The contents of this document are provided ”as is”. Except as required by applicable law, no warranties of any kind, either express or implied, including, but not
limited to, the implied warranties of merchantability and fitness for a particular
purpose, are made in relation to the accuracy and reliability or contents of this
document. Westermo reserves the right to revise this document or withdraw it at
any time without prior notice.
Under no circumstances shall Westermo be responsible for any loss of data or
income or any special, incidental, and consequential or indirect damages howsoever caused. More information about Westermo can be found at the following
Internet address: http://www.westermo.com
Westermo provides an extensive set of network products for robust industrial
data communications, managed as well as unmanaged products. Westermo’s
products are found in diverse set of harsh environment applications, and where
robustness and reliability are vital properties.
This guide describes the extensive functionality of managed Westermo products
running the Westermo OS (WeOS).
1.2Getting Started
Please see www.westermo.com for the latest updated version of this document –
the WeOS Management Guide. There you can also find product User Guides, and
other support information for your product.
The dedicated User Guide of your product includes information on how to get
started with WeOS on your specific product. That is a good place to start if you
wish to do the least possible configuration of your switch (i.e., assign appropriate
IP settings) before putting it into your network infrastructure.
If the User Guide of your specific product lacks a section on how to get started
with WeOS, please visit the chapter 2 (Quick Start) of this document.
Westermo OS (WeOS) is a network operating system delivering an extensive set
of functionality including layer-2 (basic switching, VLAN, IGMP snooping, etc.),
layer-3 (routing, firewall, NAT, etc.), and higher-level services (DHCP, DNS, etc.).
Furthermore, WeOS provides easy management via a Web interface, via the associated WeConfig tool, and via a USB stick. To satisfy even more advanced customer needs, WeOS provides flexible management via a command line interface
(CLI), as well as via SNMP.
WeOS provides two levels of functionality, WeOS Standard and WeOS Extended.
Products running WeOS Standard are outstanding layer-2 switches suitable to
build reliable LAN infrastructures. Products running WeOS Extended extends the
WeOS functionality by adding routing capabilities and a rich set of related higher
level services (NAT, firewall, VPN, etc.).
1.4How to read this document
This guide is structured in the following parts:
Part I: This part gives general information on WeOS, and introduces the main
methods to manage a WeOS unit (WeConfig, Web, CLI and SNMP)1.
The information in Part I applies both to products running WeOS Standard
and WeOS Extended.
– Chapter 1 is this chapter.
– Chapter 2 describes how to get started with your WeOS product.
– Chapters 3 gives an overview of the different ways to manage a WeOS
unit. If you need recommendations of which method to use, please read
chapter 3.
– Chapters 4-5 present the WeOS Web and CLI support. Detailed informa-
tion for Web and CLI Management is provided in the later parts of the
document.
– Chapters 6 is the main source of information for WeOS SNMP support.
1
For information on how to configure a WeOS unit using a USB memory stick, see Chapter 7.
– Chapter 40-41 cover Modbus Gateway and Microlok Gateway support.
1.5Westermo products running WeOS
Below you find the list of Westermo products running WeOS, as well as references
to their respective User Guide:
Falcon: User Guide [41] (FDV-206-1D1S). (”Basis” platform)
Lynx: User Guides [46] (Lynx-L110/210) and [42] (Lynx-L106/206-F2G). (”Basis” platform)
Lynx-DSS: User Guides [43] (L108/208-F2G-S2), [44] (L105/205-S1), and
[45] (L106/206-S2). (”Basis” platform)
RedFox Industrial (RFI): User Guides [48] (”Corazon” platform) and [47] (”Atlas” platform)
RedFox Industrial Rack (RFIR): User Guide [49] (”Corazon” platform)
RedFox Rail (RFR): User Guide [50] (RFR-212-FB (”Corazon” platform), and
RFR-12-FB (”Atlas” platform)).
Wolverine: User Guides [37] (DDW-142), [38] (DDW-142-485), [39] (DDW-
225) and [40] (DDW-226). (”Basis” platform)
Viper: User Guides [51] (Viper-112/212 and Viper-112/212-T3G) and [52]
(Viper-112/212-P8 and Viper-112/212-T3G-P8) (”Basis” platform)
Note
Atlas, Basis and Corazon denote HW platforms used by different products.
Products utilising the same HW platform use the same kind of CPU, and have
the same amount of RAM and flash memory.
The WeOS functionality described in the Management Guide generally applies to
all Westermo products running WeOS of the appropriate software level (Standard
or Extended). However, where functionality assumes the presence of certain
hardware (such as a USB port), those functions are limited to products including
that hardware. The table below provides a summary of hardware differences affecting the availability of certain WeOS functions. For a more definite description
of hardware specifications you are referred to the dedicated User Guide of each
product (see section 1.5).
This section provides a guide to quickly get started with your switch. Only simple
configuration procedures will be covered1. The steps covered concern:
Get familiar with the factory default setting
Configuring an appropriate IP address
2.1Starting the Switch for the First Time
When booting the switch for the first time the switch will use the factory default
setting.
The factory default setting makes the switch operate as a manageable layer-2
switch, where all Ethernet ports belong to the same virtual LAN (VLAN)2.
Manageable: The switch is manageable via any of the Ethernet ports. To
manage the switch via an Ethernet port you need to know the IP address of
the switch (see table 2.1). For switches equipped with a console port, the
switch can as well be managed via that port without knowing the IP address
of the switch.
1
For more advanced settings, we refer to the remaining chapters of this guide as well as the
online help provided via the Web configuration tool and the Command Line Interface (CLI).
2
On Falcon series of switches, all Ethernet ports belong to the default VLAN (VLAN 1), while the
xDSL port belongs to a separate VLAN (VLAN 1006). That is, by factory default Falcon operates as
a router. See chapter 11 for more details.
Single VLAN: By default all ports on the switch will belong to the same VLAN.
Thus, devices connected to different ports of the switch should be able to
communicate with each other right away. For more advanced setups, the
ports of the switch can be grouped into different VLANs. In the factory default setting all ports belong to VLAN 1.
The default IP setting for the switch is as shown in table 2.1.
AddressNetmaskGateway
Primary IP addressDynamic (DHCP)(Dynamic)(Dynamic)
Secondary IP address192.168.2.200255.255.255.0Disabled
Table 2.1: Factory Default IP settings.
Thus, when you power up your WeOS unit with the factory configuration, you can
connect to it via two addresses:
The static IP address 192.168.2.200: This address is simplest to use if you
are setting up a single unit.
A dynamic address assigned by a DHCP server3(if present): This address
may be simplest to use if you want to connect and configure multiple new
WeOS units simultaneously.
Note
Before you put your switch into your production network you should change
its IP setting according to your network topology. How you change your IP
setting is described in the next section.
2.2Modifying the IP Setting
The switch can be configured with a static IP setting, or it can get its IP address
dynamically via DHCP. The latter case is useful if you are running a DHCP server
on the same LAN as the switch will be located.
WeOS provides several management tools, which will be presented further in
later chapters of this guide. In this chapter we limit the scope to describe how
these tools can be used to update the IP settings of the switch.
3
In addition, the unit will autoconfigure itself with a link-local address in the 169.254.x.x range,
where ’x’ is in interval 0-255. See section 19.2.6 for more information.
WeConfig: is Westermo’s Network configuration management tool (NCM)
made for commissioning and maintenance of components in a network.It
replaces the former Westermo tool known as IPConfig. For further information on WeConfig’s features and how to use the tool, see the WeConfig User
Guide[54].
Web: Configuration of IP settings via the Web interface is described in sec-
tion 2.2.1.
CLI: Configuration of IP settings via the Command Line Interface (CLI) is
described in section 2.2.2.
Hint
If you are not sure what IP address your switch has, use the WeConfig tool,
or the CLI via console method (section 2.2.2.1). If neither of these methods
work, please visit section 7.1.3 for information on how to conduct a factory
reset.
Host with Web browser.
PC IP address and netmask known, e.g.,
IP address 192.168.55.35 and netmask 255.255.255.0
To Internet or
company Intranet
Router
Ethernet portsConsole
Switch with default IP setting:
Default gateway: Disabled
IP address: 192.168.2.200
Netmask: 255.255.255.0
Should get the following settings:
IP address: 192.168.55.100
Netmask: 255.255.255.0
Default gateway: 192.168.55.1
WeOS switch
Version 4.17.0-0
2.2.1Using the Web Interface to Update the Switch IP Settings
To configure the IP settings via web your switch is required to be located on the
same IP subnet as your PC.
In this example the switch shall be assigned the IP address 192.168.55.100, netmask 255.255.255.0 and default gateway 192.168.55.1. To achieve this you must
(temporarily) change the IP address of the PC in order to be able to communicate
with the switch.
The steps to configure the IP settings via the web interface are as follows:
1. Connect your PC to the switch: Connect your PC to the switch as shown in
the figure above.
2. Modifying IP Settings on PC: The IP settings on the PC must be updated to
match the default settings on the switch, i.e., the PC should be assigned an
IP address on the 192.168.2.0/24 network, e.g.,
PC IP address: 192.168.2.1
PC Netmask: 255.255.255.0
3. Access switch via web browser: Open your web browser and enter URL
http://192.168.2.200 in the browser’s address field. You will be asked to
enter a username and a password. Use the factory default account settings
shown below:
4. Open the Network configuration page: Click on the Configuration topmenu and then on the Network sub-menu and then the Global settings
menu.
5. Configure Default Gateway: Now click the edit icon ( ) in the Global Settings
frame. The following page should appear.
Fill in the appropriate address in the Default Gateway field. In this example,
the default gateway is 192.168.55.1. Click the Apply button. Your switch is
configured with a new default gateway.
6. Open Interface Configuration Page: Click on the Configuration top-menu
and then on the Network sub-menu and then the Interface sub menu. In
the Interface page, click the edit icon ( ) on the row for the interface
named vlan1. The Interface Configuration Page will appear:
7. Configure Interface IP Settings: Enter the appropriate IP settings for your
switch. In this example we would:
(a) Set IP Address Method to static (radio button).
(b) Set Primary Address to 192.168.55.100 with 255.255.255.0 in the
Netmask field.
(c) Remove Secondary Address (192.168.2.200) using the trash icon ( ).
Click the Apply button and your switch is configured with a new IP address.
8. Reconfigure PC’s IP Settings: As the IP address is changed on the switch,
you cannot reach it from your PC any longer. To access the switch from the
PC, the PC’s IP settings must be changed again. In this case, we assume it
is changed back to its original settings:
PC IP address: 192.168.55.35
PC Netmask: 255.255.255.0
PC Default Gateway: 192.168.55.1
Further management of the switch can be performed via any of the available
management tools - WeConfig, Web, SSH/Telnet/CLI or SNMP.
Host with terminal emulation program.
PC IP address and netmask known, e.g.,
IP address 192.168.55.35 and netmask 255.255.255.0
To Internet or
company Intranet
Router
Ethernet portsConsole
Switch with default IP setting:
Default gateway: Disabled
IP address: 192.168.2.200
Netmask: 255.255.255.0
Should get the following settings:
IP address: 192.168.55.100
Netmask: 255.255.255.0
Default gateway: 192.168.55.1
WeOS switch
Version 4.17.0-0
2.2.2Using the CLI to Update the Switch IP Settings
The CLI can be accessed in three ways: via the console port (given that the switch
is equipped with a console port) or via the Ethernet ports using the Secure Shell
(SSH) or the Telnet protocol. Section 2.2.2.1 explains how to access the CLI via
the console port, and how to update the IP settings. Section 2.2.2.2 explains how
to access the CLI via SSH.
Access with Telnet is also possible, but this is not enabled by default on the
switch, and to use it you will first have to access it with one of the other methods
and enable this protocol for management. See Section 7.3.49 (CLI) for information on how to enable the Telnet service on the unit, and then Section 19.4 (Web)
or Section 19.6.6 for information on how to enable Telnet configuration via interface ”vlan1”.
2.2.2.1Accessing the CLI via the console port
For WeOS switches equipped with a console port, this port can be used to change
IP address of the switch.
1. Connect your PC to the switch: Connect your PC to the switch as shown in
Important notice for WeOS Switches equipped with a console port
See the User Guide of your specific product (section 1.5) for information
on what Diagnostic Cable to use when connecting to the console port
of your specific product.
Westermo OS Management Guide
Version 4.17.0-0
2. Terminal program: To communicate with the switch via the console port, you
need to use a terminal emulation program on your PC, such as Hypertermi-nal. Ask your system administrator if you need help to install or configure
your terminal emulation program.
The following settings should be used when connecting to the console port:
Console Port ParameterSetting
Data rate115200 bits/s
Data bits8
Stop bits1
ParityOff
Flow controlOff
3. Activating the console: When the switch has finished booting, you will be
asked to press the Enter key on your keyboard to activate the console.
4. Logging in: Now you will be asked to enter a username and thereafter a
password. For a switch using the factory default settings, use the following
login username and password:
Login username: admin
Password: westermo
Below you see a sample printout when logging in on a WeOS switch. (The
password is not ”echoed” back to the screen.)
Example
example login: admin
Password:
.--.--.--.-----.-----.------.-----.-.--.--------.-----.
| | | | -__|__--|
\__/\__/|
Robust Industrial Data Communications -- Made Easy
\\/ Westermo WeOS v4.15.0 4.15.0 -- Jun 16 19:10 CEST 2014
Type: ’help’ for help with commands, ’exit’ to logout or leave a context.
example:/#>
_____._____
__
| |__| |
| -__|_| . . |
_____|__
| |__|__|__|
_
| http://www.westermo.com
_____
|info@westermo.se
5. Listing IP address: Use the CLI command ”show iface” to list information
about network interfaces.
6. Changing IP address and netmask: To change the switch IP addressing mode
(”static” instead of ”DHCP”), set a static address and netmask, and to skip
secondary addresses, use CLI commands ”configure”, ”iface vlan1”,
”inet static”, ”address <IPV4ADDRESS/LEN>”, ”no address secondary”
and ”end” as shown below. This example is based on the setup in step 1,
and configures the switch with an address (192.168.55.100/24) on the same
IP subnet as the PC.
169.254.145.230/16
Example
example:/#> configure
example:/config/#> iface vlan1
example:/config/iface-vlan1/#> inet static
example:/config/iface-vlan1/#> address 192.168.55.100/24
example:/config/iface-vlan1/#> no address secondary
Remove all secondary IP addresses, are you sure (y/N)? y
Removing all secondary IPs!
example:/config/iface-vlan1/#> end
example:/config/#> end
Stopping DHCP Clients ...................................... [ OK ]
Configuration activated. Remember "copy run start" to save to flash (NVRAM).
example:/#> show iface
Press Ctrl-C or Q(uit) to quit viewer, Space for next page, <CR> for next line.
can be achieved using CLI commands ”configure”, ”ip”, ”route default
192.168.55.1 <IPADDRESS>”, and ”end” as shown below.
Example
example:/#> configure
example:/config/#> ip
example:/config/ip/#> route default 192.168.55.1
example:/config/ip/#> end
example:/config/#> end
Configuration activated. Remember "copy run start" to save to flash (NVRAM).
example:/#>
8. Save configuration: Although the configuration changes has been activated,
the running configuration must be stored to the startup configuration. Otherwise the changes will be lost if the switch is rebooted.
9. You are now done setting the IP address, subnet mask and default gateway
of your switch. Logout from the CLI using the ”logout” command.
Further management of the switch can be performed via any of the available
management tools - WeConfig, Web, SSH/Telnet/CLI or SNMP.
2.2.2.2Accessing the CLI via SSH
Configuring the IP settings via SSH/CLI is very similar to configuring them via the
console port. The major differences are:
The IP address of the PC must (temporarily) be changed in order to be able
to communicate with the switch, i.e., the PC should have an address on
network 192.168.2.0/24, e.g., 192.168.2.1/24.
After the IP settings have been changed on the switch, the PC is likely to
loose contact with the switch. The PC must therefore change its IP address
again, and login to the switch again in order to copy the running configuration to the startup configuration.
The steps to configure the IP settings via SSH/CLI are as follows:
1. Connect your PC to the switch: Connect your PC to the switch as shown in
the figure below. In this example we assume the switch will get IP address
Host with SSHv2 client.
PC IP address and netmask known, e.g.,
IP address 192.168.55.35 and netmask 255.255.255.0
To Internet or
company Intranet
Router
Ethernet portsConsole
Switch with default IP setting:
Default gateway: Disabled
IP address: 192.168.2.200
Netmask: 255.255.255.0
Should get the following settings:
IP address: 192.168.55.100
Netmask: 255.255.255.0
Default gateway: 192.168.55.1
WeOS switch
Version 4.17.0-0
192.168.55.100, netmask 255.255.255.0 and default gateway 192.168.55.1.
2. Modifying IP Settings on PC: The IP settings on the PC must be updated to
match the default settings on the switch, i.e., the PC should be assigned an
IP address on the 192.168.2.0/24 network, e.g.,
3. Connecting and Logging in: When connecting via SSH you will be asked to
enter a username and thereafter a password. For a switch using the factory
default settings, use the following login username and password:
Login username: admin
Password: westermo
The procedure to connect may vary slightly depending on what SSH client
you are using. The example below show the connection procedure using
Unix OpenSSH4. (On Windows one can use Putty5.)
Westermo OS Management Guide
Version 4.17.0-0
Example
user@pc:~$ ssh admin@192.168.2.200
The authenticity of host ’192.168.2.200 (192.168.2.200)’ can’t be established.
RSA key fingerprint is 6d:0c:f3:d3:28:d6:d8:43:bc:69:f8:d0:d6:a2:27:87.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ’192.168.2.200’ (RSA) to the list of known hosts.
admin@192.168.2.200’s password:
.--.--.--.-----.-----.------.-----.-.--.--------.-----.
| | | | -__|__--|
\__/\__/|
Robust Industrial Data Communications -- Made Easy
\\/ Westermo WeOS v4.15.0 4.15.0 -- Jun 16 19:10 CEST 2014
Type: ’help’ for help with commands, ’exit’ to logout or leave a context.
example:/#>
_____._____
4. Changing IP settings: The switch IP settings are changed with the same
commands as described when accessing the CLI via the console port (sec-
tion 2.2.2.1). In this example we assign IP address, netmask and default
gateway.
__
| |__| |
| -__|_| . . |
_____|__
| |__|__|__|
_
| http://www.westermo.com
_____
|info@westermo.se
Example
example:/#> configure
example:/config/#> iface vlan1
example:/config/iface-vlan1/#> inet static
example:/config/iface-vlan1/#> address 192.168.55.100/24
example:/config/iface-vlan1/#> no address secondary
Remove all secondary IP addresses, are you sure (y/N)? y
Removing all secondary IPs!
example:/config/iface-vlan1/#> end
example:/config/#> ip
example:/config/ip/#> route default 192.168.55.1
example:/config/ip/#> end
example:/config/#> end
The configuration is now changed, but not yet saved to the startup configuration. However, as the IP address is changed, the SSH connection will be
broken.
5. Logging in again to save configuration: To login again, the PC’s IP settings
must be changed again. In this case, we assume it is changed back to its
original settings:
We can then login again to copy the running configuration to startup configuration.
Example
user@pc:~$ ssh admin@192.168.55.100
The authenticity of host ’192.168.55.100 (192.168.55.100)’ can’t be established.
RSA key fingerprint is 6d:0c:f3:d3:28:d6:d8:43:bc:69:f8:d0:d6:a2:27:87.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ’192.168.55.100’ (RSA) to the list of known hosts.
admin@192.168.55.100’s password:
.--.--.--.-----.-----.------.-----.-.--.--------.-----.
| | | | -__|__--|
\__/\__/|
Robust Industrial Data Communications -- Made Easy
\\/ Westermo WeOS v4.15.0 4.15.0 -- Jun 16 19:10 CEST 2014
Type: ’help’ for help with commands, ’exit’ to logout or leave a context.
WeOS is managed and monitored using the following tools and interfaces:
WeConfig: is Westermo’s Network configuration management tool (NCM)
made for commissioning and maintenance of components in a network.It
replaces the former Westermo tool known as IPConfig. For further information on WeConfig’s features and how to use the tool, see the WeConfig User
Guide[54].
Web: The WeOS Web interface provides management of essential features.
The Web interface should satisfy the needs of all common use cases.
CLI: The WeOS Command Line Interface is an industry standard CLI, and
provides the most complete management support. The CLI is intended for
advanced users requiring fine grain control of the system.
In addition, WeOS provides device management via SNMP (v1/v2c/v3). A set of
standard MIBs and the WeOS private MIB are supported, as described in chap-
Discover WeOS DevicesX(X)(X)
Set Device IP AddressXXXX
Upgrade firmwareXXX
Common management tasksXXX
All management tasksX
Secure managementXXX
In the following sections the properties of the WeConfig tool, the Web Interface,
and the CLI are presented further. These sections give information about what
management tool to use for a specific need. For more information on SNMP we
refer to chapter 6.
3.1When to use the WeConfig tool
The Westermo configuration management tool, WeConfig, is used for basic configuration and maintenance of WeOS products. It is an ideal tool to upgrade
firmware and manage configuration files (backup and restore) of a large set of
WeOS devices. With WeConfig you to scan, discover and draw maps of the WeOS
devices in your network, and you can also conduct some basic configuration of
WeOS units, such as setting the IP address and the default gateway.
For further information on WeConfig’s features and how to use the tool, see the
WeConfig User Guide[54].
3.2When to use the Web Interface
The Web interface would be the management interface of choice for most users.
The main advantages of the Web Interface are:
Easy to use: The Web management interface provides an easy to use method
to manage the switch.
All common features: The web interface includes support for all essential
management features, and should therefore meet the needs of most users.
Secure management: The web interface can be accessed via regular HTTP
and secure HTTP (HTTPS). Secure management is also possible via the CLI
(SSHv2) and and SNMP (SNMPv3).
Discover other Westermo Switches: The Web contains a discovery service
(IPconfig) similar to what WeConfig provides. (Note, you must still be able
to login to one switch in order to make use of this service.)
To use the Web interface, you must know the IP address of your switch. To find
out the switch IP address you may need to use the WeConfig tool1, but once you
know it you can do the rest of the management via the Web interface.
The Web interface is introduced in chapter 4.
3.3When to use the Command Line Interface (CLI)
The WeOS CLI aims to serve advanced users. Furthermore, the CLI is the only
management tool which cannot be disabled.
Below we list the situations where the CLI is the most suitable management tool.
Complete set of management features: The CLI includes all the management features available on the switch. If you cannot accomplish your task
with any of the other management tools, the CLI may provide the feature
you need.
Discover other Westermo Switches: The CLI contains a discovery service
similar to what WeConfig provides, but more rudimentary.
Note
You must still be able to login to one switch in order to make use of this
service.
Secure management: To access the CLI you must either have physical access to the switch (console port), or use the Secure Shell (SSHv2) application
to access the CLI remotely. Secure management is also possible via the Web
interface (HTTPS) and SNMP (SNMPv3).
Configuration scripting: With a CLI it is possible to develop automatic configuration scripts, e.g., using the Expect automation and testing tool. Expect
extensions exist for many common scripting languages (Ruby, Perl, Tcl).
As with the Web interface, you must know the IP address of your switch before
you can access the CLI remotely via SSH (access via the console port is possible
1
For more information about finding the IP address of your switch we refer to the Getting Started