EIP Book of Knowledge

December 23, 2009

KnowBase 57174

Purpose
This document includes practical information that may or may not be included in other documentation. With time, some of the information may be included in formal publications. Likewise, a previously not widely understood topic may become widely know and can be deleted from this document. Changes, additions & deletions, are made over time. If you have an EtherNet/IP topic that should be described but is not already covered elsewhere, contact Dan Zaniewski.

Outline
References Topologies Connectivity Segmentation Performance Availability Manageability Troubleshooting Scalability Security Switches Media Some list prices (2008) General topics Whats new in v18 Appendix
3

References
www.odva.org/Home/ODVATECHNOLOGIES/EtherNetIP/EtherNetIPLibrar y/tabid/76/Default.aspx www.rockwellautomation.com/knowledgebase/?OpenForm samplecode.rockwellautomation.com/idc/groups/public/documents/webasse ts/sc_home_page.hcst Product: Network Communications Technology: Faceplates Title: Ethernet www.ab.com/networks/site-index.html www.ab.com/networks/architectures.html
Rockwell/Cisco reference archtictures, Design & Implementation Guide

Publication ENET-UM001G-EN-P Provides connection and packet rate specs for modules

Topologies
What topologies are there?
Line Ring (cable redundancy) Star Double star (distribution switch redundancy) Combinations

Linear topology
Switch1 Switch2 Switch3 Switch4

Advantages
Architecturally, a drop-in replacement for RIO.

Disadvantage
Some traffic may traverse multiple switches (Fewer switches in the path is better)

Linear topology
How many switches can I have in a line? ANSWER:
That depends on several factors:
Single point of failure consideration
Clients tolerance for delay (e.g. timeout)

Switchs capacity (e.g. wire-speed on all ports, switching fabric) The amount of traffic (uni, multi, broadcast) queued in front of a message under test. Troubleshooting a longer line is more difficult to find the problem

Connectivity
Methods for connecting IP networks: Isolated
Not connected to any other network

Restricted
By protocol, IP address, MAC, etc.

Integrated (full connectivity)

Reference: EtherNet/IP 10 Commandments (www.ab.com/networks/site-index.html)
8

Segmentation
How many nodes can I put on a network?
Fewer is better (see notes) because:
Broadcast storm size and duration is less Protection against defective device behavior Spanning tree event (re-convergence) reduced exposure Losing a few nodes to a malfuncton is better than more nodes

Why do I segment?
Performance and security

How do I segment automation networks?

VLAN (connected thru a router, if needed) Subnetworks (connected thru router, if needed) Isolation EIP-only protocol (CLGX bridge) Identify who needs to talk to who, how they talk, and THEN we will discuss howto.
9

Best approach

Performance
System performance requires: - characterizing each component in the system
- combining the components for end-end result

Latency (including queuing) Jitter Multicast containment Broadcast limiting QoS

10

Availability
Switches Media CLGX redundancy inc ENBT/EN2x

11

Manageability
Manage device/sys changes, inc reconfig Monitor (determine if we are within specs) Baseline (take a snapshot of good system) Troubleshoot (fix a customer anomaly) Management tools

12

Troubleshooting - Basics

13

Troubleshooting - RA Module Diagnostics

Module diagnostics (basic) --- see web server
Link state: Link should be up (connected to a powered switch). Duplex: Full duplex Auto/forced: Autonegotiate Speed: 100Mbps Errors: In errors and out errors should be 0. Very important! CIP connection timeouts: 0 is expected

CIP connections: <= 80% of the modules capacity

TCP connections: <= 80% of the modules capacity CPU usage %: <= 80% Missed I/O packets: 0 HMI packets/sec: <= 80% of the modules capacity I/O packets/sec: <= 80% of the modules capacity
14

3 params not on this page - Link state - Errors - HMI pps

15

Troubleshooting - common
One common anomaly.duplex mismatch
Autonegotiation is out-of-the-box easy to use and reliable. But, if your company policy is to force the duplex and speed, this is legitimate. However, if you force, remember to force both the switch port and the corresponding end-device. Other wise, there will be a mismatch and communications problems will occur.
Depending on the timing of who-transmits-when, the problem may not be obvious or may be very obvious. Examine both the switch port and the end-device (e.g. 1756-ENBT) for Ethernet errors. Signature errors for duplex mismatch include: - Late collisions - FCS/CRC errors - Alignment errors
16

Troubleshooting S8000
If you cycle power, the date/time changes to

Feb 28 1993 This is how the product was designed by Cisco. There is no battery to retain the date/time. CompactFlash retains the switch configuration but not the date/time.
17

Troubleshooting S8000
To gather switch data quickly, especially with multiple switches, use Cisco Network Assistant to look at the Monitor tab:
1. 2. 3. Reports tab Port Statistics Views Topology shows all the switches. System Messages This info is close, if not identical, to the switch log file.

18

Troubleshooting S8000
What do I look at first with a Stratix 8000?
(How do I know if the switch is happy?)

a) Log file (Device mgr or CLI)

Dev Mgr, Monitor Alert Log CLI, show log

b) Interfaces (Device Mgr or CLI) c) Additional steps are anomaly dependent:

Example: show spanning-tree show rep
19

Troubleshooting - Basics
Provide the required files describe in this document. If you open a tech support case but do not provide all the files, analysis will take longer and waste everybodys time. Do NOT use Wireshark without first discussing with Tech Support. Any customer anomaly needs to have a tech support case opened. You can call Commercial Engineering to discuss a situation but they will not work on a post sale event unless you have a tech support case open AND tech support has requested help (case was escalated). Wireshark trace analysis generally takes time to analyze and create a user-friendly report. There is no such thing as a quick look.

20

Troubleshooting - General
Files we need:
Network drawing (all switches, routers, copper/fiber converters, wireless, etc.) IP address of the nodes and also the types of devices Switch operating status including errors, duplex, forced/auto (CLI or web browser) Relevant Logix acd file(s) Configuration file for each switch Firmware versions
If you use HTTrack software, this will be provided by the software.

Search the Knowledgebase for any known anomalies associated with the products in your system If 1794-AENT/A is involved, then verify if ground clip helps Module screen captures (use HTtrack Website Copier, www.httrack.com)

HTtrack software is free and easy to use. It copies all the pages quickly.
Examples: Home, Diagnostics Overview, Ethernet statistics, I/O connections

Possibly a network capture at this time, possibly later (use Wireshark) 21

Troubleshooting - General
Get a description of the anomaly
What is the problem the customer sees? (simple description)
Example: The I/O tree in RSLogix5000 has a yellow triangle on a Flex I/O module. Only a single device is being lost?
Example: Only a single device, a 1794-IB16 module, has a yellow triangle

Was it ever operating correctly or did this start recently? How often does it happen? (constantly, once per hour, once per week?) For how long does the anomaly last? (3 seconds, forever?) How do you recover? (cycle power to device?, recovers by itself?) What additional steps, if any, did you already take to troubleshoot? E.g. hardware changes

22

Troubleshooting - General
At some point, you might be asked for a network capture
Install Wireshark (free at www.wireshark.org) Configure port mirroring in a switch (see next pages for details) In your report, specify which device was port mirrored. Send a short (e.g. 5-10 seconds) trace to immediately for review
To verify that port mirroring is configured correctly.

Identify the IP addresses that are having a problem and all others in capture Dont configure any capture filters (we need to see all the frames)

Limit each capture file size to 10Mbytes. (Bigger is time-consuming to analyze.)

See next page for details.

Multiple file capture (circular buffer, see next pages for detail) If the event cannot be easily put into 1 file, configure Wireshark for multiple files.
The number of files is dependent on how many are needed to insure that you stop the trace before the circular buffer event is overwritten.

NOTE: If port mirroring functionality is not available (device is not a managed switch), you need to work around it.
23

Troubleshoot multicast flooding

Verify if multicast is flooding
The customer may be using multicast (produce tag or I/O). If multicast is flooding, IGMP is not configured or is not working. This may be a significant factor. Install Wireshark (free, www.wireshark.org) Do NOT port mirror Connect your PC to an unused switch port Run Wireshark for at least 2 minutes (120 seconds) Provide a list of all IP addresses Provide network drawing

24

Stratix8000 Port mirroring

In release 4, a port mirroring anomaly was discovered. In Device Manager, if you mirror a port, FA1/1 for example, to the target port, FA1/8 for example, all is well. However, if you then decide to mirror a different source port, FA1/2 for example, to the same destination port, then both source ports will be mirrored. The workaround is to first select a Smartports role of None before changing the source port.
25

Troubleshooting module Rejects

Rejects means that the Ethernet module hardware passed a frame to the firmware but the firmware looks at the packet and then dropped it. This increments the Reject diagnostic and also counts toward CPU usage. Rejects will occur for the following reasons:
-Duplicate multicast streams The firmware enables module hardware to accept specific multicast groups. The hardware cannot distinguish duplicates. Recommendation: Avoid duplicate multicast groups by having less than 1025 nodes on a network. - The hash table (hardware) is not perfect Resulting in some multicast being past to the module firmware. Recommendation: Always configure/verify IGMP. Then, no rejects for this reason. - One of the CIP bi-directional communication streams stops One of the participants (e.g. data producer) times out and closes the connection. The other participant has not yet timed out. Then, the absent stream starts arriving again. The restarted stream will be rejected because there no longer is a CIP connection open with that connection identifier. Recommend: Replace bad hardware and avoid system disturbances.

All three of the above are the same in that the firmware cant associate a received packet with an active CIP connection ---- it's rejected . 26

Troubleshoot Wireshark overview

If a network trace is requested:
Install Wireshark (free at www.wireshark.org) Identify what device (e.g. 1756-ENBT) needs to be mirrored Configure the switch for port mirroring Take a quick (30 seconds) test trace Examine the test trace to verify
That port mirroring was configured That all expected IP addresses are present

Multiple Wireshark files (circular buffer) may be required

Max of 10Mbytes per file please

Provide a list of all IP addresses Provide network drawing Provide a simple description of the anomaly
Example: CLGX 1.2.3.4 loses its connection to Point I/O 1.2.3.5 once a week.

27

Troubleshoot Wireshark
CIP connections
CIP connections are bi-directional. During trace analysis, packets in both directions need to be identified by their connection identifiers. The identifiers are provided in the forward open reply. So, when pursuing a class 1 (produce tag or I/O) connection anomaly, the trace must contain a forward open and then, of course the subsequent anomaly. The anomaly could be some packet loss or loss of the connection.
See the next 2 slides for more information.
28

Troubleshoot Wireshark
CIP connections
If produce tag or I/O connections are being lost and recovered frequently, then a Wireshark trace should include these without any additional work on your part. However, if connection losses occur infrequenently, you will need to make a forwardOpen (makes a connection) happen. Again, the forwardOpen includes connection identifiers for both directions (O->T and T-> O).
29

Troubleshoot Wireshark
CIP connections
If class 1 connections are being lost infrequently, you will need to do something to make sure there is a forwardOpen in the trace (in addition to the anomaly). You can make this happen several ways at either of the 2 Ethernet modules involved in the CIP connection: - Remove/reconnect the Ethernet cable - Inhibit the connection and reenable (RSLogix5000) - Cycle power
30

Getting ready for a Wireshark trace

Configure port mirroring on a switch
1.
2. 3.

Identify the device --- is it a switch (recommended) or a hub?

Verify that the switch has port-mirroring
If the switch is unmanaged, it does not have this feature.

If the switch is managed, see switch documentation for directions to configure port-mirroring
Common methods: - web browser (Internet Explorer) - serial cable - customer application

4.

Verify which port you are to mirror

Identify the device you need to view.
31

Getting ready for a Wireshark trace

What happens if I have a switch but I dont port mirror?
By design, multicast and broadcast traffic will flood all switch ports. If you do not port mirror, your Wireshark trace may see only multicast, broadcast, and traffic related to applications running on your Wireshark trace. Unicast frames will be absent (unless you are running some networked application on your Wireshark PC). IT IS IMPORTANT THAT ALL FRAMES, INCLUDING UNICAST, ARE IN THE TRACE.
32

Getting ready for a Wireshark trace

What if the device is an unmanaged switch or is a hub?
To get a network trace, you have the following options:
Replace the device with a managed switch (preferred) Replace the device with a hub Replace the device with a passive tap

33

Getting ready for a Wireshark trace

Multiple file capture circular buffer
If the event you are trying to capture in a trace happens frequently, you might be able to capture it in a single small file.

If the event happens infrequently, you will need to configure Wireshark to run continuously, filling multiple files in a circular buffer. See the next slide for more information. NOTE: You must manually stop the trace after the event BEFORE the event is overwritten in the circular buffer.

34

Getting ready for a Wireshark trace

Multiple file capture configuration circular buffer

Limit file size to 10Mbytes

Specify enough files to insure that you have time to stop the capture before the event is overwritten.

35

Troubleshooting now what?

What we need if the basic troubleshooting steps above do not solve the problem.
Examine grounding (use visual inspection) Also, see 1794-AENT statement in section B above. Examine cable lay and re-route (noise could be induced into a cable) Replace hardware Cable, switch, RA Ethernet module.

Examine power to the device

36

Scalability/Flexibility
Allow for reserve switch port capacity Moving devices Adding devices IP address scheme Allow for reserve performance capacity

37

Security
Level1 Level2 Level3 DMZ How to (ACL, Firewall) secure

38

Stratix Switches
Family members -- 8000, managed, RA/Cisco, 6-26 ports
Released Summer 2008

6000, managed, RA, 4 or 8 ports

Released Summer 2008

2000, unmanaged, 3-8 ports

March 2008

See RA literature library and search using Stratix for documentation.

39

Ports 6, 10, 14, 18, 22, 26

Base
6 port 10 port

Base with one expansion

Base with 8 copper Base with 8 fiber (10/100Mbps)

Base with 2 expansions

Base with 16 copper Base with 8 copper and 8 fiber
40

Major Stratix Switch Topics

Four software tools for configuation
Device manager (web server), recommended RSLogix5000 AOP CNA (Cisco Network Assistant) CLI (most comprehensive, most difficult)

Reset-to-factory-default procedure Express Setup Password recovery procedure Switch replacement (use compact flash) IOS upgrade Troubleshooting using switch diagnostics RSLinx, RSNetWorx, faceplates switch access Hardware: 2 power supply connectors, compactFlash
41

S8K Reset-to-factory-default
Cycle power and insert paper clip immediately Keep paper clip in until 3 LEDs turn solid red EIP Mode LED EIP Net LED Setup LED Remove paper clip and wait until Setup LED is solid green Both config.txt and VLAN.dat files were both deleted You are all done.
42

Stratix8K Express Setup

1. Clear the switch of configuration (previous slide) 2. On your PC disconnect all Enet cables but one. 3. Configure the Ethernet port for DHCP 4. Disconnect the PC from the switch 5. Insert paper clip until a port blinks off/green 6. Insert your PC into the blinking port

43

Stratix8K Express Setup

7. You should see the following screen Configure the parameters where you see arrows.

8. Select Submit.

44

Major Stratix Switch Topics

Describe AOP major functions (config, diagnostics) Describe system tags (program accessible)
Inputs Outputs (including password)

Comparing S8K and S6K

S6K does not support Spanning-tree or RSTP S6K supports OSI layer 2 CoS
However, ODVA is going in the direction of layer 3 CoS (DSCP)

S6K supports VLANs local to a switch

Does not support VLAN trunking protocol. Does not tag frames (2 bytes added that include VLAN info)

45

Config Recommendations
Recommended system configuration
Avoid mixed spanning tree protocols
A loop will allow a broadcast storm. A single protocol is the best approach. Multiple protocols may prevent loops but verification testing is needed.

IGMP Affect of multiple queriers Affect of mixing versions (v1-v3) VLAN Consider use of VLANs as a default Configure trunks to carry only needed VLANs

For what common things do I need to use CLI?

46

Stratix 8000 facts customers asked about

VLANs
VLANs are a good thing. Use be default, not exception. Create VLANs and assign ports to each VLAN Supports multiple VLANs Supports configuration of an interface for each VLAN However, the CIP identity object supports only a single VLAN interface. If you configure more than 1 VLAN interface, the first will respond to AB_ETHIP (RSLinx) - In the Dev Mgr, how do you add ports to an existing VLAN? Answer: Select nothing in the Smartports Role window. Then, select the Customize button.
47

VLANs and interfaces

Q: Where do I need to configure interfaces? A: In general each L2 switch should have one, and not more than one,
management interface (IP address) configured. Additionally, a L3 switch that needs to do inter-VLAN routing, needs to have an interface to each VLAN. These interfaces are each an IP address that is the gateway used by each devices on each VLAN including Logix Ethernet modules. Interface Summary Interfaces are: management, VLAN, or physical port on a L3 switch that is configured as a router port (ie. In CLI, no switchport)

48

VLAN important information

L2 switches
- Create VLANs - Add ports (e.g. FA1/1) to each VLAN - Specify a gateway address in Express Setup.

L3 switches
- Create VLANs - Create IP address for each VLAN (gateway address)

49

Switch/router access
Q: Can I reconfigure any switch or router without knowing the passwords? A: Yes. For many/most devices, given physical access, there is a backdoor procedure, vendor specific.

50

Stratix 8000 multicast

The default maximum number of multicast that a switch can store is 255. However, the maximum number can be increased. ( Waiting on Mark to identify the details (11/18/09 email from Mark
about multiple items which can be reduced to free up room for multicast groups.)

51

Stratix 6000 Configuration

Upload/download S6000 configuration

52

DHCP Description
Present

several cases to simplify

The affects of Persistence, Reserved Only, DHCP Snooping The affects of local and remote servers. What to avoid.
NOTE: The Stratix8000 Software Manual describes DHCP.
53

Stratix 8000 DHCP Description

Describe the DHCP variables and the results
- Number of servers - Pool size - Persistence configuration

-Reserved Only
- DHCP Snooping (release 4)

54

DHCP Description
Describe DHCP including persistence and Reserved Only.
Connected to FA1/1

Local switch

Connected to FA1/2

No remote DHCP server(s)

A pool of 10 addresses has been created. Only 1 of these addresses has been assigned (persistence on FA1/1).
55

DHCP Description under construction

Case 1A:

-

Only 1 DHCP server No persistence No Reserved Only No DHCP Snooping

Two DHCP requests are received by the local switch FA1/1 and FA1/2 and are broadcast out all ports, including G1/1. Both will get DHCP offers from local Stratix8000 Any device may accept the first offering or a subsequent offering.

56

DHCP Description
Case 2 - pool w persist but w/o Reserved Only
(no remote DHCP server)
The DHCP request is received by the local switch and broadcast out all ports, including G1/1. There are no remote DHCP servers active in this example. An IP address has been assigned (persistence) to FA1/1 by local switch. The device on FA1/1 may accept the local offer.

The device on FA1/2 will get an offer from the local switch because there are 9 available addresses from the DHCP pool.
Any device may accept the first offering or a subsequent offering.
57

DHCP Description
Case 3 - pool with persistence and with Reserved Only (no remote
DHCP server)
The DHCP request is received by the local switch and broadcast out all ports, including G1/1. There are no remote DHCP servers active in this example. The device connected to port FA1/1 is requesting DHCP. This port is in the persistence table. The device on FA1/1 may accept the local offer. The device connected to port FA1/2, is requesting DHCP, but is not in persistence table. The device on FA1/2 will NOT get an offer from the local switch because Reserved Only is selected (even though there are 9 available addresses from the DHCP pool).

58

DHCP Description
Describe DHCP including persistence and Reserved Only.
Connected to FA1/1

Local switch

Connected to FA1/2

DHCP server(s)
Connected to G1/1

A pool of 10 addresses has been created. Only 1 of these addresses has been assigned (persistence on FA1/1). Remote server(s) included
59

DHCP Description
Case 4 DHCP pool w/o persist and w/o Reserved Only
Devices connected to the local switch issuing DHCP requests will get DHCP offers locally and remotely (assuming remote servers). The device may accept the local offering or may accept the remote offering, if any. The device may accept the first offering or a subsequent offering.

60

DHCP Description
Case 5 - pool w persist but w/o Reserved Only
An IP address has been assigned (persistence) to FA1/1 by local switch. The device on FA1/1 may accept the local offering or may accept a remote offering, if any. The device on FA1/2 will get an offer from the local switch IF there is an available address (not in the persistence table). FA1/2 will also get an offer from a remote server. The device may accept the first offering or a subsequent offering.
61

DHCP Description
Case 6 - pool with persist and with Reserved Only
Remote DHCP servers are active in this example and are connected via local switch G1/1 Automation device is connected to port FA1/1 and is requesting DHCP, is in persistence table. Automation device is connected to port FA1/2, is requesting DHCP, is not in persistence table.

62

DHCP Description
Case 6 (continued)
Remote DHCP servers are active in this example and are connected via local switch G1/1 The DHCP pool consists of 10 addresses on the local switch. Only port FA1/1 has been assigned an address from the local pool. FA1/2 is requesting an address but is NOT assigned in persist table.

63

DHCP Description

1. 2. 3. 4.

Case 6 (continued) the results

The requests from FA1/1 and FA1/2 are received by the local switch and are broadcast onto the network via G1/1. The local switch offers only the assigned address 192.168.1.1 The remote server offers to both FA1/1 and FA1/2. Because Reserved Only is checked, the local switch never offers for the 9 unused address (locally or remotely).

NOTE: If remote servers are Stratix8000, and they have Reserved Only, they will not DHCP offer.
64

DHCP Description What to avoid

When using persistence on a port (e.g. FA1/1), do not connect a switch to that port (e.g. FA1/1). The consequence of connecting a switch will be that every device on that switch will receive the same IP address.

65

Media
Copper types for EIP
Category 5e, category 6 recommended by ODVA

RA sells cables and connectors

- http://ab.com/sensors/ethernet/ - Unshielded twisted pair in 2008 - Shielded in 2009

See EtherNet/IP Media Selection and Installation Guide

http://www.odva.org/Home/ODVATECHNOLOGIES/EtherN etIP/EtherNetIPLibrary/tabid/76/Default.aspx
66

Media, fiber Offerings at RA

Fiber compatability chart
Fiber type Number of ports Stratix 8000 1783-MS06T 1783-MS10T 1783-MX08T 1783-MX08F Stratix 6000 1783-EMS04T None 1783-EMS08T SFP Stratix 2000 1783-US05T 1783-US08T 1783-US03T01F 1783-US06T01F
1756-EN2F Fixed

Mode

Speed

1783-SFP100FX 1783-SFP100LX 1783-SFP1GSX 1783-SFP1GLX (100mbps (100mbps single (1000mbps (1000mbps single multimode) mode) Connector type multimode) mode) LC LC LC X X X X X X X X

SFP SFP Fixed None

up to 2 (optional) based on SFP type based on SFP type up to 2 (optional) based on SFP type based on SFP type 8 Multimode (FX) 100mbps

1 (optional)

based on SFP type

1000mbps

LC

None None Fixed Fixed

1 1

Multimode (FX) Multimode (FX)

100mbps 100mbps

LC LC

multimode, LC connector, no autonegotiation, Speed = 100M, Duplex=half/full

1783-fiberETAP everything the same as EN2F above. Stratix6000, See above. Also, autonegotiation not supported.

Stratix8000 (uplinks) See above. Also, autonegotiation not supported. Stratix8000 (expansion) See above. Also, autonegotiation not supported.

67

Fiber and autonegotiation

Q: Do fiber media standards support autonegotiation?
A: Yes.

Q: Do Rockwell Ethernet fiber products support autonegotiation?

A: Most do support. Two products that do not are: S8000 expansion (100Mbps only) and S6000 (1Gbps only)
68

Media
Slip rings
Two basic types: optical, mechanical

Slip-ring vendors used by at least one customer for I/O

- Meridian on rotary fillers, http://www.meridianlab.com/index.html - Label (a French company), http://www.label.fr/accueil_en.html Slip-rings have not been validated by ODVA or Rockwell.
69

Media, slip-rings
Example of how one customer is using

70

Media color codes

I do not know of any standards that call out specific color codes, however Red is common for safety communications cabling. Teal is commonly used for robotics and control cabling.

71

Media RA sells media

The customer should contact our Chelmsford division to arrange to purchase the cables for an application. For those who wish to make their own or have requirements that our cables cannot provide, use the guidance doc. Our robotic cables have weld splatter jackets, meet 10 million flexes, are low noise and are sealed to IP67. For M12 connectors, see http://www.ab.com/catalogs/connectivity/onmachinepartno.html RA sells UTP and STP (2009)media.

72

Cisco Network Assistant

Current version is 5.5 A few features
Maintenance
Software upgrade for multiple switches

Monitor
Reports, IOS inventory for all switches Views, topology for all switches Views, health

Configure
73

General topics

74

EIP new in v18

1756-EN2x packet rates QoS support (EN2x, two-port I/O, K6500) CIP Sync (Logix AOP, K6500) Unicast I/O (all I/O families) Duplicate IP diagnostics (program access, web server access) Stratix 8300 switch 1783-ETAP fiber ports (1 or 2 ports)
75

1756-EN2x Increased packet rate

EN2x firmware version 3 Rate depends on the packet size
1 byte: 300 bytes: 400 bytes: 508 bytes: 26000 pps 15000 pps 11000 pps 9000 pps

76

QoS prioritization
QoS can help smooth out the peak loads and make sure that the important traffic has priority. However, the most important thing is to make sure you have enough bandwidth to begin with QoS = quality of service Refers to mechanism that provides precedence to applications. Mechanisms include ToS and CoS. TOS = type of service (layer 3) Byte in IP header 6 bits, Differentiated Services Code Point. Of the 6 bits, 3 bits of precedence. CoS = Class of service (layer 2) 3 bit field in Ethernet frame Priority 0-7
77

V18 QoS support

Any 2-port module will be marking packets with DSCP values (at the default values per the EIP spec)
Two port 1732 I/O Two port 1734-AENTR Two port 1738 I/O

Additionally the EN2T/EN2F will include the QoS Object but will only be marking the CIP Motion and CIP Sync packets with the default DSCP values. The other traffic, including regular I/O, produce tags etc. will have 0 for DSCP
78

V18 QoS support

However, you can change the default values ... via MSG instruction to the QoS Object should one desire that. ETAP will not remark any packets that are being produced by the attached device. So if the device doesn't mark ... they won't be marked

79

CIP Safety on EIP

Number of CIP connections Input module CRTL Output module CRTL Safety task interval maximum (100ms) Safety I/O modules
1791ES-IB16 1791-OBXIB8 1734-IBS 1734-OBS
80

Safety CRTL for 1791ES-IB16

81

Safety CRTL for 1791ES-OB16

ADD A RSLogix5000 SCREEN CAPTURE FOR THIS MODULE

82

Spanning-tree protocols
Question: What are the spanning-tree protocols?

STP (50 sec)

RSTP (2 sec)

PVST(2?-50 sec), Cisco

MSTP (2 sec)

Rapid PVST (2 sec), Cisco

The protocols high-lighted in blue are supported in the Stratix8000.

83

Loop prevention protocols

Question: What is range of recovery times for a single link fault? STP (50 sec)

RSTP(2 sec)

REP (50ms)

DLR (1 ms)

84

Etherchannel - resiliency
Example: No ring, 0ms link loss recovery
Switch_1 P P Switch_2

Example: Ring, 0ms link loss recovery

Switch_3 P P

P Switch_1

Switch_2

85

Resiliency
Rapid spanning-tree
Etherchannel REP DLR

86

Software frequently used

RSLogix5000 RSLinx RSNetWorx for Ethernet
Calculates Ethernet module loading (scanners and adapters)

Ping Web server (in each Ethernet module) Logix Controller task monitor Network management software
Example: IntraVue

Packet capture
Examples: Ethereal, Sniffer

Centralized module diagnostics application

Use FT View to monitor diagnostics on all EIP modules
87

CIP Connections
Most devices use 1 CIP connection A few devices use more than 1 connection
1756-DNB uses 2 (status, data) RSLinx opens as many as 5

Produce tag
The controller that produces a tag uses connections as follows:
1 + #consumers.

Note that with 125 tags produced (with only 1 consumer each), a CLGX would be out of connections.

EIP modules count connections as follows:

#consumers
88

Sending emails
Sending emails
CPX, CLGX, FlexLogix Ethernet modules can initiate emails (ENET-UM001, KBase 30937, 32295) EWEB modules can also be used to send emails

89

Intrinsically safe
Are there intrinsically safe products on EIP? Answer: Not directly on EIP. However, you can use intrinsically safe RA I/O products and put an EIP adapter outside the hazardous area by using 1797-BIC and CEC.
Reference:
http://www.odva.org/tabid/154/ctl/Detail/mid/520/xmid/18469/xmfid/8/Default.aspx 90

Unicast, multicast, broadcast

Unicast
- Used for point-to-point communications. - Uses IP addressing classes A, B, or C. - Can be TCP (most frequent) or UDP.

- Example: HMI, MSGing, programming.

Multicast
- Used for one-to-many communications. - Uses IP addressing class D. - Always is UDP (at least for EtherNet/IP) - Video (which is not EIP protocol) and EIP I/O are 2 examples.

- More switch management knowledge is required than for unicast.

Broadcast
Used for one-to-all communications. Can be either OSI layer 2 (ARP) or OSI layer 3 (AB_ETHIP driver.)

91

Multicast considerations
What are considerations for multicast? Answer:
EIP uses multicast for I/O and produce tag IGMP recommended (Internet Group Management Protocol) TTL (time-to-live)
If the producer and the consumer are in the same network, TTL is not a factor. (TTL is a Internet Protocol parameter). Also, if in the same network, multicast routing is not needed.

IGMP reference: EtherNet/IP 10 Commandments (www.ab.com/networks/site-index.html)

92

IGMP Snooping
Recommendations
Select IGMP Snooping on all switches Enable IGMP querier on all switches Verify operation with Wireshark --- look for multicast flooding Troubleshooting an IGMP Leave message is an indicator See KnowledgeBase, IGMP Leave 55266

Note: With version 2, all the switches will negotiate and the lowest IP address will be the IGMP querier. IGMP v1 enabled queriers will not negotiate.

93

IGMP Querier Compatibility

Version 2 Is a superset of version 1. Version 2 added a Leave function whereas v1 handled this with a timeout. V1 & V2 Interoperability includes consideration of a number of factors such as the network mix of querier version and host IGMP version. However, there are some simple statements such as IGMPv1 multicast consumers will work with IGMP v2 queries. V3 The author has not seen any v3 messaging.
94

IGMP Leave happens when?

A Logix Ethernet module sends an IGMP Leave when all CIP connections through that module are broken for the multicast address being consumed. Case 1: Startup When a consumer receives a successful Forward Open reply for a multicast group, the consumer starts sending heartbeats and also sends an IGMP Join. If the first multicast is not received in 10 seconds, the consumer sends an IGMP Leave. The consumer considers the CIP connection as timed out and stops sending unicast. Examples of timeouts after the first data:
A 2ms RPI has a CIP connection timeout of 128ms. Then, X >128ms. A 100ms RPI has a CIP connection timeout of 400ms. Then, X > 400ms.

Case 2: Two controllers consuming same tag thru same ENBx At the consumer Logix chassis, if there are 2 consumer controllers for the same tag and both are consuming thru the same ENBT module, then that ENBT will send a Leave for that multicast group when both Logix controllers no longer want to consume that group. A Logix controller will not consume under the following conditions:
consumed tag is inhibited or deleted I/O connection is inhibited or deleted 95

IGMP Leave happens when?

Case 3: Tag producer dies/disconnected/disappears At the consumer Logix chassis, if the tag producer dies or is disconnected or the infrastructure (switch) dies, the consumer Ethernet module no longer detects the produced tag and the CIP connection will close. Case 4: Duplicate multicast address Consider the case of 2 Logix controllers each consuming data from different data producers. And, each data producer transmits its data using the same multicast address. This is allowed in the EIP spec because each multicast stream includes unique information that differentiates. If 2 or more multicast producers are using the same multicast address, the consumer ENBT module will not send a Leave until all consumer Logix controllers no longer want to receive that multicast group.

96

Unicast produce tag

What do you need to know?
Configure for unicast at both the producer and consumer. TTL value is 64 for RA products (at least for CLGX as of the year 2008)

97

Why a socket interface for Logix?

Not every device and application can speak the CIP and EtherNet/IP protocols. Numerous customer requests for this feature: Material Handling Semiconductor RFID reader integration OEMs in various businesses Primary uses for the socket interface: Connect Logix to devices that dont speak EtherNet/IP RFID readers, weigh scales, bar code readers, etc. Connect Logix to applications on OS platforms not well-supported by RSLinx Linux, VMS, etc. Socket style interfaces are supported by competitors such as Siemens and Schneider.
98

Why a socket interface for Logix?

CPX, CLGX, and MicroLogix1400 platforms have EWEB modules EWEB modules support up to 20 sockets Each socket specifies a single logical port to receive on Each socket can be used to transmit to any target port and any target IP Note that there are a few ports that are EWEB blocked so you should not use (or you will get immediate error status): - TCP 44818(decimal), used by RSLinx and CLGX MSGing - UDP 2222(decimal), used for CIP I/O and produce tag - TCP 80(decimal), used for http

See EWEB user manuals and Knowbase 48879

99

Remote access basics

Your PC PC with enet interface (wired or wireless) and VPN client sw Telephone modem or DSL modem or Cable modem or Wireless access pt or Wireless broadband modem

ISP
internet VPN concentrator E.g. Cisco, Checkpoint. (Hardware or software.) server Internal network

- First, purchase VPN concentrator and then purchase recommended VPN client software.

ISP (internet service provider) provides access to internet.

VPN client software allows you to be connected to a remote network.
100

Appendix

101

1756-EN2x buffer and connection limits

A max of 128 incoming (from wire) buffers A max of 128 outgoing (to wire) buffers A buffer is required temporarily to establish a CIP connection. A max of 128 TCP connections
This is a total of incoming plus outgoing.

A max of 256 CIP connections

This is a total of incoming plus outgoing.
102

Enable CIP object

As requested by an IT guy, the following CLI will allow you to place an S8K switch into the Logix I/O tree. However, running Express Setup is the recommended. 1. In global config mode (config term), enter the following: cip security password xxxxxxxxx 2. On VLAN interface chosen for automation (CIP object is supported on only 1 VLAN), enter the following: cip enable
103

Timeouts CIP and TCP

104

TCP Timeouts CIP,TCP

CIP inactivity timeout
- Ethernet module monitor CIP unconnected traffic on each TCP connection - The CIP inactivity timeout can be configured in 1 sec increments from 1 sec to approx 120 sec. This can be specified in the MSG Path of the TCP originator. The default is 120 seconds. See next slide for an example. If a timeout occurs, the TCP connection will be closed by the originator.

TCP inactivity timeout (CIP connected or CIP unconnected)

- Ethernet module monitor any activity on each TCP connection - Not user configurable - If a TCP packet is not received (at originator or target) within 8 sec, a keep-alive is sent. - If any TCP packet is received on a TCP connection, a keep-alive timer will reset. - If no TCP date or keep-alive packet is received by 75 sec, another keep-live is sent. If no data or keep-alive acknowledge is received by 150 sec, the TCP connection will be closed (by originator and/or target).

NOTE: MSG instruction timeout

- When a MSG (CLGX, CPX) times out, it does not close a TCP connection. - Default is 30 seconds for CLGX and CPX and is user configurable in MSG control structure. - The originator uses this timeout and also the target Ethernet module uses this timeout. 105

CIP inactivity closes TCP

Example of CIP inactivity timeout configuration. Screen capture below copied from Rockwell knowledge base document 22644

Note: Although document 22644 calls this a TCP inactivity timeout, it is actually a CIP inactivity timeout. However, no matter how you call it, it closes a TCP connection.

106

TCP Connection Timeouts

1756-EN2x diagnostic shows default TCP timeout.

107

TCP timeouts MicroLogix 1400

Using the break bit in a MSG instruction will cause the TCP connection to break as soon as the MSG completes (DN or ER). Using the break bit allows the ML to conserve the number of TCP connections in use.

108

DLR project schedule

1734-AENTR Released April 2009 1732-AENTR 4Q2009 1738-AENTR Released April 2009 1783-ETAP Released Summer 2009 1783-ETAP fiber December 2009 1756-EN2TR Released Summer 2009 1756-EN3TR (for Motion (100axis), CIP Sync) Drives -- later

The EN3TR will expand the number of axis supported from (6-256)
109

Spanning tree & other L2 protocols

Purpose: given a physical switch loop, builds a loop-free environment
Star topology (no loops) Double-Star topology (STP rqrd)

110

VLANs
Add pix to show single switch with red and blue ports (2 VLANs with no L3 connectivity) under construction Add pix to show single switch with router on a stick (red and blue VLANs) Add pix to show multiple switches connected to router and connected via VLAN trunking

111

Domain name services

Q: Do Logix Ethernet modules support DNS? A: Yes. On a Logix Ethernet module, just configure the DNS server IP address.
Note: On the Ethernet module, if you configure a name, you must still configure the name server. The host name on the module is only a convenience.

112

Q&A
How do I clear the configuration of a switch
Answer: Use the CLI commands as follows: - write erase (deletes startup config file) - reload (uses the non-existing config file) Note that the vlan.dat file is not deleted.

113

More Q & A
What are Network Considerations for CLGX redundancy?
Answer: A. CLGX Primary and Secondary must be in same L2 and L3 network to make IP swapping work No additional information to add. B. If source device (e.g. HMI) is in same L2 and L3 network as CLGX redundancy system (target device) No additional information to add. C. If source device is in different L2 or L3 network as CLGX redundancy system The routers must update their ARP caches in a timely fashion to allow IP swapping to operate in a timely fashion.

114

More Q & A
How do I configure a S8K switch Smartport when connecting to a DLR?
Answer: Select None in the Smartport pull-down menu.

115

Tips

116

Cannot reconfigure (I/P, mask, gw) your I/O adapter?

You are probably getting error code 16 because you have an I/O connection. For security reasons we don't allow you to set port config params when we have an I/O connection. Error code 16 is "Module state conflict". Try inhibiting the adapter and changing the config again.
If you changed it on the web page, it is probably already set. If you look at the fine print on the bottom of the web page, you'll see that changes take affect at the next power up. Try cycling power to see if the module is then reachable.
117

Passwords (out-of-box)
Stratix8000
When running the web browser for the first time, you will be running Express Setup. The password you need to enter will be switch. No username is needed.

Stratix6000
The default password is PASSWORD (all upper case). You can change this to whatever you want.

118

Reset to factory defaults

Stratix8000
Cycle power and use paper clip to select Express Setup. When you see 3 LEDS (EIP Mod, EIP Net, Setup) turn solid red, release the paper clip. (CLI: delete flash:config.text, delete flash:vlan.dat, reload)

Stratix6000
Remove the plastic clip from the rear of the switch and you will see a small reset button. Remove power from the switch. Then, hold the small reset button and then apply power. Keep hold the reset button for 30 seconds. Cycle power to complete the reset. The IP address is now 192.168.1.1. User = (no username), pw = PASSWORD
(when upgrading, user = uploader, pw = PASSWORD)

119

Questions?

120