Siemens RUGGEDCOM ROS User Manual

Preface

RUGGEDCOM ROS v4.1

User Guide

Introduction

Using ROS

Device Management

System Administration

Setup and Configuration

Troubleshooting

For RSG2200, M2200

12/2014

RC1119-EN-02

RUGGEDCOM ROS

User Guide

All rights reserved. Dissemination or reproduction of this document, or evaluation and communication of its contents, is not authorized except where expressly permitted. Violations are liable for damages. All rights reserved, particularly for the purposes of patent application or trademark registration.

This document contains proprietary information, which is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced or translated to another language without the prior written consent of Siemens Canada Ltd..

Disclaimer Of Liability

Siemens has verified the contents of this manual against the hardware and/or software described. However, deviations between the product and the documentation may exist.

Siemens shall not be liable for any errors or omissions contained herein or for consequential damages in connection with the furnishing, performance, or use of this material.

The information given in this document is reviewed regularly and any necessary corrections will be included in subsequent editions. We appreciate any suggested improvements. We reserve the right to make technical improvements without notice.

Registered Trademarks

ROX™, Rugged Operating System On Linux™, CrossBow™ and ELAN™ are trademarks of Siemens Canada Ltd. . ROS® is a registered trademark of Siemens Canada Ltd..

Other designations in this manual might be trademarks whose use by third parties for their own purposes would infringe the rights of the owner.

Third Party Copyrights

Siemens recognizes the following third party copyrights:

Security Information

Siemens provides products and solutions with industrial security functions that support the secure operation of plants, machines, equipment and/or networks. They are important components in a holistic industrial security concept. With this in mind, Siemens ’ products and solutions undergo continuous development. Siemens recommends strongly that you regularly check for product updates.

For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept) and integrate each component into a holistic, state-of-the-art industrial security concept. Third-party products that may be in use should also be considered. For more information about industrial security, visit http://www.siemens.com/industrialsecurity.

To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visit http://

support.automation.siemens.com.

Warranty

Refer to the License Agreement for the applicable warranty terms and conditions, if any.

For warranty details, visit www.siemens.com/ruggedcom or contact a Siemens customer service representative.

Contacting Siemens

Address

Siemens Canada Ltd. Industry Sector 300 Applewood Crescent Concord, Ontario Canada, L4K 5C7

Telephone

Toll-free: 1 888 264 0006 Tel: +1 905 856 5288 Fax: +1 905 856 1995

E-mail

ruggedcom.info.i-ia@siemens.com

Web

www.siemens.com/ruggedcom

RUGGEDCOM ROS

User Guide

Table of Contents

Preface ................................................................................................................ xi

Conventions ....................................................................................................................................... xi

Alerts ......................................................................................................................................... xi

CLI Command Syntax ................................................................................................................ xii

Related Documents ............................................................................................................................ xii

System Requirements ........................................................................................................................ xii

Accessing Documentation .................................................................................................................. xiii

Training ............................................................................................................................................ xiii

Customer Support ............................................................................................................................. xiii

Chapter 1

Introduction .......................................................................................................... 1

1.1 Overview ..................................................................................................................................... 1

1.2 Security Recommendations and Considerations ............................................................................. 2

1.2.1 Security Recommendations ................................................................................................ 2

1.2.2 Key Files .......................................................................................................................... 3

1.2.2.1 SSL Certificates ...................................................................................................... 4

1.2.2.2 SSH Key Pairs ....................................................................................................... 6

1.3 Port Numbering Scheme .............................................................................................................. 7

1.4 Available Services by Port ............................................................................................................ 7

1.5 SNMP Management Interface Base (MIB) Support ......................................................................... 9

1.5.1 Supported Standard MIBs .................................................................................................. 9

1.5.2 Supported Proprietary RUGGEDCOM MIBs ...................................................................... 10

1.5.3 Supported Agent Capabilities ........................................................................................... 10

1.6 SNMP Traps .............................................................................................................................. 11

1.7 ModBus Management Support .................................................................................................... 13

1.7.1 ModBus Function Codes .................................................................................................. 13

1.7.2 ModBus Memory Map ...................................................................................................... 14

1.7.3 ModBus Memory Formats ................................................................................................ 19

1.7.3.1 Text ...................................................................................................................... 19

1.7.3.2 Cmd ..................................................................................................................... 20

1.7.3.3 Uint16 .................................................................................................................. 20

1.7.3.4 Uint32 .................................................................................................................. 20

1.7.3.5 PortCmd ............................................................................................................... 20

1.7.3.6 Alarm ................................................................................................................... 21

iii

Table of Contents

RUGGEDCOM ROS

1.7.3.7 PSStatusCmd ....................................................................................................... 21

1.7.3.8 TruthValues .......................................................................................................... 22

1.8 Certificate and Key Requirements ............................................................................................... 23

Chapter 2

Using ROS ......................................................................................................... 25

2.1 Connecting to ROS .................................................................................................................... 25

2.1.1 Connecting Directly .......................................................................................................... 25

2.1.2 Connecting via the Network ............................................................................................. 26

2.2 Logging In ................................................................................................................................. 27

2.3 Logging Out ............................................................................................................................... 28

2.4 Using the Web Interface ............................................................................................................. 28

2.5 Using the Console Interface ........................................................................................................ 30

2.6 Using the Command Line Interface ............................................................................................. 32

2.6.1 Available CLI Commands ................................................................................................. 32

2.6.2 Tracing Events ................................................................................................................ 35

2.6.3 Executing Commands Remotely via RSH .......................................................................... 36

2.6.4 Using SQL Commands .................................................................................................... 36

2.6.4.1 Finding the Correct Table ...................................................................................... 37

2.6.4.2 Retrieving Information ........................................................................................... 37

2.6.4.3 Changing Values in a Table ................................................................................... 39

2.6.4.4 Resetting a Table .................................................................................................. 39

2.6.4.5 Using RSH and SQL ............................................................................................. 39

2.7 Selecting Ports in ROS ............................................................................................................... 40

2.8 Managing the Flash File System ................................................................................................. 40

2.8.1 Viewing a List of Flash Files ............................................................................................ 40

2.8.2 Viewing Flash File Details ................................................................................................ 41

2.8.3 Defragmenting the Flash File System ............................................................................... 42

2.9 Accessing BIST Mode ................................................................................................................ 42

User Guide

Chapter 3

Device Management .......................................................................................... 43

3.1 Viewing Product Information ....................................................................................................... 43

3.2 Viewing CPU Diagnostics ........................................................................................................... 45

3.3 Restoring Factory Defaults .......................................................................................................... 46

3.4 Uploading/Downloading Files ...................................................................................................... 47

3.4.1 Uploading/Downloading Files Using XMODEM .................................................................. 48

3.4.2 Uploading/Downloading Files Using a TFTP Client ............................................................ 48

3.4.3 Uploading/Downloading Files Using a TFTP Server ........................................................... 49

3.4.4 Uploading/Downloading Files Using an SFTP Server ......................................................... 50

3.5 Managing Logs .......................................................................................................................... 50

RUGGEDCOM ROS

User Guide

3.6 Managing Ethernet Ports ............................................................................................................ 56

3.7 Managing IP Interfaces ............................................................................................................... 77

3.8 Managing IP Gateways .............................................................................................................. 81

3.9 Configuring IP Services .............................................................................................................. 84

3.10 Managing Remote Monitoring .................................................................................................... 85

Table of Contents

3.5.1 Viewing Local Logs ......................................................................................................... 51

3.5.2 Clearing Local Logs ......................................................................................................... 51

3.5.3 Configuring the Local System Log .................................................................................... 52

3.5.4 Managing Remote Logging .............................................................................................. 52

3.5.4.1 Configuring the Remote Syslog Client .................................................................... 53

3.5.4.2 Viewing a List of Remote Syslog Servers ............................................................... 53

3.5.4.3 Adding a Remote Syslog Server ............................................................................ 54

3.5.4.4 Deleting a Remote Syslog Server .......................................................................... 55

3.6.1 Controller Protection Through Link Fault Indication (LFI) .................................................... 57

3.6.2 Viewing the Status of Ethernet Ports ................................................................................ 58

3.6.3 Viewing Statistics for All Ethernet Ports ............................................................................ 59

3.6.4 Viewing Statistics for Specific Ethernet Ports ..................................................................... 60

3.6.5 Clearing Statistics for Specific Ethernet Ports .................................................................... 62

3.6.6 Managing SFP Transceivers ............................................................................................ 62

3.6.6.1 Configuring an SFP Port ....................................................................................... 63

3.6.6.2 Monitoring an SFP Port ......................................................................................... 63

3.6.6.3 Displaying Information for an SFP Port ................................................................... 64

3.6.7 Configuring an Ethernet Port ............................................................................................ 65

3.6.8 Configuring Port Rate Limiting .......................................................................................... 68

3.6.9 Configuring Port Mirroring ................................................................................................ 69

3.6.10 Configuring Link Detection ............................................................................................. 70

3.6.11 Detecting Cable Faults ................................................................................................... 72

3.6.11.1 Viewing Cable Diagnostics Results ....................................................................... 72

3.6.11.2 Performing Cable Diagnostics .............................................................................. 74

3.6.11.3 Clearing Cable Diagnostics .................................................................................. 75

3.6.11.4 Determining the Estimated Distance To Fault (DTF) ............................................... 76

3.6.12 Resetting Ethernet Ports ................................................................................................ 76

3.7.1 Viewing a List of IP Interfaces .......................................................................................... 77

3.7.2 Adding an IP Interface ..................................................................................................... 78

3.7.3 Deleting an IP Interface ................................................................................................... 80

3.8.1 Viewing a List of IP Gateways .......................................................................................... 81

3.8.2 Adding an IP Gateway ..................................................................................................... 82

3.8.3 Deleting an IP Gateway ................................................................................................... 83

3.10.1 Managing RMON History Controls .................................................................................. 86

3.10.1.1 Viewing a List of RMON History Controls .............................................................. 86

Table of Contents

RUGGEDCOM ROS

3.10.1.2 Adding an RMON History Control ......................................................................... 86

3.10.1.3 Deleting an RMON History Control ....................................................................... 88

3.10.2 Managing RMON Alarms ............................................................................................... 89

3.10.2.1 Viewing a List of RMON Alarms ........................................................................... 90

3.10.2.2 Adding an RMON Alarm ...................................................................................... 91

3.10.2.3 Deleting an RMON Alarm .................................................................................... 93

3.10.3 Managing RMON Events ................................................................................................ 94

3.10.3.1 Viewing a List of RMON Events ........................................................................... 95

3.10.3.2 Adding an RMON Event ...................................................................................... 95

3.10.3.3 Deleting an RMON Event .................................................................................... 97

3.11 Upgrading/Downgrading Firmware ............................................................................................. 97

3.11.1 Upgrading Firmware ....................................................................................................... 98

3.11.2 Downgrading Firmware .................................................................................................. 98

3.12 Resetting the Device ................................................................................................................ 99

3.13 Decommissioning the Device .................................................................................................. 100

Chapter 4

System Administration ...................................................................................... 101

User Guide

4.1 Configuring the System Information ........................................................................................... 101

4.2 Customizing the Login Screen ................................................................................................... 102

4.3 Configuring Passwords ............................................................................................................. 102

4.4 Managing Alarms ..................................................................................................................... 105

4.4.1 Viewing a List of Pre-Configured Alarms ......................................................................... 105

4.4.2 Viewing and Clearing Latched Alarms ............................................................................. 106

4.4.3 Configuring an Alarm ..................................................................................................... 107

4.4.4 Authentication Related Security Alarms ........................................................................... 110

4.4.4.1 Security Alarms for Login Authentication ............................................................... 110

4.4.4.2 Security Messages for Port Authentication ............................................................ 112

4.5 Managing the Configuration File ................................................................................................ 113

4.5.1 Configuring Data Encryption ........................................................................................... 113

4.5.2 Updating the Configuration File ...................................................................................... 114

4.6 Managing an Authentication Server ........................................................................................... 115

4.6.1 Managing RADIUS Authentication ................................................................................... 115

4.6.1.1 Configuring the RADIUS Server ........................................................................... 116

4.6.1.2 Configuring the RADIUS Client ............................................................................ 116

4.6.2 Managing TACACS+ Authentication ................................................................................ 118

4.6.2.1 Configuring TACACS+ ......................................................................................... 118

4.6.2.2 Configuring User Priviliges ................................................................................... 119

RUGGEDCOM ROS

User Guide

Chapter 5

Table of Contents

Setup and Configuration .................................................................................. 121

5.1 Configuring the DHCP Relay Agent ........................................................................................... 121

5.2 Managing Virtual LANs ............................................................................................................. 122

5.2.1 VLAN Concepts ............................................................................................................. 123

5.2.1.1 Tagged vs. Untagged Frames .............................................................................. 123

5.2.1.2 Native VLAN ....................................................................................................... 123

5.2.1.3 The Management VLAN ...................................................................................... 124

5.2.1.4 Edge and Trunk Port Types ................................................................................. 124

5.2.1.5 Ingress and Egress Rules ................................................................................... 124

5.2.1.6 Forbidden Ports List ............................................................................................ 125

5.2.1.7 VLAN-Aware and VLAN-Unaware Modes ............................................................. 125

5.2.1.8 GARP VLAN Registration Protocol (GVRP) .......................................................... 126

5.2.1.9 PVLAN Edge ...................................................................................................... 127

5.2.1.10 QinQ ................................................................................................................ 127

5.2.1.11 VLAN Advantages ............................................................................................. 128

5.2.2 Viewing a List of VLANs ................................................................................................ 130

5.2.3 Configuring VLANs Globally ........................................................................................... 130

5.2.4 Configuring VLANs for Specific Ethernet Ports ................................................................. 131

5.2.5 Managing Static VLANs ................................................................................................. 133

5.2.5.1 Viewing a List of Static VLANs ............................................................................ 134

5.2.5.2 Adding a Static VLAN ......................................................................................... 134

5.2.5.3 Deleting a Static VLAN ........................................................................................ 136

5.3 Managing Spanning Tree Protocol ............................................................................................. 137

5.3.1 RSTP Operation ............................................................................................................ 137

5.3.1.1 RSTP States and Roles ...................................................................................... 138

5.3.1.2 Edge Ports ......................................................................................................... 139

5.3.1.3 Point-to-Point and Multipoint Links ....................................................................... 140

5.3.1.4 Path and Port Costs ............................................................................................ 140

5.3.1.5 Bridge Diameter .................................................................................................. 141

5.3.1.6 eRSTP ............................................................................................................... 141

5.3.1.7 Fast Root Failover .............................................................................................. 142

5.3.2 RSTP Applications ......................................................................................................... 142

5.3.2.1 RSTP in Structured Wiring Configurations ............................................................ 143

5.3.2.2 RSTP in Ring Backbone Configurations ............................................................... 144

5.3.2.3 RSTP Port Redundancy ...................................................................................... 146

5.3.3 MSTP Operation ............................................................................................................ 146

5.3.3.1 MSTP Regions and Interoperability ...................................................................... 147

5.3.3.2 MSTP Bridge and Port Roles ............................................................................... 148

5.3.3.3 Benefits of MSTP ................................................................................................ 149

vii

Table of Contents

5.4 Managing Classes of Service .................................................................................................... 167

5.5 Managing MAC Addresses ........................................................................................................ 172

5.6 Managing Time Services ........................................................................................................... 179

5.7 Managing SNMP ...................................................................................................................... 182

RUGGEDCOM ROS

User Guide

5.3.3.4 Implementing MSTP on a Bridged Network ........................................................... 150

5.3.4 Configuring STP Globally ............................................................................................... 150

5.3.5 Configuring STP for Specific Ethernet Ports .................................................................... 152

5.3.6 Configuring eRSTP ........................................................................................................ 154

5.3.7 Viewing Global Statistics for STP .................................................................................... 156

5.3.8 Viewing STP Statistics for Ethernet Ports ........................................................................ 158

5.3.9 Managing Multiple Spanning Tree Instances .................................................................... 159

5.3.9.1 Viewing Statistics for Global MSTIs ...................................................................... 160

5.3.9.2 Viewing Statistics for Port MSTIs ......................................................................... 161

5.3.9.3 Configuring the MST Region Identifier .................................................................. 162

5.3.9.4 Configuring a Global MSTI .................................................................................. 163

5.3.9.5 Configuring an MSTI for an Ethernet Port ............................................................. 164

5.3.10 Clearing Spanning Tree Protocol Statistics .................................................................... 166

5.4.1 Configuring Classes of Service Globally .......................................................................... 168

5.4.2 Configuring Classes of Service for Specific Ethernet Ports ................................................ 168

5.4.3 Configuring Priority to CoS Mapping ............................................................................... 170

5.4.4 Configuring DSCP to CoS Mapping ................................................................................ 171

5.5.1 Viewing a List of MAC Addresses ................................................................................... 172

5.5.2 Configuring MAC Address Learning Options .................................................................... 173

5.5.3 Configuring MAC Address Flooding Options .................................................................... 174

5.5.4 Managing Static MAC Addresses .................................................................................... 176

5.5.4.1 Viewing a List of Static MAC Addresses ............................................................... 176

5.5.4.2 Adding a Static MAC Address .............................................................................. 176

5.5.4.3 Deleting a Static MAC Address ............................................................................ 178

5.5.5 Purging All Dynamic MAC Addresses ............................................................................. 179

5.6.1 Configuring the Time and Date ....................................................................................... 180

5.6.2 Configuring NTP ............................................................................................................ 181

5.7.1 Managing SNMP Users .................................................................................................. 183

5.7.1.1 Viewing a List of SNMP Users ............................................................................. 183

5.7.1.2 Adding an SNMP User ........................................................................................ 184

5.7.1.3 Deleting an SNMP User ...................................................................................... 186

5.7.2 Managing Security-to-Group Mapping ............................................................................. 187

5.7.2.1 Viewing a List of Security-to-Group Maps ............................................................. 188

5.7.2.2 Adding a Security-to-Group Map .......................................................................... 188

5.7.2.3 Deleting a Security-to-Group Map ........................................................................ 189

5.7.3 Managing SNMP Groups ............................................................................................... 190

viii

RUGGEDCOM ROS

User Guide

5.8 Managing Network Discovery .................................................................................................... 193

5.9 Managing Multicast Filtering ...................................................................................................... 202

5.10 Managing Port Security ........................................................................................................... 215

5.11 Managing Link Aggregation ..................................................................................................... 223

Table of Contents

5.7.3.1 Viewing a List of SNMP Groups ........................................................................... 191

5.7.3.2 Adding an SNMP Group ...................................................................................... 191

5.7.3.3 Deleting an SNMP Group .................................................................................... 193

5.8.1 Network Discovery Concepts .......................................................................................... 194

5.8.1.1 Link Layer Discovery Protocol (LLDP) .................................................................. 194

5.8.1.2 RUGGEDCOM Discovery Protocol (RCDP) .......................................................... 194

5.8.2 Configuring LLDP Globally ............................................................................................. 195

5.8.3 Configuring LLDP for an Ethernet Port ............................................................................ 197

5.8.4 Enabling/Disabling RCDP ............................................................................................... 198

5.8.5 Viewing Global Statistics and Advertised System Information ............................................ 199

5.8.6 Viewing Statistics for LLDP Neighbors ............................................................................ 200

5.8.7 Viewing Statistics for LLDP Ports .................................................................................... 201

5.9.1 Multicast Filtering Concepts ............................................................................................ 202

5.9.1.1 IGMP ................................................................................................................. 202

5.9.1.2 GMRP (GARP Multicast Registration Protocol) ...................................................... 206

5.9.2 Viewing a List of IP Multicast Groups .............................................................................. 208

5.9.3 Viewing a Summary of Multicast Groups ......................................................................... 209

5.9.4 Configuring IGMP .......................................................................................................... 209

5.9.5 Configuring GMRP Globally ............................................................................................ 211

5.9.6 Configuring GMRP for Specific Ethernet Ports ................................................................. 211

5.9.7 Managing Static Multicast Groups ................................................................................... 213

5.9.7.1 Viewing a List of Static Multicast Groups .............................................................. 213

5.9.7.2 Adding a Static Multicast Group ........................................................................... 213

5.9.7.3 Deleting a Static Multicast Group ......................................................................... 215

5.10.1 Port Security Concepts ................................................................................................. 216

5.10.1.1 Static MAC Address-Based Authentication .......................................................... 216

5.10.1.2 IEEE 802.1x Authentication ............................................................................... 216

5.10.1.3 IEEE 802.1X Authentication with MAC Address-Based Authentication ................... 217

5.10.1.4 Assigning VLANS with Tunnel Attributes ............................................................. 218

5.10.2 Viewing a List of Authorized MAC Addresses ................................................................ 218

5.10.3 Configuring Port Security .............................................................................................. 219

5.10.4 Configuring IEEE 802.1X .............................................................................................. 221

5.11.1 Link Aggregation Concepts ........................................................................................... 224

5.11.1.1 Rules and Limitations ........................................................................................ 224

5.11.1.2 Link Aggregation and Layer 2 Features .............................................................. 225

5.11.1.3 Link Aggregation and Physical Layer Features .................................................... 225

Table of Contents

RUGGEDCOM ROS

5.11.2 Managing Port Trunks .................................................................................................. 225

5.11.2.1 Viewing a List of Port Trunks ............................................................................. 226

5.11.2.2 Adding a Port Trunk .......................................................................................... 226

5.11.2.3 Deleting a Port Trunk ........................................................................................ 228

Chapter 6

Troubleshooting ................................................................................................ 229

6.1 General .................................................................................................................................... 229

6.2 Ethernet Ports .......................................................................................................................... 230

6.3 Spanning Tree ......................................................................................................................... 230

6.4 VLANs ..................................................................................................................................... 231

User Guide

RUGGEDCOM ROS

User Guide

Preface

This guide describes v4.1 of ROS (Rugged Operating System) running on the RUGGEDCOM RSG2200. It contains instructions and guidelines on how to use the software, as well as some general theory.

It is intended for use by network technical support personnel who are familiar with the operation of networks. It is also recommended for us by network and system planners, system programmers, and line technicians.

IMPORTANT!

Some of the parameters and options described may not be available depending on variations in the device hardware. While every attempt is made to accurately describe the specific parameters and options available, this Guide should be used as a companion to the Help text included in the software.

Conventions

This User Guide uses the following conventions to present information clearly and effectively.

Preface

Alerts

The following types of alerts are used when necessary to highlight important information.

DANGER!

DANGER alerts describe imminently hazardous situations that, if not avoided, will result in death or serious injury.

WARNING!

WARNING alerts describe hazardous situations that, if not avoided, may result in serious injury and/or equipment damage.

CAUTION!

CAUTION alerts describe hazardous situations that, if not avoided, may result in equipment damage.

IMPORTANT!

IMPORTANT alerts provide important information that should be known before performing a procedure or step, or using a feature.

NOTE

NOTE alerts provide additional information, such as facts, tips and details.

Conventions xi

Preface

CLI Command Syntax

The syntax of commands used in a Command Line Interface (CLI) is described according to the following conventions:

Example Description

RUGGEDCOM ROS

User Guide

command

command parameter

command parameter1 parameter2

command [parameter1 | parameter2]

command {parameter3 | parameter4}

command parameter1 parameter2 {parameter3 |

parameter4}

System Requirements

Each workstation used to connect to the ROS interface must meet the following system requirements:

• Must have one of the following Web browsers installed:

▪ Microsoft Internet Explorer 8.0 or higher

▪ Mozilla Firefox

▪ Google Chrome

▪ Iceweasel/IceCat (Linux Only)

• Must have a working Ethernet interface compatible with at least one of the port types on the RUGGEDCOM device

• The ability to configure an IP address and netmask on the computer’s Ethernet interface

xii CLI Command Syntax

RUGGEDCOM ROS

User Guide

Accessing Documentation

The latest Hardware Installation Guides and Software User Guides for most RUGGEDCOM products are available online at www.siemens.com/ruggedcom.

For any questions about the documentation or for assistance finding a specific document, contact a Siemens sales representative.

Training

Siemens offers a wide range of educational services ranging from in-house training of standard courses on networking, Ethernet switches and routers, to on-site customized courses tailored to the customer's needs, experience and application.

Siemens' Educational Services team thrives on providing our customers with the essential practical skills to make sure users have the right knowledge and expertise to understand the various technologies associated with critical communications network infrastructure technologies.

Siemens' unique mix of IT/Telecommunications expertise combined with domain knowledge in the utility, transportation and industrial markets, allows Siemens to provide training specific to the customer's application.

For more information about training services and course availability, visit www.siemens.com/ruggedcom or contact a Siemens sales representative.

Preface

Customer Support

Customer support is available 24 hours, 7 days a week for all Siemens customers. For technical support or general information, contact Siemens Customer Support through any of the following methods:

• Online

Visit http://www.siemens.com/automation/support-request to submit a Support Request (SR) or check on the status of an existing SR.

• Telephone

Call a local hotline center to submit a Support Request (SR). To locate a local hotline center, visit http://

www.automation.siemens.com/mcms/aspa-db/en/automation-technology/Pages/default.aspx.

• Mobile App

Install the Industry Online Support app by Siemens AG on any Android, Apple iOS or Windows mobile device and be able to:

▪ Access Siemens' extensive library of support documentation, including FAQs, manuals, and much more

▪ Submit SRs or check on the status of an existing SR

▪ Find and contact a local contact person

▪ Ask questions or share knowledge with fellow Siemens customers and the support community

▪ And much more...

Accessing Documentation xiii

RUGGEDCOM ROS

User Guide

Preface

Customer Support xiv

RUGGEDCOM ROS

User Guide

Introduction

This chapter provides a basic overview of the ROS software. It describes the following topics:

• Section 1.1, “Overview”

• Section 1.2, “Security Recommendations and Considerations”

• Section 1.3, “Port Numbering Scheme”

• Section 1.4, “Available Services by Port”

• Section 1.5, “SNMP Management Interface Base (MIB) Support”

• Section 1.6, “SNMP Traps”

• Section 1.7, “ModBus Management Support”

• Section 1.8, “Certificate and Key Requirements”

Chapter 1

Introduction

Section 1.1

Overview

Welcome to the ROS Software User Guide for the RSG2200. This Guide describes the wide array of carrier grade features made available by ROS (Rugged Operating System). These features include:

IMPORTANT!

The RSG2200/M2200 is not intended for use or resale as online control equipment in hazardous, highrisk environments that require fail-safe performance, such as nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life support machines or weapons systems, in which the failure of the software could result in death, personal injury, or severe physical or environmental damage.

Rugged Operating System (ROS) Features

• Simple plug and play operation - automatic learning, negotiation and crossover detection

• MSTP 802.1Q-2005 (formerly 802.1s)

• RSTP (802.1w) and Enhanced Rapid Spanning Tree (eRSTP™) network fault recovery (<5ms)

• Quality of Service (802.1p) for real-time traffic

• VLAN (802.1Q) with double tagging and GVRP support

• Link aggregation (802.3ad)

• IGMP Snooping for multicast filtering

• Port rate limiting and broadcast storm limiting

• Port configuration, status, statistics, mirroring, security

• SNTP time synchronization (client and server)

Cyber Security Features

• Muti-level user passwords

• SSH/SSL (128-bit encryption)

• Enable/disable ports, MAC based port security

• Port-based network access control (802.1X)

• VLAN (802.1Q) to segregate and secure network traffic

• RADIUS centralized password management

• SNMPv3 authentication and 56-bit encryption

Management Features

• Web-based, Telnet, CLI management interfaces

• SNMP v1/v2/v3 (56-bit encryption)

• Remote Monitoring (RMON)

• Rich set of diagnostics with logging and alarms

Overview 1

Chapter 1

Introduction

• Industrial automation features (eg. Modbus)

Section 1.2

RUGGEDCOM ROS

User Guide

Security Recommendations and Considerations

The following describes important security-related recommendations and suggestions that should be considered before implementing the RSG2200 on any network:

• Section 1.2.1, “Security Recommendations”

• Section 1.2.2, “Key Files”

Section 1.2.1

Security Recommendations

To prevent unauthorized access to the device, note the following security recommendations:

• Do not connect the device to the Internet. Deploy the device only within a secure network perimeter.

• Replace the default passwords for all user accounts and processes (where applicable) before the device is deployed.

• Use strong passwords. Avoid weak passwords such as password1, 123456789, abcdefgh, etc. For more information about creating strong passwords, refer to the password requirements in Section 4.3, “Configuring

Passwords”.

• Make sure passwords are protected and not shared with unauthorized personnel.

• Passwords should not be re-used across different usernames and systems, or after they expire.

• When RADIUS authentication is done remotely, make sure all communications are within the security perimeter or on a secure channel.

• SSL and SSH keys are accessible to users who connect to the device via the serial console. Make sure to take appropriate precautions when shipping the device beyond the boundaries of the trusted environment:

▪ Replace the SSH and SSL keys with throwaway keys prior to shipping.

▪ Take the existing SSH and SSL keys out of service. When the device returns, create and program new keys

for the device.

• Restrict physical access to the device to only trusted personnel. A person with malicious intent could extract critical information, such as certificates, keys, etc. (user passwords are protected by hash codes), or reprogram the device.

• Control access to the serial console to the same degree as any physical access to the device. Access to the serial console allows for potential access to the ROS boot loader, which includes tools that may be used to gain complete access to the device.

• Only enable services that will be used on the device, including physical ports. Unused physical ports could potentially be used to gain access to the network behind the device.

• If SNMP is enabled, limit the number of IP addresses that can connect to the device and change the community names. Also configure SNMP to raise a trap upon authentication failures. For more information, refer to Section 5.7, “Managing SNMP”.

• Avoid using insecure services such as Telnet and TFTP, or disable them completely if possible. These services are available for historical reasons and are disabled by default.

2 Security Recommendations and Considerations

RUGGEDCOM ROS

User Guide

• Limit the number of simultaneous Web Server, Telnet and SSH sessions allowed.

• Configure remote system logging to forward all logs to a central location. For more information, refer to

Section 3.5, “Managing Logs”.

• Configuration files are provided in the CSV (comma separated values) format for ease of use. Make sure configuration files are properly protected when they exist outside of the device. For instance, encrypt the files, store them in a secure place, and do not transfer them via insecure communication channels.

• Management of the configuration file, certificates and keys is the responsibility of the device owner. Before returning the device to Siemens for repair, make sure encryption is disabled (to create a cleartext version of the configuration file) and replace the current certificates and keys with temporary throwaway certificates and keys that can be destroyed upon the device's return.

• Be aware of any non-secure protocols enabled on the device. While some protocols, such as HTTPS and SSH, are secure, others, such as Telnet and RSH, were not designed for this purpose. Appropriate safeguards against non-secure protocols should be taken to prevent unauthorized access to the device/network.

• Configure port security features on access ports to prevent a third-party from launching various attacks that can harm the network or device. For more information, refer to Section 5.10, “Managing Port Security”.

• Periodically audit the device to make sure it complies with these recommendations and/or any internal security policies.

Chapter 1

Introduction

Section 1.2.2

Key Files

ROS uses security keys to establish secure remote logins (SSH) and Web access (SSL).

It is strongly recommended that a unique SSL certificate and SSH keys be created and provisioned. New ROS based units from Siemens will be shipped with a unique certificate and keys preconfigured in the ssl.crt and ssh.keys flash files.

The default and auto-generated SSL certificates are self-signed. It is recommended to use an SSL certificate that is either signed by a trusted third-party Certificate Authority (CA) or by an organization's own CA. This technique is described in the Siemens application note: Creating/Uploading SSH Keys and SSL Certificates to ROS Using Windows, available from www.siemens.com/ruggedcom.

The sequence of events related to Key Management during an upgrade to ROS v4.1 or later is as follows:

NOTE

The auto-generation of SSH keys is not available for Non-Controlled (NC) versions of ROS.

• On first boot, ROS will start the SSH and SSL services using the default keys.

• Immediately after boot, ROS will start to generate a unique SSL certificate and SSH key pair, and save each one to its corresponding flash file. This process may take several minutes to complete. As each one is created, the corresponding service is immediately restarted with the new keys.

• At any time during the key generation process, custom keys can be uploaded. The custom keys will take precedence over both the default and auto-generated keys.

• On subsequent boot, if there is a valid ssl.crt file, the default certificate will not be used for SSL. If there is a valid ssh.keys file, the default SSH key will not be used.

• At any time, new keys may be uploaded or generated by ROS using the sslkeygen or sshkeygen CLI commands.

The following sections describe SSL certificates and SSH key pairs in more detail:

Key Files 3

Chapter 1

Introduction

RUGGEDCOM ROS

• Section 1.2.2.1, “SSL Certificates”

• Section 1.2.2.2, “SSH Key Pairs”

Section 1.2.2.1

SSL Certificates

ROS supports SSL certificates that conform to the following specifications:

• X.509 v3 digital certificate format

• PEM format

• RSA key pair, 512 to 2048 bits

The RSA key pair used in the default certificate and in those generated by ROS uses a public key of 1024 bits in length.

NOTE

RSA keys smaller than 1024 bits in length are not recommended. Support is only included here for compatibility with legacy equipment.

User Guide

NOTE

The default certificate and keys are common to all ROS versions without a certificate or key files. That is why it is important to either allow the key auto-generation to complete or to provision custom keys. In this way, one has at least unique, and at best, traceable and verifiable keys installed when establishing secure communication with the unit.

NOTE

RSA key generation times increase depending on the key length. 1024 bit RSA keys may take several minutes to generate, whereas 2048 bit keys may take significantly longer. A typical modern PC system, however, can generate these keys in seconds.

The following (bash) shell script fragment uses the openssl command line utility to generate a self-signed X.509 v3 SSL certificate with a 1024 bit RSA key suitable for use in ROS . Note that two standard PEM files are required: the SSL certificate and the RSA private key file. These are concatenated into the resulting ssl.crt file, which may then be uploaded to ROS:

# RSA key size: BITS=1024 # 20 years validity: DAYS=7305

# Values that will be stored in the Distinguished Name fields:

COUNTRY_NAME=CA # Two-letter country code STATE_OR_PROVINCE_NAME=Ontario # State or Province LOCALITY_NAME=Concord # City ORGANIZATION=Ruggedcom.com # Your organization's name ORGANIZATION_CA=${ORGANIZATION}_CA # Your Certificate Authority COMMON_NAME=RC # The DNS or IP address of the ROS unit ORGANIZATIONAL_UNIT=ROS # Organizational unit name

# Variables used in the construction of the certificate REQ_SUBJ="/C=${COUNTRY_NAME}/ST=${STATE_OR_PROVINCE_NAME}/L=${LOCALITY_NAME}/O=${ORGANIZATION}/OU= ${ORGANIZATIONAL_UNIT}/CN=${COMMON_NAME}/" REQ_SUBJ_CA="/C=${COUNTRY_NAME}/ST=${STATE_OR_PROVINCE_NAME}/L=${LOCALITY_NAME}/O=${ORGANIZATION_CA}/ OU=${ORGANIZATIONAL_UNIT}/"

4 SSL Certificates

RUGGEDCOM ROS

User Guide

######################################################################## # Make the self-signed SSL certificate and RSA key pair:

openssl req -x509 -newkey rsa:${BITS} -nodes \

-days ${DAYS} -subj ${REQ_SUBJ} \

-keyout ros_ssl.key \

-out ros_ssl.crt

# Concatenate Cert and Key into a single file suitable for upload to ROS: # Note that cert must precede the RSA key: cat ros_ssl.crt ros_ssl.key > ssl.crt

For information on creating SSL certificates for use with ROS in a Microsoft Windows environment, refer to the following Siemens application note: Creating/Uploading SSH Keys and SSL Certificates to ROS Using Windows.

The following is an example of a self-signed SSL certificate generated by ROS:

Certificate: Data: Version: 3 (0x2) Serial Number: ca:01:2d:c0:bf:f9:fd:f2 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CA, ST=Ontario, L=Concord, O=RuggedCom.com, OU=RC, CN=ROS Validity Not Before: Dec 6 00:00:00 2012 GMT Not After : Dec 7 00:00:00 2037 GMT Subject: C=CA, ST=Ontario, L=Concord, O=RuggedCom.com, OU=RC, CN=ROS Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:83:e8:1f:02:6b:cd:34:1f:01:6d:3e:b6:d3:45: b0:18:0a:17:ae:3d:b0:e9:c6:f2:0c:af:b1:3e:e7: fd:f2:0e:75:8d:6a:49:ce:47:1d:70:e1:6b:1b:e2: fa:5a:1b:10:ea:cc:51:41:aa:4e:85:7c:01:ea:c3: 1e:9e:98:2a:a9:62:48:d5:27:1e:d3:18:cc:27:7e: a0:94:29:db:02:5a:e4:03:51:16:03:3a:be:57:7d: 3b:d1:75:47:84:af:b9:81:43:ab:90:fd:6d:08:d3: e8:5b:80:c5:ca:29:d8:45:58:5f:e4:a3:ed:9f:67: 44:0f:1a:41:c9:d7:62:7f:3f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: EC:F3:09:E8:78:92:D6:41:5F:79:4D:4B:7A:73:AD:FD:8D:12:77:88 X509v3 Authority Key Identifier: keyid:EC:F3:09:E8:78:92:D6:41:5F:79:4D:4B:7A:73:AD:FD:8D:12:77:88 DirName:/C=CA/ST=Ontario/L=Concord/O=RuggedCom.com/OU=RC/CN=ROS serial:CA:01:2D:C0:BF:F9:FD:F2 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 64:cf:68:6e:9f:19:63:0e:70:49:a6:b2:fd:09:15:6f:96:1d: 4a:7a:52:c3:46:51:06:83:7f:02:8e:42:b2:dd:21:d2:e9:07: 5c:c4:4c:ca:c5:a9:10:49:ba:d4:28:fd:fc:9d:a9:0b:3f:a7: 84:81:37:ca:57:aa:0c:18:3f:c1:b2:45:2a:ed:ad:dd:7f:ad: 00:04:76:1c:f8:d9:c9:5c:67:9e:dd:0e:4f:e5:e3:21:8b:0b: 37:39:8b:01:aa:ca:30:0c:f1:1e:55:7c:9c:1b:43:ae:4f:cd: e4:69:78:25:5a:a5:f8:98:49:33:39:e3:15:79:44:37:52:da: 28:dd

Chapter 1

Introduction

SSL Certificates 5

Chapter 1

RUGGEDCOM ROS

Introduction

Section 1.2.2.2

SSH Key Pairs

Controlled versions of ROS support SSH public/private key pairs that conform to the following specifications:

• PEM format

• DSA key pair, 512 to 2048 bits in length

The DSA key pair used in the default key pair and in those generated by ROS uses a public key of 1024 bits in length.

NOTE

DSA keys smaller than 1024 bits in length are not recommended, and support is only included here for compatibility with legacy equipment.

NOTE

DSA key generation times increase depending on the key length. 1024 bit RSA keys may take several minutes to generate, whereas 2048 bit keys may take significantly longer. A typical modern PC system, however, can generate these keys in seconds.

The following (bash) shell script fragment uses the ssh-keygen command line utility to generate a 1024 bit DSA key suitable for use in ROS . The resulting ssh.keys file, which may then be uploaded to ROS:

User Guide

# DSA key size: BITS=1024

# Make an SSH key pair: ssh-keygen -t dsa -b 1024 -N '' -f ssh.keys

The following is an example of an SSH key generated by ROS:

Private-Key: (1024 bit) priv: 00:b2:d3:9d:fa:56:99:a5:7a:ba:1e:91:c5:e1:35: 77:85:e8:c5:28:36 pub: 6f:f3:9e:af:e6:d6:fd:51:51:b9:fa:d5:f9:0a:b7: ef:fc:d7:7c:14:59:52:48:52:a6:55:65:b7:cb:38: 2e:84:76:a3:83:62:d0:83:c5:14:b2:6d:7f:cc:f4: b0:61:0d:12:6d:0f:5a:38:02:67:a4:b7:36:1d:49: 0a:d2:58:e2:ff:4a:0a:54:8e:f2:f4:c3:1c:e0:1f: 9b:1a:ee:16:e0:e9:eb:c8:fe:e8:16:99:e9:61:81: ed:e4:f2:58:fb:3b:cb:c3:f5:9a:fa:ed:cd:39:51: 47:90:5d:6d:1b:27:d5:04:c5:de:57:7e:a7:a3:03: e8:fb:0a:d5:32:89:40:12 P: 00:f4:81:c1:9b:5f:1f:eb:ac:43:2e:db:dd:77:51: 6e:1c:62:8d:4e:95:c6:e7:b9:4c:fb:39:9c:9d:da: 60:4b:0f:1f:c6:61:b0:fc:5f:94:e7:45:c3:2b:68: 9d:11:ba:e1:8a:f9:c8:6a:40:95:b9:93:7c:d0:99: 96:bf:05:2e:aa:f5:4e:f0:63:02:00:c7:c2:52:c7: 1a:70:7c:f7:e5:fe:dd:3d:57:02:86:ae:d4:89:20: ca:4b:46:80:ea:de:a1:30:11:5c:91:e2:40:d4:a3: 82:c5:40:3b:25:8e:d8:b2:85:cc:f5:9f:a9:1d:ea: 0a:ac:77:95:ee:d6:f7:61:e3 Q: 00:d5:db:48:18:bd:ec:69:99:eb:ff:5f:e1:40:af: 20:80:6d:5c:b1:23 G: 01:f9:a1:91:c0:82:12:74:49:8a:d5:13:88:21:3e: 32:ea:f1:74:55:2b:de:61:6c:fd:dd:f5:e1:c5:03: 68:b4:ad:40:48:58:62:6c:79:75:b1:5d:42:e6:a9:

6 SSH Key Pairs

RUGGEDCOM ROS

User Guide

97:86:37:d8:1e:e5:65:09:28:86:2e:6a:d5:3d:62: 50:06:b8:d3:f9:d4:9c:9c:75:84:5b:db:96:46:13: f0:32:f0:c5:cb:83:01:a8:ae:d1:5a:ac:68:fb:49: f9:b6:8b:d9:d6:0d:a7:de:ad:16:2b:23:ff:8e:f9: 3c:41:16:04:66:cf:e8:64:9e:e6:42:9a:d5:97:60: c2:e8:9e:f4:bc:8f:6f:e0

Section 1.3

Port Numbering Scheme

For quick identification, each port on an RSG2200/M2200 device is assigned a number. All port numbers are silkscreened on the device.

Chapter 1

Introduction

Figure 1: RSG2200/M2200 Port Numbering (Typical)

Use these numbers to configure applicable features on select ports.

Section 1.4

Available Services by Port

The following table lists the services available under ROS. This table includes the following information:

• Services

The service supported by the device.

• Port Number

The port number associated with the service.

• Port Open

The port state, whether it is always open and cannot be closed, or open only, but can be configured.

NOTE

In certain cases, the service might be disabled, but the port can still be open (e.g. TFTP).

• Port Default

• Access Authorized

The default state of the port (i.e. open or closed).

Port Numbering Scheme 7

Chapter 1

Introduction

Denotes whether the ports/services are authenticated during access.

RUGGEDCOM ROS

User Guide

Services Port Number Port Open Port Default

Telnet TCP/23 Open

(configurable)

HTTP TCP/80 Open, redirects

to 443

HTTPS TCP/443 Open Open Yes

RSH TCP/512 Open

(configurable)

TFTP UDP/69 Open

(configurable)

SFTP TCP/22 Open Open Yes Only available

SNMP UDP/161 Open

(configurable)

Closed Yes Only available

Open —

Closed Yes Only available

Closed No Only available

Closed Yes Only available

Access Authorized

Note

through two management interfaces.

SNTP UDP/123 Open - Always

SSH TCP/22 Open Open Yes Only available

ICMP — Open Open No

TACACS+ TCP/49

(configurable)

RADIUS UDP/1812

to send (configurable), opens random port to listen to

Remote Syslog UDP/514

(configurable)

TCP Modbus (Server) TCP/502 Open Open No Only available

TCP Modbus (Switch) TCP/502 Open

might acts as server

Open (configurable)

(configurable)

Open No Only available

through two management interfaces.

Closed Yes

Closed Yes Only available

through two management interfaces.

Closed No Only available

through two management interfaces.

Closed No

8 Available Services by Port

RUGGEDCOM ROS

User Guide

Chapter 1

Introduction

Services Port Number Port Open Port Default

DHCP, DHCP Agent UDP/67 sending

msg if enabled - if received, always come to CPU, dropped if service not configured

RCDP — Open

Open Open No

Closed Yes

(configurable)

Access Authorized

Note

Section 1.5

SNMP Management Interface Base (MIB) Support

ROS supports a variety of standard MIBs, proprietary RUGGEDCOM MIBs and Agent Capabilities MIBs, all for SNMP (Simple Network Management Protocol).

• Section 1.5.1, “Supported Standard MIBs”

• Section 1.5.2, “Supported Proprietary RUGGEDCOM MIBs”

• Section 1.5.3, “Supported Agent Capabilities”

Section 1.5.1

Supported Standard MIBs

ROS supports the following standard MIBs:

Standard MIB Name Title

RFC 2578 SNMPv2-SMI Structure of Management Information Version 2

RFC 2579 SNMPv2-TC Textual Convention s for SMIv2

SNMPv2-CONF Conformance Statements for SMIv2RFC 2580

IANAifType Enumerated Values of the ifType Object Defined ifTable defined in

RFC 1907 SNMPv2-MIB Management Information Base for SNMPv2

RFC 2011 IP-MIB SNMPv2 Mnagement Information Base for Internet Protocol using

RFC 2012 TCP-MIB SNMPv2 Management Information Base for the Transmission

RFC 2013 UDP-MIB Management Information Base for the UDP using SMIv2

RFC 1659 RS-232-MIB Definitions of Managed Objects for RS-232-like Hardware Devices

RFC 2863 IF-MIB The Interface Group MIB

IF-MIB

SMIv2

Control Protocol using SMIv2

RFC 2819 RMON-MIB Remote Network Monitoring (RMON) management Information base

RFC 4188 BRIDGE-MIB Definitions of Managed Objects for Bridges

SNMP Management Interface Base (MIB) Support 9

Chapter 1

Introduction

Standard MIB Name Title

RUGGEDCOM ROS

User Guide

RFC 4318 RSTP-MIB Definitions of Managed Objects for Bridges with Rapid Spanning

RFC 3411 SNMP-FRAMEWORK-MIB An Architecture for Describing Simple Network Management

RFC 3414 SNMP-USER-BASED-SM-MIB User-based Security Model (USM) for Version 3 of the Simple

RFC 3415 SNMP-VIEW-BASED-ACM-MIB View-bsed Access Control Model (VACM) for the Simple

IEEE 802.3ad IEEE8023-LAG-MIB Management Information Base Module for Link Aggregation

IEEE 802.1AB-2005 LLDP-MIB Management Information Base Module for LLDP Configuration,

RFC 4363 Q-BRIDGE-MIB Definitions of Managed Objects for Bridges with Traffic Classes,

Tree Protocol

Protocol (SNMP) Management Framework

Network Management Protocol (SNMPv3)

Management Protocol (SNMP)

Statistics, Local System Data and Remote Systems Data Components

Multicast Filtering, and Virtual LAN Extensions

Section 1.5.2

Supported Proprietary RUGGEDCOM MIBs

ROS supports the following proprietary RUGGEDCOM MIBs:

File Name MIB Name Description

ruggedcom.mib RUGGEDCOM-MIB RUGGEDCOM enterprise SMI

ruggedcomtraps.mib RUGGEDCOM-TRAPS-MIB RUGGEDCOM traps definition

rcsysinfo.mib RUGGEDCOM-SYS-INFO-MIB General system information about

rcDot11.mib RUGGEDCOM-DOT11-MIB Managemet for wireless interface on

rcPoe.mib RUGGEDCOM-POE-MIB Management for PoE ports on

rcSerial.mib RUGGEDCOM-SERIAL-MIB Managemet for seral ports on

rcRstp.mib RUGGEDCOM-STP-MIB Management for RSTP protocol

RUGGEDCOM device

Section 1.5.3

Supported Agent Capabilities

ROS supports the following agent capabilities for the SNMP agent:

NOTE

For information about agent capabilities for SNMPv2, refer to RFC 2580 [http://tools.ietf.org/html/ rfc2580].

10 Supported Proprietary RUGGEDCOM MIBs

RUGGEDCOM ROS

User Guide

File Name MIB Name Supported MIB

rcsnmpv2AC.mib RC-SNMPv2-MIB-AC SNMPv2-MIB

rcudpmibAC.mib RC-UDP-MIB-AC UDP-MIB

rctcpmibAC.mib RC-TCP-MIB-AC TCP-MIB

rcSnmpUserBasedSmMibAC.mib RC-SNMP-USER-BASED-SM-MIB-AC SNMP-USER-BASED-SM-MIB-AC

rcSnmpViewBasedAcmMibAC.mib RC-SNMP-VIEW-BASED-ACM-MIB-AC SNMP-VIEW-BASED-ACM-MIB-AC

rcifmibAC.mib RC-IF-MIB-AC IF-MIB

rcbridgemibAC.mib RC-BRIDGE-MIB-AC BRIDGE-MIB

rcrmonmibAC.mib RC-RMON-MIB-AC RMON-MIB

rcqbridgemibAC.mib RC-Q-BRIDGE-MIB-AC Q-BRIDGE-MIB

rcipmibAC.mib RC-IP-MIB-AC IP-MIB

rclldpmibAC.mib RC-LLDP-MIB-AC LLDP-MIB

rclagmibAC.mib RC-LAG-MIB-AC IEEE8023-LAG-MIB

rcrstpmibAC.mib RC_RSTP-MIB-AC RSTP-MIB

Chapter 1

Introduction

rcrcdot11AC.mib RC-RUGGEDCOM-DOT11-MIB-AC RUGGEDCOM-DOT11- MIB

rcrcpoeAC.mib RC-RUGGEDCOM-POE-MIB-AC RUGGEDCOM-POE-MIB

rcrcrstpmibAC.mib RC-RUGGEDCOM-STP-AC-MIB RUGGEDCOM-STP-MIB

rcrcsysinfomibAC.mib RC-RUGGEDCOM-SYS-INFO-MIB-AC RUGGEDCOM-SYS-INFO-MIB

rcrctrapsmibAC.mib RC-RUGGEDCOM-TRAPS-MIB-AC RUGGEDCOM-TRAPS-MIB

rcrs232mibAC.mib RUGGEDCOM_RS-232-MIB-AC RS-232-MIB

rcserialmibAC.mib RC-RUGGEDCOM-SERIAL-MIB-AC RUGGEDCOM-SERIAL-MIB

Section 1.6

SNMP Traps

The device generates the following standard traps:

Table: Standard Traps

Trap MIB

linkDown

linkUp

IF-MIB

authenticationFailure

coldStart

newRoot

topologyChage

risingAlarm RMON-MIB

SNMPv2-MIB

BRIDGE-MIB

SNMP Traps 11

Chapter 1

Introduction

Trap MIB

fallingAlarm

lldpRemoteTablesChange LLDP-MIB

The device also generates the following proprietary traps:

Table: Proprietary Traps

Trap MIB

RUGGEDCOM ROS

User Guide

genericTrap

powerSupplyTrap

swUpgradeTrap

cfgChangeTrap

weakPasswordTrap

defaultKeysTrap

RUGGEDCOM-TRAPS-MIB

Generic traps carry information about events in their severity and description objects. They are sent at the same time an alarm is generated for the device. The following are examples of RUGGEDCOM generic traps:

NOTE

Information about generic traps can be retrieved using the CLI command alarms. For more information about the alarms command, refer to Section 2.6.1, “Available CLI Commands”.

Table: Generic Traps

Trap Severity

heap error Alert

NTP server failure notification

real time clock failure Error

failed password Warning

MAC address not learned by switch fabric Warning

BootP client: TFTP transfer failure Error

received looped back BPDU Error

received two consecutive confusing BPDUs on port, forcing down Error

GVRP failed to learn – too many VLANs Warning

The device generates the following traps when specific events occur:

Table: Event-Based Traps

Trap MIB Event

rcRstpNewTopology RUGGEDCOM-STP-MIB This trap is generated when the device

12 SNMP Traps

topology becomes stable after a topology change occurs on a switch port.

RUGGEDCOM ROS

User Guide

Section 1.7

ModBus Management Support

Modbus management support in RUGGEDCOM devices provides a simple interface for retrieving basic status information. ModBus support simplifies the job of SCADA (Supervisory Control and Data Acquisition) system integrators by providing familiar protocols for retrieving RUGGEDCOM device information. ModBus provides mostly read-only status information, but there are some writable registers for operator commands.

The ModBus protocol PDU (Protocol Data Unit) format is as follows:

Function Code Data

The following sections describe the support for ModBus management:

• Section 1.7.1, “ModBus Function Codes”

• Section 1.7.2, “ModBus Memory Map”

• Section 1.7.3, “ModBus Memory Formats”

Section 1.7.1

Chapter 1

Introduction

ModBus Function Codes

RUGGEDCOM devices support the following ModBus function codes for device management through ModBus:

NOTE

While RUGGEDCOM devices have a variable number of ports, not all registers and bits apply to all products.

Registers that are not applicable to a particular device return a zero (0) value. For example, registers referring to serial ports are not applicable to RUGGEDCOM switch devices.

Read Input Registers or Read Holding Registers — 0x04 or 0x03

Example PDU Request

Function Code 1 Byte 0x04(0x03)

Starting Address 2 Bytes 0x0000 to 0xFFFF (Hexadecimal)

128 to 65535 (Decimal)

Number of Input Registers 2 Bytes Bytes 0x0001 to 0x007D

Example PDU Response

Function Code 1 Byte 0x04(0x03)

Byte Count 1 Byte 2 x N

Number of Input Registers Na x 2 Bytes

The number of input registers

Write Multiple Registers — 0x10

Example PDU Request

Function Code 1 Byte 0x10

Starting Address 2 Bytes 0x0000 to 0xFFFF

ModBus Management Support 13

Chapter 1

Introduction

Number of Input Registers 2 Bytes Bytes 0x0001 to 0x0079

Byte Count 1 Byte 2 x N

Registers Value Nb x 2 Bytes Value of the register

The number of input registers

Example PDU Response

Function Code 1 Byte 0x10

Starting Address 2 Bytes 0x0000 to 0xFFFF

Number of Registers 2 Bytes 1 to 121 (0x79)

Section 1.7.2

ModBus Memory Map

The following details how ModBus process variable data is mapped.

Product Info

The following data is mapped to the Productinfo table:

RUGGEDCOM ROS

User Guide

Address #Registers Description (Reference Table in UI) R/W Format

0000 16 Product Identification R Text

0010 32 Firmware Identification R Text

0040 1 Number of Ethernet Ports R Uint16

0041 1 Number of Serial Ports R Uint16

0042 1 Number of Alarms R Uint16

0043 1 Power Supply Status R PSStatusCmd

0044 1 FailSafe Relay Status R TruthValue

0045 1 ErrorAlarm Status R TruthValue

Product Write Register

The following data is mapped to various tables:

Address #Registers Description (Reference Table in UI) R/W Format

0080 1 Clear Alarms W Cmd

0081 2 Reset Ethernet Ports W PortCmd

0083 2 Clear Ethernet Statistics W PortCmd

0085 2 Reset Serial Ports W PortCmd

0087 2 Clear Serial Port Statistics W PortCmd

Alarms

The following data is mapped to the alarms table:

14 ModBus Memory Map

RUGGEDCOM ROS

User Guide

Address #Registers Description (Reference Table in UI) R/W Format

0100 64 Alarm 1 R Alarm

0140 64 Alarm 2 R Alarm

0180 64 Alarm 3 R Alarm

01C0 64 Alarm 4 R Alarm

0200 64 Alarm 5 R Alarm

0240 64 Alarm 6 R Alarm

0280 64 Alarm 7 R Alarm

02C0 64 Alarm 8 R Alarm

Ethernet Port Status

The following data is mapped to the ethPortStats table:

Address #Registers Description (Reference Table in UI) R/W Format

03FE 2 Port Link Status R PortCmd

Chapter 1

Introduction

Ethernet Statistics

The following data is mapped to the rmonStats table:

Address #Registers Description (Reference Table in UI) R/W Format

0400 2 Port s1/p1 Statistics - Ethernet In Packets R Uinst32

0402 2 Port s1/p2 Statistics - Ethernet In Packets R Uinst32

0404 2 Port s1/p3 Statistics - Ethernet In Packets R Uinst32

0406 2 Port s1/p4 Statistics - Ethernet In Packets R Uinst32

0408 2 Port s2/p1 Statistics - Ethernet In Packets R Uinst32

040A 2 Port s2/p2 Statistics - Ethernet In Packets R Uinst32

040C 2 Port s2/p3 Statistics - Ethernet In Packets R Uinst32

040E 2 Port s2/p4 Statistics - Ethernet In Packets R Uinst32

0410 2 Port s3/p1 Statistics - Ethernet In Packets R Uinst32

0412 2 Port s3/p2 Statistics - Ethernet In Packets R Uinst32

0414 2 Port s3/p3 Statistics - Ethernet In Packets R Uinst32

0416 2 Port s3/p4 Statistics - Ethernet In Packets R Uinst32

0418 2 Port s4/p1 Statistics - Ethernet In Packets R Uinst32

041A 2 Port s4/p2 Statistics - Ethernet In Packets R Uinst32

041C 2 Port s4/p3 Statistics - Ethernet In Packets R Uinst32

041E 2 Port s4/p4 Statistics - Ethernet In Packets R Uinst32

0420 2 Port s5/p1 Statistics - Ethernet In Packets R Uinst32

0422 2 Port s5/p2 Statistics - Ethernet In Packets R Uinst32

0424 2 Port s5/p3 Statistics - Ethernet In Packets R Uinst32

ModBus Memory Map 15

Chapter 1

Introduction

RUGGEDCOM ROS

User Guide

Address #Registers Description (Reference Table in UI) R/W Format

0426 2 Port s5/p4 Statistics - Ethernet In Packets R Uinst32

0428 2 Port s6/p1 Statistics - Ethernet In Packets R Uinst32

042A 2 Port s6/p2 Statistics - Ethernet In Packets R Uinst32

042C 2 Port s6/p3 Statistics - Ethernet In Packets R Uinst32

042E 2 Port s6/p4 Statistics - Ethernet In Packets R Uinst32

0430 2 Port s7/p1 Statistics - Ethernet In Packets R Uinst32

0432 2 Port s7/p2 Statistics - Ethernet In Packets R Uinst32

0434 2 Port s8/p1 Statistics - Ethernet In Packets R Uinst32

0436 2 Port s8/p2 Statistics - Ethernet In Packets R Uinst32

0440 2 Port s1/p1 Statistics - Ethernet Out Packets R Uinst32

0442 2 Port s1/p2 Statistics - Ethernet Out Packets R Uinst32

0444 2 Port s1/p3 Statistics - Ethernet Out Packets R Uinst32

0446 2 Port s1/p4 Statistics - Ethernet Out Packets R Uinst32

0448 2 Port s2/p1 Statistics - Ethernet Out Packets R Uinst32

044A 2 Port s2/p2 Statistics - Ethernet Out Packets R Uinst32

044C 2 Port s2/p3 Statistics - Ethernet Out Packets R Uinst32

044E 2 Port s2/p4 Statistics - Ethernet Out Packets R Uinst32

0450 2 Port s3/p1 Statistics - Ethernet Out Packets R Uinst32

0452 2 Port s3/p2 Statistics - Ethernet Out Packets R Uinst32

0454 2 Port s3/p3 Statistics - Ethernet Out Packets R Uinst32

0456 2 Port s3/p4 Statistics - Ethernet Out Packets R Uinst32

0458 2 Port s4/p1 Statistics - Ethernet Out Packets R Uinst32

045A 2 Port s4/p2 Statistics - Ethernet Out Packets R Uinst32

045C 2 Port s4/p3 Statistics - Ethernet Out Packets R Uinst32

045E 2 Port s4/p4 Statistics - Ethernet Out Packets R Uinst32

0460 2 Port s5/p1 Statistics - Ethernet Out Packets R Uinst32

0462 2 Port s5/p2 Statistics - Ethernet Out Packets R Uinst32

0464 2 Port s5/p3 Statistics - Ethernet Out Packets R Uinst32

0466 2 Port s5/p4 Statistics - Ethernet Out Packets R Uinst32

0468 2 Port s6/p1 Statistics - Ethernet Out Packets R Uinst32

046A 2 Port s6/p2 Statistics - Ethernet Out Packets R Uinst32

046C 2 Port s6/p3 Statistics - Ethernet Out Packets R Uinst32

046E 2 Port s6/p4 Statistics - Ethernet Out Packets R Uinst32

0470 2 Port s7/p1 Statistics - Ethernet Out Packets R Uinst32

16 ModBus Memory Map

+ 216 hidden pages

Siemens RUGGEDCOM ROS User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Table of Contents

Preface

Conventions

Alerts

CLI Command Syntax

Related Documents

System Requirements

Accessing Documentation

Training

Customer Support

Introduction

Overview

Security Recommendations and Considerations

Security Recommendations

Key Files

SSL Certificates

SSH Key Pairs

Port Numbering Scheme

Available Services by Port

SNMP Management Interface Base (MIB) Support

Supported Standard MIBs

Supported Proprietary RUGGEDCOM MIBs

Supported Agent Capabilities

SNMP Traps

ModBus Management Support

ModBus Function Codes

ModBus Memory Map