Today’s Topic · 2016. 1. 1. · “On-Machine™” Technology IP67-rated for dust and washdown...

Today’s Topic:

Enabling the Industrial Internet of Things:How to Configure aStratix 5700

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION

Manufacturing

Resources

Infrastructure

productive sustainable

Safer, more accessible

food supply

More efficient

wastewater treatment

Better energy management

in production facilities

Safer, more

cost-effective mining

More affordable

oil & gas production

More accurate & efficient

emissions monitoring

Enhanced protection from

catastrophic production failures

More personalized

pharmaceuticals

Less waste in

production processes

Internet of Things will help us improvethe standard of living for everyone

MORE

6

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION7

Opportunity

Internet of Things is the driver for the next IT CapEx cycle

INFORMATION

TECHNOLOGY

Connected Enterprise is our Vision of IT/OT Value Creation

OPERATIONS

TECHNOLOGY

Smart Manufacturing Leadership CoalitionGOVERNMENT & INDUSTRY

COLLABORATION

Industrie 4.0

Industrial Internet ConsortiumIndustrial IP Advantage

Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC 8

More ‘Things’ are gaining the ability to communicate using the same network

technology as the Internet – Ethernet IP (Internet Protocol)

‘Things’ become the catalyst for better understanding complex processes and adapting

to changes quickly – smarter machines Smarter machines can be better controlled there-by increasing efficiency

Securing the architecture becomes increasingly important

Faster Time to Market

Lower Total Cost of Ownership

Improve Asset Utilization

Enterprise Risk Management

The Industrial Internet of Things (IIoT)


Disruptive Technology in Industrial Applications

Scalable Computing/Cloud

Mobility

Data Analytics

Smart ThingsINDUSTRIALInternet of Things

• Machine to machine coordination – high speed

• Mission critical assets – safety

• Integrated Control and Information

Security

Enablers


Actuators Terminals Audio VideoSensors Intelligent Motor Control

Industrial IoT Enhances the Connected EnterpriseIntegrated Control and Information


11

MATERIAL & TRANSPORT

INDUSTRIAL “THINGS”

PLCS & SCANNERS

PRINTERS & LABEL SERVICES

SHOP FLOOR PERSONNEL

MACHINES & TESTERS

Real-time data: alarms, events, states, energy, diagnostics, …

FINANCIALS HR LOGISTICS QUALITY WAREHOUSE

Transactional information: orders, supply network, product design …

ERP

COMMON SECURE NETWORK INFRASTRUCTURE

OT

IT

IT-OT CONVERGENCE

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.

delivers transformational value in productivity and global

competitiveness

Faster Time to Market

Improved AssetUtilization

$Lower Total Cost

of OwnershipEnterprise Risk Management

THE CONNECTED ENTERPRISE

Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC

The Industrial Workforce EvolutionManufacturing Transformation

IT/OT Convergence

Mobility & BYOD

Security Standards

Connected Devices

Big Data & Analytics

Technology Adoption Rate

Operations and Information Technology Operational Excellence

Manufacturing Workforce Outcomes

Career Certifications

Business Intelligence

“Smart” People

Competitive Challenge

and Advantage


Managing Industrial Networks with

Cisco Networking Technologies

(IMINS)

5-Days Instructor-Led

Industrial Networking Specialist Exam

(Exam ID 200-401)

Fundamentals

of EtherNet/IP

(CCP180) / 1-Day

CONVERGENCE

NETWORKS &

SECURITY

CERTIFICATION

Managing Industrial Networks for

Manufacturing with Cisco

Technologies (IMINS2)

5-Days Instructor-Led

CCNA Industrial Exam

(Exam ID 200-601)

Stratix 5700 Configuration

(CCP179) / 2-Days

Essentials of Industrial Ethernet

Networks for the OT Professional

(CCP182) / 2-Days

Essentials of Industrial Automation

for the IT Professional

(CCP810) / 2-Days

Industrial IP Advantage Network Design

e-Learning / 12 hours

The Industrial IoT Curriculum


Managing Industrial Networks

with CISCO Networking Exam

(IMINS / 200-401)

Managing Industrial Networks

for Manufacturing with Cisco

Technologies Exam

(IMINS2 / 200-601)

Interconnecting Cisco

Networking Devices 1 Exam

(ICND1 / 100-101)

CCNA Cisco Certified Network

Associate Exam

(CCNAX / 200-120)

No Certification

CISCO

INDUSTRIAL

NETWORKING

SPECIALIST

CCNA

ROUTING &

SWITCHINGCCENT

Exam

Certification

LEGEND

Paths to Cisco Industrial Certification

Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.

PUBLIC

PUBLIC - 5058-CO900H

Stratix 5700 Industrial Managed SwitchOverview Presentation


Networks Infrastructure and Security Portfolio Overview

17

Advanced switching, routing and security features

Plant-floor and Enterprise integration

Common tools for Controls and IT

“On-Machine™” connectivity

Wireless connectivity

Improved Maintainability

Customization based on your plant’s needs

Stratix 8000™/Stratix 8300™

…and

Operations

and IT

Addressing

the needs of

Automation…

Stratix 5900™

Stratix 2000™

Stratix 5100™

Stratix 5700™

1783-NATR

ArmorStratix™ 5700

Stratix 5400™

Stratix 5410™


Stratix Managed Switch Positioning

Stratix 5700™/ArmorStratix™ 5700

Support Layer 2 switching with

NAT, PoE and integrated DLR

Stratix 8000™/Stratix 8300™

Supports Layer 2 and Layer 3

routing with expansion modules

for maximum flexibility

Stratix 5400™

Supports Layer 2 and Layer 3

routing capabilities with an all

Gigabit (GE) platform

Stratix 5410

19" rack mount design with

Layer 2 or Layer 3 routing

and 10 Gigabit support


Stratix 5700 Industrial Managed Switch

19

The Stratix 5700™ is a compact, scalable Layer 2 managed switch with embedded

Cisco technology for use in applications from small isolated, to complex networks. The

switch combines advanced Cisco technology and premier integration into the Integrated

Architecture to provide solutions for both Information Technology (IT) and Operations

Technology (OT) professionals


Stratix 5700 Managed Switch Overview

3 base platforms offering 25 configurations

6, 10, 18 and 20 port base units

2 gig port option

SFP slots support multi & single mode fiber

Secure Digital flash card (optional)

Power over Ethernet (PoE)

PoE and PoE+ port configurable

Two software packages: Lite & Full

Dual independent power inputs

Alarm relays (2 inputs and 1 output)

Combo ports can be

either copper or SFP


Stratix 5700 Managed Switches

Simplified Setup & Maintenance

SD card for easy device replacement

Default configurations

Common Smartports

DHCP per port IP addressing

Diagnostics and tools

Optimized Integration

Embedded Cisco technology provides

integration with enterprise network

FactoryTalk® View Faceplates for

status monitoring and alarming

Predefined Logix tags help diagnostics

retrieval

Studio 5000® add-on profiles for

configuration and monitoring

Stratix 5700™ Advanced Features

Power over Ethernet (PoE and PoE+)

delivers power over a single Ethernet cable

Network Address Translation (NAT)

reduces commissioning time

Integrated Device Level Ring (DLR)

connectivity helps optimize the network

architecture and provide consolidated

network diagnostics

Enhanced Security Options

Application/project based port access for machine protection

Encrypted administrative traffic and advanced security features such

as centralized authentication for plant protection


ArmorStratix 5700 Managed Switches

“On-Machine™” Technology

IP67-rated for dust and washdown

protection

Rugged M12 (D-coded) Ethernet

connectors for extreme environments

Efficient Design

Built-in SD card for simplified device

replacement

Gigabit ports (X-coded) for high

performance

Optimized Integration with Single

Network

Embedded Cisco technology provides

integration with enterprise network

FactoryTalk® View Faceplates for

status monitoring and alarming

Studio 5000® add-on profiles for

configuration and monitoring

ArmorStratix™ 5700

Access Switching

Using virtual LAN (VLAN) with

trunking from plant cell to cell

Quality of Service (QoS)

Power over Ethernet (PoE) delivers

48 V DC or 54V DC of power over the

same copper cable as Ethernet


reduces commissioning time


Catalog Information


Key Software Features

Feature Highlights Lite Full Feature Highlights Lite Full


Optimized IntegrationEmbedded Cisco Technology

Cisco IOS®

Software is the most widely leveraged

network infrastructure software in the world

Currently operating on millions of active systems, from

the small home office router to the core systems of the

world's largest service provider networks

Cisco's leadership in switching & routing

Providing Robust, Reliable and Secure Networking

and Integration


Simplified Setup and Maintenance Common Configuration and Support Tools

Configure, Manage and Diagnose your network with familiar tools

Automation (OT) Professionals

FactoryTalk® Services tightly integrateinto the Integrated Architecture® system

Studio 5000AOP, Predefined Logix tags

FactoryTalk® View Faceplates – Sample Code website

Device Manager web Interface

IT Professionals

Cisco IOS software and Command Line Interface (CLI)

IT management tools: Cisco CNA, CiscoWorks, Cisco Prime, SNMP-based tools

Tight integration into joint Cisco and Rockwell Automation® Converged Plantwide Ethernet (CPwE) Architecture


Simplified Setup and MaintenanceDefault Configurations and Smartports

Easy Switch configuration without being a network expert

Express Setup

Automatically sets switch configuration for typical automation applications

Smartports

Pre-defined port settings for

common automation and network

devices like Logix Controllers,

Desktop devices and Routers

Optimizes traffic through the port

and network

Minimizes latency

Express Setup

Purpose of Express Setup:

• Configure IP Address and Subnet Mask• Set a new password

Express Setup executes a global macro that configures the switch for typical industrial automation applications that use EtherNet/IP protocol:

• Enables IGMP snooping• Enables CIP and alarms• Configures QoS settings and classifies CIP, PIP and other traffic

Default IP Address of Stratix Switch for Configuration during Express Setup:169.254.0.1Username: blankPassword: switch

Express Setup

Steps for Express Setup:• Disable any wireless interfaces• Set your computer to obtain IP address via DHCP• Power on Stratix 5700• Wait for EIP Mod and Setup lights to flash green• Use a paper clip, press and release the Express Setup

button• Connect an Ethernet cable to the flashing switch port• Use your internet browser to navigate to

http:/169.254.0.1/express-setup.htm• Login:

• Username: blank• Password: switch

• Enter IP address, and select Subnet mask• Enter a new password• Disconnect cable and cycle power to switch

Smartport RolesSmartport Roles are recommended configurations for switch ports that:• Optimize switch connections• Provide security• Provide transmission quality• Provide reliability for traffic• Prevent port misconfigurations

Recommended to assign Smartportroles before connecting to devices.

Mismatches can:• Affect behavior of attached

device• Reduce the Quality of Service

(QoS) level• Reduce protection from Denial of

Service attacks• Disable or shutdown the port

Smartports

Copyright © 2013 Rockwell Automation, Inc. All rights reserved.

SegmentationVirtual Local Area Networks (VLANs)

Layer 2 network service, VLANs segment a network logically without being restricted by physical connections VLAN established within or across switches

Data is only forwarded to ports within the same VLAN Devices within each VLAN can only

communicate with other devices on the same VLAN

Segments traffic to restrict unwanted broadcast and multicast traffic

Software configurable using managedswitches

Benefits Ease network changes – minimize network cabling Simplifies network security management - domains of trust Increase efficiency


Network SegmentationVLANs and Connected Routing

Segmentation through smaller building blocks enables

scalable, robust and future-ready network infrastructure Minimization of network sprawl

Smaller fault domains

Smaller broadcast domains

Smaller domains of trust (security)

Segmentation techniques Multiple Ethernet modules

Virtual Local Area Networks (VLANs)


VLANs with NAT

Creating and Assigning VLANs

Creating a VLAN:

• Configure – VLANs• Click Create• Enter unique name of VLAN and unique VLAN ID• Click Done

Advanced VLAN Configuration Options:

• Spanning Tree Protocol (STP)• Prevents network loops by enabling only one

active path for traffic to use• Internet Group Management Protocol (IGMP)

Snooping• Forwarding IP multicast traffic to specific ports

rather than flooding all ports

Assigning a VLAN:

• Initially, all ports are assigned to the default VLAN• Assign individual switch ports to a VLAN in Port

Settings.

VLAN

Creating a VLAN:

• Configure – VLANs• Click Create• Enter unique name of VLAN and

unique VLAN ID• Click Done

Smartports

Assigning a VLAN:

• Initially, all ports are assigned to the default VLAN

• Assign individual switch ports to a VLAN in the SmartportConfiguration tab of the Smartports window.


Simplified Setup and MaintenanceDHCP per Port Configuration

DHCP Persistence Assigns a specific IP address to each port

Device that is attached to a specific port receives the

same IP address each time

DHCP Server

10.10.2.1

10.10.2.2

10.10.2.3

10.10.2.4

DHCP Persistence

Steps for creating DHCP servers:

• Configure – DHCP• Enable DHCP• Create a DHCP Address Pool• In DHCP pool, enter a name• Enter the subnetwork IP address of the DHCP pool, the

last octet in the IP address should be 0• Choose Starting IP and Ending IP addresses• Default Router, typically last octet is 1

Configure DHCP Persistence:

• DHCP Persistence Tab• Assign an IP Address to the selected port

DHCP Persistence

DHCP Persistence Tab


Advanced FeaturesIntegrated NAT

1:1 IP address mapping from a set of

local, machine-level IP addresses to the

end user’s broader plant network

Allows OEMs to deliver standard

machines to end users without

programming unique IP addresses

Simplifies machine integration into

end users’ networks and support of

duplicate machines

Reduce commissioning time with Network Address Translation


NAT is a service that allows the translation

of a packet from one IP address to another IP address:

NAT One to Many (1:n) – allows multiple devices to share one

“public” IP address, most common for Internet connections

NAT One to One (1:1) – allows the assignment of a unique “public”

IP address to an existing “private” IP address

NAT in Layer 2 switches (Stratix 5700/5400/5410 only):

Hardware-based translations with NO impact on performance

Supports multiple VLANs through NAT boundary

NAT in Layer 3 devices

Software-based translations with CPU loading

NAT device acts as the default gateway (router) for the devices on the inside

network

42

Network Address Translation (NAT)What is NAT?

Outside Subnet

(ex. 10.0.0.x)

Inside (Private) Subnet

(ex. 192.168.1.x)

NAT-enabled device


NAT with Stratix 5700:

• Uses only one-to-one NAT• Can only replace IP addresses and does not act as a

router

Configure NAT:

• Create one or more unique NAT instances• All Smartport roles and VLANs need to be

configured before creating NAT instances• A NAT instance contains entries that define each

address translation• Private-to-Public translation for each device on

the private subnet that needs to communicate on the public subnet

• Gateway translation for the Layer 3 switch or router


Enhanced Security Options

Protecting the Machine

Application/Project (CIP) based port access

Controller based port control (on/off)

Unauthorized device identification (tags) per port

Configurable port security

Preconfigured port security set-up via smartports

Configure number of devices allowed per port

Configurable device MAC ID authentication

Protecting the Plant

Encrypted administrative traffic

SSHv2, SNMPv3, and HTTPS

802.1x for user authentication

Multiple layers of password protection

Access Control Lists (ACLs) to apply

security policies per port

TACACS+ and Radius for centralized

authentication

Port Security

• Configure port security for Stratix 5700 switch ports• Configure port thresholds for Stratix 5700 switch

ports• Configure port mirroring

Why?

• When you need to limit the MAC addresses that can access a given switch port

• When you need to prevent traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm

• When you need to diagnose traffic issues on a network

MAC Security:

• Configure – Port Security• Select Enable• Enter number of secure MAC addresses allowed on

the port• Add a learned MAC address

• Click Edit for a the port• Click Add Learned MAC Addresses• Add or remove MAC addresses• Click Done

• Click Submit

MAC Security


Optimized IntegrationIntegrated Architecture System

Studio 5000™ Add-on

Profile (AOP) for easy

configuration and

monitoring

Pre-designed

FactoryTalk® View

Faceplates for

monitoring and alarming

Pre-defined Logix tags

for monitoring and port

control

Using Studio 5000 Logix Designer

• Add a switch to an I/O configuration tree• Monitor switch performance• Monitor port status• Upload and download Stratix 5700 switch

configuration with Studio 5000 project

Why?

• When you need to monitor switch data from within a Logix Designer project

• When you need to upload data from a switch to a Logix Designer project or download data from a project to a switch

Uploading Configuration from a Switch:

• Open Logix Designer project• Right-click the Stratix and choose Properties• Click Save/Restore tab• Click Upload – enter password to continue

Downloading Configuration to a Switch:

• Make configuration changes• Click Download• Click Yes for warning message• Enter password

Studio 5000

Stratix 5700 ME Faceplate

Faceplates


Simplified Setup and MaintenanceBuilt-in SD Card

Built-in SD Card stores switch configuration and (IOS) FW

Simplifies switch replacement transferring switch configuration and operating system to new HW

Quickly duplicate and manage configurations on multiple cards or store and copy on a PC

Store and restore configuration as part of Studio 5000 project

If SD card is installed upon power up, it will boot from the card

A

B

C

Visit us online

www.reynoldsonline.com

Today’s Topic · 2016. 1. 1. · “On-Machine™” Technology IP67-rated for dust and washdown...

Documents

Transcript of Today’s Topic · 2016. 1. 1. · “On-Machine™” Technology IP67-rated for dust and washdown...