval (RPI) Enter the period in milliseconds at which data updates over a connection. For example, an input module
Inhibit Module To disable communication between the controller and the switch, check Inhibit Module.
Major Fault on Controller If Connection Fails While in Run mode To have the controller create a major fault if connection fails in Run mode, check the checkbox.
Use Unicast Connections over EtherNet/IP To use Unicast connections with the EtherNet/IP network, check the checkbox.
Module Fault Displays the fault code from the controller and the text that indicates the module fault has occurred.
sends data to a controller at the RPI that you assign to the module.
Valid range: 300…5000 ms
Clear Inhibit Module to restore communication.
38 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 39
Get Started Chapter 2
Switch Configuration
On the Switch Configuration view, you can do the following:
• Change switch IP settings
• Enter contact geographic location information for the switch
• View the management VLAN for the switch
To configure switch IP and administrative settings, follow these steps.
1. In the navigation pane, click Switch Configuration.
2. Complete the fields that are described in Table 16 on page 40
3. Click Set.
.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 39
Page 40
Chapter 2 Get Started
Table 16 - Switch Configuration Fields
Field Description
Internet Protocol (IP) Settings Click the method to use for assigning the switch an IP address:
• Manually Configure IP settings (default)—The switch uses a manually assigned, static IP address.
If you manually assign the IP address of the switch and your network uses a DHCP server, the IP address cannot be within the
range of addresses that the DHCP server assigns. Other wise, IP address conflicts can occur between the switch and another
device.
• Obtain IP settings automatically through DHCP—A Dynamic Host Configuration Protocol (DHCP) server automatically assigns
the switch an IP address, subnet mask, and default gateway.
Unless restarted, the switch continues to use the DHCP-assigned information.
We recommend that you manually assign the IP address for the switch. You can then use the same IP address whenever you want
to access the switch.
Physical Module IP Address Displays the IP address that is assigned to the switch by the DHCP server during Express Setup. This value must match the IP address
Subnet Mask Displays the IP address that is assigned to the switch by the DHCP server during Express Setup. The subnet mask is the network
Gateway Address Displays the gateway address that is assigned to the switch by the DHCP server during Express Setup. A gateway is a router or a
Primary DNS Server Address (Required for DNS addressing). Enter the addresses to identify any DNS servers in the network. You must configure a DNS server if
Secondary DNS Server Address
Domain Name (Required for DNS addressing). Enter a domain name to identify the domain in which the switch resides.
Host Name (Required for DNS addressing). Enter a host name to identify the host for the switch. A host name is part of a text address. The full
Contact Enter contact information for the switch, up to 200 characters. The contact information can include alphanumeric and special
Geographic Location Enter a geographic location of the switch, up to 200 characters. The geographic location can include alphanumeric and special
Management Interface VLAN Displays the VLAN through which the switch is managed. The management VLAN is the broadcast domain through which
on the General view. If you change the assigned IP address, make sure that the new IP address is not assigned to another device in
your network. The IP address and the default gateway cannot be the same.
IMPORTANT: If you reconfigure your switch with another IP address, you can lose communication with the switch when you click
Set. To correct this problem, you must return to the Express Setup and General view, set the new IP address, and download to the
controller.
address that identifies the subnetwork (subnet) to which the switch belongs. Subnets are used to segment the devices in a
network into smaller groups. The subnet mask is a 32-bit number. Set each octet between 0…255. The default is 255.255.255.0.
dedicated network
device that enables the switch to communicate with devices in other networks or subnetworks. The default gateway IP address
must be part of the same subnet as the switch IP address. The switch IP address and the default gateway IP address cannot be the
same.
If all of your devices are in the same network and a default gateway is not used, you do not need to enter an IP address in this field.
This field is enabled only if the IP assignment mode is Static.
If your network management station and the switch are in different networks or subnetworks, you must specify a default gateway.
Otherwise, the switch and your network management station cannot communicate with each other.
IMPORTANT: Communication is disrupted when you change the gateway (IP) address.
you specify a domain name or a host name. The DNS server converts the domain name or host name to an IP address that the
network uses.
A domain name is part of a text address. The full text address of a module is host_name.domain_name. The domain name has a
48-character limit. If you specify a DNS server, you must enter a domain name.
text address of a module is host_name.domain_name.
characters (dash and comma) and a carriage return.
characters (dash and comma) and a carriage return.
management traffic is sent between specific users or device. It also provides secure administrative access to all devices in the
network.
IMPORTANT: Be sure that the switch and your network management station are in the same VLAN. Otherwise, you lose
management connectivity to the switch.
40 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 41
Get Started Chapter 2
Port Configuration
Configure ports to specify how data is sent and received between the switch
and a connected device.
To configure ports, follow these steps.
1. In the navigation pane, click Port Configuration.
2. Complete the fields, and click Set.
Table 17 - Port Configuration Fields
Field Description
Port Displays the port type (Fa for Fast Ethernet) and number.
Enable To enable the port, check Enable.
To disable the port manually, clear the Enable checkbox. If the port is not in use and is not attached to a device, we recommend that you disable the port. You
can troubleshoot a suspected unauthorized connection by manually disabling the port.
Auto-Negotiate If you want the port and end-device to auto-negotiate the link speed and Duplex mode, check Auto-Negotiate.
To specify the port speed and Duplex mode manually, clear the Auto-Negotiate checkbox.
We recommend that you use the default (auto-negotiate) so that the speed and duplex settings on the switch port match the setting on the connected device.
Change the switch port speed and duplex if the connected device requires a specific speed and duplex. If you set the speed and duplex for the switch port, the
connected device must be configured for the same speed and duplex and not set to auto-negotiate. Otherwise, a speed/duplex mismatch occurs.
Speed Choose the operating speed of the port:
Duplex Choose one of these Duplex modes:
• 10 Mbps
• 100 Mbps
• Half-duplex—Both devices cannot send data simultaneously.
• Full-duplex—Both devices can send data simultaneously.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 41
Page 42
Chapter 2 Get Started
User Administration in Device Manager
From the Admin menu, under Device Management, choose Users.
Users are validated based on the Authentication, Authorization, and
Accounting (AAA) method chosen from the pull-down menu. Click Submit
after choosing the desired method.
For server configuration information, see Terminal Access Controller Access
Control System Plus/Remote Authentication Dial-In User Service
(TACACS+/RADIUS) on page 99.
Table 18 - AAA Method Pull-down Menu
Field Description
Local Use the local user database that is configured on the
Tacacs - > Local Use the TACACS server. Use the local user database if the
Radius - > Local Use the RAD IUS server. Use the local us er database if the
device. Local is the default setting.
TACACS s erver is un avail able .
RADIUS server is unavailable.
You can add, edit, or delete users for the switch:
• To add a user, click Add. Complete the fields that are described in
Table 19 on page 43
and click OK.
• To edit a user, click the radio button next to the user and click Edit. Edit
the fields that are described in Table 19 on page 43
and click OK.
• To delete a user, click the radio button next to the user and click Delete.
42 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 43
Get Started Chapter 2
Table 19 - Add/Edit User Fields
Field Description
Name Enter a unique user name. The user name cannot contain spaces.
Privilege Choose the level of access for the user:
• Admin—Users can view and change all switch parameters.
• ReadOnly—Users can only view switch status and monitoring information.
Users cannot view configuration information, view administration information,
or make changes to the switch.
Password Enter the password that is required for access wi th this user n ame.
Confirm Password
Enter a password within these guidelines:
• Must be at least eight alphanumeric characters long
• Must contain an uppercase character, a lowercase character, a special character
such as @$!%*+=_?&, and a number
• Is case-sensitive
• Cannot contain a tab, nor space at the beginning or end
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 43
Page 44
Chapter 2 Get Started
Configuration Files
When any changes are made to the switch configuration, the changes
immediately take effect in the running configuration file. Device Manager and
the Logix Designer application automatically save changes to internal memory
to be retained for the next power-on cycle. You can move configuration files to
or from the switch.
Manage Configuration Files in Device Manager
Device Manager uses Trivial File Transfer Protocol (TFTP) or Hypertext
Transfer Protocol (HTTP) for the file transfer.
The following configuration files are available for transfer:
• running-config—Stores the running configuration of the switch.
Available for upload and download.
• startup-config—Stores the start-up configuration of the switch.
Available for download only.
Upload a File
To upload the running-config file to the switch, follow these steps.
1. From the Admin menu, under File Management, choose Load/Save.
2. If the file is on your local computer, click Browse, select the file, and then
click Upload.
or
If the file is on a remote TFTP server, in the TFTP Address and File
location fields, enter the IP address of the server and the path to the file.
Click Upload.
The configuration file must be named running-config to replace the
existing file.
44 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 45
Get Started Chapter 2
Download a File
To download a running-config or startup-config file, follow these steps.
1. From the Admin menu, under File Management, choose Load/Save.
2. If the file is on your local computer, from the Select a configuration file
pull-down menu, choose the configuration file to download, and then
click Download.
or
If the file is on a remote TFTP server, in the TFTP Address and File
location fields, enter the IP address of the server and the path to the file.
Click Download.
IMPORTANT After you have completed this download, you must save the running
configuration without restarting the switch as shown on page 132
you save the running configuration without restarting the switch, you
maintain the configuration through the next power cycle.
. When
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 45
Page 46
Chapter 2 Get Started
Manage Configuration Files in the Logix Designer Application
In the Logix Designer application, you can save and restore the following two
configuration files:
• Text file with switch configuration parameters (config.text)
• Binary file with VLAN information (vlan.dat)
Be prepared to enter a valid switch password. Enter a password within these
guidelines:
• Must be at least eight alphanumeric characters long
• Must contain an uppercase character, a lowercase character, a special
character such as @$!%*+=_?&, and a number
• Is case-sensitive
• Cannot contain a tab, nor space at the beginning or end
To save and restore configuration files, follow these steps.
1. In the navigation pane, click Save/Restore:
• To replace the configuration files in the controller project with the
configuration files on the switch, click Upload.
• To replace the configuration files on the switch with the
configuration files in the controller project, click Download.
• To restore the configuration files in the controller project with files
on your local computer, click Import.
• To save the configuration files in the controller project to your local
computer, click Export.
2. Click OK.
I
46 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 47
Get Started Chapter 2
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 47
Page 48
Chapter 2 Get Started
Software Updates
You can download the latest software for all switches from
http://www.rockwellautomation.com
In Device Manager, you can do the following with the firmware file:
• Use TFTP to transfer the file to the switch
• Use HTTP to download the file to your personal computer or a
network drive, and then select it for the update.
• Swap to a backup image file.
The Software Update page shows the following information:
• Active Image—Version of the software that is currently installed on the
switch.
• Backup Image—Version of the backup image file.
When the device ships from the factory, the backup image is the same as the
installed image. When you upgrade the software, the previously installed image
becomes the backup.
.
Apply a Software Update
To apply the latest software (.bin file) to the switch, follow these steps.
1. From the Admin menu, under File Management, choose Software
Upd ate .
2. If the file is on your local computer, click Browse, select the file, and then
click Update.
or
If the file is on a remote TFTP server, in the TFTP Address and Image
location fields, enter the IP address of the TFTP server and path to the
file location. Click Update.
The Software Update page displays the progress of the software update.
IMPORTANT After the update completes successfully as indicated by a message
notification, we recommend that you clear your browser cache and restart
Device Manager in a new browser session.
48 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 49
Apply a Backup Image
To swap to a backup image, follow these steps.
Get Started Chapter 2
1. From the Admin menu, under File Management, choose Software
Upd ate .
2. Check Swap to back-up image.
3. Click Submit.
A message notifies you of the swap, and the device reloads.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 49
Page 50
Chapter 2 Get Started
Access Management in Device Manager
If a Technical Support representative requires remote access to the switch via
the command-line interface (CLI), you must configure access to the switch
following these steps:
1. From the Admin menu, under Device Management, choose Access
Management.
2. To enable remote access to the switch via the CLI, check Enable SSH.
3. Click Submit.
50 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 51
Configure Switch Features
Top ic Pag e
802.1X Authentication 52
Alarms 53
Dynamic Host Configuration Protocol (DHCP) 56
EtherChannels 66
Internet Group Management Protocol (IGMP) Snooping with Querier 71
Port Mirror ing 73
Port Secur ity 74
Quality of Service (QoS) 78
Simple Network Management Protocol (SNMP) 79
Smartports 89
Spanning Tree Protocol (STP) 92
Storm Control 98
Terminal Access Controller Access Control System Plus/Remote
Authentication Dial-In User Service (TACACS+/RADIUS)
Virtual Local Area Networks (VLANs) 100
Chapter 3
99
This chapter describes software features that you can configure in
Device Manager, the Studio 5000 Logix Designer® application, or both.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 51
Page 52
Chapter 3 Configure Switch Features
802.1X Authentication
IEEE 802.1X enables port-based access control using authentication. An
802.1X-enabled port can be dynamically enabled or disabled based on the
identity of the client that connects to it.
Before authentication, the identity of the client is unknown and traffic is
blocked. After authentication, the identity of the client is known and traffic
from that endpoint is permitted. The switch performs source MAC filtering to
help ensure that only the authenticated client is permitted to send traffic.
802.1X includes these components:
• Supplicant—A client on the endpoint that submits credentials for
authentication.
• Authenticator—The network access device that relays the credentials of
the supplicant to the authentication server.
• Authentication server—A server that validates the credentials and
determines what level of network access the client receives. See
RADIUS server information on page 99
Use the 802.1X page to configure 802.1X port-based authentication on the
switch.
.
52 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 53
Configure Switch Features Chapter 3
IMPORTANT You must configure the RADIUS server before configuring 802.1X
authentication. See Table 50 on page 100
Table 20 - Global Settings to Configure 802.1X Authentication
Field Description
Enable 802.1X Choose one of the following:
• enable—Globally activates 802.1X authentication on the switch.
• disable—Globally deactivates 802.1X authentication on the switch. All physical interfaces are permitted to forward frames.
Enable Reauthentication Choose one of the following:
• enable—Successfully authenticated clients can be reauthenticated after the interval specified by the Reauthentication Period.
• disable—Reauthentication is not activated.
Reauthentication for 802.1X-enabled interfaces can be used to detect if a new device is plugged into a switch port or if a supplicant is
no longer attached. For MAC-based ports, reauthentication is only useful if the RADIUS server configuration has changed.
Reauthentication does not involve communication between the switch and the client device, and therefore does not imply that a
client is still present on a port.
EAPOL Timeout The time limit for retransmission of Request Identity EAPOL frames. EAPOL timeout is not applicable for MAC-based ports.
Valid range: 1…65535 seconds
Default: 30
Hold Time The wait time before attempting to reauthenticate after reauthentication failed for a client.
Valid range: 10…1000000 seconds
Default: 10
Max Reauth Count The maximum number of retransmissions to Request Identity for EAPOL frame.
Valid range: 1…255
Default: 2
Submit Click when your changes to Global Configuration fields are complete.
.
To modify the 802.1X administrative state for an individual port, select the
row in the Dot1x Port Table. See Ta b l e 2 1
Table 21 - Modify Administrative State Per Port
Field Description
Interface The number of the switch port, including port type (such as Fa for Fast Ethernet), and the specific port number. For example, Fa1/1 is
Dot1x Control State Choose one of the following administrative modes:
Dot1x State The 802.1X status of the port (enabled or disabled). This field is not editable.
Re-Authenticate Select a row or multiple rows in the Port S ecurity Table and click Re-Authenticate to force a new authentication.
Alarms
Fast Ethernet port 1 on the switch.
• Force Authorized—802.1X authentication is disabled. The port is in the authorized state and grants access to all clients. Force
Authorized is the default setting.
• Force Unauthorized—The port is in the unauthorized st ate and all denies access to all clients.
• MAC Base Auth—This mode is used for 802.1X-unaware devices. The switch authenticates on behalf of the client, using the client
MAC address as the username and password for the Microsoft Extensible Authentication Protocol-Message Digest 5 (EAP-MD5)
method.
• Single 802.1X—The authentication server authorizes only one 802.1X-aware client. A client that is not 802.1X-aware is denied
access. If the client leaves or is replaced with another, the device changes the port link state to down and the port enters the
unauthorized state.
The administrative mode cannot be changed to anything other than Force Authorized when Spanning Tree is enabled on the
interface. See Spanning Tree Protocol (STP)
on page 92.
In Device Manager, you can configure alarms to monitor the following types of
.
temperatures:
• Switch temperature
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 53
Page 54
Chapter 3 Configure Switch Features
Alarms
• Junction temperature
You can define maximum, minimum, and critical temperatures parameters. If
the switch detects a temperature condition that does not match the defined
temperature parameters, an alarm is triggered.
When an alarm is triggered, it appears in the system log and the Alarms area in
the lower-right corner of the Device Manager window. The severity of the
alarms you configure on the Alarms Settings page is always Major.
To configure alarm settings, follow these steps.
1. From the Configure menu, under Alarms, choose Alarm Settings.
2. In the Alarm Settings table, click the alarm name to configure.
3. Complete the fields that are described in Table 22 on page 55
4. Click Save.
.
54 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 55
Configure Switch Features Chapter 3
Table 22 - Alarm Settings
Alarm Name Field Description
Switch Temperature Enable Alarm To enable the alarm, check Enable Alarm. To disable the alarm, clear the Enable Alarm checkbox.
By default, the alarm for switch temperature is enabled.
Thresholds (MIN) in °C Enter a minimum temperature threshold in degrees Celsius. If the temperature falls below the minimum threshold
value, the switch triggers an alarm.
Valid range: -40…+125 °C (-40…+257 °F)
Default: -20 °C (-4 °F)
Thresholds (MAX) in °C Enter a maximum temperature threshold in degrees Celsius. If the temperature exceeds the maximum threshold
value, the switch triggers an alarm.
Valid range: -40…+125 °C (-40…+257 °F)
Default: 85 °C (185 °F)
Thresholds (CRIT) in °C Enter a critical temperature threshold in degrees Celsius. If the temperature exceeds the critical threshold value, the
switch triggers an alarm.
Valid range: 90…150 °C (194…302 °F)
Default: 95 °C (203 °F)
Junction Temperature Enable Alarm To enable the alarm, check Enable Alarm. To disable the alarm, clear the Enable Alarm checkbox.
By default, the alarm for junction temperature is disabled.
Thresholds (MIN) in °C Enter a minimum temperature threshold in degrees Celsius. If the temperature falls below the minimum threshold
value, the switch triggers an alarm.
Valid range: -40…+125 °C (-40…+257 °F)
Default: -40 °C (-40 °F)
Thresholds (MAX) in °C Enter a maximum temperature threshold in degrees Celsius. If the temperature exceeds the maximum threshold
value, the switch triggers an alarm.
Valid range: -40…+125 °C (-40…+257 °F)
Default: 110 °C (230 °F)
Thresholds (CRIT) in °C Enter a critical temperature threshold in degrees Celsius. If the temperature exceeds the critical threshold value, the
switch triggers an alarm.
Valid range: 90…150 °C (194…302 °F)
Default: 120 °C (248 °F)
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 55
Page 56
Chapter 3 Configure Switch Features
Dynamic Host Configuration Protocol (DHCP)
The switch can operate as a DHCP server by automatically assigning IP
addresses to connected devices.
Every device in an IP-based network must have a unique IP address. DHCP
assigns IP address information from a pool of available addresses to newly
connected devices (DHCP clients) in the network. If a device leaves and then
rejoins the network, the device receives the next available IP address, which is
not necessarily the same address that the device had before.
To configure DHCP server settings and the IP address pools in Device
Manager, click the Global Settings tab.
DHCP Persistence
Use the DHCP persistence feature to assign a specific, reserved IP address to
each port. The device that is connected to that port always receives the same IP
address regardless of the MAC address of the connected device. DHCP
persistence is useful in networks that you configure in advance, where
dependencies on the exact IP addresses of some devices exist. Use DHCP
persistence when the attached device has a specific role to play and when other
devices know its IP address. If the device is replaced, the replacement device is
assigned the same IP address, and the other devices in the network require no
reconfiguration.
DHCP persistence works with only one device that is connected to each port
configured for the feature.
IMPORTANT To make sure DHCP persistence works correctly, follow the application rules.
When the DHCP persistence feature is enabled, the switch acts as a DHCP
server for other devices on the same subnet, including devices that are
connected to other switches. If the switch receives a DHCP request, it
responds with any unassigned IP addresses in its pool. To keep the switch from
responding when it receives a request, check the Reserved Only box on the
DHCP page, Global Settings tab.
When DHCP persistence is enabled and a DHCP request is made from a
connected device on that port, the switch assigns the IP address for that port.
The switch also broadcasts the DHCP request to the remainder of the
network. If another DHCP server with available addresses is on the network
and receives this request, it can try to respond. The response can override the
initial IP address that the switch assigns depending on the end device (takes
first IP address response or the last). To keep the IP address from being
overridden, enable DHCP Snooping on the appropriate VLAN. DHCP
snooping blocks the broadcast of this DHCP request, so that no other server,
including another Stratix switch with DHCP persistence enabled, responds.
If you are using DHCP persistence, we recommend that you initially assign
static IP addresses to end devices. If an end device fails and is replaced, the
56 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 57
DHCP persistence feature assigns an IP address from the DHCP persistence
FA1
FA2
FA3
FA7
FA4
FA5
FA6
FA8
Switch 1
Switch 2
table. We recommend that you reassign a static IP address to the replaced
device.
The following figure and table illustrate DHCP persistence behavior.
Table 23 - DHCP Persistence Behavior
If Then
• Switch 1 has ports FA1…FA3 in its persistence table
• Switch 2 has ports FA4, FA5, FA6, and FA8 in its DHCP Persistence
table
• Reserve Only is not selected and DHCP Snooping is off
• Switch 1 has ports FA1…FA3 in its persistence table
• Switch 2 has ports FA4, FA5, FA6, and FA8 in its DHCP Persistence
table
• Reserve Only is selected in both switches and DHCP Snooping is off
• Switch 1 has ports FA1…FA3 in its persistence table
• Switch 2 has ports FA4, FA5, FA6, and FA8 in its DHCP Persistence
table
• Reserve Only is selected in switch 1 and DHCP snooping is off, but
not switch 2 when DHCP Snooping is off
• Switch 1 has ports FA1…FA3 in its persistence table
• Switch 2 has ports FA4, FA5, FA6, and FA8 in its DHCP Persistence
table
• DHCP Snooping is selected
• Reserved Only is checked
• Switch 1 has ports FA1…FA3 in its persistence table
• Switch 2 has ports FA4, FA5, FA6, and FA8 in its DHCP Persistence
table
• DHCP Snooping is selected
• Reserved Only is not checked
Configure Switch Features Chapter 3
A new device that is connected to switch 1 FA1 receives an IP address from the switch 1 in the persistence
table. A broadcast request is also sent across the network. Switch 2 responds if there is an unassigned
address in its pool. The response can override the assignment that is made by switch 1.
A new device that is connected to switch 1 FA1 receives an IP address from the switch 1 in the persistence
table. A broadcast request is also sent across the network. Switch 2 does not respond to the request. If the
device is connected to FA7 of switch 1, it does not receive an IP address from the switch pool because it is
not defined in the table. Also, unused addresses in the pool are blocked.
A new device is connected to FA1 receives an IP address from the persistence table. A broadcast request is
also sent across the network. Switch 2 does not respond to the request. In addition, a device that is
connected to FA4 receives an IP address from the switch 2 in the persistence table. A broadcast request is
sent out, and switch 1 responds with an unused IP address from its pool. The response can override the
assigned port.
A new device that is connected to switch 1 FA1 receives an IP address from the Switch 1 persistence table.
A broadcast request is not sent across the network, so Switch 2 does not respond. If a device is connected
to FA7 of Switch 1, it does not receive an IP address from the switch pool because it is not defined in the
table. Also, unused addresses in the pool are blocked.
A new device that is connected to switch 1 FA1 receives an IP address from the Switch 1 persistence table.
A broadcast request is not sent across the network, therefore Switch 2 does not respond. If a device is
connected to FA7 (not defined in the DHCP Persistence table) of Switch 1, it receives an unassigned IP
address from the switch 1 pool.
To configure DHCP persistence for individual interfaces, click the DHCP
Port Configurations tab. See Table 26 on page 61
.
Configure DHCP Persistence Via Device Manager
To configure DHCP persistence, complete this process.
1. Enable the DHCP server.
2. Configure the IP address pool.
3. Assign an IP address to a switch port.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 57
Page 58
Chapter 3 Configure Switch Features
Enable the DHCP Server
1. From the Configure menu, choose DHCP.
2. Click Enable DHCP.
3. Click Submit.
Configure the DHCP IP Address Pool
Once DHCP is enabled, you can create the DHCP address pool.
1. From the Configure menu, choose DHCP.
2. Click Add.
3. Complete the fields and click OK.
58 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 59
Configure Switch Features Chapter 3
Table 24 - DHCP Pool Table Add Fields
Field Description
DHCP Pool Name The name of the DHCP IP address pool that is configured on the switch. The name can have up to 31 alphanumeric characters. The
DHCP Pool Network The subnetwork IP address of the DHCP IP address pool. The format is a 32-bit numeric address that is written as four numbers that
Subnet Mask The network address that identifies the subnetwork (subnet) of the DHCP IP address pool. Subnets segment the devices in a network
Starting IP The starting IP address that defines the range of addresses in the DHCP IP address pool. The format is a 32-bit numeric address that is
Ending IP The ending IP address that defines the range of addresses in the DHCP IP address pool. The format is a 32-bit numeric address that is
Default Router The default router IP address for the DHCP client that uses this server. The format is a 32-bit numeric address that is written as four
Domain Name The domain name for the DHCP client. The name can have up to 31 alphanumeric characters. The name cannot contain a ? or a tab.
DNS Server The IP addresses of the domain name system (DNS) IP servers available to a DHCP client. The format is a 32-bit numeric address that
[Lease Length] The duration of the lease for an IP address that is assigned to a DHCP client. Click one of the following:
name cannot contain a ? or a tab. This field is required.
A DHCP IP address pool is a range (or pool) of available IP addresses that the switch can assign to connected devices.
are separated by periods. Each number can be from 0…255. This field is required.
into smaller groups. The default is 255.255.255.0. This field is required.
written as four numbers that are separated by periods. Each number can be from 0…255.
Be sure that none of the IP addresses that you assign are being used by anot her device in your network.
This field is required.
written as four numbers that are separated by periods. Each number can be from 0…255.
Make sure that none of the IP address you assign are being used by other devices in your network.
This field is required.
numbers that are separated by periods. Each number can be from 0… 255.
is written as four numbers that are separated by periods. Each number can be from 0…255.
• Never Expires
• User Defined
If you click User Defined, enter the duration of the lease in the numbers of days, hours, and minutes. This lease length is used for all
assignments.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 59
Page 60
Chapter 3 Configure Switch Features
After the DHCP IP address pool is configured, the Global Settings tab
displays the Pool Name, Network, and Network Mask information within the
DHCP Pool Table. Two additional fields are also populated.
IMPORTANT An IP address must be within your DHCP pool to populate the VLAN field
successfully.
Table 25 - DHCP Pool Table Fields
Field Description
VLAN The name of the VLAN that is associated with this address pool. The VLAN is automatically chosen based on the subnet and is not
Reserved Only Choose one of the following:
editable. If a pool address is not associated with a VLAN, no information is displayed and no addresses are assigned.
• enable—The switch offers this single IP address to a DHCP client. DHCP requests from other ports are ignored, however, other
DHCP servers on the network can still assign addresses to devices that are connected to this switch. To configure the IP address,
click the DHCP Port Configurations tab. See Table 26 on page 61
• disable—A connected device receives the next available address from the pool.
.
DHCP Snooping
DHCP Snooping is a security feature that performs as a firewall between
untrusted hosts and trusted DHCP servers. To enable DHCP Snooping
globally on the switch, click DHCP Snooping on the Global Settings tab. This
feature is disabled by default.
To enable DHCP snooping on a specific interface, check Enable Snooping for
the interface in the DHCP Port Configurations tab. This setting differentiates
between untrusted ports that are connected to the end user, and trusted ports
connected to the DHCP server or another switch. See Table 26 on page 61
.
IMPORTANT All DHCP servers must be connected to the switch through a trusted
interface for DHCP Snooping to function properly.
Assign an IP Address to a Switch Port and Enable Snooping Via Device Manager
To manage switch port IP addresses and DHCP Snooping, click the DHCP
Port Configurations tab.
60 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 61
Configure Switch Features Chapter 3
Table 26 - DHCP Port Configurations Fields
Field Description
Interface The number of the switch port, including port type (such as Fa for Fast Ethernet), and the specific port number. For example, Fa1/1 is
Pool Name The name of the DHCP IP address pool that is configured on the switch.
Reserved IP Address The IP address that is assigned to the switch port. The IP address that you assign is reserved for the selected port and is not available
Enable Snooping Choose one of the following:
DHCP Rate Limit Set the rate of DHCP packets that are allowed through the port per second. If the number of packets exceeds this value, and Error
Fast Ethernet port 1 on the switch.
for normal DHCP dynamic assignment. The IP address must be an address from the pool that is specified in the DHCP Pool Name field.
• enable—Check Enable Snooping to configure the interface to transmit DHCP Discovery and Request mess ages to a DHCP Server.
Check Enable Snooping on the interface that is attached to an external DHCP server.
• disable—Clear the Enable Snooping checkbox to receive DHCP Discovery and Request messages from a client. Leave Enable
Snooping disabled for all clients that request an IP Address from an external DHCP Server.
Disable is selected for DHCP rate limit on the Port Settings page, the port is placed in the error-disabled state. Error disable is
triggered on trusted ports with Enable Snooping enabled on relevant VLANs.
For example, if the DHCP rate limit is set to 5, and six DHCP frames are received per second, the port enters the error-disabled state.
The number of clients to receive an IP address before the port enters this state depends on the type of DHCP packets that are
exchanged within that second.
It is recommended you set the limit to 100 and above so that valid clients can receive an IP address. Range is 0 -500. Zero indicates
that DHCP rate limit is not active.
Bootstrap Protocol (BOOTP)
The switch also supports BOOTP for the assignment of IP addresses. When
the DHCP server is enabled and a client sends a BOOTP request, the server
responds with a BOOTP response that is based on the DHCP pool
configuration. DHCP options are not supported in the BOOTP process. The
switch does not distinguish between BOOTP requests or DHCP requests
when a reserved IP address is configured for an interface. To use BOOTP, you
must enable DHCP; there are no BOOTP-specific settings to configure
through Device Manager.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 61
Page 62
Chapter 3 Configure Switch Features
Configure DHCP Persistence Via Logix Designer
To configure DHCP persistence, complete this process.
1. Configure the DHCP server.
2. Configure the DHCP IP address pool.
3. Assign an IP address to a switch port.
Configure the DHCP Server
1. In the navigation pane, click DHCP Pools.
2. Click Enable Dynamic Host Configuration Protocol (DHCP).
3. To enable DHCP snooping on the switch, click Enable DHCP
Snooping.
DHCP snooping restricts the broadcast of DHCP requests beyond the
connected switch. As a result, devices receive address assignments from
only the connected switch. This option is available only on ports that are
assigned to a VLAN.
To enable DHCP snooping on a specific VLAN, check DHCP
Snooping for the specific VLAN in the DHCP pool table.
62 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 63
Configure Switch Features Chapter 3
Configure the DHCP IP Address Pool
Once DHCP is enabled, you can create the DHCP address pool.
1. In the navigation pane, click DHCP Pools.
2. Click New Pool.
3. Complete the fields as shown in Table 27 on page 64
.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 63
Page 64
Chapter 3 Configure Switch Features
Table 27 - Add/Edit DCHP Pool Definition Fields
Field Description
DHCP Pool Name The name of the DHCP IP address pool that is configured on the switch. The name can have up to 31 alphanumeric characters. The
DHCP Pool Network The subnetwork IP address of the DHCP IP address pool. The format is a 32-bit numeric address that is written as four numbers that
Subnet Mask The network address that identifies the subnetwork (subnet) of the DHCP IP address pool. Subnets segment the devices in a network
Default Gateway The default gateway IP address for the DHCP client.
Domain Name The domain name for the DHCP client.
Starting IP Address The starting IP address that defines the range of addresses in the DHCP IP address pool. The format is a 32-bit numeric address that is
Ending IP Address The ending IP address that defines the range of addresses in the DHCP IP address pool. The format is a 32-bit numeric address that is
Use Preassigned Addresses Only If checked, IP addresses are assigned only when configured for specific ports on the DHCP Address Assignment view.
Enable DHCP Snooping for this Pool If checked, devices only receive address assignments from the connected switch.
Never Expires
or
Custom
Primary DNS Address The IP addresses of the primary domain name system (DNS) IP servers available to a DHCP client.
Secondary DNS Address The IP addresses of the secondary domain name system (DNS) IP servers available to a DHCP client.
Primary WINS Address The IP address of the primary Microsoft NetBIOS name server (WINS server) available to a DHCP client.
Secondary WINS Address The IP address of the secondary Microsoft NetBIOS name server (WINS ser ver) available to a DHCP client.
name cannot contain a ? or a tab. This field is required.
A DHCP IP address pool is a range (or pool) of available IP addresses that the switch can assign to connected devices.
are separated by periods. Each number can be from 0…255. This field is required.
into smaller groups. The default is 255.255.255.0. This field is required.
The format is a 32-bit numeric address that is written as four numbers that are separated by periods (for example, 255.255.255.255).
Each number can be from 0… 255.
written as four numbers that are separated by periods. Each number can be from 0…255.
Be sure that none of the IP addresses that you assign are being used by another device in your network.
This field is required.
written as four numbers that are separated by periods. Each number can be from 0…255.
Make sure that none of the IP address you assign are being used by other devices in your network.
This field is required.
The duration of the lease for an IP address that is assigned to a DHCP client. Click one of the following:
•Never Expires
•Custom
If you click Custom, enter the duration of the lease in the numbers of days, hours, and minutes. This lease length is used for all
assignments.
4. Click Set and Close.
64 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 65
Configure Switch Features Chapter 3
Assign an IP Address to a Switch Port
In the navigation pane, click DHCP Address Assignment.
You can assign a specific IP address to each port so that the device that is
attached to a given port receives the same IP address.
Table 28 - DHCP Address Assignment Fields
Field Description
Port The number of the switch por t, including port type (such as Fa for Fast Ethernet), and the specific por t number. For example, Fa1/1 is
Pool Displays the pool names from the DHCP IP address pool that corresponds to the instances available in the switch.
IP Address Displays the IP address that is assigned to the switch port. The format is a 32-bit numeric address that is written as four numbers that
Fast Ethernet port 1 on the switch.
If you delete all rows that contain pools on the DHCP Pool Display tab and click Refresh, the Pool field is blank.
are separated by periods (for example, 255.255.255.255). Each number can be from 0…255.
The IP address that you assign is reserved for the selected port and is not available for normal DHCP dynamic assignment. The IP
address must be an address from the pool that is specified in the DHCP Pool Name field.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 65
Page 66
Chapter 3 Configure Switch Features
Servers
Switch A
Switch B
Switch C
Switch D
Network
Management
Access
Point
Router with Firewall
WAN /In ter net
Switch C
EtherChannels
An EtherChannel, or port group, is a group of two or more switch ports that
are bundled into one logical link to create a higher bandwidth link between
two switches. For example, four Fast Ethernet switch ports that are all
configured to operate at 100 Mbps can be assigned to an EtherChannel to
provide full-duplex bandwidth of up to 400 Mbps. If one of the ports in the
EtherChannel becomes unavailable, traffic is carried over the remaining ports
within the EtherChannel. The maximum number of channels that you can
configure is half of the number of available ports. For example, for a five-port
device you can configure two channels. You must have at least two ports in an
EtherChannel, and the maximum number of ports in a channel is the
maximum number of ports on the switch minus one.
All ports in an EtherChannel must have the same characteristics:
• All are configured with the same speed and duplex mode.
• The ports in an EtherChannel cannot already be in use in another
EtherChannel.
• All ports are enabled. A disabled port in an EtherChannel is treated as a
link failure, and its traffic is transferred to one of the remaining ports in
the EtherChannel.
Figure 1
shows two EtherChannels. Two full-duplex 10/100 ports on Switches
A and C create an EtherChannel with a bandwidth of up to 400 Mbps between
both switches. Similarly, two full-duplex 10/100 ports on Switches B and D
create an EtherChannel with a bandwidth of up to 400 Mbps between both
switches.
If one of the ports in the EtherChannel becomes unavailable, traffic is sent
through the remaining ports within the EtherChannel.
Figure 1 - EtherChannel Example
Table 29 on page 67 describes the modes that you can assign to an
66 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
EtherChannel:
Page 67
Configure Switch Features Chapter 3
Table 29 - EtherChannel Modes
Mode Description
Static All ports join the EtherChannel, without negotiations. This mode can be useful if the remote device does not support the
Link Aggregation Control Protocol (LACP) (active) This mode enables LACP unconditionally. The port sends LACP packets to other ports to initiate negotiations to create
Link Aggregation Control Protocol (LACP) (passive) This mode enables LACP only if an LACP device is detected at the other end of the link. The port responds to requests to
protocols that other modes require. The switches at both ends of the link must be configured in Static mode. In this
mode, the system assigns a channel group number even if there is no connection to any device on the assigned ports.
EtherChannels. A port in active LACP mode can form an EtherChannel with another port that is in active or passive LACP
mode. The ports must be configured for full-duplex. In this mode, the system assigns a channel group number only
when a device is connected to create a physical channel.
create EtherChannels but does not initiate negotiations. The ports must be configured for full-duplex. In this mode, the
system assigns a channel group number only when a device is connected to create a physical channel.
Configure both ends of the EtherChannel in the same mode:
• When you configure one end of an EtherChannel in LACP mode, the
system negotiates with the other end of the channel to determine the
ports to become active. Incompatible ports are suspended. Instead of a
suspended state, the local port is put into an independent state and
continues to carry data traffic as any other single link. The port
configuration does not change, but the port does not participate in the
EtherChannel.
• When you configure an EtherChannel in Static mode, no negotiations
take place. The switch forces all compatible ports to become active in
the EtherChannel. The other end of the channel on the other switch
must also be configured in the Static mode. Otherwise, packet loss can
occur.
If a link within an EtherChannel fails, traffic previously carried over that failed
link moves to the remaining links within the EtherChannel. If traps are
enabled on the switch, a trap is sent for a failure that identifies the switch, the
EtherChannel, and the failed link. Inbound broadcast and multicast packets on
one link in an EtherChannel are blocked from returning on any other link of
the EtherChannel.
You can configure EtherChannels in Device Manager or the Logix Designer
application.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 67
Page 68
Chapter 3 Configure Switch Features
Table 30 - EtherChannel Table Fields
Field Description
Channel Group Number A system-generated number to identify the EtherChannel.
Valid values: 1 to the maximum number of EtherChannels, which is half of the number of available ports.
Channel Mode Determines how ports become active. With all modes except Static, negotiations occur to determine which ports become active. Incompatible
Configured Ports The ports that are configured to participate in the EtherChannel.
Aggregated Ports The ports that connected during the setup of the physical device connection.
Speed The operating speed. Auto (the default setting) allows a connected device to negotiate the link speed.
ports are put into an independent state and continue to carry data traffic, but do not participate in the EtherChannel.
IMPORTANT: Make sure that all ports in an EtherChannel are configured with the same speed and duplex mode.
See Table 29 on page 67
for a description of EtherChannel modes.
You can add, edit, or delete an EtherChannel:
• To add an EtherChannel, click Add. Complete the fields that are
described in Ta b l e 3 1
and click OK.
• To edit an EtherChannel, click the radio button next to the
EtherChannel and click Edit. Complete the fields that are described in
Ta b l e 3 1
and click OK.
• To delete an EtherChannel, click the radio button next to the
EtherChannel and click Delete.
.
Table 31 - Add/Edit EtherChannel Dialog Box
Field Descri ption
Channel Mode Choose a mode to assign to the EtherChannel.
For a description of each mode, see Table 29 on page 67.
Channel Group Number (System-generated). A number from 1 to the maximum number of
Port List To enable a port to participate in the EtherChannel, check its corresponding
EtherChannels (half of the number of available ports) that identifies the
EtherChannel.
checkbox.
68 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 69
Configure Switch Features Chapter 3
Configure EtherChannels in the Logix Designer Application
In the navigation pane, click EtherChannels.
Table 32 - EtherChannels Fields
Field Description
EtherChannel A number to identify the EtherChannel.
Mode Determines how ports become ac tive. With all modes except Static, ne gotiations occur to determine which ports become active. Incompatible
Members The ports that can participate in the EtherChannel.
Status The status of the group.
ports are put into an independent state and continue to carry data traffic, but do not participate in the EtherChannel.
IMPORTANT: Make sure that all ports in an EtherChannel are configured with the same speed and duplex mode.
For a description of each mode, see Table 29 on page 67.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 69
Page 70
Chapter 3 Configure Switch Features
You can add, edit, or delete an EtherChannel:
• To add an EtherChannel, click Add. Complete the fields that are
described in Ta b l e 3 3
. Click Set and click Close.
• To edit an EtherChannel, click the corresponding Ellipse button in the
Edit column. Modify the fields that are described in Ta b l e 3 3
. Click Set
and click Close.
• To delete an EtherChannel, click the corresponding Trash icon in the
Delete column.
Table 33 - Add/Edit EtherChannel Fields
Field Description
EtherChannel Choose a number to identify the EtherChannel.
Channel Mode Click to select a mode. For a description of each mode, see Table 29 on page 67
Port Members To enable a port to participate in the EtherChannel, check Use for EtherChannel.
70 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
.
Page 71
Configure Switch Features Chapter 3
Internet Group Management Protocol (IGMP) Snooping with Querier
Layer 2 switches can use IGMP snooping to constrain the flooding of multicast
traffic. IGMP snooping dynamically configures Layer 2 interfaces so that
multicast traffic is forwarded to only those interfaces that are associated with
IP multicast devices. IGMP snooping requires the LAN switch to snoop on
the IGMP transmissions between the host and the router and track multicast
groups and member ports. When the switch receives an IGMP report from a
host for a particular multicast group, it adds the host port number to the
forwarding table entry. When the switch receives an IGMP Leave Group
message from a host, it removes the host port from the table entry. It also
periodically deletes entries if it does not receive IGMP membership reports
from the multicast clients.
For IGMP snooping to function, a multicast querier must exist on the network
and generate IGMP queries. The tables that are created for snooping (contain
the member ports for each a multicast group) are associated with the querier.
When there is no multicast router in the VLAN to originate the queries, enable
the IGMP snooping querier to send membership queries. When the IGMP
snooping querier is enabled, it sends out periodic IGMP queries that trigger
IGMP report messages from hosts that want to receive IP multicast traffic.
IGMP snooping listens to these IGMP reports to establish appropriate
forwarding.
The switch supports IP multicast group-based bridging, rather than MACaddressed based groups. With multicast MAC address-based groups, if an IP
address being configured translates (aliases) to a previously configured MAC
address or to any reserved multicast MAC addresses (in the range 224.0.0.xxx),
the command fails. Because the switch uses IP multicast groups, there are no
address alias issues.
The IP multicast groups that are learned through IGMP snooping are
dynamic. The switch learns multicast IP addresses that are used by the
EtherNet/IP network for I/O traffic.
IGMP implementation in the switch is IGMP V2. This version is
backward-compatible with switches running IGMP V1. The switch has a builtin querier function, and the global macro enables IGMP snooping and the
querier.
For more information on IP multicast and IGMP, see RFC 1112
RFC 2236
You can configure IGMP snooping in Device Manager.
.
and
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 71
Page 72
Chapter 3 Configure Switch Features
Enable IGMP
Snooping Globally
Enable IGMP
Snooping or
Querier per VLAN
To configure IGMP snooping, follow these steps.
1. From the Configure menu, under Security, choose IGMP Snooping.
2. To enable IGMP Snooping globally, check Enable and click Submit.
3. To enable IGMP Snooping for a VLAN, click the VLAN in the IGMP
Snooping table, check Enable IGMP Snooping, and click Save.
4. To enable IGMP Querier for a VLAN, click the VLAN in the IGMP
Snooping table, check Enable IGMP Querier, and click Save.
IMPORTANT You must enable IGMP both at the global level and the individual VLAN level
for the feature to work.
72 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 73
Configure Switch Features Chapter 3
Port Mirroring
Port mirroring is for advanced users with experience in troubleshooting traffic
and protocol issues on networks. Port mirroring copies, or mirrors, traffic on a
source port to a destination port on the same switch for analysis.
EXAMPLE You can configure all traffic on Fa1/1 (the source port) to be mirrored to
Fa1/2 (the destination port). A network analyzer on Fa1/2 can receive all
network traffic from Fa1/1 without being physically attached to Fa1/1.
Port mirroring does not affect the switching of network traffic on the
monitored port. You must dedicate a monitoring port for port mirroring.
Except for traffic that is being copied for the port mirroring session, the
monitoring port does not receive or forward traffic.
IMPORTANT • You can configure only one interface at a time for port mirroring.
• Port mirroring is a tool for the analysis of end node traffic. Because the
switch can filter certain network control traffic, we recommend that you
do not use port mirroring when you require an exact copy of all network
traffic.
• If the destination port is in the management VLAN and is connected,
Device Manager alerts you about possible loss in connectivity or network
performance.
You can configure port mirroring in Device Manager.
To configure port mirroring, follow these steps.
1. From the Configure menu, under Network, choose Port Mirroring.
2. To select a row in the Port Mirroring table, click it.
3. From the Source Port pull-down menu, choose the port that you want to
mirror, or to remove the configuration of the port mirroring, choose
None.
4. From the Destination Port pull-down menu, choose the port to receive
the mirrored traffic, or to remove the configuration of the port
mirroring, choose None.
5. Click Save.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 73
Page 74
Chapter 3 Configure Switch Features
Port Security
Port security limits the number of devices on a given port. The switch
identifies a device by its MAC address and VLAN ID. You can enable port
security for a given port and specify the maximum number of MAC addresses
to secure on the port. The switch sends traffic through only those devices.
You can also enable aging for a secured MAC address. When you enable aging,
a timer begins counting in seconds after a MAC address is secured. When the
aging period expires, if no traffic is seen on the device within the next aging
period, the switch frees the MAC address. If the security mode of the port is set
to Restrict, the switch replaces the expired MAC address with any violating
MAC addresses that are held in the MAC table.
If the number of secured MAC addresses on a port exceeds the maximum
number that is defined in port security, a security violation occurs. A security
violation triggers an action that is based on the security mode that is configured
for the port, as described in Tab l e 3 4
Table 34 - Security Modes
Security Mode Description
Protect When a security violation occurs, the switch stops securing MAC addresses. A syslog entry is
generated to notify that a port security violation has occurred. The port continues to forward
traffic on devices with already secured MAC addresses.
Protect mode is the default mode.
Restrict When a security violation occurs, the switch continues to secure a maximum of four new MAC
addresses. These MAC addresses are known as violating and are kept blocked in the MAC table
until the aging period expires.
In Device Manager, you can view violating MAC addresses on the Port Security page available
from the Monitor menu.
Shutdown When a security violation occurs, these actions occur:
• The switch stops forwarding traffic on the port. The port goes into the error-disabled state,
and all secured MAC addresses are removed from the MAC table.
• If an SNMP trap is enabled for port security violations, the switch generates an SNMP trap.
In Device Manager, you enable traps for port security violations on the Traps tab of the
SNMP page available from the Configure menu.
• The switch generates an entry in the syslog.
IMPORTANT: To make the port available for forwarding traffic after it is error-disabled, you
must re-enable the por t in port settings.
.
You can configure port security in Device Manager or the Logix Designer
application.
74 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 75
Configure Switch Features Chapter 3
Configure Port Security in Device Manager
To configure port security, follow these steps.
1. From the Configure menu, under Security, choose Port Security.
2. To make a secured MAC address subject to expiration, check Enable
Aging.
3. In the Aging Period field, type the length of time from 10…10000000
seconds to hold a secured MAC address before it expires.
The default is 3600 seconds.
4. Click Submit.
5. To configure port security parameters for a port, click the radio button
next to the port name to select the row, and then complete the fields that
are described in Ta b l e 3 5
6. Click Save.
.
Table 35 - Por t Securi ty Tab le Fi elds
Field Description
Port Name Displays the port type (Fa for Fast Ethernet) and number.
Enable To enable port security, choose true.
To disable port security, choose false.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 75
Page 76
Chapter 3 Configure Switch Features
Table 35 - Por t Securi ty Tab le Fi elds (con tinued )
Field Description
Maximum MAC Count
Allowed
Violation Mode Choose one of the following modes to indicate the action to occur if the maximum
Sticky MAC Available only when port security is enabled (True).
Enter the maximum number of MAC addresses that the switch can secure on this port
before a security violation occurs.
Valid range: 1…1024
Default: 4
number of secured MAC addresses is exceeded:
•protect
•restrict
•shutdown
For a description of each mode, see Table 34 on page 74
To convert a dynamic, secure MAC address to an address that is stored in the address
table and added to the running configuration, check Sticky MAC.
You can view the list of sticky MAC Enabled addresses and add them to the start-up
configuration file on the Port Security page. See Table 54 on page 114 for information.
If you clear a sticky MAC checkbox, the associated MAC address is converted to a
dynamic, secure address and is removed from the running configuration.
.
76 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 77
Configure Switch Features Chapter 3
Configure Port Security in the Logix Designer Application
To configure port security, follow these steps.
1. In the navigation pane, click Port Security.
2. Complete the fields that are described in Ta b l e 3 6
3. Click Set.
.
Table 36 - Port Security Fields
Field Description
Port Displays the port type (Fa for Fast Ethernet) and number.
Enable To enable port security, check Enable.
To disable port security, clear the Enable checkbox.
MAC Addresses
Allowed Enter the maximum number of MAC addresses that the switch can secure on this port before a security violation occurs:
Valid range: 1…80
Default: 1
• Dynamic—The number of MAC addresses (devices) currently connected to the port that is not manually (statically) defined.
• Static—The number of MAC addresses (devices) statically defined by using Device Manager.
This number must be greater than the sum of the static + dynamic for a given port. If you wish to set the number to less, disconnect the appropriate
devices and let their entries in the port security table timeout.
Dynamic Displays the number of MAC addresses (devices) currently connected to the port that is not manually (statically) defined.
Static Displays the number of MAC addresses (devices) statically defined in Device Manager.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 77
Page 78
Chapter 3 Configure Switch Features
Quality of Service (QoS)
QoS provides priority service to different types of traffic. Without QoS, the
switch offers best-effort service to each packet, regardless of the packet
contents or size. QoS makes network performance more predictable and
bandwidth utilization more effective.
The out-the-box configuration for Stratix® 2500 switches automatically
provides QoS to prioritize EtherNet/IP, Precision Time Protocol (PTP), and
other industrial traffic. To provide priority service to a type of traffic, a device
can be configured to mark packets. Other devices can be configured to trust
these markings. The QoS configuration that is provided with a Stratix 2500
switch enables the switch to trust markings on packets, but the switch does not
mark packets itself.
In Device Manager, you can enable additional QoS priority settings on switch
ports. These settings prioritize the streaming media traffic. We do not
recommend enabling QoS priority settings on ports that transmit industrial
automation traffic.
To enable QoS priority settings on a switch port, follow these steps.
1. From the Configure menu, under Network, choose QoS.
2. Click the port name of the desired row.
3. Check Enable.
4. Click Save.
78 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 79
Configure Switch Features Chapter 3
Simple Network Management Protocol (SNMP)
SNMP is based on three concepts:
• SNMP manager (client software)—The SNMP manager runs SNMP
management software.
• SNMP agents (network devices)—Network devices to be managed,
such as bridges, routers, servers, and workstations, have an agent
software module.
• Management Information Base (MIB)—A local MIB of objects that
reflects the resources and activity of the device.
The agent provides access to the MIB. The agent also responds to manager
commands to retrieve values from the MIB and to set values in the MIB. The
agent and the MIB are on the switch. To configure SNMP on the switch, you
define the relationship between the manager and the agent.
SNMP is enabled on the switch by default. The switch supports SNMP
versions SNMPv1, SNMPv2C, and SNMPv3. Both SNMPv1 and SNMPv2C
use a community-based form of security. The community of managers able to
access the MIB of the agent is defined by an IP address access control list
(ACL) and password. The switch supports the MIBs listed on page 80
.
The SNMPv3 architecture uses the User-based Security Model (USM) for
message security and the View-based Access Control Model (VACM) for
access control. SNMPv3 provides for both security models and security levels.
A security model is an authentication strategy set for a user and the group
within which the user resides. A security level is the permitted level of security
within a security model. A combination of the security level and the security
model determines which security mechanism is used when handling an SNMP
packet. Available security models are SNMPv1, SNMPv2C, and SNMPv3.
The following are guidelines for SNMPv3 objects:
• Each user belongs to a group.
• A group defines the access policy for a set of users.
• An access policy defines which SNMP objects can be accessed for read,
write, and notify operations.
• A group determines the list of notifications that its users can receive and
the security model and security level for its users.
• An SNMP view is a list of MIBs that a group can access. Data can be
securely collected from SNMP devices without fear of the data being
tampered with or corrupted.
• Confidential information, for example, SNMP Set command packets
that change a router configuration, can be encrypted to help prevent the
contents from being exposed on the network.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 79
Page 80
Chapter 3 Configure Switch Features
Stratix 2500 switches support the following MIBs.
MIB Name
CIE1000-AGGR-MIB
CIE1000-ALARM-MIB
CIE1000-DHCP-SNOOPING-MIB
CIE1000-FIRMWARE-MIB
CIE1000-HTTPS-MIB
CIE1000-ICFG-MIB
CIE1000-IP-MIB
CIE1000-IPMC-PROFILE-MIB
CIE1000-IPMC-SNOOPING-MIB
CIE1000-LACP-MIB
CIE1000-LLDP-MIB
CIE1000-MAC-MIB
CIE1000-MIRROR-MIB
CIE1000-MSTP-MIB
CIE1000-NTP-MIB
CIE1000-PORT-MIB
CIE1000-PSEC-MIB
CIE1000-QOS-MIB
CIE1000-SNMP-MIB
CIE1000-SSH-MIB
CIE1000-SYSLOG-MIB
CIE1000-SYSUTIL-MIB
CIE1000-TC
CIE1000-USERS-MIB
CIE1000-VLAN-MIB
CISCO-IE1000-MIB
CISCO-SMI
You can configure SNMP in Device Manager.
80 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 81
Configure Switch Features Chapter 3
To configure SNMP, follow these steps.
1. From the Configure menu, under Security, choose SNMP.
2. To enable SNMP, check Enable.
or
To disable SNMP, clear the Enable checkbox.
By default, SNMP is enabled.
3. Click Submit.
4. Proceed to the following sections:
• System Options
on page 82
• Community Strings on page 83
• Tr a p s on page 84
• View on page 85
• Use rs on page 85
• Group on page 86
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 81
Page 82
Chapter 3 Configure Switch Features
System Options
To enter system information, click the System Options tab:
• System Location—Enter the location of the switch. The location name
cannot contain ?, tab, or ^. The maximum length is 256 characters.
• System Contact—Enter the name of the administrator for the switch or
network. The name cannot contain ?, tab, or ^. The maximum length is
256 characters.
In the SNMP Trap Host table, click Add to set SNMP trap recipients. To edit
or delete a host, select the row in the SNMP Host table and click Edit or
Delete.
Table 37 - Add Host Fields
Field Description
Name Enter the name of the trap destination.
IP Address Enter the SNMP trap destination IP address in dotted decimal notation.
Version Choose the version of SNMP used to send traps:
Community Choose the community string for this host. Community strings are configured on the
Port Enter the SNMP trap destination port. The SNMP agent sends SNMP messages through
User Name Choose the name of the user on the host that connects to the agent. Users are
• snmpV1—SNMP version 1
• snmpV2c—SNMP version 2c
• snmpV3—SNMP version 3
SNMP Community Strings tab.
this port.
Valid port range: 1…65535
Default: 162
configured on the SNMP Users tab.
82 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 83
Configure Switch Features Chapter 3
Community Strings
Community strings are passwords to the MIB of the device. When you create a
community, Device Manager automatically adds the community to default
group default_ro_group or default_rw_group, based on the access you
configure for the community (read-only or read-write). Two entries are added
to the table on the Groups tab, one for version v1 and one for version v2c.
A read-only community string enables the switch to validate Get (read-only)
requests from a network management station. If you set the SNMP read
community, users can access MIB objects, but cannot change them.
A read-write community string enables the switch to validate Set (read-write)
requests from a network management station.
If you delete a community, Device Manager automatically removes the
community from the group.
To add, edit, or delete community strings, click the Community Strings tab.
Table 38 - Add Community Fields
Field De scription
Community Name (Editable only when adding a string).
Enter a name for the community string.
Valid length: 1…255 characters
Valid characters: ASCII characters from 33 …126
RO/RW Choose the type of access to the agent to permit the community string:
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 83
• ro—Read-only: Authorized managers can retrieve MIB objects.
• rw—Read-write: Authorized managers can retrieve and edit MIB objects.
Page 84
Chapter 3 Configure Switch Features
Traps
Traps are messages that alert the SNMP manager to a condition on the
network, such as improper user authentication, restarts, link status (up or
down), or other significant events.
To enable and disable traps, click the Traps tab:
• To enable a trap, check the corresponding checkbox and click Submit.
• To disable a trap, clear the corresponding checkbox and click Submit. To
clear all checkboxes at once, click Clear All.
Table 39 - Traps Tab Checkboxes
Trap De scri ptio n
coldStart The trap is generated when the device is reloaded.
warmStart The trap is generated when the SNMP server is manually started.
linkUp The trap is generated when the port changes from the Down state to the Up state.
linkDown The trap is generated when the port changes from the Up state to the Down state.
authenticationFailure The trap is generated if any network management server polls the device using SNMP
with the wrong community string.
newRoot The trap is generated when STP is enabled, the topology changes, and the protocol
selects a new root.
psecTrapInterfaces The trap is generated when a port security violation occurs and the violation mode is
shut down. The trap message includes information about the violation, such as the
interface, violation count, and error disable status. For more information, see page 74
topologyChange The trap is generated by a bridge when any of the bridge configured ports transitions
from the Learning state to the Forwarding state or from the Forwarding state to the
Blocking state.
entConfigChange The trap is generated to signal a change to the last change time stamp. This trap is
generated when the value of entLastChangeTime changes.
lldpRemTablesChange The trap is generated when Link Layer Discovery Protocol (LLDP) is enabled and
connected to another device with LLDP. When LLDP at the remote device changes, this
event is transmitted through LLDP and triggers this trap.
.
84 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 85
Configure Switch Features Chapter 3
View
To display Management Information Base (MIB) views that control the Object
Identifier (OID) range that SNMPv3 users can access, click the View tab. View
information is read-only, and the only available view is default_view, which is
included in the default configuration in the switch software image. All groups
are associated with default_view.
Table 40 - View Tab Field s
Field Description
View Name A string that identifies the view.
Subtree The OID that defines the root of the subtree for the named view.
View Type The type of view:
• included—The subtree is included in the view.
• excluded—The subtree is excluded from the view.
Users
To add, edit, or delete SNMP users, click the Users tab.
• To add a user, click Add. Complete the fields that are described as
follows and click OK.
• To edit a user, click the radio button next to the user. Edit the fields that
are described as follows and click OK.
• To delete a user, click the radio button next to the user and click Delete.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 85
Page 86
Chapter 3 Configure Switch Features
Table 41 - Add User Fields
Field Description
User Name (Editable only when adding a user).
Enter a name to identify the user.
Valid length: 1…32 characters
Valid characters: ASCII characters from 33 …126
Security Level Choose a security level for the user:
• snmpNoAuthNoPriv—No authentication and no privacy.
• snmpAuthNoPriv—Authentication and no privacy.
• snmpAuthPriv—Authentication and privacy.
Authentication Protocol (Editable when the security level is snmpAuthNoPriv or snmpAuthPriv).
Choose an authentication protocol for the user:
• snmpNoAuthProtocol—No authentication protocol. This protocol is
automatically assigned when the security level is snmpNoAuthNoPriv.
• snmpMD5AuthProtocol—MD5 Message-Digest Algorithm authentication
protocol.
• snmpSHAAuthProtocol—Secure Hash Algorithm authentication protocol.
Authentication Password Enter an authentication password phrase.
Valid length for MD5 authentication protocol: 8…32 characters
Valid length for SHA authentication protocol: 8…40 characters
Valid characters: ASCII characters from 33…126
Enter a password within these guidelines:
• Must be at least eight alphanumeric characters long
• Must contain an uppercase character, a lowercase character, a special character
such as @$!%*+=_?&, and a number
• Is case sensitive
• Cannot contain a tab, nor space at the beginning or end
Privacy Protocol (Editable when the security level is snmpAuthPriv).
Choose a privacy protocol for the user:
• snmpNoPrivProtocol—No privacy protocol. This protocol is automatically
assigned when the security level is snmpNoAuthNoPriv or snmpAuthNoPriv.
• snmpDESPrivProtocol—Data Encryption Standard privac y protocol.
• snmpAESPrivProtocol—Advanced Encryption Standard privacy protocol.
Privacy Password Enter a privacy password phrase.
Valid length: 8…32 characters
Valid characters: ASCII characters from 33…126
Enter a password within these guidelines:
• Must be at least eight alphanumeric characters long
• Must contain an uppercase character, a lowercase character, a special character
such as @$!%*+=_?&, and a number
• Is case sensitive
• Cannot contain a tab, nor space at the beginning or end
Group
An SNMP group is an access control policy to which you can assign users. Each
SNMP group is associated with a security model and an SNMP view. A user
within an SNMP group must match the security model of the SNMP group.
These parameters specify what type of authentication and privacy a user within
an SNMP group uses. Each SNMP group name and security model pair must
be unique.
Users that you add on the Users tab automatically use the USM (SNMPv3)
security model.
86 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 87
Configure Switch Features Chapter 3
When you create a community, Device Manager automatically assigns the
community to one of the following default groups:
• default_ro_group for communities with read-only access
• default_rw_group for communities with read-write access
Two entries are added to the table on the Groups tab, one for version v1 and
one for version v2c.
If you delete a community, Device Manager automatically removes the
community from the group.
To add, edit, or remove SNMP groups, click the Group tab:
• To add a group, click Add. Complete the fields and click OK.
• To edit the name of a group, click the radio button next to the group.
Edit the name and click OK. You cannot edit the default RO/RW
groups.
• To delete a group, click the radio button next to the group and click
Delete. You cannot delete the default RO/RW groups.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 87
Page 88
Chapter 3 Configure Switch Features
Table 42 - Group Tab Fields
Field Description
Version (Not editable).
Displays the security model for the group:
•v1—SNMPv1
• v2c—SNMPv2c
• usm—SNMPv3 User-based Security Model (USM)
User or Community (Editable only when adding a group).
Enter the name of the user or community to assign to the group.
You must add users on the Users tab before you can assign them to a group.
Communities are automatically assigned to the default_ro_group or default_rw_group
when you create the community on the Community Strings tab.
Group Name Enter a name to identify the group.
Valid length: 1…32 characters
Valid characters: ASCII characters from 33…126
88 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 89
Configure Switch Features Chapter 3
Smartports
Smartports are recommended configurations for switch ports. These
configurations, referred to as Smartport roles, optimize the switch connections
and provide security, transmission quality, and reliability for traffic from the
switch ports. Smartport roles also help prevent port misconfigurations. You
can apply a Smartport role to a specific port or multiple ports.
IMPORTANT • Use Smartports immediately after the initial setup of the switch to
configure the switch ports before they connect to devices.
• Always verify that the correct Smartport Role is applied before you
connect a device to the port or reconnect a device that was moved.
• When you apply a Smartport role, some existing settings on the port are
removed.
• We recommend that you do not change the port settings after enabling
a Smartport role. Any such changes can alter the effectiveness of the
Smartport role.
The Smartport roles that are described in Ta b l e 4 3
are based on the type of
devices to be connected to the switch ports. For example, the Desktop for
Automation port role is specifically for switch ports to be connected to
desktop and laptop computers.
You can assign Smartport roles in Device Manager or the Logic Designer
application.
Table 43 - Smartport Roles
Role Description
Automation Device Apply this role to por ts to be connected to EtherNet/IP (Ethernet Industrial Protocol) devices. It can be used for industrial automation devices,
Multiport Automation Device Apply this role to ports connected to multiport EtherNet/IP devices. Devices include multiport EtherNet/IP devices that are arranged in a linear
Desktop for Automation Apply this role to ports to be connected to desktop devices, such as desktop computers, workstations, notebook computers, and other
Virtual Desktop for Automation Apply this role to ports connected to computer running virtualization software. Virtual Desktop for Automation can be used with devices
Switch for Automation Apply this role to ports to be connected to other switches with Spanning Tree enabled.
Wireless-automation-access (Available in Device Manager only). Apply this role to ports to be connected to wireless access points that use a single VLAN.
Wireless-automation-trunk (Available in Device Manager only). Apply this role to ports to be connected to wireless access points that use multiple VLANs.
such as logic controllers and I/O:
• Port is set to Access mode.
• Port security supports only one MAC address.
or daisy chain topology, the 1783-ETAP module (for connection to only the device port), unmanaged switches, such as the Stratix 2000, and
managed switches with Remote Spanning Tree Protocol (RSTP) disabled:
• Port is set to Access mode.
•No port security.
client-based hosts:
• Port is set to Access mode.
• Portfast enabled.
• Port security supports only one MAC address.
Do not apply to ports to be connected to switches, routers, or access points.
running up to two MAC addresses:
• Port is set to Access mode.
• Portfast is enabled.
• Port security supports two MAC addresses.
IMPORTANT: Do not apply the Virtual Des ktop for Automation role to port s that are connected to switches, router s, or access points.
Port is set to Trunk mode.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 89
Page 90
Chapter 3 Configure Switch Features
Avoid Smartport Mismatches
A Smartport mismatch occurs when an attached device does not match the
Smartport role that is applied to the switch port. Mismatches can have adverse
effects on devices and your network.
Mismatches can result in the following conditions:
• Affect the behavior of the attached device
• Lower network performance, such as the level of QoS on CIP, wireless,
and switch traffic
• Reduce restrictions on guest access to the network
• Reduce protection from denial-of-service (DoS) attacks on the network
• Disable or shut down the port
Assign Smartport Roles and VLANs in Device Manager
To assign Smartport roles and VLANs, follow these steps.
1. From the Configure menu, under Network, choose Smartports.
2. Check the checkbox next to the port to which to assign a Smartport role
and click Edit.
3. From the Role pull-down menu, choose the Smartport role to assign to
the port, or choose None to remove the assigned Smartport role.
For a description of Smartport roles, see Table 43 on page 89
4. From the Access VLAN or Native VLAN pull-down menu, choose a
VLAN to assign to the port.
5. Click Submit.
.
90 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 91
Configure Switch Features Chapter 3
Assign Smartport Roles and VLANs in the Logix Designer Application
To assign Smartport roles and VLANs, follow these steps.
1. In the navigation pane, click Smartports and VLANs.
2. Complete the fields that are described in Ta b l e 4 4
3. Click Set.
.
Table 44 - Smartport and VLAN Assignment Fields
Field Description
Port Displays the port type (Fa for Fast Ethernet) and number.
Smartport Choose the Smartport role to apply to the connected port. For descriptions of each role, see Table 43 on page 89
VLAN Type and ID
Native Choose the native VLAN ID for ports set to Switch for Automation. A native VLAN is for ports that can belong to multiple VLAN.
Access Choose the access VLAN ID for por ts set to Automation Device, Desktop for Automation, Phone for Automation, or Automation Device. An access
VLAN is for ports that can belong to only one VLAN.
Voice Not available in the current release.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 91
.
Page 92
Chapter 3 Configure Switch Features
Spanning Tree Protocol (STP)
STP is a Layer 2 link management protocol that provides path redundancy
while helping to prevent loops in the network. For a Layer 2 Ethernet network
to function properly, only one active path can exist between any two stations.
Multiple active paths among end stations cause loops in the network. If a loop
exists in the network, end stations can receive duplicate messages. Switches can
also learn end-station MAC addresses on multiple Layer 2 interfaces. These
conditions result in an unstable network. Spanning-tree operation is
transparent to end stations, which cannot detect whether they are connected to
a single LAN segment or a switched LAN of multiple segments.
The STP uses a spanning-tree algorithm to select one switch of a redundantly
connected network as the root of the spanning tree. The algorithm calculates
the best loop-free path through a switched Layer 2 network by assigning a role
to each port based on the role of the port in the active topolog y:
• Root—A forwarding port that is elected for the spanning-tree topology.
• Designated—A forwarding port that is elected for every switched LAN
segment.
• Alternate—A blocked port providing an alternate path to the root
bridge in the spanning tree.
• Backup—A blocked port in a loopback configuration.
The switch that has the Designated role or the Backup role assigned to all of its
ports is the root switch. The switch that has the Designated role assigned to at
least one of its ports is called the designated switch.
Spanning tree forces redundant data paths into a standby (blocked) state. If a
network segment in the spanning tree fails and a redundant path exists, the
spanning-tree algorithm recalculates the spanning-tree topology and activates
the standby path. Switches send and receive spanning-tree frames, called bridge
protocol data units (BPDUs), at regular intervals. The switches do not forward
these frames but use them to construct a loop-free path. BPDUs contain
information about the sending switch and its ports, including switch and
MAC addresses, switch priority, port priority, and path cost. Spanning tree
uses this information to elect the root switch and root port for the switched
network and the root port and designated port for each switched segment.
For more information about STP, see the IEEE 802.1D MAC Bridges
Standard.
92 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 93
Configure Switch Features Chapter 3
Spanning Tree Modes
The switch supports three Spanning Tree modes, as described in Ta b l e 4 5 .
Table 45 - Spanning Tree Modes
Mode Description
STP (Spanning Tree Protocol) Creates a spanning tree within a network of connected, Layer 2 switches
MSTP (Multiple Spanning Tree Protocol) Multiple VLANs are mapped to the same spanning-tree instance,
RSTP (Rapid Spanning Tree Protocol) Provides rapid convergence of the spanning tree through explicit
and disables links that are not part of the spanning tree. Creates a single
active path between any two network nodes.
reducing the number of spanning-tree instances that are needed to
support many VLANs.
MSTP is the default mode.
handshaking that minimizes the 802.1D forwarding delay and quickly
transitions root ports and designated ports to the forwarding state.
PortFast Features
PortFast features are typically enabled only on access ports. Access ports
connect to devices such as personal computers, access points, and servers that
are not expected to send bridge protocol data units (BPDUs). These features
are typically not enabled on ports that connect to switches because spanning
tree loops can occur.
Switches exchange special frames that are called BPDUs to communicate
network information, to track changes, and to create the STP topology.
Because transmitted BPDUs reveal network information and received BPDUs
can influence your STP topology, consider enabling BPDU Filtering and
BPDU Guard on your access ports. These features help prevent a rogue device
from interfering with your STP topology. However, we recommend that you
use these features with caution:
• BPDU Filtering—This PortFast feature blocks all sending and receipt of
BPDUs through all PortFast-enabled ports. This feature effectively
disables STP on these ports and loops can result. If a BPDU is received,
PortFast is disabled on the port and the global STP settings apply.
• BPDU Guard—This PortFast feature shuts down a port if it receives a
BPDU.
If you enable both of these features, BPDU Guard has no effect because BPDU
Filtering restricts the port from receiving any BPDUs.
Spanning tree requires an interface to progress through the listening and
learning states, to exchange information and establish a loop-free path before it
can forward frames. On ports that connect to devices such as workstations and
servers, you can allow an immediate connection. PortFast immediately
transitions the port into STP forwarding mode upon linkup.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 93
Page 94
Chapter 3 Configure Switch Features
Configure STP in Device Manager
To configure STP, follow these steps.
1. From the Configure menu, under Spanning Tree, choose STP Settings.
2. On the Global tab, configure STP system settings for all STP bridge
instances in the switch and click Submit.
IMPORTANT To change the Spanning Tree mode or the bridge priority affects
connectivity to the switch. You can only change one of these
settings at a time.
94 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 95
Configure Switch Features Chapter 3
Table 46 - Global Tab Fields
Field Description
Spanning Tree Mode Choose the STP mode to configure:
Bridge Priority Choose a bridge priority from the list of predefined values. The range is 0…61440.
MSTP Name (Appears only when the Spanning Tree Mode is MSTP).
MSTP Revision (Appears only when the Spanning Tree Mode is MSTP).
Hello Time Enter the interval between STP Bridge Protocol Data Units (BPDUs) to be sent. Valid range: 1…10 seconds
Forward Delay Enter the delay that is used by STP bridges to transit root and designated ports to forwarding (used in STP compatible
Max Age Enter the maximum age of the information that is transmitted by the bridge when it is the root bridge.
Maximum Hop Count Enter the initial value of the remaining hops for MSTI information that is generated at the boundary of an MSTI region. It
Transmit Hold Count Enter the number of BPDUs a bridge port can send per second. When this count is exceeded, transmission of the next BPDU
•STP
•MSTP
•RSTP
MSTP is the default mode.
For a description of each mode, see Table 45 on page 93
Lower numeric values have higher priority. The bridge priority plus the Multiple Spanning Tree Instances (MSTI) number,
concatenated with the 6-byte MAC address of the switch, forms a Bridge Identifier. For MSTP operation, the Bridge
Identifier is the priority of the Common and Internal Spanning Tree (CIST). Otherwise, it is the priority of the STP/RSTP
bridge.
Enter a name for the MSTP region. The name can have a maximum of 32 characters, which can include -, _, :, and . as
special characters. The default MSTP name is blank.
Enter a revision level for the MSTP region.
Valid range: 0…65535
Default: 0
The default interval is 2 seconds.
IMPORTANT: To change this parameter from the default value is not recommended and can have adverse effects on your
network.
mode).
Valid range: 4…30 seconds
Default:15 seconds
Valid range: 6…40 seconds, and Max Age must be <= (FwdDelay-1)*2.
Default: 20 seconds
defines how many bridges a root bridge can distribute its BPDU information to.
Valid range: 6…40 hops
Default: 20 hops
is delayed.
Valid range: 1…10 BPDUs per second
Default: 6 hops
.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 95
Page 96
Chapter 3 Configure Switch Features
3. To add a Multiple Spanning Tree (MST) instance and map VLANs to
the instance, click Add, enter the instance and VLAN numbers and click
OK.
You can add a maximum of seven MST instances. The default instance is
0.
All unmapped VLANs are mapped to instance 0. You cannot delete
instance 0.
4. On the Port Fast tab, specify the features to enable on all
PortFast-enabled ports and click Submit:
• To enable a feature, check Enable.
• To disable a feature, clear the Enable checkbox.
By default, all features are enabled.
Table 47 - Port Fast Fields
Field Description
BPDU Filtering Avoids transmitting BPDUs on PortFast-enabled por ts that are connected to an end system. When you enable PortFast on the device, spanning tree
BPDU Guard Helps prevent loops by moving a n on-trunki ng port i nto an errdis able state w hen a BPDU i s received on that port. When you enable BPDU guard on
Port Error Recovery Controls whether a port in the error-disabled state is automatically enabled after a certain time. If recovery is not enabled, ports must be disabled
Port Error Recovery Timeout Enter the time to pass before a port in the error-disabled state can be enabled.
places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states.
the switch, Spanning Tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking
state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs. If a PortFast-configured interface receives a BPDU, an invalid
configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface
back in service.
and re-enabled for normal STP operation. The condition is also cleared by a system restart.
Valid range: 30…6400 seconds (24 hours)
Default: 30
96 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 97
Configure Switch Features Chapter 3
5. To configure how STP is implemented on individual ports, click a row
in the Port-Interface Port Fast table, edit the settings, and click Save.
Table 48 - Port-Interface Port Fast Table Fields
Field Description
Port Name Displays the port t ype (Fa for Fast Ethernet) and number.
Port Type Displays whether the port is an access port, trunk port, or hybrid port.
STP Enabled Check STP Enabled to enable Spanning Tree Protocol on the port. By default, this setting is enabled.
Admin Edge Check Admin Edge to enable the PortFast feature on the port. PortFast enables the port to bypass the listening and learning states and move
Auto Edge Check Auto Edge to enable the port to transition to and from an edge port state automatically:
PathCost Mode Choose a mode to determine how the path cost incurred by the port:
Path Cost (Editable when PathCost Mode is Specific).
Priority Choose a priority to assign to the port. Priorit y can be used to control ports having identical Path Cost. The lower the priority number, the higher
Point-to-point Choose whether the por t connects to a point-to-point LAN rather than to a shared medium:
BPDU Guard Check BPDU Guard to cause the port to disable itself upon receiving valid BPDUs. The edge status of the port does not affect this setting.
Restricted Role Check Restricted Role to cause the root port not to be selected as the root port for the CIST or any MSTI, even if it has the best spanning tree
Restricted TCN Check Restricted TCN to cause the port not to propagate received topology change notifications (TCNs) and topology changes to other ports.
immediately to forwarding.
By default, this setting is disabled.
• When the port receives a BPDU, the port automatically transitions from an edge port state into an STP port.
• When the port stops receiving a BPDU, the port automatically becomes an edge port and transitions through the discarding and learning
states before resuming forwarding.
By default, this setting is enabled.
• Auto—Sets the path cost as appropriate by the physical link speed by using the 802.1D recommended values.
• Specific—Allows you to enter a user-defined value.
The default mode is Auto.
Enter the path cost to use when establishing the active topology of the network. Lower path cost ports are chosen as forwarding ports in favor of
higher path cost ports.
Valid range: 1…200000000
the priority.
Valid range: 0…240
Default: 128
• auto—The connection is automatically determined.
• forceFalse—The port connects to a shared medium.
• forceTrue—The port connects to a point-to-point LAN.
Transition to the forwarding state is faster for point-to-point LANs than for shared media.
The default method is auto.
By default, this setting is disabled.
priority vector. A port with this setting is selected as an alternate port after the root port has been selected.
IMPORTANT: If enabled, Restricted Role can cause a lack of spanning tree connectivity. A network administrator can use this setting to help
prevent bridges external to a core region of the network from influencing the spanning tree active topology. This feature is also known as Root
Guard.
By default, this setting is disabled.
IMPORTANT: If enabled, Restricted TCN can cause temporary loss of connectivity after changes in the active topology of a spanning tree as a
result of persistently incorrect learned station location information. A network administrator can use this setting to help prevent bridges external
to a core region of the network to cause flushing of addresses in that region.
By default, this setting is disabled.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 97
Page 98
Chapter 3 Configure Switch Features
Storm Control
A traffic storm occurs when packets flood the LAN. This flooding creates
excessive traffic and degrades network performance. You can configure the
Storm Control policer level, or rate, to help prevent disruption of LAN ports
by a unicast, multicast, or broadcast traffic storm on physical interfaces. Storm
Control is configured globally on the switch.
When storm control is enabled for the specified packet type and a storm is
detected, a syslog entry is generated. The interface remains up and drops all
unknown packets that exceed the configured policer rate. An unknown packet
is one for which the switch has no record of the MAC address or multicast
group that is associated with it. No actions, such as error-disable, can be
performed when a storm is detected.
When a storm is detected, an alarm appears in the Alarms area in the
lower-right corner of the Device Manager window. This alarm causes the
EIP Mod status indicator to flash red until the storm control condition is
cleared.
You can configure storm control in Device Manager.
To configure storm control, follow these steps.
1. From the Configure menu, under Security, choose Storm Control.
2. Click the row for the traffic type to configure.
3. To enable storm control for the traffic type, check Enable.
4. In the Rate field, enter the rate in packets per second (pps).
The valid range is 1…1024000 pps.
5. Click Save.
98 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Page 99
Configure Switch Features Chapter 3
Terminal Access Controller
Access Control System Plus/
Remote Authentication DialIn User Service (TACACS+/
RADIUS)
TACACS+ and RADIUS are two security protocols that are used to control
access to networks. The switch performs as a TACACS or RADIUS client to
authenticate and authorize users.
You can configure up to two servers each for TACACS and RADIUS.
TACACS+ uses TCP for communication between client and server, and
RADIUS uses UDP.
You must configure at least one TACACS or RADIUS server to be able to
select the TACACS or RADIUS AAA method for a user. Choose the
Authentication, Authorization, Accounting (AAA) method (Tacacs, Radius,
or local) for users on the Admin menu, Users page. See Table 18 on page 42
.
IMPORTANT Device Manager supports Admin (Privilege 15) and Read-Only (Privilege 5)
user privileges. Confirm that these privileges are specified in the TACACS or
RADIUS server configuration files.
You can configure a server or change server settings in Device Manager.
To access the settings, follow these steps.
1. From the Configure menu, under Security, choose Tacacs/Radius.
2. Click the tab for Tacacs or Radius to configure the server.
Table 49 - Tacacs+ Server Configuration Fields
Field Description
Enable Enter the server 1 or server 2 IP address to enable communication with the TACACS
IP Address Enter the IP address of the TACACS server.
Authentication Port Enter the TACACS server port number.
Timeout (in sec) Enter the time interval for the switch to wait for a response from the TACACS server
Secret Key Enter the secret key text string to provide encryption for the TACACS server
server.
Valid range: 1…65535
Default: 49
to reply before resending com munication.
Valid range: 1…1000
Default: 5
communications. The value is displayed as ****.
Rockwell Automation Publication 1783-UM009C-EN-P - September 2018 99
Page 100
Chapter 3 Configure Switch Features
Table 50 - Radius Server Configuration Fields
Field Description
Enable Enter the server 1 or server 2 IP address to enable communication with the RADIUS
server.
IP Address Enter the IP address of the RADIUS server.
Authentication Port Enter the RADIUS UDP destination port for authentication requests.
Default: 1812
Accounting Port Enter the RADIUS UDP destination port for accounting requests.
Default: 1813
Timeout (in sec) Enter the time inter val for the switch to wait for a response from the RADIUS server
to reply before resending com munication.
Valid range: 1…1000
Default: 5
Secret Key Enter the secret key text string to provide encryption for the RADIUS server
communications. The value is displayed as ****.
Virtual Local Area Networks (VLANs)
Stratix 2500 switches can segment your network into VLANs. A VLAN is a
logical segment of the network that isolates traffic types and helps prevent
collisions among data packets. The isolation of different types of traffic helps to
preserve the quality of the transmission and to minimize excess traffic among
the logical segments. VLANs can also reduce the amount of administrative
effort that is required to examine requests to network resources.
Devices that are attached to the switch ports in the same VLAN can
communicate only with each other and can share data. Devices that are
attached to switch ports in different VLANs cannot communicate with each
other through the switch, unless the switch is configured for routing. A Layer 3
switch or router must be configured to enable routing across multiple VLANs
and additional security policies must be set. If your network is using a DHCP
server, make sure that the server is accessible to the devices in all VLANs.
We recommend that you first determine your VLAN needs before creating
VLANs. For more information about VLANs, refer to these publications:
• Converged Plantwide Ethernet (CPwE) Design and Implementation
Guide, publication ENET-TD001
• Ethernet Design Considerations, publication ENET-RM002
100 Rockwell Automation Publication 1783-UM009C-EN-P - September 2018
Loading...