Cgs2520 Technical
-
Upload
linden1961 -
Category
Documents
-
view
139 -
download
2
Transcript of Cgs2520 Technical
Cisco 2500 Series Connected Grid Switches
Technical OverviewFebruary 10, 2012Presentation_ID 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Document Classification: Cisco Confidential
The information in this presentation is confidential and considered Cisco Proprietary. This information is not intended for distribution
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Agenda Products and Solutions for Substation Automation CGS 2500 Hardware Feature Overview CGS 2500 Software Feature Overview Network Management Feature Overview Utility Specific Hardware and Software Features Compliance Specification Summary
Presentation_ID
2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
Cisco Substation Automation Solution
Product Family
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
Substation Automation SolutionMultiservice Substation ArchitectureSubstation Network Station and Process BusStation bus behind electronic security perimeter (ESP) for NERC/CIP compliancePrimary WAN Secondary WAN
Substation Network Multiservice Ethernet RingMultiservice Ethernet ring built with Cisco CGS 2520 to facilitate various traffic types while keeping logical segregation with station bus traffic (physical security components also included behind ESP)
Remote Workforce ManagementDistributed Controller
RTU DFR
IEC 61850 Station BusESP
Multiservice Ethernet Access Ring Physical Security Wireless Optical
PSP
IED
IED
IED
IED PLC
Process Bus to Switch-Yard DevicesPresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
NAN Aggregation5
Cisco Substation Automation Product Positioning
Features and Positioning
CGR 2000 Series Deployment in Substation Relay Racks 19 Rack Mount
CGS 2500 Series Deployment in Substation Relay Racks 19 Rack MountIE 3000 Series Deployment in Switchyard / IED Cabinet
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
Cisco CGS 2500 Series
Product Overview
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
Substation Automation / Integration Cisco CGS 2500 SeriesCGS-2520-24TC24 10/100 ports 2 dual-port GE uplinks
CGS-2520-16S-8PC16 FE SFP ports 8 10/100/PoE ports 2 dual-port GE uplinks
Based on the Cisco Catalyst 2K / 3K series, the most successful Enterprise Switches in the world today!Enhanced for Utility deployments Substation Compliant (IEC 61850-3, IEEE 1613) No Moving Parts Dual Redundant, Field Replaceable Power Supplies Extended Temperature Range Support Extended Power Supply Support Choice of Front or Reverse Cabling CG Swap Drive Functionality High availability platform: REP, Flexlink GOOSE support: QoS, Fast Ring Convergence and VLAN handling MODBUS Memory Map support Utility Specific Smartport macros. Hardware Based Security solution: SUDI Advanced Security solution Option to upgrade to Layer 3 feature sets
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
Cisco CGS 2500 Series
Hardware Feature Overview
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
Cisco CGS 2500 Series Enhanced Utility Hardware Design Utility Grade Hardware Reliability Designed to fully comply with IEC 61850-3 and IEEE 1613 Redundant, Field Replaceable and Hot-Swappable power supplies High observed MTBF World Class post sales support- Cisco TAC
Utility Specific Hardware Design 19 rack mount design and 1 RU form factor for relay rack installations. Wide range of power supplies options: AC, high DC, and low DC Front / Reverse cabling Enhanced power cage design provides ground path and EMI shield Custom over mold terminal block meets safety creepage requirements and is IP30.
Deployment Flexibility and Investment protection Layer 2 and Layer 3 functionality in a single platform POE support for IP Phones and Physical security deployments CG Swap Drive functionality for quick and easy deployments IEEE 1588v2 / PTP c37.238 (Power Profile)
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10 * On fiber ports and Shielded twisted pair
Cisco CGS 2500 Series Hardware Overview
Port Configurations: 24-10/100BaseT ports and two dual-purpose gigabit-Ethernet uplinks 16 Fast Ethernet (FE) SFP ports, Eight 10/100 Base-TX/PoE ports, and two dual-purpose gigabit-Ethernet uplinks.PWR-RGD-LOW-DC: Low DC (24/48V) module PWR-RGD-AC-DC: AC/ High DC (88-300VDC/85-264VAC) module
Power Supply Options:
Software Requirements: 12.2(58)EY11
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Cisco CGS 2500 Series CGS-2520-24TC Front PanelSubstation HardenedSubstation Compliant IEC61850-3 and IEEE1613
GE PortsDual purpose 10/100/1000 Copper 100/1000 SFP ports Rugged SFP support
ConsoleConsole over USB Console over RS232
CG Swap DriveSD Flash
Conductive CoolingNo fans and/or moving parts Increased Operating Temp**
Field Replaceable Power Supplies 24 Fast Ethernet Ports10/100 Fixed Copper High Voltage PS: 85 264VAC 88300VDC Low Voltage PS: 24-60VDC
Front or Rear Mount CapabilityRedundant LED placements at front and rear of router System, Alarm and Port Status LEDs Cisco Systems, Inc. All rights reserved. Presentation_ID 2010
IEEE 1588 v2/PTPPower Profile c37.238
Alarm ContactsFOUR Alarm Inputs ONE Alarm Output
Cisco Confidential
12
Cisco CGS 2500 Series CGS-2520-16S-8PC Front PanelSubstation HardenedSubstation Compliant IEC61850-3 and IEEE1613
GE PortsDual purpose 10/100/1000 Copper 100/1000 SFP ports Rugged SFP support
ConsoleConsole over USB Console over RS232
CG Swap DriveSD Flash
Conductive Cooling IEEE 1588 v2/PTPPower Profile c37.238 No fans and/or moving parts Increased Operating Temp**
16 Fast Ethernet Ports100M SFP
Field Replaceable Power SuppliesHigh Voltage PS: 85 264 VAC 88-300 VDC Low Voltage PS: 24-60 VDC
10 /100M Fixed Copper PoE Redundant LED placements at front and rear of router System, Alarm and Port Status LEDs Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 2010
Front or Rear Mount Capability
8 Fast Ethernet Ports Alarm ContactsFOUR Alarm Inputs ONE Alarm Output13
Cisco CGS 2500 Series Power Supply DetailsRear Panel View
PWR-RGD-LOW-DC PWR-RGD-AC-DC
Low DC (24-60VDC) Power Supply AC/ High DC (88-300VDC/85-264VAC) Power Supply
Combined standard AC and high voltage DC (88-300VDC, 85-264VAC) power supply and low voltage DC (24-60VDC) power supply are available. Maximum flexibility supports any combo of high voltage and low voltage power supplies. Load sharing power supplies in a dual power supply configuration; a single power supply is capable of supporting a fully configured switch Both power supplies are universally interchangeable with the CGR 2010 Router. Standard internal power supply provides inline power (802.3af-compliant PoE and Cisco Inline Power) to offer PoE support. 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Cisco CGS 2500 Series Hardware SpecificationsSpecificationEthernet Ports Chassis H x W x D Weight (no power supplies) Available Rack Mount Accessories Wall Mount Option Cabling
CGS-2520-24TC24 x 10/100 copper + 2 x 1G Dual Purpose
CGS-2520-16S-8PC16 x 100M SFP + 8 x 10/100 copper POE + 2 x 1G Dual Purpose
1.75H x 17.5W x 14D (4.45 x 44.5 x 35.5 cm) With Power Supplies Installed 9.1lb (4.1kg) 19, ETSI, 23 (Post FCS) Yes, Using 19 Brackets shipped with Unit Both Front and Reverse cabling is supported 10lb (4.5kg)
AC Power InputHigh DC Power Input Low DC Power Input Dual Power Supplies Operating Temperature*
100-240 VAC, 2-0.75A, 50-60 Hz100-250 VDC (+20%/-12%), 2-0.75A 24-60 VDC (+/- 25%), 10-2.5A Two modular power supply FRUs (AC or DC) -40 C to +85 C (type Test) -40 C to +60 C (continuous operation)
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
Cisco CGS 2500 Series Dual Purpose Ports For each pair of dual purpose ports, either the 10/100/1000 RJ-45 port or the SFP port can be used LEDs indicate which port is active The media type can be configured (per port) as:
auto-select (default) rj45 SFP
(2 of 2 Dual Purpose Ports Shown)
With media type configured for auto-select, the first port in the pair to achieve link is selectedIf both ports in the pair are connected, the SFP port takes priority. The priority is not configurable Speed and Duplex can not be manually configured without first configuring a media type of rj45 or sfp (Not configurable with auto-select media type)Cisco Confidential
2010 Cisco Systems, Inc. All rights reserved.
16
Cisco CGS 2520 Supported Ruggedized SFPsPart #GLC-SX-MM-RGD GLC-LX-SM-RGD GLC-FE-100LX-RGD GLC-FE-100FX-RGD GLC-ZX-SM-RGD
Dual-Purpose Downlink FE Ports GE Ports CGS-2520-16S-8PCYes Yes Yes Yes Yes No No Yes Yes No
DOM Supported by SFP*No No No No No
Temperature Range**IND IND IND IND IND
Temperature RangeIND EXT COM
CGS 2520 Operating Temperature Range Support-40C to +60C -5C to +60C 0C to +45C
LC Connectors
**If non-industrial (i.e., EXT, COM) SFPs are used, the CGS 2520 operating temperature must be de-rated. 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Cisco CGS 2520 Supported non-Ruggedized SFPsPart #SFP-GE-L w/DOM SFP-GE-S w/DOM SFP-GE-Z w/DOM GLC-EX-SMD w/DOM GLC-BX-D, GLC-BX-U w/DOM GLC-FE-100LX GLC-FE-100BX-D, GLCFE-100BX-U GLC-FE-100FX GLC-FE-100EX GLC-FE-100ZX CWDM SFP w/DOM (8 channels)*
Dual-Purpose GE PortsYes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Downlink FE Ports CGS-2520-16S-8PCNo No No No No Yes Yes Yes Yes Yes No
DOM Supported by SFP*Yes Yes Yes Yes Yes No No No No No Yes
Temperature Range**EXT EXT EXT EXT COM COM COM COM COM COM COM
**If non-industrial (i.e., EXT, COM) SFPs are used, the CGS 2520 operating temperature must be de-rated. 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
Cisco CGS 2500 Series USB Console Port
Any Mini USB cable is supported As an environmental measure, Cisco no longer ships console cables by default. *
New Type B mini USB Console Port Enables use of a Mini USB cable for console access in addition to the
Cisco console cable Traditional rj45 console port is still available on the platform
Mini USBs are commonly used for cell phones and digital cameras and offers a
more flexible console access by not being limited to the Cisco console cable Only one console can be active at a time; USB cable always takes precedence
* Console cables in shipment of new switch are an option that needs to be configured at time of ordering
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
Cisco CGS 2500 Series System, Power Supply and Port Status LED
Power Supply Status LED
System, Power Supply and Port Status LED
LED System
IN 1 IN 2
LED Definition Off no power or unit not boot-up Alternating Green/Off POST in progress Solid Green System Healthy (normal operation) Solid Amber System Faulty Off PS FRU not installed Solid Green AC or DC power input [1:2] presence when PS FRU is installed Solid Amber AC or DC power input [1:2] not presence when supply is installedCisco Confidential
2010 Cisco Systems, Inc. All rights reserved.
20
Cisco CGS 2500 Series POE Functionality Prepare the network for IP Telephony and Wireless access Eliminate the need for separate electrical wiring Protect your investment and avoid a costly upgrade Cisco pre-standard POE and 802.3af are fully supported Cisco IOS provides intelligent power management with granular control Wide selection of standards-based IEEE 802.3af powered devicesIP Phones Wireless Access Points Surveillance cameras Access Card Readers
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
Power Over Ethernet Support PoE is supported only in CGS-2520-16S-8PC.
Architecture is similar to Catalyst 3750E family switches. One Power Supply can support up to 65W and two Power Supplies support up to 170W of PoE.
Powering all the 8 FE ports will require 2 Power Supplies. If one Power Supply fails, ports configured as priority ports will continue to receive power. The low priority PoE ports may not get PoE or lose power. Enhanced POE is supported up to 20 Watts. PoE+ will not be supported at FCS.
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
22
Cisco CGS 2500 Series External AlarmsAlarm # 1: Remote SecurityBuilding or Cabinet Door Open / Closed Alarm # 2: EnvironmentalHigh Building or Cabinet Room Temperature
CGS 2520 Located at Remote Substation
SNMP Trap Outputs
(4) Dry Contact Inputs
Alarm # 3: PowerUPS or DC System
Network Operations Center 2010 Cisco Systems, Inc. All rights reserved.
Alarm Output
Alarm # 4: EnvironmentalFire / Smoke
Cisco Confidential
23
Cisco CGS 2500 Series Alarm ContactsCGS 2520 supports: Four External Alarm Inputs One form C outputAlarm Connection Alarm 1 input Alarm 2 input Alarm Output N/C Alarm 3 input Alarm 4 input Alarm Output N/O Alarm Output Common Alarm Input Common RJ-45 Pin 1 2 3 4 5 6 7 8To Pin 8 Alarm In Common
Alarm Input DetailsNormally-Open (NO) Contacts closed triggers alarm To Pin 8 Alarm In Common
To Pin 1, 2, 4, or 5 Alarm Input
Normally-Closed (NC) Contacts open triggers trigger
To Pin 1, 2, 4, or 5 Alarm Input
Alarm Output DetailsForm-C Normally-Open/Normally-Closed Contacts No Alarm State Shown To Pin 6 Alarm Out N/O To Pin 3 Alarm Out N/C
1
8 RJ-45 Alarm Connector on CGS 2520 Chassis
To Pin 7 Alarm Out Common
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24
Cisco CGS 2500 SeriesCG SwapDrive - Zero-Config Replacement
Zero-config replacement Simple switch replacement in case of a failure No networking expertise required CG SwapDrive ensures fast recovery
Files stored on the SwapDrive IOS Image (tar, html) 2 sets Configuration file VLAN.dat file
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
25
CGS 2500 Series Software Feature Overview
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
26
CGS 2500 Series Two SA Offerings-One PlatformCGS-2520-24TC24 10/100 ports 2 dual-port GE uplinks
CGS-2520-16S-8PC16 FE SFP ports 8 10/100/PoE ports 2 dual-port GE uplinks
Service Offerings
Two SW images 12.2(58) EY
High End Layer 3 Services
IP SERVICES
One Hardware Platform:
Layer 2 Services
LAN BASE
CGS 2520
Substation AutomationPresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
27
Cisco CGS 2500 Series Key Software FeaturesLAN BasePer port per VLAN ingress policing RADIUS/TACACS+ Access Control Lists (ACLs) SNMPv3 cryptoPer VLAN classification/statistics Configurable egress queue bandwidth Configurable egress buffers/thresholds Strict priority queuing with optional policer IEEE 802.1x and identity-based network services Web- and MAC-based authentication Port security + Cisco enhancements DHCP snooping, dynamic ARP inspection, IP source guard Spanning Tree Protocol security mechanisms Storm control Wire-speed L2-L4 ACLs Private VLAN Secure connectivity: SSH/SSL/SCP Configuration file security UNI/ENI and NNI port types (configurable on allports) Configurable per VLAN MAC learning MAC address learning and aging notifications Modbus memory map support Express Setup Cisco Configuration Professional Utility Specific Smartport macros DHCP Auto Config/Image upgrade Config Rollback/Replace SPAN/RSPAN Layer 3 IP SLA IETF TWAMP Responder Support Port and VLAN Loopback
IP ServicesResilient Ethernet Protocol All LAN Base features plus: Flexlink Static routing, Inter-VLAN routingLink-state tracking UDLD Multi-VRF CE (VRF-lite) Policy-based routing
xSTP: 802.1s/802.1wEtherChannel/LACP/PAgP Dying gasp for loss of power External alarm contacts Ethernet OAM
RIP Versions 1 and 2EIGRP, OSPF, and IS-IS BGPv4 IPv6 routing HSRP
Digital Optical Monitoring Multicast routing: PIM (SM, DM) (DOM), Optical ports Source Specific Multicast Source Specific Multicast mapping Bidirectional Forwarding Detection Multicast support for VRF (mVRF-Lite) VRF-aware services (ARP, ping, SNMP, HSRP, uRPF syslog, traceroute, FTP, and TFTP)
Configurable control plane security IEEE 802.1AR for hardware-based Time Domain Reflectometry security (Copper ports) Confidential Presentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco
28
Cisco Substation Automation / Integration Switching and Routing Functionality
Layer 2 FeatureMAC Address Table Size Port Security (port / VLAN MAC limits) Configurable Per VLAN MAC Learning HW ready for Asymmetrical VLAN handling 802.1Q Trunking 802.1Q tunneling
CGS 25208K Yes Yes Yes Yes Yes
IE 30008K Yes Yes No Yes Yes
L2 Protocol TunnelingVLAN Mapping (1:1, 1:2, 2:2 Translation) 1:2 = Selective QinQ IEEE 1588 v2 / PTP Support and c37.238 Power Profile
YesYes Yes
YesNo Yes, Default Profile
Layer 3 FeatureBasic IP Unicast routing protocols (static and RIP versions 1 and 2)Advanced IP Unicast routing protocols (OSPF, EIGRP, IS-IS, and BGPv4) HSRP for dynamic load balancing and failover for routed links IPv6 Support Protocol Independent Multicast (PIM) for IP Multicast routing :PIM sparse mode (PIM-SM), PIMdense mode (PIM-DM), and PIM Confidential sparse-dense mode Presentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco
YesYes Yes Yes Yes
YesYes Yes Yes Yes29
Cisco CGS 2500 Series: Software Overview SecurityFeatureAdvanced 802.1x functionality with Guest VLAN, ACL assignment etc..
CGS 2520Yes
IE 3000Yes
Web authentication for non-802.1x clientsMAC Auth Bypass (MAB) for non-802.1x clients to get authenticated using their MAC address. Port Security
YesYes Yes
YesYes Yes
Storm ControlAccess Control Lists Control Plane Security DHCP Snooping / Dynamic ARP Inspection / IP Source Guard Dynamic ARP Inspection SSH / SSL / SCP RADIUS/TACACS+ SNMPv3 crypto STP Security Private VLAN UNI / ENI Port Types IEEE 802.1AR (SUDI)Presentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
YesYes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
YesYes Yes Yes Yes Yes Yes Yes Yes Yes No No30
Cisco CGS 2500 Series: Software Overview Quality of ServiceFeatureIngress 2 Rate 3 Color Policing QinQ ingress classification Ingress Per port per VLAN Policing Layer 2 Layer 4 ACL Classification : Layer 4 ACLs to match on different types of SCADA traffic CoS or DSCP Re-Marking Egress Queues/ port
CGS 2520Yes Yes Yes Yes Yes Yes
IE 3000No (1 Rate 2 color policing only) No No Yes DSCP Only Yes
Strict Priority QueuingConfigurable Egress Queue Bandwidth Configurable Egress Buffers / Thresholds Enhanced Egress Queue /Port Shaping Granularity Congestion Avoidance Mechanism Hierarchical QoS QoS Statistics Per VLAN Statistics for GOOSE Per CoS / DSCP Statistics
YesYes Yes Yes Yes 2 level Egress shaping Yes YesCisco Confidential
YesYes Yes No Yes No No Yes
Ingress Statistics Cisco Systems, Inc. All rights reserved. Presentation_ID 2010
Bytes / packets
packets only
31
Cisco CGS 2500 Series: Software Overview Management Functionality
FeatureMODBUS Memory Maps Express Setup
CGS 2520Yes Yes Cisco Configuration Professional
IE 3000No Yes Cisco Network Assistant
Device Manager GUIUtility Specific Smartport macros DHCP Auto Config / Image upgrade Config Rollback / Replace SPAN / RSPAN Out-of-band management supports Telnet, TFTP, and SSHv2 SNMP v1, v2c, v3 Management port Power over Ethernet (PoE)
YesYes Yes Yes Yes Yes RS-232 serial console and USB Console Yes (CGS- 2520-16S-8PC)
NoYes Yes Yes Yes Yes RS-232 serial console No
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
32
Cisco CGS 2500 Series: Software Overview Remote Monitoring and Diagnostics
FeatureGeneric Online Diagnostics (GOLD) On Board Failure Logging (OBFL) Cisco Layer 2 IP SLA IEEE 802.1ag Connectivity Fault Management
CGS 2520Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes
IE 3000No No No No No Yes No Yes No Yes Yes No No Alarm outputs
IEEE 802.3ah Ethernet in the First MileCisco Layer 3 IP SLA TWAMP Responder (IETF) Time Domain Reflectometry (Copper ports) Digital Optical Monitoring (DOM) Uni-Directional Link Detection Embedded Event Manager (EEM) Port / VLAN Loopback with MAC Swap Dying Gasp Message for Loss of Power External Alarm Contacts
Alarm outputs and Alarm inputs
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
33
Cisco CGS 2500 Series: Software Overview High Availability / ScalabilityFeatureFlexlink (Back-up Interface) Link State Tracking Resilient Ethernet Protocol UDLD 802.1s / 802.1w EtherChannel / LACP / PAgP Cisco Hot Standby Routing Protocol Bidirectional Forwarding Detection Equal-cost routing provides for load balancing and redundancy Swap Drive Redundant / Field replaceable Power Supplies CWDM SFPs (8 wavelengths)
CGS 2520Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No
IE 3000Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
34
CGS 2500 Series Software Feature Overview SDM Template PerformancesFeatureLAN Base Layer 2 Template IP Services Default Template
L2 unicast MAC 8k 5k addresses L2 VLANs 1005 1005 (simultaneously active) VLAN IDs (Maximum) 4094 4094 IPv4 IGMP groups 1k *1k IPv4 multicast routes N/A *1k IPv4 unicast routes N/A 9K Number of VRFs N/A 26 Directly-connected IPv4 N/A 5k hosts L3 indirectly connected N/A 4k unicast routes IPv4 Policy Based N/A 512 Routing ACEs IPv4 QoS ACEs 512 512 MAC security ACEs (shared among VACL, 1k 1k PACL and RACL for input and output) * In the IP Services template, a total of 1K is available for IGMP groups + multicast routesPresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
35
CGS 2500 Series Software Feature Overview SDM Template Performances IPv4 / IPv6This depends on the IPv4-and-IPv6 SDM Template chosenResourceUnicast MAC addresses
IPv4-and-IPv6 Default2K
IPv4-and-IPv6 Routing1.5 K
IPv4-and-IPv6 VLAN8K
IPv4 IGMP groups and multicast routesTotal IPv4 unicast routes: Directly connected IPv4 hosts
1K3K 2K
1K2.75 K 1.5 K
1K0 0
Indirect IPv4 routesIPv6 multicast groups Total IPv6 unicast routes: Directly connected IPv6 addresses Indirect IPv6 unicast routes IPv4 policy-based routing ACEs IPv4 or MAC QoS ACEs (total) IPv4 or MAC security ACEs (total) IPv6 policy-based routing ACEs1
1K1K 3K 2K 1K 0 0.75 K 1K 0
1.25 K1K 2.75 K 1.5 K 1.25 K 0.25 K 0.75 K 0.5 K 0.25 K
01K 0 0 0 0 0.75 K 1K 0
IPv6 QoS ACEsIPv6 security ACEs
0.5 K0.5 K
0.5 K0.5 K
0.5 K0.5 K36
1. IPv6 policy-based routing is not supported.Presentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
CGS 2500 Series Software Feature Overview
Port Types Resilient Ethernet Protocol Flex-Link37
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
CGS 2520 Port typesThe Cisco CGS 2520 switch supports user-network interfaces (UNIs), network node interfaces (NNIs), and enhanced network interfaces (ENIs). Default configuration is NNI.Port Type NNI Functionality NNIs are typically connected to a router or to another switch (default status is administratively up) UNIs are typically connected to a host, such as a PC or a Cisco IP Phone (default status is administratively down)
UNI
ENI
ENIs have the same functionality as UNIs, but can be configured to support protocol control packets for Cisco Discovery Protocol (CDP), Spanning-Tree Protocol (STP), Link Layer Discovery Protocol (LLDP), and EtherChannel Link Aggregation Control Protocol (LACP) or Port Aggregation Protocol (PAgP) (default status is administratively down) 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Presentation_ID
38
Resilient Ethernet Protocol (REP) What is REP? Designed to meet fast convergence requirements in a large scale, layer 2 network, particularly for ring topologies Avoids the need for Spanning-tree in simple ring-based topologies Designed to operate with standard Ethernet hardware. Implemented on Cisco Connected Grid, Industrial Ethernet and Carrier Ethernet platforms.
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
39
Resilient Ethernet Protocol (REP) REP BenefitsFast and predictable convergence in ring topology Convergence time: 50ms in most conditions (will cover the details)
Deterministic and scalable Fast failure notification even in large rings with high number of nodes Alternate port Selection automatic or user configurable
Optimal bandwidth utilization with VLAN Load Balancing Spanning Tree Coexistence Limit the scope of Spanning-tree Topology Changes notification forwarded to Spanning Tree
Easy to configure and troubleshoot Topology archiving for easy troubleshooting Known fixed topology with preemption mechanisms Simple mechanism to setup the Alternate Port (blocking port)
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
40
Resilient Ethernet Protocol REP is a Segment ProtocolA B
Ports are explicitly configured to be part of a segment. When all the links in the segment are operational, a blocked port is determined so that there is no connectivity between the edges A,B through the segmentA B
If a failure occurs within the segment, the blocked port goes forwardingPresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
41
Resilient Ethernet Protocol Flexibility in supporting various topologiesBridged domainA D A E
Segment 2B C
B
M
Segment 1 Segment 3C F H G I H K D
E
Segment 1J K L
I
Segment 3L
Segment 2
J
F
G
Access and Aggregation rings
Sub-tending rings terminated on different rings
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
42
Resilient Ethernet Protocol Efficient Link failure Notification Distributed Protocol: Any REP port can initiate a switchover as long as it has previously acquired a secure key to unblock the alternate Flooded port. Using a Cisco Multicast address, the notification is forwarded in hardware so that each node in the segment is notified immediately without software involvement from any node.
Flooded Edge Switch Open Open Alternate Port Open Open Open
Link Failure notification FloodedSwitch D
Open Failed Failed Open
Flooded
Switch C
Link Failure notification Flooded
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
43
CGS 2500 Series REP LSL Ageout Timer Application Ability to configure the Link Status Layer (LSL) age-out timer Application: Normally, REP reacts to hardware link failure (LOS). However, when there are other transport mechanisms in between, it must rely on LSL hello to detect link failure. Examples of other transports are radio as shown below, Optical (xWDM, SONET/SDH), MPLS etc.
REP PortsWhen radio link goes down, REP ports will remain up for lsl age-out time and there are no topology changes for that time. Traffic going through here is lost unless one of the radio facing ports is already the blocked port. If lt ages out before the radio link comes back up, REP will trigger topology change and open the previously blocked port.
Configurable lsl-age-timer values: 120 to 10000 ms in 40-ms intervalsPresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
44
CGS 2500 Series REP Implementation Details REP is supported on NNI ports only (All ports are in NNI by default ) Supported over Etherchannel Supported on Layer 2 Trunk Ports only
REP and STP or REP and Flex Link not supported on the same segment or interface Protocol allows for a Maximum of 64 REP Segments per Switch (port limited for CGS 2520)
No Protocol limit on # of Nodes per Ring. Topologies with 16 and 32 Nodes tested Available in both CGS 2520 Software Images
Note: All switchports are NNI by default, there is no limitation on the number of ports in this mode Confidential image being used. or the Presentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco
45
REP Performance Summary of Cisco Testing Average convergence time under 50ms for UNICAST traffic and without VLAN Load Balancing . Etherchannel configured in the ring has no significant impact on convergence time. Etherchannel results are similar to non etherchannel results VLAN Load Balancing (VLB) has an impact on convergence time. (Greater than 50ms Avg convergence) Loss of Signal (LOS) detection is significantly faster with Fiber interfaces. For optimal network performance, Cisco recommends to always use Fiber ports for the REP ring if possible.
Cisco Confidential Do not DistributePresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
46
Network Topologies REP segment configurationTest Traffic VLAN 300 Test Traffic VLAN 300 3400-12CS 3400-24TS 2 3 4 5 6 7 8 9 10 11 12 Alternate 13 14 22 21 2 1 32 Test Traffic VLAN 300 2 1 16 15 14 13 6 27 7 8 9 12 11 10 Alternate 4 5 6 7 8 9 1 Test Traffic VLAN 300 Test Traffic VLAN 300 Test Traffic VLAN 300
3 31 3029 28 4 5
3
2
16 15 14 13 12 11 10 Alternate
32 Nodes 3400-24
26 25 24 23
16 Nodes 3400-12CS Etherchannel
16 Nodes 3750METest Traffic VLAN 300
1
15
1 20 16 6 17 18 19
16 Nodes 3750ME REP with STP
34 5 6 7 8 9
16
Test Traffic VLAN 300 15 14 13 12 STP
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Edge Port REP Segment Alternate Port
Background Traffic Test TrafficCisco Confidential Do not DistributeCisco Confidential
11 10
47
Flex-Link OverviewActive
Spanning TreeFast failover
Standby
Flex-Link operates as a pair of Layer 2 interfaces, where one interface is configured to act as a backup to the other active interface. Supports layer 2 link redundancy for Hub and Spoke / Tree topologies The feature provides a redundant data path as an alternative solution to the Spanning Tree Protocol (STP), allowing users to turn off STP and still provide link redundancy. Interoperate with UDLD to provide heart beat exchange in networks with repeatersPresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
48
Flex-Link Features and Benefits
Ease of use Avoids the complexity that can be associated with configuring and running the STP protocol Fast link fail over Flex-Link failover is handled entirely within interrupt context while STP is handled at process level Optional VLAN Load Balancing FlexLink Mac Move Notification (MMN) to improve down stream convergence time
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
49
CGS 2500 Series Software Feature Overview
Quality of Service
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
50
CGS 2500 Series Quality of Service FeaturesIntroduction QoS is configured via the Modular QoS CLI (MQC) MQC also supported on CGR 2010 for a consistent QoS infrastructure Basic steps for MQC QoS configuration:1. Define a class-map. A class-map is used to identify a specific type of traffic. This is referred to as classification.2. Define a policy-map. This step creates a QoS policy by specifying the type or class of traffic on which to perform specific QoS functions, and the specific functions to perform on the traffic. 3. Associate a class-map with a policy-map One or more class-maps can be associated with a policymap.
4. Apply the policy-map to a port. Apply the policy map to the appropriate interfaces.Presentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
51
CGS 2500 Series Quality of Service FeaturesSummary of Capabilities Input PoliciesTwo Rate, Three-Color policers (2R3C) per class or aggregate Classify by VLAN, CoS, DSCP, IP precedence, L2 ACL, and IP ACL QinQ inner to outer CoS propagation Mark by CoS, DSCP, IP precedence, and QoS group
Output PoliciesClassify by CoS, DSCP, IP precedence, and QoS group
Weighted tail drop congestion managementClass-based and interface-based traffic shaping Class-based, weighted fair queuing (CB-WFQ) Priority queuing (a.k.a. LLQ) Priority policing
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
52
CGS 2500 Series QoS Packet Flow DiagramVLAN Translation configured on Port QoS Actions at Ingress QoS Actions at Egress Egress Queue/ Schedule Congestion ControlWTD for congestion control. (3 thresholds per queue.) Egress scheduling with shaping, CB-WFQ & LLQ.
VLAN Translation / QinQ1:1 VLAN Translation: Swap the CE-VLAN with the configured SVLAN. The Customer CoS will be retained.
Classification
Policing
Marking
Inspect incoming packets for VLAN ID, CoS, DSCP, IP Prec, & ACL.
Ensure conformance to a specified rate.
Act on Policer decision. Reclass or drop out-of-profile packets.
1:2 VLAN Translation: Add a new SVLAN tag with configured SVLAN. The Customer CoS will be propagated to the SVLAN Tag CoS Marking (by default)
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
53
Ingress 2R3C Policing: Overview
CGS 2500 supports for 2-Rate 3-Color policing for individual, aggregate AND Per Port Per VLAN policing- Ability to configure Committed information rate (CIR) and conform burst (Bc) - Ability to configure the peak information rate (pir) and peak-burst (Be) - Ability to configure conform-action, exceed-action and violate-action
Ability to configure drop as a Conform-action for both 2R3C and 1R2C policers Policer CIR/PIR can be configured in the range- 8 Kbps to 1 Gbps with a granularity of 8 Kbps Policer Bc / Be can be configured in the range- 8 KB to 1 MB with a granularity of 8 KB
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
54
Ingress 2 Rate 3 Color Policing Conditional Marking OptionsAction Transmit set-qos-transmit set-cos-transmit set-dscp-transmit set-prec-transmit Table-map drop1 ConformYes Yes Yes Yes Yes Yes Yes
ExceedYes Yes Yes Yes Yes Yes Yes
ViolateYes Yes Yes Yes Yes Yes Yes
1. If conform action is configured as drop, then both exceed and violate actions are required to be drop. If exceed action is configured as drop, then violate action is required to be drop
Note: Most of the CGS 2500 competitors do NOT support Conditional Marking capabilitiesPresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
55
Egress Shaping GranularityPort shaping CGS 2500 has Enhanced Port Shaping Granularity:Port Speed 1000M 100M Range 5M-1000M 500K-100M Granularity 1M 500K
10M
100K-10M
100K
Additional (more granular values in the allowed range) values can be configured, but may not produce the expected accuracy.
Note: A CLI warning message will be provided for GigE ports if the user attempts to configure a port-shaper rate less than 5M while speed is set to auto or 1000M.
Class-based shapingClass Shaping Granularity: The class (queue) shaping granularity is 64 Kbps. This is independent of the configured port speed
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
56
CGS 2500 Series Priority Policing A priority queue can consume all available bandwidth and thus starve all other queues (potential DoS attack) To prevent this, MQC supports two features Priority policing with the police command OR Conditional policing with the priority command The hardware does not support output policing in any way However, if we consider that a shaper with a small queue acts like a policer, then we can mimic priority policing by using a shaper with a small queue
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
57
CGS 2500 Series QoS ScaleScalability AttributeIngress Policers ( Total supported in HW)1 Ingress Policers per Port (across the hierarchy for PPPV)
CGS 25201024With CPS enabled: 45 (user configurable) With CPS disabled: 64 (user configurable)2,3
Egress Class Shapers / Egress Queues per port Egress Port Shapers Ingress Queues Class Maps Total Output Policy: Attached Class Maps per Policy Map (Includes class-default) Transmit Buffer Memory (Set per queue via Queue-Limit)
4 per port 1 per port N/A 1024 4
2M Bytes Platform Total (shared for 26 ports)
1. The no. of user configurable policers will also depend on other system level resources. This is dependent on the switch running-config / type of policer-actions etc. However, when the system resources are exhausted, the following error message is displayed and input policy is not applied to the interface. Add Policy failed for interface FastEthernet0/16 Service Policy attachment failed *Mar 1 00:08:01.472: %QOSMGR-4-QOS_TCAM_RESOURCE_EXCEED_MAX: Exceeded a maximum of QoS TCAM resources 2. 12.2(53)EX and later, the user can disable Control Plane Security.
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
58
CGS 2500 Series QoS Hierarchical Output Policy ApplicationIEDfa0/1
CGS 2520 Station Bus Switchgi0/1 (speed 100)
WiMax Radio
IED
WiMax Network
2M Port ShaperMatches WiMax transport bandwidth
SCADA TrafficPriority Queue
Other TrafficBest Effort, 1M CIR Able to burst to port shaper rate if SCADA not using the bandwidth
WiMax 2M Bandwidth over the air10/100 copper Ethernet port facing CGS 2520
Interface Configuration for Uplink interface GigabitEthernet0/1 description uplink to Wimax switchport mode trunk load-interval 30 media-type rj45 speed 100 duplex auto service-policy output parent-2M
Egress QoS Policy for Uplink class-map match-all scada match ip dscp ef policy-map child class scada priority class class-default bandwidth 1000 policy-map parent-2M class class-default shape average 2000000 service-policy child
H-OPM Benefit: The CGS 2500 Hierarchical Output Policy ensures SCADA traffic gets priority treatment over best effort traffic, even though the uplink has been shaped to match the WiMax bandwidth59
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
CGS 2500 Series RFC 2544 tests
Throughput, Latency, Frame Loss and Back-to-Back
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
60
Cisco CGS 2520 RFC 2544 TestsBradner Throughput64CGS-252024TS CGS-252016S-8PC
128
256
512
1024
1280
1518
Line Rate Line Rate Line Rate Line Rate Line Rate Line Rate Line Rate Line Rate Line Rate Line Rate Line Rate Line Rate Line Rate Line Rate
Bradner Latency64CGS-252024TS CGS-252016S-8PC
12820779 20779
25633541 33541
51258382 58382
1024
1280
1518
14848 14848
106570 130442 154572 106570 130442 154572
in nano secs Using 100% Load61
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Cisco CGS 2520 RFC 2544 TestsBradner Frame Loss64CGS-252024TS CGS-252016S-8PC
128
256
512
1024
1280
1518
0%0%
0%0%
0%0%
0%0%
0%0%
0%0%
0%0%
Frames transmitted at line rate between all test port pairsmeasure % loss between partner pairs
Bradner Back-to-Back64CGS-252024TS CGS-252016S-8PC
1281689180 1689180
256905800 905800
512469920 469920
1024239460 239460
1280192300 192300
1518162540 162540
2976200 2976200
Start line rate for 20 secs between all test port partner pairs Reducing packet burst size until packet count total Rx = total TxPresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
62
Cisco CGS 2500 Series Network Management Cisco Express SetupWeb Browser based initial configuration, eliminating the need for CLI knowledge. Cisco Configuration Professional Intuitive GUI based device manager that easily applies common services across Cisco rugged switches and routers. CiscoWorks LAN Management Solution Network discovery, mapping, monitoring, diagnosis, and Cisco IOS Software deployment
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
63
Cisco CGS 2500 Series Cisco Configuration Profession (CCP)CGS 2520 Switches
Ver 2.6
CGR 2010 Router
Simplifies Substation Router and Switch Deployment and Management
Free download at: cisco.com/go/ciscocpEnhanced for Utility deployments GUI-based Device Manager Unified interface for: Routing Switching Security Utility specific configurations Easy-to-Use Wizards Benefits: Lower Total Cost of Ownership Productivity: Quick Set-up Ease of use: No CLI knowledge required Cost Savings: Lower operator skill set Increased Uptime: Easy-to-comprehend charts for troubleshooting & monitoring Reduce human errors
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
64
Cisco CGS 2500 Series Initial Switch Set-up Cisco Express set-upSet Up Button
Easy to Use
1
Power up device Wait until SYSTEM light is solid and SETUP LED is blinking
23 4 5
Press SETUP button onceWait for port light to blink and connect this port with an Ethernet cable to the PC Pull up browser from PC
Blinking Port LEDPresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
65
CGS 2500 Series Utility Specific Software Features
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
66
Cisco CGS 2500 Series: Software OverviewSubstation Automation Service EnablersFeature Support For GOOSE Messaging Description Fast Convergence Protocols for Ring / Hub-and-Spoke Deployments Advanced QoS / Statistics (VLAN Based functionality) Intelligent VLAN Handling (HW ready- asymmetrical VLAN support) Ability to match on SCADA protocols like DNP3 IP MODBUS TCP IEC 60870-5-104
SCADA protocol classification support
IEC 61850 MMS IEC 61850 GOOSE
Layer 2 Layer 4 ACL Classification : VLAN / 802.1P (CoS) / Ethertype classification for GOOSE traffic Layer 4 ACLs to match on different types of DNP3 IP / IEC 61850 MMS traffic
MODBUS Memory Map Support Utility Specific Smart Port Macros Hardware Based SecurityIEEE 802.1AR
The MODBUS Memory map can be used by HMI applications to query the Cisco CGS 2520 switches for information using the MODBUS protocol. Default global or interface-level macro with a recommended configuration, allowing the user to easily set up the switch in a configuration optimized for utility deployments. IEEE 802.1AR cryptographically binds a security credential to the Cisco CGS 2520 Switch (HW based) during manufacturing that provides a HW based, cryptographically secure unique identity to the switch.
Enhanced Device Manager CGS 2520 switches can be configured and monitored using Cisco Configuration for Utility Specific Professional (CCP) with enhanced Menus targeted to make Utility Specific Configuration 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential / Monitoring configurations easier. 67 Presentation_ID
CGS 2500 Series GOOSE Messaging Overview#3 #1
GOOSE messaging is based on a publisher / subscriber model. GOOSE Type-1 messages are Time critical (delay < 3-10 ms)
DataSetA
For Example Trip Message
#2
In this Case, Physical Device#2 (PD2) and Physical Device#3 (PD3) have subscribed to DataSet#A on Physical Device#1 (PD1)- Publisher When the GOOSE control block is configured on PD1 to enable GOOSE messaging (See next slide for details) to monitor DataSet#A, an associated VLAN and Cos marking is also configured on PD1 (In addition to the Dest Multicast MAC address to be used). This VLAN and CoS Marking is used on the Network- switches to restrict the flooding of GOOSE traffic
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
68
CGS 2500 Series GOOSE Messaging SupportREQUIREMENTS Reliability No confirmation from receiver Fast Retransmits on data change Periodic Slow retransmits without data change CGS 2520 FUNCTIONALITY
Fast Reconvergence mechanisms for sub 50 ms failover. Ring Deployments: Resilient Ethernet protocol Hub and Spoke Deployment: Flexlink
Quality of Service
802.1P (CoS) bits based QoS Different message types used for different events. Type 1 events are typically trip signals- Ability to match on VLANs , to provide granular control / information on a per VLAN basis. High Priority. VLAN Priority (802.1P bits) used to communicate Per VLAN Statistics to proactively monitor GOOSE traffic Priority.
VLAN Based Multicast Ethernet VLAN used to restrict flooding of Multicast traffic.
Intelligent VLAN handling capabilities HW Support for Asymmetrical VLAN processing
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
* At69 FCS
Cisco CGS 2500 Series Smart Port Functionality Cisco recommended configuration templates. Protects against mis-configuration Ease of use: User does not need to be familiar with IOS. Smart port macros configure Security, QoS and Logging functionality. CGS 2520 supports 2 types of smart port macros: Global Macro: Interface Level:IEDs Switches Routers Wireless access point HMI / Desktop SnifferPresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Substation Network Station Bus
Primary WAN
Secondary WAN
Interface-macro: router
Distributed Controller
RTU DFR
IEC 61850 Station BusInterface-macro: switch
Interface-macro: IED
IED
IED
IED
IED
Process Bus to Switchyard Devices70
CGS 2500 Series MODBUS Memory Map Support MODBUS memory map support for integration with existing MODBUS based utility applications (like HMI applications) CGS 2520 exposed important system and port information to the application using MODBUS memory maps:HMI polls IED as well as switch using MODBUS memory maps.
HMI
IED
System info:-Product ID -Software Version -System Name -Management IP address
- Port info:-Detailed Port Statistics -Port STP State
CGS 2520
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
71
Cisco CGS 2500 SeriesIntelligent SCADA Protocol HandlingDNP3 / IEC 61850 MMS Messages to SCADA: CGS-2500 matches traffic based on TCP / UDP Port info and marks QoS- DSCP / 802.1P DNP3 / IEC 61850-MMS Messages to SCADA master: No QOS marking on SCADA traffic
CGS 2520 switches support advanced QoS functionality for proper handling of SCADA traffic
IEC 61850 Station BusWAN
GOOSE: GOOSE VLAN 10 802.1P (CoS) based QoS
SCADA traffic Classification Criteria:
GOOSE traffic Classification Criteria:
Layer 4 information- TCP / UDP port informationAction: - Mark all SCADA traffic as Priority traffic. - Proactively monitor SCADA traffic statistics to ensure no drops
VLAN / 802.1P (CoS) bitsAction: - Prioritize GOOSE traffic based on 802.1P (CoS) marking - Proactively monitor GOOSE traffic statistics to ensure no drops
Benefits: Proper QoS marking allows user to prioritize SCADA traffic and guarantee Quality of Service and reliable transmission over the WANPresentation_ID 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
72
Cisco CGS 2500 SeriesNetwork Diagnostics Proactively monitor different network parameters such as Latency, Frame loss. End to-end service (connectivity) verification
Cisco products rich suite of Ethernet OAM protocols: Connectivity Fault Management / 802.1ag TWAMP / Layer 3 IP SLA / IP SLA (Layer 2)WAN
End-to-end service verification between substations for protection applications Proactively monitor WAN latency to ensure proper functioning for protection applications
Distributed Controller
Distributed Controller
RTU DFR
IEC 61850 Station Bus
IEC 61850 Station Bus
RTU
Substation #1
IED
IED
IED
IED
IED
IED
IED
Process BusCisco Confidential
Process Bus
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Substation #273
Cisco CGS 2520 & CGR 2010 Detailed Compliance SpecificationsIEEE 1613 (C37.90.x) EMI Immunity Type TestsIEEE C37.90.3 (ESD) IEEE C37.90.2 (Radiated RFI) Enclosure Contact Enclosure Air Enclosure ports Signal ports D.C. Power ports A.C. Power ports Earth ground ports Signal ports IEEE C37.90.1 (Oscillatory) D.C. Power ports A.C. Power ports IEEE C37.90 (H.V. Impulse) Signal ports D.C. Power ports A.C. Power ports Signal ports D.C. Power ports A.C. Power ports
Test Level+/- 8kV +/- 15kV 35 V/m +/- 4kV @ 2.5kHz +/- 4kV +/- 4kV +/- 4kV 2.5kV common mode @1MHz 2.5kV common, 1kV diff. mode@1MHz 2.5kV common, 1kV diff. mode@1MHz N/A < 50V 5kV 5kV N/A < 50V 2kVac 2kVac
NotesRefer to footnote 1
Refer to footnote 1
IEEE C37.90.1 (Fast Transient)
Refer to footnote 1
Refer to footnote 1
Refer to footnote 1
IEEE C37.90 (Dielectric Strength) - TBD1Tested
Refer to footnote 1
with shielded cables on signal ports. Low-Voltage DC power port testing pending availability of Low-Voltage DC power supplyCisco Confidential
Cisco 2010 Cisco Systems,All rights reserved. 2010 Cisco Systems, Inc. Inc. All rights reserved. Confidential
74
Cisco CGS 2520 & CGR 2010 Detailed Compliance Specifications (cont.)IEC 61850-3 EMI Type TestsIEC 61000-4-2 (ESD) IEC 61000-4-3 (Radiated RFI ) Enclosure Contact Enclosure Air Enclosure Ports Signal Ports D.C. Power Ports IEC 61000-4-4 (Burst (Fast Transient)) A.C. Power Ports Earth Ground Ports Signal Ports IEC 61000-4-5 D.C. Power Ports (Surge) A.C. Power Ports Signal Ports D.C. Power Ports IEC 61000-4-6 ( Induced (Conducted) A.C. Power Ports RFI) Earth Ground Ports IEC 61000-4-8 Enclosure Ports (Magnetic Field) IEC 61000-4-29 (Voltage Dips & Interrupts) IEC 61000-4-11 (Voltage Dips & Interrupts) D.C. Power Ports A.C. Power Ports D.C. Power Ports A.C. Power Ports
Test Level+/- 8kV +/- 15kV 20 V/m +/- 4kV @ 2.5kHz +/- 4kV @ 2.5kHz +/- 4kV @ 2.5kHz +/- 4kV @ 2.5kHz +/- 4kV line-to-earth, +/- 2kV line-to-line +/- 2kV line-to-earth, +/- 1kV line-to-line +/- 4kV line-to-earth, +/- 2kV line-to-line 10V 10V 10V 10V 40 A/m continuous, 1000 A/m for 1s 30% for 0.1s, 60% for 0.1s, 100% for 0.05s 30% for 1 period, 60% for 50 periods 100% for 5 periods, 100% for 50 periods 30% for 0.1s, 60% for 0.1s, 100% for 0.05s Refer to footnote 1 Refer to footnote 1 Refer to footnote 1 Refer to footnote 1 Refer to footnote 1 Refer to footnote 1
Notes
Refer to footnote 1
Refer to footnote 1 30% for 1 period, 60% for 50 periods 100% for 5 periods, 100% for 50 periods 1Tested with shielded cables on signal ports. Low-Voltage DC power port testing pending availability of Low-Voltage DC power supplyCisco 2010 Cisco Systems,All rights reserved. 2010 Cisco Systems, Inc. Inc. All rights reserved. Confidential
Cisco Confidential
75
Cisco CGS 2520 & CGR 2010 Detailed Compliance Specifications (cont.)IEC 61850-3 EMI Type Tests (cont.)Signal Ports IEC 61000-4-12 (Damped Oscillatory) D.C. Power Ports A.C. Power Ports Signal Ports D.C. Power Ports
Test Level2.5kV common, 1kV diff. mode@1MHz 2.5kV common, 1kV diff. mode@1MHz 2.5kV common, 1kV diff. mode@1MHz 30V Continuous, 300V for 1s Refer to footnote 1 30V Continuous, 300V for 1s Refer to footnote 1
Notes
IEC 61000-4-16 (Mains Frequency Voltage)
IEC 61000-4-17 (Ripple on D.C. Power D.C. Power Ports Supply) Signal Ports IEC 60255-5 (Dielectric Strength) D.C. Power Ports A.C. Power Ports Signal Ports IEC 60255-5 (H.V. Impulse) D.C. Power Ports A.C. Power Ports1Tested
10% N/A < 50V 2kVac 2kVac N/A < 50V 5kV 5kV
Refer to footnote 1
Refer to footnote 1
Refer to footnote 1
with shielded cables on signal ports. Low-Voltage DC power port testing pending availability of Low-Voltage DC power supplyCisco Confidential
2010 Cisco Systems, Inc. All rights reserved.
76
Cisco CGS 2520 & CGR 2010 Detailed Compliance Specifications (cont.)Environmental Type TestsIEC 60068-2-1 (Cold Temperature) Test Ad
Test Level-40 F/-40C (duration 16 hours)
Notes
IEC 60068-2-2 (Dry Heat)
Test Bd
185F/85C (duration 16 hours)
CGS-2520-24TC tested for 100hrs CGS-2520-16S-8PC tested for 100 hrs CGR-2010 tested for 100 hrs
IEC 60068-2-78 (Humidity (Damp Heat)
Test Db
85% non-condensing +30C, 96 hours
Refer to footnote 1
IEC 60068-2-6 (Vibration)
Tests Fc
1g at (9-200Hz), 1.5g at (200-500Hz)
Refer to footnote 1
IEC 60068-2-27 (Shock)1Tested
Tests Ea
30g at 11ms
Refer to footnote 1
with shielded cables on signal ports. Low-Voltage DC power port testing pending availability of Low-Voltage DC power supplyCisco Confidential
Cisco 2010 Cisco Systems,All rights reserved. 2010 Cisco Systems, Inc. Inc. All rights reserved. Confidential
77
Cisco CGS 2500 Series Environmental Compliance Highlights IEEE 1613-2003 Substation NetworkingAmbient temperature of -40C to +60C in still air measured 30 cm from unit surface. Operational within 5 minutes of power on after prolonged cold soak at -40C 2008 Amendment requires maximum operating temperature (+60C) at altitudes up to 1500 meter
IEC 61850-3 Substation NetworkingRequires operating and storage/transportation temperatures and barometric pressures (altitudes) per IEC 60870-2-2
IEC 60870-2-2 Environmental ClassificationClass C for sheltered locations (e.g. substation control shed) Class C3 operating air temperature range of -40C to +60C Air pressure range of 106 kPa to 70 kPa (equal to 3000m altitude), independent of Class selection
UL 60950-1 Safety for Information Technology and Industrial Control EquipmentLimits on surface temperatures and caution marking for touchable hot spots
Environmental Type Test: operating at 85C continuously for 100+ hours. Additional IEC 61850-3 and IEEE 1613 compliance details can be found in the CGR 2010 and CGS 2520 datasheets. 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
78
Cisco CGS 2500 Series Summary Purpose-Built for Utility Substation Applications Hardware: Ruggedized - Fully compliant with IEC 61850-3 and IEEE 1613 specifications Designed for High MTBF No moving parts, Hot-swappable redundant AC and DC power supplies, CG Swap Drive Advanced QoS and Security features performed in hardware for deterministic behavior
Software: Advanced Cisco IOS feature set, based on industry leading Catalyst 2000 and 3000 Series Switches Both Layer 2 and Layer 3 services in a single hardware platform High Availability Resilient Ethernet Protocol and FlexLink
Presentation_ID
Utility specific features Smartports, GOOSE, MODBUS Management, QoS classification for Utility ProtocolsIndustry leading Security capabilities to address NERC-CIP compliance Comprehensive remote troubleshooting and performance monitoring capabilities
Fully Managed by Ciscoworks LMS and Cisco Configuration Professional 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
79
Presentation_ID
2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
80