View
2
Download
0
Category
Preview:
Citation preview
Today’s Topic:
Enabling the Industrial Internet of Things:How to Configure aStratix 5700
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
Manufacturing
Resources
Infrastructure
productive sustainable
Safer, more accessible
food supply
More efficient
wastewater treatment
Better energy management
in production facilities
Safer, more
cost-effective mining
More affordable
oil & gas production
More accurate & efficient
emissions monitoring
Enhanced protection from
catastrophic production failures
More personalized
pharmaceuticals
Less waste in
production processes
Internet of Things will help us improvethe standard of living for everyone
MORE
6
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION7
Opportunity
Internet of Things is the driver for the next IT CapEx cycle
INFORMATION
TECHNOLOGY
Connected Enterprise is our Vision of IT/OT Value Creation
OPERATIONS
TECHNOLOGY
Smart Manufacturing Leadership CoalitionGOVERNMENT & INDUSTRY
COLLABORATION
Industrie 4.0
Industrial Internet ConsortiumIndustrial IP Advantage
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC 8
More ‘Things’ are gaining the ability to communicate using the same network
technology as the Internet – Ethernet IP (Internet Protocol)
‘Things’ become the catalyst for better understanding complex processes and adapting
to changes quickly – smarter machines Smarter machines can be better controlled there-by increasing efficiency
Securing the architecture becomes increasingly important
Faster Time to Market
Lower Total Cost of Ownership
Improve Asset Utilization
Enterprise Risk Management
The Industrial Internet of Things (IIoT)
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
Disruptive Technology in Industrial Applications
Scalable Computing/Cloud
Mobility
Data Analytics
Smart ThingsINDUSTRIALInternet of Things
• Machine to machine coordination – high speed
• Mission critical assets – safety
• Integrated Control and Information
Security
Enablers
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
Actuators Terminals Audio VideoSensors Intelligent Motor Control
Industrial IoT Enhances the Connected EnterpriseIntegrated Control and Information
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
11
MATERIAL & TRANSPORT
INDUSTRIAL “THINGS”
PLCS & SCANNERS
PRINTERS & LABEL SERVICES
SHOP FLOOR PERSONNEL
MACHINES & TESTERS
Real-time data: alarms, events, states, energy, diagnostics, …
FINANCIALS HR LOGISTICS QUALITY WAREHOUSE
Transactional information: orders, supply network, product design …
ERP
COMMON SECURE NETWORK INFRASTRUCTURE
OT
IT
IT-OT CONVERGENCE
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.
delivers transformational value in productivity and global
competitiveness
Faster Time to Market
Improved AssetUtilization
$Lower Total Cost
of OwnershipEnterprise Risk Management
THE CONNECTED ENTERPRISE
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
The Industrial Workforce EvolutionManufacturing Transformation
IT/OT Convergence
Mobility & BYOD
Security Standards
Connected Devices
Big Data & Analytics
Technology Adoption Rate
Operations and Information Technology Operational Excellence
Manufacturing Workforce Outcomes
Career Certifications
Business Intelligence
“Smart” People
Competitive Challenge
and Advantage
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Managing Industrial Networks with
Cisco Networking Technologies
(IMINS)
5-Days Instructor-Led
Industrial Networking Specialist Exam
(Exam ID 200-401)
Fundamentals
of EtherNet/IP
(CCP180) / 1-Day
CONVERGENCE
NETWORKS &
SECURITY
CERTIFICATION
Managing Industrial Networks for
Manufacturing with Cisco
Technologies (IMINS2)
5-Days Instructor-Led
CCNA Industrial Exam
(Exam ID 200-601)
Stratix 5700 Configuration
(CCP179) / 2-Days
Essentials of Industrial Ethernet
Networks for the OT Professional
(CCP182) / 2-Days
Essentials of Industrial Automation
for the IT Professional
(CCP810) / 2-Days
Industrial IP Advantage Network Design
e-Learning / 12 hours
The Industrial IoT Curriculum
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Managing Industrial Networks
with CISCO Networking Exam
(IMINS / 200-401)
Managing Industrial Networks
for Manufacturing with Cisco
Technologies Exam
(IMINS2 / 200-601)
Interconnecting Cisco
Networking Devices 1 Exam
(ICND1 / 100-101)
CCNA Cisco Certified Network
Associate Exam
(CCNAX / 200-120)
No Certification
CISCO
INDUSTRIAL
NETWORKING
SPECIALIST
CCNA
ROUTING &
SWITCHINGCCENT
Exam
Certification
LEGEND
Paths to Cisco Industrial Certification
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
PUBLIC
PUBLIC - 5058-CO900H
Stratix 5700 Industrial Managed SwitchOverview Presentation
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Networks Infrastructure and Security Portfolio Overview
17
Advanced switching, routing and security features
Plant-floor and Enterprise integration
Common tools for Controls and IT
“On-Machine™” connectivity
Wireless connectivity
Improved Maintainability
Customization based on your plant’s needs
Stratix 8000™/Stratix 8300™
…and
Operations
and IT
Addressing
the needs of
Automation…
Stratix 5900™
Stratix 2000™
Stratix 5100™
Stratix 5700™
1783-NATR
ArmorStratix™ 5700
Stratix 5400™
Stratix 5410™
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Stratix Managed Switch Positioning
Stratix 5700™/ArmorStratix™ 5700
Support Layer 2 switching with
NAT, PoE and integrated DLR
Stratix 8000™/Stratix 8300™
Supports Layer 2 and Layer 3
routing with expansion modules
for maximum flexibility
Stratix 5400™
Supports Layer 2 and Layer 3
routing capabilities with an all
Gigabit (GE) platform
Stratix 5410
19" rack mount design with
Layer 2 or Layer 3 routing
and 10 Gigabit support
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Stratix 5700 Industrial Managed Switch
19
The Stratix 5700™ is a compact, scalable Layer 2 managed switch with embedded
Cisco technology for use in applications from small isolated, to complex networks. The
switch combines advanced Cisco technology and premier integration into the Integrated
Architecture to provide solutions for both Information Technology (IT) and Operations
Technology (OT) professionals
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Stratix 5700 Managed Switch Overview
3 base platforms offering 25 configurations
6, 10, 18 and 20 port base units
2 gig port option
SFP slots support multi & single mode fiber
Secure Digital flash card (optional)
Power over Ethernet (PoE)
PoE and PoE+ port configurable
Two software packages: Lite & Full
Dual independent power inputs
Alarm relays (2 inputs and 1 output)
Combo ports can be
either copper or SFP
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Stratix 5700 Managed Switches
Simplified Setup & Maintenance
SD card for easy device replacement
Default configurations
Common Smartports
DHCP per port IP addressing
Diagnostics and tools
Optimized Integration
Embedded Cisco technology provides
integration with enterprise network
FactoryTalk® View Faceplates for
status monitoring and alarming
Predefined Logix tags help diagnostics
retrieval
Studio 5000® add-on profiles for
configuration and monitoring
Stratix 5700™ Advanced Features
Power over Ethernet (PoE and PoE+)
delivers power over a single Ethernet cable
Network Address Translation (NAT)
reduces commissioning time
Integrated Device Level Ring (DLR)
connectivity helps optimize the network
architecture and provide consolidated
network diagnostics
Enhanced Security Options
Application/project based port access for machine protection
Encrypted administrative traffic and advanced security features such
as centralized authentication for plant protection
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
ArmorStratix 5700 Managed Switches
“On-Machine™” Technology
IP67-rated for dust and washdown
protection
Rugged M12 (D-coded) Ethernet
connectors for extreme environments
Efficient Design
Built-in SD card for simplified device
replacement
Gigabit ports (X-coded) for high
performance
Optimized Integration with Single
Network
Embedded Cisco technology provides
integration with enterprise network
FactoryTalk® View Faceplates for
status monitoring and alarming
Studio 5000® add-on profiles for
configuration and monitoring
ArmorStratix™ 5700
Access Switching
Using virtual LAN (VLAN) with
trunking from plant cell to cell
Quality of Service (QoS)
Power over Ethernet (PoE) delivers
48 V DC or 54V DC of power over the
same copper cable as Ethernet
Network Address Translation (NAT)
reduces commissioning time
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Catalog Information
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Key Software Features
Feature Highlights Lite Full Feature Highlights Lite Full
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Optimized IntegrationEmbedded Cisco Technology
Cisco IOS®
Software is the most widely leveraged
network infrastructure software in the world
Currently operating on millions of active systems, from
the small home office router to the core systems of the
world's largest service provider networks
Cisco's leadership in switching & routing
Providing Robust, Reliable and Secure Networking
and Integration
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Simplified Setup and Maintenance Common Configuration and Support Tools
Configure, Manage and Diagnose your network with familiar tools
Automation (OT) Professionals
FactoryTalk® Services tightly integrateinto the Integrated Architecture® system
Studio 5000AOP, Predefined Logix tags
FactoryTalk® View Faceplates – Sample Code website
Device Manager web Interface
IT Professionals
Cisco IOS software and Command Line Interface (CLI)
IT management tools: Cisco CNA, CiscoWorks, Cisco Prime, SNMP-based tools
Tight integration into joint Cisco and Rockwell Automation® Converged Plantwide Ethernet (CPwE) Architecture
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Simplified Setup and MaintenanceDefault Configurations and Smartports
Easy Switch configuration without being a network expert
Express Setup
Automatically sets switch configuration for typical automation applications
Smartports
Pre-defined port settings for
common automation and network
devices like Logix Controllers,
Desktop devices and Routers
Optimizes traffic through the port
and network
Minimizes latency
Express Setup
Purpose of Express Setup:
• Configure IP Address and Subnet Mask• Set a new password
Express Setup executes a global macro that configures the switch for typical industrial automation applications that use EtherNet/IP protocol:
• Enables IGMP snooping• Enables CIP and alarms• Configures QoS settings and classifies CIP, PIP and other traffic
Default IP Address of Stratix Switch for Configuration during Express Setup:169.254.0.1Username: blankPassword: switch
Express Setup
Steps for Express Setup:• Disable any wireless interfaces• Set your computer to obtain IP address via DHCP• Power on Stratix 5700• Wait for EIP Mod and Setup lights to flash green• Use a paper clip, press and release the Express Setup
button• Connect an Ethernet cable to the flashing switch port• Use your internet browser to navigate to
http:/169.254.0.1/express-setup.htm• Login:
• Username: blank• Password: switch
• Enter IP address, and select Subnet mask• Enter a new password• Disconnect cable and cycle power to switch
Smartport RolesSmartport Roles are recommended configurations for switch ports that:• Optimize switch connections• Provide security• Provide transmission quality• Provide reliability for traffic• Prevent port misconfigurations
Recommended to assign Smartportroles before connecting to devices.
Mismatches can:• Affect behavior of attached
device• Reduce the Quality of Service
(QoS) level• Reduce protection from Denial of
Service attacks• Disable or shutdown the port
Smartports
Copyright © 2013 Rockwell Automation, Inc. All rights reserved.
SegmentationVirtual Local Area Networks (VLANs)
Layer 2 network service, VLANs segment a network logically without being restricted by physical connections VLAN established within or across switches
Data is only forwarded to ports within the same VLAN Devices within each VLAN can only
communicate with other devices on the same VLAN
Segments traffic to restrict unwanted broadcast and multicast traffic
Software configurable using managedswitches
Benefits Ease network changes – minimize network cabling Simplifies network security management - domains of trust Increase efficiency
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Network SegmentationVLANs and Connected Routing
Segmentation through smaller building blocks enables
scalable, robust and future-ready network infrastructure Minimization of network sprawl
Smaller fault domains
Smaller broadcast domains
Smaller domains of trust (security)
Segmentation techniques Multiple Ethernet modules
Virtual Local Area Networks (VLANs)
Network Address Translation (NAT)
VLANs with NAT
Creating and Assigning VLANs
Creating a VLAN:
• Configure – VLANs• Click Create• Enter unique name of VLAN and unique VLAN ID• Click Done
Advanced VLAN Configuration Options:
• Spanning Tree Protocol (STP)• Prevents network loops by enabling only one
active path for traffic to use• Internet Group Management Protocol (IGMP)
Snooping• Forwarding IP multicast traffic to specific ports
rather than flooding all ports
Assigning a VLAN:
• Initially, all ports are assigned to the default VLAN• Assign individual switch ports to a VLAN in Port
Settings.
VLAN
Creating a VLAN:
• Configure – VLANs• Click Create• Enter unique name of VLAN and
unique VLAN ID• Click Done
Smartports
Assigning a VLAN:
• Initially, all ports are assigned to the default VLAN
• Assign individual switch ports to a VLAN in the SmartportConfiguration tab of the Smartports window.
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Simplified Setup and MaintenanceDHCP per Port Configuration
DHCP Persistence Assigns a specific IP address to each port
Device that is attached to a specific port receives the
same IP address each time
DHCP Server
10.10.2.1
10.10.2.2
10.10.2.3
10.10.2.4
DHCP Persistence
Steps for creating DHCP servers:
• Configure – DHCP• Enable DHCP• Create a DHCP Address Pool• In DHCP pool, enter a name• Enter the subnetwork IP address of the DHCP pool, the
last octet in the IP address should be 0• Choose Starting IP and Ending IP addresses• Default Router, typically last octet is 1
Configure DHCP Persistence:
• DHCP Persistence Tab• Assign an IP Address to the selected port
DHCP Persistence
DHCP Persistence Tab
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Advanced FeaturesIntegrated NAT
1:1 IP address mapping from a set of
local, machine-level IP addresses to the
end user’s broader plant network
Allows OEMs to deliver standard
machines to end users without
programming unique IP addresses
Simplifies machine integration into
end users’ networks and support of
duplicate machines
Reduce commissioning time with Network Address Translation
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
NAT is a service that allows the translation
of a packet from one IP address to another IP address:
NAT One to Many (1:n) – allows multiple devices to share one
“public” IP address, most common for Internet connections
NAT One to One (1:1) – allows the assignment of a unique “public”
IP address to an existing “private” IP address
NAT in Layer 2 switches (Stratix 5700/5400/5410 only):
Hardware-based translations with NO impact on performance
Supports multiple VLANs through NAT boundary
NAT in Layer 3 devices
Software-based translations with CPU loading
NAT device acts as the default gateway (router) for the devices on the inside
network
42
Network Address Translation (NAT)What is NAT?
Outside Subnet
(ex. 10.0.0.x)
Inside (Private) Subnet
(ex. 192.168.1.x)
NAT-enabled device
Network Address Translation (NAT)
NAT with Stratix 5700:
• Uses only one-to-one NAT• Can only replace IP addresses and does not act as a
router
Configure NAT:
• Create one or more unique NAT instances• All Smartport roles and VLANs need to be
configured before creating NAT instances• A NAT instance contains entries that define each
address translation• Private-to-Public translation for each device on
the private subnet that needs to communicate on the public subnet
• Gateway translation for the Layer 3 switch or router
NAT
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Enhanced Security Options
Protecting the Machine
Application/Project (CIP) based port access
Controller based port control (on/off)
Unauthorized device identification (tags) per port
Configurable port security
Preconfigured port security set-up via smartports
Configure number of devices allowed per port
Configurable device MAC ID authentication
Protecting the Plant
Encrypted administrative traffic
SSHv2, SNMPv3, and HTTPS
802.1x for user authentication
Multiple layers of password protection
Access Control Lists (ACLs) to apply
security policies per port
TACACS+ and Radius for centralized
authentication
Port Security
• Configure port security for Stratix 5700 switch ports• Configure port thresholds for Stratix 5700 switch
ports• Configure port mirroring
Why?
• When you need to limit the MAC addresses that can access a given switch port
• When you need to prevent traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm
• When you need to diagnose traffic issues on a network
MAC Security:
• Configure – Port Security• Select Enable• Enter number of secure MAC addresses allowed on
the port• Add a learned MAC address
• Click Edit for a the port• Click Add Learned MAC Addresses• Add or remove MAC addresses• Click Done
• Click Submit
MAC Security
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Optimized IntegrationIntegrated Architecture System
Studio 5000™ Add-on
Profile (AOP) for easy
configuration and
monitoring
Pre-designed
FactoryTalk® View
Faceplates for
monitoring and alarming
Pre-defined Logix tags
for monitoring and port
control
Using Studio 5000 Logix Designer
• Add a switch to an I/O configuration tree• Monitor switch performance• Monitor port status• Upload and download Stratix 5700 switch
configuration with Studio 5000 project
Why?
• When you need to monitor switch data from within a Logix Designer project
• When you need to upload data from a switch to a Logix Designer project or download data from a project to a switch
Uploading Configuration from a Switch:
• Open Logix Designer project• Right-click the Stratix and choose Properties• Click Save/Restore tab• Click Upload – enter password to continue
Downloading Configuration to a Switch:
• Make configuration changes• Click Download• Click Yes for warning message• Enter password
Studio 5000
Stratix 5700 ME Faceplate
Faceplates
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Simplified Setup and MaintenanceBuilt-in SD Card
Built-in SD Card stores switch configuration and (IOS) FW
Simplifies switch replacement transferring switch configuration and operating system to new HW
Quickly duplicate and manage configurations on multiple cards or store and copy on a PC
Store and restore configuration as part of Studio 5000 project
If SD card is installed upon power up, it will boot from the card
A
B
C
Visit us online
www.reynoldsonline.com
Recommended