Presentation is loading. Please wait.

Presentation is loading. Please wait.

EIP Book of Knowledge Answer ID 57174

Similar presentations


Presentation on theme: "EIP Book of Knowledge Answer ID 57174"— Presentation transcript:

1 EIP Book of Knowledge Answer ID 57174
02/28/2012

2 Contents Purpose What’s changed in this document update?
Stratix Switches Multicast Considerations System Performance Media Media Resiliency Loop prevention protocols Segmentation Network Topologies Wireshark Device Level Ring (DLR) CIP Safety on EtherNet/IP Troubleshooting EIP Timeouts – CIP and TCP Procurement spec for Stratix 8x00 Miscellaneous (minor topics) Q&A References 02/28/2012

3 Purpose and scope This document is intended to be a single source that includes practical information that may not be included in other documentation. With time, some of the information may be included in formal publications. Likewise, a topic may not be well understood at one point but eventually is well known and can be deleted from this document. Additions/deletions/clarifications, are made several times a year and this document is then reposted in Rockwell’s Knowledgebase. 02/28/2012

4 What has changed in this doc update?
Added troubleshooting I/O connection loss (see Wireshark – advanced, 1/6) 02/28/2012

5 Stratix Switches 02/28/2012

6 Stratix 8000 multicast The default number of multicast groups that a switch can store is 256. If there are more than 256 groups seen by a switch, the switch will flood (out all ports) those groups in excess of Flooding is not desired but may not necessarily be the cause of an anomaly. However, the maximum number can be increased to 1K groups by reconfiguring the switch to use the SDM routing template instead of the default template. See Cisco IE3000 user manual for details. If your application is approaching 200 multicast groups, it is recommended that you configure for the SDM routing template. 02/28/2012

7 Stratix 8000/8300 SSH SSH (secure shell) is available on the Stratix 8000 however a specific (IOS) is required to support it. This is because there are government regulations on its use and customers must register when they use it. To enable SSH you must buy the SSH IOS via catalog item 1783-MCS. When you do this the customer will be asked to register. Note that ordering this item is an electronic download so the customer will get an with access to a secure site where they go to download the SSH FM. Then the customer must use Device Manager to load it in to the switch. This loading process is documented in the Stratix 8000 user manual. Also note that the latest version of the S8000 User manual (on literature library) includes SSH. 02/28/2012

8 Stratix Passwords Stratix8000
When running the web browser for the first time, you will be running Express Setup. The password you need to enter will be ‘switch’. No username is needed. Stratix6000 Default The default password is PASSWORD (all upper case). You can change this to whatever you want. Upload configuration file User: uploader Password: PASSWORD 02/28/2012

9 Reset to factory defaults
Stratix8000 Cycle power and use paper clip to select Express Setup. When you see 3 LEDS (EIP Mod, EIP Net, Setup) turn solid red, release the paper clip. (CLI: delete flash:config.text, delete flash:vlan.dat, reload) Stratix6000 Remove the plastic clip from the rear of the switch and you will see a small reset button. Remove power from the switch. Then, hold the small reset button and then apply power. Keep hold the reset button for 30 seconds. Cycle power to complete the reset. The IP address is now User = (no username), pw = PASSWORD 02/28/2012

10 Stratix8000 Alarms and Faults
Basic alarm information: What alarms are there? What causes alarms to become active? What alarms activate minor and major relays? How do I reset/clear an alarm? The same questions as above but for faults. 02/28/2012

11 Alarms and Faults In the RSLogix5000 add-on profile, Switch Status tab: Select Help on Switch Status and Port Status tabs. 02/28/2012

12 Stratix8000 Alarms Q: How do I view the state of both switch relays?
A: View the switch AOP, Switch Status tab. The screenshot below shows that the minor relay is closed and the cause is a port alarm. The port alarm which is causing the relay to be closed is not show. 02/28/2012

13 Stratix 8x00 SFPs To determine which SFP you should purchase, read the release notes for the switch (industrial or commercial grade) you are going to use. SFPs support copper or fiber (single/multimode) and 10/100/1000Mbps. Stratix8x00 switches require “ruggidized” SFPs. See user manual, 1783-UM003E-EN-E 02/28/2012

14 Stratix 8X00 Smartport Role Identification
Commercial Engineering and Cisco use this info to identify switch port configuration. 02/28/2012

15 Stratix Macros There are currently 33 macros defined in a Stratix 8K switch. These include both Cisco and Rockwell. Rockwell macros are run during Express Setup. To view all the macros, use CLI command show parser macro Use the space bar to view all the macro commands. 02/28/2012

16 Stratix Smartport Roles
Using CLI, Show Run, you can see the details of port configuration: interface FastEthernet1/1 switchport access vlan 10 Sets access VLAN to 10. switchport mode access Puts switch port into access mode. switchport port-security Allows only 1 MAC. switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity macro description desktop-automation Desktop for Automation alarm profile ab-alarm Sets content of alarms. Show Alarm-Profile to view. spanning-tree portfast Skips span-tree listen/learn states. spanning-tree bpduguard enable Err-diable this port if a BPDU is received. service-policy input CIP-PTP-Traffic ! interface FastEthernet1/2 switchport access vlan 10 switchport mode access switchport port-security load-interval 30 srr-queue bandwidth share priority-queue out macro description ab-ethernetip Automation Device alarm profile ab-alarm no cdp enable spanning-tree portfast 02/28/2012

17 Stratix Smartport Roles
! interface FastEthernet1/4 alarm profile ab-alarm None service-policy input CIP-PTP-Traffic interface GigabitEthernet1/1 switchport mode trunk srr-queue bandwidth share priority-queue out mls qos trust cos macro description switch-automation Switch for Automation alarm profile ab-alarm spanning-tree link-type point-to-point 02/28/2012

18 Stratix Smartport Roles
! interface FastEthernet1/2 switchport mode trunk switchport nonegotiate switchport port-security switchport port-security violation restrict switchport port-security aging type inactivity load-interval 30 srr-queue bandwidth share priority-queue out mls qos trust dscp macro description ab-syncmotion Automation Device with QoS alarm profile ab-alarm no cdp enable spanning-tree portfast trunk service-policy input CIP-PTP-Traffic mls qos trust cos macro description wireless-automation Wireless for Automation spanning-tree bpduguard enable 02/28/2012

19 Stratix Smartport Roles
! interface FastEthernet1/2 switchport mode access switchport port-security maximum 2 switchport port-security switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity srr-queue bandwidth share macro description phone-automation Phone for Automation alarm profile ab-alarm spanning switchport mode trunk srr-queue bandwidth share priority-queue out mls qos trust dscp macro description router-automation Router for Automation spanning-tree portfast trunk Portfast is significant - keeps this link up during span-tree event. spanning-tree bpduguard enable service-policy input CIP-PTP-Traffic No IP address required on the Stratix8000 port. 02/28/2012

20 Stratix 6000 Configuration
Upload/download S6000 configuration See online user manual for description. 02/28/2012

21 Stratix 8x00 Configuration
Upload/download configuration using: Logix AOP (add-on profile) CLI (from the compact flash card) 02/28/2012

22 Q&A How do I clear the configuration of a S8000 switch?
Answer: Use either of the 2 methods described below. 1. Power up Stratix000 and hold a paper clip in the Express Setup hole. 2. Use the CLI commands as follows: - write erase (deletes startup config file) - delete flash:vlan.dat - reload (uses the non-existing config file) 02/28/2012

23 Q & A How do I configure a S8K switch Smartport when connecting to a DLR? Answer: Select ‘None’ in the Smartport pull-down menu. 02/28/2012

24 Stratix Switches 02/28/2012

25 Multicast Considerations
02/28/2012

26 Unicast, multicast, broadcast
- Used for point-to-point communications. - Uses IP addressing classes A, B, or C. - Can be TCP (most frequent) or UDP. - Example: HMI, MSGing, programming. Multicast - Used for one-to-many communications. - Uses IP addressing class D. - Always is UDP (at least for EtherNet/IP) - Video (which is not EIP protocol) and EIP I/O are 2 examples. - More switch management knowledge is required than for unicast. Broadcast Used for one-to-all communications. Can be either OSI layer 2 (ARP) or OSI layer 3 (AB_ETHIP driver.) 02/28/2012

27 Multicast considerations
What are considerations for multicast? Answer: EIP uses multicast for I/O and produce tag IGMP recommended (Internet Group Management Protocol) TTL (time-to-live) If the producer and the consumer are in the same network, TTL is not a factor. (TTL is a Internet Protocol parameter). Also, if in the same network, multicast routing is not needed. IGMP reference: EtherNet/IP 10 Commandments (www.ab.com/networks/site-index.html) 02/28/2012

28 Multicast - IGMP Snooping
Recommendations Select IGMP Snooping on all switches Enable IGMP querier on all switches Verify operation with Wireshark --- look for multicast flooding Troubleshooting – an IGMP Leave message is an indicator See KnowledgeBase 55266, IGMP Leave Note: With version 2, all the switches will negotiate and the lowest IP address will be the IGMP querier. IGMP v1 enabled queriers will not negotiate. Historically, there may be a circumstance where multiple queriers (v1?) are needed. 02/28/2012

29 Multicast - IGMP Querier Compatibility
Version 2 Is a superset of version 1. Version 2 added a Leave function whereas v1 handled this with a timeout. V1 & V2 Interoperability includes consideration of a number of factors such as the network mix of querier version and host IGMP version. However, there are some simple statements such as IGMPv1 multicast consumers will work with IGMP v2 queries. V3 The author has not seen any v3 messaging. 02/28/2012

30 Multicast - IGMP Leave happens when?
A Logix Ethernet module sends an IGMP Leave when all CIP connections through that module are broken for the multicast address being consumed. Case 1: Startup When a consumer receives a successful Forward Open reply for a multicast group, the consumer starts sending heartbeats and also sends an IGMP Join. If the first multicast is not received in 10 seconds, the consumer sends an IGMP Leave. The consumer considers the CIP connection as timed out and stops sending unicast. Examples of timeouts after the first data: A 2ms RPI has a CIP connection timeout of 128ms. Then, X >128ms. A 100ms RPI has a CIP connection timeout of 400ms. Then, X > 400ms. Case 2: Two controllers consuming same tag thru same ENBx At the consumer Logix chassis, if there are 2 consumer controllers for the same tag and both are consuming thru the same ENBT module, then that ENBT will send a Leave for that multicast group when both Logix controllers no longer want to consume that group. A Logix controller will not consume under the following conditions: consumed tag is inhibited or deleted I/O connection is inhibited or deleted 02/28/2012

31 Multicast IGMP Leave – happens when?
Case 3: Tag producer dies/disconnected/disappears At the consumer Logix chassis, if the tag producer dies or is disconnected or the infrastructure (switch) dies, the consumer Ethernet module no longer detects the produced tag and the CIP connection will close. Case 4: Duplicate multicast address Consider the case of 2 Logix controllers each consuming data from different data producers. And, each data producer transmits its data using the same multicast address. This is allowed in the EIP spec because each multicast stream includes unique information that differentiates. If 2 or more multicast producers are using the same multicast address, the consumer ENBT module will not send a Leave until all consumer Logix controllers no longer want to receive that multicast group. 02/28/2012

32 System Performance 02/28/2012

33 System Performance System performance requires:
- Few customers request performance analysis but it is important for I/O - Characterizing each component in the system (network, Logix, switch, I/O, HMI) - Combining the components for end-end result (e.g.“screw-to-screw” for I/O) - Note that system performance is not Ethernet interface loading (connections or packet rates) Network Considerations: Latency (including queuing in Logix Ethernet modules) Jitter Multicast containment Broadcast limiting QoS (queuing in Ethernet switches) !!! Network Availability If every link/cable is no more than 50%-60% utilized and QoS is implemented, then the network should not have a problem supporting any EIP application (Motion, PTP, I/O, etc.). 02/28/2012

34 Media 02/28/2012

35 Media Copper Fiber Slip rings RF (wireless) 02/28/2012

36 Media – resiliency Ring topology Redundant star topology
Etherchannel (Cisco switches) Both links active Flex Links (Cisco switches) One active, one backup 02/28/2012

37 Media Copper types for EIP Category 5e, category 6 recommended by ODVA
RA sells copper cables and connectors - Unshielded twisted pair Shielded See EtherNet/IP Media Selection and Installation Guide 02/28/2012

38 Media, fiber Offerings at RA
There are three types of fiber connectors in the market - SC, ST and LC. All RA products support LC connectors only. To address your requirement there are LC patch cables sold by Panduit and others that convert LC to SC. Fiber does not support autonegotiation. See more notes below. See Stratix8000 for fiber SFP catalog numbers and distances. 550m, multimode, 1Gbps 2Km, multimode, 100Mbps 10km, singlemode, 100Mbps 10km, singlemode, 1Gbps The speed on fiber is always determined by the fiber transceiver. If the transceiver is a SFP the speed can be changed by exchanging out the fiber SFP (Small Form-factor Pluggable) module with one of a different speed, for example a 100BASE-FX for a 1000BASE-SX. The host that the SFP module is plugged in must be able to support the data rate of the SFP module. The fiber type (Single Mode or Multi Mode) does not determine the duplex. Duplex is determined by the host and in most if not all cases will be full duplex for fiber. Because of the dedicated TX and RX channels in fiber systems, there is no need or benefit to have HD on fiber. Single mode and multimode refer to the mode of light propagation through the fiber not the duplex capability of the link. Typically fiber transceivers are designed exclusively for specific launch mode into a matching fiber. For example you cannot use a SM fiber on a multimode transceiver or a multimode fiber on a single mode transceiver. 1756-EN2F Fixed multimode, LC connector, no autonegotiation, Speed = 100M, Duplex=half/full (see notes) 1783-fiberETAP everything the same as EN2F above, LC only. Stratix6000, See above. Also, autonegotiation not supported, LC only. Stratix8000 (uplinks) See above. Also, autonegotiation not supported, LC only Stratix8000 (expansion) See above. Also, autonegotiation not supported, LC only. 02/28/2012

39 Media Fiber Simply, there is no autonegotiation on fiber.
The speed on fiber is always determined by the fiber transceiver. If the transceiver is a SFP the speed can be changed by exchanging out the fiber SFP (Small Form-factor Pluggable) module with one of a different speed, for example a 100BASE-FX for a 1000BASE-SX. The host that the SFP module is plugged in must be able to support the data rate of the SFP module. For example if the host has the ability to only support 100BASE data rates, putting a 1000BASE SFP in will not give you 1000BASE speeds. In fact the host may warn or produce an error indication that an incorrect/unsupported SFP has been installed. Some products use a fixed fiber transceiver (SFF, Small Formfactor Fiber), It is not possible to change the speed or connector of a SFF since it is soldered directly to the board. The fiber type (Single Mode or Multi Mode) does not determine the duplex. Duplex is determined by the host and in most if not all cases will be full duplex for fiber. Because of the dedicated TX and RX channels in fiber systems, there is no need or benefit to have HD on fiber. Single mode and multimode refer to the mode of light propagation through the fiber not the duplex capability of the link. Typically fiber transceivers are designed exclusively for specific launch mode into a matching fiber. For example you cannot use a SM fiber on a multimode transceiver or a multimode fiber on a single mode transceiver. 02/28/2012

40 Media - Kinetix 6500 The Kinetix 6500 EtherNet/IP solution has been tested in high noise environments. This system does require shielded cables. I do not think that you will have problems with these drives as long as you follow good installation practices and the guidelines given in either the ODVA EtherNet/IP Planning and Install guide or in IEC and IEC If you are concerned or are aware of ground loops, install a equalization conductor between the two drives locations where the cabling is installed. Guidance for the equalization conductor can also be found in the ODVA PNI. Rockwell Automation Bob Lounsbury – Principal Engineer 02/28/2012

41 Media Slip rings Two basic types: optical, mechanical Slip-ring vendors used by at least one customer for I/O - Meridian on rotary fillers, - Label (a French company), Slip-rings have not been validated by ODVA or Rockwell. 02/28/2012

42 Media, slip-rings Example of how one customer is using 02/28/2012

43 Media color codes I do not know of any standards that call out specific color codes, however Red is common for safety communications cabling. Teal is commonly used for robotics and control cabling. 02/28/2012

44 Media – RA sells media The customer should contact our Chelmsford division to arrange to purchase the cables for an application. For those who wish to make their own or have requirements that our cables cannot provide, use the guidance doc. Our robotic cables have weld splatter jackets, meet 10 million flexes, are low noise and are sealed to IP67. For M12 connectors, see RA sells UTP and STP (2009)media. Guidance for selecting cables and connectors for EtherNet/IP networks, Bob Lounsbury author. 02/28/2012

45 Loop Prevention Protocols
02/28/2012

46 Loop Prevention Protocols
Rapid Spanning-tree (see next slide) Resilient Ethernet Protocol (REP, Cisco) DLR 02/28/2012

47 Spanning-tree protocols
Question: What are the spanning-tree protocols and how did they evolve? STP (50 sec) RSTP (2 sec) PVST(2?-50 sec), Cisco STP, Spanning-tree protocol, obsolete but still supported by switch vendors, DIG 1.2 = diameter of 7 switches, 50 seconds PVST (similar to PVST+), Per VLAN span tree, DIG 1.2 shows max diameter of 7 switches, 50 seconds Works with ISL trunking. PVST+ works with Dot1Q trunking to allow exchange between PVST, PVST+, and CST RSTP, IEEE 802.1D (2004), Rapid span-tree, 2 seconds MSTP, IEE 802.1Q (2005), Multiple instance span tree protocol, aka MISTP, creates a tree for each VLAN, 2 seconds RPVST+, Rapid per VLAN span tree, 2 seconds Question: What loop prevention protocols are supported by Stratix8000? Answer: RPVST+, PVST+, and MSTP (REP is supported but is not spanning-tree) If you run Express Setup, MSTP is the protocol used. If you don’t run Express Setup, then PVST+ is the protocol used. MSTP (2 sec) Rapid PVST (2 sec), Cisco The protocols high-lighted in blue are supported in the Stratix8000. 02/28/2012

48 Loop prevention protocols
Question: What is range of network recovery times (convergence) for a single link fault? STP (50 sec) RSTP(2 sec) REP (100ms) DLR (3 ms) max 02/28/2012

49 Segmentation 02/28/2012

50 Segmentation How many nodes can I put on a subnetwork/VLAN?
Fewer is better (see notes) because of the following: Broadcast storm size and duration is less Protection against defective device behavior (might affect all nodes on subnet) Spanning-tree event (re-convergence) reduced exposure Why do I segment? Performance and security How do I segment automation networks? VLAN (connected thru a router, if needed) Subnetworks (connected thru router, if needed) Isolation EIP-only protocol (CLGX bridge) Best approach First understand the customer’s requirements, including data types, flow, security, and performance. Then decide on the best way to segment. Approximately 250 nodes is a top-end unwritten number per RA IT department and per one large automotive mfg. I have nothing in writing, only hear-say. As an example of hardware limitations, the Stratix8000 is limited to 256 multicast groups, the 8300 to 1000. Can have multiple VLANs without a router IF you don’t need to communicate between the VLANs. VLANs are useful for separating IP phones, IP cameras, separating I/O cells, etc. Segmentation means to limit the size of the L2(Ethernet) or L3(IP) size. Both VLANs and subnets confine broadcast and limit the IP address range (e.g X, ) 02/28/2012

51 Network Topologies 02/28/2012

52 Topologies What topologies are there? Line Ring (media redundancy)
Star Double star (distribution switch and media redundancy) Combinations Dan, add Where Used and Benefits 02/28/2012

53 Linear topology Switch1 Switch2 Switch3 Switch4 Advantages
Architecturally, a drop-in replacement for RIO. Calculations To determine how many switches your application can support, you must calculate worst-case latency and jitter. (see next page) Disadvantage Some traffic may traverse multiple switches A single media loss will stop communications between the isolated areas Recommendation: A star to ring are preferred topologies. 02/28/2012

54 Linear topology How many switches can I have in a line? ANSWER:
That depends on several factors: Single point of failure consideration Client’s tolerance for delay (e.g. timeout) Switch’s capacity (e.g. wire-speed on all ports, switching fabric) The amount of traffic (unicast, multicast, broadcast) queued in front of a message under test. Troubleshooting a longer line is more difficult to find the problem 02/28/2012

55 (capture and just a little analysis)
Wireshark (capture and just a little analysis) 02/28/2012

56 Wireshark The simple version is: “Get a capture of that EN2T traffic.”
However, there are a few details involved. 02/28/2012

57 Files we need & more Network drawing (inc switches, routers, copper/fiber converters, wireless, etc.) IP address of the nodes and also the types of devices (e.g. Flex I/O, switches, etc.) Switch configuration and operating status including errors, duplex, forced/auto (use either a web browser or Command Line Interface) For Stratix 8000/8300, use Device Manger (see Answer ID for details) For Stratix 8000/8300, use CLI Show Tech command to get switch status. Status of LEDs and module display Logix acd file(s) Firmware versions If you use HTTrack software, this will be provided by the software. Module screen captures (use HTtrack Website Copier, HTtrack software is free and easy to use. It copies all the pages quickly. (RECOMMENDED) Page Examples: Home, Diagnostics Overview, Ethernet statistics, I/O connections For devices that need a user name/password (e.g AENT), HTTrack errors. For these devices, you will need to manually take screen captures of web pages. If a Wireshark (network capture) is requested: Identify the device (e.g. EN2T) that was port mirrored Tell us if the anomaly occurred during the Wireshark capture 02/28/2012

58 Agenda If a network capture is requested:
1. Install Wireshark (free at 2. Disable security on the PC port(s) that you are using to capture. 3. Identify what device (e.g ENBT) needs to be mirrored 4. Configure port mirroring on a switch 5. Configure Wireshark display during capture 6. Is your PC adequate to capture all packets? 7. Take a quick (30 seconds) test capture 8. Multiple Wireshark files (circular buffer) may be required 9. Two or three simultaneous Wireshark PCs 10. Stop capture 02/28/2012

59 1. Install Wireshark Use the current stable version.
Current stable version For Window laptops, use Windows Installer (32 bit). 02/28/2012

60 2. Disable security, PC interface
If you don’t disable, you will see only some traffic. 02/28/2012

61 2. Disable security, PC interface
If you run Wireshark and don’t see traffic you expected (example: multicast I/O is active but you don’t see any multicast), disable securing on your PC Ethernet port and run Wireshark again. See below for Symantec Network Protection disabled. 02/28/2012

62 3. Identify the device(s) to be monitored
CLGX_2 FA1/5 FA1/1 FA1/6 FA1/4 Example: Configure switch port mirroring to mirror CLGX_1 traffic to unused port FA1/8. CLGX_1 02/28/2012

63 Double-check the mirroring config immediately!
4. Port mirroring basics Use a managed switch (has port mirroring) Common methods for configuring port mirroring - Web browser (e.g. Internet Explorer) - CLI (switch console cable or telnet) Using a switch and port mirroring is recommended. Alternate approaches (not recommended) are using a hub or a Ethernet tap (“splitter”). A hub will introduce half-duplex and may cause more problems such as I/O connection losses. A tap may not catch all high speed (e.g. 2ms) packets. Double-check the mirroring config immediately! 02/28/2012

64 4. Port mirroring basics Specify the following:
- Source port(s), one or more devices to be monitored - Destination port, only one - rx, tx, or both (default), for the source port(s) Both (in and out) is recommended - See notes for this page for some details Configuring the source port(s) : A single port - Use a web browser Device Manager (recommended) - CLI, monitor session 1 source interface fa1/1 both Two or more contiguous ports (e.g. ports fa1/1 through fa1/3) - Use a web browser (recommended) - Use CLI, monitor session 1 source interface fa1/1 – 3 both Two or more non-contiguous ports (e.g. ports fa1/1 and fa1/3) - Use CLI, monitor session 1 source interface fa1/1, fa1/3 both A whole VLAN (all ports in a vlan on the switch) - NOT available with a web browser - Use CLI, monitor session 1 source vlan 1 both Example: Mirror all traffic from FA1/5 (in/out ) to FA1/8 02/28/2012

65 4. Select a method for configuration
When you configure mirroring, you can use 2 different methods: Use an administration port (Recommended) Example: Connect your Wireshark PC to FA1/1. This would be the mirroring administration port. Configure mirroring: Source port is FA1/5. Destination port is FA1/8. After configuring mirroring, you will need to physically move the PC Ethernet cable from FA1/1 to the destination port, FA1/8 The advantage of this method is that any traffic you see on the destination port will strictly be traffic to/from FA1/5. No PC administration traffic would be seen. . Configuration from the destination port Example: Connect your PC to the destination port and then configure port mirroring. This is feasible only if port mirroring is configurable to the extent that configuration traffic is allowed ingress (from you PC to the switch) after port mirroring is configured. If ingress traffic is not configured, then after mirroring is configured, you can monitor BUT you cannot change the mirror configuration from the destination port. 02/28/2012

66 4. Port mirroring, more Port mirroring has several variables:
Number of sessions - Only 1 session configurable using Device Manager. - More than 1 session configurable by using CLI. Number of source ports (per session), name of the source ports One or more (including all ports in a VLAN, on this switch) Port names and contiguous or non-contiguous Contiguous example: FA1/1 and FA1/2 Non-contiguous example: FA1/1 and FA1/5 Number of destination ports (always 1), name of destination port 02/28/2012

67 4. Port mirroring, more Warning:
With Device Manager, if you mirror a port, FA1/1 for example, to the target port, FA1/8 for example, all is well. However, if you then decide to mirror a different source port, FA1/2 for example, to the same destination port, then both source ports will be mirrored. This is OK if you want to mirror multiple ports. However, to mirror only 1 port at a time, first select a Smartports role of None before changing the source port. NOTE!!! You can mirror 1 or more source ports simultaneously (or a whole VLAN) to a destination port. However, after you mirror, verify that you don’t over-utilize the destination port. Use Device Manager to easily verify % usage of the destination port. 02/28/2012

68 4. Port mirroring, advanced
There are times where you may need multiple mirroring sessions. -- Session 1: source port A to destination port B -- Session 2: source port C to destination D. Multiple sessions are configurable using CLI but not by using Device Manager. CLI configuration example Switch_4(config)#monitor session 1 source interface Fast1/2 Switch_4(config)#monitor session 1 destination interface Fast1/7 Switch_4(config)#monitor session 2 source interface G1/1 Switch_4(config)#monitor session 2 destination interface Fast1/8 To view monitor sessions Switch_4# show monitor sessions all To disable all monitor sessions using CLI Switch_4# no monitor sessions all 02/28/2012

69 4. Port mirroring, advanced
You can specify multiple source ports. For the Stratix8000, you can do this with Device Manager or CLI. CLI example: Source ports are FA1/2 thru FA1/3 Show monitor session all // to view current Config t Switch_4(config)#monitor session 1 source interface FA1/2 – 3 Switch_4(config)#monitor session 1 destination interface fa1/8 Exit 1. With CLI, you can specify a range of contiguous ports as show above (FA1/2 – 3). Note that there is a space before and after the hyphen. 2. As an alternate to specifying a range of ports, you can configure source ports one at a time. 3. Multiple source ports can be contiguous or non-contiguous. 02/28/2012

70 4. Port mirroring Q&A What happens if I have a switch but I forget to port mirror? If you forgot to configure port mirroring and then use Wireshark, your Wireshark file will include only broadcast since this is supposed to flood all switch ports. Also, if IGMP is not configured, multicast will also flood all ports and will be seen in the Wireshark file. Verify all expected packets, including unicast, are in the trace and that flooding is not occuring. 02/28/2012

71 5. Configure Wireshark live display
Select Ethernet interface. Motherboard recommended. Uncheck this box Uncheck this box When running Wireshark, don’t display during capture. And, don’t run applications other than Wireshark to make the PC CPU available for Wireshark. 02/28/2012

72 6. Is your Wireshark PC adequate?
Depending on the operating system and PC Ethernet interface* (hardware and driver), you might capture all the packets (good) or only some packets (not good). To test your PC, configure a fast (2ms) stream of produce tag or I/O traffic. Configure port mirroring and run Wireshark for a short time (10 seconds) and stop the capture. Filter on the 2ms stream and look at the sequence (SEQ) numbers to identify if any are missing. The next page has an example. * Some people have found that the PC motherboard Ethernet interface may be more reliable than USB or PCMCIA Ethernet interfaces. 02/28/2012

73 6. Is your Wireshark PC adequate?
Use a web browser to identify a 2ms stream. Then, filter using that address. Delta time since previous packet was 13ms. This is much more than 2ms. SEQ 5010 followed by SEQ 5015 means that 4 packets were missed. You should see consecutive sequence numbers to ensure that you are not missing any packets. The above shows that packets are being missed. Are packets actually absent or is your PC not fast enough to capture all the packets? The next slide will provide information to help you answer this question. 02/28/2012

74 6. Is your Wireshark PC adequate?
0 Missed packets 2ms RPI This EN2T web page shows that this stream of data ( ) has a 2ms RPI and no is missed packets. From this page, my conclusion is that all packets are flowing on the network --- none are missing. Therefore, I conclude that the PC was not able to capture all packets. 02/28/2012

75 7. Quick capture Purpose is to verify port mirror and Wireshark configuration 30 seconds only Verify that you see unicast to/from device mirrored (e.g EN2T) Verify that you do NOT see unicast that doesn’t include 1756-EN2T Verify that you see all expected IP addresses If you expect to see multicast, verify it is present Verify that multicast flooding is not occurring (assumes IGMP) Now, you are almost ready to start the real trace. 02/28/2012

76 8. Multiple Wireshark files
If the capture must be running over a period of time and a single file will be too large (>10Mbytes), then configure a circular buffer in Wireshark. See next slide. You must manually stop the trace BEFORE the event of interest is overwritten in the circular buffer. 02/28/2012

77 8. Multiple Wireshark files
Multiple file capture configuration – circular buffer Select PC Ethernet module Limit file size to 10Mbytes to make it easy for analysis Select a directory to store files Uncheck this box Specify enough files to insure that you have time to stop the capture before the event is overwritten. files would hopefully be adequate. Uncheck this box 100 02/28/2012

78 8. Multiple Wireshark files
Why would I need more than 1 capture file? Size is too big (> 10Mbytes) Need time to stop the capture 02/28/2012

79 8. Multiple Wireshark files Wireshark circular buffer size
How much disk space will the circular buffer require? Example: A circle of 100 files that are each 10Mbytes. Total = 1Gbyte 02/28/2012

80 9.Two/three Wireshark PCs
Switches and routers Sometimes, two simultaneous captures are needed. Connection IDs will be tracked. 02/28/2012

81 10. Stop Wireshark capturing
If you have a circular buffer configured (multiple Wireshark files), you need to stop capturing before overwriting the event we need to see. How much time do you have before the event is over written? To answer the question: Run a simple test to estimate how quickly the circular buffer fills completely (and then starts to overwrite). 02/28/2012

82 Troubleshooting I/O Connection Loss
Wireshark – advanced, 1/6 Troubleshooting I/O Connection Loss 02/28/2012

83 Wireshark – advanced, 2/6 When troubleshooting I/O connection loss, you need to identify root cause. Three possibilities exist: The scanner The adapter The switched infrastructure To determine which of the above is the root cause, you need to learn the bi-directional CIP connection IDs. However, if connections are lost and then recovered automatically, you probably won’t know the connection IDs unless you are lucky enough to have seen both a fwdOpen and a fwdClose for each lost connection. This can be simplified by have a web browser monitor the I/O connections, making them visible to Wireshark. 02/28/2012

84 Wireshark – advanced, 3/6 For analysis: The two connection IDs associated with each CIP connection need to be identified. These can be obtained from a EN2T web page. To make them available dynamically in Wireshark, configure a web browser (ex. Internet Explorer) to read the EN2T page shown below. 02/28/2012

85 Wireshark – advanced, 4/6 For analysis: After a Wireshark capture is obtained, you need to learn the I/O connection IDs that were valid prior to an I/O connection loss. To do this: Set a filter in Wireshark TCP and ip.src==IP_of_IE_pc and ip.dst==IPofTheEN2T and tcp.seq==0 Example: TCP and ip.src== and ip.dst== and tcp.seq==0 2. Examine the first TCP packet in the TCP/HTTP sequence prior to the loss. Below, notice the 1 second interval between and 2.763 02/28/2012

86 Wireshark – advanced, 5/6 Now, with that packet select Analysis and Follow TCP Stream Then, select Raw and Save as an html file. Then, open the html file with a web browser such as Internet Explorer (see next page). 02/28/2012

87 Wireshark – advanced, 6/6 The connection IDs on the Ethernet media (copper, fiber, wireless) are shown above. Notice that the Target PortID is 2 and this means the front plane (Ethernet), not the backplane. (The backplane has a port identifier of 1.) These connection IDs can then be used in a Wireshark filter to monitor packet flow from source to destination. 02/28/2012

88 Device Level Ring 02/28/2012

89 Configure DLR supervisor and backup super
How do I configure DLR supervisor and backup supervisor? For my supervisor, I selected: Supervisor check box. Precedence of 255. IGMP Querier. How do I configure a backup supervisor? I select Supervisor. I select precedence of 0 (default). I select IGMP Querier because I need a backup querier. 02/28/2012

90 What is latency of two-port devices?
Cut-thru(3us) + queuing(24us) ~30us. For 50 nodes, it is ~1.5msecs. Queuing assumes a packet of 300 bytes is queued in front of an incoming packet. This could be a single motion packet or possibly 2 smaller packets. Most IO frames are ~100 bytes or less, motion frames ~280bytes or less, produce/consume tags frames 572 bytes or less. HMI frames can be 1522 bytes but there won't be many of these. Say most of the frames on network are less than 600 bytes. Depending on when a frame hits a node it may be delayed by 0 to 600 bytes. So, on average it will be delayed by 300 bytes (30usecs) per node. NOTE: Two-port devices include a cut-through switch. However, for switch products other than two-port devices, that are store-and-forward instead of cut-through, there would be an additional latency to store a packet. Example: 300 bytes * 8 bits/byte * 0.01us/bit = 24us, additional latency 02/28/2012

91 How do I configure an ETAP?
Place an ETAP into the RSLogix5000 I/O tree. The AOP can be used to configure (assuming that you assigned an IP address). RSLinx RSWho (assuming that you assigned an IP address) NOTES: If you simply want to connect a Drive to an ETAP, you do not need to add an ETAP to the I/O tree. Because there are no system tags associated with an ETAP, you cannot configure an ETAP using system tags. You can MSG to an ETAP to get status or you can use a web browser to read status. 02/28/2012

92 DLR Q&A How do I know where to position a mirroring ETAP?
Answer: Port 2 of the supervisor is blocked in normal mode of operation. Position the mirroring ETAP anywhere between the originator and the target. Make sure that the supervisor is not between the originator and the target. When would I need to change the beacon rate? Answer: Normally, you don’t need to change from the default. However, there are valid reasons to consider a rate change: - A ring greater than 50 devices (slower rate) - A noisy environment (slower rate) 02/28/2012

93 CIP Safety on EtherNet/IP
02/28/2012

94 CIP Safety on EIP Number of CIP connections Input module CRTL
Output module CRTL Safety task interval maximum (100ms) Safety I/O modules 1791ES-IB16 1791-OBXIB8 1734-IBS 1734-OBS 02/28/2012

95 Safety CRTL for 1791ES-IB16 02/28/2012
For the input connection, the CRTL is 10ms x 4 x 6 = 100ms For the output connection, the CRTL is 20ms x (4-1) x 6 = 180ms, where the “-1” comes from the output scan being synchronous to the program scan (according to Bill Waltz). 02/28/2012

96 Safety 1791ES-IB16 modules This module always has an input connection and also an optional output connection. Input connection information The controller will not produce data on the 0->T side until it gets T->O data. It will wait 2 seconds for first data reception before timing out. Output connection information The controller will start producing safety output data (O->T) without receiving any data (T->O) initially from the 1791 block. 02/28/2012

97 Safety Produce Tag To configure a Safety produce/consume tag:
Select CST for each controller Configure a produce tag Must first create a UDT with the first member being a CONNECTION_STATUS data type. Remaining members can be whatever you want. In the producer controller acd file, in controller properties, Copy the Safety Network Number In the consumer controller acd file, in the I/O tree, select the producer controller and properties. Paste the Safety Network Number. 02/28/2012

98 Safety Multicast/Unicast
RSLogix5000 v18 and earlier Produce Tag multicast only I/O multicast only RSLogix5000 v19 Produce tag unicast is available RSLogix5000 v20 and later I/O unicast will be available 02/28/2012

99 Troubleshooting EIP 02/28/2012

100 Troubleshooting - General
Get a description of the anomaly What is the problem the customer sees? (simple description) Example: The I/O tree in RSLogix5000 has a yellow triangle on a Flex I/O module. Only a single device is being lost? Example: Only a single device, a 1794-IB16 module, has a yellow triangle Was it ever operating correctly or did this start recently? How often does it happen? (constantly, once per hour, once per week?) For how long does the anomaly last? (3 seconds, forever?) How do you recover? (cycle power to device?, recovers by itself?) What additional steps, if any, did you already take to troubleshoot? E.g. hardware changes 02/28/2012

101 Troubleshooting - General
See “Files We Need” later in this document. 02/28/2012

102 Troubleshooting - Key Module Diagnostics
Module diagnostics (basic) --- see web server 1. Link state: Link should be up (connected to a powered switch). 2. Duplex: Full duplex 3. Auto/forced: Autonegotiate 4. Speed: 100Mbps 5. Errors: In errors and out errors should be 0. Very important! 6. CIP connection timeouts: 0 is expected 7. CIP connections: <= 80-90% of the module’s capacity 8. TCP connections: <= 80-90% of the module’s capacity 9. CPU usage %: <= 80-90% 10. Missed I/O packets: 0 11. HMI packets/sec: <= 80-90% of the module’s capacity 12. I/O packets/sec: <= 80-90% of the module’s capacity Application is Body-shop tooling - process sheet metal parts - e.g. weld fender to fender-liner and then stack the assembly EIP used for controlling robots/welders, synchronizing PLCs between zones, and HMI. Robots are Fanuc. Welders are Square-D and WTC. Tree topology allows for consistent performance and management – min switch hops between end-nodes. From 3750 and down, copper cables, unshielded Zone and cell switches are now Hirschmann - Are outside of the control cabinet. (cabinet cost more than switch – buy IP67 and eliminate cabinet to save $$) Spanning tree running to avoid problems with stacked 6500 and 3550 switches Each zone has its own VLAN Max network size is /23 Try to keep the mask to /24 Largest host count on a VLAN is 312 NIST/US Car effort working to identify/test limits (CIP connections, packet rates, ARP storm, etc.) of EIP vendor products Typical is 10 cell switches per zone, 3 is small zone. Cell is PLC, PV terminal, robots, welders. Traffic description (50ms RPI is rule. RIO speed was good enough and 50ms is slightly faster than RIO.) Except for HMI, all EIP traffic is produce/consume PLCs  robots Robots  welders Very little PLCs to welders In-zone is predominantly multicast (I/O) Between zones is predominantly unicast with occasional produce tag for controller synchronization (conveyor control). - produce tag within a cell is of magnitude X - produce tag between cells is X/10 - produce tag between zones is X/100 Access from business LAN to zone PLCs Diagnostic monitoring Traffic levels Duplex (IntraVue software each Zone) Excessive errors Port mirroring Regarding Cisco approach to redundant switches and redundant cables: - “In this market (controls), redundant switches and cables are least of my problems – tooling my biggest problem.” - “Redundancy is expensive and complicated” - “Pull-em back” - “Keep it simple for controls, use non-redundant tree” stacked switch pair (with Gbic backplanes) is adequate for automotive. Redundant switches are not required. RA Legacy hardware and other connected to 3750 switches - PLC2/3/5, printers, marques, PCs 02/28/2012

103 Troubleshooting - Key Module Diagnostics
02/28/2012 EN2T v3 firmware – 12 Diagnostics that are important.

104 Troubleshooting - Key Module Diagnostics
3 params not on this page Link state Errors HMI pps 02/28/2012 ENBT 12 Diagnostics that are important.

105 Troubleshooting There has been 1 report (March 30, 2011) of Internet Explorer not expanding the Diagnostic folder on a EN2T. See screen capture below. The person reporting this found that by using IE7 instead of IE6 he was able to expand the folder. 02/28/2012

106 Troubleshooting - common
One common anomaly….duplex mismatch Autonegotiation is out-of-the-box easy to use and reliable. But, if your company policy is to force the duplex and speed, this is legitimate. However, if you force, remember to force both the switch port and the corresponding end-device. Other wise, there will be a mismatch and communications problems will occur. Depending on the timing of who-transmits-when, the problem may not be obvious or may be very obvious. Examine both the switch port and the end-device (e.g ENBT) for Ethernet errors. Signature errors for duplex mismatch include: - Late collisions - FCS/CRC errors - Alignment errors 02/28/2012

107 Troubleshooting – S8000 Feb 28 1993
If you cycle power, the date/time changes to Feb This is how the product was designed by Cisco. There is no battery to retain the date/time. CompactFlash retains the switch configuration but not the date/time. 02/28/2012

108 Troubleshooting – S8000 To gather switch data quickly, especially with multiple switches, use Cisco Network Assistant to look at the Monitor tab: Reports tab Port Statistics Views Topology – shows all the switches, health System Messages This info is close, if not identical, to the switch log file. 4. For maintenance, upgrade multiple switches simutaneoulsy. 5. Monitor Reports, IOS inventory for all switches 02/28/2012

109 Troubleshooting – S8000 What do I look at first with a Stratix 8000?
(How do I know if the switch is happy?) a) Log file (Device mgr or CLI) Dev Mgr, Monitor Alert Log CLI, show log b) Interfaces (Device Mgr or CLI) - Look for errors - Look for autonegotiation, speed, and duplex c) CIP object - Look that it is enabled and on which VLAN d) Verify smartport roles d) Additional steps are anomaly dependent: Example: show spanning-tree show rep 02/28/2012

110 Troubleshooting Useful CLI commands:
If you are suspicious of physical port related problems (e.g. port won’t come up) Show interface status (connected, speed, duplex) Show interface status err (see if error disabled) 02/28/2012

111 Troubleshooting - multicast
A system that has a high multicast count may have EtherNet/IP connections problems. If the number of multicast addresses exceeds the Stratix spec of 256, the result is that you will may lose connections or, more likely, you may not be able to establish CIP connections. If your customer has more than approximately 200 multicast connections thru any switch, this is approaching the default capacity of the Stratix8000 switch you should consider testing with the solutions listed on the next slide. If CIP connections cannot be established, you will not be able to view the multicast count (multicast groups) on a Stratix switch. However, you can examine each device in the RSLogix5000 I/O tree to count multicast connections. 02/28/2012

112 Troubleshooting - multicast
Solution 1: You can change the configuration of our Stratix8000 switches to allow for up to 1000 multicast addresses. When you do this, the maximum number of MAC addresses that can be stored in the switch is reduced from 8000 MAC addresses to 2000. However, 2000 MAC addresses is a lot of MAC addresses. Solution 2: Reconfigure the multicast connections for uni-cast. Note: Uni-cast is now the default for many Rockwell products but not all. I believe that the PF40 is multicast only. Safety will allow uni-cast in v20. There may be a few others. Uni-cast is recommended because it is overall an easier approach to manage a system. Multicast is a valuable traffic type but does require additional consideration. 02/28/2012

113 Troubleshooting - multicast
If you are losing I/O connections: Get a Wireshark capture. In the Wireshark file, if you see that IGMP General Queries are an unexpectedly short intervals (less than configured in the Querier switch), examine a Wireshark file to see if STP root changes are occurring. Frequent root changes are not expected. Typically, General queries will occur in the range of seconds. 02/28/2012

114 Troubleshooting – module Rejects
“Rejects” means that the Logix Ethernet module hardware passed an I/O packet to the firmware but the firmware looks at the packet and then dropped it. This increments the Reject diagnostic and also counts toward CPU usage. Rejects will occur for the following reasons: -Duplicate multicast streams The firmware enables module hardware to accept specific multicast groups. The hardware cannot distinguish duplicates. Recommendation: Avoid duplicate multicast groups by having less than 1025 nodes on a network. - The hash table (hardware) is not perfect Resulting in some multicast being past to the module firmware. Recommendation: None. - One of the CIP bi-directional communication streams stops A network event disrupts traffic. The consumer times out and closes the connection. The data producer has not yet timed out. Then, the absent stream starts arriving at the consumer again because the network is now working good. The restarted stream will be rejected by the consumer because there no longer is a CIP connection open with that connection identifier. Recommendation: None. All three of the above are the similar in that the firmware can’t associate a received packet with an active CIP connection it's rejected . 02/28/2012

115 Troubleshooting – now what?
If the basic troubleshooting steps above do not solve the problem… Examine grounding (use visual inspection) Also, see 1794-AENT statement in section B above. Examine cable lay and re-route (noise could be induced into a cable) Replace hardware Cable, switch, RA Ethernet module. Examine power to the device 02/28/2012

116 Troubleshooting When connecting a Stratix8000 to a Stratix 6000:
- If you select autonegotiate, a straight-through or cross-over cable can be used. - If you select forced speed/duplex, a cross-over cable is needed. 02/28/2012

117 Troubleshooting What’s wrong with inserting a hub to allow port mirroring? You have to break a connection to insert. If link was full-duplex, hubs can run only half-duplex. Half-duplex may disallow normal throughput. 02/28/2012

118 Troubleshooting – Duplicate IP Address
Question: Can I programmatically detect a duplicate IP condition? A: Some of the Ethernet bridge modules do set the "Minor recoverable fault" bit in the Identity object status word attribute for a dup IP condition. But not all products and revs do For example: EN2T - L2xE/L3xE, v18 ENBT and L4x, not sure about these So, the answer for the general case is no. See next page. 02/28/2012

119 Troubleshooting Duplicate IP Address
For the L3x controllers: When the L35E detects a duplicate IP condition, the MS led is flashing red and the NS led is solid red. The module can not talk through the Ethernet port ( no pings, web pages, CIP traffic, etc.) until the duplicate IP condition is resolved and the cable is disconnected/connected or the module power-cycled. If both LEDs are solid red, this is a crash situation, and the module is totally dead. In this case the crash log should provide some information. Modules with a 4-char display like the 1756-ENB scroll the duplicate IP information. Modules like the L35E without a display, store this information on a web page - but unfortunately you have to resolve the duplicate IP condition before you can get to the web page.... Storing duplicate IP information on the L3x web pages was added for V18 in rev 3.72 (Ethernet firmware): See Diagnostics | Advanced Diagnostics | EIP Stats | Error Stats See screen capture on the next slide. If L3x is powered and operating and then, a duplicate IP device is powered up, the L3x will maintain its IP. The duplicate device will not come onto the network. 02/28/2012

120 Troubleshooting Duplicate IP Address
02/28/2012

121 Troubleshooting – S8300 Description: Problem: Solutions:
You already created multiple VLANs (10,20,30,40) and you assigned an IP to each VLAN ( , , etc). And you enabled routing. Problem: From your PC, connected to FA1/1 (VLAN 10), you can ping VLAN 10 but you cannot ping the other VLANs on the 8300. Solutions: 1. Does your PC have the correct gateway configured? (e.g )? 2. If you have more than 1 Ethernet interface on your PC, disconnect all but the one connected to the 8300. 02/28/2012

122 Troubleshoot – multicast flooding
Verify if multicast is flooding The customer may be using multicast (produce tag or I/O). If multicast is flooding: - IGMP is not enabled or - there is no IGMP querier or - a switch is seeing more multicast groups than it can store. For a Stratix8000, 256 groups is the default. Install Wireshark (free, Do NOT port mirror Connect your PC to an unused switch port Run Wireshark for at least 2 minutes (120 seconds) Provide a list of all IP addresses Provide network drawing With CLI, use the command show ip igmp snooping groups 02/28/2012

123 Troubleshooting Cannot reconfigure (I/P, mask, gw) your I/O adapter?
You are probably getting error code 16 because you have an I/O connection. For security reasons we don't allow you to set port config params when we have an I/O connection. Error code 16 is "Module state conflict". Try inhibiting the adapter and changing the config again. If you changed it on the web page, it is probably already set. If you look at the fine print on the bottom of the web page, you'll see that changes take affect at the next power up. Try cycling power to see if the module is then reachable. 02/28/2012

124 Troubleshooting Cannot Ping remote IP Address
From my PC, on VLAN 1, I could not ping , on VLAN 10. I had 2 Ethernet NICs in my PC, and The corresponding 2 gateways were confusing to Windows. On my PC, from a DOS shell, I added a static route to the remote network via the interface as follows: Route add mask To see the fields for the route command, enter only ‘route’. 02/28/2012

125 Troubleshooting An EIP device capable of I/O will provide missed (aka lost) packet information. This type of packet is relevant to received packets, not transmitted packets. Please note that for the 1734 Ethernet adapter, the Lost/Slot column refers to The upper number is for Lost packets and the lower number refers to a Slot number with a EIP connection. (fyi, a Slot with a 0 means a Rack connection) Caution: Do not interpret the lower number as I/O packets lost. 02/28/2012

126 Timeouts – CIP and TCP 02/28/2012

127 TCP Timeouts Without any activity, TCP connections will close automatically in approximately 2.5 minutes. Closing TCP connections sooner, could be desirable for different reasons: Limited TCP connections (e.g. uLogix1400) TCP keep-alives will reduce the network bandwidth on a slow link (19.2Kbaud). 02/28/2012

128 Timeouts There are 4 timers associated with MSG instructions:
MSG timeout Default 30 seconds User configurable (up or down) TCP retransmission timers Not user configurable Retransmission occurs if a TCP ACK is not received TCP keep-alive timer Occurs if there is no TCP traffic (user or retransmission) Keep-alive packets sent on a variable scale (1, 2, 4, 8 seconds) CIP inactivity timer (detailed on the next page) User configurable (in MSG path) for unconnected CIP messages. Effectively closes a TCP connection if no activity. May cause the MSG to error if the MSG has not yet completed successfully 02/28/2012

129 TCP Timeouts – CIP,TCP CIP inactivity timeout
- Ethernet module monitor CIP unconnected traffic on each TCP connection - The CIP inactivity timeout can be configured in 1 sec increments from 1 sec to approx 120 sec. This can be specified in the MSG Path of the TCP originator. The default is 120 seconds. See next slide for an example. If this timeout occurs, the TCP connection will be closed by the originator. - If this timeout is specified in a CIP connected MSG, it is ignored. - If this timeout occurs but the MSG has not yet received a response, the MSG will error at the MSG timeout specified, not instantaneously. TCP inactivity timeout (CIP connected or CIP unconnected) - Ethernet modules (source and destination) monitor activity on each TCP connection - Not user configurable - If a TCP packet (data or TCP retransmission) is not received within 8 sec, a keep-alive is sent. - If any TCP packet is received on a TCP connection, a keep-alive timer will reset. - If no TCP data or keep-alive packet is received by 75 sec, another keep-live is sent. If no data or keep-alive acknowledge is received by 150 sec, the TCP connection will be closed (by originator and/or target). NOTE: MSG instruction timeout - When a MSG (CLGX, CPX) times out, it does not close a TCP connection. - MSG timeout default is 30 seconds for CLGX and CPX and is user configurable in MSG control structure. - The originator uses this timeout and also the target Ethernet module uses this timeout. For connected messaging, the Logix controller transmits every RPI/4 seconds. Default is 7.5 sec. (30 seconds/4) Class 1 (includes both TCP and UDP packets) Same basic TCP description as above for Class 3 but TCP is used only to establish I/O connection. Data is transmitted using UDP, not TCP. If a TCP connection is lost, this does not close the corresponding I/O connection. A Keep-alive message is any valid TCP packet with a TCP sequence number which is one less than previously sent. The Transmission Control Protocol/Internet Protocol (TCP/IP) stack can automatically generate these keep-alive messages to verify that the computer at the remote end of a connection is still available. 02/28/2012

130 CIP inactivity closes TCP
Example of setting the CIP message inactivity timeout configuration. This timeout is valid only for unconnected MSGs. Screen capture below copied from Rockwell knowledge base document If this timeout occurs, the MSG will error (0x204) at the specified MSG timeout. The Ethernet module does not inform the controller of the inactivity timeout. This timer begins when MSG.EN = 1. 02/28/2012

131 CIP inactivity closes TCP
In the previous slide, notice the timeout portion (120 seconds) in the path, :inactivity-120 Timeouts values are in integer seconds. The minimum value is 1 second. Examples of TCP connection closes and MSG status (DN, ER): Setup: Inactivity timeout = default (2 minutes), MSG timeout = default (30 seconds) If the MSG completes, DN or ER. in 1 second, then the TCP connection closes in 2 minutes. The inactivity timeout has no affect on the MSG status. If the MSG times out (default of 30 seconds), then the TCP connection closes in 2 minutes. Setup: Inactivity timeout = 15 seconds, MSG timeout = default (30 seconds) If the MSG does not get a response from the target within 15 seconds, then the TCP connection closes at 15 seconds. The Ethernet module does not notify Logix. The MSG will timeout at 30 seconds, 0x204, because of the inactivity timeout. If the MSG gets a response (DN, ER) from the target within 15 seconds, then the TCP connection closes at 15 seconds. The inactivity timeout had no affect on MSG status. 02/28/2012

132 TCP Connection Timeouts
1756-EN2x diagnostic shows default TCP timeout. 02/28/2012

133 TCP timeouts – MicroLogix 1400
Using the break bit in a MSG instruction will cause the TCP connection to break as soon as the MSG completes (DN or ER). Using the break bit allows the ML to conserve the number of TCP connections in use. 02/28/2012

134 Multicast Considerations
02/28/2012

135 Multicast considerations
What are considerations for multicast? Answer: EIP uses multicast for I/O and produce tag IGMP recommended (Internet Group Management Protocol) TTL (time-to-live) If the producer and the consumer are in the same network, TTL is not a factor. (TTL is a Internet Protocol parameter). Also, if in the same network, multicast routing is not needed. IGMP reference: EtherNet/IP 10 Commandments (www.ab.com/networks/site-index.html) 02/28/2012

136 IGMP Snooping Recommendations Select IGMP Snooping on all switches
Enable IGMP querier on all switches Verify operation with Wireshark --- look for multicast flooding Troubleshooting – an IGMP Leave message is an indicator See KnowledgeBase, IGMP Leave 55266 Note: With version 2, all the switches will negotiate and the lowest IP address will be the IGMP querier. IGMP v1 enabled queriers will not negotiate. Historically, there may be a circumstance where multiple queriers (v1?) are needed. 02/28/2012

137 IGMP Querier Compatibility
Version 2 Is a superset of version 1. Version 2 added a Leave function whereas v1 handled this with a timeout. V1 & V2 Interoperability includes consideration of a number of factors such as the network mix of querier version and host IGMP version. However, there are some simple statements such as IGMPv1 multicast consumers will work with IGMP v2 queries. V3 The author has not seen any v3 messaging. 02/28/2012

138 IGMP Leave – happens when?
A Logix Ethernet module sends an IGMP Leave when all CIP connections through that module are broken for the multicast address being consumed. Case 1: Startup When a consumer receives a successful Forward Open reply for a multicast group, the consumer starts sending heartbeats and also sends an IGMP Join. If the first multicast is not received in 10 seconds, the consumer sends an IGMP Leave. The consumer considers the CIP connection as timed out and stops sending unicast. Examples of timeouts after the first data: A 2ms RPI has a CIP connection timeout of 128ms. Then, X >128ms. A 100ms RPI has a CIP connection timeout of 400ms. Then, X > 400ms. Case 2: Two controllers consuming same tag thru same ENBx At the consumer Logix chassis, if there are 2 consumer controllers for the same tag and both are consuming thru the same ENBT module, then that ENBT will send a Leave for that multicast group when both Logix controllers no longer want to consume that group. A Logix controller will not consume under the following conditions: consumed tag is inhibited or deleted I/O connection is inhibited or deleted 02/28/2012

139 IGMP Leave – happens when?
Case 3: Tag producer dies/disconnected/disappears At the consumer Logix chassis, if the tag producer dies or is disconnected or the infrastructure (switch) dies, the consumer Ethernet module no longer detects the produced tag and the CIP connection will close. Case 4: Duplicate multicast address Consider the case of 2 Logix controllers each consuming data from different data producers. And, each data producer transmits its data using the same multicast address. This is allowed in the EIP spec because each multicast stream includes unique information that differentiates. If 2 or more multicast producers are using the same multicast address, the consumer ENBT module will not send a Leave until all consumer Logix controllers no longer want to receive that multicast group. 02/28/2012

140 Miscellaneous 02/28/2012

141 Stratix 8x00 Procurement Spec
02/28/2012

142 Unicast/Multicast Q&A
How many controller connections are used by a unicast connection? A: In the producer controller, connections = 1+#consumers (Note that a unicast tag can be produced to multiple consumers.) In the producer controller, the same algorithm is applicable to multicast connections. i.e. connections = 1+#consumers In the consumer, only 1 connection per tag. Can a single tag be produced as both multicast and a unicast to two different consumers? A: Yes. This assumes that you configure the produced tag to allow unicast and also configure the ptag for sufficient consumers. How many multicast groups are used if multiple produced tags are consumed by the same controller? A: One for each multicast tag. 02/28/2012

143 Unicast/Multicast Q&A
What do you need to know for configuring unicast? In the producer, configure the tag for “Allow for unicast” (Note that if you configure “Allow for unicast”, the tag may not be produced unicast IF the consumer is configured for multicast.) In the consumer, do NOT select “Use unicast” Can I produce unicast between VLAN/subnets? Yes. Because the TTL value is 64 for RA products (at least for CLGX as of the year 2008) However, be aware that the L3 switch (or router) may affect latency. Can a unicast tag have more than one consumer? Yes. But the traffic will be greater since the producer must transmit to each consumer. 02/28/2012

144 Network Address Translation
Not available in Rockwell products today. Will be available in Stratix5700 Stratix5700 available in 2nd calendar qtr 2012 Announced at AutoFair, 2011 02/28/2012

145 L2x TCP Connections During testing we found that with 8 TCP connections it was relatively easy to get locked out (using all the connections and not having one to get with a programming computer). We decided to add 4 more to avoid that, but leaving the "formal" spec at 8.. .the 12 connections are available, although 8 are the recommended number. This was the first product where the TCP connection number was easily reachable, and did not want to run in too many tech-support calls for this. 02/28/2012

146 1756-EN2x buffer and connection limits
A max of 128 incoming (from wire) buffers A max of 128 outgoing (to wire) buffers A buffer is required temporarily to establish a CIP connection. A max of 128 TCP connections This is a total of incoming plus outgoing. A max of 256 CIP connections 02/28/2012

147 Enable CIP object As requested by an IT guy, the following CLI will allow you to place an S8K switch into the Logix I/O tree. However, running Express Setup is the recommended. 1. In global config mode (config term), enter the following: cip security password xxxxxxxxx 2. On VLAN interface chosen for automation (CIP object is supported on only 1 VLAN), enter the following: cip enable 02/28/2012

148 Pushwheel for IP Address
At power up, here is the sequence for selecting the IP address. If the wheels are in the range of 1-254, the module will use that address (default mask = ). If wheels are not in above range, module looks at DHCP flag. If set, send a boot request. (Note that a wheel setting of 888 sets the module to factory defaults and sets the DHCP flag). Also, a setting of 999 is reserved for DHCP. If wheels not and DHCP flag not set, then module looks at what is configured in memory. For example, if you had set an address of and then set the wheels something outside and excluding 888 and 999, then the module would use the IP configured. User Manual example: Provides the same info as above. 02/28/2012

149 8300 Switch Where can I find CLI commands for the 8300?
Answer: IE3000 software manual 02/28/2012

150 CIP Sync (PTP) Time synchronization across an Ethernet network can be done within 100ns. Stratix8000 supports: transparent (default), boundary, and forward modes. RSLogix5000 (see notes) v16 and v17 supports EN2x v2 firmware only (knows zero about PTP) - EN2x will automatically be a PTP participant. - A MSG is required to make it a Grand Master. v18 supports EN2x v2 and v3 firmware Must select System Time Master to participate in PTP. EN2T/EN2TR v2 automatically participates in PTP The EN2x with best clock accuracy is Grand Master. v3 requires that you configure CIP Sync on a EN2x in the I/O tree. All PTP packets are multicast. A grandmaster can be a CLGX controller or satellite. 02/28/2012

151 CIP Sync (PTP) In release 6 of the Stratix 8000 SW the expansion module ports will be able to pass through the switch a PTP message. Today a PTP message is dropped. This is different than the base switch ports which participate as a 1588 PTP device. There is no short term plans to expand this to the expansion modules as the current HW will not support this enhancement. 02/28/2012

152 EtherNet/IP – new in v18 1756-EN2x higher packet rates
QoS support (EN2x, two-port I/O, K6500) CIP Sync (Logix AOP, K6500) Unicast I/O (all DIO I/O families, excluding Safety) L3x Dup. IP diagnostics (program access, web server access) Stratix 8300 switch 1783-ETAP fiber ports (1 or 2) 02/28/2012

153 v3 En2x I/O Capacity This curve with EN2x release 3 or later and L7 controller Enhanced CLGX Ethernet modules; 1756-EN2T/C, EN2TR/B, EN2F/B, EN3TR/A, EN2TXT/C 02/28/2012

154 1756-EN2x v3 CPU Utilization (I/O and HMI total)
With 100% I/O utilization, there is still module capacity for HMI. 100 % CPU % module total CPU% available for HMI Max I/O packet rate (pkt rate at 100% utilization depends on packet sizes) I/O % Utilization CPU% in use for I/O Packets/second CPU utilization is a combination of I/O and HMI With 100% I/O utilization, there is still module capacity for HMI. Max I/O pps = f(RPI, size) for each connection 02/28/2012

155 1756-EN2x v3 web server The Actual Rate (I/O PPS) counts packets for the backplane plus the Ethernet port. Example, if a L6x sends a produce tag to another Logix on Ethernet each second, this number will be 2 (1 backplane + 1 Ethernet port). Also, Safety I/O and Safety produce tag are included in addition to standard I/O and standard produce tag. The total CPU utilization will always be less than 100% for only I/O. For example, the Ethernet port is running approx 25,500pps. This is nearly the full 26Kpps I/O limit. Because the CPU shows 54.1%, this means that this module has capacity for HMI and MSGs. With 45% CPU available, this module could handle 45% of the 3200 HMI pps rating. 02/28/2012

156 EN2x web server deep dive
Missed pkts Connection uptime Missed pkts Target is producing this multicast group CIP connection target located on this port (Ethernet) CIP connection originator located on port 1 (backplane) Originator in this backplane slot Originator traffic type Target traffic type Target IP Example Summary: Each row consists of both CIP connection originator and target information. The EN2T module we are viewing is (not shown in the screen shot above) The packets we are viewing have the connection originator on ’s backplane, in slot 6. The target device is on Ethernet is producing multicast and also producing unicast. Originators and targets are both sending and receiving packets on each connection. Missed packets are meaningful to only received packets. 02/28/2012

157 EN2x web server The Applications Connections page of EN2T web server shows non-bridged connections. - CLGX redundancy connections always shown, 3 (inactive or active) - Rack optimized connections - Assembly connections (if someone did a connected MSG instruction to the EN2T) The purpose is to create 3 CIP connections: Connections are active only in CLGX redundancy system - One is for EN2T to record events in RM log. - One is for RM to send cmds to EN2T. - One is for EN2T to send cmds to partner EN2T. The assembly connection is the "CIP Motion/Time Sync" connection you can choose when you configure an EN2T in RSLogix It is used to allocate CIP Motion axes in the EN2T, and to turn on PTP. Note that the Rack connection seen in the web shot shows the rack connection on the Ethernet side. If you were to start populating that rack connection, you would see connections to the individual I/O modules show up on this page also. 02/28/2012

158 QoS prioritization QoS can help smooth out the peak loads and make sure that the important traffic has priority. However, the most important thing is to make sure you have enough bandwidth to begin with QoS = quality of service Refers to mechanism that provides precedence to applications. Mechanisms include ToS and CoS. TOS = type of service (layer 3) Byte in IP header 6 bits, Differentiated Services Code Point (DSCP) Of the 6 bits, 3 bits of precedence. CoS = Class of service (layer 2) 3 bit field in Ethernet frame Priority 0-7 02/28/2012

159 QoS support Any 2-port module will be marking packets with DSCP values (at the default values per the EIP spec) Two-port 1732 I/O Two-port 1734-AENTR Two-port 1738 I/O 1756-EN2TR/EN3TR (See Knowbase Answer for complete list) The 1756-EN2T/EN2F/EN2TXT will mark only for CIP Motion and CIP Sync. Other traffic (e.g. I/O) will have the default DSCP marking of 0. If a packet is unmarked, the Stratix8000 switches will mark packets based on CIP TCP/UDP port numbers (I/O is UDP port 2222, HMI is TCP port 44818). This feature is enabled with Express Setup. See References section for more on QoS. 02/28/2012

160 QoS support However, you can change the EN2x QoS default values via MSG instruction to the QoS Object should one desire that. Not sure why this would need to be done. ETAP will not remark any packets that are being produced by the attached device. So if the device doesn't mark, the ETAP will not change this. 02/28/2012

161 CIP Safety on EIP 02/28/2012

162 CIP Safety on EIP Number of CIP connections Input module CRTL
Output module CRTL Safety task interval maximum (100ms) Safety I/O modules 1791ES-IB16 1791-OBXIB8 1734-IBS 1734-OBS 02/28/2012

163 Safety CRTL for 1791ES-IB16 02/28/2012
For the input connection, the CRTL is 10ms x 4 x 6 = 100ms For the output connection, the CRTL is 20ms x (4-1) x 6 = 180ms, where the “-1” comes from the output scan being synchronous to the program scan (according to Bill Waltz). 02/28/2012

164 Safety 1791ES-IB16 modules This module always has an input connection and also an optional output connection. Input connection information The controller will not produce data on the 0->T side until it gets T->O data. It will wait 2 seconds for first data reception before timing out. Output connection information The controller will start producing safety output data (O->T) without receiving any data (T->O) initially from the 1791 block. 02/28/2012

165 Safety Produce Tag To configure a Safety produce/consume tag:
Select CST for each controller Configure a produce tag Must first create a UDT with the first member being a CONNECTION_STATUS data type. Remaining members can be whatever you want. In the producer controller acd file, in controller properties, Copy the Safety Network Number In the consumer controller acd file, in the I/O tree, select the producer controller and properties. Paste the Safety Network Number. 02/28/2012

166 Safety Multicast/Unicast
RSLogix5000 v18 and earlier Produce Tag multicast only I/O multicast only RSLogi5000 v19 Produce tag unicast is available RSLogix5000 v20 and later I/O unicast is available 02/28/2012

167 Spanning-tree & Other Loop Prevention protocols
02/28/2012

168 Spanning-tree protocols
Question: What are the spanning-tree protocols? First came spanning-tree STP (50 sec) RSTP (2 sec) PVST(2?-50 sec), Cisco STP, Spanning-tree protocol, obsolete but still supported by switch vendors, DIG 1.2 = diameter of 7 switches, 50 seconds PVST (similar to PVST+), Per VLAN span tree, DIG 1.2 shows max diameter of 7 switches, 50 seconds Works with ISL trunking. PVST+ works with Dot1Q trunking to allow exchange between PVST, PVST+, and CST RSTP, IEEE 802.1D (2004), Rapid span-tree, 2 seconds MSTP, IEE 802.1Q (2005), Multiple instance span tree protocol, aka MISTP, creates a tree for each VLAN, 2 seconds RPVST+, Rapid per VLAN span tree, 2 seconds Question: What loop prevention protocols are supported by Stratix8000? Answer: RPVST+, PVST+, and MSTP (REP is supported but is not spanning-tree) If you run Express Setup, MSTP is the protocol used. If you don’t run Express Setup, then PVST+ is the protocol used. MSTP (2 sec) Rapid PVST (2 sec), Cisco The protocols high-lighted in blue are supported in the Stratix8000. 02/28/2012

169 Loop prevention protocols
Question: What is range of recovery times for a single link fault? STP (50 sec) RSTP(2 sec) REP (50ms) DLR (1 ms) 02/28/2012

170 Etherchannel - resiliency
Example: No ring, 0ms link loss recovery Switch_ P P Switch_2 Example: Ring, 0ms link loss recovery Switch_3 P P ‘P’ are Etherchannel port channel interfaces. Spanning-tree BPDUs pass on port channels. - CLI command, Show etherchannel - CLI command, for each port configured for Etherchannel, you will find channel-group N P P Switch_1 P P Switch_2 02/28/2012

171 Software – frequently used
RSLogix5000 RSLinx RSNetWorx for Ethernet Calculates Ethernet module loading (scanners and adapters) Ping Web server (in each Ethernet module) Logix Controller task monitor Network management software Example: IntraVue Packet capture Examples: Ethereal, Sniffer Centralized module diagnostics application Use FT View to monitor diagnostics on all EIP modules 02/28/2012

172 CIP Connections Most devices use 1 CIP connection
A few devices use more than 1 connection 1756-DNB uses 2 (status, data) RSLinx opens as many as 5 Produce tag The controller that produces a tag uses connections as follows: 1 + #consumers. Note that with 125 tags produced (with only 1 consumer each), a CLGX would be out of connections. EIP modules count connections as follows: #consumers 02/28/2012

173 Sending emails Sending emails
CPX, CLGX, FlexLogix Ethernet modules can initiate s (ENET-UM001, KBase 30937, 32295) EWEB modules can also be used to send s 02/28/2012

174 Intrinsically safe Are there intrinsically safe products on EIP?
Answer: Not directly on EIP. However, you can use intrinsically safe RA I/O products and put an EIP adapter outside the hazardous area by using 1797-BIC and CEC. Reference: 02/28/2012

175 Unicast produce tag What do you need to know?
Unicast produce tag available in standard EIP (not Safety) in v16 RSLogix5000. Configure for unicast at both the producer and consumer. TTL value is 64 for RA products (at least for CLGX as of the year 2008) A tag can be consumed from multiple consumers (remember to config the produced tag for the correct number of consumers.) 02/28/2012

176 Why a socket interface for Logix?
Not every device and application can speak the EtherNet/IP protocol. Numerous customer requests for this feature: Material Handling Semiconductor RFID reader integration OEM’s in various businesses Primary uses for the socket interface: Connect Logix to devices that don’t speak EtherNet/IP RFID readers, weigh scales, bar code readers, etc. Connect Logix to applications on OS platforms not well-supported by RSLinx Linux, VMS, etc. Socket style interfaces are supported by competitors such as Siemens and Schneider. 02/28/2012

177 Why a socket interface for Logix?
Logix communications to non-EtherNet/IP devices CPX (L43/45), CLGX, and MicroLogix1400 platforms have EWEB modules 1756-EWEB modules support up to 20 sockets Each socket specifies a single logical “port” to receive on Each socket can be used to transmit to any target port and any target IP Note that there are a few ports that are EWEB blocked so you should not use (or you will get immediate error status): - TCP 44818(decimal), used by RSLinx and CLGX MSGing - UDP 2222(decimal), used for CIP I/O and produce tag - TCP 80(decimal), used for http See EWEB user manuals and Knowbase 48879 02/28/2012

178 Sockets Comparison Ethernet module 1756- EWEB 1756-EN2T CPX L43
L1y-L3y uLogix 1400 Number sockets 20 32 8 Max packet size (bytes) 500 4000 240 (read) 236(write) 02/28/2012

179 Sockets in more modules
Starting in v20, the socket feature will only be added to the 1756-EN2T and other X-scale EtherNet/IP modules. This include the EN2F, EN3TR, EN2TR, and the EN2TXT. The EN2T will be the first to have the feature and the rest will follow. The 1756-ENBT and 1768-ENBT modules will not get this enhancement. The differences between the 1756-EWEB and 1756-EN2T: - EN2T limited to ~4,000 byte packet (not 500 bytes) - EN2T limited to 32 sockets (not 20) 02/28/2012

180 Sockets in 1756-EN2x Planned for RSLogix5000 v20 Firmware upgradeable
02/28/2012

181 Sockets Q&A Q: Can any TCP or UDP port number be used in a sockets application? A: Ports 2222, 23, 80, cannot be opened as server ports because they may affect operation of the module either with respect to browsing, rswho, cip, telnet. As long as you don't try to open any of these ports as a server you’re OK. If Logix is the client, and a 3rd party device is a server, that would be OK. But if the 3rd party device tried to initiate a conversation to Logix, that wouldn't work. 02/28/2012

182 Remote access basics Your PC PC with enet interface
(wired or wireless) and VPN client sw Telephone modem or DSL modem or Cable modem or Wireless access pt or Wireless broadband modem ISP VPN concentrator E.g. Cisco, Checkpoint. (Hardware or software.) internet Internal network The VPN client PC will have 2 IP addresses. The local one and also one on the remote Internal network. VPN encrypts and decrypts the data transferred. 3. Firewall functionality can be located before/after/inside the VPN concentrator server - First, purchase VPN concentrator and then purchase recommended VPN client software. ISP (internet service provider) provides access to internet. VPN client software allows you to be connected to a remote network. 02/28/2012

183 Wireless FAQs Use wireless for:
Moving equipment (slip rings, reconfig plants, overhead cranes) Long distance (3-7 miles:unlic, miles:licensed) Connect across the highway Is wireless less expensive than wired Ethernet? (see Use wireless for above) Longer distances means slower data rates. 802.11n is backward compatible with a/b/g See web sites for Esteem, Prosoft, Cisco, etc. 02/28/2012

184 Legacy Describe communication protocols between Rockwell legacy products (PLC5E, PLC5 Sidecar, and SLC5/05) and Logix (CLGX, CPX). Communications initiated from legacy (to Logix) Legacy supports PCCC commands and very few CIP commands Only explicit messaging (no implicit) Only CIP connected Legacy knows how to create a CIP connection Legacy knows how to encapsulate a PCCC command in a CIP wrapper Legacy sends commands to the PCCC object in a Logix controller Communications initiated from Logix (to legacy) Logix supports unconnected or connected messaging to legacy. 02/28/2012

185 Legacy PLC5 Ethernet Sidecar firmware
1785-ENET Ser C firmware distributed by technical support You need to call TS and have a ticket number Ser A and Ser B firmware must be purchased by the customer via distributor 02/28/2012

186 Why a socket interface for Logix?
Not every device and application supports the EtherNet/IP protocol. Numerous customer requests for this feature: Material Handling Semiconductor RFID reader integration OEM’s in various businesses Primary uses for the socket interface: Connect Logix to devices that don’t speak EtherNet/IP RFID readers, weigh scales, bar code readers, etc. Connect Logix to applications on OS platforms not well-supported by RSLinx Linux, VMS, etc. Socket style interfaces are supported by competitors such as Siemens and Schneider. 02/28/2012

187 Why a socket interface for Logix?
CPX (L43/45), CLGX, and MicroLogix1400 platforms have EWEB modules EWEB modules support up to 20 sockets Each socket specifies a single logical “port” to receive on Each socket can be used to transmit to any target port and any target IP Note that there are a few ports that are EWEB blocked so you should not use (or you will get immediate error status): - TCP 44818(decimal), used by RSLinx and CLGX MSGing - UDP 2222(decimal), used for CIP I/O and produce tag - TCP 80(decimal), reserved, used for http See EWEB user manuals and Knowbase 48879 02/28/2012

188 Sockets in more modules
Starting in v20, the socket feature will only be added to the 1756-EN2T and other X-scale EtherNet/IP modules. This include the EN2F, EN3TR, EN2TR, and the EN2TXT. The EN2T will be the first to have the feature and the rest will follow. The 1756-ENBT and 1768-ENBT modules will not get this enhancement. 02/28/2012

189 Sockets in 1756-EN2x Planned for RSLogix5000 v20 Summer 2011
Firmware upgrade 02/28/2012

190 Q & A 02/28/2012

191 Q&A At this time, who are sources for EtherNet/IP drivers? Answer:
In the following list of companies, you will need to research each to determine the functionality supported (explicit or implicit messaging, client/server, etc. ) - Pyramid Solutions - NSD, Co. - IXXAT Automation - RTA Also, if your customer is developing an I/O adapter, there is an open source project for an EtherNet/IP adapter on SourceForge - see: ODVA Terms of Usage Agreement requires conformance testing of all products at by an ODVA Test Service Provider (located in USA, Germany, Japan or China) 02/28/2012

192 Q & A Q: What if my PC runs slow when connected to a DLR ring or line?
A: DLR beacons can affect your PC performance If a supervisor is configured, this module will transmit beacon packets intended to detect loss of continuity in a ring topology. If you are running debug (port mirroring) on an ETAP or accidently have a supervisor configured in a linear topology, your anti-virus software may be affected by the beacons. You can temporarily disable the software as a test. If you have a ring, make sure that a DLR supervisor is configured and your PC is connected via an ETAP. If you are operating DLR devices in a linear topology, make sure that a supervisor is NOT configured. Your PC can be connected directly to a 2-port device or through an ETAP. 02/28/2012

193 Q & A Produce tag option, “Send State Change Event To Consumer” means what? If you check the box: - You are expected to use an IOT, as the Help shows. - The IOT will increment a sequence number in the produced tag packet which will cause the consumer event based task (task based on consumed tag) to execute. - The tag RPI timer is reset when an IOT is executed. - If the produced tag RPI timer expires before its IOT is executed, the tag is produced and consumed but the sequence number is not incremented. If you check the box but do not use an IOT: - The tag will be produced at the RPI rate and the sequence number will not be incremented and, if you have a consumed tag event based task, it will not execute. 02/28/2012

194 Q & A What are Ethernet network considerations for CLGX redundancy?
Answers: 1. CLGX Primary and Secondary must be in same L2 and L3 network to make IP swapping work. 2. Up to 7 total CNet and/or ENet modules supported per CLGX chassis. 3. I/O on Ethernet must be multicast. (v19.5 and later) 4. The “ping” between each Ethernet module pair is used as part of qualification (system coming up) or disqualification (system already running). This “ping” is actually a CIP message. 5. As relates to Ethernet, the only condition that will cause switchover is link lost. 6. Ethernet modules complete their switchover in less than 100ms. 7. HMI switchover is up to 1 minute and is dependent on RSLinx timeouts and secondary upload of tags from the CLGX controller (more tags, more time). Is this still true? L7? Enhance Linx? 8. IP swapping is selectable --- for each Ethernet module pair. 9. Ethernet modules don’t backup one another. Redundancy is chassis based, not module based. 10. I/O on Ethernet with CLGX redundancy must be on DLR to avoid connection loss. 11. What is the switch/router topology recommendation for HMI redundancy? Work in progress… 12. Recommended reading – CIP Sync manual, CLGX Redundancy manual. 02/28/2012

195 Q & A What is the difference between 1756-EN2T series A and B? Answer:
The difference between EN2T series A and EN2T series B is that we upgraded the backplane ASIC in the hardware. There are no functional or performance differences between the two modules. The reason we changes series was because the firmware is not forward compatible. So while both version 1.x and version 2.x firmware could go into the series A hardware, only version 2.x and above could be used in series B. 02/28/2012

196 Q & A What firmware and hardware is required to get improved backplan/Ethrnet performance with CLGX? Answer: See Answer ID 35482 Rev Improved backplane communication support The hardware (see series designation below) has been enhanced for improved backplane communication between the controller and module when using the 1756-L7x controller (and later revisions) EN2T: series C 1756-EN2F: series B 1756-EN2TXT: series C 02/28/2012

197 Q & A Q: Can the number of 1756-EN2T multicast addresses be increased from the default of 32? Also, can the TCP connections be increased from the default? A: The number of multicast addresses can be increased to The number of TCP addresses cannot be increased from the default of 128. 02/28/2012

198 Q & A Large packet sizes 02/28/2012
Q1. What is the maximum size of data that can be sent over Rockwell Ethernet/P - ControlLogix and CompactLogix? ANSWER: CIP historically limited a packet size to ~500 bytes on a network. However, on Ethernet, the limit is the MTU (max transmission unit) 1500 bytes. For several years now (since v16), the 1756-EN2T and CLGX controllers supported extended forward opens to allow more than 500 bytes in a packet on the network for connected explicit messaging. Example: In a connected MSG, you could specify a large number of bytes (ex, 30,000 DINTs) and then on Ethernet, you would see many 1500 byte packets. This fragmentation is done for you. This has nothing to do with sockets. However, in v20, the EN2T will support sockets. And, for connected MSGs, you can specify a large amount of data bytes for connected reads, 3972 for connected writes. See Sockets application guide ENET-AT002-EN-P. Again, on the wire, packets will be limited to the MTU of 1500 bytes. Fragmentation will be done for you. Q2. Has Rockwell released a CompactLogix platform that would support this type of application? For the CPX (2x, 3x, 4x) with a connected MSG, you can configure a large data transfer size (e.g. 30,000 DINTs), but on the Ethernet wire, the packet size will be limited to 500 bytes. 02/28/2012

199 References 02/28/2012

200 References ODVA EIP diagnostic faceplates
EIP diagnostic faceplates samplecode.rockwellautomation.com/idc/groups/public/documents/webassets/sc_home_page.hcst Product: Network Communications Technology: Faceplates Title: Ethernet Reference architecture, Design & Implementation Guide (DIG) Publication ENET-UM001G-EN-P Provides connection and packet rate specs for modules 02/28/2012

201 References Publication Knowbase ID 67910, Inter-VLAN routing (8300)
ENET-AT002A-EN-P, December 2011, EtherNet/IP Socket Interface Knowbase ID 67910, Inter-VLAN routing (8300) ID 66324, Unicast I/O, firmware/software versions ID 66326, ControlLogix 1756-ENxxx V3.x performance increase ID66325, QoS Compatibility with Embedded Switch Technology products ID48879, Socket Services ID273519, Stratix Switch Troubleshooting 02/28/2012

202 References ODVA EIP diagnostic faceplates
EIP diagnostic faceplates samplecode.rockwellautomation.com/idc/groups/public/documents/webassets/sc_home_page.hcst Product: Network Communications Technology: Faceplates Title: Ethernet Reference architecture, Design & Implementation Guide (DIG) Publication ENET-UM001I-EN-P Provides connection and packet rate specs for modules 02/28/2012

203 Questions? 02/28/2012


Download ppt "EIP Book of Knowledge Answer ID 57174"

Similar presentations


Ads by Google