Comnet RLGE2FE16R User Manual

INSTALLATION AND OPERATION MANUAL

RLGE2FE16R

Substation-Rated, Enhanced Security Scada-Aware Ethernet
Layer 2 Managed Switch/Layer 3 Router With Optional 2G/3G
& 4G LTE Cellular Radio Link, Enhanced Network Security,
Terminal Server, PoE+, and 100FX SFP Ports

ComNet product series RLGE2FE16R are substation-rated and industrially hardened
layer 2 managed switches/layer 3 routers, with a unique and highly robust
packet processing SCADA-aware security firewall for the most mission-critical and
demanding cyber-security applications. The RLGE2FE16R is intended for deployment
in environments where high levels of electromagnetic noise and interference (EMI)
and severe voltage transients and surges are routinely encountered, such as electrical
utility substations and switchyards, heavy manufacturing facilities, track-side electronic
equipment, and other difficult out-of-plant installations. Layer 3 routing functionality
allows for the participation and foundation of a core network infrastructure.

The RLGE2FE16R is an ideal platform for deploying a secure communications and
networking gateway for remote electrical utility sites, and other critical infrastructure
applications.

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Contents

About This Guide 14

Intended Audience 14

Related Documentation 15

About ComNet 15

Website 15

Support 15

Safety 15

Overview 16

Introduction 16

Key Features 16

Hardware and Interfaces 19

Graphic View of Hardware 22

22

Distance kept for natural air flow 23

Logical Structure 24

Grounding 24

Connecting to a Power Source 25

Power Budget 26

Management over Console 26

Connecting to Device 26

Terminal 27

SSH 28

Configuration Environment 29

Command Line Interface 29

Command Line navigation 30

Dynamic Completion of Commands 31

TECH SUPPORT: 1.888.678.9427

Help (?) 31

Keyboard Shortcuts 32

Supported Functionalities 33

System Default state 36

Root Commands 37

Root Commands Description 38

GCE Commands 39

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 2

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

GCE Commands Description 42

ACE Commands 46

Main Show Commands 47

System Version and Data Base 51

Configuration Database 51

OS VERSION 52

Running Configuration 53

Example upgrade the OS from USB 54

Example upgrade the OS from SFTP 55

Example export db and logs 56

Example handling DB files on flash 56

Example Import DB from TFTP 57

Safe Mode 58

SW Image upgrade and Recovery 59

Install OS image update from a USB 60

Installing First OS image from a USB 64

System Database Import/ Export 65

Port Interfaces 68

Port addressing 68

A Logical View Of Ports 68

Enabling Ports 69

ACE Ports 69

Default state 69

Vlan assignment 70

Ports FE 0/9-0/16 70

POE Ports 71

Power Management of POE 72

Mode of PoE 72

POE command Hierarchy 73

Controlling Ports 74

Ports command Hierarchy 74

TECH SUPPORT: 1.888.678.9427

POE Commands Description 73

Storm Control 74

Rate Limit Output 74

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 3

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Port Commands Description 75

Port Configuration Example 77

Configuration Output Example 77

Login and Management 79

Login Authentication Hierarchy 79

Login Authentication Commands Description 80

Examples 81

Privilege level 82

Commands Description 82

Serial Console Port 83

Connecting to the Console Port 83

CLI Console Commands 84

Management 84

Commands Hierarchy 85

Commands Description 87

System Alias 89

CLI Pagination 90

MAC-Address Table (FDB) 91

Port Mac Learning and limit 91

Commands Hierarchy 91

Configuration Example, Static MAC entry 92

Example, exceeding MAC limit at a port 92

IP ARP Table 93

Commands Hierarchy 93

Commands Description 93

Configuration Example 94

VLAN 95

VLANs of System Usage 96

TECH SUPPORT: 1.888.678.9427

VLAN Range of NMS Usage 96

VLAN Configuration Guidelines 96

VLAN Default State 96

Vlan Ports 97

Enabling VLAN 97

Vlan command Hirarchy 98

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 4

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

IP Interfaces 101

GCE IP Interfaces 101

Commands Hierarchy 102

Commands Description 103

Default state 103

Static and Dynamic switch Default IP Address assignment 105

ACE IP Interfaces 106

ACE IP Interface Commands Hierarchy 107

ACE IP Interface Commands Description 107

Example for creating ACE IP Interface 108

Diagnostic 109

System Environment 109

RMON 110

System logs export 112

Commands Hierarchy 112

Capture Ethernet service traffic 113

Commands Hierarchy 113

Commands Description 114

Example 114

DDM 115

Debugging 119

Commands Hierarchy 119

Commands Description 120

Syslog 120

The Priority indicator 121

GCE Message Format 122

ACE Message Format 122

ACE Message severity 122

Firewall TCP SCADA Protocols 123

TECH SUPPORT: 1.888.678.9427

Firewall Serial SCADA Protocols 124

DM-VPN logs 127

Cellular logs 128

Alarm Relay logs 130

Commands Hierarchy 131

Commands Description 132

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 5

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Configuration Example 133

Output example 134

Alarm Relay 135

ALARM Interface 135

Supported Alarms 138

Commands Hierarchy 139

Commands Description 140

Monitor Session 141

Commands Hierarchy 141

Commands Description 141

ACE Watchdog 141

Commands Hierarchy 142

Commands Description 142

SNMP 143

Supported traps 143

SNMP command Hierarchy 143

SNMP Command Description 144

Clock and Time 148

Local Clock 148

Commands Description 149

SNTP 150

SNTP Commands Descriptions 151

SSH 156

SSH Command Hierarchy 156

SSH Commands Descriptions 157

DHCP Client and Snooping Commands Hierarchy 158

DHCP Server 159

DHCP Server Commands Hierarchy 159

TECH SUPPORT: 1.888.678.9427

DHCP Relay Commands Description 160

Example 161

DHCP Client 162

DHCP Server show outputs 162

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 6

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

DHCP Relay 165

DHCP Relay GCE Command Hierarchy 165

DHCP Relay GCE Commands Description 166

DHCP Relay ACE Command Hierarchy 167

DHCP Relay ACE Commands Description 168

Example, GCE DHCP Relay 169

RADIUS Command Hierarchy 173

RADIUS Commands Descriptions 174

TACACS 176

Default Configurations 177

TACACS Command Hierarchy 177

TACACS Commands Descriptions 178

Configuration Example 179

802.1x 180

802.1x Commands Hierarchy 180

802.1x Commands Descriptions 181

Examples 183

IGMP Snooping 185

IGS Commands Hierarchy 185

IGS Commands Descriptions 186

Example 188

AC Ls 190

ACL Flow validation at a port 190

ACL Commands Hierarchy 192

ACL Commands Descriptions 193

QOS 205

QOS Commands Hierarchy 205

QOS Commands Descriptions 207

TECH SUPPORT: 1.888.678.9427

Packet Queue Assignment 211

Set VPT or DSCP 213

Setting a Scheduling Algorithms 216

Traffic Filtering at Ingress 217

Setting a Shaper per Egress Port 217

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 7

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Link Aggregation 218

LAG command Hierarchy 220

LAG Commands Descriptions 221

Example 222

STP 224

STP Description 225

Bridge ID and Switch Priority 226

Election of the Root Switch 227

STP Commands Hierarchy 228

STP Commands Descriptions 229

RSTP/MSTP 232

RSTP Description 232

Port States 232

Port Roles 232

Rapid Convergence 233

Proposal Agreement Sequence 233

Topology Change and Topology Change Detection 235

Default Configurations 235

Setting Spanning Tree Compatibility to STP 236

Configuring Spanning Tree Path Cost 238

Configuring Spanning Tree Port Priority 241

Configuring Spanning Tree Link type 244

Configuring Spanning Tree Portfast 245

Configuring Spanning Tree Timers 246

Enhanced RSTP 247

Method of operation 247

Commands Descriptions 249

LLDP 250

LLDP Commands Hierarchy 251

TECH SUPPORT: 1.888.678.9427

LLDP Commands Descriptions 252

Example 1 257

Show LLDP 260

Example 2 261

Show LLDP 262

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 8

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

1588v2 Precision Time Protocol 264

1588 Commands Hierarchy 264

1588 Commands Descriptions 265

Example 1 266

Configuration 266

Example 2 269

OAM CFM 272

CFM Command Hierarchy 272

CFM Commands Descriptions 273

ERPS 278

ERPS Commands Hierarchy 278

ERPS Commands Descriptions 280

Configuration validation 298

Verifying setup state 299

Discrete IO Channels 303

Discrete channel interfaces 303

Hardware 304

Modbus/TCP 304

Electric data 304

Discrete IO Channels Commands Hierarchy 305

Discrete Interfaces Commands 305

Example 306

NAT 308

Networking 308

NAT Commands Hierarchy 309

NAT Commands Description 309

Example, Fixed Network 310

Example, Cellular Network 313

OSPF 315

TECH SUPPORT: 1.888.678.9427

OSPF GCE Commands Hierarchy 315

OSPF GCE Commands Descriptions 318

OSPF ACE Commands Hierarchy 326

OSPF ACE Commands Descriptions 327

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 9

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

VRRP 334

VRRP Commands Hierarchy 334

VRRP Commands Descriptions 335

RIPv2 344

GCE RIP Commands Hierarchy 344

GCE RIP Commands Descriptions 345

ACE RIP Commands Hierarchy 346

ACE RIP Commands Descriptions 347

Example 348

Serial Ports and Services 351

Serial interfaces 352

Services configuration structure 352

Serial Commands Hierarchy 353

Serial Commands Description 355

Declaration of ports 358

Default State 358

System default VLAN 4093 358

Serial default VLAN 4092 359

RS-232 Port Pin Assignment 360

RS-232 Serial cable 361

LED Indicators 362

ACE QOS 362

ACE QOS Commands Hierarchy 362

ACE QOS Commands Descriptions 362

Example QOS for Serial Tunneling 363

Transparent Serial Tunneling 365

Concept of Operation 365

Supported Network topologies 366

Point to Point 366

TECH SUPPORT: 1.888.678.9427

Point to multipoint point 367

Multi Point to multipoint point 368

Modes of Operation 368

Bitstream 369

Service Buffer Mode 369

Service Connection Mode 370

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 10

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Addressing Aware Modes 370

Reference drawing 371

Serial Traffic Direction 372

Allowed latency 372

Bus Idle Time 373

Bits for Sync 373

RS-232 Control lines 374

Modes of operation 374

Terminal Server 380

Terminal Server service 380

Service Buffer Mode 381

Terminal Server Commands Hierarchy 383

Terminal Server Commands 385

Example: Networking 390

Modbus Gateway 392

Implementation 392

Modbus Gateway Commands Hierarchy 393

Modbus Gateway Commands Description 394

Example 395

DNP3 Gateway 398

Example 398

Protocol Gateway IEC 101 to IEC 104 400

Modes of Operation 401

IEC101/104 Gateway properties IEC 101 402

IEC101/104 Gateway Configuration 403

Gateway 101/104 Configuration Flow 404

Gateway 101/104 Commands Hierarchy 406

Gateway 101/104 Commands 408

VPN 412

TECH SUPPORT: 1.888.678.9427

Background 412

Modes supported 412

Layer 2 VPN 412

DM-VPN 414

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 11

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

IPSec-VPN 416

L2-VPN Commands Hierarchy 418

L2-VPN Commands 419

DM-VPN Commands Hierarchy 419

IPSec-VPN Transport mode Commands Hierarchy 420

IPSec-VPN Transport mode Commands 421

IPSec 421

ISAKMP Phase 2 429

IPSec Commands Hierarchy 432

IPSec X.509 Commands Hierarchy 433

IPsec Commands 433

IPSec defaults 438

Cellular Modem 439

LTE Modem 439

GPRS/UMTS Modem 440

Hardware 440

Cellular modem as a USB device 441

Interface Name 441

Method of operation 442

L3 IPSec VPN 442

SIM card state 443

Backup and redundancy 445

Cellular Commands Hierarchy 448

Cellular Commands Description 449

Default State 450

LED Indicators 451

Example for retrieving the IMEI 451

Example: Sim Status 452

Example: Cellular Watch Dog 454

VPN Setup Examples 458

TECH SUPPORT: 1.888.678.9427

L2 VPN over Layer 3 cloud 458

Network drawing, part A 459

Configuration 459

Spoke 461

Network drawing, part B 464

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 12

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Configuration 464

IPSec VPN over Layer 3 cloud 468

Configuration 469

L2 VPN over Cellular Setup 474

Adding Terminal server service 481

Adding an IEC 101/104 service 482

Adding serial tunneling service 483

DM-VPN over Cellular Setup 485

Network drawing 486

Configuration 487

Adding a terminal server service 491

Adding a transparent serial tunneling service 492

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 13

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

About This Guide

This user guide includes relevant information for utilizing the Reliance RLGE2FE16R line of switches.

The information in this document is subject to change without notice and describes only the
product defined in the introduction of this document.

This document is intended for the use of customers of ComNet only for the purposes of the
agreement under which the document is submitted, and no part of it may be reproduced or
transmitted in any form or means without the prior written permission of ComNet.

The document is intended for use by professional and properly trained personnel, and the
customer assumes full responsibility when using it.

If the Release Notes that are shipped with the device contain information that conflicts with the
information in this document or supplements it, the customer should follow the Release Notes.

The information or statements given in this document concerning the suitability, capacity, or
performance of the relevant hardware or software products are for general informational purposes
only and are not considered binding. Only those statements and/or representations defined in the
agreement executed between ComNet and the customer shall bind and obligate ComNet.

ComNet however has made all reasonable efforts to ensure that the instructions contained in this
document are adequate and free of material errors. ComNet will, if necessary, explain issues which
may not be covered by the document.

ComNet sole and exclusive liability for any errors in the document is limited to the documentary
correction of errors. ComNet is not and shall not be responsible in any event for errors in

this document or for any damages or loss of whatsoever kind, whether direct, incidental, or
consequential (including monetary losses), that might arise from the use of this document or the

information in it.

This document and the product it describes are the property of ComNet, which is the owner of all
intellectual property rights therein, and are protected by copyright according to the applicable laws.

Other product and company names mentioned in this document reserve their copyrights,
trademarks, and registrations; they are mentioned for identification purposes only.

Copyright © 2016 Communication Networks, LLC. All rights reserved.

Intended Audience

This user guide is intended for network administrators responsible for installing and configuring
network equipment. Users must be familiar with the concepts and terminology of Ethernet and
local area networking (LAN) to use this User Guide.

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 14

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Related Documentation

The following documentation is also available:

» RLGE2FE16R Data sheet
» RLGE2FE16R Quick Start Guide
» RLGE2FE16R_ES Enhanced Security Software Options Manual
» SFP Modules Data sheet

About ComNet

ComNet develops and markets the next generation of video solutions for the CCTV, defense, and
homeland security markets. At the core of ComNet’s solutions are a variety of high-end video
servers and the ComNet IVS software, which provide the industry with a standard platform for
analytics and security management systems enabling leading performance, compact and cost
effective solutions.

ComNet products are available in commercial and rugged form.

Website

For information on ComNet’s entire product line, please visit the ComNet website at

http://www.comnet.net

Support

For any questions or technical assistance, please contact your sales person (sales@comnet.net) or
the customer service support center (techsupport@comnet.net)

Safety

» Only ComNet service personnel can service the equipment. Please contact ComNet Technical

Support.

» The equipment should be installed in locations with controlled access, or other means of

security, and controlled by persons of authority.

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 15

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Overview

Introduction

The ComNet Service-aware Industrial Ethernet switches combine a ruggedized Ethernet platform
with a unique application-aware processing engine.

As an Industrial Ethernet switch the Reliance RLGE2FE16R switches provide a strong Ethernet and
IP feature-set with a special emphasis on the fit to the mission-critical industrial environment such
as fit to the harsh environment, high reliability and network resiliency.

In addition, the ComNet switches have unique service-aware capabilities that enable an integrated
handling of application-level requirements such as implementation of security measures.

Such an integrated solution results in simple network architecture with an optimized fit to the
application requirements.

Figure 1 - Illustration of ComNet RLGE2FE16R

Key Features

The Reliance RLGE2FE16R devices offer the following features (subject to configuration options):

» Service aware security of industial control protocols
» Wire speed, non-blocking Layer 2 switching
» Dynamic and static layer 3 routing
» Compact systems with flexible ordering options of interfaces type /quantity
» Advanced Ethernet and IP feature-set
» Integrated Defense-in-Depth tool-set
» Ethernet and Serial interfaces
» Cellular mode
» Fit to harsh industrial environment
» Supported by a dedicated industrial service configuration tool (RLConfig)

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 16

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Conventions Description

commands CLI and SNMP commands

command example

<Variable> user-defined variables

(numerical variable) numerical variable

{mandatory command parameters} CLI syntax

[Optional Command Parameters] CLI syntax

Seamless & Reliable Connection to Any Network

The RLGE2FE16R provides connectivity to any copper, fiber optic, or cellular radio-based
Ethernet network. Fiber optic networks are supported by the use of two 100/1000FX SFP
uplink ports. The optional highly resilient 2G/3G/4G LTE cellular radio uplink with 2 SIM card
slots for network redundancy, is ideal where fiber optic infrastructure is not available, and may
be used as a back-up link for those applications where interruption of service is not tolerable.
The 8 optional 100 Mbps SFP communications ports provide a simple to implement aggregation
capability to the user’s network.

CLI and SNMP examples

Extremely Effective Network Security

The RLGE2FE16R is available with two different levels of network security software: Standard
Security; or Enhanced Security, for the most mission-critical applications.

Standard Security Software Package Version:

Service Gateway – The RLGE2FE16R service gateway includes a highly robust application layer,
and provides legacy support, an enterprise-class firewall, serial tunnelling, protocol gateway,
and extremely effective encryption technologies. The service gateway offers a uniquely
capable feature set which may serve as the hardware foundation to a secure industrial controls
network, and includes Protocol Gateway, VPN, and IPsec features.

Protocol Gateway – Gateway functionality between a DNP3 TCP client (local) and a DNP3 Serial
RTU, IED, PLC, or other compatible device is supported. This same functionality is supported
across MODBUS TCP to MODBUS RTU, and IEC 61850 101/104 TCP to IEC 61850 101/104 RTU.
This level of protocol conversion allows legacy protocols to be secured by enterprise and
industry best practice level encryption across a TCP IP-based network.

VPN – VPN tunnels are included for secure inter-site connectivity with IPsec, DM-VPN, and VPN
GRE tunnels with key management certificates. The supported VPN modes allow both layer-2
and layer-3 services, to best suit the user’s application-specific cyber-protection needs.

IPSec – Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP)
communications by authenticating and/or encrypting each IP packet of a communication
session. IPsec-VPN as well as IPsec encryption are supported over other VPN technologies.
By implementing this level of industry-accepted encryption, data may traverse the network in
a guaranteed delivery method, as well as providing a cohesive and secure methodology for
network communication across legacy and modern networks.

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 17

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Ease of Installation and Network Integration

High levels of cyber-security experience are not required to successfully deploy the
RLGE2FE16R. It is fully supported by ComNet’s Reliance Product Configuration Utility and
CLI, allowing the secure switch/router to be easily configured, and to diagnose network and
security functions.

Configuration of the secure firewall is also simple. Once connected to the user’s network,
the RLGE2FE16R immediately begins to collect and analyse information across the network,
including from other connected devices, traffic behavior, etc. Recommended firewall rules are
then suggested to the user; the implementation of these rules is optional, and they can be
easily edited using the Configuration Utility.

OAM (IEEE 802.3-2005 & IEEE 802.1ag) and QoS are also supported. Strict priority, Weighted
Round Robin (WRR), ingress policing, and egress traffic shaping are included for traffic
management.

Product Options

Enhanced Security Software Option – Includes all of the security features of the Standard
Security version, plus: Identity management and authentication proxy access (APA), event
logger, IPsec authentication with certificates, cyber-physical Integration, enhanced SCADA­aware firewall, and DPI (Deep Packet Inspection) SCADA protocols firewall. This manual does
not cover Enhanced Security Software Options.

Cellular Radio Option – An internal 2G/3G/4G LTE GPRS/UMTS cellular radio modem, with 2
SIM card slots for maximum network reliability and availability. All world-wide cellular radio
frequency bands are supported.

Serial Data Interface Option – The 4-port serial interface is available for applications including
terminal server with protocol gateway and serial tunnelling functionality, and provides direct
connectivity to legacy RS-232 serial data IEDs, RTUs, and other devices.

PoE (Power over Ethernet) Option – 30 watts per port is available for 8 of the RJ-45 Ethernet
communications ports, and is compliant with the IEEE 802.3at specification.
The maximum PoE load per switch is dependant on the voltage type ordered and is shared
across ports 1-8 only. Please refer to the PoE Power Management section for further details.

100 Mbps SFP Option – Includes (8) 100 Mbps SFP ports for network aggregation applications.
Provides (8) 10/100 Mbps copper/RJ-45 communications ports; (8) 100 Mbps SFP ports; and (2)
100/1000 Mbps SFP uplink ports. Note: This option deletes the cellular radio option, as well as
the serial interfaces option.

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 18

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Hardware and Interfaces

Depending on the RLGE2FE16R hardware variant ordered your switch will hold physical Ethernet
and Serial ports.

» Serial, RJ45 ports, support RS-232. Max 4 ports
» Ethernet RJ45 copper ports are 10/100 FE. Max 16 ports
» Ethernet SFP based ports are 10/100 FE. Max 8 ports.
» Ethernet SFP based ports are 100/1000 GE. Max 2 ports.

Ordering options of Hardware

RLGE2FE16R/S variants do not support the following features:

- APA

- IPSEC X.509

- Event Logger

- Application Aware Firewall
These features are only supported in RLGE2FE16R/E models

RLGE2FE16R Standard Security Models

Part Number Description

RLGE2FE16R/S/XX/28³ RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX

RLGE2FE16R/S/XX/28/S22³ RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 4 × RS-232

RLGE2FE16R/S/XX/28/CGU³

RLGE2FE16R/S/XX/28/CH+³ RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 2G/3G HSPA+ Cellular Modem

RLGE2FE16R/S/XX/28/CNA³

RLGE2FE16R/S/XX/28/CNA³

RLGE2FE16R/S/XX/28/CEU³ RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 4G LTE Cellular Modem (EU Bands)

RLGE2FE16R/S/XX/28/S22/CGU³

RLGE2FE16R/S/XX/28/S22/CH+³

RLGE2FE16R/S/XX/28/S22/CNA³

RLGE2FE16R/S/XX/28/S22/CEU³

RLGE2FE16R/S/XX/28P³ RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+

RLGE2FE16R/S/XX/28P/S22³ RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 4 × RS-232

RLGE2FE16R/S/XX/28P/CGU³

RLGE2FE16R/S/XX/28P/CH+³ RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 2G/3G HSPA+ Cellular Modem

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 2G/3G GPRS/UMTS Cellular
Modem

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 4G LTE Cellular Modem (NA
Bands)

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 4G LTE Cellular Modem (NA
Bands)

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 4 × RS-232, 2G/3G GPRS/UMTS
Cellular Modem

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 4 × RS-232, 2G/3G HSPA+
Cellular Modem

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 4 × RS-232, 4G LTE Cellular
Modem (NA Bands)

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 4 × RS-232, 4G LTE Cellular
Modem (EU Bands)

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 2G/3G GPRS/UMTS
Cellular Modem

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 19

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Part Number Description

RLGE2FE16R/S/XX/28P/CNA³

RLGE2FE16R/S/XX/28P/CEU³

RLGE2FE16R/S/XX/28P/S22/CGU³

RLGE2FE16R/S/XX/28P/S22/CH+³

RLGE2FE16R/S/XX/28P/S22/CNA³

RLGE2FE16R/S/XX/28P/S22/CEU³

RLGE2FE16R /S/ XX /216³ RLGE2FE16R with 2 × 100/1000 FX SFP, 16 × 10/100 TX

RLGE2FE16R /S/ XX /216P ³ RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 8 × 10/100 TX

RLGE2FE16R/S/XX/288³ RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 8 × 100 FX SFP

RLGE2FE16R/S/XX/288P³ RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 8 × 100 FX SFP

[3] XX in above part codes is a placeholder for one of the options from the following power input table

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 4G LTE Cellular Modem
(NA Bands)

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 4G LTE Cellular Modem
(EU Bands)

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 4 × RS-232, 2G/3G GPRS/
UMTS Cellular Modem

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 4 × RS-232, 2G/3G HSPA+
Cellular Modem

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 4 × RS-232, 4G LTE Cellular
Modem (NA Bands)

RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 4 × RS-232, 4G LTE Cellular
Modem (EU Bands)

Power Input Option Code Description

12 Dual Redundant 9 to 18 VDC Inputs

24 Dual Redundant 18 to 32 VDC Inputs

48 Dual Redundant 36 to 60 VDC Inputs

11 Dual Redundant 85 to 165 VDC Inputs

AC Single 90 to 250 VAC Input

RLGE2FE16R Standard Security Models 220 VDC

Part Number Description

RLGE2FE16R/S/22/28 RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 220 VDC

RLGE2FE16R/S/22/28P RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 220 VDC

RLGE2FE16R /S/22/216 RLGE2FE16R with 2 × 100/1000 FX SFP, 16 × 10/100 TX, 220 VDC

RLGE2FE16R /S/22/216P RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 8 × 10/100 TX, 220 VDC

RLGE2FE16R/S/22/288 RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX, 8 × 100 FX SFP, 220 VDC

RLGE2FE16R/S/22/288P RLGE2FE16R with 2 × 100/1000 FX SFP, 8 × 10/100 TX PoE+, 8 × 100 FX SFP, 220 VDC

RLGE2FE16R Enhanced Security Models

Part Number Description

RLGE2FE16R /E

Replace /S with /E in part code for Enhanced Security software package (refer to the Enhanced
Security Manual)

Options

Optional Part No Description

ANT3G-2M 2G/3G External Grade Cellular Antenna with 2M cable (1 required per switch)

ANT3G-5M 2G/3G External Grade Cellular Antenna with 5M cable (1 required per switch)

ANT4G - 2M 4G LTE External Grade Cellular Antenna with 2M cable (2 required per switch)

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 20

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Optional Part No Description

ANT4G - 5M 4G LTE External Grade Cellular Antenna with 5M cable (2 required per switch)

Power Supply 12 V, 24 V or 48 VDC DIN Rail power supply

Conformal Coat Add suffix ‘/C’ for Conformally Coated Circuit Boards to extend to condensation conditions

SFP Modules¹ User selection of ComNet SFP (See SFP Modules data sheet for product numbers and compatibility)

DINBKT3 19-inch rack mount panel adapter

If using an RLGE2FE16R unit with cellular modem, please make sure to select the correct configuration
of active USB device for your purposes. Refer to the Cellular modem as a USB device section.

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 21

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Graphic View of Hardware

10 11

1

4

8

2

5

6

3

7

Figure 2 – R/S/22/28 Variant

Table 1 – RLGE2FE16R Physical Feature Descriptions

Call-out Description

1

Antenna Female Connection

2

RS-232 Ports 1 - 4, Link/Activity (L/A) LED Indicators

3

SIM Card Ports 1 - 2

12

9

13

4

Power LED Indicator

5

10/100 TX Ports 1 - 8 with Optional PoE, Link/Activity (L/A) and Speed LED Indicators

6

RUN and ALM LED Indicators

1000 FX SFP Ports 1- 2 (Fiber Type and Quantity are dependent on installed SFP)

7

SFP Port Link Status and SFP Port Link Speed LED Indicators

8

Console Interface

9

Dry Contact DI/DO Interface

10

USB Interface

11

Alarm Interface

12

Chassis GND Lug

13

Redundant Power Interfaces

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 22

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

There are several physical varations of this product series dependent on the options selected.

Bottom View

(DC 8TX Model Shown)

DC Models

8TX Ports

DC Models

16TX Ports

DC Models

8TX + 8SFP Port s

AC Models

Side View, All Models

Distance kept for natural air flow

Proper installation depends on natural air flow for cooling. You must maintain a 10cm distance
above and below the ComNet switch for proper air flow.

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 23

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Logical Structure

Application Router

ACE

Gi 0/4

Switch / Router Packet Processor

GCE

Fa 0/1 Fa 0/2 Fa 0/3 Fa 0/4 Fa 0/5 Fa 0/6 Fa 0/7 Fa 0/8 Gi 0/1

Figure 4 - Logical system view, illustration

Gi 0/3 CEL 2G/3G

232

232

232

232

Serial

Processor

S1

S2

S3

S4

Gi 0/2

Grounding

To install the grounding wire:

» Prepare a minimum 10 American Wire Gauge (AWG) grounding wire terminated by a crimped

two-hole lug. Use a suitable crimping tool to fasten the lug securely to the wire. Adhere to your
company’s policy as to the wire gauge and the number of crimps on the lug.

» Apply some anti-oxidant onto the metal surface.
» Mount the lug on the grounding posts, replace the spring-washers and fasten the bolts. Avoid

using excessive torque.

CAUTION – Do not remove the earth connection unless all power supply connections are

disconnected.

DANGER – Before connecting power to the platform, make sure that the grounding posts are

firmly connected to a reliable ground, as described below.

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 24

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Connecting to a Power Source

Wiring DC Input voltage feed

Input voltage can be either AC or DC depending on the specific module you purchased. Please
take care to notice the label on the back of the module.

For the DC version there are 2 connection inputs, marked as “PWR A” and “PWR B”. For proper
operation it is only necessary to connect one power source, either to “PWR A” or to “PWR B”.
However, for redundancy purposes you may connect 2 different power sources one at “PWR A”
and the second to “PWR B”.

For wiring the voltage an opposite plug connector (2 pcs) is supplied.

Wiring AC Input voltage connector

For an AC product variant there is a single input connector.

Use a Brown wire for the Line (Phase) conductor, a Green/Yellow for the grounding and a Blue wire
for the Neutral conductor. use 18AWG (1mm2) wire, with insulated ferrules.

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 25

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Power Budget

The following table details power consumption of the Hardware variants with cellular and serial
interfaces.

Unit Power feed Max Power [Watt] Version without POE ports Max Power [Watt] Version with POE ports

12vDC 18.5 80

24vDC 18.5 100

48vDC 18.5 140

110 vD C 18.5 120

220vDC 18.5 120

110 vAC 20.35 141

220vAC 20.35 141

Management over Console

Connecting to Device

» Device is capable of being first set up via either the console port, or via an SSH connection
» Default Username and Password

› Username: su

› Password: 1234
» Default all ports act as a flat switch, with all ports as members of VLAN 1
» VLAN 1 set to hold an IP interface by default
» Default Management IP:

› 10.0.0.1/8

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 26

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Terminal

» Power on device (Boot may take up to 3 minutes). PWR light should be green
» Console into Device

∙ Connect to CON port using the white ComNet Console Cable. Other console cables will

not work as they have a different pinout.

∙ Connect to to serial port of PC, or use Serial to USB cable. (Drivers may need to be

installed)

∙ Terminal Serial Connection

1. Install and open terminal software

2. Setup terminal for serial session

3. Determine correct COM port on PC (Device manager)

4. Enter correct COM port, enter correct baud rate speed (Default 9600)

5. Click Open to start session with device

∙ Press enter if screen is blank
∙ Default login username su, password 1234 (password will be invisible)

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 27

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

SSH

» SSH Connection to Device

› Setup PC network to be on the same as the default management network

∙ Example PC Setup:

∙ IP Address of PC: 10.0.0.51
∙ Subnet mask: 255.0.0.0
∙ Gateway: 10.0.0.1 (Optional)

» Ping management VLAN IP: 10.0.0.1
» From any terminal session type: ssh su@10.0.0.1
» Default login username su, password 1234 (password will be invisible)

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 28

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Configuration Environment

Two CLI based configuration environments are available for the user, these are:

» Global Configuration Environment (GCE)
» Application Configuration Environment (ACE)

These two environments are complementing each other and allowing each a set of supported
interfaces, network tools and management. At the RLGE2FE16R infrastructure, the GCE and ACE
are representing two different software processing areas. The physical and logical communication
between these areas are done by internal switching /routing using the Ethernet gigabit ports Gi
0/3 and Gi 0/4. These are known as the ACE ports.

For additional information about the ACE ports see chapter ACE ports.

Command Line Interface

The CLI (Command Line Interface) is used to configure the RLGE2FE16R from a console attached
to the serial port of the switch or from a remote terminal using Telnet or SSH. The following table
lists the CLI environments and modes.

Table 3-1: Command Line Interface

Command
Mode

Root Following user log in this mode

Global
Configuration
Environment
(GCE)

Global
Hierarchy
Configuration

Application
Configuration
Environment
(ACE)

Application
Hierarchy
Configuration

Access Method Prompt Exit Method

is available to the user.

Use the command config to
enter the Global Configuration
mode.

From the Global Configuration
mode command you may drill
down to specific feature sub
tree. Example is shown here for
interface configuration sub tree.

Use the “application connect”
from the Privileged mode
to enter the application
configuration area

From the application root you
may drill down to specific
feature sub tree. example
is shown here for router
configuration sub tree using the
command “router”

RLGE2FE16R # To exit this mode would mean the user to log out

from the system. Use the command logout

RLGE2FE16R(config)# To exit to the Root mode, the commands exit and

end are used.

RLGE2FE16R(config-if)# To exit to the Global Configuration mode, the exit

command is used and to exit to the Root mode,
the end command is used.

[/] To exit to the Global Configuration mode, the exit

command is used

[router/] To exit to the application root use ‘..’ (two dots).

The commands exit and end are not applicable at
this sub tree mode.

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 29

INSTALLATION AND OPERATION MANUAL RLGE2FE16R

Command Line navigation

Minimum Abbreviation

The CLI accepts a minimum number of characters that uniquely identify a command. Therefore,
you can abbreviate commands and parameters as long as they contain enough letters to
differentiate them from any other available commands or parameters on the specific CLI mode.

GREP

The ‘GREP’ and ‘GREP –V’ allows filtering long show outputs.

‘GREP <text>’- filter to output lines which includes the given text.

‘GREP –v <text>’- filter to output lines which do not include the given text.

Example

1. Show running-config vlan without filtering

RLGE2FE16R# show running-config vlan

#Building configuration...

vla n 4091

ports gigabitethernet 0/1-4

!

!

vla n 1

ports fastethernet 0/1-8 gigabitethernet 0/1-4 untagged fastethernet 0/1-8 giga

bitethernet 0/1-2

!

!

vla n 4092

ports gigabitethernet 0/3 fastethernet 0/10-11 untagged fastethernet 0/10-11

!

!

vla n 4093

ports gigabitethernet 0/3

!

!

TECH SUPPORT: 1.888.678.9427

INS_RLGE2FE16R_REV– 10 Aug 2016 PAGE 30