Moxa Technology Webinar Series

Tips for Commissioning,

Managing, and Troubleshooting
your Industrial Network

Richard Wood, Networking Infrastructure Manager

Ariana Drivdahl, Product Marketing Manager for Industrial Ethernet
Agenda
Tips for Commissioning, Managing & Troubleshooting Your Industrial Network

Industrial Network Challenges

Network Configuration & Commissioning

Managing Industrial Networks

Troubleshooting to Minimize Downtime

Industrial Network Challenges
Typical challenges

Harsh operating
environments
Network availability
requirements are much
higher than enterprise IT Source:
http://www.strategiccompanies.com/pdfs/Assessing%20t
he%20Financial%20Impact%20of%20Downtime.pdf
Cost of downtime is
extremely high
Interoperability of industrial
devices/networks
Limited networking
expertise
Results of Poll #1
Network Configuration &
Commissioning
Tips, Tricks & Tools
Network Configuration & Commissioning
Typical steps

Installation Configuration Troubleshooting Testing Commissioning

 Unmanaged VS. Managed
Unmanaged Managed
Switch Switch

POSITION Simple Data Switching Powerful Performance for

Network Management

Mid to Large Scale Network

Small Scale Network
APPLICATION Mission Critical Network with
P2P Communication
Remote Monitoring

Packet Switching + Network

HARDWARE Packet Switching: Management:
Entry Level Switch ASIC Advanced Switch ASIC +
CPU + Flash / RAM

Web / CLI Setting

Network Security
Plug and Play
SOFTWARE Network Redundancy
No Configuration Required
Network Management
Traffic Prioritization
Network Topology
Typical Enterprise Star Topology

Single point of failure

Long, costly wire/fiber runs
 Network Configuration
Selecting the Right Topology for Your Needs

Root

Redundant
Technology

Backup Link

Type Mesh STP RSTP Ring/Chain HSR/PRP

Every node IEEE IEEE 802.1w Proprietary IEC 61850
connects to 802.1D Loop-free technology Dual Network (PRP)
Feature each other Loop-free tree shape Ring/Chain Dual Path (HSR)
tree shape topology Topology
topology
Highly Open Open Low cost Open protocol
reliable Protocol Protocol Self-healing Self-healing
Pros Self-healing Self-healing Faster Faster recovery Zero recovery time
recovery time: time (<20 ms) (0 ms)
~1 sec
Too costly for Recovery Recovery Vendor specific Prohibitively
Cons large network time: time not fast technology expensive unless
deployment ~15 sec enough absolutely needed
Network Topology
Typical Industrial Ring Topology

No single point of failure

Reduced wiring costs
Industrial Protocols
Integration of SCADA & PLC Networks

SCADA control / monitor PLC and field

devices via industrial protocols

HMI
I/O PLC

Ethernet
Drive Switch
Network Configuration & Commissioning
Web Interface vs CLI

Two different methodologies for configuration of

network devices
Many users from the industrial side prefer web
GUI
Most users for commercial/enterprise side will
favor CLI
Used by Cisco
Device Configuration
Command Line Interface (CLI)
Device Configuration
Graphical User Interface

Visual confirmation of current settings

Menu based configuration
Standard web browser interface
Network Management Tools

Easy Configuration @ Installation Stage

Efficient Monitoring @ Operation Stage
Easy Backup/recovery @ Maintenance Stage
Quick Troubleshooting @ Diagnostics Stage
Mass Configuration Tools
Up to 10X Productivity Boost

One by One Setting by Web Batch Configuration by MXconfig

Single Power Supply 10 400 Multiple Devices Wiring
Single Device Wiring sec sec in Series
30 20
IP Configuration sec sec
Broadcast Search

Redundancy Configuration 35
200 Group IP
sec
sec Configuration

Repeat 100 Group Redundancy

100 times sec
Configuration

Finish Total Total Finish

125 min 12 min
Fast Group Configuration
Network (IP address) Setting

IP address setting for

mass devices
 Fast Group Configuration
802.1Q VLAN Setting

Quick Add Panel

for cloning setting

*Mass 802.1Q VLAN Setting only for devices with the same model name
 Fast Configuration Deployment
Copy Configuration

Quick configuration copy

from one specific setting
to mass devices
Support mass IP
address setting

*Copy Configuration only for devices with the same model name
Configuration Check
Status Overview

Redundancy Setting
Overview
802.1Q VLAN Setting
Overview
Startup Troubleshooting
Compare a Single Device with Whole Network

VLAN VLAN VLAN VLAN VLAN

1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200
2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300
3: Trunk, PVID=100, Tag=1,2 3: Trunk, PVID=100, Tag=1,2 3: Trunk, PVID=100, Tag=1,2 3: Trunk, PVID=101, Tag=1,2 3: Trunk, PVID=100, Tag=1,2
4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2

VLAN VLAN VLAN VLAN VLAN

1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200
2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300
3: Trunk, PVID=100, Tag=1,2 3: Trunk, PVID=100, Tag=1,2 3: Trunk, PVID=100, Tag=1,2 3: Trunk, PVID=100, Tag=1,2 3: Trunk, PVID=100, Tag=1,2
4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2

VLAN VLAN VLAN VLAN VLAN

1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200 1: Access, PVID=1, Forb=200
2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300 2: Access, PVID=2, Forb=300
3: Trunk, PVID=100, Tag=1,2 3: Trunk, PVID=100, Tag=1,2 3: Trunk, PVID=100, Tag=1,2 3: Trunk, PVID=100, Tag=1,2 3: Trunk, PVID=100, Tag=1,2
4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2 4: Trunk, PVID=100, Tag=1,2

Comparison
Benefit
Sample
Reduce Manual Setting Errors
Documentation
Export Configuration

Export mass
configurations by
preference name
Results of Poll #2
Network Management & Maintenance
Best Practices
Network Management & Maintenance
Network Management Software

Industrial NMS
Auto topology visualization
Remote device management
Real-time event management
Comprehensive performance
reporting
Network Management & Maintenance
Efficient Visual Monitoring

Virtual Device Panel

VLAN/IGMP
Visualization

Real-time Event
Network Management & Maintenance
Schedule Automatic Backups

CONFIGURATION CENTER
1-click for mass configuration backup and
firmware upgrade
Job scheduling for nightly configuration backup
Configuration change history
Network Management & Maintenance
Easy Field Backup & Recovery

One-click Backup
Only trigger Reset button on switch to copy configuration
and log files
Files Import & Backup
Configuration import & backup
Firmware upgrade
System log backup

Rotate blinking under backup

Cyber Security Trends in Automation Networks

Past Control Maximize system The security threat

network security availability environment has
Physical perimeter Remote access portals substantially changed
security were added by plant Nearly all systems are directly
Air-gapping engineering and or indirectly connected to public
Security through vendor personnel networks
obscurity Often without the Attackers are now aware of the
acknowledge or possibilities of attacking control
approval by IT people systems

Ref: Best practices in automation security by Murray McKay, Principal Application Engineer, Siemens Industry, Inc.
 The Best Countermeasure against Cyber Threats

Create a Defense-in-Depth
Network Security Environment

Defense in Multiple Places Layered Defenses

Defend the Networks and Infrastructure Each of these mechanisms must present
(encryption and traffic flow security unique obstacles to the adversary.
measures to resist passive monitoring) Further, each should include both
Defend the Enclave Boundaries (deploy protection and detection measures
Firewalls and Intrusion Detection to resist
active network attacks)
Defend the Computing Environment
Layered Cyber Security Solution for Automation

Security Site

High-performance
500 Mbps

Security Zone

Best Cost/Performance
300Mbps

Security Cell

Best Integration
110 Mbps
Firmware Updates

FW updates are critical to ensuring your devices

are always up to date with the latest technology
Includes both technology and security updates
Many manufacturers offer free FW upgrades to
ensure their customers have longevity with the
products they have purchased
Results of Poll #3
Network Troubleshooting
Minimizing Downtime
Alerts on Unmanaged Switches
Monitoring System Changes

While unmanaged switches

generally cannot communicate
status over the network, they
can be simply configured to
provide relay outputs for
alarms such as:

Power Supply Failure

Port Break Alarms
Alerts & Event Logs
Monitoring System Changes
 Predictive Monitoring & Alerts
Comprehensive Fiber Status Monitoring and Warnings

All Fiber should be monitored

for fault prevention

Fiber Status Monitoring Fiber

Temperature, Working Voltage,
Tx /Rx Powers

Auto Event Warning SNMP

trap, Relay, Email, Event log
SC ST SFP
(DDM: Digital Diagnostics Monitoring)
Troubleshooting Tools
Network Snapshot Comparison Tools

Quickly Collect Switch Info

(Take Network Snapshot)
Quickly Compare Switch Info
(Compare Network Snapshots)
Troubleshooting Tools
Network Snapshot Comparison Tools

Compare
Quickly Collect Switch InfoNetworks
(Take Network Snapshot)
Quickly Compare Switch Info
(Compare Network Snapshots)
Troubleshooting Tools
Network Snapshot Comparison Tools

Quickly Collect Switch Info

(Take Network Snapshot)
Quickly Compare Switch Info
(Compare Network Snapshots)
Troubleshooting Tools
Event Playback

EVENT PLAYBACK
Record network status in 30 days
Network playback on any time/any event
Play at 1x, 2x, or 4x speed
Device Quick Finding
Switch Locator LED
Speed up on-site device finding to quickly diagnosis
Recap
Various redundancy protocols allow network
stability and recovery
NMS tools allow quick device configuration and
simple mass deployment
Software allows you to visually troubleshoot
your network to determine fault areas
NMS software allows you to view and visually
maintain your network
Q&A
 Thank You

2016 Moxa Inc. All rights reserved.