b0700CA L

B0700CA
REV L
I/A Series® System

The MESH Control Network Operation, and Switch
Installation and Configuration Guide
February 24, 2010
Invensys, Foxboro, I/A Series and the IPS logo are trademarks of Invensys plc, its subsidiaries, and affiliates.
All other brand names may be trademarks of their respective owners.
Copyright 2005-2010 Invensys Systems, Inc.

All rights reserved
SOFTWARE LICENSE AND COPYRIGHT INFORMATION

Before using the Invensys Systems, Inc. supplied software supported by this documentation, you
should read and understand the following information concerning copyrighted software.
1. The license provisions in the software license for your system govern your obligations
and usage rights to the software described in this documentation. If any portion of
those license provisions is violated, Invensys Systems, Inc. will no longer provide you
with support services and assumes no further responsibilities for your system or its
operation.
2. All software issued by Invensys Systems, Inc. and copies of the software that you are
specifically permitted to make, are protected in accordance with Federal copyright
laws. It is illegal to make copies of any software media provided to you by
Invensys Systems, Inc. for any purpose other than those purposes mentioned in the
software license.
Contents
Figures.................................................................................................................................... ix
Tables.................................................................................................................................. xiii
Preface................................................................................................................................... xv
Purpose ................................................................................................................................... xv
System Software Requirements ................................................................................................ xv
Audience ................................................................................................................................ xvi
Revision Information ............................................................................................................. xvi
Reference Documents ........................................................................................................... xvii
General Terms and Definitions .............................................................................................. xix
Application Software Terms and Definitions ........................................................................ xxiii
1. Introduction ...................................................................................................................... 1
Before You Begin ...................................................................................................................... 1
Warnings! ............................................................................................................................. 1
Cautions! .............................................................................................................................. 3
Notes .................................................................................................................................... 4
Order of Switch Configuration Procedures ............................................................................... 6
Getting the Latest (SCAS) Configurator Revision ..................................................................... 8
Common Concepts ................................................................................................................... 8
Edge Switches ....................................................................................................................... 8
Distribution Switches ........................................................................................................... 8
Uplink (ISL) Ports ................................................................................................................ 9
Determining ISL Root Bridge Links ................................................................................ 9
Syslog ................................................................................................................................. 10
“Switch Diag Files” Feature ................................................................................................ 10
FaultLock™ Feature ............................................................................................................... 10
Loop Detection Policy (LDP) ............................................................................................. 11
Virtual Local Area Network (VLAN) ................................................................................. 11
Configurable Network Switches .............................................................................................. 11
2. Installing the I/A Series Switch Configurator Application Software (SCAS).................... 15

Upgrading the I/A Series Switch Configurator Application Software (SCAS) .......................... 15
Preparation for Switch Configurator Application Software (SCAS) Installation ...................... 15
Installing The I/A Series Switch Configurator Application Software (SCAS) ........................... 18
SCAS Directory Structure ....................................................................................................... 19
iii
B0700CA – Rev L Contents
Site Directory ..................................................................................................................... 21

System/Site Location .......................................................................................................... 21
Diagnostic and Validation Logs .......................................................................................... 21
The I/A Series Switch Configurator Application Software (SCAS) .......................................... 22
3. Building a Configuration File.......................................................................................... 23

Getting Started ........................................................................................................................ 23
Building a Switch Configuration ............................................................................................. 27
Switch Setup Dialog Box ......................................................................................................... 29
Importing a SysDef Commit .............................................................................................. 30
Creating a Configuration Without Using the SysDef Commit Network Function ............. 35
Creating a Configuration, Step by Step .............................................................................. 37
Creating a Custom Configuration ........................................................................................... 42
Building an I/O Network Switch Configuration ..................................................................... 43
Hardware Setup for DFE Matrix Chassis Switches .................................................................. 44
Gold-Series Loop Detection Policy (LDP) License Key ...................................................... 47
Switch Configuration Parameters Dialog Box ......................................................................... 48
Configuring Switch Parameters ............................................................................................... 53
Disabling Unused Ports ...................................................................................................... 57
Appending Port Commands ............................................................................................... 60
Enabling Fast Ethernet Ports as Uplink Ports .......................................................................... 61
LinkFlap Settings .................................................................................................................... 64
Enabling and Port Setup for Network VLANs ........................................................................ 65
Enable and Setup Ports for I/O Network VLANs ............................................................... 70
I/O Network VLAN Priority Settings ................................................................................ 71
Appending VLANs ............................................................................................................. 71
VLAN Priority Settings ...................................................................................................... 73
Adjust Admin Path Cost ......................................................................................................... 74
Appending Port Commands ............................................................................................... 75
Comex Multicast Suppression (CMS) ..................................................................................... 75
Configuring Loop Detection (Security Enhanced Configurations Only) ................................. 77
The Basic Rules of Loop Detection Policy (LDP) .......................................................... 79
Configuring Loop Detection Rules ................................................................................ 79
Appending LDP Commands .............................................................................................. 85
Configuring Simple Network Time Protocol (SNTP) ............................................................. 86
Appending SNTP Commands ............................................................................................ 89
Configuring a Syslog Server ..................................................................................................... 90
4. Downloading/Uploading to/from a Switch via the I/A Series SCAS................................ 93

Connecting Ethernet Switch to the PC ................................................................................... 93
Default Passwords ................................................................................................................... 94
iv
Contents B0700CA – Rev L
Downloading to a Switch ........................................................................................................ 95

Downloading Configuration to a Switch ............................................................................ 98
Interrogating the Switch ................................................................................................ 98
Downloading the Config File ........................................................................................ 99
Changing Switch Passwords ............................................................................................. 101
Resetting Password ........................................................................................................... 103
Validating Switches Running Configuration .................................................................... 103
Port Mirroring ................................................................................................................. 105
Uploading Diagnostic Files from a Switch ............................................................................ 107
Setting Up Switch for Upload .......................................................................................... 107
Uploading Switch Diagnostic Information ....................................................................... 109
Uploading Switch Syslog Files .......................................................................................... 110
Uploading a V-Series Switch Syslog File ........................................................................... 111
5. Loop Detection Policy (LDP) Algorithms ..................................................................... 113

Activating / Disabling Loop Detection Policy (LDP) Algorithms .......................................... 113
Enabling LDP .................................................................................................................. 113
Disabling LDP ................................................................................................................. 114
Power Failures ....................................................................................................................... 115
6. Adding or Replacing an Existing Switch, Blade or NEM in

The MESH Control Network ........................................................................................... 117
Replacing or Adding a Network Switch/Blade ....................................................................... 118
Replacing or Adding a Network Expansion Module NEM (P0972YK/P0973FQ) ................ 119
Failure After NEM Module P0973FQ Installation ........................................................... 120
Switch Installation ................................................................................................................ 121
Determine Switch Use and Physical Layout ...................................................................... 121
Build the Switch Configuration ........................................................................................ 123
Configure the Switch ........................................................................................................ 124
7. Loading Configuration Files to/from Switches .............................................................. 127

Importing a Configuration “.sca” File from Switch Using SCAS ........................................... 128
Downloading an “.sca” Configuration File Using SCAS ........................................................ 129
8. Editing Files for the Switch Configurator Application Software .................................... 131
Editing Configuration Files ................................................................................................... 131
Adding/Editing Custom Configuration Files to the Device Type Drop Down Menu Box .... 132
Deleting Files from the Device Type Drop Down Menu Box ............................................... 132
9. Loop Detection Monitoring and Maintenance .............................................................. 135

Passive Monitoring ................................................................................................................ 135
Switch Ports Display ............................................................................................................. 135
v
Active Monitoring ................................................................................................................. 136

Monitoring LDP via NetSight® Policy Manager ............................................................. 136
Monitoring LDP Via the CLI Port ................................................................................... 140
CLI - LDP Rule Accounting (SCAS) .................................................................................... 141
CLI - LDP Rule Accounting (Manual) .................................................................................. 144
How to Import LDP from the Enhanced Network Switches into NetSight Policy Manager . 146
Create a Domain .............................................................................................................. 147
Assign Device to Domain ................................................................................................. 148
Using the Import from Device Wizard ........................................................................ 148
Import from Device ..................................................................................................... 149
Device Selection .......................................................................................................... 149
Read From Device ....................................................................................................... 149
Organize and Update ................................................................................................... 149
Merge Rules ................................................................................................................ 150
Finalizing the Policy Rules ........................................................................................... 152
Finalizing the Policy Roles ........................................................................................... 153
GVRP ......................................................................................................................... 155
VLANs ........................................................................................................................ 155
Verifying Rules and Roles ............................................................................................ 156
10. VLANs Usage on The MESH Control Networks ........................................................ 159
11. Downloading Qualified Firmware Images ................................................................... 167

Downloading Firmware via SCAS CLI Port .......................................................................... 167
Downloading Firmware via TFTP Service ............................................................................. 170
Set Up TFTP Service ............................................................................................................ 173
12. Troubleshooting.......................................................................................................... 181

Unable to Login to Switch .................................................................................................... 181
Configuration Error .............................................................................................................. 181
Invalid Input Detected During Configuration ...................................................................... 183
Unsuccessful CLI Connection Errors .................................................................................... 183
Cannot Start TFTP Server .................................................................................................... 185
Write to Flash Error .............................................................................................................. 186
Misconfigured Stack Ports (A-Series P0973BH/BJ/BK Switches Only) ................................. 187
Manually Configure Misconfigured Stack Ports ............................................................... 187
Configuration Error Messages ............................................................................................... 188
Configuration Warning Messages .......................................................................................... 194
vi
Contents B0700CA – Rev L
Appendix A. Switch Information Form ............................................................................. 197
Appendix B. Qualified Switch Firmware Compatibilities Matrix ...................................... 199

Qualified Switches for The MESH Control Network ........................................................... 199
Switch Utilization in the Security Enhanced Configurations ............................................ 200
Switch Firmware Compatibility ............................................................................................ 201
Appendix C. Understanding Loop Detection (Security Enhanced Configuration)............. 205

Introduction .......................................................................................................................... 205
Additional Information .................................................................................................... 206
Terms and Definitions ..................................................................................................... 206
Implementation Methodology For Security Enhanced Configuration .............................. 207
Deploying Loop Detection Policies ....................................................................................... 208
The MESH Security Enhanced Control Network Topologies ............................................... 210
“Linear” Networks ....................................................................................................... 211
Star Topology .............................................................................................................. 212
Double Star Topology ................................................................................................. 214
Inverted Tree Topology ............................................................................................... 216
Modified Inverted Tree Topology ............................................................................... 218
Appendix D. Understanding Virtual Local Area Networks (VLANs) ................................. 221

Introduction .......................................................................................................................... 221
VLAN Terms ................................................................................................................... 221
What Is a VLAN? ............................................................................................................. 223
Why Use VLANs? ............................................................................................................ 223
VLAN Benefits ................................................................................................................. 223
Increased Performance ................................................................................................. 223
Improved Manageability .............................................................................................. 224
Network Tuning and Simplification of Software Configurations ................................. 224
Physical Topology Independence ................................................................................. 224
Increased Security Options .......................................................................................... 224
Additional Benefits And Restrictions ................................................................................ 224
VLAN Challenges ............................................................................................................ 224
VLAN Best Practices ........................................................................................................ 225
Determine Reasons For Using VLANs ........................................................................ 225
Keep the Number of VLANs To a Minimum .............................................................. 225
VLAN “Security” Best Practices ....................................................................................... 225
Precautions for the Use of VLAN 1 “Default” ............................................................. 226
Types Of VLANS ................................................................................................................. 226
Port Based VLANs ........................................................................................................... 226
Protocol Based VLANs (Not Supported in The MESH Control Network) ...................... 227
MAC Based VLANs (Not Supported in The MESH Control Network) .......................... 227
VLAN Tagging ..................................................................................................................... 227
Access Ports ...................................................................................................................... 227
Trunk Ports ...................................................................................................................... 227
vii
VLAN Tagging Technologies ........................................................................................... 228

VLAN Operation .................................................................................................................. 228
VLAN Components ......................................................................................................... 228
VLAN Switch Operation .................................................................................................. 228
Receiving Frames from VLAN Ports ............................................................................ 228
Untagged Frames ......................................................................................................... 229
Tagged Frames ............................................................................................................ 229
Forwarding Decisions .................................................................................................. 229
Broadcasts, Multicasts, and Unknown Unicasts ........................................................... 229
Known Unicasts .......................................................................................................... 229
Configuration Process ........................................................................................................... 230
Defining a VLAN ............................................................................................................. 230
Classifying Frames to a VLAN ......................................................................................... 230
Conclusion ............................................................................................................................ 230
Appendix E. Quick Reference Guide ................................................................................. 231

Building a Switch Configuration File .................................................................................... 231
Custom Configuration ..................................................................................................... 232
Configuring the Switch ......................................................................................................... 232
Validating a Switch Configuration ........................................................................................ 233
Importing a Switch Configuration ........................................................................................ 233
Updating Firmware ............................................................................................................... 234
Clearing Stacked Ports (A-Series Switches Only) ................................................................... 234
Collecting Switch Diagnostic Information ............................................................................ 234
Viewing and Clearing Switch LDP Port Hits ........................................................................ 235
Setting Up Port Mirrors ........................................................................................................ 235
Changing the Switch’s CLI Prompt ...................................................................................... 236
Appendix F. I/A Series Switch Configurator Application Software Change Notice History
(K0173ZU) ....................................................................................................................... 237
viii
Figures
2-1. Internet Explorer Prompt ............................................................................................ 16
2-2. Switch Administration Tool Set (I/A Series SCAS) for
I/A Series MESH Control Network Systems Configuration Tools Installation
Window ...................................................................................................................... 17
2-3. Switch Configurator Setup Screen ............................................................................... 18
2-4. Switch Configurator Setup Screen - Change Directory ................................................ 18
2-5. Switch Configurator Setup Screen - Choose Program Group ...................................... 19
2-6. SCAS v3.3.3 and later Directory Structure .................................................................. 20
2-7. SCAS Default Configuration File Database Selection .................................................. 21
2-8. SCAS Configuration File Database Selection .............................................................. 21
3-1. Switch Configurator Interface Window ....................................................................... 27
3-2. Switch Configurator Interface Window - Software Revision ........................................ 28
3-3. Switch Setup Dialog Box ............................................................................................. 29
3-4. Commit Network Function Buttons ........................................................................... 30
3-5. Commit Import Method ............................................................................................. 31
3-6. Commit Disk Size ....................................................................................................... 31
3-7. SysDef Commit Disk Count ....................................................................................... 32
3-8. SysDef Commit File Extraction .................................................................................. 32
3-9. SysDef Commit File Extraction - Progress .................................................................. 33
3-10. Save SysDef Commit Network .................................................................................... 34
3-11. SysDef Configuration Setup - Step 1 ........................................................................... 34
3-14. Switch ID Name Pull-Down Menu ............................................................................ 38
3-15. Switch Configuration (Step-by-Step) (Step 1) ............................................................. 39
3-16. Uplink Modules Dialog Box ....................................................................................... 43
3-17. Switch Configuration Dialog Box - To Select Type of DFE Blade Installed ................ 44
3-18. Switch Firmware Revision Dialog Box ........................................................................ 45
3-19. Switch Configuration Dialog Box to Configure Switch’s Hardware ............................ 46
3-20. Enable LDP Policy License Key .................................................................................. 47
3-21. Assign/Enter PLD Policy License Key ......................................................................... 47
3-22. Switch Configuration Parameters Dialog Box ............................................................. 48
3-23. Flowchart for Assignment of Uplinks and Ports to VLAN ........................................... 55
3-24. Port Setup Dialog Box - for Selecting Unused Ports .................................................... 58
3-25. Port Setup Dialog Box - for Selecting Unused Ports on DFE-Series Chassis Switches . 59
3-26. Enable Port Window ................................................................................................... 60
3-27. Port Setup Dialog Box - for Selecting Uplink Ports ..................................................... 62
3-28. Port Setup Dialog Box - for Selecting Uplink Ports in DFE-Series Chassis Switches ... 63
3-29. LinkFlap Settings ........................................................................................................ 65
3-30. Setup VLAN Support .................................................................................................. 66
3-31. DFE Matrix Port Setup Dialog Box - for Selecting VLAN Ports ................................. 68
3-32. A-Series, V-Series and I-Series Port Setup Dialog Screen - for Selecting VLAN Ports .. 69
3-33. Setup VLAN Support Dialog Box ............................................................................... 70
3-34. Port Setup Dialog Box - for Adjusting Admin Path Cost ............................................ 74
ix
B0700CA – Rev L Figures
3-35. Comex Multicast Rate Limiting .................................................................................. 76

3-36. DFE Matrix Loop Detection Dialog Box - for Enabling LDP Rules ........................... 77
3-37. Loop Detection Port Setup ......................................................................................... 81
3-38. Enable/Disable LDP Dialog Box ................................................................................. 84
3-39. Configuring Simple Network Time Protocol Dialog Screen ........................................ 86
3-40. Configuring Syslog Servers Dialog Box ....................................................................... 90
4-1. Connecting PC to Ethernet Switches .......................................................................... 94
4-2. Switch Setup Dialog Box ............................................................................................. 95
4-3. CLI Switch Interface Dialog Box ................................................................................ 96
4-4. Interrogating Switch Dialog box ................................................................................. 98
4-5. Input Error ............................................................................................................... 100
4-6. Password Setup Dialog Box ....................................................................................... 101
4-7. SCAS Download Window Password Prompt ............................................................ 102
4-8. SCAS Download Window Password Changed .......................................................... 103
4-9. Configuration Validation Dialog Box ........................................................................ 104
4-10. Port Mirroring Setup Dialog Box .............................................................................. 105
4-11. Syslog File Upload .................................................................................................... 107
4-12. TFTP Server Dialog Box ........................................................................................... 108
4-13. Interrogating Switch Dialog Box ............................................................................... 109
7-1. CLI Switch Interface Dialog Box (Importing Configuration) .................................... 128
8-1. SCAS Drop Down Database Menu Dialog Box ........................................................ 133
9-1. Switch Ports Display - Typical .................................................................................. 136
9-2. Policy Manager ......................................................................................................... 137
9-3. Network Element Port Assignment ........................................................................... 140
9-4. Switch Setup Dialog Box ........................................................................................... 141
9-5. Configurator CLI Switch Interface Dialog Box ......................................................... 142
9-7. Create Domain Selection .......................................................................................... 147
9-8. Assign Devices to Domain ........................................................................................ 148
9-9. Organize and Update ................................................................................................ 150
9-10. Merge Rules .............................................................................................................. 151
9-11. NetSight Policy Services ............................................................................................ 153
9-12. NetSight Policy Roles ................................................................................................ 154
9-13. GVRP Disabled ........................................................................................................ 155
9-14. Egress List Setup - Policy Manager ............................................................................ 155
9-15. Egress List Setup - Selection View ............................................................................. 156
9-16. Verify All Devices ...................................................................................................... 156
11-1. SCAS CLI Port Firmware Download Dialog Box ..................................................... 168
11-2. Warning Window - Download Firmware .................................................................. 168
11-3. Firmware Download Setup Warning ......................................................................... 169
11-4. CLI Firmware Download Dialog Box ....................................................................... 169
11-5. Firmware Download ................................................................................................. 170
11-7. Start the TFTP Server ............................................................................................... 173
11-8. TFTP Server Configuration - Security Tab ............................................................... 174
11-9. TFTP Server Configuration - Ready for Use ............................................................. 175
11-10. Connecting PC to A-Series Ethernet Switches (P0973BH, P0973BJ and P0973BK) 176
x
Figures B0700CA – Rev L
11-11. Connecting PC to C-series (P0973BL/P0973HA) Ethernet Switch, Utilizing

1G Ethernet Port on PC ........................................................................................... 177
11-12. Connecting PC to C-series (P0973BL/P0973HA) Ethernet Switch Utilizing
100M Ethernet Port on PC ....................................................................................... 178
11-13. Connecting PC to DFE-Series Ethernet Switches ...................................................... 179
12-1. Failed to Set Trap Receiver ........................................................................................ 182
12-2. Unable to Set Link Flap Threshold ........................................................................... 182
12-3. Invalid Input Detected .............................................................................................. 183
12-4. Unsuccessful CLI Connection Error ......................................................................... 184
12-5. Unsuccessful CLI Connection Error (Alternate) ........................................................ 184
12-6. CLI Non-responsive .................................................................................................. 185
12-7. TFTP Server Error .................................................................................................... 185
12-8. Write to Flash Error .................................................................................................. 186
C-1. Small Network (Linear) (Security Enhanced Configuration) ..................................... 211
C-2. Medium Network (Star Topology) (Security Enhanced Configuration) .................... 213
C-3. Double Star Topology ............................................................................................... 215
C-4. Large Network (Inverted Tree Topology) (Security Enhanced Configuration) .......... 217
C-5. Large Network (Modified Inverted Tree Topology)
(Security Enhanced Configuration) ........................................................................... 219
xi
B0700CA – Rev L Figures
xii
Tables
1-1. Switch Configuration Procedures .................................................................................. 6
1-2. ISL Root Bridge Links ................................................................................................... 9
1-3. ISL Links to Switches in Higher Distribution Tiers ...................................................... 9
1-4. Invensys-Supplied Ethernet Switches .......................................................................... 12
3-1. Supported Features for Typical vs. Custom Configurations ......................................... 24
3-2. Supported Features and Limitations for Typical vs. Custom Configurations ............... 25
3-3. Switch Information for Switch Setup Dialog Box ........................................................ 35
3-4. Available DFE-Series Blade Listing ............................................................................. 44
3-5. Simple Network Time Protocol Supported Functionality ........................................... 88
4-1. Connection Cable for Non-Chassis Switches .............................................................. 93
10-1. Settings for A-series, C-series, and I-series in the Default Mode or When Port Priorities
Disabled is Selected ................................................................................................... 161
10-2. Settings for A-series, C-series, and I-series When Only VLAN 2 is assigned,
“I/A Control Port” and When Port Priorities Enabled is Selected .............................. 161
10-3. Settings for A-series, C-series, and I-series When More Than Two VLANs are Assigned
and When Port Priorities Enabled is Selected ........................................................... 162
10-4. Settings for V-series, in the Default Mode or When Port Priorities Disabled
is Selected .................................................................................................................. 162
10-5. Settings for V-series, When Only VLAN 2 is Assigned, “I/A Control Port” and
When Port Priorities Enabled is Selected ................................................................... 163
10-6. Settings for V-series, When More Than Two VLANs are Assigned and
When Port Priorities Enabled is Selected ................................................................... 163
10-7. Settings for Matrix DFE-series, in the Default Mode or
When Port Priorities Disabled is Selected .................................................................. 164
10-8. Settings for Matrix DFE-series When Only VLAN 2 is Assigned, “I/A Control Port”
and When Port Priorities Enabled is Selected ............................................................ 164
10-9. Settings for Matrix DFE-series When More Than Two VLANs are Assigned
and When Port Priorities Enabled is Selected ........................................................... 165
11-1. Switch Firmware ....................................................................................................... 171
12-1. Correct Prompt Formats for Switches ....................................................................... 181
12-2. Configuration Error Messages ................................................................................... 188
12-3. Configuration Warning Messages ............................................................................. 194
B-1. Qualified Switch Standard/Security Enhanced Configuration
Compatibilities Matrix .............................................................................................. 199
B-2. Qualified Firmware for Use in The MESH Control Network ................................... 201
B-3. Firmware Rules for Switches in The MESH Control Network .................................. 202
E-1. Correct Prompt Formats for Switches ....................................................................... 236
xiii
B0700CA – Rev L Tables
xiv
Preface
Purpose
The I/A Series® Switch Configurator Application Software (SCAS) for The MESH Control Net-
work was created for Invensys customers as a configuration tool specifically for Invensys®-sup-
plied Ethernet switches and can be used on switches in The MESH control network (with
I/A Series software, V8.x or later), the I/O network and the I/A Series control network (I/A Series
software, V7.x). Its purpose is to reduce the repetitive Command Line Interface (CLI) command
entries which are required to configure switches in The MESH control network, the I/O network
or the I/A Series control network, by allowing users to customize configuration files that define a
set of CLI commands downloadable via the serial port.
System Software Requirements

The I/A Series® Switch Configurator Application Software (SCAS) must be installed on a
machine with one of the following operating systems:
♦ Microsoft Windows XP®
♦ Microsoft Windows 2000®
♦ Microsoft Windows Server® 2003
For installation of this software, your default browser must be Microsoft® Internet Explorer ver-
sion 5.5 or later. The installation program uses HTML code and will not function correctly unless
5.5 or greater is used.
The machine must include a serial and Ethernet port, along with sufficient cabling and/or con-
verters to connect to the serial and/or Ethernet port of the switch being configured to support
CLI, SCAS, and TFTP operations.
! CAUTION
SCAS must not be installed on an existing I/A Series workstation with I/A Series
software. It is recommended that this tool be installed on a network administrator
machine, such as a laptop PC, as this machine must connect directly to the CLI
port of each switch.
! CAUTION
When configuring a network switch, use the latest version of SCAS. This version
can be found at the IPS Global Client Support Center (Global CSC) web site, dis-
cussed in “Getting the Latest (SCAS) Configurator Revision” on page 8.
Customers are encouraged to download and use the latest documentation and configurator
software on the IPS Global Client Support Center web site.
xv
B0700CA – Rev L Preface
For detailed and specific information on the Ethernet equipment, refer to the documentation sup-
plied by the switch vendor. These documents may also be available on the IPS Global Client Sup-
port Center web site at http://support.ips.invensys.com. The MESH Control Network documents
for I/A Series systems are available on The MESH Network Configuration Tool CD-ROM
(K0173ZU).
Audience
This document is intended for use by process engineering, operations, installation, and mainte-
nance personnel. They are expected to have a working knowledge of Ethernet LANs, Ethernet
switches and I/A Series configurations.
Revision Information
For this revision of the document (B0700CA-L), the following changes were made:
Global
♦ Changed references to “SysDef Commit Network function” to “System/Site Location
database”.
Preface
♦ Renamed terms in “Application Software Terms and Definitions” on page xxiii.
Chapter 1 “Introduction”
♦ Added a warning about changing the switch prompt to “Warnings!” on page 1.
♦ Added caution about the A-Series switches and for configuring copper switch ports
for the copper Address Translation Station (ATS) port to “Cautions!” on page 3.
♦ Added “Determining ISL Root Bridge Links” on page 9.
♦ Specified “SCAS 3.2.2 or later” in “FaultLock™ Feature” on page 10.
♦ Added the I-Series switches (P0973GA, P0973HB and P0973HC) to Table 1-4
“Invensys-Supplied Ethernet Switches” on page 12.
Chapter 2 “Installing the I/A Series Switch Configurator Application Software (SCAS)”
♦ Updated Figure 2-2 on page 17.
♦ Removed warning and added the I-Series switches (P0973GA, P0973HB and
P0973HC) to “The I/A Series Switch Configurator Application Software (SCAS)” on
page 22.
♦ Added “SCAS Directory Structure” on page 19.
Chapter 3 “Building a Configuration File”
♦ Added a note to “Getting Started” on page 23, regarding that the Typical configura-
tion is not supported for the I/O network.
♦ Updated Table 3-2 on page 25 to indicate compatibility with the I/O network.
♦ Updated “Building a Switch Configuration” on page 27.
♦ Updated Figure 3-3 “Switch Setup Dialog Box” on page 29.
♦ Updated “Importing a SysDef Commit” on page 30.
♦ Updated “Creating a Configuration, Step by Step” on page 37.
xvi
Preface B0700CA – Rev L
♦ Updated step 1 of “Creating a Custom Configuration” on page 42.

♦ Updated Figure 3-18 “Switch Firmware Revision Dialog Box” on page 45.
♦ Removed “Hardware Setup for I-Series Switches”.
♦ Minor updates to the introduction of “Switch Configuration Parameters Dialog Box”
on page 48.
♦ Updated Figure 3-30 “Setup VLAN Support” on page 66.
♦
Added “Enable and Setup Ports for I/O Network VLANs” on page 70 and “I/O Net-
work VLAN Priority Settings” on page 71.
♦ Added new switch firmware to Table 3-5 on page 88.
Chapter 4 “Downloading/Uploading to/from a Switch via the I/A Series SCAS”
♦ Updated Figure 4-3 on page 96 and Figure 4-10 on page 105.
♦ Added the Delete button to “Port Mirroring” on page 105.
Chapter 7 “Loading Configuration Files to/from Switches”
Chapter 8 “Editing Files for the Switch Configurator Application Software”
Chapter 11 “Downloading Qualified Firmware Images”
♦ Added P0973GA/GB/HB/HC to Table 11-1 on page 171.
Chapter 12 “Troubleshooting”
♦ Added “Unable to Login to Switch” on page 181.
Appendix B “Qualified Switch Firmware Compatibilities Matrix”
♦ Consolidated all qualified switch firmware compatibility tables into Table B-2 and
Table B-3.
Appendix E “Quick Reference Guide”
♦ Added “Changing the Switch’s CLI Prompt” on page 236.
Appendix F “I/A Series Switch Configurator Application Software Change Notice History
(K0173ZU)”
♦ Added the release notes for release version 3.3.3.
Reference Documents
The following I/A Series system documents provide additional or related information:
♦ The MESH Control Network Architecture Guide (B0700AZ, Rev D or later)
♦ I/A Series Control Network User’s Guide (B0400DV, Rev C or later)
♦I/A Series System Definition: A Step-by-Step Procedure (B0193WQ) or
♦ I/A Series System Configuration Component (IACC) User’s Guide (B0400BP).
♦ The MESH Control Network Architecture (PSS 21H-7C2 B3)
♦ The MESH Control Network Ethernet Equipment (PSS 21H-7C3 B4)
Refer to The MESH Control Network Architecture Guide (B0700AZ, Rev D or later) and the
following documentation for the hardware used in The MESH control network
xvii
♦ A-Series (P0973BH/P0973BJ/P0973BK) Switches, Hardware and Software Configura-

tion Instructions (B0700CH)
♦ The MESH Control Network Hardware Instructions for C-Series Switches
(P0973BL/HA) (B0700CJ)
♦ The MESH Control Network Hardware Instructions for N-Series Switches
(P0973AR/P0973AS/P0972YE) (B0700CK)
♦ V-Series (P0972WP/P0972YC) Switches, Hardware and Software Configuration Instruc-
tions (B0700CL)
♦ E7 Chassis and 16-port Fiber (P0972MK/P0972MJ) Switches, Hardware and Software
Configuration Instructions (B0700CM)
♦ I-Series (P0973GA/GB/HB/HC) Industrial Switches, Hardware and Software Configu-
ration Instructions (B0700CN)
♦ Media Converter Installation and Configuration Guide for Control Networks (B0700CP)
Refer to Control Network User’s Guide (B0400DV, Rev C or later) for the documentation for the
hardware used in the I/A Series control network.
xviii
General Terms and Definitions

10Base-T 10 Mb twisted-pair Ethernet
100Base-TX 100 Mb twisted-pair Fast Ethernet
100Base-FX 100 Mb fiber optic Fast Ethernet
1000Base-LX IEEE 802.3z specification for Gigabit Ethernet over two strands of
50/125 or 62.5/125 micron core MMF or 9/125 micron core SMF fiber
cable using long wavelength optical transmission.
1000Base-SX IEEE 802.3z specification for Gigabit Ethernet over two strands of
50/125 or 62.5/125 micron core MMF fiber cable using short wavelength
optical transmission.
1000Base-T IEEE 802.3ab specification for Gigabit Ethernet using CAT5 copper
Ethernet cable.
ANSI American National Standards Institute
Auto-Negotiation Signalling method allowing each node to select its optimum operational
mode (e.g., speed and duplex mode) based on the capabilities of the node
to which it is connected.
Backbone Another term for bus - refers to the main link that connects network
nodes. The term is often used to describe the main network connections
composing the network.
Beacon The packet type and packet on the network upon which the port disabling
is enacted.
BPP Beacon Priority Policy - A role/service that allows for the Beacon packet to
have the highest priority when propagating though the network. This
ensures the Beacon packet will be transmitted back to the PBQ in a
flooded switch.
BootP Bootstrap Protocol
Bridge Priority The range of priority values used to determine which device is selected as
Value the Spanning Tree root. This value can range from 0- 65535 for bridge
priority mode 802.1d (decrement by 1) or from 0-61440 for bridge
priority mode 802.1t (decrement by 4096).
CAT5 Category 5 Twisted Pair Cable - such as 10Base-T, 100Base-TX and

1000Base-T.
CBP (Circuit Breaker Policy) a role/service that disables a port when a Beacon
packet is received from an edge switch or from the tier below.
xix
Circuit Breaker A policy rule that will disable a port that receives an incoming packet of an
outgoing Beacon packet “Loop”.
Circuit Breaker This is used to refer to policy rule that will disable an uplink port that
PBQ/SBQ interfaces two root switches that receives an incoming packet of an outgo-
(CBPBQ/CBSBQ) ing Beacon packet “Loop”. This function is a subset of the Circuit
Breaker.
CLI Command Line Interface
Core Switch Refers to the main body of switches that provide the network with its
backbone connections. A core switch can also be considered an “edge
switch” in reference to the root; however the outer most edge switches
within the network are normally not considered to be core switches.
CoS Class of Service is based on the IEEE 802.1D (802.1p) standard specifica-
tion, and allows you to define eight priorities (0-7, with 7 granted highest
priority). CoS allows you to assign data to higher priority through the
device by delaying less critical traffic during periods of congestion. The
higher priority traffic through the device is serviced first before lower pri-
ority traffic. The Class of Service capability of the device is implemented
by a priority queueing mechanism.
CRC Cyclic Redundancy Check
CSMA/CD Carrier Sense Multiple Access/Collision Detection
Data Loop or Loop Refers to a condition where data traverses a redundant path with no
Path termination point.
DCE Data Communications Equipment (modem)
DSR Data Set Ready
DTE Data Terminal Equipment
DTR Data Terminal Ready
Edge Switch Refers to an outer switch in a network topology that is linked to the pri-
mary root or backup root bridge switch directly in one to two tier
configurations, and indirectly in three to four tier configurations.
ESD Electrostatic Discharge
Fast Ethernet (FE) Set of Ethernet standards that carry traffic at the nominal rate of 100 Mbit
per second.
FCS Frame Check Sequence
FTM Frame Transfer Matrix
xx
Full Duplex Transmission method that allows two network devices to transmit and
receive concurrently, effectively doubling the bandwidth of that link.
GARP Generic Attribute Registration Protocol
GBIC Gigabit Interface Converter
GVRP GARP VLAN Registration Protocol
HTTP Hypertext Transfer Protocol
ICMP Internet Control Message Protocol
IEEE Institute of Electrical and Electronics Engineers
IEEE 802.3 Defines carrier sense multiple access with collision detection (CSMA/CD)
access method and physical layer specifications.
IEEE 802.3ab Defines a media access method and physical layer specifications for
1000Base-T Gigabit Ethernet.
IEEE 802.3u Defines a media access method and physical layer specifications for
100Base-TX Fast Ethernet over CAT5 cable.
IEEE 802.3x Defines Ethernet frame start/stop requests and timers used for paused
flow control on full-duplex links.
IEEE 802.3z Defines a media access method and physical layer specifications for
1000Base Gigabit Ethernet.
IGMP Internet Group Management Protocol, used to establish host member-

ships in particular multicast groups on a single network.
IOM Input/Output Module
IP Internet Protocol
ISL Inter-Switch Link as defined in this document is a port designated as an

uplink port, which is defined as an Ethernet port connection that allows a
network switch to connect to other switches.
LAN Local Area Network
LDP Loop Detection Policy (described in detail in this document)
LED Light Emitting Diode
MAC Media Access Control
MDI Media Dependent Interface or Media Device Interface
MIB Management Information Base
xxi
MMF Multi-mode Fiber cable
NEM Network Expansion Module
PBQ Primary Beacon Queryer - The switch with the lowest IP address and with
the IGMP “Beacon” enabled.
Policy A group of rules which a network device uses to make forwarding, block-
ing or port-disable decisions.
PVID Port VLAN ID, The combination of the switch port's identification and
the VLAN ID.
RFC Request for Comment
RMON Remote Monitoring
Role A collection of services
RSTP Rapid Spanning-Tree Protocol (IEEE 802.1w standard)
Rule Hit An action when a packet classifier finds the packet.
Rules Packet classifiers that are used to identify packet types on the network.
RXD Receive Data
SBQ Secondary Beacon Query - The switch with the second lowest IP address
and with the IGMP “Beacon” enabled.
SCAS Switch Configuration Application Software
Service A collection of Rules
SFP Small Form Factor Pluggable (Type of Mini-GBIC)
SMF Single-mode Fiber cable
SNMP Simple Network Management Protocol
STP Spanning-Tree Protocol (IEEE 802.1d standard)
STP Loop Failure As defined in this document, a STP loop failure is defined as when a
network spanning tree (RSTP IEEE 802.1w) cannot isolate a redundant
path due to an incorrect configuration, either by a software configuration
and or a hardware configuration (i.e. incorrect cabling).
Syslog System Logging, Monitors Network Events and Status
TCP/IP Transmission Control Protocol/Internet Protocol
TFTP Trivial File Transfer Protocol
xxii
TXD Transmit Data
UTP Unshielded Twisted Pair
VLAN Virtual Local Area Network
Application Software Terms and Definitions

Clear Commit This function button clears the existing commit database data, allowing
Network Data the user to manually build a switch configuration that is not linked to the
SysDef Commit Network database. However, all configuration builds will
be linked to the selected System/Site Location Database.
Create a By utilizing this function, you are allowed to step through a switch config-
Configuration uration, and build one step at a time allowing for a systematic build, min-
(Step-By-Step) imizing efforts and confusion. However, this function minimizes some of
the flexibilities allotted by SCAS (see Table 3-1 “Supported Features for
Typical vs. Custom Configurations” on page 24 for more details).
Drop Down Menu The Drop Down Menu is a pull-down screen database that lists all the
switch configuration builds for any specific designated network
(System/Site Location).
DDM See Drop Down Menu.
Factory Default Factory Default is a configuration setting that clears the switch’s settings,
allowing for a clear configuration download.
Pre-selected This function is only utilized when a SysDef Commit Network is selected.
Network Defaults When this function is enabled, it links the selected switch to the predeter-
mined network settings, automatically setting up SCAS for the network
level settings, such as the following:
(Note: These settings are utilized when using the Step-By-Step function.)
♦ Network Admin Server settings
♦ SNTP parameter settings (user must select time zone)
♦ Bridge Priority settings (i.e Root switch designation)
♦ Spanning tree mode settings
♦ Device Port parameter settings
♦ Uplink (ISL) Port parameter settings
♦ Syslog Server parameter settings
♦ VLAN settings
Stacking Ports Stacking ports are ports that can be used to stack switches in an accentual
manner, making multiple switches as one (using a common CPU). Due to
the functionality of The MESH control network, it is imperative that you
do not use this functionally. However, since Stacking ports are 1 Gigabit
xxiii
ports, they can be configured to be utilized as uplink (ISL) ports. This

ability to configure the ports as ISL ports is done automatically by SCAS.
System/Site The System/Site Location, previously referred to as the SysDef Commit

Location Network is a pull-down screen database that lists all the previously
imported system commit disks (networks). This database (System/Site
Location) is directly linked to the Drop Down Menu Database.
Site Directory The Site Directory, previously referred to as the System Drop Down
Menu is a pull-down screen database that lists all the previously saved Sys-
tem/Site Locations.
Use Commit This function button allows you to enable the previously saved Sys-
Network Data tem/Site Location Network database, allowing you to use the committed
Switch ID Name pull-down screen to display all switch ID names linked
to this network.
xxiv
1. Introduction
This chapter provides an introduction to the I/A Series Switch Configurator Application
Software (SCAS) for an I/A Series® system with The MESH control network, the I/O network
or the I/A Series control network.
! WARNING
Revision 1.0.1 of the I/A Series Switch Configurator Application Software (previ-
ously referred to as The MESH Network Configuration Tool) must not be used
when configuring an A-series or C-series switch. Revision 1.0.3 and later of SCAS
supports the required setting for these types of switches.
! WARNING
Due to the enhancements and features available in revision 3.0.1 or later builds of
SCAS, configuration files built with revisions 2.2.6 or earlier versions of SCAS can-
not be used. To obtain a compatible copy of a running configuration build with
revision 2.2.6 or earlier versions of SCAS, refer to Chapter 7 “Loading Configura-
tion Files to/from Switches”. This function will save the earlier revision configura-
tion into the required “.sca” format.
NOTE
All switch information regarding The MESH control network in this document per-
tains to switches in the I/O network or the I/A Series control network, except where
otherwise specified.
Before You Begin

The following warnings, cautions and notes must be read and observed before continuing!
It is strongly recommended that you read this section for more information concerning switch
warnings and cautions before configuring a switch. Incorrect configuration will affect network
operation.
Warnings!
♦ When migrating from one firmware revision to another, it is highly recommended not
to migrate from a higher revision level to an earlier revision level. If this action is
required, the switch undergoing the change in revision level must be removed from
the network and rebooted with the earlier revision, then reconfigured. To reconfigure
the switch, refer to Chapter 4 “Downloading/Uploading to/from a Switch via the
I/A Series SCAS”, and also see Table B-1 “Qualified Switch Standard/Security
Enhanced Configuration Compatibilities Matrix” on page 199.
1
B0700CA – Rev L 1. Introduction
♦ SCAS 3.3.3 will set the prompt now so the switch name is included in the prompt.
However, manually changing the prompt is prohibited. If the switch prompt is mod-
ified, the SCAS will not function as desired. SCAS is expecting a given set of
characters to be returned by the switch when establishing communications with the
switch; changing this prompt will cause a failure during the configuration process.
♦ When configuring the stacking ports (copper uplink ports) of an A-series switch
(P0973BK/BH/BJ), these ports MUST be enabled as uplink ports prior to connecting
devices to them. This function is required for proper operations of the switch and also
I/A Series SMDH operations. By default the CLI Switch Interface in rev 3.0.1 will
configure these ports as required. The details on downloading a configuration to a
switch are discussed later in this document, in Chapter 4 “Downloading/Uploading
to/from a Switch via the I/A Series SCAS”.
♦ Switches should be configured off line, before they are connected to The MESH con-
trol network.
♦ WebView, the embedded web server built into the Invensys-supplied switch’s firm-
ware, should not be used for network switch configuration changes. It has been
observed that performing configuration changes via WebView can and will cause con-
figuration issues resulting in network failures. This application should only be used
for network switch observation. All configuration changes should be made using the
CLI, or SCAS.
♦ Switch installation, replacement and configuring should only be performed by per-
sonnel who are knowledgeable about The MESH control network
topologies/configurations for I/A Series systems, and fully understand the ramifica-
tions of modifications beyond device defaults. It is important that you have a
comprehensive understanding of the command line structure of the Invensys-supplied
switch and the concept of each command before manually configuring the switch, as
these rules and commands can have a significant impact on the network operation,
putting all aspects of the network at risk.
[For the Security Enhanced Configuration] Prior to deploying an LDP switch
configuration on the network, it is critical that deployment of the loop detection algo-
rithm (LDP) only be performed by personnel with a good understanding of the
network and the function of the policies that make up the algorithm.
♦ When installing a switch into The MESH control network, Rapid Spanning Tree Pro-
tocol (RSTP) must be enabled on the switch. If this function is disabled, then there is
high probability that the switch will cause network failures. If this setting must be
changed, it should be performed only by personnel who are knowledgeable about
Spanning Trees, the configuration of the Spanning Tree Algorithm, and its effects on
The MESH control network. Otherwise, the proper operation of the network could
be at risk. Setting the switch to the Spanning Tree Protocol (stp) mode will cause the
bridge to transmit only 802.1d BPDUs, and will prevent non-edge ports from rapidly
transitioning to the forwarding state.
Spanning Tree Protocol (stp) is not allowed on The MESH control network; how-
ever, RSTP is allowed.
2
1. Introduction B0700CA – Rev L
♦ If any port on the switch is used as an uplink port “bridge port” between switches, it is
very important that the switch spanning tree edge port protocol settings be configured
correctly, as well as all Fast Ethernet “end device” ports (such as FCPs, ZCPs, ATS,
and FCMs, or workstations). Failure to do so will cause system degradation during
switch failover, causing excessive packet flooding possibly resulting in system wide
network failures.
♦ AdminEdge is a switch feature that, when disabled, allows Fast Ethernet ports to be
used as “uplink” ports between two switches.
For all Fast Ethernet (100 Mb) “end device” ports, AdminEdge should be set to True
(Enabled). For all Fast Ethernet (100 Mb) uplink ports, AdminEdge must be set to
False (Disabled).
If this configuration is not performed correctly, severe system degradation can occur if
a Fast Ethernet (100 Mb) port is configured as a “end device” and then used as a
“uplink” link between two switches. This misconfiguration may result in severe conse-
quences to the network.
Cautions!
♦ Invensys currently does not recommend or support link aggregation on the switches.
♦ Configuring port mirrors should be performed only by personnel who are knowledge-
able about the effects of port mirroring and its impact on network operation. Do not
mirror active ports to other used ports, doing so results in an excessive increase in the
traffic levels routed by the switches.
♦ Leaving unused Ethernet ports enabled is a high security risk. It is recommended that
all unused Ethernet and uplink ports be disabled.
♦ If a blade, uplink expansion module, or Mini-GBIC module is added or removed
from the switch hardware configuration, the switch must be removed from the net-
work and re-configured. A complete software reconfiguration of the switch is
necessary after the device has been installed or removed from the switch.
♦ When using Chassis switches in the various topologies/configurations, the N7 series
Chassis switches (DFE-Gold and DFE-Platinum Blades) are not compatible with E7
series Chassis switches (second and third generation blades) at the root switch level.
Do not use an E7 and an N7 switch together as a root and backup root switch. It rec-
ommended that the Root and Backup root switches be the same switch type for
minimum impact on the network in the event of a root switch failure.
♦ Only one blade of each of the Chassis switches on the E7 Chassis switch (P0972MK)
should be set for primary or backup root; it should be the blade connecting the two
root switches.
♦ When configuring copper switch ports, special instructions are required when config-
uring the port for the copper Address Translation Station (ATS) ports. The following
switches can only support the copper ATS when the configuration modifications
specified below are made.
♦ DFE-series switches (Platinum/Gold) (P0972YG, P0973BR, and P0973BS) -
When attaching a copper ATS port to the DFE-series switches, no modifications
are required.
3
♦ I-series switches (P0973GA and P0973HC) - When attaching a copper ATS port
to an I-series switch the following command must be entered via the CLI:
“set port mdix mdix <port #>”
(See “Configuring Switch Parameters” on page 53 - Step 12 to add this command
to the switches configuration.)
Example: set port mdix mdix fe.1.2
♦ A-series switches (P0973BJ and P0973BK) - When attaching a copper ATS port
to an A-series switch, the command “set port duplex <port #>” may need to be re-
entered via the CLI port after the ATS has been connected to the switch port. The
additional “set” command cannot be added to the switch configuration since the
ATS may need to be attached at the time of command entry.
Example: set port duplex fe.1.2
♦ V-series switch (P0972WP) - The copper ATS port is not supported with the
V-series switch.
♦ When deploying LDP, it is critical that the designated root switch have the lowest IP
address between the root and backup root switches.
♦ When using Netsight® Policy Manager to manage a Security Enhanced Configura-
tion switch, you must have Policy Manager 3.0.1 or greater installed. In the event of a
root switch failure, 1) the LDP Beacon “PBQ” will become disabled, 2) the func-
tions of the root switch will move to the backup root switch 3) and the LDP Beacon
“SBQ” will become enabled. Once the root switch failure has been resolved and the
switch has been placed back on the network, the LDP Beacon “PBQ” will become
enabled, disabling the “SBQ”. Due to this event, the redundant root switch links
between the root and backup root will be viewed by LDP as a loop within the net-
work, which causes LDP to disable one of the links (the blocking port). This event
can be prevented if VLAN 2 is deployed on the network (as recommended). To do
this, move the root switch host ports to a secure VLAN “VLAN 2” which will resolve
the false port hits between the two root switches. The host port will be moved to
VLAN 2 “required for I/A” when assigning VLAN2 to a switch automatically when
using the Switch Configurator Application Software (SCAS).
♦ A-Series switches (P0973BH, P0973BJ, and P0973BK) - When installed as root
switches, they require their root bridging cabling to be reversed (i.e. Root port 27
connects to Backup Root port 28, and Root port 28 connects to Backup Root
port 27).
Notes
♦ When connecting ports between primary or secondary root devices, it is recom-
mended that the devices are all set to run either 802.1d or 802.1t. The path costs
must be consistent between uplinks “bridge ports” of all the devices.
♦ It is assumed that the user of SCAS is familiar with switched Ethernet network config-
uration techniques, terminology, and architecture. The network switch addresses,
switch name, and port assignments are assigned by SysDef or IACC. They are not
subject to user improvisation.
4
♦ When using the same configuration on another switch, the switch to which a configu-
ration file is to be downloaded must have the same hardware configuration as the
switch from which it was uploaded.
♦ Only two configuration files can be saved to any one switch and only one configura-
tion file may run at a time.
♦ It is recommended that one port on each managed Ethernet switch be reserved for
testing and diagnostic purposes. No devices should be connected to this port.
♦ On the E7 Chassis switch (P0972MK), configuration files cannot be downloaded or
uploaded directly from one switch module to another.
5
Order of Switch Configuration Procedures

To prepare a switch for service in The MESH control network, you will perform the following
tasks in the order listed below. This document will guide you through the process.
Table 1-1. Switch Configuration Procedures
# Task
1 (Optional) Install the I/A Series Switch Configurator Application Software (SCAS) on a net-
work administrator machine. This is discussed in Chapter 2 “Installing the I/A Series Switch
Configurator Application Software (SCAS)” on page 15.
2 Determine The MESH control network topology configuration for the switch’s network.
The following information must be obtained before a switch configuration build is attempted:
1. The I/A Series software revision hosting the switch.
2. If not using an imported SysDef Commit Network database, the following
information is required. Otherwise this information will be obtained for you.
(See “Importing a SysDef Commit” on page 30 for more details.)
♦ The switch's IP address; assigned during System Definition.
♦ Primary Trap IP address; assigned during System Definition.
♦ Secondary Trap IP address; assigned during System Definition. Required
for I/A Series workstation hosting the switch running I/A Series software
8.0 or 8.1.x.
♦ Switch Name; assigned during System Definition.
♦ I/A Series workstations IP Address hosting the switch.
♦ The Master and Backup Timekeeper IP addresses.
3. The following information can be obtained by interrogating the switch during
the configuration process:
♦ Type of switch.
♦ The switch's current running firmware revision.
♦ Hardware configuration (blade types) of the switch being configured.
6
Table 1-1. Switch Configuration Procedures (Continued)
# Task
2 4. The following information must be known and is required during an import
SysDef Commit, and should be known before a switch configuration build is
attempted:
♦ Will a Network Administrator workstation be used (i.e. NetSight Console,
etc.)? (Recommended)
♦ Will multiple Network Administrator workstations be used to monitor
Syslog switch information?
♦ The Network Administrator workstation IP Address(es), if used.
♦ Will VLANs be deployed? (Recommended) Read Chapter 10 “VLANs
Usage on The MESH Control Networks” and determine the VLAN port
assignment for each switch. All device ports requiring communications to
I/A Series devices must be assigned to VLAN 2, as well as all I/A Series
devices connected to the network must be connected to VLAN 2.
♦ Will LDP be deployed? (Recommended for Security Enhanced Configura-
tions only.) If so the LDP port assignments must be understood (see
Appendix C “Understanding Loop Detection (Security Enhanced Config-
uration)” on page 205), it is recommended when deploying LDP that
VLANs also be deployed.
♦ Will 100Mbit uplink (ISL) ports be utilized in the network (switch to
switch communications)? (Not Recommended)
♦ Which switch has been designated as the root and backup root switches?
5. Which ports are unused (i.e. “to be disabled”)?
6. If 100Mbit ports are to be used as ISL ports (Not Recommended), which port
will be used?
! WARNING
All I/A Series devices must be connected to Device ports which have been
assigned to VLAN 2 “I/A Control Ports”. If this is not done, the I/A Series
devices on the network will not communicate correctly with each other.
If VLANs are enabled, all switches in the network must have VLAN 2
“I/A Control Ports” set to “Enabled”.
3 Build a configuration file for the switch (Chapter 3 “Building a Configuration File” on
page 23).
4 Configure the switch (Chapter 4 “Downloading/Uploading to/from a Switch via the I/A Series
SCAS” on page 93).
5 Add the switch to the network (Chapter 6 “Adding or Replacing an Existing Switch, Blade or
NEM in The MESH Control Network” on page 117).
6 Activate the Loop Detection (LDP) Algorithm, if applicable (Chapter 5 “Loop Detection Pol-
icy (LDP) Algorithms” on page 113).
7
Getting the Latest (SCAS) Configurator Revision

Customers are encouraged to download and use the latest documentation and configurator appli-
cations on the IPS Global Client Support web site.
Depending on the time of installation, users may have different versions of SCAS. It is highly rec-
ommended to install or upgrade your switch configurator with the latest revisions of the software;
proceed to the IPS Global Client Support web site at:
http://support.ips.invensys.com
Proceed as follows:
1. After logging in to the web page, go to: Support -> Foxboro -> Product Information -
> Briefs/Product Releases -> then select MESH Network Switches Documentation.
2. Under Product Brief, select Mesh Network Config Tool K0173ZU Rev [x],
(where [x] = the tool’s revision).
3. Save the K0173ZU_[x].zip file (where [x] = the tool’s revision) to your hard drive.
4. Using WinZip, extract all files from K0173ZU_[x].zip to a directory called
C:\Program Files\Switch Configurator\K0173ZU_[x] directory, where [x] =
the revision of the tool.
5. Once all the files have been extracted from the zip file, the contents of the directory
(C:\Program Files\Switch Configurator\K0173ZU_[x]) must be copied to
the root directory of a CD or memory stick. It is highly recommend that it be copied
to a CD.
NOTE
For proper installation of SCAS, the content of the downloaded zip file must be
extracted to the root directory of a CD or USB drive before installing.
6. Proceed to Chapter 2 “Installing the I/A Series Switch Configurator Application Soft-
ware (SCAS)” on page 15 to finish installing the software.
Common Concepts
The concept of the edge switch and the uplink port are referenced frequently in this document.
Edge Switches
An edge switch is a switch which will not be configured as a root or backup bridge. The edge
switch usually interfaces I/A Series system devices (Control Processors, FCMs, and so forth) to the
root switches. Multiple root switches can be configured to take over as roots by adjusting the
Bridge Priority Value. However, normally only two roots exist, primary and backup root switch,
all other switches are defined as edge switches.
Distribution Switches
A distribution switch is configured as an edge switch. However, its function is to interface edge
switches to the root switches in multi-tiered topologies.
8
Uplink (ISL) Ports

Uplink ports or Inter-Switch Link (ISL) ports are unique and must be configured independently
from the standard ports. An uplink (ISL) port is defined as an Ethernet port connection that
allows network switches to connect to other switches.
Determining ISL Root Bridge Links

When determining which ISL ports to be used as root bridge links (i.e., the link between the two
root switches), use the guidelines in Table 1-2:
Table 1-2. ISL Root Bridge Links
Switch P/N1 Switch Type Ports Slot

P0972WP, P0972YC V-series Ports ge.1.25 & ge.1. 26 n/a
P0973BH, P0973BJ, A-series Ports ge.1.25 & ge.1. 26 n/a
P0973BK
P0973BL C2-series Ports ge.1.1 & ge.1. 2 n/a
P0973HA C3-series Ports ge.1.1 & ge.1. 2 n/a
P0973GA, P0973GB, I-series Not configurable as root n/a
P0973HB, P0973HC
P0973BQ, P0973BR, DFE-series (N-Series/ Ports ge.1.1 & ge.1. 2 Slot 1
P0973BS, P0973BT E-Series chassis) Platinum
P0972YG, P0972YJ DFE-series (N-Series/ Any two Gbit ports Any slot2
E-Series chassis) Gold
1. These switches are detailed in “Configurable Network Switches” on page 11.
2. DFE- series Gold switches must have all blades installed sequentially stating from left (slot 1) to
right.
When configuring distribution or edge switches, it is recommended that the ISL guidelines in
Table 1-3 be used to link the switches to the distribution tier above them:
Table 1-3. ISL Links to Switches in Higher Distribution Tiers

P0972WP, P0972YC V-series Ports ge.1.25 & ge.1. 26 n/a
P0973BH, P0973BJ, A-series Ports ge.1.27 & ge.1. 28 n/a
P0973BK
P0973BL C2-series Ports ge.1.1 & ge.1. 2 n/a
P0973HA C3-series Ports ge.1.1 & ge.1. 2 n/a
P0973GA, P0973GB, I-series Ports ge.3.1 & ge.3.2 n/a
P0973HB, P0973HC
P0973BQ, P0973BR, DFE-series (N-Series/ Ports ge.1.1 & ge.1. 2 Slot 1
P0973BS, P0973BT E-Series chassis) Platinum
9
Table 1-3. ISL Links to Switches in Higher Distribution Tiers (Continued)

P0972YG, P0972YJ DFE-series (N-Series/ Any two Gbit ports Any slot2
E-Series chassis) Gold
1. These switches are detailed in “Configurable Network Switches” on page 11.
2.
DFE- series Gold switches must have all blades installed sequentially stating from left (slot 1) to
right.
Syslog
Local Syslog and Syslog Server are two methods for recording system errors and logging events.
Local Syslog is a feature of the switch that records switch specific events in a text file format
located local to the switch in a file called current.log. This function can be applied to all
switches within The MESH network without adding any addition devices or applications. This
function is enabled by default when using the SCAS application, version 3.0.1 or later.
Syslog Server is a feature where all switches within the network send these events or errors to a
specified workstation, via SNMP protocol. (This is discussed in “Configuring a Syslog Server” on
page 90.) This allows for all individual switch messages to be collected at one location, giving you
insight to the network in its entirety (i.e. the big picture). However, the Syslog Server feature must
have a designated workstation installed with a Syslog Server application, and must not be hosting
any switches via SMDH. It is recommended when using these features to enable SNTP (Simple
Network Time Protocol) on the switch during the configuration process.
“Switch Diag Files” Feature

“Collect Switch Diagnostic Files” is a feature of the SCAS application, versions 3.2.2 and later.
This feature is an accumulation of switch information collected from a switch via the CLI port
(This is discussed in “Uploading Diagnostic Files from a Switch” on page 107.) This function
interrogates the switch, and then provides and records information on the running state of the
switch. This information can be used for trending the switch’s performance or troubleshooting
events that may have occurred or are occurring currently. By collecting this data, your TAC group
can evaluate the network performance and stability over a given time frame. This information can
also provide important details when troubleshooting the system. This information is essential
when accurately troubleshooting The MESH network.
FaultLock™ Feature
The FaultLock feature is unique to the A-series switch. It disables the switch in the event of
excessive memory faults. This feature is enabled by default on all A-series switches when using
SCAS 3.2.2 or later, and the default rate limit is set to 30 errors per minute.
When FaultLock detects memory errors exceeding the assigned rate limit, the switch will take
itself off-line. When this event occurs, the switch’s device port LEDs will flash at a one second rate
and the red CPU LED will flash at a 3/4ths second rate. When a PC is attached to the CLI port,
the following display messages may be seen:
♦ 31 SCAN errors detected
SoC Errors (31) reached Threshold. Shutting down PHYs and/or MAC
10
If the above event occurs, it is an indication of a switch failure/defect. Replace the switch as
described in Chapter 6 “Adding or Replacing an Existing Switch, Blade or NEM in The MESH
Control Network” on page 117.
Loop Detection Policy (LDP)

Due to the design of the Standard or Security Enhanced Configurations of The MESH control
network (described in The MESH Control Network Architecture Guide (B0700AZ)), redundant
links form physical loops in the network and are controlled (Blocked) by Rapid Spanning Tree
Protocol (RSTP), creating a logical loop-free network. In a Security Enhanced Configuration in
addition to RSTP, the Loop Detection Policy (LDP) is deployed to block redundant loops that
could occur in the event RSTP fails.
LDP determines a loop by establishing a well-known data path and its source. To establish a
known path, the concept known as the “Beacon” is developed. The Beacon routinely sends out an
IGMP data packet. When the data packet is seen at an unexpected source port, the assumption is
that a loop occurred and an action (Rule) needs to occur. A switch’s port deployed with “Circuit
Breaker” will disable the first port on which the incorrectly sourced packet is received.
Recent Chassis switches, such as the DFE-Series Platinum switches (P0973BQ, P0973BR,
P0973BT, and P0973BS), offer advanced packet switching services that can scope data packets
beyond the source and destination MAC-address. By looking at other data points in the packets,
the switch can make decisions on which of these data points to mark a packet on. Once a particu-
lar packet is identified, the switch can take action on it. The action of interest is disabling a looped
port. Disabling this looping port maintains a loop-free network. The switches alert the network
administrator with SNMP traps and syslog messages. These should be acted upon to 'fix' the net-
work loop in a timely manner. When disabled by the LDP, a disabled port can be monitored by
SMDH via a link down trap. Other methods of monitoring and management of ports can be
accomplished by utilizing the switch's CLI port or NetSight Policy Manager.
Additional details about LDP are provided in Appendix C “Understanding Loop Detection
(Security Enhanced Configuration)” on page 205.
Virtual Local Area Network (VLAN)

The VLAN allows devices located in separate areas or connected to separate ports to belong to a
single VLAN group. Devices that are assigned to such a group will send and receive broadcast and
multicast traffic as though they were all connected to a common network. VLAN-aware switches
isolate broadcast, multicast, and unknown traffic received from VLAN groups, so that traffic from
stations in a VLAN are confined to that VLAN.
Additional details about VLANs are provided in Appendix D “Understanding Virtual Local Area
Networks (VLANs)” on page 221.
Configurable Network Switches

SCAS is designed and tested for operation with the Ethernet switches/blades as described in
Table 1-4. The switches listed in this table are the only switches that can be configured using
SCAS. This software may operate with similar off-the-shelf equipment, but Invensys is not
responsible for any system malfunctions that may occur if such equipment is used.
11
Table 1-4. Invensys-Supplied Ethernet Switches
Invensys Document Internet

Description Part No. No. Vendor Address
24-Port Copper managed Switch P0972WP B0700CL Enterasys™ enterasys.com
switch with two1Gb copper
uplinks or two optional 1 Gb
fiber uplinks
24-Port Fiber managed Switch P0972YC B0700CL Enterasys enterasys.com
switch with two optional 1Gb
copper uplinks or two
optional 1 Gb fiber uplinks
24-Port Copper managed Switch1 P0973BH B0700CH Enterasys enterasys.com
switch with two
RJ-45 stacking/uplink ports
and two ports for Mini-GBIC
modules
24-Port Fiber managed Switch1 P0973BJ B0700CH Enterasys enterasys.com
switch with two RJ-45 stack-
ing/uplink ports and two
ports for Mini-GBIC modules
8-Port Copper/ 8-Port Fiber Switch1 P0973BK B0700CH Enterasys enterasys.com
managed switch with two
RJ-45 stacking/uplink ports
and two ports for Mini-GBIC
modules
24-Gigabit (SFP) Port man- Switch1 P0973BL/ B0700CJ Enterasys enterasys.com
aged switch with 24 ports for P0973HA
Mini-GBIC modules
8-Port Fiber Managed Switch P0973GB B0700CN Enterasys enterasys.com
Industrially Hardened Switch
providing eight 100Base-FX
ports with two 1000Base-X
uplink Gigabit (SFP) ports
24-Port Fiber Managed Switch P0973GA B0700CN Enterasys enterasys.com
providing twenty-four
100Base-TX ports with two
1000Base-X uplink Gigabit
(SFP) ports
16-Port Fiber Managed Switch P0973HB B0700CN Enterasys enterasys.com
providing sixteen 100Base-
FX ports with two
(SFP) ports
8/12-Port Fiber Managed Switch P0973HC B0700CN Enterasys enterasys.com
providing eight 100Base-FX
ports and twelve 100Base-
TX ports with two
(SFP) ports
12
Table 1-4. Invensys-Supplied Ethernet Switches (Continued)

N1 Chassis managed switch Chassis P0973AR B0700CK Enterasys enterasys.com
with forty-eight 100Base-FX Plug-in Gold DFE P0972YG
fiber ports with MT-RJ con- Blade 48-port TX
nectors, twenty-four or forty- w/RJ-45
eight 10/100Base-TX cop-
Plug-in Gold DFE P0972YJ
per ports with RJ-45 con-
Blade 48-port
nectors. In addition, each
100FX w/MT-RJ
blade has the option of add-
ing on an expansion module Plug-in Platinum P0973BQ2
containing six SFP 1 Gb DFE Blade 48-
uplink ports port TX w/RJ-45
Plug-in Platinum P0973BR2
DFE Blade 48-
Port 100FX
w/MT-RJ
Plug-in Platinum P0973BT2
DFE Blade 18-
Port SFP
Plug-in Platinum P0973BS2,3
DFE Bridging
Blade 24-port TX
w/RJ-45
N3 Chassis managed switch Chassis P0973AS B0700CK Enterasys enterasys.com
supports up to 3 blades con- Plug-in Gold DFE P0972YG
figured with 48-ports. In Blade
addition, each blade has the 48-port TX w/RJ-
option of adding on an 45
expansion module contain-
ing six 1 Gb uplink ports.
Blade
The N3 Chassis switch has
48-port 100FX
a total system capacity of
w/MT-RJ
144- ports or up to 72-SFP
1Gb uplink ports depending Plug-in Platinum P0973BQ2
on the module configuration. DFE Blade 48-
port TX w/RJ-45
DFE Blade 48-
Port 100FX
w/MT-RJ
DFE Blade 18-
Port SFP
DFE Bridging
Blade 24-port TX
w/RJ-45
13
Table 1-4. Invensys-Supplied Ethernet Switches (Continued)

N7 Chassis managed switch Chassis P0972YE B0700CK Enterasys enterasys.com
supports up to seven blades Plug-in Gold DFE P0972YG
configured with 48-ports. In Blade
addition, each blade has the 48-port TX w/RJ-
option of adding on an 45
expansion module contain-
ing six 1 Gb SFP uplink
Blade
ports. The N7 Chassis
48-port 100FX
switch has a total system
w/MT-RJ
capacity of 336-ports or up
to 168-SFP 1Gb uplink ports Plug-in Platinum P0973BQ2
depending on the module DFE Blade 48-
configuration. port TX w/RJ-45
DFE Blade 48-
Port 100FX
w/MT-RJ
DFE Blade 18-
Port SFP
DFE Bridging
Blade 24-port TX
w/RJ-45
E7 Chassis used w/Platinum Chassis P0972MK B0700CM Enterasys enterasys.com
blades is a managed switch Plug-in Platinum P0973BQ2,3
supporting up to seven DFE Blade 48-
blades configured with 48- port TX w/RJ-45
ports. In addition, each
Plug-in Platinum P0973BR2,3
blade has the option of add-
DFE Blade 48-
ing on an expansion module
Port 100FX
containing six 1 Gb uplink
w/MT-RJ
ports. The E7 Chassis
switch has a total system Plug-in Platinum P0973BT2,3
capacity of 336- FE ports DFE Blade 18-
with forty-two 1 Gb ports or Port SFP
up to 168 1 Gb ports config- Plug-in Platinum P0973BS2,3
ured as fiber or copper. DFE Bridging
When using the P0973BS Blade 24-port TX
blade the Chassis can sup- w/RJ-45
port older third generation
switches and Platinum
blades in the same Chassis,
refer to B0700CM for details.
1.
A-series and C-series switches, as indicated, must use Revision 1.0.4 or later versions of SCAS.
2. DFE-Series Platinum blades, as indicated, must use Revision 1.1.4 or later versions of SCAS.
3.
If Platinum blades are to be used in an E7 Chassis when populated with second and third generation
blades (P0972LS, P0972LT, P0972LU, P0972LV, P0972LW, P0972LX, P0972TY, and P0972TZ),
a bridging blade (P0973BS) must be used to link the two types of blades together.
14
2. Installing the I/A Series Switch
Configurator Application Software
(SCAS)
This chapter describes how to install the I/A Series Switch Configurator Application Software.
Upgrading the I/A Series Switch Configurator

Application Software (SCAS)
NOTE
SCAS revision 3.0.1 or later utilizes the CLI Switch interface via TeraTerm scripting
for downloading switch configurations. It is not backwards compatible with config-
uration files built with earlier revisions of the software nor are earlier revisions that
used the Invensys Default Configurator Tool for downloading switch configurations
compatible with SCAS revision 3.0.1 or later configuration files.
If it is necessary to update or reinstall SCAS, perform the following:

1. If already installed, uninstall your current version of SCAS. Open Add or Remove
Programs in the Control Panel. Click on Switch Configurator, then click
Change/Remove. Respond with Yes to remove the program and its components.
2. Follow the procedure in “Preparation for Switch Configurator Application Software
(SCAS) Installation” on page 15.
Otherwise, continue to the next section.
Preparation for Switch Configurator Application

Software (SCAS) Installation
Install the I/A Series Switch Configurator Application Software (SCAS) CD (K0173ZU) for the
I/A Series system Control Network. Refer to “System Software Requirements” on page xv for the
PC requirements.
Also, refer to Appendix F “I/A Series Switch Configurator Application Software Change Notice
History (K0173ZU)” on page 237 for a history of the previous revisions of this CD, and the
switches to which they pertained.
! CAUTION
SCAS must not be installed on an existing I/A Series workstation with I/A Series
software. Due to the required CLI switch interfaces, it is recommended that this
application is installed on a network administrator’s machine such as a laptop PC.
15
B0700CA – Rev L 2. Installing the I/A Series Switch Configurator Application
Proceed as follows:
1. Insert the K0173ZU CD into the CD-ROM drive of the PC.
The program will auto-run when the K0173ZU CD in inserted in the CD drive. If
the program does not auto-run, use Windows Explorer to navigate to the root direc-
tory of the CD and double-click on the “instruction.htm” file.
NOTE
If you do not have the K0173ZU CD, you can create a CD from the IPS Global Cli-
ent Support website. Refer to “Getting the Latest (SCAS) Configurator Revision” on
page 8.
2. On some versions of Internet Explorer, you are prompted with the following active
content message. If you see this dialog box, click Yes.
Figure 2-1. Internet Explorer Prompt
3. On the Home page, (not shown), please read the Warning, Cautions and Notes. At
the bottom of the page, click Next.
The Switch Administration Tool Set for I/A Series MESH Control Network Systems window appears
as shown in Figure 2-2.
16
2. Installing the I/A Series Switch Configurator Application Software (SCAS) B0700CA – Rev L
Figure 2-2. Switch Administration Tool Set (I/A Series SCAS) for
I/A Series MESH Control Network Systems Configuration Tools Installation
Window
NOTE
All switch documentation can be viewed by selecting the View MESH Network
Documentation link.
4. On the Switch Administration Tool Set window (Figure 2-2), click on the Install
Configurator Tool Set link.
NOTE
This selection will install both the SCAS software and all qualified switch firmware
(for use in switches on The MESH Network) to the C:\ hard drive.
5. On some versions of Internet Explorer, the File Download-Security Warning dialog

box is displayed, asking “Do you want to run or save this file?” If you see
this dialog box, click Run.
6. Proceed to “Installing The I/A Series Switch Configurator Application Software
(SCAS)” on page 18.
17
Installing The I/A Series Switch Configurator

Application Software (SCAS)
NOTE
The Setup application refers to SCAS as the “Switch Configurator.”
Proceed as follows.
1. On the MS-DOS command prompt window, press any key on the keyboard.
The I/A Series SCAS installation screen opens automatically.
2. On the Switch Configurator Setup screen, click OK.
Figure 2-3. Switch Configurator Setup Screen
3. The Directory is:

C:\Program Files\Switch Configurator\
a. Click the icon button indicated in Figure 2-4.
Figure 2-4. Switch Configurator Setup Screen - Change Directory
18
b. Choose Program Group: –> Switch Configurator –> and click Continue.
Figure 2-5. Switch Configurator Setup Screen - Choose Program Group
NOTE
During software installation, you may experience file version conflict warnings. If
so, click Yes to keep the existing files.
c. Click OK.
4. The installation is complete. At the DOS prompt, press any key to continue.
! WARNING
If configuration files built with an earlier revision of SCAS are to be used, the new
features of this latest revision and also new features of any new firmware will not be
reflected. It is highly recommended that new configuration files be built with the
latest revision of SCAS to take advantage of these new features, requirements and
updates.
The installation of SCAS is now complete.
SCAS Directory Structure

The addition of SysDef commit disk importing (introduced with SCAS 3.2.2) requires an update
to the SCAS directory structure as well. This section details how this new directory structure is
implemented and applied.
19
NOTE
If SysDef commit disks were imported or configuration files were built with an ear-
lier version of SCAS software, an automatic directory conversion process will take
place when starting the SCAS 3.3.3 (or later) application. This process will convert
the old directory structure to the new structure (as shown in Figure 2-6), and also
move or generate the required files to the new directories. If configuration files
where generated with SCAS 3.0.1 or with the “SCAS_Cfg_List” selected in SCAS
3.2.2, these files will remain in the “cfg” directory (Figure 2-6, Item 2).
! CAUTION
DO NOT move any configuration files from the “cfg” directory prior to the direc-
tory conversion process. This will corrupt the generation of the “_List” database
files required for SCAS 3.3.3 or later. If any files have been moved, SCAS 3.3.3 (or
later) will no longer be able to access these files.
Earlier versions of SCAS software copied all configuration files to the “cfg” directory. This has
changed with SCAS 3.3.3, with the following exception. If the “System/Site Location” (previ-
ously referred to as the “SysDef Commit Network” in SCAS 3.2.2) is left with the default of
“SCAS_Cfg_List” (Figure 2-7), any configuration file built while this location is selected will be
save to the “cfg” directory.
Figure 2-6. SCAS v3.3.3 and later Directory Structure
20
Figure 2-7. SCAS Default Configuration File Database Selection
If a “Site Directory” (Figure 2-8), previously referred to as the “System Drop Down Menu” in
SCAS 3.2.2, (referenced as Figure 2-6, Item 3) and a “System/Site Location” is selected (refer-
enced as Figure 2-6, Item 4), the files required for that specific Site Location and all configuration
files built while this “Directory/Location” is selected will be saved to the “Directory/Location”
directory (Figure 2-6, Item 4).
Site Directory
As “Site Directories” are added, the newly added site (or customer) will be added to a database. A
new directory folder will be generated for this site. The directory is accessible via the “Site Direc-
tory” pull-down menu. Before any switches, commits, or configurations are generated or accessed,
a “System/Site Locations” must be created and selected.
System/Site Location
Before “System/Site Locations” are added, a “Site Directory” must be selected. The newly added
site location will be added to a database, and a new directory folder will be generated for this loca-
tion. This directory is accessible via the “System/Site Location” pull-down menu.
Figure 2-8. SCAS Configuration File Database Selection
Diagnostic and Validation Logs

When downloading diagnostic information or performing a configuration validation, these file
types will be saved to the “log” directory folder (Figure 2-6, Item 5).
NOTE
All files downloaded from a switch via a TFTP server, such as local Syslog files, will
be sent to the directory designated by the TFTP server.
21
The I/A Series Switch Configurator Application

Software (SCAS)
SCAS has been designed to configure only one switch at a time, and the switch must NOT be
integrated into The MESH network until after the configuration has been completed. Refer to
Table 1-4 on page 12 for the revision of the application to use for each switch type.
! CAUTION
If a blade, uplink expansion module, or Mini-GBIC module is added or removed
from the switch hardware configuration, then the switch must be removed from the
network and re-configured. A complete software reconfiguration of the switch is
necessary after the device has been installed or removed from the switch.
A configuration file can be custom built for the following switches:

♦ A-series switches:
♦ 24-Port Copper switch (P0973BH)
♦ 24-Port Fiber switch (P0973BJ)
♦ 8-Port Copper, 8-Port Fiber switch (P0973BK)
♦ C-series switches
♦ 24-Gigabit (SFP) Mini-GBIC Port switch (P0973BL/P0973HA)
♦ V-series switches:
♦ 24-Port Copper switch (P0972WP - superseded by P0973BH)
♦ 24-Port Fiber switch (P0972YC - superseded by P0973BJ)
♦ DFE-series switches:
♦ 1-Slot stand-alone Chassis switch (P0973AR)
♦ 3-Slot stand-alone Chassis switch (P0973AS)
♦ 7-Slot stand-alone Chassis switch (P0972YE)
♦ I-series switches
♦ 24-Port 100-TX Copper Industrial switch (P0973GA)
♦ 8-Port 100-FX Fiber Industrial switch (P0973GB)
♦ 16-port 100-FX Fiber Industrial switch (P0973HB)
♦ 8-port 100-FX Fiber / 12-Port 100-TX Copper Industrial switch (P0973HC)
♦ E-series switches (Platinum blades only “P0973BQ/BR/BT/BS”):
♦ 7-Slot stand-alone Chassis switch (P0972MK) with DFE blades installed
Refer to Table 1-4 “Invensys-Supplied Ethernet Switches” on page 12 for a list of documentation
and part numbers assigned to each switch.
22
3. Building a Configuration File
This chapter describes how to build a switch configuration file with the I/A Series Switch
Configurator Application Software (SCAS).
Getting Started
! CAUTION
To properly build a custom configuration for a control network switch, you must
follow the procedures in this chapter in the order in which they are presented. You
must not skip ahead unless you are directed to.
If any concepts displayed in the SCAS dialog boxes are not covered in this chapter,
such as LACP (link aggregation), it is recommended that you leave them as default.
If you do wish to change them to a setting other than default, it is recommended
that you contact the IPS Global Client Support and refer to the vendor-supplied
switch manuals.
! CAUTION
Regarding C2-series switches (P0973BL) - The C2-series switch with firmware
05.01.01.0040 has been disqualified for use in The MESH networks. When run-
ning, this version of firmware can cause a malfunction of the switch hardware. It is
recommended that firmware 05.02.06.0004 be installed on all C2-series switch at
this time. To download this firmware, refer to Chapter 11 “Downloading Qualified
Firmware Images”.
! CAUTION
Regarding the V2-Series switches (P0972WP/P0972YC) - The V2-series switches
attached directly to the A2-series (P0973BJ/BH/BK) switches running with firm-
ware 02.01.00.0011 or 02.01.44.0003, where the A2-series switch is the root or dis-
tribution switch for the V2-series switch, may not achieve sub-second failover in
The MESH networks. If V-series switches are to be deployed in this manner, the A-
series switches must be running firmware 01.03.18.
Two types of configurations can be built with SCAS:

1. Typical - builds a configuration with the “typical” settings recommend by Invensys.
In the “Switch Setup Dialog Box” on page 29, this configuration is created with the
Create a Configuration (Step-by-Step) button (Figure 3-3, item 11).
23
B0700CA – Rev L 3. Building a Configuration File
NOTE
The Typical configuration is not supported at this time when building configura-
tion files for the I/O network. See the “Custom 8.x” column in Table 3-2 for setting
and functional abilities for the I/O network.
2. Custom - builds a configuration in which you can enable or disable functional set-
tings. This configuration can provide additional functions and features that the Typi-
cal configuration cannot. In the “Switch Setup Dialog Box” on page 29, this
configuration is created with the Create Custom Configuration button
(Figure 3-3, item 19). Table 3-1 and Table 3-2 provide more details.
Table 3-1. Supported Features for Typical vs. Custom Configurations
Typical 7.x Typical 8.x

Features (Step-by-Step) Custom 7.x (Step-by-Step) Custom 8.x
VLANs In a I/A Series system with version 7.x, Enables only Allows the user to
software, VLANs are not supported. VLAN 2 with enable up to 6
all ports VLANs assigning
assigned to any port to any one
VLAN 2 and of the VLANs, also
w/ per-default allows for CoS
CoS settings adjustments (Port
Priority, Priority-
Queue and Priority
Queue Bandwidth).
Appending Not allowed When using the cus- Not allowed When using the
tom configuration, custom configura-
the “Appending” tion, the “Append-
function can be ing” function can
performed. be performed.
24
3. Building a Configuration File B0700CA – Rev L
The features in Table 3-2 are configured by both the Typical and Custom configuration
methods, with the Typical having the limitations indicated below.
Table 3-2. Supported Features and Limitations for Typical vs. Custom Configurations

Switch IP address Fully supported Fully supported
Two Trap IP address Not supported Fully supported
(Not required for the I/O network)
Network Admin Fully supported Fully supported
Trap IP address
Switch Name Fully supported Fully supported
System Location Fully supported Fully supported
System Contact Fully supported Fully supported
Selecting qualified Limited Fully supported
switch types
LACP settings Function Selectable Function Selectable
Disabled Disabled
Auto-Negotiation Set to I/A Series Selectable (if Set to I/A Series Selectable (if
settings Defaults Supported) Defaults Supported)
Port Duplex settings Set to I/A Series Selectable Set to I/A Series Selectable
Defaults Defaults
Port Speed settings Set to I/A Series Selectable (if Set to I/A Series Selectable (if
Defaults Supported) Defaults Supported)
Flow control settings Function Selectable Function Selectable
Disabled Disabled
Port disabling, both Fully supported Fully supported
100Mb and 1Gb
ports settings
Configuration of Fully supported Fully supported
100Mb uplink ports
settings
Admin Port Cost In a I/A Series system with version Fully supported
settings 7.x, software, the Admin Port Cost
feature is not supported.
Comex Multicast Not Supported Not Supported Fully supported1
Suppression (Not required for
the I/O network)
Bridge Priority Not Selectable Selectable
802.1ad bridge
settings
Bridge Priority value Not Selectable Set to I/A Series Selectable
settings Defaults
25
Table 3-2. Supported Features and Limitations for Typical vs. Custom Configurations (Continued)

Spanning tree mode RSTP (only) Fully supported RSTP (only) Fully supported
settings
Bridge Priority 802.1t (only) 802.1d (only) 802.1d & 802.1t
Mode settings
SNTP settings In a I/A Series system with version Unicast SNTP Fully supported
7.x, software, SNTP features are not Polling adjust- (Not required for
supported. ments are not the I/O network)
allowed
VLAN settings (See In a I/A Series system with version Allows Enabling Fully supported
Table 3-1 for more 7.x, software, VLANs are not of VLAN 2 only
details) supported.
Loop Detection In a I/A Series system with version Fully supported
Algorithm (LDP) 7.x, software, the LDP feature is not (Not supported on the I/O network)
settings supported.
GVRP settings Function Selectable Function Selectable
Disabled Disabled
CDP settings Function Selectable Function Selectable
Disabled Disabled
Admin Edge settings Function Selectable Function Selectable
Enabled Enabled
SpanGuard settings In a I/A Series system with version Function Fully supported
7.x, software, the SpanGuard feature Enabled
is not supported.
Broadcast Suppres- Not Selectable Not enabled but Enabled only, Fully supported
sion settings fully supported unable to adjust
settings
LinkFlap settings Not Selectable Not enabled but Enabled only, Fully supported
fully supported unable to adjust (if supported)
(if supported) settings (if
supported)
FaultLock (A-series Enabled, unable Fully supported Enabled, unable Fully supported
only w/ firmware to adjust settings (A-series only) to adjust settings (A-series only)
02.01.44.0003) (A-series only) (A-series only)
Local Syslog Server Function Selectable Function Selectable
settings Enabled Enabled
Syslog server settings Not supported Fully supported Fully supported
MAC Address Lock- Not supported Function Selectable
ing settings Disabled
SNMP “write” set- Function Selectable Function Selectable
tings Disabled Disabled
26
Table 3-2. Supported Features and Limitations for Typical vs. Custom Configurations (Continued)

SSH Server settings Function Selectable Function Selectable
Disabled Disabled
Telnet settings Function Selectable Function Selectable
Disabled Disabled
HTTP (WebView) Function Selectable Function Selectable
settings Disabled Disabled
Read-only Access Function Fully supported Function Fully supported
settings Enabled with Enabled with
default password default password
1. Fully supported on DFE-series switches only.
Building a Switch Configuration

Proceed as follows:
1. At the task bar, click Start -> All Programs -> Switch Configurator ->
Switch Configurator, as shown in Figure 3-1.
Figure 3-1. Switch Configurator Interface Window
2. The I/A Series Software Revision dialog box appears, as shown in Figure 3-2. Select
Continue.
3. Select the appropriate radio button for your version of I/A Series software or
I/O Network if you are building a configuration for a switch to be a part of a dedi-
cated I/O network (discussed in The MESH Control Network Architecture Guide
(B0700AZ, Rev. L or later)).
27
Figure 3-2. Switch Configurator Interface Window - Software Revision
4. Click Select. The Switch Setup dialog box appears as shown in Figure 3-3 below. If
this configuration is to be built for an I/O network, proceed to “Building an I/O Net-
work Switch Configuration” on page 43. If it is not, continue to the next section.
28
Switch Setup Dialog Box
1 - Switch Name (Pull-Down) 15 - Pre-selected Network Defaults

2 - System/Site Location (Pull-Down Window) 16 - Switch Selection Radio buttons
3 - Site Directory (Pull-Down Window) 17 - Displays today’s date and current time
4 - Extract Commit Files/Use Commit Network 18 - Create Configuration File Button (Typical
Data configuration)
5 - SCAS Revision 19 - Create Custom Configuration
6 - Switch IP Address 20 - Create a New Site Directory Database
7 - Subnet Mask 21 - Clean up System/Site Location Database (Deletes
8 - I/A Series Software Revision unwanted config files)
9 - Reset I/A Series Software Revision button 22 - Interrogate Device (Interrogates the switch attached
10 - Switch Location (Location of switch) to the CLI port)
11 - Switch Contact (Point of Contact) 23 - CLI Switch Interface button (Config download screen)
12 - Primary Trap IP Address 27 - Exit
13 - Trap Subnet Mask
14 - Admin Server (IP Address of monitoring
Syslog Server)
Figure 3-3. Switch Setup Dialog Box
29
NOTE
The I/A Software Revision Level can be changed by selecting the Reset
I/A Software Revision Level button (item 9 in Figure 3-3).
NOTE
By selecting the Interrogate Device button (Figure 3-3, Item 22), SCAS will
interrogate a switch (if attached to the switch’s CLI port) to determine the switch
type, switch name, IP address and firmware installed on this switch, Once interro-
gated, the program sets up the required functions and features available for this
switch and firmware.
Importing a SysDef Commit
Figure 3-4. Commit Network Function Buttons
The purpose for the Sysdef Commit function is to utilize the I/A Series system configuration data
(SysDef Commit disk) to establish the following for all switches within an I/A Series system with
The MESH control network:
♦ Switch Name
♦ Switch's IP address
♦ Primary Trap IP address (IP address of the switch’s System Monitor host)
♦ Secondary Trap IP address; for the switch’s System Monitor host is running I/A Series
software 8.0 or 8.1.x
♦ The Master and Backup Timekeeper IP addresses.
To use this function, proceed as follows:
NOTE
1. A 3.5” diskette drive is required to import data from the Commit disks. if your
PC does not have a 3.5” diskette drive, you can attach a portable USB diskette
drive.
2. if you do not have access to a diskette drive, you can copy the following files
(IIF.prm, sldb, switches.cfg, tk.cfg) from the folder “D:\usr\fox\sp” of a committed
workstation to “C:\Program Files\Switch Configurator” before hitting the
Continue button in step 4.
1. Before you begin, gather the required network information listed in Table 1-1 on
page 6.
2. Use the “Site Directory” pull down database and select the directory to be used. If you
want to create new directory, select the Create A New Site Directory Database
button and enter the desired name for the new directory.
30
It is recommended that the first five characters of the name be unique, with a mini-
mum of eight characters.
3. Select the Create A New System / Site Location Database button and enter
the desired name for this new network/commit directory. The naming convention
cannot start with a numeric value.
NOTE
The Site Directory can accommodate more than one SysDef commit network
(System/Site Location Database), so the SysDef Commit Network database name
should be named as the facility or site name.
4. Select the Extract Commit Files button as shown in Figure 3-4. The following
screen will appear:
Figure 3-5. Commit Import Method
5. There are two methods to import a System's commit file:

♦ Click Yes to extract the commit information from the A:\ drive. -OR-
♦ Click No if you want to manually copy the IIF.prm, switches.cfg, tk.cfg and .sldb
files to the C:\Program Files\Switch Configurator directory.
After selecting Yes or NO, the following screen will appear:
Figure 3-6. Commit Disk Size
6. If the system's Commit file spans across multiple disks, click Yes. (If you click No, the
SysDef Commit File Extraction dialog box will appear instead, as shown in
Figure 3-8.)
After clicking Yes, the following dialog box will appear:
31
Figure 3-7. SysDef Commit Disk Count
7. In the “Commit Disk Count” field, select the number of disks contained in the
system Commit file. After selecting the disk count, the following dialog box will
appear:
Figure 3-8. SysDef Commit File Extraction
32
8. Click Extract Commit. The configurator will prompt you to insert the commit disk
into drive A:\. Follow the prompts.
NOTE
Do not select the Continue button until the file extraction has been completed, as
an error will occur.
Figure 3-9. SysDef Commit File Extraction - Progress
9. After the completion of the extraction process, the following questions will be asked.
These questions will determine the settings for the proper configuration for all
switches within this network:
a. Will a Network Administrator workstation be utilized (i.e. NetSight Console,
etc.)? (Recommended)
b. Will multiple Network Administrator workstations be utilized to monitor Syslog
files for the network (i.e. NetSight Console, etc.)?
Clicking YES will allow you to setup the Syslog servers for multiple servers.
c. Will LDP be deployed? (Recommended for Security Enhanced Configurations
only)
d. Will VLANs be used? (Recommended, mandatory if LDP is deployed)
e. Will 100Mbit uplink (ISL) ports be utilized in the network (switch to switch
communications)? (Not Recommended)
10. After these questions are answered the following figure will be displayed. The selec-
tions on the display depend on the previously answered questions.
33
Figure 3-10. Save SysDef Commit Network
11. Enter the following data.

a. Select the switches that have been designated as the root and backup root
switches? Use the pull-down menu to select the appropriate switch for each root
and backup root.
b. Enter the Network Administrator workstation IP Address (if previously selected).
12. Click Save Commit Information. The following questions will be asked.
Figure 3-11. SysDef Configuration Setup - Step 1
a. In Figure 3-11, click No to continue.
34
b. In Figure 3-12, click Yes to continue.
c. In Figure 3-13, click OK. When the pre-selected Network Defaults are enabled, all
switches being configured by SCAS will be enabled with all the appropriate set-
tings based on the previously answered questions.
d. To configure the switches, proceed to “Creating a Configuration, Step by Step” on
page 37.
Creating a Configuration Without Using the SysDef Commit

Network Function
If a System/Site Location database is not being used, proceed as follows. Otherwise, proceed to
“Creating a Configuration, Step by Step” on page 37 or “Creating a Custom Configuration” on
page 42.
1. Before you begin the configuration process, you must gather the following
information:
Table 3-3. Switch Information for Switch Setup Dialog Box
Item Comment
Switch Name User-defined in SysDef
Switch Type The “Interrogate Device” function will determine the
type of switch to which you are attached via the CLI
interface. otherwise, you will physically determine the
switch type.
Switch IP Address Assigned by SysDef
Trap IP Address (IP Address of the Assigned by SysDef
switch's System Monitor host)
35
Table 3-3. Switch Information for Switch Setup Dialog Box (Continued)
Item Comment
IP Addresses of the Master Timekeeper Optional - required if Simple Network Time Protocol
and Backup for Master workstations (SNTP) will be enabled. These addresses are assigned
by SysDef.
Which switches are designated Root and Defined during the layout of the network configura-
Backup root switches tion.
The Network Administration Server IP Optional - required if you intend to send SNMP traps
Address, if one is to be assigned and syslog messages to a network administration PC
running an application such as NetSight® Console.
List of ports to be disabled It is strongly recommended that all unused ports are
disabled for security purposes.
List of ports to be configured as 100 Mbps Security Enhanced Configurations require the use of
uplink ports 1Gb uplink ports
License keys to enable LDP on Gold Series P0973GZ (Gold-LDP) Policy License Key number
DFE blades
2. Enter the switch IP address (Figure 3-3, item 6) for the switch being configured.
! CAUTION
When deploying LDP, it is critical that the root switch has the lowest IP address
between the root and backup root switches.
3. Retain the default subnet mask (Figure 3-3, item 7) of 255.255.0.0.

For all I/A Series switches, the subnet mask must be 255.255.0.0.
NOTE
Trap IP addresses are not used for switches in an I/A Series control network - only
for switches in The MESH control network.
4. Enter the primary trap IP address destination (Figure 3-3, item 12) to be configured
on the switch.
This is the primary IP port address of the I/A Series workstation that monitors the
switch that is being configured. This address was assigned during System Definition
(for example, 151.128.152.1).
NOTE
If the switch’s host is running I/A Series software revision 8.2 or later, only the
primary trap IP address is required. For software with this revision, skip the
following step.
5. Enter the secondary trap IP address destination to be configured on the switch.

This is the alternate IP port address of the I/A Series workstation that monitors the
switch that is being configured. This address was assigned during System Definition
(for example, 151.128.24.1).
36
For A-series switches only, enter the trap subnet mask (Figure 3-3, item 13). This
mask is only applied to A-series switches and is the same mask value as the Subnet
mask (Figure 3-3, item 7).
6. If need be, enter the unique switch name (Figure 3-3, item 1) to be configured on the
switch. This switch name was assigned during System Definition. (This is the switch
Letterbug ID.)
7. Enter the switch location (Figure 3-3, item 10) to be configured on the switch (for
example, Bld7 2nd Floor). This function is not required for switch operation.
8. Enter the person to be contacted concerning the switch’s health and status (Figure 3-3,
item 11); this information will be configured on the switch (for example,
Bob ext 1234). This function is not required for switch operation.
9. If need be, select the radio button corresponding to the switch type (Figure 3-3, item
6) to be configured.
10. Proceed to the next section “Creating a Configuration, Step by Step”.
Creating a Configuration, Step by Step

If you want to create a custom configuration, proceed to “Creating a Custom Configuration” on
page 42.
1. If you are using a System/Site Location database, perform the following.
Otherwise, proceed to step 2.
a. If you are planning on using an existing System/Site Location database, proceed
to step b. Otherwise, proceed to “Importing a SysDef Commit” on page 30.
b. Under the “Site Directory” pull -down database menu, select the customer
directory to be used.
c. Under the “System / Site Location” pull-down database menu, select the network
to be utilized.
d. Select Use Commit Network Data.
e. Under the “Switch ID Name” pull-down database menu, select the switch to be
configured as shown in Figure 3-14.
37
Figure 3-14. Switch ID Name Pull-Down Menu
f. If not previously entered, enter the switch location (Figure 3-3, Item 10) to be
configured on the switch (for example, “Bld7 2nd Floor”). This function is not
required for switch operation.
g. If not previously entered, enter the person to be contacted concerning the switch's
health and status (Figure 3-3, Item 11). This information will be configured on
the switch (for example, “Bob ext 1234”). This function is not required for switch
operation.
h. If need be, select the radio button corresponding to the switch type (Figure 3-3,
Item 16) to be configured.
2. Under the Switch Setup dialog box, select the Create a Configuration (Step-
by-Step) button (Figure 3-3, Item 18).
NOTE
The order of steps in the Step-By-Step process are dependent on how the questions
were answered during the commit extraction process. The following sequence is a
representation of the process without answering any questions asked during the
commit extraction process.
a. If this is a DFE-Series switch, then the Switch Configuration dialog box

(Figure 3-17) appears. Perform the steps in “Hardware Setup for DFE Matrix
Chassis Switches” on page 44, then proceed to step c (in this procedure, below).
b. When the Software Rev dialog box appears, ensure the selected firmware revision
is correct and is installed in the switch as shown in Figure 3-18 on page 45, and
click Select.
c. The Switch Configuration dialog box (Step 1) appears as shown in Figure 3-15.
Verify that the switch name, type and firmware details are visible at the bottom of
the Switch Configuration dialog box and click Next.
38
Figure 3-15. Switch Configuration (Step-by-Step) (Step 1)
d. The Port Setup dialog box appears as shown in Figure 3-24 on page 58 or
Figure 3-25 on page 59. Select all ports to be disabled. Select Update Ports.
If no ports are to be disabled, select BACK.
Verify in the Switch Configuration Parameters dialog box that the Disable Unused
Ports dialog box (Figure 3-22, Item 3) shows either the selected ports or indicates
ports have been selected for disabling.
e. The Switch Configuration dialog box (Step 2) appears.
If you are not using 100 Mbps ports as uplink ports, then select NO and continue
to step f.
If you are using 100 Mbps ports as uplink ports, then select YES and perform the
following:
♦ The Switch Configuration dialog box (Step 3) appears. Select Next.
♦ The Port Setup dialog box appears. Select all ports to be used as uplinks, and
select Update Ports.
If no ports are to be enabled, select BACK. (NOTE: No 1G uplink ports are
visible/selectable.)
Verify in the Switch Configuration Parameters dialog box that the Config
100Mbps Uplink Ports dialog box (Figure 3-22, Item 5) shows the selected
ports.
f. When the Switch Configuration dialog box (Step 4) appears, select the switch's
bridge type (Edge, Backup Root, Root), then select Next.
g. The Switch Configuration dialog box (Step 5) appears.
For networks utilizing Loop Detection Policy, perform the following steps. Other
wise, select NO and proceed to step h.
39
For V-series, C-series, A-series, DFE-Gold series, and Edge Bridge switches,
proceed as follows:
♦ When the Switch Configuration dialog box (Step 5) appears, select YES.
♦ When the Switch Configuration dialog box (Step 7) appears for the Admin
Port Cost setting, select Next.
♦ The Port Setup dialog box appears. Select all ports to be used as uplinks. Then
select Update Ports.
If the admin cost is not to be adjusted, select BACK. (NOTE: The Append
function is disabled.)
Verify in the Switch Configuration Parameters dialog box that the Config
100Mbps Uplink Ports dialog box (Figure 3-22, Item 5) shows the selected
ports.
For DFE-Gold series switches with firmware 05.42.04, and DFE-Platinum series
switches, proceed as follows:
♦ When the Switch Configuration dialog box (Step 5) appears, select YES.
♦ When the Switch Configuration dialog box (Step 6) appears for the LDP Pol-
icy Rules setting, select YES.
♦ When the Switch Configuration dialog box (Step 7) appears for the Admin
Port Cost setting, select Next.
h. When the Switch Configuration dialog box (Step 8) appears, enable Simple Net-
work Time-code Protocol (SNTP), and select Next.
i. The Configuring Simple Network Time-code Protocol (SNTP) dialog box
(Figure 3-39) appears. The following settings are set to their defaults and are not
changeable.
♦ “Set Polling Interval” defaults to 60 Seconds
♦ “Set Polling Retries” defaults to 3
♦ “Set Polling Timeout” defaults to 10 seconds
j. In the Set Time Code Generator IP Addresses dialog box, enter the Master MTK
IP address and Backup MTK IP Address. Verify that the Apply button becomes
enabled, and select Apply.
k. When the Switch Configuration dialog box (Step 9) appears, enable I/A Control
Port VLAN, and select YES.
Selecting NO bypasses the VLAN setup procedure and skips to step l, (Step 10).
Verify the Switch Configurator message box appears, stating “All uplink ‘trunk’
ports have been enabled for VLAN 2, egressing tagged packets”. Select OK.
l. When the Switch Configuration dialog box (Step 10) appears, enable/configure
the Syslog server settings, and select YES.
Selecting NO bypasses the Syslog server settings and setup procedure and skips to
step n, (Step 12) or if LDP is to be deployed, to step o.
m. When the Create Syslog Servers dialog box appears (Figure 3-40), enter the
Syslog server IP address(es).
Verify the Apply button has become enabled, and that “set logging ip
address” is entered in the Command dialog box. Then select Apply.
Proceed to step n (Step 12) or if LDP is to be deployed, to step o.
40
n. For DFE-Gold series switches with firmware 05.42.04, and DFE-Platinum series
switches, deploy LDP as defined in step f (i.e. by selecting YES).
♦ When the Switch Configuration dialog box (Step 11) appears, configure the
LDP settings. Then select Next.
♦ When the Enter Beacon IP Addresses dialog box appears, enter the root switch
IP address. Then select Apply. Repeat this for backup root switch as discussed
below.
For Root switches:
♦ The Switch Configuration dialog box (Step 11B) appears. Configure
the LDP Circuit Breaker PBQ settings and select Next.
♦ The DFE Chassis (LDP Port Setup) dialog box appears. Select all
CBPQB ports, and select Update Ports.
For Backup Root switches:
the LDP Circuit Breaker SBQ settings and select Next.
♦ The DFE Chassis (LDP Port Setup) dialog box appears. Select all
CBPQB ports, and select Update Ports.
For Edge/Distribution switches:
the LDP Beacon settings and, select Next.
♦ The DFE Chassis (LDP Port Setup) dialog box appears. Select all Bea-
con ports, and select Update Ports.
♦ When the Switch Configuration dialog box (Step 11C) appears, configure the
LDP Circuit Breaker ports. Then select Next.
♦ When the DFE Chassis (LDP Port Setup) dialog box appears, select all the
Circuit Breaker ports, and select Update Ports.
♦ When the Switch Configuration dialog box (Step 11D) appears, select Next to
save the LDP commands.
o. When the Switch Configuration dialog box (Step 12) appears, build the switch
configuration. Then select Next.
♦ The Config File Name dialog box appears. Enter desired file name and select
OK.
♦ The Add File to Configurator Tool Set dialog box appears. Select OK.
♦ The Drop Down Menu File Name dialog box appears. Enter desired file
name, and select OK.
♦ The Configuration Data dialog box appears. Select Close Up and Exit.
p. A Warning message box appears. Select Continue.
q. Proceed to step 2 in Chapter 4 “Downloading/Uploading to/from a Switch via the
I/A Series SCAS” on page 93.
41
Creating a Custom Configuration

Perform the following to build a custom configuration.
1. If you are planning on using an existing System/Site Location database, proceed to
step a below. Otherwise, proceed to “Importing a SysDef Commit” on page 30 or
“Creating a Configuration Without Using the SysDef Commit Network Function”
on page 35.
a. Under the “Site Directory” pull-down database menu, select the customer direc-
tory to be used.
b. Under the “System / Site Location” pull-down database menu, select the network
to be utilized.
c. Select Use Commit Network Data.
d. Under the “Switch ID Name” pull-down database menu, select the switch to be
configured as shown in Figure 3-15.
e. If not previously entered, enter the switch location (Figure 3-3, Item 10) to be
configured on the switch (for example, “Bld7 2nd Floor”). This function is not
required for switch operation.
f. If not previously entered, enter the person to be contacted concerning the switch’s
health and status (Figure 3-3, Item 11). This information will be configured on
the switch (for example, “Bob ext 1234”). This function is not required for switch
operation.
g. If need be, select the radio button corresponding to the switch type (Figure 3-3,
Item 16) to be configured.
2. Click the Create Custom Configuration button (Figure 3-3, item 19).
For DFE-Series switches:
The Switch Configuration dialog box (Figure 3-17 on page 44) appears if a DFE-
Series Chassis switch is selected. In this instance, proceed to the following section,
“Hardware Setup for DFE Matrix Chassis Switches” on page 44.
For A-series and C-series switches:
If an A-series or C-series switch is selected, the Software Rev dialog box appears as
shown in Figure 3-18 on page 45. Ensure the appropriate firmware revision is run-
ning, will be running, or has been selected to run on the switch. Select Select. The
Switch Configuration Parameters dialog box appears (Figure 3-22 on page 48). Pro-
ceed to “Configuring Switch Parameters” on page 53.
For I-Series switches:
The Switch Configuration dialog box (Figure 3-22) appears if an I-Series switch is
selected. In this instance, proceed to the following section,“Switch Configuration
Parameters Dialog Box” on page 48.
For V-series switches:
a. Ensure the appropriate firmware revision is running, will be running or has been
selected to run on the switch. Select Select.
b. The Uplink Modules dialog box appears, select the Yes or No depending on
whether the switch’s hardware is installed with or without uplink modules
42
(P0972WQ or P0972WR). If only one uplink module is installed, deselect the

box (item 1 in Figure 3-16) next to the port that is not installed.
Figure 3-16. Uplink Modules Dialog Box
The Switch Configuration Parameters dialog box appears as shown in Figure 3-22 on
page 48. Proceed to “Configuring Switch Parameters” on page 53.
Building an I/O Network Switch Configuration

When building a configuration for a switch to be a part of a dedicated I/O network (discussed in
The MESH Control Network Architecture Guide (B0700AZ, Rev. L or later)), you must maintain
the following requirements:
1. The dedicated I/O network switch IP addresses must be unique from all The MESH
Network IP addresses, but within The MESH network mask range.
2. You must enter the switch ID name.
3. Fast Ethernet (100Mbps) ports on a switch cannot be utilized as uplink (ISL) ports on
a dedicated I/O network.
The following steps should be performed:
1. It is recommended that a “Site Directory” and a “System/Site Location” database be
created for the I/O network switches (for example, “Invensys”/“IO_Network”).
2. The I/O network switches must be configured using the Custom Configuration
(page 42) option and should be configured as if being configured for The MESH con-
trol network, but with the following exceptions:
a. Primary Trap IP Address function cannot be used on the I/O Network (Figure 3-3
on page 29, Item 12).
b. SNTP Disabled - The SNTP function should be disabled. This function cannot
be used on the I/O network (Figure 3-22 on page 48, Item 15).
c. Loop Detection Policy (LDP) is not supported on the I/O network. This function
should not be used (Figure 3-22 on page 48, Item 17).
3. The following functions can be utilized on the I/O network if the appropriate accom-
modations have been addressed:
a. Network Admin Server IP Address is not required, unless an independent net-
working monitor has been allocated to monitor the I/O network (Figure 3-3 on
page 29, Item 14).
43
b. Syslog Sever Disabled - This function should be disabled unless an independent

networking monitor has been allocated to monitor the I/O network (Figure 3-22
on page 48, Item 18). However, Local Syslog should be enabled.
Hardware Setup for DFE Matrix Chassis Switches

If you are not configuring a DFE Matrix Chassis switch (see Table 1-4 on page 12 to identify
switch types), skip to “Switch Configuration Parameters Dialog Box” on page 48.
Proceed as follows if you are configuring this switch type:
1. Select the blade type used: Gold or Platinum, as applicable for your switch based on
the type listed in Table 3-4. If this information is not known (or for simplicity),
connect to the CLI port on slot 1 of the chassis and by selecting the Interrogate
Chassis Hardware button, which will update the configurator with the hardware
and firmware (step 2) information.
Figure 3-17. Switch Configuration Dialog Box - To Select Type of DFE Blade Installed
Table 3-4. Available DFE-Series Blade Listing
Invensys Type of
Part No. DFE Blade Description
P0972YJ Gold DFE-Series Gold Chassis blade 48 port MT-RJ
P0972YG Gold DFE-Series Gold Chassis blade 48 port RJ-45
P0973BR Platinum DFE-Series Platinum Chassis blade 48 port MT-RJ
P0973BQ Platinum DFE-Series Platinum Chassis blade 48 port RJ-45
P0973BS Platinum E-series to DFE-Series Platinum Chassis Bridging
Blade 24 port RJ-45
44
Table 3-4. Available DFE-Series Blade Listing (Continued)
Invensys Type of
Part No. DFE Blade Description
P0973BT Platinum DFE-Series Platinum Chassis blade 18 port GBIC
2. Ensure the appropriate firmware revision is running, will be running or has been
selected to run on the switch. Select Select.
Figure 3-18. Switch Firmware Revision Dialog Box
3. If you are deploying a Gold-series blade (P0972YJ/YG) and you want to provide the
switch with LDP functionality, perform the procedure in “Gold-Series Loop Detec-
tion Policy (LDP) License Key” on page 47 to enter the applicable license key.
Otherwise, skip this step.
45
4. The following Switch Configuration dialog box appears.
1 - Blade Number Installed; this selection is used if blade is installed in that slot
2 - P0972YK/P0973FQ Uplink Expansion module installed; this selection is used if a gigabit expansion
card is installed in the slot.
3 - Blade type radio button; this selection is used to select the blade type installed in the slot
4 - Indicates the blade location within the Chassis.
5 - Complete Configuration, displays the “Switch Configuration Parameters” display
6 - Back, returns the user back to the previous screen
7 - Clear All, clears all data, returning screen to default.
8 - Displays switch type and selected Firmware.
9 - Interrogate Chassis Hardware, interrogates switch for hardware and firmware information.
Figure 3-19. Switch Configuration Dialog Box to Configure Switch’s Hardware
5. (Figure 3-19, Item 1) Select all the slot locations of installed blades.
6. (Figure 3-19, Item 3) Select the type of blade installed in each slot location.
7. (Figure 3-19, Item 2) If applicable, for each slot, select P0972YK/P0973FQ Uplink
Expansion module installed.
! CAUTION
When installing the Network Expansion Module (NEM) P0973FQ, the DFE mod-
ule in which it is being installed must be upgraded to firmware release 5.42.04 or
higher before the installation. Upgrade kits for upgrading the firmware and its
instructions can be obtained through kits AG101AE “Gold” and AG101AF “Plati-
num” - see “Switch Firmware Compatibility” on page 201.
8. (Figure 3-19, Item 5) Select the Complete Configuration button.

9. The Switch Configuration Parameters dialog screen appears as shown in
Figure 3-22 on page 48. Proceed to “Configuring Switch Parameters” on page 53.
46
Gold-Series Loop Detection Policy (LDP) License Key

When deploying Gold-series blades (P0972YJ/YG), a LDP license key (P0973GZ) can be entered
to provide the switch with LDP functionality, See “Configuring Loop Detection (Security
Enhanced Configurations Only)” on page 77.
During your applicable configuration procedure, if you intend to enter a LDP license key to
enable LDP functionality, select YES as shown in Figure 3-20.
Figure 3-20. Enable LDP Policy License Key
Figure 3-21 will appear. Enter the license key provided and select OK.
Figure 3-21. Assign/Enter PLD Policy License Key
NOTE
Once the license key has been assigned to a Chassis (IP address/Switch Name), this
key can no longer be used for any other device other than the device assigned.
Return to your applicable configuration procedure (“Creating a Configuration, Step by Step” on

page 37 or “Hardware Setup for DFE Matrix Chassis Switches” on page 44).
47
Switch Configuration Parameters Dialog Box

The Switch Configuration Parameters dialog box allows you to continue configuration for all
switch types. It is shown in Figure 3-22.
Figure 3-22. Switch Configuration Parameters Dialog Box
NOTE
For the procedure to configure this dialog box, proceed to “Configuring Switch
Parameters” on page 53.
NOTE
If the right mouse button is depressed when over a function pick/button, a popup
help screen will appear to describe the function selected.
In Figure 3-22, all function/feature check boxes are required to be checked for The MESH con-
trol network required/recommended configuration settings. This is why the “functions” are not all
defaulted to the Enabled or Disabled setting. Un-checked boxes require user interface for the set-
ting to be applied.
♦ (Figure 3-22, Item 1) Device Port Settings allow the user to select changes to the
Device Port settings. When configuring a switch, determine if auto-negotiation will
be used on switch’s interconnecting uplink ports - auto-negotiation is highly recom-
mended. If auto-negotiation is to be used, both ports at each end of the cable must
have auto-negotiation enabled. If the port negotiation differs at the two ends, port
link will not be established.
48
♦ (Figure 3-22, Item 2) “Disable Unused Ports” allows the user to disable unused
ports (Recommended). The command button will change to green when ports have
been successfully disabled. For details for this function, refer to “Disabling Unused
Ports” on page 57.
♦ (Figure 3-22, Item 3) This displays the ports selected to be disabled.
♦ (Figure 3-22, Item 4) Config 100Mbps Uplink Ports allows the user to enable
100 Mbit ports as uplink ports (Required if 100Mb port are to be used as uplink
ports). For details on this function, refer to “Enabling Fast Ethernet Ports as Uplink
Ports” on page 61.
♦ (Figure 3-22, Item 5) This displays ports selected to be enabled as uplink ports.
! WARNING
If a switch is to be connected to a 100 Mb port, configure it as an uplink port.
♦ (Figure 3-22, Item 6) Adjust Admin Port Cost allows the user to adjust the path
cost on edge switch uplink ports only. By adjusting the path cost, the user can define
how spanning tree determines which port is forwarding or blocking. When using
Gold or Platinum blades, this function is automatically adjusted when deploying
Loop Detection policy (LDP) and cannot be manually adjusted via this software
application.
♦ (Figure 3-22, Item 7) This displays ports that have been selected for port path cost
adjustments.
♦ (Figure 3-22, Item 8) FE Broadcast Suppression Rate Limit allows the user to
enable (by default) or disable Fast Ethernet port broadcast suppression and to select
the desired rate limit (default is 500).
♦ (Figure 3-22, Item 9) Uplink Broadcast Suppression Rate Limit allows the
user to enable (by default) and select the desired rate limit (the default is 5000) or
disable 1 Gigabit uplink port broadcast suppression.
This is not supported on V-series switches with firmware 2.5.2.5.
♦ (Figure 3-22, Item 10) Comex Multicast Suppression (CMS), disabled by default, is
based on internal policy commands of the switch and the multicast MAC addresses
used. The policy commands allows the switch to rate limit the traffic on ingress ports,
only the DFE-Gold and DFE-Platinum switches can support this function.
♦ (Figure 3-22, Item 11) Bridge Priority allows the user to select the bridge priority
and its priority value for the switch, allowing the switch to become the root switch or
to force the switch to stay at the network edge. Select the appropriate radio button -
the Edge Switch, Root Bridge or Backup Root Bridge - depending on the
switch type being configured.
NOTE
The Bridge Priority function is not selectable or required for switches in
I/A Series control networks release 7.x.
If the switch has been selected to be a Root or Backup Root, then select the appropri-
ate radio button. By selecting the Root Bridge radio button, the switch is pro-
49
grammed to be the primary root bridge. The Backup Root Bridge radio button
causes the switch to default to the backup (secondary) root bridge. To configure an
edge switch, as defined in the “Introduction” section in The MESH Control Network
Architecture Guide (B0700AZ, Rev C or later), select the Edge Switch radio button.
This is detailed in Step 3 of “Configuring Switch Parameters” on page 53.
NOTE
An edge switch is an outer switch in a network topology that is linked to the pri-
mary root or backup (secondary) root bridge switch. The edge switch usually inter-
faces I/A Series system devices (Control Processors, FCMs, and so forth) to the root
bridges. Normally only two root bridges co-exist in The MESH control network
topology, primary and secondary root bridge. However, if needed and depending on
the network configuration, multiple root switches can be configured into the net-
work. All other switches are defined as edge switches.
♦ (Figure 3-22, Item 12) Priority Setting allows the user to select the bridge prior-
ity value. The range of priority values used to determine which device is selected as the
Spanning Tree root. This value can range from 0- 65535 for bridge priority mode
802.1d (decrement by 1 - see Figure 3-22, Item 5) or from 0-61440 for bridge prior-
ity mode 802.1t (decrement by 4096).
♦ (Figure 3-22, Item 13) Spanning Tree Mode allows the user to select the spanning
tree method used on the switch. The default and recommended setting is RSTP.
♦ (Figure 3-22, Item 14) Bridge Priority Mode allows the user to select the bridge
priority mode (only used at the root). This function decrements the root switch's pri-
ority value by 1 (802.1d) or 4096 (802.1t), allowing the functional root switch to
remain the root switch in the event of a failure within the network. If the switch firm-
ware supports 802.1d, this will be the default and recommended setting.
Firmware 2.5.2.5 for V-series switches is the only switch “firmware” that does not sup-
port 802.1d, so a V-series switch with firmware 2.5.2.5 defaults to 802.1t.
♦ (Figure 3-22, Item 15) Enable SNTP (Enabled SNTP) allows the user to activate the
SNTP function of the switch. By enabling this, the user can synchronize the switch’s
SysLog time stamp to the Systems Master Timekeeper. When the SNTP functions
have been enabled, the user can modify the SNTP functions by selecting the Change
SNTP Parameters command button. Refer to “Configuring Simple Network Time
Protocol (SNTP)” on page 86 for more details.
♦ (Figure 3-22, Item 16) Enable VLANs allows the user to enable VLAN functions.
NOTE
It is recommended that the user understand the use of VLAN before continuing,
refer to Appendix D “Understanding Virtual Local Area Networks (VLANs)”.
50
! WARNING
All I/A Series devices must be connected to Device ports which have been assigned
to VLAN 2 “I/A Control Ports”. If this is not done, the I/A Series devices on the
network will not communicate correctly with each other.
If VLANs are enabled, all switches in the network must have VLAN 2 “I/A Control
Ports” set to “Enabled”.
When the VLAN functions have been enabled, the user can create a VLAN by select-
ing the “Configure VLANs” command button, refer to “Enabling and Port Setup for
Network VLANs” on page 65 for more details. If a VLAN is created, the “Configure
VLANs” command button changes to “VLANs Deployed”. This indicates that a
VLAN has been created. However, it does not indicate that port(s) have been assigned
to the VLAN. If ports have been assigned to VLAN 2 - the “I/A Control Ports” (as
required) - then the “I/A VLAN Ports Assigned” indicator button appears.
♦ (Figure 3-22, Item 17) Deploy Loop Detection allows the user to deploy Loop
Detection policy on DFE-Series Platinum switches only. For details, refer to “Config-
uring Loop Detection (Security Enhanced Configurations Only)” on page 77.
♦ (Figure 3-22, Item 18) Enable Syslog and Syslog Servers allows the user to
activate the Syslog function of the switch. By enabling Syslog, all switch messages can
be saved to an ASCII file that resides on the switch and can be downloaded via the
CLI port. By enabling Syslog Server, these same messages can be sent to a designated
PC and logged on a live Syslog monitor, which can monitor network health and
alarming on events. Refer to “Configuring a Syslog Server” on page 90 for more
details.
NOTE
To view the local Syslog file on the switch, it must be uploaded from the switch,
refer to “Uploading Switch Syslog Files” on page 110.
♦ (Figure 3-22, Item 19) SpanGuard Enable allows the user to enable (by default) or
disable SpanGuard®. This feature will disable a 100 Mb FE network port if Span-
ning Tree AdminEdge is enabled on that port and a switch sending BPDUs is
connected to that port. (This feature is not available on V-series switches.) By default,
the port will stay disabled for 10 minutes; however, this timeout setting can be
changed by changing the value in the SpanGuard timeout window (Item 20).
NOTE
When configuring a switch with this function enabled, the switch MUST be
removed from the network. If not, the end device ports will be disabled until the
SpanGuard Timeout has expired (Figure 3-22, item 20).
♦ (Figure 3-22, Item 20) SpanGuard Timeout allows the user to select the desired time
the port will be disabled in the event of a SpanGuard® hit, selectable from 0-65535
seconds (default is 600).
51
♦ (Figure 3-22, Item 21) LinkFlap allows the user to enable LinkFlap detection. This
function detects port link transitions, (Default enabled), and is not available on legacy
switches. For details, refer to “LinkFlap Settings” on page 64.
♦ (Figure 3-22, Item 22) Change LinkFlap Parameters allows the user to change
the default LinkFlap Parameters when item 21 is enabled. It is not available on legacy
switches. For details, refer to “LinkFlap Settings” on page 64.
♦ (Figure 3-22, Item 23) (A-series only) It is recommended that the FaultLock™ fea-
ture functionality be enabled whenever possible. In the event of excessive memory
faults FaultLock will disable the switch, stopping the switch from transmitting poten-
tially corrupted packets due to the memory errors.
♦ (Figure 3-22, Item 24) MAC Address Locking allows the user to enable a set num-
ber of static MAC addresses to reside in the MAC address table. This command is
defaulted off and is to be used only if required in the network due to other factors.
(Not Recommended)
♦ (Figure 3-22, Item 25) These selections are for network security. These disable all
methods of gaining access to the command line interface other than directly con-
nected via the CLI port, which should be password protected.
♦ (Figure 3-22, Item 26) Read-Only Guest Access allows the user to enable the
Read-Only (RO) functions of the switch while assigning a RO password. The RO
functions allow contractors, technicians, and so forth, to log on the switch to view the
switch's settings without granting any permissions to change parameters on the
switch.
♦ (Figure 3-22, Item 27) Displays the switch type and firmware of the switch being
configured.
♦ (Figure 3-22, Item 28) Reset to I/A Defaults returns all changed selections back
to their default settings.
♦ (Figure 3-22, Item 29) Displays the switch name and part number of the switch being
configured. This name will also be the default name entered in the pull-down menu.
♦ (Figure 3-22, Item 30) Back to Previous Page allows the user to return to the
previous page without saving any setting on this page.
♦ (Figure 3-22, Item 31) Build Config File. When selected, a prompt appears
which enables the user to enter the desired configuration file name to be saved with
the selected options. It also gives the user the ability to change the file name displayed
in the Default Configurator Tool Device Type drop-down menu, and to view
the save configuration file.
NOTE
The Reset to I/A Defaults button will clear all selections. The Back button
will return you to the previous page.
52
Configuring Switch Parameters

To configure the switch using the Switch Configuration Parameters dialog box, shown in
Figure 3-22 on page 48, proceed as follows. Refer to “Switch Configuration Parameters Dialog
Box” on page 48 for a description and information concerning the selections available in this dia-
log box.
1. (Figure 3-22, Item 2, 3) Disable unused ports for increased security. Proceed to “Dis-
abling Unused Ports” on page 57.
2. (Figure 3-22, Item 4, 5) If you need to use Fast Ethernet ports as uplinks, proceed to
“Enabling Fast Ethernet Ports as Uplink Ports” on page 61.
3. (Figure 3-22, Item 11) You must identify if the switch is an edge switch, primary root
bridge or backup (secondary) root bridge. Under Spanning Tree Protocol, select the
appropriate radio button - Edge Switch, Root Bridge or Backup Root Bridge.
If the switch has been selected to be a Root or Backup Root, then select the appropri-
ate root bridge radio button.
By selecting the Root Bridge radio button, the switch is programmed to be the pri-
mary root bridge with a default Priority setting of 28672. The Backup Root
Bridge radio button causes the switch to default to the backup (secondary) root
bridge with a default Priority setting of 28673. To configure an edge switch,
select the Edge Switch radio button; this causes the default Priority setting of
32768.
NOTE
If multiple root switches (more than two) are required in The MESH control net-
work, then the following must be done when configuring the additional root
switch(es):
1. Ensure the Bridge Priority Mode is set to 802.1d (decrement by 1), if this
function is not selectable, multiple root switches can not be configured.
2. Select the Edge Switch radio button; this causes the default Priority setting
of 32768.
3. Change the Priority setting to 32000 - For any additional switches, repeat
these steps increasing the Priority setting by 1 for each additional switch con-
figured.
4. (Figure 3-22, Item 15) If the switch’s Syslog time stamp is to be synchronized with the
I/A Series control system, select the SNTP Enabled check box, and the Configuring
Simple Network Time Protocol (SNTP) dialog box appears. Proceed to “Configuring
Simple Network Time Protocol (SNTP)” on page 86, and return to this step when
finished.
5. (Figure 3-22, Item 16) If VLANs are configured (recommended), enable them by
selecting the ENABLE VLANs check box. The Setup VLAN Support dialog box
appears. Proceed to “Enabling and Port Setup for Network VLANs” on page 65. Refer
to the VLAN flowchart in Figure 3-23 on page 55 for details on the VLAN configura-
tion flow.)
53
NOTE
It is recommended that when setting up a first time installation of The MESH con-
trol network that VLAN 2 “I/A Control Ports” is deployed on all ports used for
communications between the I/A Series devices. (See the warning below.)
If a system is up and functional without VLAN 2 deployed across the network, a
system shutdown is required to deploy VLANs. If VLAN 2 is deployed prior to sys-
tem startup, additional VLANs can be added at a later date without system interfer-
ence (shutdown).
! WARNING
Be aware of the following warnings when working with VLANs:
1. When VLANs are added to an existing installation of The MESH control net-
work, if the I/A Series devices are on VLAN 1, they must be moved to VLAN 2, at
which time communications between the I/A Series devices will be broken.
2. All I/A Series devices must be connected to Device ports which have been
assigned to VLAN 2 “I/A Control Ports”. If this is not done, the I/A Series devices
on the network will not communicate correctly with each other. Ports and uplinks
are assigned as shown in Figure 3-23.
3. If VLANs are to be utilized in The MESH control network, all switches within
the network are required to be configured for all utilized VLANs. If a VLAN is con-
figured on an outer edge switch and a core switch has not been configured for that
VLAN (in the case where no port assignment is required), data from the outer edge
switch VLAN will not propagate through the core switch.
54
“Configuring Switch Parameters” on

page 53, Step 6
“Enabling and Port
“Enabling and Port Setup for Net-
Setup for Network
work VLANs” on page 65, Step 1 VLANs” on page 65,
Step 3
“Appending VLANs” on page 71
“Enabling
and Port Setup
for Network
VLANs” on
page 65,
Step 6
“Enabling and Port Setup for

Network VLANs” on page 65,
Step 5
“Enabling and Port

Setup for Network
VLANs” on page 65, Step 4
Figure 3-23. Flowchart for Assignment of Uplinks and Ports to VLAN
6. If LDP is being deployed in your network, then perform these substeps. Otherwise,
proceed to the next step.
NOTE
It is required in the event that VLANs are to be deployed on the network that all
ports be assigned to their appropriate VLAN before deploying LDP rules.
a. (Figure 3-22, Item 6, 7) For all edge switches in the network which cannot deploy
LDP (see Table B-1 “Qualified Switch Standard/Security Enhanced Configura-
tion Compatibilities Matrix” on page 199), adjust the Admin Path Cost on uplink
ports when the Adjust Admin Port Cost button is selectable.
b. (Figure 3-22, Item 17) For all switches in the network which can deploy LDP,
configure the loop detection rules for Security Enhanced Configuration topolo-
gies. Proceed to “Configuring Loop Detection Rules” on page 79.
7. (Figure 3-22, Item 21, 22) If LinkFlap Parameters are to be changed from the recom-
mended defaults, proceed to “LinkFlap Settings” on page 64.
55
8. (Figure 3-22, Item 26) It is recommended that you enable Read-Only Guest
Access, to let users create Read-Only (RO) username/password profiles to allow con-
tractors, technicians, and so forth, to log on the switch to view the switch's settings
without granting permission to change parameters on the switch.
9. (Figure 3-22, Item 31) Select the Build Config File button to build the configura-
tion file. The Config File Name dialog box appears.
10. Ensure the correct file name is entered, select OK. The Add File to Configurator Tool
Set dialog box appears.
NOTE
If the file you are trying to save has already been saved with the same file name you
have chosen, a prompt appears to allow you to change the file name or allow you to
overwrite the existing file.
11. When you are asked, “Do you want to add this configuration file to the CLI Switch Inter-
face Drop Down Menu?”, select Yes. The Drop Down Menu File Name dialog box
appears. See the above note.
12. Ensure the correct file name is entered, select OK. This adds your configuration file to
the CLI Switch Interface drop-down menu. The Configuration Data dialog box
appears.
NOTE
At this point, manual CLI command entries can be entered by selecting the Manual
Commands button, and then entering each command. The entire set of manual
commands must be entered one at a time.
13. Select the Close up and Exit button on the Configuration Data dialog box to
complete the configuration file build. A Switch Configurator dialog box appears
showing the location in which you saved the file.
14. Select OK. This returns you to the Switch Setup dialog box.
You have successfully built a switch configuration.
If you have more switches to configure, return to “Switch Setup Dialog Box” on page 29 for the
next switch.
If you have completed the switch configuration, proceed to Chapter 4 “Downloading/Uploading
to/from a Switch via the I/A Series SCAS”.
56
Disabling Unused Ports

Proceed as follows to disable the unused ports in the switch with the Port Setup dialog box, shown
in Figure 3-24.
1. (Figure 3-22, Item 2) Disable all unused ports by selecting the Disable Unused
Ports button.
If configuring a standalone switch, the Port Setup dialog box appears as shown in
Figure 3-24.
If configuring a DFE Matrix switch, the Port Setup dialog box appears as shown in
Figure 3-25 on page 59.
! CAUTION
Leaving unused Ethernet ports enabled is a high security risk. It is recommended
that all unused Ethernet and uplink ports be disabled, with the exception of a single
maintenance port.
57
1 - Screen function
2 - switch ID name.
3 - Port number, selects and disables the port when selected.
4 - Select a group, selects large groups of ports.
5 - GigaBit Expansion Module Uplink Ports, selects and disables the port when selected.
6 - Update Ports, downloads port selection to the switch configuration.
7 - Back, returns the user to the previous screen
8 - Clear Selected Ports, clears all selected ports.
9 - Appends selected disabled ports to switch
Figure 3-24. Port Setup Dialog Box - for Selecting Unused Ports
58
1 - Screen function
2 - Switch/blade ID name
3 - Port number, selects and disables the port when selected
4 - Select a group, selects large groups of ports
5 - Uplink Port number, selects and disables the uplink port when selected
6 - Clear Ports, clears all selected ports associated with the blade
7 - Indicates a 48-port blade in slot 2 (Copper/Fiber)
8 - Indicates a 24-port blade in slot 3 (Copper Bridging Blade)
9 - Indicates an 18/24 1Gb SFP uplink port blade in slot 4
10 - Update Ports, downloads port selections to the switch configuration.
12 - Clear All Selected Ports, clears all selected ports associated with the Chassis.
13 - Appends selected disabled ports to switch
Figure 3-25. Port Setup Dialog Box - for Selecting Unused Ports on DFE-Series Chassis Switches
2. Select the unused port(s) that are to be disabled by clicking on the appropriate box.
NOTE
To select a group of unused ports, first select the lowest port number, then the high-
est port number in the group, and finally select the Select A Group button. This
function selects all the ports between the two ports selected, This function can be
repeated several times by selecting the highest group of ports first, then the next
lowest group of ports and so on.
59
NOTE
The Clear button will clear all ports selected.
3. Select the Update Ports button to update the program with the selection of ports.
The Switch Configuration Parameters dialog box reappears.
When finished, return to step 3 in “Configuring Switch Parameters” on page 53.
Appending Port Commands

Commands related to appending and disabling selected ports on the attached switch can be per-
formed by selecting (Figure 3-24, Item 9) or (Figure 3-25, Item 13) Append Selected Ports
to the switch. Perform the following:
1. Select the ports that are to be disabled before appending.
2. Select the Append Selected Ports to the switch button.
3. When selected, the Command Setup window appears, asking “enable all ports before
disabling selected ports?”
Figure 3-26. Enable Port Window
a. If you are enabling previously disabled port, select YES

b. If you are just disabled additional ports, select NO.
The CLI Switch Interface dialog box appears, allowing the disabled ports to be
appended to the switch.
4. On the CLI Switch Interface dialog box, select the COM port.
A drop-down window that selects which serial port (COM1 to COM4) is used to
communicate with the switch (for example, COM Port 1).
5. Enter a file name in Save Download to switch as (Figure 4-3 on page 96, Item 5).
Enter the name of the startup configuration file to be saved (for example, use:
Invensys.cfg).
6. Click the Download Config button (Figure 4-3 on page 96, Item 15) to begin
downloading the switch’s disabling port commands via the serial port into the switch.
The Switch Configurator Application Software Download window appears.
7. The Switch Configurator Application Software Download window will display the
required commands. Ensure the switch's disabling port commands are being down-
loaded into the switch, and no errors occur during this process.
60
8. The switch’s disabling port commands have now been downloaded. You are prompted
to save the new configuration. Select Yes.
9. The switch configuration has been completed. You will be prompted to exit the CLI.
Select Yes.
The switch’s disabled ports have been successfully configured. You are returned to the
Switch Configuration Parameters dialog box.
10. At this point, it is recommended that you save the switch’s current running configura-
tion with the newly appended commands. To do this, import the running configura-
tion as described in Chapter 7 “Loading Configuration Files to/from Switches” on
page 127.
Enabling Fast Ethernet Ports as Uplink Ports

Proceed as follows to enable any of the Fast Ethernet ports in your switch to act as uplink ports to
additional switches in The MESH control network.
NOTE
This feature is not recommended. However, while 100 Mb uplink ports are allowed
on networks with standard configurations, Security Enhanced Configurations and
I/O networks require the use of 1 Gb uplink ports. However, 1 Gb uplink connec-
tions should be used to interconnect switches in all configurations, if available.
! WARNING
For all Fast Ethernet (100 Mb) “uplink” ports (Fast Ethernet ports used as an uplink
between two switches), AdminEdge must be set to False (Disabled).
If this configuration is not performed correctly severe system degradation can occur
if a Fast Ethernet (100 Mb) port is configured as a “end device” (i.e. enabled, this is
the default setting for AdminEdge) and then used as a “uplink” link between two
switches.
1. Selecting the Config 100Mbps Uplink Ports button (Figure 3-22, Item 8) allows
you to disable AdminEdge for Fast Ethernet ports so they can be used as uplink ports.
This function allows the Fast Ethernet port to correctly communicate BPDU protocol
packets across the network, required for switch to switch communications.
! CAUTION
If Fast Ethernet “Device” ports are used as uplink ports between switches, it is very
important that the switch spanning tree protocol settings be configured correctly.
Failure to do so will cause system degradation during switch fail over, causing exces-
sive packet flooding possibly resulting in device failures.
The Port Setup dialog box appears as shown in Figure 3-27 for standalone switches
and Figure 3-28 for DFE Matrix switches.
61
1 - Screen function
2 - Switch ID name.
3 - Port has been disabled, as indicated by grayed-out selection (user is unable to select)
4 - Port number, selects the port when selected.
6 - 100Mbps Uplink Suppression Rate, when selected, allows the user to change the
Broadcast suppression value for the selected ports
8 - Back, returns the user to the previous screen.
9 - Clear Selected Ports, clears all selected ports.
Figure 3-27. Port Setup Dialog Box - for Selecting Uplink Ports
62
1 - Screen function
2 - Switch/blade ID name.
3 - Port number, selects and enables a port as an uplink port when selected
5 - 100Mbps Uplink Suppression Rate, when selected, allows the user to change the
Broadcast suppression value for the selected ports
6 - Clear Ports, clears all selected ports associated with the blade
7 - Indicates a 48-port blade in slot 2 (Copper/Fiber)
8 - Indicates a 24-port blade in slot 3 (Copper Bridging Blade)
9 - Indicates an 18/24 1Gb SFP uplink port blade in slot 4 (Note no 1 Gb ports are shown)
12 - Clear All Selected Ports, clears all selected ports associated with the Chassis.
Figure 3-28. Port Setup Dialog Box - for Selecting Uplink Ports in DFE-Series Chassis Switches
2. Select the Fast Ethernet ports to enable them as uplink ports, by clicking on the
appropriate box.
63
NOTE
To select a group of unused ports, first select the lowest port number, then the high-
est port number in the group, and finally select the Select A Group button. This
function will select all the ports between the two ports selected, This function can
be repeated several times by selecting the highest group of ports first, then the next
lowest group of ports and so on.
NOTE
The Clear button will clear all ports selected.
3. Select the Update Ports button to update the program with the selection of ports.
The Switch Configuration Parameters dialog box reappears.
LinkFlap Settings
NOTE
The LinkFlap function is not selectable or required for switches in I/A Series con-
trol networks (I/A Series systems V7.x).
1. For switches that support the LinkFlap function on The MESH control network,
select LinkFlap (Figure 3-22, Item 17) and the following dialog box appears
(Figure 3-29).
64
1 – LinkFlap interval, used to select the time

(in seconds) for the accumulating link down
transitions.
2 – LinkFlap threshold, used to select the number
of link down transitions necessary to trigger
the LinkFlap action.
3 – LinkFlap downtime, used to set the time
(in seconds) interval that the port will be
disabled after a LinkFlap violation.
4 – LinkFlap action, three actions can be selected
if a LinkFlap violation occurs; Disable the
port send a Syslog message within NetSight
console and/or send a SNMP trap message
(sent to NetSight Console and to I/A Series
system management if a port is being
disabled).
5 – Used to apply the setting to the switch.
Figure 3-29. LinkFlap Settings
2. Enter the recommended settings, as shown in Figure 3-29.

3. Select the Apply button. This returns you to the Switch Configuration Parameter dia-
log box.
Enabling and Port Setup for Network VLANs

Before assigning a VLAN, refer to Chapter 10 “VLANs Usage on The MESH Control Networks”
on page 159 and Appendix D “Understanding Virtual Local Area Networks (VLANs)” on
page 221.
65
1 – VLAN 1 Default; the default VLAN 1, which cannot be changed or modified

2 – Enable VLAN; selecting the appropriate checkbox enables the corresponding VLAN.
3 – VLAN NAMES - VLAN 2 “I/A Control Ports”; the I/A Series Control Network VLAN
which cannot be changed.
4 – Assign Ports to VLAN; selecting the appropriate “Assign Port to VLAN” command
button will display the VLAN port setup dialog box, as shown in Figure 3-31
If ports have been assigned to this VLAN, the command button will change the color
corresponding to the default VLAN color.
VLAN 2 - Red
VLAN 3 - Blue
VLAN 4 - Yellow
VLAN 5 - Cyan
VLAN 6 - Green
VLAN 7 - Teal
5 – Apply; enables the VLAN port selections just made and returns the user to the previous viewed screen
6 – Adjust Priority
7 – Indicates assigned Port Priority for this VLAN group
8 – Indicates assigned Priority-Queue for this VLAN group
9 – Indicates assigned Priority Queue Bandwidth for this VLAN group
10 – Adjust Priority-Queue Bandwidths, when selected allow the end user to adjust the Priority-Queue
Bandwidth for each VLAN group.
11 – Appends all VLAN settings to switch while disabling all VLAN settings currently residing on the
switch being appended to.
12 – Reset VLAN window back to defaults.
Figure 3-30. Setup VLAN Support
66
NOTE
To understand the VLAN assignments, refer to Figure 3-23 on page 55. This flow-
chart has been developed to breakdown the steps required for deploying VLANs.
1. (Figure 3-30, item 2) To assign ports to a VLAN, enable the VLAN by selecting the
appropriate VLAN checkbox. When selected, this will enable this VLAN on all
uplink ports on the switch. At this time, the VLAN NAME (Figure 3-30, item 3) text
window will become enabled.
2. (Figure 3-30, item 3) Enter the VLAN’s ID name as desired. (Note: VLAN 2's
“I/A Control Ports” VLAN name cannot be modified.)
3. (Figure 3-30, item 4) Select the “Assign Ports to VLAN” command button, the
VLAN Port Setup dialog box appears, as shown in Figure 3-31 “DFE Matrix Port
Setup Dialog Box - for Selecting VLAN Ports” on page 68 for DFE Matrix switches,
or Figure 3-32 “A-Series, V-Series and I-Series Port Setup Dialog Screen - for Selecting
VLAN Ports” on page 69. For C-series (P0973BL/HA) switches, all ports are assigned
to the VLAN so no port assignment screen dialog box appears.
4. When setting up ports for VLAN 2, all ports will become enabled. Use the Clear
Ports button (Figure 3-31, item 4, or Figure 3-32, item 9) or Clear all Selected
Ports (Figure 3-31, item 8, DFE Matrix switches only) to clear selected ports, or by
selecting the individual port which will deselect the port.
5. (Figure 3-31, item 6, or Figure 3-32, item 8) Once all ports have been selected for the
VLAN undergoing setup, select Enable VLAN Ports, or Back if no FE ports are to
be selected. The Setup VLANs Support dialog box will re-appear. At this point repeat
this procedure (steps 1-5) for each VLAN enabled.
! WARNING
All I/A Series devices must be connected to Device ports which have been assigned
to VLAN 2 “I/A Control Ports”. If this is not done, the I/A Series devices on the
network will not communicate correctly with each other.
6. After all ports and VLANs have been selected or enabled, select Apply (Figure 3-30
item 6). This will return you to the Switch Configurator Parameter dialog box.
When finished configuring the VLANs, return to step 6 in “Configuring Switch Parameters” on
page 53.
67
1 - Name and VLAN ID undergoing setup

2 - Screen function
4 - Clear Ports, clears all selected ports associated with that blade
5 - Port number, selects ports for the VLAN undergoing setup, and also displays that the
port has been assigned to VLAN 2 as indicated in RED
6 - Enable VLAN Ports, downloads port selections to the switch configuration.
7 - Return to VLAN Setup, returns the user to the previous screen
8 - Clear all Selected Ports, clears all selected ports associated with the Chassis switch
9 - Indicates the port has been assigned to VLAN 3, as indicated in BLUE
10 - Indicates the port has been assigned to VLAN 4, as indicated in YELLOW
11 - Clear all VLAN Ports, clears all selected and previously deployed VLAN ports
associated with the Chassis switch
Figure 3-31. DFE Matrix Port Setup Dialog Box - for Selecting VLAN Ports
68
1 - Name and VLAN ID undergoing setup

2 - Displays the switch name and type
3 - Port number, selects ports for the VLAN undergoing setup, and also displays that the
port has been assigned to VLAN 2 as indicated in RED
4 - Indicates the port has been assigned to VLAN 3, as indicated in BLUE
5 - Indicates the port has been assigned to VLAN 4, as indicated in YELLOW
7 - Screen function
8 - Enable VLAN Ports, downloads port selections to the switch configuration.
10 - Return to VLAN Setup, returns the user to the previous screen
11 - Clear all VLAN Ports, clears all selected and previously deployed VLAN ports
associated with the switch
Figure 3-32. A-Series, V-Series and I-Series Port Setup Dialog Screen - for Selecting VLAN Ports
69
Enable and Setup Ports for I/O Network VLANs

NOTE
When building configurations for I/O networks, VLAN 2 cannot be assigned.
VLAN assignments for VLAN 3-7 can be used for segregating ZCP traffic. Refer to
Figure 3-23 on page 55. This flowchart has been developed to breakdown the steps
required for deploying VLANs.
Figure 3-33. Setup VLAN Support Dialog Box
Proceed as follows:
1. To assign VLANs to an I/O network, select the Enable VLANs button. Figure 3-33
will appear.
2. To assign ports to an I/O network VLAN, enable the VLAN by selecting the appro-
priate VLAN checkbox, shown in Figure 3-33. When selected, this will enable this
VLAN on all uplink ports on the switch. At this time, the “VLAN NAME” text field
will become enabled.
70
3. Enter the VLAN’s ID name as desired.

4. Click the Assign Ports to VLAN button. The VLAN Port Setup dialog box
appears, as shown in Figure 3-32.
5. (Figure 3-32, Item 8) Once all ports have been selected for the VLAN undergoing
setup, select Enable VLAN Ports, or if no FE ports are to be selected, select Back.
The Setup VLANs Support dialog box will reappear. Repeat this procedure
(steps 1-4) for each VLAN enabled.
6. After all ports and VLANs have been selected or enabled, select Apply. This will
return you to the Switch Configurator Parameter dialog box.
When finished configuring the VLANs, return to step 7 in “Configuring Switch Parameters” on
page 53.
I/O Network VLAN Priority Settings

Priority settings can be left in their default settings. Note that each VLAN priority will default to
25% of the priority queue bandwidth. However, if desired, the VLAN/port priority or
VLAN/port bandwidth can be adjusted. This can be performed by utilizing the
Adjust Priority-Queue Bandwidth button, shown in Figure 3-33.
Appending VLANs
! CAUTION
1. When appending VLAN port rules, the Append feature returns all ports back to
VLAN 1 (Default VLAN) so all ports in the Port Setup dialog box must be assigned
to their proper VLAN before the Append feature appends the command rules to the
switch.
2. When utilizing 100Mb ports as uplink ports (not recommended), SCAS cannot
setup the configuration for these ports unless it knows about them. If you are using
100Mb ports as uplinks, perform “Enabling Fast Ethernet Ports as Uplink Ports” on
page 61 before setting up the VLANs for appending.
Appending VLAN commands to the attached switch can be perform by selecting (Figure 3-30,
item 12) Append VLAN Rules to switch. Perform steps 1-5 in the previous section above before
performing the following steps to append the VLAN assignments:
1. Select the Append VLAN Rules to switch button.
The CLI Switch Interface dialog box appears, allowing the VLAN assignment to be
appended to the switch
3. Enter a file name in Save Download to switch as (Figure 4-3 on page 96, Item 5).
Enter the name of the startup configuration file to be saved (for example, use:
Invensys.cfg).
71
downloading the VLAN assignment via the serial port into the switch. The Switch
Configurator Application Software Download window appears.
required commands. Ensure the VLAN assignment commands are downloaded into
the switch, and no errors occur during this process.
6. The switch’s VLAN assignment commands have now been downloaded. You are
prompted to save the new configuration. Select Yes.
7. The switch configuration has been completed. You will be prompted to exit the CLI.
Select Yes.
The switch's VLAN assignments have been successfully configured. You are returned
to the Switch Configuration Parameters dialog box.
page 127.
72
VLAN Priority Settings

Priority settings (shown in Figure 3-30, Items 7-11) can be left in their default settings. However,
if desired, the VLAN/port priority or VLAN/port bandwidth can be adjusted. This can be
performed by utilizing these (Figure 3-30, Item 7-11) commands.
The priority setting rules are as follows:
♦ Priority-Queue cannot be increased beyond the VLAN 2 “I/A Control Ports” Priority-
Queue setting. VLAN 2 will have the highest available setting.
♦ VLAN 2 “I/A Control Ports” bandwidth cannot be decreased below 51%.
♦ VLAN 2 Port Priority defaults to 7 (the highest setting). This setting can be decreased
and other VLANs can be set at a higher Priority. However, the Priority-Queue for
VLAN 2 will remain the highest on the network.
! CAUTION
Increasing a VLANs port priority higher than VLAN 2 can cause delay in I/A Series
network communications and should only be done for VLANs that support I/O
communication.
73
Adjust Admin Path Cost

Proceed as follows to adjust the Admin Path Cost on Uplink ports for edge switches that cannot
deploy switch LDP commands, as indicated in Appendix B “Qualified Switch Firmware Compat-
ibilities Matrix”, Table B-1 “Qualified Switch Standard/Security Enhanced Configuration Com-
patibilities Matrix” on page 199.
1 - Screen function 5 - Update Ports, downloads port selection to

2 - Switch/blade ID name. configuration.
3 - Port number, selects the port specified. 6 - Return user back to the previous screen.
4 - Allows the user to change the Admin Path 7 - Clear selected ports
Cost value. 8 - Appends selected port Admin Port Cost
Values to switch
Figure 3-34. Port Setup Dialog Box - for Adjusting Admin Path Cost
1. (Figure 3-34, Item 10) Select the Adjust Admin Path Cost button.
The Port Setup dialog box appears as shown in Figure 3-34.
2. (Figure 3-34, Item 3) Select all uplink ports that are facing toward the root switches,
by clicking on the appropriate box.
74
3. (Figure 3-34 Item 5) Select the Update Ports button to update the program with
the selection of ports.
4. The Switch Configuration Parameters dialog box reappears.
When finished, return to step 8b in “Configuring Switch Parameters” on page 53.
Appending Port Commands

Appending the Selected Port Admin Path Cost commands to the attached switch can be
perform by selecting (Figure 3-34, Item 8) or (Figure 3-25 on page 59, Item 13) Append
Selected Ports to the switch. Perform steps 1 and 2 in the previous procedure above, then
perform the following steps to append the Port Admin Path Cost:
1. Select the ports that required their Admin Path Cost to be changed before appending.
2. Select the Append Selected Ports to the switch button.
The CLI Switch Interface dialog box appears, allowing the Port Admin Path Cost to
be appended to the switch
4. Enter a file name in Save Download to switch as (Figure 4-3 on page 96, Item
5). Enter the name of the startup configuration file to be saved (for example, use:
Invensys.cfg).
downloading the switch’s Port Admin Path Cost commands via the serial port into the
switch. The Switch Configurator Application Software Download window appears.
required commands. Ensure the switch’s Port Admin Path Cost commands are down-
loaded into the switch, and no errors occur during this process.
7. The switch’s Port Admin Path Cost commands have now been downloaded. You are
prompted to save the new configuration. Select Yes.
8. The switch configuration has been completed. You are prompted to exit the CLI.
Select Yes.
The switch's' Port Admin Path Cost has been successfully configured. You are
returned to the Switch Configuration Parameters dialog box.
page 127.
Comex Multicast Suppression (CMS)

Due to the importance of the multicast protocol within the network, blanket multicast rate sup-
pression is neither recommended nor practical. However, the Comex Multicast protocol used pri-
marily between the I/A Series workstations and Control Processors can be rate limited without a
direct impact on The MESH network. However, this rate limiting must not impede the
performance of I/A Series communications between the end devices. Because of this concern, the
75
minimum setting for the DFE-Platinum is 100 packets per second (pps) while the DFE-Gold
minimum setting is 1024 kilobits per second (kbps). Since the CMS is based on internal policy
commands of the switch and the multicast MAC addresses used, only the DFE-Gold and DFE-
Platinum switches can support this function.
Monitoring of this function when traffic exceeds the rate limit can only be performed on the
DFE-Platinum Series switches via the syslog or trap servers.
Proceed as follows to enable and adjust the Comex Multicast Suppression settings:
1. By selecting Comex Multicast Suppression (CMS) (Figure 3-22 on page 48, item
31) the following screen appears (Figure 3-35). This allows you to adjust the CoS and
rate limiting settings.
NOTE
In Figure 3-35, DFE-Platinum switch rate limits are by packets per second (pps)
and DFE-Gold switch rate limits are by kilobits per second (kbps).
Figure 3-35. Comex Multicast Rate Limiting
2. After making the desired settings select Apply (Figure 3-35).

Class of Service (CoS) allows you to assign data to a higher priority through the device by delay-
ing less critical traffic during periods of congestion. The higher priority traffic through the device
is serviced first before lower priority traffic. The Class of Service capability of the device is imple-
mented by a priority queueing mechanism. Class of Service is based on the IEEE 802.1D
(802.1p) standard specification, and allows you to define eight priorities (0-7, with 7 granting the
highest priority).
76
Configuring Loop Detection (Security Enhanced

Configurations Only)
Proceed as follows to deploy the loop detection algorithm on switches in the Security Enhanced
Configuration that can deploy switch LDP commands.
Before deploying the loop detection algorithm for the Security Enhanced Configuration of The
MESH control network, you must have a good understanding on how the Beacon and Circuit
Breaker policy rules work together to protect the network from network storms caused by STP
loop failures which can be caused by incorrect software configurations or hardware failures. It is
highly recommended that you read and understand Appendix C “Understanding Loop Detection
(Security Enhanced Configuration)” on page 205 before continuing.
It is also required in the event that VLANs are to be deployed on the network that all ports are
assigned to their appropriate VLAN before deploying LDP rules.
Figure 3-36. DFE Matrix Loop Detection Dialog Box - for Enabling LDP Rules
NOTE
For the procedures to configure this dialog box, proceed to “Configuring Loop
Detection Rules” on page 79.
77
Descriptions of the fields in this dialog box follow:

♦ (Figure 3-36, Item 1) The Beacon IP Addresses window allows the user to view the
switches that will function as the Beacon switches by their IP address. When assigning
Beacon IP address (only two allowed), they must be the IP addresses assigned to root
level switches.
♦ (Figure 3-36, Item 2) Add a Beacon IP Address. This function allows the user to
add a Beacon switch IP address (root level only) to the list of Beacon switches.
♦ (Figure 3-36, Item 3) Clear Beacon IP Addresses. This function allows the user
to delete the entry list of Beacon IP Addresses.
♦ (Figure 3-36, Item 4) Delete a Beacon IP Address. This function allows the user
to delete a specific Beacon IP Address.
♦ (Figure 3-36, Item 5) Adjust Beacon Interval. This function allows the user to
adjust the Beacon transmit time interval (recommended is the default of 1 second).
! WARNING
If the Beacon Interval is adjusted beyond the recommended default setting of
1 second, The MESH control network failover time will also increase, causing
peer-to-peer connections to break.
♦ (Figure 3-36, Item 6) Clear Rules. This function allows the user to delete the entry
list of rules that are contained in Item 5 “Loop Detection Policy (LDP) Rules”.
The Loop Detection Policy (LDP) Rules screen allows the user to view the policy rules
as they are built. This list of policy rules can be added to switch configuration by
selecting (Figure 3-36 Item 15) “Deploy Loop Detection Rules”.
♦ (Figure 3-36, Item 7) LDP on VLANs. This function allows the user to deploy LDP
on all enabled VLANs or just the “I/A Control” port VLAN. If no VLANs have
been enabled, LDP will be deployed only on VLAN 1 “Default VLAN”.
♦ (Figure 3-36, Item 8) Deploy Beacon. This function allows the user to select which
ports receive the Beacon policy rules. (Edge/Core switches only.)
♦ (Figure 3-36, Item 9) Deploy Circuit Breaker. This function allows the user to
select which ports will receive the Circuit Breaker policy rules.
♦ (Figure 3-36, Item 10) Deploy PBQ/SBQ Circuit Breaker. This function allows
the user to select which ports will receive the Circuit Breaker PBQ/SBQ policy rules.
This function is only enabled when building a root switch configuration and is only to
be deployed on uplink port between the two root switches. See appendix C for more
details. The Deploy PBQ/SBQ Circuit Breaker button will only become enabled if
the IP address of the switch being configured matches the “PBQ/SBQ IP Address” in
Item 12.
♦ (Figure 3-36, Item 11) Deploy BackPlane Circuit Breaker. This function
allows the user to deploy the Circuit Breaker policy rules to the back plane ports.
(This function is only available for E-series switches when using the bridging blade
P0973BS to bridge between second and third generation blade and Platinum blades.)
♦ (Figure 3-36, Item 12) This allows the user to view the IP addresses that will become
the PBQ and SBQ addresses. The addresses are selected from Item 1 “Beacon IP
Addresses”.
78
♦ (Figure 3-36, Item 13) Back. This function allows the user to return to the previous
page without saving any policy commands to the switch.
♦ (Figure 3-36, Item 14) Clear All. This function allows the user to delete the entry
list of rules and list of Beacon IP Addresses.
♦ (Figure 3-36, Item 15) Apply Loop Detection Rules. This function allows the
user to deploy the commands stated in the Loop Detection Rules item 6 to the
switch currently being configured.
♦ (Figure 3-36, Item 16) Indicates the current switch's IP address and type, undergoing
LDP configuration.
♦ (Figure 3-36, Item 17) Append LDP Rules to Switch. This function allows the
user to append the commands stated in the Loop Detection Rules (Figure 3-36, Item
6) to the switch.
The Basic Rules of Loop Detection Policy (LDP)

When deploying LDP (DFE-series switches only), be aware of the following rules:
1. VLANs must be deployed.
2. At the root switches, all ports are assigned the “Circuit Breaker” policy rule except the
ports that link the two root switches, which are assigned “PBQ or SBQ ‘at the backup
root’”.
3. At the edge or distribution switch level, all ports are assigned the “Circuit Breaker”
policy except the ports that link back to the roots (towards the root) which are
assigned the “Beacon” policy.
Configuring Loop Detection Rules

Refer to “Configuring Loop Detection (Security Enhanced Configurations Only)” on page 77 for
description and information concerning screen picks on the dialog box.
Before starting, determine the following:
♦ Are VLANs being deployed on the network?
♦ If so, are all switch ports assigned to their appropriate VLAN?
♦ If not, refer to “Enabling and Port Setup for Network VLANs” on page 65 for
more details before deploying LDP rules. (See Figure 3-32 Item 7.)
♦ What are the IP addresses of the Root and Backup Root switches (step 1 below)?
These addresses are mandatory for configuring LDP.
♦ What is the uplink port Policy rule usage (Circuit Breaker, Beacon, etc.) and the ports
switch/port destination within the network (required for steps 2, 3, 4, and 5)?
♦ Which uplink ports are used to interface the two root switches (required for step 5)?
When Figure 3-22 (on page 48), Item 14 “Deploy Loop Detection” is selected, the Loop
Detection dialog box appears. (see Figure 3-36 on page 77).
NOTE
If no Beacon IP Addresses are entered (Figure 3-36, Item 1) the policy deploy com-
mand buttons (Items 8, 9, 10, and 11) will not be enabled.
79
1. If the Beacon IP Addresses in (Figure 3-36, Item 1) have not been entered correctly,
select (Figure 3-36, Item 3) “Clear Beacon IP Address”. If no IP addresses are
present in (Figure 3-36, Item 1), select (Figure 3-36, Item 2) “Add a Beacon IP
Address” to add the addresses to be used as the Beacon Queryers. This function will
allow the user to input two addresses into the address text field, the Root Switch IP
and the Backup Root IP.
NOTE
Only two IP addresses should be in the Beacon IP Address text field (Figure 3-36,
Item 1) at any one time. If more than two addresses are in this window, select Clear
Beacon IP Addresses (Figure 3-36, Item 3) and re-enter the root switch IP
Addresses, or delete addresses as needed by selecting Delete a Beacon IP
Address (Figure 3-36, Item 4).
2. Select Deploy Beacon (Figure 3-36, Item 8). Refer to the “Beacon Prioritize Policy”
ports shown in Figure C-4 on page 217 and Figure C-5 on page 219 for the
switch/blades on which to enable this function.
NOTE
This function is only enabled for edge/core switches. Beacon policy rules cannot be
deployed on the Root and Backup Root switches.
This function will display the Loop Detection Port Setup dialog box (as shown in
Figure 3-37). Select the uplink ports that are facing towards the Root switches, as
described in Appendix C “Understanding Loop Detection (Security Enhanced Con-
figuration)”. After selecting “Update Ports” on Figure 3-37, the Loop Detection
dialog box will refresh with the newly added rules in the Loop Detection Policy
(LDP) Rules text field (Figure 3-36, Item 5).
NOTE
The Enable Beacon Detect, Setup Policy Rules, and Enable policy rule commands
are enabled after the first rule is deployed.
Example:
Text similar to the following will be added to Enable Port Policy Rules in the
Loop Detection Policy Rules text field for each port selected.
set policy rule admin-profile port ge.1.1 mask 16 port-string
ge.1.1 admin-pid 1
set spantree adminpathcost ge.1.1 400000 sid 0
80
1 - Screen function
2 - Switch/blade ID name
3 - Indicates a 48-port 100Mb Fiber blade in slot 1 with ports 1 and 25 selected as 100Mb
uplink ports; note that 100Mb Fiber ports are only selectable when selected as an uplink port.
5 - Uplink port number, selects and disables the uplink port when selected
7 - Indicates a 48-port 100Mb Copper blade in slot 2 with ports 1 and 25 selected as 100Mb
uplink ports; note that 100Mb Copper ports are only selectable when selected as an uplink port.
8 - Indicates a 24-port 100Mb Copper blade in slot 3 with port 1 selected as a 100Mb uplink port.
9 - Indicates a 18/24-port 1Gb SFP uplink port blade in slot 4
10 - Update Ports, downloads port selection to the switch configuration
12 - Clear all Port Data, clears all selected ports associated with the Chassis switch
Figure 3-37. Loop Detection Port Setup
3. Select the Deploy Circuit Breaker button (Figure 3-36, Item 9), and the DFE
Chassis (LDP Port Setup) dialog box appears as shown in Figure 3-37. Refer to the
“Circuit Breaker Policy” ports shown in Figure C-2 on page 213, Figure C-4 on
page 217 and Figure C-5 on page 219 for the switch/blades on which to enable this
function.
81
! WARNING
Do not deploy this function on the interlink ports between the root and backup
root switches.
This function will display the Loop Detection Port Setup dialog box (Figure 3-37),
select the uplink ports that are facing away from the Root switches, as described in
Appendix C “Understanding Loop Detection (Security Enhanced Configuration)”.
After selecting “Update Ports” on Figure 3-37, the Loop Detection Policy dia-
log box will refresh with the newly added rules in the Loop Detection Policy
Rules text field (Figure 3-36, Item 6).
NOTE
Enable Beacon Detect, Setup Policy Rules, and Enable policy rule commands are
enabled after the first rule is deployed.
Example:
ge.1.1 admin-pid 2
4. Select Deploy BackPlane Circuit Breaker (BPCB) (Figure 3-36, Item 10).
! WARNING
The Backplane Circuit Breaker Policy (BPCB) (used only on E-series blade
P0973BS) should be used to detect STP loop failures on the E-series second and
third generation blades only (part numbers listed on page 14). It is not
recommended that any other switches be interfaced to these second and third gener-
ation blades via uplink or data ports. Blades protected with the BPCB policy (i.e. E-
series second and third generation blades) should reside at the outer most edge of
the network. Refer to Table B-1 “Qualified Switch Standard/Security Enhanced
Configuration Compatibilities Matrix” on page 199 for a list of applicable part
numbers.
! WARNING
If Backplane Circuit Breaker Policy (BPCB) is to be used, proper precautions must
be made to ensure that the workstation which is responsible for hosting the second
or third generation blade being protected by the policy (part numbers listed on
page 14) is not physically attached to the switch. If the hosting workstation (to
which the switch sends traps) is attached to this switch, the System Management
will not detect the backplane rule hit (port disabling) in the event of a STP loop
failure on that switch. To prevent issue, the workstation must be attached to a dif-
ferent switch within the network. In general, it is good practice for a workstation
monitoring a switch to not be connected to that switch.
82
This function will display the Loop Detection Port Setup dialog box (Figure 3-37).
However, no ports will be displayed since all backplane ports will be selected, as
described in Appendix C “Understanding Loop Detection (Security Enhanced Con-
figuration)”. After selecting “Update Ports” on Figure 3-37, the Loop Detection
Policy dialog box will refresh with the newly added rules in the Loop Detection
Policy Rules text field (Figure 3-36, Item 5).
NOTE
Example:
set policy port bp.1.* 2
5. Select Deploy PBQ/SBQ Circuit Breaker (Figure 3-36, Item 11). Refer to the
“Circuit Breaker PBQ/SBQ Policy” ports shown in Figure C-2 on page 213,
Figure C-4 on page 217 and Figure C-5 on page 219 for the switch/blades on which
to enable this function.
NOTE
This function is only enabled on the root switches and is to be used only on uplink
ports interfacing the two root switches. The PBQ is the root switch with the lowest
IP address of the two root switches and the SBQ is the backup root switch with the
highest IP address.
! CAUTION
To clear port hits, refer to “Active Monitoring” on page 136 to use the Netsight Pol-
icy Manager (and read below), or to “CLI - LDP Rule Accounting (Manual)” on
page 144 to use the CLI. When using Netsight Policy Manager to manage a Secu-
rity Enhanced Configuration switch, you must have Policy Manager 3.0.1 or
greater installed. In the event of a root switch failure, 1) the LDP Beacon “PBQ”
will become disabled, 2) the functions of the root switch will move to the backup
root switch 3) and the LDP Beacon “SBQ” will become enabled. Once the root
switch failure has been resolved and the switch has been placed back on the net-
work, the LDP Beacon “PBQ” will become enabled, disabling the “SBQ”. Due to
this event, the redundant root switch links between the root and backup root will be
viewed by LDP as a loop within the network, which causes LDP to disable one of
the links (the blocking port). This event can be prevented if VLAN 2 is deployed on
the network (as recommended). To do this, move the root switch host ports to a
secure VLAN “VLAN 2” which will resolve the false port hits between the two root
switches. The host port will be moved to VLAN 2 “required for I/A” when assign-
ing VLAN2 to a switch automatically when using the Switch Configurator Applica-
tion Software (SCAS) to configure switches.
83
This function displays the Loop Detection Port Setup dialog box (Figure 3-37). Select
the uplink ports that are interfacing the two Root switches, as described in
Appendix C “Understanding Loop Detection (Security Enhanced Configuration)”.
After selecting “Update Ports” on Figure 3-37, the Loop Detection Policy dia-
log box will refresh with the newly added rules in the Loop Detection Policy
Rules text field (Figure 3-36, Item 5).
NOTE
Example:
ge.1.1 admin-pid 3
6. Select Deploy Loop Detection Rules (Figure 3-36, Item 15).
After selecting Deploy Loop Detection Rules, the Enable/Disable LDP dialog
box will reappear.
7. Select YES to update the Beacon Queryer Config files used when enabling and dis-
abling the LDP Beacon in Chapter 5 “Loop Detection Policy (LDP) Algorithms” on
page 113. After selecting YES, the Switch Configuration Parameters dialog box reap-
pears.
Figure 3-38. Enable/Disable LDP Dialog Box
NOTE
The “Beacon” is not enabled by this switch configuration download. Refer to
Chapter 5 “Loop Detection Policy (LDP) Algorithms” for enabling the LDP “Bea-
con”.
84
Appending LDP Commands

NOTE
When appending the (Figure 3-36 Item 17) switch LDP commands to a switch, the
commands are not added or saved to a configuration file. Select Apply Loop
Detection Rules (Figure 3-36 Item 15) to add the LDP commands to the config-
uration being built.
The Appending LDP commands can be applied to the attached switch by selecting (Figure 3-36
Item 17) Append LDP Rules to switch. To append the LDP commands to the switch, first
perform all the steps in “Configuring Loop Detection Rules” on page 79 before attempting to
append the LDP commands.
NOTE
Hardware configuration setup, all VLAN port assignments, and 100Mb uplink
ports must be configured/setup in SCAS before continuing.
Proceed as follows:
1. Perform all steps required in the previous procedure (step 1-5) before appending.
2. Select the Append LDP Rules to switch button.
The CLI Switch Interface dialog box appears, allowing the LDP commands to be
5). Enter the name of the startup configuration file to be saved (for example, use
Invensys.cfg).
downloading the switch’s LDP commands via the serial port into the switch. The
Switch Configurator Application Software Download window appears.
required commands. Ensure the switch’s LDP commands are downloaded into the
switch, and no errors occur during this process.
7. The switch’s LDP commands have now been downloaded. You are prompted to save
the new configuration. Select Yes.
Select Yes.
The switch’s LDP commands have been successfully configured. You are returned to
the Loop Detection dialog box.
page 127.
85
NOTE
The “Beacon” is not enabled by the LDP Append function. Refer to Chapter 5
“Loop Detection Policy (LDP) Algorithms” for enabling the LDP “Beacon”.
Configuring Simple Network Time Protocol (SNTP)

SNTP is used to synchronize the switch's internal time with the I/A Series control system's
Master Timekeeper.
Figure 3-39. Configuring Simple Network Time Protocol Dialog Screen
Descriptions of the fields in this dialog box follow:

♦ (Figure 3-39, Item 1) Setting SNTP. When a radio button is selected, this enables
the SNTP function in Unicast or Broadcast mode. Unicast Mode is the default setting
for DFE-series switches and cannot be changed at this time. The A-series switches and
C-series switches running the latest firmware release support the SNTP Broadcast
mode (recommended and selected by default).
86
♦ (Figure 3-39, Item 2) Master MTK IP Address. Enter the Master Timekeeper IP
Address. This must be entered before SNTP can be applied.
NOTE
The “TCG Alternate Ports” are not displayed or required if I/A Series software
revision 8.2 or greater is being utilized.
♦ (Figure 3-39, Item 3) Backup MTK IP Address. Enter the Backup Time Code
Generator IP Address.
NOTE
The Backup TCG Alternate Port (Figure 3-39, item 9) is not displayed or config-
ured for stand alone switches. The standalone switch (V, A, I, and C-series) is only
able to be configured for three (3) SNTP IP address.
♦ (Figure 3-39, Item 4) Set Polling Timeout. If Unicast mode is selected, the poll-
ing timeout must be set. This can be done by using the slide to increase or decrease
the required timeout time in seconds (1-30 seconds).
♦ (Figure 3-39, Item 5) Set Polling Retries. If Unicast mode is selected, polling
retries must also be set. This can be done by using the slide to increase or decrease the
required number of retries (0-10).
♦ (Figure 3-39, Item 6) Set Polling Interval. If Unicast mode is selected, the poll-
ing interval must be set. This can be done by using the slide to increase or decrease the
required interval time in seconds (16-16284 seconds).
NOTE
If the C-series switch (P0973BL/HA) is being configured, the polling interval is
only selectable for 64, 128, 246, 512, or 1024 seconds.
♦ (Figure 3-39, Item 7) Apply, when selected, applies SNTP and its settings to the
switch configuration
♦ (Figure 3-39, Item 8) Disable SNTP (Cancel), when selected, returns the user to
the previously viewed screen, disabling the SNTP function.
♦ (Figure 3-39, Item 9) Reset, when selected, returns the polling variables back to their
defaults.
♦ (Figure 3-39, Item 10) Master and Backup TCG Alternate IP Address - the
alternate IP address is automatically inserted.
♦ (Figure 3-39, Item 11) Appending SNTP command rules to switch - This func-
tion allows the user to download SNTP command rule to the switch without
reconfiguring the switch.
♦ (Figure 3-39, Item 12) Time Zones Adjustments - This function allows the user to
add a time offset to SNTP time stamp that corresponds to the local time. It also allows
switch setup for Daylight Savings Time.
87
To configure this dialog box, proceed as follows:

1. Enter the Master and Backup Timekeeper IP addresses (Figure 3-39, item 2 and 3).
The addresses can be obtained from SysDef.
2. Select the appropriate time zone if desired. The Time Zone box defaults to the
“(GMT -05:00) Eastern Time” with Daylight Savings selected. If GMT time is
desired, deselect the Apply the below Time Zone Time Adjustment selection.
The Time Zone box defaults to the “(GMT -05:00) Eastern Time” without Daylight
Savings selection.
3. The Daylight Saving (selected by default) features sets the reoccurring daylight savings
intervals as follows:
2nd Sunday of March to the 1st Sunday of November
If the Daylight savings intervals require modifications, deselect the Automatically
adjust time for daylight saving changes check box, then select it again.
This will provide a popup screen allowing you to modify the settings. When finished,
select Apply.
4. Select the appropriate protocol mode (recommend default) (Figure 3-39, Item 1). See
Table 3-5.
Table 3-5. Simple Network Time Protocol Supported Functionality
Switch Type Firmware Level Broadcast Mode Daylight Savings

V-series (P0972YC, WP) 2.5.2.5 No No
2.6.0.4 Yes No
A-series (P0973BJ, BK, 1.03.18 No Yes
BH) 02.01.00.0011 Yes Yes
02.01.44.0003 Yes Yes
C2-series (P0973BL) 4.00.31 No Yes
05.02.07.0006 Yes Yes
C3-series (P0973HA) 01.02.06.0004 Yes Yes
06.03.01.0008 Yes Yes
I-series (P0973GB) 1.01.14 No Yes
01.01.18.0008 Yes Yes
DFE-Series Gold 05.25.16 No Yes
(P0972YJ, YG) 05.42.04 No Yes
06.12.03.0003 No Yes
DFE-Series Platinum 05.32.06 No Yes
(P0973BQ, BR, BT, BS) 05.42.04 No Yes
06.12.03.0003 No Yes
5. Select Apply (Figure 3-39, Item 7).

88
Appending SNTP Commands

The Appending SNTP commands can be applied to the attached switch by selecting (Figure 3-39
Item 11) Append SNTP command rules to the switch. Perform step 1 in the previous sec-
tion above, then perform the following steps to append the SNTP commands to the switch:
1. Perform step 1-4 in the previous section above before appending.
2. Select the Append SNTP command rules to the switch button.
The CLI Switch Interface dialog box appears, allowing the SNTP commands to be
5). Enter the name of the startup configuration file to be saved (for example, use
Invensys.cfg).
downloading the switch’s SNTP commands via the serial port into the switch. The
required commands. Ensure the switch’s SNTP commands are downloaded into the
switch, and no errors occur during this process.
7. The switch’s SNTP commands have now been downloaded. You are prompted to save
the new configuration. Select Yes.
Select Yes.
The switch's SNTP commands have been successfully configured. You are returned to
the Switch Configuration Parameters dialog box.
page 127.
89
Configuring a Syslog Server
1 - Network Admin Server IP Address, specifies the Syslog message server’s IP address
2 - Server IP Address, specifies the Syslog message server’s IP address
3 - Server Logger Index, specifies the server table index number for this server.
4 - Command Window, displays the required commands to setup the Syslog server
5 - Apply, applies the commands in “command window” to the current configuration build.
6 - Mnemonic, All Sets the logging severity level for all applications.
7 - Alarming Severity Level, specifies the severity level at which the server will log messages for
applications.
8 - Server Default Facility, specifies the default facility name of the Syslog server(s) to which
messages will be sent.
9 - Append to Switch, sends the commands in the Command Window to the attached CLI port.
Figure 3-40. Configuring Syslog Servers Dialog Box
To configure the Syslog servers, proceed as follows:

1. On the Switch Configuration Parameter dialog box (Figure 3-22 on page 48) under
Switch Security, ensure Local Syslog ENABLED is selected (Figure 3-22,
Item 29).
NOTE
To view the local Syslog file on the switch, it must be uploaded from the switch,
refer to “Uploading Switch Syslog Files” on page 110.
a. Select Syslog Server DISABLED.

When selected, the Create Syslog Servers dialog box appears (Figure 3-40).
90
b. Enter a valid Admin Server IP Address (Figure 3-40, Item 1). If other work-
stations are to be used to monitor the switch, enter their IP addresses in the Pri-
mary and Secondary IP address fields (Figure 3-40, Item 2).
NOTE
The Syslog server application must not be running on the I/A Series workstation
monitoring (hosting) switches. If I/A Series software and the Syslog server software
coexist on the same workstation, the System Monitor (SMON) will not function as
designed. Workstations being utilized as Syslog servers should not host any
switches.
c. Verify that set logging server IP address for the server(s) are entered in
the Command window (Figure 3-40, Item 4). Select Apply.
d. Select Apply
2. Install a Syslog server application on the Syslog server.
There are many Syslog server applications available today, which are easy to
implement. A few examples are:
♦ NetSight® Console - refer to the NetSight® Console section in The MESH Con-
trol Network Architecture Guide (B0700AZ) for more details.
♦ Kiwi Syslog® Daemon - a freeware Syslog Daemon for Windows and can be
obtained at http://www.kiwisyslog.com/kiwi-syslog-daemon-overview/
The switch’s Syslog servers are configured.
91
92
4. Downloading/Uploading to/from
a Switch via the I/A Series SCAS
This chapter discusses how to connect to a switch, and configure the connection for sending switch
configuration files.
Connecting Ethernet Switch to the PC

The computer (laptop recommended) with the I/A Series Switch Configurator Application Soft-
ware (SCAS) installed needs to be connected to the switch’s CLI port (see Figure 4-1) through the
computer’s COM port using the serial cable provided with the switch.
Figure 4-1 shows the connection from a PC to the Ethernet switches.
For the Chassis switches (P0973AR, P0973AS, or P0972YE), a CAT 5 cable with RJ-45 plugs is
connected to the CLI port on the blade. A 9-pin D connector to RJ-45 plug adaptor is required to
connect the switch to the PC. Only one blade in an N3 (P0973AS) or N7 (P0972YE) Chassis
switch requires a configuration, this configuration will be distributed to the remaining blades.
The non-Chassis switches (P0972YC, P0972WP, P0973BH, P0973BJ, P0973BK and
P0973BL/HA) use cable P0973EY, a 9-pin D connector on their CLI port to connect to the
9-pin D connector on the PC. The cable and connectors are not supplied with the switch.
Table 4-1. Connection Cable for Non-Chassis Switches
Part
Number Length Purpose Description
P0973EY 1.5-1.8 m (5-6 ft) Command Line Interfaces the switch adminis-
Interface (CLI) trator computer to an Invensys-
cable for Invensys- supplied switch for switch con-
supplied switches figuration purposes.
9-pin D (Female) on both ends.
93
B0700CA – Rev L 4. Downloading/Uploading to/from a Switch via the
Blade (Typical)
CAT 5 Cable
RJ-45
Connector
Chassis Switch
(P0972YE (N7) used as example)
RJ-45 To
Chassis Switch Blade COM Port Connection 9D Adaptor
OR
9D
Laptop
Non-Chassis Switch
(P0972YC used as Serial Port
9-Pin example) Cable (P0973EY)
D Connector
9D
Non-Chassis Switch COM Port Connection
Figure 4-1. Connecting PC to Ethernet Switches
Default Passwords
The switch login for Invensys-supplied switches is: admin
The default passwords are:
♦ P0972YC, and P0972WP non-Chassis switches, the default password is = admin.
♦ P0973GB, P0973BH, P0973BJ, P0973BK, P0973BL/HA and for the N1, N3 or N7
Series Chassis Gold and Platinum blades, the default password is = (blank).
It is recommended that a password be entered for all switches after they have been
configured, in accordance with the “Switch Configuration” chapters of the documen-
tation included with your Invensys qualified Ethernet switches. Proceed to “Changing
Switch Passwords” on page 101 after completing the switch configuration download.
94
4. Downloading/Uploading to/from a Switch via the I/A Series SCAS B0700CA – Rev L
Downloading to a Switch
Perform the following steps to configure a switch with the I/A Series Switch Configurator
Application Software.
! WARNING
Due to the enhancements and features available in revision 3.0.1 of SCAS, configu-
ration files built with revisions 2.2.6 or earlier versions of SCAS cannot be used. To
obtain a compatible copy of a running configuration built with revision 2.2.6 or
earlier versions of SCAS, refer to Chapter 7 “Loading Configuration Files to/from
Switches”. This function will save the earlier revision configuration into
revision 3.0.1 “.sca” format.
This procedure involves both the Switch Setup dialog box, shown in Figure 4-2, and the Configu-
rator CLI Switch Interface dialog box, shown in Figure 4-3.
Note: Items in this dialog box are described in Figure 3-3 on “Switch Setup Dialog Box” on page 29
95
Figure 4-3. CLI Switch Interface Dialog Box
Descriptions of the fields and settings in the CLI Switch Interface dialog box are as follows.
♦ (Figure 4-3, Item 1) COM Ports - Selects the COM port on which to communicate.
♦ (Figure 4-3, Item 2) Interrogate Device - when selected, will interrogate the
switch for its device type, system name, IP address and running firmware revision.
♦ (Figure 4-3, top left-hand side of left pane) Select Device Type - returns the user
to Figure 4-2 so a device type can be selected.
♦ (Figure 4-3, Item 3) Selected Device Type - the current selected device type
selected in (Figure 4-2, Item 16) or the device type after the switch has been
interrogated.
♦ (Figure 4-3, Item 4) Running Firmware - displays the switch’s running firmware
discovered during the switch interrogation.
♦ (Figure 4-3, Item 5) Config Firmware - displays the selected configuration’s firm-
ware revision when built/imported.
♦ (Figure 4-3, Item 6) Switch Name - displays the switch’s assigned name discovered
during the switch interrogation.
♦ (Figure 4-3, Item 7) Save config filename - allows the user to enter a file name of
the startup configuration file to be saved (Default: Invensys.cfg).
96
♦ (Figure 4-3, Item 8) Select Slot Location - (Only visible with DFE-series
switches) When configuring a DFE Chassis switch, the slot location in which the user
wants to save the configuration file (Figure 4-3, Item 7) must be selected.
♦ (Figure 4-3, Item 9) Return Switch to Factory Default - When selected, will
configure the switch back to its factory default configuration before downloading a
new configuration. This will be automatically enabled when downloading a
configuration.
♦ (Figure 4-3, Item 10) Configure Stacking Ports - (Only visible with A-series
switches) When selected, this will configure the A-series switch stacking ports as Fast
Ethernet Port. This will be automatically enabled when downloading a configuration
to an A-series switch.
♦ (Figure 4-3, Item 11) Download File - allows the user to select a saved configuration
for the switch type and firmware level currently attached to while displaying a descrip-
tion of the configuration file (Item 13).
♦ (Figure 4-3, Item 12) Displays the file name of the configuration file currently dis-
played in the text field (Item 13).
♦ (Figure 4-3, Item 13) Configuration File to be Downloaded - allows the user
to view the configuration commands being downloaded to the switch.
♦ (Figure 4-3, Item 14) Change Switch Password - allows the user to change the
switch's password.
♦ (Figure 4-3, Item 15) Validate Switch’s Running Configuration - allows the
user to interrogate the switch’s running configuration for any errors, warnings or
important switch settings.
♦ (Figure 4-3, Item 16) Setup Port Mirroring - allows the user to create, enable and
disable port mirroring for troubleshooting purposes only.
♦ (Figure 4-3, Item 17) Update Switch Firmware - allows the user to download
Firmware updates via TFTP or CLI (if supported).
♦ (Figure 4-3, Item 18) Upload Switch Diagnostic Information - allows the user
to interrogate the switch’s running state, downloading Port, CPU, RMON, fault logs,
and general switch status.
♦ (Figure 4-3, Item 19) Import Switch’s Running Config - allows the user to
download the switch’s running configuration and save it in a .scs file format.
♦ (Figure 4-3, Item 20) Reset Switch Config to Factory Defaults - allows the
user to reset the switch to its factory defaults without downloading a new
configuration.
♦ (Figure 4-3, Item 21) Reset Stacking Ports - A-series switches only. This allows
the user to reconfigure A-series stacking ports to Ethernet Port in the event they were
misconfigured.
♦ (Figure 4-3, Item 22) View LDP Port Hits - (DFE-series switches only) allows the
user to interrogate the switch via the CLI port for LDP Port Hits do to a STP loop
failure event, and allows the user to re-enable these ports.
♦ (Figure 4-3, Item 23) Download Commands to Switch - will not be enabled until
the switch to which you currently are attached has been interrogated (Figure 4-3, Item
97
2) at which time, you are allowed to download the command file (Figure 4-3, Item
13) to the switch.
♦ (Figure 4-3, Item 24) Reset Window - reset the window to its default settings.
♦ (Figure 4-3, Item 25) Back to Switch Setup - returns the program back to the per-
vious screen.
♦ (Figure 4-3, Item 26) Clear NVRAM - This function clears the switch’s configuration,
returning the switch back to its factory defaults. The switch’s configured IP address
and password are deleted and the stacking ports are set for stacking.
! WARNING
By using this “Clear NVRAM” command (Figure 4-3, Item 26), the switch’s
configuration, IP address, password and stacking port configuration will be deleted,
returning the switch back to its “out-of-the-box” condition.
Downloading Configuration to a Switch

Interrogating the Switch
Proceed as follows:
1. On the Switch Setup dialog box, select the CLI Switch Interface button
(Figure 4-2, Item 23), shown in blue, to configure the switch.
The Configurator CLI Switch Interface dialog box appears as shown in Figure 4-3.
2. Select COM Ports pull-down arrow.
A drop-down window allows you to select which serial port (COM1 to COM4) is
used to communicate with the switch (for example, COM Port 1).
3. Select Interrogate Device. This interrogates the switch for its firmware level, sys-
tem name, IP address and device type. The Interrogating Switch dialog box appears.
1 - COM Ports, selects the COM port on which to communicate.

2 - Interrogate Switch, when selected, will interrogate the switch for its device type and
running firmware revision.
3 - Continue will not be visible until the switch communications have been established,
when selected will update the programs device type and firmware revision settings.
4 - Return, exits the Interrogating Switch dialog box without updating the program, returning
the user to the previously displayed screen.
Figure 4-4. Interrogating Switch Dialog box
98
4. Select Interrogate Switch. The switch’s password is requested. Type the password
and press <Enter>.
NOTE
If this is a V-Series switch and you are not prompted for a password, press the
<Enter> key to get the prompt.
5. When the Continue button becomes visible and after the CLI window has closed,
select the Continue button. This updates the program for the switch to which you
are attached. Note that the Download Commands to Switch button (Figure 4-3,
Item 23) becomes enabled.
Downloading the Config File

Proceed as follows:
1. Enter a file name in the Save config filename (Figure 4-3, Item 7) text box. Enter
the filename which this downloaded startup configuration will be saved as (for
example, use: Invensys.cfg).
NOTE
Only two configuration files can be saved to any one switch, and only one configu-
ration file can be run at a time.
2. Select the Download File (if required), (Figure 4-3, Item 11). The Download File is
A drop-down window that allows you to select the configuration file to be used when
configuring a switch.
NOTE
The drop-down window displays only the configurations that were built with the
device type that match the device type retrieved by the interrogate switch function.
If the firmware revision of the configuration build file does not match the firmware
revision retrieved by the interrogate switch function, SCAS warns the user that the
configuration file is not compatible with the firmware revision of the switch. If
desired, you can override this warning, but you will be at risk of configuration com-
mand errors due to incompatible firmware.
3. When downloading a configuration file, ensure the Return Switch to its Fac-
tory Default pick (Figure 4-3, Item 9) stays selected prior to a new configuration
download.
99
! CAUTION
Before configuring an A-series switch for the first time, it is required that the stack-
ing ports be configured as Ethernet ports. To do this, ensure the Configure
Stacking Ports as Ethernet Ports pick (Figure 4-3, Item 10) is selected
before configuring an A-series switch. This function will cause the switch to reset
before it is configured. If this function is not performed during the configuration
process, then to correct the ports (if stacked), refer to “Misconfigured Stack Ports
(A-Series P0973BH/BJ/BK Switches Only)” on page 187.
4. For A-series switches (P0973BH, P0973BJ, and P0973BJ) only - When downloading
a configuration file to an A-series switch, ensure the Configure Stacking Ports
as Ethernet Ports pick (Figure 4-3, Item 10) stays selected prior to a new config-
uration download.
5. In the Download pane (Figure 4-3, Item 13), review the Configuration entries for
accuracy before downloading the configuration. Using the down arrow in the Down-
load Configuration pane allows you to view the individual settings for a selected
switch.
6. Click the Download Commands to Switch button (Figure 4-3, Item 23) to begin
downloading the selected switch configuration via the serial port into the switch. The
7. While observing the Switch Configurator Application Software Download window,
ensure the configuration is downloaded into the switch, and no errors occur during
this process.
NOTE
It is normal to see the input error shown in Figure 4-5 and it should be ignored.
This is only the configuration file’s timestamp entered as a command.
Figure 4-5. Input Error
If any errors occurred, ensure the switch has been returned to the Factory Default and
the configurator device type and configuration file has been correctly programmed. If
the failure still occurs, proceed to Chapter 12 “Troubleshooting” on page 181.
NOTE
Configuration files in the Configuration to be Downloaded window can be
edited for each switch in the network (see “Chapter 8 “Editing Files for the Switch
Configurator Application Software” on page 131).
8. If LDP is to be deployed, it is recommended that all switches within the network be

configured for LDP and functional before enabling the Beacon. To enable the Beacon,
refer to Chapter 5 “Loop Detection Policy (LDP) Algorithms” on page 113.
100
9. The switch configuration has now been downloaded. You are prompted with the mes-
sage, “Would you like to save the newly downloaded configuration to
the switch?” Select Yes.
Select Yes.
11. It is now recommended that the switch’s password be changed for security reasons.
Proceed to “Changing Switch Passwords” below.
NOTE
Password must be 8 characters or longer. In the following example, ******** denotes
user defined password.
Changing Switch Passwords

To change the password on your switch, proceed as follows:
1. It is assumed that “Interrogating the Switch” on page 98 has been accomplished. If
not, perform these steps before continuing.
2. Select Change Switch Password (Figure 4-3 on page 96, Item 14).
3. The Password Setup dialog box will now appear (Figure 4-6). The setting CLI Pass-
word will expire in 0 days only appears in the dialog box. This is the factory
default setting for this switch. When the value is changed from the default value, the
password history and length settings become selectable.
Figure 4-6. Password Setup Dialog Box
The following password settings are recommended for compliance with the Network
Security requirements. If these settings are to remain as factory default, proceed to
step 6.
4. Increase the CLI Password will expire in 0 days setting to 90.
This setting will cause the new password to expire in 90 days.
NOTE
If the password expires, the switch will allow the user to gain access to the switch to
change the password and only if the old password was entered correctly. If this
occurs, proceed to steps 8-11.
101
5. Increase the CLI Password history size 0 setting to 5.

This setting will restrict the user when changing the password from reentering the last
five used passwords.
NOTE
CLI Password length can be increased up to 20 characters but no less than 8.
This setting will restrict the user from entering the password character length no less
than the selected value.
6. Click Set Password, as shown in Figure 4-6.

7. During logon, the switch's password is requested. Type the current password and press
<Enter>. If needed, refer to “Default Passwords” on page 94 for the factory default
passwords.
8. After the SCAS Download window prompts you to enter old password as shown in
Figure 4-7, left-click on the window, re-enter the current password again and press
<Enter>.
NOTE
Passwords will not be visible when typing.
Figure 4-7. SCAS Download Window Password Prompt
9. If the old password was entered correctly, the SCAS Download window prompts you
for the new password. Enter the new password (eight characters or more) and press
<Enter>.
10. The SCAS Download window prompts you to re-enter the new password. Enter the
new password again and press <Enter>, as shown in Figure 4-8.
102
Figure 4-8. SCAS Download Window Password Changed
11. If the two entered passwords match and are eight characters or more, the password
changes as indicated in Figure 4-8 above.
12. If the password was successfully changed, the SCAS Download window exits the
switch CLI and closes.
The switch has successfully been configured.
Resetting Password
The switch’s Command Line Interface (CLI) locks out after three incorrect password attempts
and remains locked out for 15 minutes. The reset password button also remains non-functional
for these 15 minutes.
NOTE
Power must be applied to the unit before the 15 minute lockout can expire.
If the switch’s login password has been changed from the Factory Default and you have forgotten
the login password, refer to Chapter 4 of the switch’s Hardware and Software Configuration
Instructions manual (listed in “Reference Documents” on page xvii) for detailed information on
how to manually reset the password for the specific switch in use.
Validating Switches Running Configuration

To validate a running configuration, proceed as follows:
NOTE
This function cannot be performed on a V-series switch.

103
2. Click the Validate Switch's Running Configuration button.

3. The Switch Configurator Application Software Download VT100 window will
appear. Log into the switch as normal. SCAS will collect the required information,
then exit and close the SCAS VT100 window.
4. In the Configuration Validation dialog box (shown in Figure 4-9), click the Update
Status Messages button (Item 1). This button will update the configuration fields
while saving the messages into a _Elog.txt log file. The file will be saved into the
C:/Program Files/Switch Configurator/ logs folder.
Figure 4-9. Configuration Validation Dialog Box
5. All Configuration errors (Figure 4-9, Item 3) must be addressed immediately. Refer to
“Configuration Error Messages” on page 188 to determine the required actions
needed.
6. All Configuration warnings (Figure 4-9, Item 4) should be addressed as soon as possi-
ble. Refer to “Configuration Warning Messages” on page 194 to determine the
required actions needed.
104
7. All Configuration status fields (Figure 4-9, Items 5 and 6) are for informational pur-
poses only. No actions are required for these.
8. Click Close to return to the Configurator CLI Switch Interface dialog box.
Port Mirroring
Proceed as follows:
2. Click the Setup Port Mirroring button. The Port Mirroring Setup dialog box
will appear as shown in Figure 4-10.
Figure 4-10. Port Mirroring Setup Dialog Box
3. Enter the Source Port and Target Port as shown in Figure 4-10, Item 1, and click
Enter Ports.
105
NOTE
Multiple source ports can be mirrored to one target port. However, only one target
port can exist on a switch.
4. Select one of the Create, Disable, Enable or Delete radio buttons (Figure 4-10,
Item 2).
! WARNING
If a port mirror is enabled on the switch, disable or delete the mirror before
enabling another port mirror.
NOTE
Be aware that:
- By selecting the Create button, the selected port mirror (Figure 4-10, Item 1) will
be created and enabled on the switch if no enabled mirrored ports currently exist on
the switch (as shown in Item 4).
- By selecting the Disable button, the selected port mirror (Figure 4-10, Item 1) will
be disabled, after which other “target ports” can be enabled.
- By selecting the Enable button, the selected port mirror (Figure 4-10, Item 1) will
be re-enabled.
- By selecting the Delete button, the selected port mirror (Figure 4-10, Item 1) will
be removed for the switch’s configuration.
5. The ports selected should appear in the “Ports to be Mirrored” pane. If any other port
mirroring is required, those ports can be entered now.
NOTE
Multiple source ports can be mirrored to one target port. However, only one target
port can exist on a switch.
6. Click the Deploy Mirror button. This function will return you to the CLI Switch
Interface dialog box (Figure 4-3 on page 96).
7. Click Download Commands to Switch (Figure 4-3, Item 23). This will open the
SCAS VT100 window and download the port mirroring commands.
106
Uploading Diagnostic Files from a Switch
Figure 4-11. Syslog File Upload
NOTE
The V-series legacy switches P0972WP and P0972YC cannot use this method to
upload the diagnostic information or the Syslog file. For these switches. refer to
“Uploading a V-Series Switch Syslog File” on page 111.
Setting Up Switch for Upload

To upload a local Syslog file or diagnostic information from the switch, proceed as follows:
1. Ensure the TFTP server has been installed and running. Refer to “Set Up TFTP Ser-
vice” on page 173 for details.
107
NOTE
The TFTP server must be running and an Ethernet connection must be made
between the switch and a PC running SCAS before continuing.
2. In the TFTP Server dialog box, click File -> Configure and select the TFTP Root
Directory tab. Navigate to directory in which you would like to store the Syslog file,
and click OK.
3. Start the SCAS program and navigate to the Switch Setup dialog box, as shown in
4. In the Switch Setup dialog box, select the CLI Switch Interface button
(Figure 3-3 on page 29, Item 23).
5. A Warning window should appear. If you are not in violation of the warning, select
Continue.
6. The CLI Switch Interface dialog box (Figure 4-3) becomes enabled.
7. Under the COM Ports selection, select the COM port the switch is attached to.
8. Select the Interrogate Device button.
9. Click the Upload Switch Diagnostic Information button (Figure 4-3, Item
18).
a. The Syslog File Upload dialog box will appear with a Data Error Warning win-
dow. Verify the TFTP server is running. Select OK when ready.
b. Under the Select COM Port (Figure 4-11, Item 3) selection area, select the
COM port the switch is attached to.
c. Under the TFTP Server IP Address: area (Figure 4-11, Item 4), enter the
TFTP Server IP address used by the TFTP Server (Figure 4-12, Item 1).
Figure 4-12. TFTP Server Dialog Box
108
NOTE
Ensure that the IP address you enter matches the address displayed in the lower
right corner of the TFTP Server dialog box shown in Figure 4-12.
d. Click the Interrogate Switch button (Figure 4-11, Item 6). This interrogates
the switch for its firmware level, system name, IP address and device type and
ensures the correct device is attached to the COM port cable. The Interrogating
Switch dialog box will appear, as shown in Figure 4-13.
Figure 4-13. Interrogating Switch Dialog Box
e. The Switch Configurator Application Software Download VT100 window

appears, prompting for the switch's password. Type the password and press
<Enter>.
f. When the Continue button becomes visible (Figure 4-13, Item 3) and after the
CLI VT100 dialog box has closed, click the Continue button.
g. This updates the program for the switch to which you are attached. Click OK.
Note that the Upload Switch Diag Info and Upload Syslog Files buttons
(Figure 4-11, Item 5) become enabled.
Uploading Switch Diagnostic Information

NOTE
upload the diagnostic information. For these switches. refer to “Uploading a V-
Series Switch Syslog File” on page 111.
Proceed as follows:
1. It is assumed that “Setting Up Switch for Upload” on page 107 has been accom-
plished and the Syslog File Upload dialog box is displayed. If not, perform these steps
before continuing.
2. Select the Upload Switch Diag Info button. The Switch Configurator Applica-
tion Software Download VT100 window appears, prompting for the switch's pass-
word. Type the password and press <Enter>. SCAS will interrogate the switch’s
109
running status, and upload the information into a _log.txt file. The information
will be saved into the C:/Program Files/Switch Configurator/logs/ folder
with the following naming
convention:
(switch ID, today's date) , _log.txt
3. The Switch Diag Information dialog box appears. Click OK.
4. After the _log.txt file has been uploaded, a dialog box appears, stating the follow-
ing:
♦ If the TFTP server is setup and running you can now upload the Sys-
log Files, Continue?
Select YES to upload the Syslog file(s).
5. SCAS will direct the switch to “ping” the TFTP server. If the connection is made
“alive”, the Syslog file will be uploaded.
6. After the file has been uploaded, an upload dialog box appears. Select OK to complete
the file transfer.
7. Now the Syslog file can be viewed via a text editor. The file has been saved in the
TFTP directory previously selected in step 2 with a file name in the following format:
the switch's assigned System ID Name, today's date, _log.txt
(i.e. SWA206_01-14-2009_log.txt). For a chassis switch, this assigned System ID
Name is the appropriate blade number.
8. Click EXIT to return to the Switch Setup dialog box.
Uploading Switch Syslog Files

NOTE
upload the Syslog file. For these switches, refer to “Uploading a V-Series Switch Sys-
log File” below.
Proceed as follows:
1. Select the Upload Syslog Files button. The Switch Configurator Application
Software Download VT100 window appears, prompting for the switch's password.
Type the password and press <Enter>. SCAS will direct the switch to “ping” the
TFTP server. If the connection is made “alive”, the Syslog file will be uploaded.
2. After the file has been uploaded a upload dialog message appears. Click OK to com-
plete the file transfer.
TFTP directory previously selected in step 2 with a file name in the following format:
the switch's assigned System ID Name, today's date, _log.txt
(i.e. SWA20601-14-2009_log.txt).
4. Click EXIT to return to the Switch Setup dialog screen.
110
Uploading a V-Series Switch Syslog File

To upload from a V-series switch (P0972WP/YC), a HyperTerminal™ window must be used.
Proceed as follows:
1. Login to the switch.
2. On the HyperTerminal window, click Transfer > Capture Text > File. Enter the
file location and name of the Syslog log to be saved
(i.e. c:/TFTP-Root/SWV206.log), then click Start.
3. At the switch prompt, type the command:
show log ram
4. At the <more> prompt, press the space bar to add more entries to the file.
5. At the switch prompt, type the following commands, while pressing the space bar at
the <more> prompts:
show version
show system
show spanning-tree
show vlan
show interface counters
show running-config
6. At the end of the data dump under HyperTerminal window, click Transfer > Cap-
ture Text > Stop.
7. At the switch prompt, type the command:
exit
8. Close the HyperTerminal window.
directory previously selected in step 2.
111
112
5. Loop Detection Policy (LDP)
Algorithms
This chapter discusses how to activate or disable the Loop Detection Policy algorithms, for
networks with Security Enhanced Configurations only.
NOTE
The topics discussed in this chapter should be well understood before implementing
an LDP solution. Understanding the concepts in Appendix C “Understanding Loop
Detection (Security Enhanced Configuration)” is essential before continuing.
! WARNING
Switch installation, replacement and configuring should only be performed by per-
sonnel who are knowledgeable about The MESH control network topologies/con-
figurations for I/A Series systems, and fully understand the ramifications of
modifications beyond device defaults. It is important that you have a comprehen-
sive understanding of the command line structure of the Invensys-supplied switch
and the concept of each command before configuring the switch, as these rules and
commands can have a significant impact on the network operation, putting all
aspects of the network at risk.
For the Security Enhanced Configuration only - Prior to deploying an LDP switch
configuration on the network, it is critical that deployment of the loop detection
algorithm (LDP) only be performed by personnel with a good understanding of the
network and the function of the policies that make up the algorithm.
Activating / Disabling Loop Detection Policy (LDP)

Algorithms
Before LDP can detect loops at the sub-second rate within the network, the “Primary and Sec-
ondary” Beacon must be enabled. Be aware that false hits have the potential to occur during the
deployment of LDP and during the construction or maintenance of The MESH control network.
Due to this, it is recommended that the “Beacon” should not be enabled until all switches con-
tained within The MESH control network are up and completely operational. Ensure that all
switches within the network are configured for LDP and are functionally ready before system star-
tup.
Enabling LDP
To enable the LDP Beacon IGMP packet queryer, you must perform steps 1-7 in “Downloading
to a Switch” on page 95 on the Primary Beacon Queryer (PBQ) “Root” switch, with one exception
113
B0700CA – Rev L 5. Loop Detection Policy (LDP) Algorithms
in step 7. After opening the Download File Menu drop-down menu (see Figure 4-3, Item 14 on
page 96), select Enable LDP Beacon Queryer and perform the following:
NOTE
When enabling LDP, you may receive a message indicating that there is a firmware
version mismatch, and that errors may occur if you download it. Ignore this mes-
sage and YES.
1. Select the Download Config (Figure 4-3, Item 18) button. This will enable the Bea-
con IGMP packet query.
2. The switch’s password is requested. Type the password and press <Enter>.
3. The Save Switch Configuration dialog box appears, prompting you with “Would you
like to save the newly downloaded configuration to the switch?”
♦ Yes is the recommended choice. Selecting Yes saves the configuration change to
the file named in the “Save config file name:” text field.
♦ Selecting No does not update the config file.
When finished, repeat this section (“Enabling LDP”) for the Secondary Beacon Queryer (SBQ)
“Backup Root” switch.
Disabling LDP
This process can be used to disable the Beacon IGMP packet queryer in the event of power
cycling of switches within The MESH control network. This may be required during network
maintenance, as discussed in the following section “Power Failures.”
To disable the LDP Beacon IGMP packet queryer, you must perform steps 1-7 in “Downloading
to a Switch” on page 95 on the Secondary Beacon Queryer (SBQ) “Backup Root”, with one excep-
tion in step 7. After opening the Download File drop-down menu (see Figure 4-3, Item 14 on
page 96), select the Disable LDP Beacon Queryer config file, and perform the following:
NOTE
When disabling LDP, you may receive a message indicating that there is a firmware
version mismatch, and that errors may occur if you download it. Ignore this mes-
sage and select YES.
1. Select the Download Config (Figure 4-3, Item 18) button. This will disable the Bea-
con IGMP packet query.
2. The switch’s password is requested. Type the password and press <Enter>.
3. The Save Switch Configuration dialog box appears, prompting you with “Would you
like to save the newly downloaded configuration to the switch?”
♦ Yesis the recommended choice. Selecting Yes saves the configuration change to
the file named in the “Save config file name:” text field.
♦ Selecting No does not update the config file.
When finished, repeat this procedure to disable the LDP Beacon IGMP packet queryer for the
Primary Beacon Queryer (PBQ) “Root” switch.
114
5. Loop Detection Policy (LDP) Algorithms B0700CA – Rev L
Power Failures
After a switch power failure, the switch will be added back into the network topology via the
spanning tree algorithm. However, due to the LDP response to the loop packet, it may disable a
looping port before RSTP can resolve the loop. In the event this occurs, refer to “Active Monitor-
ing” on page 136 to ensure no ports have been disabled during the power up sequence of the
failed switch.
115
B0700CA – Rev L 5. Loop Detection Policy (LDP) Algorithms
116
6. Adding or Replacing an Existing
Switch, Blade or NEM in
The MESH Control Network
This chapter provides an overview for adding or replacing an existing switch in The MESH
control network and the I/A Series control network.
! CAUTION
Switch installation, replacement, and firmware upgrading and configuring should
only be performed by personnel who are knowledgeable about The MESH control
network topologies/configurations, and fully understand the ramifications of modi-
fications beyond device defaults. Otherwise, the proper operation of the network
could be at risk.
! CAUTION
When using Chassis switches in the various topologies/configurations, the N7 series
Chassis switches (DFE-Gold and DFE-Platinum Blades) are not compatible with
E7 series Chassis switches (2nd and 3rd generation blades) at the root switch level.
Do not use an E7 and an N7 switch together as a root and a backup root switch. It
recommended that the Root and Backup root switches be the same switch type for
minimum impact on the network in the event of a root switch failure.
! CAUTION
Make sure a replacement switch is correctly configured before adding it to the net-
work. Any uplink ports should be installed before the switch is configured.
NOTE
Before removing a switch from the network, be sure to record its existing configura-
tion. This information is necessary when the replacement switch is configured.
NOTE
When replacing a switch, the firmware version of the replacement switch must be a
qualified version equal to, or newer than the original switch. New switches should
have the latest qualified version of firmware available.
117
B0700CA – Rev L 6. Adding or Replacing an Existing Switch, Blade or NEM in
Replacing or Adding a Network Switch/Blade

♦ If the switch/blade is being replaced with the same switch/blade model, and the
switch’s running configuration has been saved to an external location, then perform
steps 2-13 below.
♦ If the switch/blade is still functional, and it is being replaced with the same
switch/blade model, perform steps 1-13 below.
♦ If replacing a defective switch and the switch’s running configuration has not been
saved to a location external to the switch, then create a new configuration (step 1) and
perform steps 2-13.
♦ If replacing a defective switch with a different switch model, then create a new config-
uration (step 1) and perform steps 2-13.
♦ If adding a new switch into the network, label the cables, and then perform step 1 and
steps 7-13 only. The cables should be labeled even if for a new switch.
NOTE
When upgrading firmware, upgrade the outer edges first, then work towards the
root.
The order of operations for adding a new switch/blade or replacing an existing switch/blade in
The MESH control network are as follows:
1. Upload the switches configuration or create a new configuration1,2.
2. Ensure all cables on the switch/blade are labeled with their port location prior to
removal. It is recommended that this information be recorded utilizing Appendix A
“Switch Information Form” on page 197.
3. Before powering down the switch/Chassis, ensure all devices attached to this switch
have redundant paths to the root switch and are up and operational. If replacing the
root switch/blade, make sure all devices attached to the root have redundant paths
attached to the Backup root and are operational.
4. Power down the switch/Chassis. This will cause the Control Network to re-span.
5. Remove all cables from the switch/blade.
6. Remove the existing switch/blade
7. Install the new switch/blade.
8. Power up the switch/Chassis.
9. If necessary, load the proper firmware version into the new switch/blade3.
1. See“Importing a Configuration “.sca” File from Switch Using SCAS” on page 128.
2.
When using the switch configurator on the DFE-Series Chassis, the configuration is saved on the
blade in Slot 1 by default. However, this location can be changed to any slot location, so it is impor-
tant to note the slot to which the configuration file was saved in the event of a blade failure. It is also
possible to save the configuration file to more than one slot location.
118
6. Adding or Replacing an Existing Switch, Blade or NEM in The MESH Control Network B0700CA – Rev L
10. Perform “Downloading to a Switch” on page 95.

11. Power down the switch/Chassis.
12. Install all cables as labeled and as recorded in Appendix A “Switch Information Form”
on page 197.
13. Power up the switch/Chassis.
Replacing or Adding a Network Expansion Module

NEM (P0972YK/P0973FQ)
! CAUTION
If a blade, or Network Expansion Module (NEM) is added or removed from the
switch hardware, the switch must be removed from the network and re-configured.
A complete software reconfiguration of the switch is necessary after the device has
been installed, replaced or removed from the switch.
When replacing a P0972YK Network Expansion Module (NEM) with the P0973FQ NEM or
installing a new P0973FQ NEM into a new switch, the firmware installed on the switch must be
running firmware 5.42.04 or greater Invensys qualified firmware. The following steps must be
performed before the task is performed:
! WARNING
If the switch is running older firmware than 5.42.04, the installation of this
P0973FQ NEM will cause the switch to fail on power up, resulting in a red CPU &
MGMT LED indicators on the module on which the NEM was installed.
1. Determine the running version of firmware. Firmware version 5.42.04, or a higher

version of Invensys qualified firmware, must be installed before you can insert the
P0973FQ NEM.
A complete list of qualified firmware can be found in “Qualified Switches for The
MESH Control Network” on page 199.
3.
Slot 1 of the DFE-Series “Gold” blades is the master blade. All blades in that chassis will use its run-
ning firmware and configuration, so it is important that the blade in Slot 1 has a current qualified
firmware revision installed and booted. However, the DFE-Series “Platinum” blades do not function
in this manner. All “Platinum” blades within the chassis will use the latest revision of firmware
installed on any one of the installed blades when a newer unqualified firmware is installed on a
replacement blade; so it is important that all blades have the same revision of qualified firmware
installed. If this occurs, allow the switch to boot and refer to Chapter 11 “Downloading Qualified
Firmware Images” on page 167.
119
NOTE
If a firmware upgrade is required, use the Switch Configurator Application Software
(SCAS) 3.0.1 or later. This revision of the tool has both the required firmware and
feature needed to download and install the firmware. For direction and procedures
on upgrading firmware on a switch refer to “Downloading Firmware via TFTP Ser-
vice” on page 170.
2. Perform one the following, depending on whether a NEM is being added or if a defec-
tive NEM is being replaced:
a. If the NEM is being added to the Chassis, a new configuration must be built
which incorporates this new NEM. Refer to Chapter 3 “Building a Configuration
File” on page 23.
b. If the NEM is replacing a defective NEM (P0972YK or P0973FQ), the Chassis’
running configuration should be saved before the installation.
At the switch prompt type:
show config outfile slot1/<filename>
NOTE
slot1 is the blade location in which the configuration file will be saved. See the sec-
ond footnote on page 118.
Now the switch/blade can be prepared for the NEM installation. Refer to the “Replacing or Add-
ing a Network Switch/Blade” on page 118 for instructions on removing the switch from the net-
work.
Before adding the switch back into the network the switch must be reconfigured as per “Replacing
or Adding a Network Switch/Blade” on page 118.
In addition to the methods described in this chapter, the switch can be re-configured if the NEM
was a replacement and step 2b above was performed, by using the following command:
configure slot1/<filename>
Failure After NEM Module P0973FQ Installation

If a chassis blade fails with red CPU & MGMT LED indicators after a P0973FQ NEM was installed,
and the Chassis is running on firmware older than 05.42.04, you must perform the following
steps to recover from this switch failure:
1. Power down the switch.
2. Remove the P0973FQ NEM(s).
3. Power up the switch and upgrade the firmware. Refer to “Downloading Firmware via
TFTP Service” on page 170.
4. Power down the switch again.
5. Install the P0973FQ NEM(s).
6. Power up the switch and verify the switch CPU LED indicator is green and the MGMT
LED indicator is off.
120
7. Re-install the switch configuration. Refer to Chapter 4 “Downloading/Uploading

to/from a Switch via the I/A Series SCAS” on page 93 to install the switch configura-
tion.
8. Power down the switch again.
The switch is ready to be installed back into the network.
Switch Installation
Before installing a switch into The MESH control network, the following sections must be per-
formed to ensure an installation is conducted properly.
! WARNING
If these steps are not performed, the switch configuration will be incomplete, which
could cause a system wide failure.
Determine Switch Use and Physical Layout

Data sheets (check list) to collect required physical layout data are available in Appendix A
“Switch Information Form” on page 197.
With these sheets, proceed as follows:
1. Determine the topology of your network. This is discussed in detail in The MESH
Control Network Architecture Guide (B0700AZ, Rev C or later), or for I/A Series sys-
tems with I/A Series software, Version 7.x, as discussed in the Control Network User’s
Guide (B0400DV, Rev C or later).
a. Determine network topology - linear, ring, star or tree.
b. Determine the role of the switch within the topology (Root, backup root or edge).
c. Record the part number of the switch.
d. Determine which ports are used as Uplinks or “Bridge Ports”.
e. Determine the total number of switch ports used on the switch being installed.
f. Determine if VLANs are deployed on the switch, and if so, which VLANs should
be deployed.
2. Determine the location of the switch within the topology.
a. Record the version of I/A Series software used.
b. Record the switch’s IP address.
c. Record the switch’s I/A Series System Monitor (SMON) host “Trap” IP addresses.
d. Record the switch’s name.
e. Record the switch’s physical location.
f. Determine the point of contact in case of network failure.
3. Determine the switch’s configuration.
a. Record the switch’s location within the topology (root, backup root, or edge).
121
NOTE
As defined in the “Introduction” in The MESH Control Network Architecture Guide
(B0700AZ, Rev C or later), an edge switch is an outer switch in a network topology
that is linked to the primary root or backup (secondary) root bridge switch. The
edge switch usually interfaces I/A Series system devices (Control Processors, FCMs,
and so forth) to the root bridges. Normally only two root bridges co-exist in The
MESH control network topology, primary and secondary root bridge; however, if
needed and depending on the network configuration multiple root switches can be
configured into the network. All other switches are defined as edge switches.
b. Record the Bridge Priority mode.

This setting is very important when installing a root switch in a preexisting net-
work. This function must be determined prior to installing.
NOTE
When connecting ports between devices, it is recommended that all devices within
the network are all set to run on only one type of bridge priority mode, 802.1d or
802.1t. The bridge priority mode should be consistent between bridge ports of all
the devices.
Bridge Priority Mode 802.1d sets the bridge priority mode to use values which are 0
– 65535, in increments of 1. (This is The MESH control network default.)
NOTE
Bridge Priority Mode 802.1d is not supported by P0972WP and P0972YC with
firmware revision 2.5.2.5. To achieve this function, all root P0972WP and
P0972YC switches must have firmware revision 2.6.0.4 installed.
Bridge Priority Mode 802.1t sets the bridge priority mode to use Hex values, which
are 0 - 61440, in increments of 4096. Values will be rounded up or down, depend-
ing on the 802.1t value to which the entered value is closest.
c. Determine any other specific configuration requirements required for your

MESH Control Network.
4. Determine the switch hardware configuration.
a. The hardware configuring consisting of type, configuration and location of each
blade “card” must be determined prior to installing the DFE-Series Chassis
(P0972YE, P0973AR or P0973AS) switches or the E7 (P0972MK) legacy
switches.
b. The hardware uplink cards (P0972WQ or P0972WR) installation configuring on
the V-series (P0972WP and P0972YC) switches must be determined prior to
installing.
5. Determine the port usage (Fast Ethernet and/or uplink “trunking”) prior to installa-
tion.
a. Establish which ports will be used (for your information only).
b. Establish which ports will be designated as uplink ports.
122
c. Establish which Fast Ethernet ports will be designated as uplink ports.

d. Establish if the ports should be assigned to a VLAN, and if so, which ports should
be assigned to which VLAN.
6. When utilizing the loop detection algorithm (LDP) configuration, the Beacon IP
addresses and which ports will be programmed with the Circuit Breaker and Beacon
policies must be determined, prior to configuring the switch.
! WARNING
If cables are plugged into the wrong ports, the LDP can cause ports to be disabled
without notice.
Build the Switch Configuration

There are many ways to build a switch configuration, but it is recommended that you build it
with SCAS. This is recommended for three reasons:
♦ All warnings and cautions from “Before You Begin” on page 1 pertaining to the switch
configuration are heeded by default.
♦ In addition to the configuration concerns, it eliminates the repetitive Command Line
Interface (CLI) command entries which are required to configure The MESH control
network switches.
♦ It allows for any custom configuration requirements you may have.
The E7 Chassis switch (P0972MK) with second and third generation blades (P0972LS,
P0972LT, P0972LU, P0972LV, P0972LW, P0972LX, P0972TY, and P0972TZ) and the 16-port
fiber switch (P0972MJ) cannot utilize SCAS. Manual installation of these switch’s configuration
must be performed as discussed in E7 Chassis and 16-port Fiber (P0972MK/P0972MJ) Switches,
Hardware and Software Configuration Instructions (B0700CM).
! CAUTION
A-series (P0973BH, P0973BJ and P0973BK) switch types allow for building a con-
figuration file to enable stacking ports as uplink ports. This function is required for
The MESH control network for proper I/A Series SMDH operations.
NOTE
For the E7 Chassis switch (P0972MK) and the 16-port fiber switch (P0972MJ),
proceed to E7 Chassis and 16-port Fiber (P0972MK/P0972MJ) Switches, Hardware
and Software Configuration Instructions (B0700CM).
You may build the switch configuration in one of the following ways.
1. Build a switch configuration using SCAS.
Only the switches listed in “The I/A Series Switch Configurator Application Software
(SCAS)” on page 22 can be configured with SCAS. If this switch is listed in this sec-
tion, proceed to “Building a Configuration File” on page 23. If this application has
not been installed, proceed to Chapter 2 “Installing the I/A Series Switch Configura-
tor Application Software (SCAS)” on page 15.
123
2. You can also perform these alternative ways to configure a switch:

a. Manually build a switch configuration using SCAS.
Configurations can be developed for all switches listed on “The I/A Series Switch
Configurator Application Software (SCAS)” on page 22, but these require modifi-
cations to comply with your network configuration. Customize the configuration
required for your network as discussed in Chapter 8 “Editing Files for the Switch
Configurator Application Software” on page 131.
If the switch can understand the Command Line Interface (CLI) command struc-
tures, then this capability can be used, as discussed in Chapter 8 “Editing Files for
the Switch Configurator Application Software” on page 131. Not all switches can
utilize this capability.
Use the latest saved switch configuration as the basis for configuring your switch.
b. Retrieve the “uploading” of a switch configuration.
If a switch in The MESH control network has been previously configured, this
running configuration can be saved in a file as discussed in the documentation
included with the switch.
NOTE
E7 Chassis switches (P0972MK) cannot use the same configuration file from
another E7 blade/Chassis. You must not download or upload a file from one E7
blade/Chassis to another.
c. Manually configure the switch. All managed switches can be manually configured
- start at Step 2a in “Configure the Switch” below.
After the configuration file has been created and/or saved, proceed to the next section.
Configure the Switch

There are many ways to configure a switch, but the recommended manner is for the configuration
to be downloaded to the switch through SCAS. This is recommended for two reasons:
♦ This allows each switch to have a custom built configuration, in addition to a custom
configuration.
♦ It eliminates all Command Line Interface (CLI) command entries which are required
to configure The MESH control network switches.
NOTE
The E7 Chassis switch (P0972MK) with second and third generation blades
(P0972LS, P0972LT, P0972LU, P0972LV, P0972LW, P0972LX, P0972TY, and
P0972TZ) and the 16-port fiber switch (P0972MJ) cannot utilize SCAS. For these
switches, refer to E7 Chassis and 16-port Fiber (P0972MK/P0972MJ) Switches,
Hardware and Software Configuration Instructions (B0700CM).
124
! CAUTION
Switches should be configured off-line, before they are connected to The MESH
control network.
! CAUTION
It is recommended that the switch be returned to the Factory Default Configuration
prior to configuring the switch. By returning the switch to the Factory Default
Configuration, all configuration parameters are set to a known state. If this action is
not taken, then there is the possibility that a switch failure may not be reported cor-
rectly to the I/A Series SMDH monitor. Returning the switch to its Factory Default
Configuration changes the switch configuration parameters, not the IP addresses.
! CAUTION
The switch to which a configuration file is downloaded must have the same hard-
ware configuration as the switch from which it was uploaded.
NOTE
Only two configuration files can be saved to any one switch and only one running
configuration.
You may configure the switch in one of the following ways.

1. Configure the switch using SCAS. Proceed to Chapter 3 “Building a Configuration
File” on page 23.
If the switch configuration has been built, proceed with “Downloading/Uploading
to/from a Switch via the I/A Series SCAS” on page 93.
2. You can also perform these alternative ways to configure a switch:
a. Manually configure the switch via the switch’s CLI Port.
A configuration can be built via the CLI port on the switch, however, this method
is not recommended. For the E7 Chassis switch (P0972MK) with second and
third generation blades (P0972LS, P0972LT, P0972LU, P0972LV, P0972LW,
P0972LX, P0972TY, and P0972TZ) and the 16-port fiber switch (P0972MJ), it
must be done this way.
To manually configure the switch, proceed to the “Configuring Ethernet
Switches” section in the I/A Series documentation for your switch (Switch Hard-
ware and Software Configuration Instructions manual). Table 1-4 “Invensys-Sup-
plied Ethernet Switches” on page 12 indicates the correct documentation required
for your switch.
Use the latest saved switch configuration as the basis for configuring your switch.
b. Retrieve the “downloaded” switch configurations.
If a switch’s running configuration in The MESH control network had been pre-
viously saved, this configuration can be downloaded to configure the replacement
125
switch. The file can be downloaded as discussed in “Downloading an “.sca” Con-

figuration File Using SCAS” on page 129.
NOTE
The switch to which a configuration file is downloaded must have the same hard-
ware configuration as the switch from which it was uploaded.
126
7. Loading Configuration Files
to/from Switches
This chapter discusses how to upload or download a pre-existing configuration file to a switch
connected to a PC with the I/A Series Switch Configurator Application Software (SCAS), as
discussed in Chapter 4 “Downloading/Uploading to/from a Switch via the I/A Series SCAS”.
Using the Switch Configurator Application Software (SCAS) is the preferred method for import-
ing and downloading configurations from/to a switch.
127
B0700CA – Rev L 7. Loading Configuration Files to/from Switches
Importing a Configuration “.sca” File from Switch

Using SCAS
1 - COM Ports, selects the COM port on which to communicate.

2 - Import Configuration or Import Switch’s Running Config, when selected, will interrogate the switch
for its device type and running firmware and upload the switch running configuration.
3 - Selected Device Type, updated after the switch has been interrogated.
4 - Running Firmware, updated after the switch has been interrogated.
5 - Switch Name, indicates the switches assigned name discovered during the switch interrogating.
6 - Update Results/Save Config File, Update Results updates items 3, 4, 5, and 7 when selected
and sends changes to Save Config File. Save Config File compresses the configuration into
common commands, decreasing the overall size of the file.
7 - Uploading Configuration File, allows the user to view the uploaded configuration.
8 - Back to Switch Setup, returns to previous page.
Figure 7-1. CLI Switch Interface Dialog Box (Importing Configuration)
To import a configuration file from a switch, proceed as follows:

1. Navigate to the SCAS Switch Setup dialog box (Figure 4-2 on page 95).
128
7. Loading Configuration Files to/from Switches B0700CA – Rev L
Continue.
4. The CLI Switch Interface dialog box (Figure 7-1) becomes enabled.
7. After interrogating the switch select the Import Switch's Running Config
(Figure 7-1, Item 2) button. The switch’s password is requested. When prompted,
type the password and press <Enter>.
8. The SCAS Download VT100 window appears. After the switch’s information is gath-
ered, the SCAS Download VT100 window exits.
9. The Update Results button (Figure 7-1, Item 6 - shown as “Save Config File”) will
be visible in the CLI Switch Interface dialog box. Click the Update Results button.
10. The Uploading Configuration File window will update with the imported configura-
tion.
The Save Config File button (Figure 7-1, Item 6) is now visible in the CLI Switch
Interface dialog box.
11. Select the Save Config File button, and save the file as normal.
♦ When the Config File Name dialog box appears, enter desired file name. Select
OK.
♦ When the Add File to Configurator Tool Set dialog box appears, select YES.
♦ When the Drop Down Menu File Name dialog box appears, enter desired file
name. Select OK.
12. When an imported “.sca” configuration file is to be downloaded to a switch, proceed
to step 2 in “Downloading to a Switch” on page 95.
Downloading an “.sca” Configuration File Using

SCAS
When an imported or user-built “.sca” configuration file is to be downloaded to a switch, proceed
to step 2 in “Downloading to a Switch” on page 95.
129
B0700CA – Rev L 7. Loading Configuration Files to/from Switches
130
8. Editing Files for the Switch
This chapter discusses how to edit configuration files with the I/A Series Switch Configurator
Application Software (SCAS).
The application includes pre-defined configuration files representing a standard generic switch
configuration. If desired, these files may be modified for customizing switch configurations.
It is recommended that each switch in The MESH network have its own custom configuration
added to the device type drop-down box for a specific switch in the network, this file should be
created utilizing the SCAS configurator.
Editing Configuration Files

! CAUTION
Leaving unused Ethernet ports enabled is a high security risk. It is recommended
that all unused Ethernet and uplink ports be disabled.
! WARNING
For all Fast Ethernet (100 Mb) “end device” ports (FCP, ZCP, ATS, FCM and work-
stations), AdminEdge should be set to True (Enabled). For all Fast Ethernet
(100 Mb) “uplink” ports (Fast Ethernet ports used as an uplink between two
switches), AdminEdge must be set to False (Disabled).
If this configuration is not performed correctly, severe system degradation can occur
if a Fast Ethernet (100 Mb) port is configured as a “end device” and then used as a
“uplink” link between two switches. This misconfiguration may result in severe con-
sequences to the network.
All config files can be edited via any text editor, however, SCAS can only download configuration
files with a file extension of .sca. Ensure the .sca extension is added to the file name when sav-
ing the file.
131
B0700CA – Rev L 8. Editing Files for the Switch Configurator Application
Adding/Editing Custom Configuration Files to the

Device Type Drop Down Menu Box
Be aware of the following:
♦ Configuration files are stored in:
C:\Program Files\Switch Configurator\cfg
They can be edited with any standard ASCII text editor (for example, Notepad). Do
not use Microsoft Word.
♦ It is not recommended that you edit the configuration list - SCAS_Cfg_List. Edits to
this file can cause unforeseen issues when selecting switch configurations in the
Download File window.
Deleting Files from the Device Type Drop Down

Menu Box
Proceed as follows:
1. In the Switch Setup dialog box, click the Clean up Drop Down Menu Database
button (Figure 3-3 on page 29, Item 21). The SCAS Drop Down Database Menu
dialog box will appear, as shown in Figure 8-1.
132
8. Editing Files for the Switch Configurator Application Software B0700CA – Rev L
1 - The currently selected database

2 - Drop Down Menu
3 - Configuration File Name, the file name of the configuration file
4 - Configuration Switch Model Type, the type of switch selected during the selected configuration
file build
5 - Configuration Firmware, the firmware selected during the selected configuration file build
6 - Remove config radio button, allows the user to delete the file entered in the database or delete
both the entry and the file
7 - Delete File, perform the function selected via Item 6
Figure 8-1. SCAS Drop Down Database Menu Dialog Box
2. In the Switch Setup dialog box, select the Systems Drop Down Menu database to be
edited (Figure 3-3 on page 29, Item 2).
3. In the SCAS Drop Down Database Menu dialog box, use the pull-down arrow
(Figure 8-1, Item 2) to select the configuration file to be deleted.
4. Select the action required (Figure 8-1, Item 6).
5. Click Delete File (Figure 8-1, Item 7). (This does not actually remove the configu-
ration file. It only removes its entry.)
6. Click Exit to return to the main screen.
133
B0700CA – Rev L 8. Editing Files for the Switch Configurator Application
134
9. Loop Detection Monitoring and
Maintenance
This chapter details the procedures for monitoring and maintaining the Loop Detection policy
(LDP) on the Platinum and Gold (DFE) switches.
NOTE
DFE-Gold blades/switches must be configured with a Policy license key to perform
the following LDP functions.
Passive Monitoring
Monitoring for Loop Detection Policy (LDP) Rule Hits is an easy-to-understand concept. In the
event of a network failure caused by a spanning tree failure and/or network loop, the LDP algo-
rithm disables ports to minimize the impact on the rest of the network. If this occurs, the
I/A Series System Management for LDP alarms the user of a failed port, within three seconds of
the failure via a “link down” trap message sent from the switch or switches that isolated the “defec-
tive” switch/port. The SMDH Switch Port Display will display which port(s) is defective (lost
link) as shown in Figure 9-1.
Refer to The MESH Control Network Architecture Guide (B0700AZ) document for I/A System
Management functionally. To investigate or troubleshoot a port/switch that has been disabled due
to a LDP Rule Hit event, active monitoring must be performed. Refer to “Active Monitoring” on
page 136.
Switch Ports Display

The Switch Ports Display shows a maximum of 30 ports on one screen. Paging is enabled so more
than 30 ports can be viewed on the display.
The “<” adjacent to the port number in Figure 9-1 indicates that the port alarming feature has
been inhibited (see The MESH Control Network Architecture Guide (B0700AZ)). All unused ports
must be inhibited, disabling switch alarming for that port. This stops false alarms from propagat-
ing upward in the I/A Series System Management. The cyan SWPORT with an asterisk “*” next
to the port number in Figure 9-1 indicates that the port has lost link on that switch.
135
B0700CA – Rev L 9. Loop Detection Monitoring and Maintenance
Figure 9-1. Switch Ports Display - Typical
Active Monitoring
Active LDP Rule Hit port failure event monitoring can be performed in various ways; however,
this document will only discuss two methods.
Monitoring LDP via NetSight® Policy Manager

Monitoring for policy hits can be performed by utilizing NetSight Policy Manager. To do this, the
Enhanced network LDP Roles and Rules must be imported to detect rule hits within the network.
To perform these functions, proceed to “How to Import LDP from the Enhanced Network
Switches into NetSight Policy Manager” on page 146.
136
9. Loop Detection Monitoring and Maintenance B0700CA – Rev L
Figure 9-2. Policy Manager
1. Figure 9-2 shows the Policy Manager screen used to clear up the “Rule Hits” for the
Circuit Breaker service. The Policy Manager application will not automatically popu-
late the table. The retrieve button must be used.
a. Select the switch to interrogate under Network Elements -> Devices.
b. Select Retrieve.
Any port that has been disabled by the CBP rule will show up in the Rule Hit
Table.
2. If policy Rule Hits did occur, the cause for this failure must be determined. In some
cases during network initialization, temporary loops may cause false hits.
a. It is recommended that a packet sniffer should be used to determine if a switch has
islanded due to a network storm. Connect the packet sniffer to a previously
defined diagnostic port on the switch in question. Be aware that this port must be
enabled. If there is a high traffic rate of thousands of packets/second, most likely
the switch is storming. If the traffic rate is low for what would be expected for the
stations on the isolated switch, then most likely, there is no problem.
137
b. To determine which switch has failed use the I/A Series SMDH or System
Manager as described below.
♦ A switch which has been isolated by LDP due to a network storm will be
flashing red in SMDH and the ports on the other switches to which it is con-
nected will show a flashing yellow with an asterisk.
♦ If the network has only experienced a single LDP port failure on a switch, this
would indicate that the switch downstream of the port has caused a fault in
the network and should be investigated.
c. If it has been determined that the switch is defective, replace the defective switch
or switches as necessary, refer to Chapter 1 “Introduction” on page 1 for replacing
an existing switch within The MESH control network. If it was determined that
the rule hit was a false hit, proceed to step 3 below.
d. When the switch/network is operating normally, clear the port hit or hits as
described in step 3 below.
NOTE
If a switch has become isolated from the network (i.e. “islanded”, with both links to
the roots disabled), it is recommended that the backup root port be cleared first,
then the primary root.
3. After the failure has been resolved, the Circuit Breaker Rule hit must be cleared:
a. To clear up individual port hits, select the port to be cleared and select the Clear
button. This allows the 'edge facing' port to be activated again.
b. To clear multiple port hits, right-click on Devices (under the Network Element
tab), and click on Clear Disabled Ports (Rule Hits). See Figure 9-2.
If a switch has become isolated from the network (i.e. both links to the roots disabled) it is recom-
mended that the backup root port be cleared first, then the primary root.
In some cases, the port cannot be cleared due to the rapid response time of LDP. When this
occurs, one of two methods can be used to clear this fault.
♦ First method:
! WARNING
The only time this method can or should be used is when a port hit is absolutely
known as a false hit, and no “Network Storms” exist in the network.
1. Disable the Circuit Breaker on the failed port.

a. Under Network Elements select Ports (Tab).
b. Select the Retrieve button (see Figure 9-3 on page 140).
c. Right-click on the failed port.
d. Select Set Default Role.
e. Select Clear Default Role. Refer to the Warning above.
f. Select OK. A message should appear stating “Set Default Role was Successful”.
138
g. Select OK.
2. Clear the port hit.
3. Re-enable the Circuit Breaker on the failed port.
a. Under Network Elements, select Ports (Tab).
b. Select the Retrieve button.
c. Right-click on the failed port.
d. Select Set Default Role.
e. Select the Rule to deploy to the port - “i.e. Circuit Breaker…”.
f. Select OK. A message should appear stating, “Set Default Role was Successful”.
g. Select OK.
4. Ensure all ports have been cleared in the Policy Manager.
b. Select Retrieve.
Table.
♦ Second method:
NOTE
This is the recommended method when clearing port hits when the status of the
network is unknown.
1. Remove the fiber optic cable from the disabled port.

2. Clear the port hit.
3. Reinsert all cables and ensure all ports have been cleared in the Policy Manager.
b. Select Retrieve.
Table.
If the port receives a policy hit again, there is a network loop that needs to be resolved.
139
Figure 9-3. Network Element Port Assignment
Monitoring LDP Via the CLI Port

Two methods are available for monitoring the network for policy hits through the Command
Line Interface port. To gain access to the CLI port, perform the procedures in “Connecting Ether-
net Switch to the PC” on page 93.
140
CLI - LDP Rule Accounting (SCAS)

Perform the following steps to monitor LDP port hits on a switch with SCAS:
1. Navigate to the Switch Setup dialog box. On startup, select Continue->Select.
Initiate monitoring of LDP port hits by selecting the CLI Switch Interface but-
ton (Figure 9-4).
The Configurator CLI Switch Interface dialog box appears as shown in Figure 9-5.
141
Figure 9-5. Configurator CLI Switch Interface Dialog Box
2. (Figure 9-5, Item 1) Select the COM Port. A drop-down window allows you to choose
which serial port (COM1 to COM4) is used to communicate with the switch (for
example, COM Port 1).
3. (Figure 9-5, Item 2) Select Interrogate Device. This will interrogate the switch
for its firmware level and device type. The following dialog box appears.
142
4. Select Interrogate Switch (Figure 9-5, Item 2). The SCAS Download window
appears and logs on.
5. When the switch requests a password, type in the switch password (if any). The SCAS
Download window will interrogate the switch, and exit.
6. After the CLI window has closed and when the Continue button becomes visible,
select the Continue button (Figure 9-6, Item 3).
7. A Switch Configurator text box appears displaying the type of switch and
firmware running. Select OK. This will update the program for the switch to which
you are attached.
8. If attached to a DFE-series switch, a Switch Configurator text box appears
requesting to select a slot “blade” location in which to save a configuration file.
Select OK. Note that the View LDP Port Hits button (Figure 9-5, Item 12)
becomes enabled.
9. (Figure 9-5, Item 12) Select the View LDP Port Hits button. The Download File
drop-down menu displays “Clearing LDP Port Hits on Switch” and the SCAS
Download window appears.
10. When the SCAS Download window asks for the switch's password, enter the pass-
word (if any) as required.
If a policy Rule Hit occurred on the switch, the following statement appears in the
SCAS Download window to indicate which port has been disabled due to a policy hit.
Example:
♦ -Disabled-ports ge.1.17,18
The above example shows that two 1 Gb ports on blade 1 ports 17 and 18 were dis-
abled due to a policy hit.
Example:
♦ -Disabled-ports none
The example above shows that no ports have been disabled.
11. A View Port Status window appears, asking if you would like to enable ports
(i.e. clear LPD port hits). Select No.
12. The Terminate Communications window appears, asking if you would like to termi-
nate switch communications. Select Yes.
If policy Rule Hits did occur, the cause for this failure must be determined and
resolved before the port hit can be cleared. In some cases during network initializa-
tion, temporary loops may cause false hits.
b. To determine which switch has failed, use the I/A Series SMDH or System
143
or switches as necessary. Refer to Chapter 6 “Adding or Replacing an Existing
Switch, Blade or NEM in The MESH Control Network” for replacing an existing
switch within The MESH control network. If it was determined that the rule hit
was a false hit, proceed to step 13 below.
d. When the switch/network is operating normally, clear the port hit(s) as described
in step 13 below.
13. After the failure has been resolved the LDP port hit must be cleared, to clear up the
hit, perform steps 1-10 above, then perform the following:
A View Port Status window will appear asking if you would like to enable ports (i.e.
clear LPD port hits). Select Yes. The SCAS Download window will perform the
following:
♦ Matrix(su)-> clear policy disabled-ports all
♦ Matrix(su)-> show policy disabled-ports
If the cause of the port hits has been resolved, the SCAS Download window will
respond with:
If the SCAS Download window responds with:
Then repeat steps 9-13 until all port hits are clear.
CLI - LDP Rule Accounting (Manual)

Login to the suspected failed switch (the switch with the failed port) to distinguish if the port was
disabled by a policy Rule Hit, or if a link failure was caused by defective cable/port. To resolve the
issue, perform the following:
1. At the switch prompt, type the following:
♦ Matrix(su)-> show policy disabled-ports
If a policy Rule Hit occurred on the switch, you will see the following statement indi-
cating which port has been disabled due to a policy hit.
Example:
The above example shows that two 1 Gb ports on blade 1 ports 17 and 18 were dis-
abled due to a policy hit.
Example:
The example above shows that no ports have been disabled.
144
If no LDP port hits are detected, then perform the General Troubleshoot Guidelines in the
“Maintenance” chapter of The MESH Control Network Architecture Guide (B0700AZ).
2. If policy Rule Hits did occur, the cause for this failure must be determined. In some
cases during network initialization, temporary loops may cause false hits.
b. To determine which switch has failed use the I/A Series SMDH or System
or switches as necessary, refer to Chapter 6 “Adding or Replacing an Existing
Switch, Blade or NEM in The MESH Control Network” for replacing an existing
switch within The MESH control network. If it was determined that the rule hit
was a false hit, proceed to step 3 below.
d. When the switch/network is operating normally, clear the port hit(s) as described
in step 3 below.
3. After the failure has been resolved the Circuit Breaker Rule hit must be cleared, to
clear up the hit, perform the following:
a. At the CLI, enter the following command:
♦ Matrix(su)-> clear policy disabled-ports ge.*.*
*.* represents the blade/port number to be cleared
NOTE
If a switch has become isolated from the network (i.e. both links to the roots
disabled), it is recommended that the backup root port be cleared first, then the pri-
mary root.
b. In some cases, the port cannot be cleared due to the rapid response time of LDP.
In this case, it may be necessary to remove the cable from the disabled port. Once
this has been performed, repeat step 3a.
c. Reinsert all cables and perform step 1 again to ensure all ports have been cleared.
145
How to Import LDP from the Enhanced Network

Switches into NetSight Policy Manager
! WARNING
It is highly recommended that you do not use the Policy Enforce function within
the NetSight Policy Manager. If this function is used inappropriately, the LDP algo-
rithm can be corrupted, with the potential to cause network disruptions and possi-
ble network failures.
If the Policy Enforce function is inadvertently selected, refer to “Verifying Rules and
Roles” on page 156.
Use the Import from Device Wizard to import roles and rules from a selected device or devices
into your Policy Domain configuration. This feature is useful when:
♦ You need to rebuild a domain configuration. You can import roles and rules already
enforced on a device into a new domain.
♦ You are creating your first domain configuration. You can import existing static classi-
fication rules on a device into the domain, saving the time it would take to duplicate
the rules through Policy Manager.
Using the wizard, you can import roles and rules, and easily organize the rules into services. You
can create new services, and merge the imported rules into these new services or into any existing
services in your current domain.
To set up the switch domain for NetSight Policy Manager 3.0.1, proceed as described in the fol-
lowing sections:
♦ If the switch database has been created, proceed with “Assign Device to Domain”
below.
♦ If not, perform a network discovery with the NetSight Console as described in its
software documentation.
146
Create a Domain
To create a new domain, select Domain -> Create Domain, as shown in Figure 9-7. The Create
Domain dialog box appears, which allows you to create a new domain.
Figure 9-7. Create Domain Selection
147
Assign Device to Domain

1. Select Domain -> Assign Device to Domain. The Assign Device to Domain dialog
box appears as shown in Figure 9-8.
Figure 9-8. Assign Devices to Domain
2. In the left hand (“Devices”) column, select the switches that have been deployed with
LDP as shown in Figure 9-8.
3. Select Add.
4. Select OK to close the dialog box.
5. An Update Domain dialog box appears. Select Yes to save the Domain Data.
Configuration for The MESH Network Switch domain has been completed.
Using the Import from Device Wizard

Proceed as follows:
1. Select File > Import > Policy Configuration From Device. The Import
From Device Wizard opens.
148
Import from Device

Proceed as follows:
1. Ensure all roles and rules have been selected:
♦ Roles - Select this option to import roles, including the role's name, description,
default VLAN (access control), and default class of service.
♦ Rules - Select this option to import the traffic classification rules associated with
any roles on the device. If you select this option, you can also select whether to
import any static traffic classification rules configured on the device.
2. Click Next.
Device Selection
Proceed as follows:
1. The Devices panel on the left side of the window displays all the devices and device
groups in the current domain. Select the root switch IP addresses to import from, and
click Add to list them in the Selected Devices panel.
2. Click Next.
Read From Device

This view displays all the roles and rules available for import into your domain. Proceed as
follows:
1. Using the checkboxes in the selected columns, select the roles and rules that you want
to add to your domain. You can sort the tables by clicking on a column heading.
2. Select all Roles.
3. Click Next.
Organize and Update

Proceed as follows:
1. The wizard provides a selection of common ways to organize the rules into services.
See Figure 9-9.
Select Rules placed in Services by Role of Origin.
2. Click Next.
149
Figure 9-9. Organize and Update
Merge Rules
In this view, the panel on the left shows the rules organized into generated services as specified in
the previous view. The panel on the right shows the current set of services available in your
domain. You can merge the rules into your available services, or leave the rules as organized in the
previous view. To merge the rules:
1. Select Create Service to open a window in which you can name a service and add
it to the Available Services panel.
2. Type Beacon.
3. Select OK
4. Drag and drop the “From Dev-Prioritize Role (BeaconPriority)” rule to the
Beacon service.
5. Select Create Service.
150
6. Type StopLoop.
7. Drag and drop the “From Dev-Deny Role (CircuitBreaker)” rule to the
StopLoop service.
9. Type CBPBQ.
10. Drag and drop the “From Dev-Deny Role (CircuitBreakerPBQ)” rule to the
StopLoop service.
12. Type CBSBQ.
13. Drag and drop the “From Dev-Deny Role (CircuitBreakerSBQ)” rule to the
StopLoop service.
14. Select Finish.
Figure 9-10. Merge Rules
151
Finalizing the Policy Rules

When importing device-specific rules, these rules are converted to a Rule Type of “All Devices,”
and this will cause Verify to fail. You will have to change their Rule Type via the Rule General tab
after the import and prior to Enforce. Proceed as follows:
1. To set up the Beacon roles:
a. Select the Services left-hand tab (see Figure 9-11).
b. Expand Services.
c. Expand Manual Services.
d. Expand Beacon.
e. Select the first “IP Address Source 151.128.81.xxx - Permit/Priority
(7)” rule.
♦ Select the Actions right-hand tab.
♦ Select Access Control.
♦ Select Permit Traffic.
f. Repeat this step for the next Prioritize IP Address Sources.
2. To set up the Circuit Breaker roles:
a. Expand StopLoop.
b. Select the first “IP Source 151.128.81.xxx-Discard/Rule Usage” rule.
c. Select the right-hand General tab.
d. Under the “Type” tab, ensure All Devices has been selected.
e. Select the right-hand Actions tab, under “Accounting”.
♦ Ensure “Generate System Log on Rule Hit” has been selected.
♦ Ensure “Generate Audit Trap on Role Hit” has been selected.
f. Under “Security”:
♦ Ensure “Disable Port on Rule Hit” has been selected.
g. Repeat this step (2) for both Discard IP Sources.
NOTE
The “Discard IP Source 151.128.81.xxx” will change to
“[Matrix N3/N5/N7/NSA Platinum] Discard IP Source 151.128.81.xxx”
3. To set up CBPBQ roles:

a. Select the right-hand General tab.
b. Under the “Type” tab, ensure All Devices has been selected.
c. Select the right-hand Actions tab under “Accounting”.
♦ Select “Generate System Log on Rule Hit”.
♦ Select “Generate Audit Trap on Role Hit”.
d. Under “Security”:
♦ Select “Disable Port on Rule Hit”.
152
4. To set up CBSBQ roles:

a. Select the right-hand General tab.
b. Under the “Type” tab, ensure All Devices has been selected.
c. Select the right-hand Actions tab under “Accounting”.
♦ Select “Generate System Log on Rule Hit”.
♦ Select “Generate Audit Trap on Role Hit”.
d. Under “Security”:
♦ Select “Disable Port on Rule Hit”.
Figure 9-11. NetSight Policy Services
Finalizing the Policy Roles

The Import operation only imports roles and rules from the device (and not the complete policy
configuration), and if you perform a Verify operation following the import, the operation will fail.
Perform the following to align the Roles, Rules and the existing policies on the switches during
the import operation, and to correct conflicts on the Role services:
1. Setting up the BeaconPriority roles.
a. Select Role.
b. Expand the Roles.
c. Select BeaconPriority.
d. Select the Role “Services” tab. (See Figure 9-12.)
e. Select Add/Remove Services.
f. Select Beacon.
g. Select Add.
h. Select Apply.
i. Select OK.
153
Figure 9-12. NetSight Policy Roles
2. Setting up CircuitBreaker roles.

a. Under Roles, select CircuitBreaker.
b. Select the Role “Services” tab.
c. Select Add/Remove Services.
d. Select StopLoop.
e. Select Add.
f. Select Apply.
g. Select OK.
3. Setting up CircuitBreakerPBQ roles.
a. Under Roles, select CircuitBreakerPBQ.
b. Select the Role “Services” tab.
d. Select CBPBQ.
e. Select Add.
f. Select Apply.
g. Select OK.
4. Setting up the CircuitBreakerSBQ roles.
a. Under Roles, select CircuitBreakerSBQ.
b. Select Role “Services” Tab.
d. Select CBSBQ.
e. Select Add.
f. Select Apply.
g. Select OK.
154
GVRP
When using VLANs and deploying LDP, by default the I/A Series Switch Configurator Applica-
tion Software disables GVRP. For NetSight Policy Manager to successfully verify the LDP config-
uration, Policy Manager must know GVRP is disabled. To do this, select GVRP Disabled under
the Edit pull-down menu, as shown in Figure 9-13.
! CAUTION
If you have enabled GVRP on a network without a VLAN, and you plan to add a
VLAN in your network, GVRP must be disabled before the VLAN is added.
Figure 9-13. GVRP Disabled
VLANs
Under the Role tab, select VLAN Egress and add all enabled VLANs as shown in Figure 9-14
and Figure 9-15.
Figure 9-14. Egress List Setup - Policy Manager
155
Figure 9-15. Egress List Setup - Selection View
Verifying Rules and Roles

NOTE
If SNMP Set Commands are disabled (that is, SNMP Set Command DISABLED is
selected during the switch configuration (Figure 3-22 on page 48, Item 14)), the
rule verification cannot be performed.
Perform the verification by selecting the Verify icon. If all conflicts are resolved, the following
message should appear. (See Figure 9-16.) Click OK.
Figure 9-16. Verify All Devices
156
If the Verify function fails, do not perform a Policy Enforce. Most likely, one of the above steps
was not performed correctly. Return to “Finalizing the Policy Rules” on page 152 and repeat all
the steps thereafter, ensuring the IP Address Sources (PBQ/SBQ) are entered correctly.
If the Verify function continues to fail and Policy Manager 2.2 is being used, ensure Policy
Manager 2.2 build 17 or greater is being used. Check the version by selecting Help -> About
Policy Manager. If the Verify function still continues to fail, then the issue is related to the
switch or switch’s configuration. Proceed to Chapter 3 “Building a Configuration File”, and
reconfigure the switch or switches as needed.
! WARNING
It is highly recommended that you do not use the Policy Enforce function within
the NetSight Policy Manager. If this function is used inappropriately, the LDP algo-
rithm can be corrupted, with the potential to cause network disruptions and possi-
ble network failures.
If the Policy Enforce function within the NetSight Policy Manager is inadvertently selected, all
switches listed under the Network Element “TAB” should be reconfigured in order to guarantee
the LDP policy has not been corrupted.
157
158
10. VLANs Usage on The MESH
Control Networks
This chapter discusses the usage of VLANs on The MESH control network. Additional
information is provided in Appendix D “Understanding Virtual Local Area Networks (VLANs)”.
Forethought and planning are essential to a successful VLAN implementation, and the VLAN’s
presence in a network should be considered during the network design phase - see page 6. Before
attempting to configure a single device for VLAN operation, consider the following:
♦ Rules:
♦ Only one I/A Series control system can be supported on The MESH
control network. Only I/A Series control system devices are to be attached to
VLAN 2.
♦VLANs other than VLAN 1 and 2 shall not utilize protocols other than TCP/IP
and/or UDP/IP.
♦ If VLANs are deployed, all switches in the network must have VLAN 2 enabled
on the switch’s uplink ports.
♦ All I/A Series control devices shall be attached to VLAN 2 FE ports.
♦ No VLAN Port shall exceed 50% loading.
♦ No end devices with Tx and Rx speeds greater than 100Mb are supported.
♦ There can be no duplicate MAC addresses across The MESH control network
VLANs.
♦ When assigning VLANs to a switch, it is not required that ports be assigned. If no
ports are assigned, then the VLAN assignment is only enabled on the uplink ports
by the Switch Configurator Application Software.
♦ Network Considerations:
♦ How many VLANs will be required?
♦ What stations (end users, servers, and so forth) will belong to them?
♦ What ports on the switch are connected to those stations?
! WARNING
When VLANs are added to an existing installation of The MESH control network,
if the I/A Series devices are on VLAN 1, they must be moved to VLAN 2, at which
time communications between the I/A Series devices will be broken.
159
B0700CA – Rev L 10. VLANs Usage on The MESH Control Networks
! WARNING
If VLANs are to be utilized in The MESH control network, all switches within the
network are required to be configured for all utilized VLANs. If a VLAN is config-
ured on an outer edge switch and a core switch has not been configured for that
VLAN (in the case where no port assignment is required), the data for the outer
edge switch VLAN will not propagate through the core switch.
When utilizing the Switch Configurator Application Software, by default, six VLAN IDs (VIDs)
can be configured with the seventh VID as the default VLAN 1. VLAN 2 “I/A Control Ports” is
dedicated for the I/A Series end device use and cannot be renamed. When ports are selected to be
utilized within a VLAN, the Switch Configurator Application Software by default assigns these
ports with a priority value, and adjusts the port weighting according to the total number of net-
work VLANs assigned.
Priority Value is a packet priority value that is assigned to a port and is part of the 802.1Q frame
tag or normally known as the Tag Header (VLAN Tag), which is inserted into the data packet. All
data transmitted on this port (VLAN PORT) are assigned this value. (See Table 10-1 through
Table 10-9 below for this value.) The higher the priority number, the higher the priority will be.
Port Weighting (or port transmit queue (port txq)) is a switch controlled function used only when
high volumes of traffic are being transmitted. If the switch buffer is overwhelmed with legitimate
traffic, a priority queue will form based on the “weight” assigned to the traffic. There are two
types of weighting:
♦ Strict Priority (SP) - (Not recommended; this weighting method is used ONLY for
switch to switch protocol communications.)
♦ Weighted Round-Robin (WRR) - by default, the Switch Configurator Application
Software utilizes WRR (This is the only weighting method supported for The MESH
control network when using VLANs.)
These weighting techniques use a port transmit queue (port txq), which is adjustable from
0 - 100%. As the transmit buffer fills, data is transmitted according to the percentage of egress
bandwidth assigned to the egress port. This data is then assigned to a priority queue, and the pri-
ority queue is assigned to a port priority.
There are eight transmit queues (txq) in the (V-series, A-series, C-series and I-series) standalone
switches. They are implemented in the switch hardware for each port, but only six are available
for use in prioritizing various data and control traffic. The Matrix-DFE Chassis-based switches
have fifteen transmit queues (txq) which are also implemented in the switch hardware for each
port. However, only four of these queues are available for use in prioritizing various data and con-
trol traffic. The remaining queues for all switch types are reserved for stacking and network con-
trol related communications and cannot be configured.
The Switch Configurator Application Software adjusts/assigns these parameters (Port Priority, Pri-
ority Queue, and Port txq) based on the number of VLAN assignments. The switch setting can be
viewed in Table 10-1 through Table 10-9.
When configuring VLANs with the Switch Configurator Application Software, VLAN 1
“Default” will reside only at the switch level, any ports left assigned to this VLAN will not be
allowed to transmit packets between switches.
160
10. VLANs Usage on The MESH Control Networks B0700CA – Rev L
NOTE
V-series switches when utilizing VLANs cannot support end devices if switch ports
are left assigned to VLAN 1.
NOTE
In the following tables, VLAN 2 is allotted at least 51% of the bandwidth and
VLAN 3 and 4 are allotted at least 30% of the bandwidth.
Table 10-1. Settings for A-series, C-series, and I-series in the Default Mode or When Port Priorities
Disabled is Selected
Priority Queue Port Bandwidth Transmit

VLAN ID (VID) VLAN Port Priority (show port priority- Queue (txq) (show port txq)
Number (show port priority) queue) (WRR)
VLAN 1 “Default” Port Priority 0 Priority 0 - Queue 1 Queue 0 - 2% bandwidth
Priority 1 - Queue 0 Queue 1 - 10% bandwidth
Priority 6 - Queue 5 Queue 6 - Strict Policy (SP)
Table 10-2. Settings for A-series, C-series, and I-series When Only VLAN 2 is assigned,
“I/A Control Port” and When Port Priorities Enabled is Selected

VLAN 2 Port Priority 7 Priority 4 - Queue 3 Queue 4 - 21% bandwidth
“I/A Control Port” Priority 5 - Queue 4 Queue 5 - 67% bandwidth
161
Table 10-3. Settings for A-series, C-series, and I-series When More Than Two VLANs are Assigned
and When Port Priorities Enabled is Selected

“I/A Control Port”
VLAN 5 “Cyan” Port Priority 4 Priority 4 - Queue 3 Queue 4 - 31% bandwidth
VLAN 6 “Green” Port Priority 4 Priority 5 - Queue 4 Queue 5 - 51% bandwidth
VLAN 7 “Teal” Port Priority 4 Priority 6 - Queue 5 Queue 6 - Strict Policy (SP)
Table 10-4. Settings for V-series, in the Default Mode or When Port Priorities Disabled
is Selected
VLAN Port Priority Priority Queue1 Port Bandwidth Transmit

VLAN ID (VID) (show switchport (show cos-map Queue (txq) (show queue
Number priority) ethernet) bandwidth) (WRR)
VLAN 1 “Default” Port Priority 0 Priority 0 - Queue 1 Queue 0 - 1
Priority 1 - Queue 0
Priority 2 - Queue 0 Queue 1 - 4
1. Priority Queue in the V-series switch is referred to as CoS Value.
162
Table 10-5. Settings for V-series, When Only VLAN 2 is Assigned, “I/A Control Port” and
When Port Priorities Enabled is Selected

VLAN 2 Port Priority 7 Priority 4 - Queue 2 Queue 2 - 16
“I/A Control Port” Priority 5 - Queue 2
1.
Priority Queue in the V-series switch is referred to as CoS Value.
Table 10-6. Settings for V-series, When More Than Two VLANs are Assigned and
When Port Priorities Enabled is Selected

VLAN 2 Port Priority 7 Priority 1 - Queue 0
VLAN 3 Port Priority 5 Priority 2 - Queue 0 Queue 1 - 4
VLAN 4 Port Priority 5 Priority 3 - Queue 1
VLAN 5 “Cyan” Port Priority 4 Priority 4 - Queue 2 Queue 2 - 16
VLAN 6 “Green” Port Priority 4 Priority 5 - Queue 2
VLAN 7 “Teal” Port Priority 4 Priority 6 - Queue 3 Queue 3 - 64
1.
Priority Queue in the V-series switch is referred to as CoS Value.
163
Table 10-7. Settings for Matrix DFE-series, in the Default Mode or

When Port Priorities Disabled is Selected
Priority Queue
VLAN ID (VID) VLAN Port Priority (show port priority- Port Bandwidth Transmit
Number (show port priority) queue) Queue (txq) (show port txq)
VLAN 1 “Default” Port Priority 0 Priority 0 - Queue 1 Queue 0 - Strict Policy (SP)
Priority 4 - Queue 2 Queue 4 - N/A
Priority 7 - Queue 3 Queue 7-Queue 15 - N/A
Table 10-8. Settings for Matrix DFE-series When Only VLAN 2 is Assigned, “I/A Control Port”

VLAN 2 Port Priority 7 Priority 4 - Queue 2 Queue 4 - N/A
“I/A Control Port” Priority 5 - Queue 2 Queue 5 - N/A
164
Table 10-9. Settings for Matrix DFE-series When More Than Two VLANs are Assigned

VLAN 5 “Cyan” Port Priority 3 Priority 4 - Queue 2 Queue 4 - N/A
VLAN 6 “Green” Port Priority 3 Priority 5 - Queue 2 Queue 5 - N/A
VLAN 7 “Teal” Port Priority 3 Priority 6 - Queue 3 Queue 6 - N/A
165
166
11. Downloading Qualified
Firmware Images
This chapter discusses the procedure for downloading firmware to qualified Ethernet switches via
a SCAS CLI port or TFTP server.
Downloading Firmware via SCAS CLI Port

NOTE
This function is only available for C-series, A-series and I-series switches.
A serial RS-232 port download is a viable method of downloading firmware to a switch. (The
alternative, TFTP, is discussed in “Downloading Firmware via TFTP Service” on page 170.)
However, this method is slower than using an Ethernet port (requires 20-30 minutes) as it
requires the use of the RS-232 serial port during the upgrade. Therefore, this may not the
preferred upgrade method but may be required due to hardware limitations or the hardware on
hand.
! WARNING
When using this function, the switch will be rebooted several times, also the firm-
ware currently installed on the switch will be deleted and the newly downloaded
firmware will be used on boot up.
To download switch firmware via the serial (console) port, proceed as follows:
Continue.
4. The CLI Switch Interface dialog box (Figure 7-1 on page 128) becomes enabled.
7. Click the Update Switch Firmware button (Figure 4-3 on page 96, Item 17). The
Firmware Download dialog box will appear as shown in Figure 11-1.
A warning appears as shown in Figure 11-2. Note the instructions of the warning and
select Continue when ready.
167
B0700CA – Rev L 11. Downloading Qualified Firmware Images
Figure 11-1. SCAS CLI Port Firmware Download Dialog Box
Figure 11-2. Warning Window - Download Firmware
168
11. Downloading Qualified Firmware Images B0700CA – Rev L
8. Click the Download Firmware via the SCAS CLI Port radio button
(Figure 11-1, Item 4).
Figure 11-3. Firmware Download Setup Warning
9. Under the COM Ports selection area (Figure 11-1, Item 6), select the COM port to
which the switch is attached.
10. Click Interrogate Switch. The switch’s password is requested. Type the password
and press <Enter>. When the Continue button becomes visible and after the CLI
window has closed, click the Continue button.
11. Under the Switch Firmware Revision selection area, select the firmware to be down-
loaded to the switch. Click the Download Firmware button (Figure 11-1, Item 5).
12. The SCAS Download window appears, and confirms the switch type selected is the
switch type connected. Then the switch starts sending the firmware via the CLI
RS-232 port. A status dialog box appears, showing the file transmitted percentage as
shown in Figure 11-4.
Figure 11-4. CLI Firmware Download Dialog Box
13. Select Exit from the Firmware Download dialog box to return to the Switch Setup
dialog box (“Switch Setup Dialog Box” on page 29).
169
Downloading Firmware via TFTP Service
1 - Selectable qualified Firmware revisions

2 - Selected Firmware revisions
3 - COM port
4 - TFTP Address
5 - Download button, downloads firmware to switch
6 - Interrogate Switch button, interrogates switch to determine switch type and firmware revision
7 - Indicates the File/slot location of the switches saved configuration
8 - Running Firmware; after interrogating the switch the running firmware will be displayed
Figure 11-5. Firmware Download
! WARNING
A-series switches must be reconfigured after a firmware update. If the running con-
figuration will be used after the update, you must ensure a current up-to-date con-
figuration has been saved. This can be done by using the Import Config From
Switch button as described in “Importing a Configuration “.sca” File from Switch
Using SCAS” on page 128 to upload the current running configuration.
To download firmware to a switch, proceed as follows:
170
1. Ensure the TFTP server has been installed and running. Refer to “Set Up TFTP Ser-
vice” on page 173 for details.
NOTE
The TFTP server must be running before continuing.
2. In the TFTP Server window, click on File -> Configure and select the “TFTP Root
Directory” tab. Navigate to C:\TFTP-Root\Firmware and select the folder repre-
senting the switch-type that you will download. Refer to the following table.
Table 11-1. Switch Firmware
Folder Switch Type

P0972BQ_BR_BS_BT P0973BQ/P0973BR/P0973BS/P0973BT (DFE-Series Platinum)
P0972MJ_MK P0972MK/P0972MJ (E7 Chassis and 16-Port Fiber Switches)
P0972WP_YC P0972WP/P0972YC (V-Series)
P0972YG_YJ P0972YG/P0972YJ (DFE-Series Gold)
P0973BH_BJ_BK P0973BH/P0973BJ/P0973BK (A-Series)
P0973BL P0973BL (C2-Series)
P0973BL P0973HA (C3-Series)
P0973GB P0973GA/GB/HB/HC (I-Series)
Continue.
6. The CLI Switch Interface dialog box (Figure 7-1 on page 128) becomes enabled.
9. In the Switch Setup dialog box, click the Update Switch Firmware button
(Figure 4-3 on page 96, Item 17). Depending on the switch type being upgraded, the
Firmware Download dialog box will appear as shown in Figure 11-1 on page 168 or
10. Select the Download Firmware via TFTP Server radio button (if applicable).
a. A Data Error Warning window should appear. Verify the TFTP server is running
and the firmware (being downloaded) has been copied to the TFTP directory.
Then select OK when ready.
b. The Firmware Download window becomes enabled (Figure 11-5).
c. Under the COM Ports selection area (Figure 11-5, Item 3), select the COM port
the switch is attached to.
d. Under the TFTP Server IP Address: area, enter the TFTP Server IP Address
used by the TFTP Server and select the Interrogate Switch button
171
(Figure 11-5, Item 6). This interrogates the switch for its firmware level, system
name, IP address and device type. The Interrogating Switch dialog box appears.
1 - COM Ports; selects the COM port on which to communicate.

2 - Interrogate Switch, when selected, will interrogate the switch for its device type (also, see 3 below)
3 - When Interrogate Switch is selected, Continue will not be visible until the switch communications
have been established,
4 - Return; exits this window without updating the program, and returns the running firmware revision.
When selected, Return will update the program 's device type and firmware revision settings, and
return you to the previously displayed window.
NOTE
Ensure that the IP address you enter matches the address displayed in the lower
right corner of the TFTP Server dialog box shown in Figure 11-9.
e. Select Interrogate Switch. The switch’s password is required. Type the pass-
word and press <Enter>.
f. When the Continue button becomes visible and after the CLI window has
closed, select the Continue button (Figure 11-6, Item 3). This updates the pro-
gram for the switch to which you are attached. Note that the Download Firm-
ware button (Figure 11-5, Item 5) becomes enabled.
At this point if the config file was saved to the switch using a non-default file-
name. Enter its name into the Config Reload File text box (Figure 11-5,
Item 7).
NOTE
If downloading firmware to an A-series or C-Series switch, note that (Figure 11-5,
Item 7) Config Reload File text box is not visible. This function is not opera-
tional on these switches. They must be reconfigured after a firmware update.
g. Under the Switch Firmware Revision selection area, select the firmware to be
downloaded. Select the Download Firmware button.
The switch’s password is requested. Type the password and press <Enter>.
172
h. The SCAS Download window appears, confirming the switch type selected is the
switch type connected, at which time the switch starts sending the firmware via
the Ethernet port.
i. Follow the on screen directions.
♦ You will be asked to reboot the switch with the new firmware. Select YES.
♦ You will be asked if you want to delete the old firmware. Select YES.
! WARNING
When downloading firmware images to the A-series switch, the switch must be
reconfigured using the “Downloading to a Switch” on page 95.
♦ You will be asked if you want to reconfigure the switch with the saved config-
uration residing on the switch (Figure 11-5, Item 7). Select YES unless this
switch will be reconfigured.
For A-series switches, this is not selectable since the switch must be reconfig-
ured.
After switch information has been sent, the SCAS Download window exits.
j. Select Exit from the Firmware Download window to return to the Switch
Setup window.
k. If the IP address was returned to its factory defaults, reconfigure the switch as
needed.
Set Up TFTP Service

Proceed as follows:
1. Install a TFTP server on your installation PC. The suggested TFTP server can be
obtained for free at:
http://support.solarwinds.net/updates/New-customerFree.cfm?ProdId=52
Follow the installation instructions found on the Solarwinds® site.
2. To download the switch’s firmware, the TFTP Server must be running on your instal-
lation PC. To invoke the SolarWinds TFTP Server, click Start > Programs >
SolarWinds 2003 Standard Edition > TFTP Server, as shown in Figure 11-7.
Figure 11-7. Start the TFTP Server
NOTE
If the TFTP Server is installed on an I/A Series workstation, the I/A Series software
must be turned off for proper operation on the TFTP Server.
173
NOTE
Your TFTP Server will fail to start if there is already a TFTP Server or service active,
as with the service that runs as part of NetSight Atlas Console. You must stop that
TFTP Server and restart the TFTP Server you will use for the firmware upgrade.
If you are using another TFTP Server, invoke it as directed by its documentation.
3. On the TFTP Root Directory tab, select C:\ > TFTP-Root.
4. On the Security tab, click the Transmit and Receive files radio button, and
then click OK, as shown in Figure 11-8.
Figure 11-8. TFTP Server Configuration - Security Tab
5. The TFTP Server is ready for transmitting the new firmware, as shown in
Figure 11-9.
174
Figure 11-9. TFTP Server Configuration - Ready for Use
NOTE
The IP address required for TFTP transmissions is displayed in the lower right cor-
ner of the TFTP Server dialog box.
6. Set up the Ethernet and Serial port connections, as shown in Figure 11-10, Figure 11-11,
Figure 11-12 and Figure 11-13.
175
Ethernet Cable Media Converter

(Customer Provided) (Customer Provided)
(If Required)
Or
LB PASS
LB FAIL
To Ethernet Card
3
M13
ACT
FEF
LK
FD
r”™
ACT
iste
LK
“tw
PWR
24-Port Copper Managed Switch (P0973BH)

Ethernet Port Connection
Serial Port Connection
9D
Laptop
24-Port Fiber Managed Switch (P0973BJ)

9-Pin Serial Cable
D Connector P0973EY
8-Port Copper / 8-Port Fiber Managed

9D
Switch (P0973BK)
Figure 11-10. Connecting PC to A-Series Ethernet Switches (P0973BH, P0973BJ and P0973BK)
176
Ethernet Cable To Triple-speed 10/100/1000 Ethernet Card

(Customer Provided)
Ethernet Port Connection

Active Port
9D
Laptop
9-Pin
To Serial Port
24-Gigabit (SFP) Port Managed D Connector
Switch (P0973BL/HA) - C-Series
Serial Cable
9D P0973EY
Figure 11-11. Connecting PC to C-series (P0973BL/P0973HA) Ethernet Switch, Utilizing

1G Ethernet Port on PC
NOTE
When using a triple-speed Ethernet card, the C-series switch cannot be set up for
VLANs. VLANs use tagged packets and will not work with the laptop. It is
recommended that you reset the C-series switch to factory defaults.
177
Managed Switch (P0973BH/BJ/BK) -

A-Series (P0973BH Shown)
Ethernet Cable
(Customer Provided)
1 Gb Interface Connection Ethernet Port Connection

Active Port
9D
Laptop
9-Pin
To Serial Port
24-Gigabit (SFP) Port Managed D Connector
Switch (P0973BL/HA) - C-Series
Serial Cable
9D P0973EY
Figure 11-12. Connecting PC to C-series (P0973BL/P0973HA) Ethernet Switch Utilizing

100M Ethernet Port on PC
178
N1, N3 and N7 Blade COM Port Connection Laptop or

Workstation
TFTP Server
To Serial
N1 Chassis Switch Port
(P0973AR) RJ-45 To
9D Adaptor*
Serial Connection
Supplied with Switch To Ethernet
Port
N3 Chassis Switch
(P0973AS)
RJ-45
Connector
P0972YG/YJ
Blade
(Typical)
N7 Chassis Switch Ethernet Connection

(P0972YE) CAT5 or Fiber Cable
To Device depending on switch type
Port on Blade customer-supplied
* Use the appropriate media converter if necessary. Refer to the B0700CP document.
Figure 11-13. Connecting PC to DFE-Series Ethernet Switches
179
180
12. Troubleshooting
This chapter discusses troubleshooting for the I/A Series Switch Configurator Application
Software (SCAS).
If any of the symptoms described below occur during configuration with SCAS, take the
appropriate corrective action.
Unable to Login to Switch

If unable to login to switch via the SCAS software, confirm the switches prompt complies with
the prompt format listed in Table 12-1.
Table 12-1. Correct Prompt Formats for Switches
Switch P/N Switch Type Ports1

P0972WP, P0972YC V-series V2 ……… (su->)
P0973BH, P0973BJ, A-series A2 ……… (su->)
P0973BK
P0973BL C2-series C2 ……… (su->)
P0973HA C3-series C3 ……… (su->)
P0973GA, P0973GB, I-series I3 ……… (su->)
P0973HB, P0973HC
P0972YG, P0972YJ, DFE-series (N-Series/ DFE ……… (su->)
P0973BQ, P0973BR, E-Series chassis)
P0973BS, P0973BT Platinum/Gold
1. In this column, “………” represents any character(s) within the prompt. However,
the leading and trailing characters must be correct, as shown in this column. If
these characters are not correct, refer to “Changing the Switch’s CLI Prompt” on
page 236.
Configuration Error
Symptom:
While downloading the configuration, the configurator responds with an error message such as
seen in Figure 12-1 or Figure 12-2. This type of error may have been the result of not returning
the switch to its factory default configuration.
181
B0700CA – Rev L 12. Troubleshooting
NOTE
It is recommended that the switch be returned to the Factory Default Configuration
prior to configuring the switch. By returning the switch to the Factory Default
Configuration all parameters are set to a known value. If this action is not taken,
then there is the possibility that a switch failure may not be reported correctly to the
I/A Series system management.
Figure 12-1. Failed to Set Trap Receiver
Figure 12-2. Unable to Set Link Flap Threshold
Corrective Action:
When downloading a configuration to a switch as described in Chapter 4 “Downloading/Upload-
ing to/from a Switch via the I/A Series SCAS”, ensure that step 8 on page 99 was performed
(“When downloading a configuration file, ensure the Factory Default Configuration pick
(Figure 4-3, Item 10 on page 96) stays selected prior to a new configuration download.”).
182
12. Troubleshooting B0700CA – Rev L
Invalid Input Detected During Configuration

Symptom:
While downloading the configuration, SCAS responds with an error message, as shown in
Figure 12-3.
Figure 12-3. Invalid Input Detected
Corrective Action:
If the error message is returned after downloading a switch configuration, it should be ignored.
This indicates the configuration Name used during the Save Configuration function has
never been used before. Other invalid inputs can be the result of non-compatible firmware revi-
sions between the running firmware and configuration firmware.
Unsuccessful CLI Connection Errors

Symptom:
When trying to gain access to the switch’s CLI port via SCAS, the software shows no response as
shown in Item 1 of Figure 12-4.
183
Figure 12-4. Unsuccessful CLI Connection Error
Corrective Action:
1. Check the connections between the switch and the PC. Ensure that power is applied
to the switch.
2. Try to reestablish communication with the switch by first exiting SCAS interface by
clicking the “X” icon (Item 2) in Figure 12-4. The Terminating window (Item 3) will
appear. Select OK, then reestablish the connection.
Symptom:
When trying to gain access to the switch’s CLI port via SCAS, the software shows the connection
as “disconnected”, with no response as shown in Item 1 of Figure 12-5.
Figure 12-5. Unsuccessful CLI Connection Error (Alternate)
Corrective Action:
1. Check to ensure the COM port is not being used by another software application
such as HyperTerminal or a second running SCAS application. If a second application
is utilizing the COM port, close the application.
2. Try to reestablish communication with the switch by first exiting SCAS interface by
clicking the “X” icon (Item 2) in Figure 12-5. The MACRO: Error window (Item 3)
will appear. Select Stop macro, then reestablish the connection.
3. Try to regain access to the switch.
184
Symptom:
When trying to gain access to a P0972YC/WP switch’s CLI port via SCAS, the software responds
as shown in Figure 12-6.
Figure 12-6. CLI Non-responsive
Corrective Action:
1. Ensure the window is selected and rapidly press the Enter key 4-5 times. Repeat this
process 2-3 times if switch is non-responsive. The switch will become responsive by
asking for the switch’s password.
2. If still unresponsive, click the “X” icon in the dialog window. The MACRO: Error
window (Figure 12-5, Item 3) will appear. Select Stop macro, then reestablish the
connection.
3. Try to regain access to the switch.
Cannot Start TFTP Server

Symptom:
When trying to start the TFTP server, the screenshot in Figure 12-7 appears.
Figure 12-7. TFTP Server Error
185
Corrective Action:
Check to ensure another software application such as NetSight Console or a second TFTP server
application is not running. If a second application is running, close the application.
Write to Flash Error

Symptom:
While downloading the configuration, the configurator responds with an error message such as
seen in Figure 12-8. This error is caused by an excessive number of configuration files saved to the
Flash Memory. Only two configurations can be saved to any one switch.
Figure 12-8. Write to Flash Error
Corrective Action:
A configuration file must be deleted or written over.
To write over the file, simply name the new configuration the same as the file over which you
want to write.
To delete the configuration file:
1. Exit the SCAS interface window.
2. Open HyperTerminal application (refer to the “Switch Configuration” chapter of the
documentation included with your Invensys qualified Ethernet switches).
3. Gain communications with the switch.
4. Enter Login and Password.
5. Type: dir. Press <Enter>.
6. Find the file to be deleted.
7. Type: del File name. Press <Enter>.
For the DFE-Series Chassis switch, the slot location must also be typed (for example,
slot1/File name). All filenames are case sensitive.
8. Type: exit. Press <Enter>.
186
9. Exit the HyperTerminal COM window.

10. Reopen SCAS and proceed to configure the switch as normal. (Refer to “Download-
ing/Uploading to/from a Switch via the I/A Series SCAS” on page 93.)
Misconfigured Stack Ports (A-Series P0973BH/BJ/BK

Switches Only)
Symptom:
If RJ-45 stack ports (ports 25 and 26 or ports 17 and 18 for P0973BK switch) are not configured
correctly before attaching them to another switch, the ports assume the switches are to be stacked.
If this occurs, communication between the switches and devices will fail.
Corrective Action:
To correct the stacking event, proceed as follows:
1. Remove all cables from the stack ports (ports 25 and 26 or ports 17 and 18 for
P0973BK switch).
2. Connect to the switch’s CLI port.
It is assumed that steps 1-5 of “Downloading to a Switch” on page 95 have been
accomplished. If not, perform these steps before continuing.
3. (A-series switches only) Refer to Figure 4-3, Item 15 on page 96, and select the Reset
Stacking Ports button. This automatically reconfigures the A-series stacking ports
to become Ethernet ports in the event they were misconfigured.
NOTE
This button is to be used only when stacking ports are not configured correctly
before the interconnection of switches.
4. Reconfigure the switch as described in Chapter 4 “Downloading/Uploading to/from a

Switch via the I/A Series SCAS”.
Manually Configure Misconfigured Stack Ports

An alternate corrective action is to correct the misconfigured stack ports manually, as follows:
1. Connect to the switch through configuration port with no connections to the stacking
ports (ports 25-26 on P0973BH, BJ and 17-18 on P0973BK).
2. Login to switch and perform clear config all to totally clear the port
configurations.
NOTE
clear config all does not reset the IP address or mask. However, this is not an
issue.
3. Enter the command: set switch stack-port ethernet

4. Reconfigure the switch as described in Chapter 4 “Downloading/Uploading to/from a
Switch via the I/A Series SCAS”.
187
5. Use the following commands to verify that stacking is disabled:

show switch stack-port
(which should return the following:)
No valid ports in box.
Configuration Error Messages

When validating a switch’s running configuration (see “Validating Switches Running Configura-
tion” on page 103), the Configuration Validation dialog box may display one or more of the fol-
lowing error messages. Table 12-2 explains each error message and how to resolve it.
Table 12-2. Configuration Error Messages
Message Explanation and Resolution

ERROR 1.....The LACP port function This error indicates that the Link Aggregation Control Protocol (LACP) is
on <FE port#> is enabled, switch’s enabled; LACP must be disabled in The MESH Control Network. To correct
LACP function is also enabled! this error, reconfigure the switch using the latest revision of the SCAS soft-
ware, as discussed in this document.
ERROR 2.....ISL Port <ISL port#> is This error indicates that the ISL device port packet egress setting are incor-
configured to only pass untagged rect; all ISL device ports must egress tagged packets only when VLANs are
packets. setup on The MESH Control Network. To correct this error, reconfigure the
switch using the latest revision of the SCAS software, configuring VLANs in
accordance with the I/A Series documentation.
ERROR 3.....Port <FE port#> is con- This error indicates that the Fast Ethernet device port discard ingress
figured to only pass tagged packets. packet settings are incorrect; all Fast Ethernet device ports must discard
ingress tagged packets when VLANs are setup on The MESH Control Net-
work. To correct this error, reconfigure the switch using the latest revision of
the SCAS software, configuring VLANs, as discussed in this document.
ERROR 4.....ISL Port <ISL port#> is This error indicates that the ISL device port discard ingress packet settings
configured to only pass untagged are incorrect; all ISL device ports must discard ingress untagged packets
packets. when VLANs are setup on The MESH Control Network. To correct this
error, reconfigure the switch using the latest revision of the SCAS software,
configuring VLANs, as discussed in this document.
ERROR 5.....Spantree Hello time has This error indicates that the Spantree Hello time setting is incorrect. To cor-
been modified. rect this error, reconfigure the switch using the latest revision of the SCAS
software, as discussed in this document.
ERROR 6.....Port <FE port#> Span- This error indicates that the port level spanning tree algorithm status has
tree Algorithm has been disabled. been disabled; all ports must have this function enabled. To correct this
as discussed in this document.
ERROR 7.....The force link-down This error indicates that the port level force link down function has been
function has been enabled. enabled; all ports must have this function disabled. To correct this error,
reconfigure the switch using the latest revision of the SCAS software, as
discussed in this document.
ERROR 8.....The Maximum Trans- This error indicates that the Fast Ethernet device port MTU function has
mission Unit function has been dis- been disabled; all ports must have this function enabled. To correct this
abled. error, reconfigure the switch using the latest revision of the SCAS software,
ERROR 9.....The tci overwrite func- This error indicates that the Fast Ethernet device port tci overwrite function
tion has been enabled on port <FE has been disabled; all ports must have this function enabled. To correct this
port#> error, reconfigure the switch using the latest revision of the SCAS software,
188
Table 12-2. Configuration Error Messages (Continued)

ERROR 10.....The port trap function This error indicates that the Fast Ethernet device port trap messaging func-
has been disabled on Device port tion has been disabled; all ports must have this function enabled. To correct
<FE port#> this error, reconfigure the switch using the latest revision of the SCAS soft-
ERROR 11.....The port trap function This error indicates that the ISL port trap messaging function has been dis-
has been disabled on ISL port <ISL abled; all ports must have this function enabled. To correct this error, recon-
port#> figure the switch using the latest revision of the SCAS software, as
ERROR 12.....Switch’s Host port has This error indicates that the switch’s Host port VLAN settings are incorrect;
been enabled on the wrong VLAN. when VLANs are deployed on The MESH Control Network, configuring the
switch’s Host port must be assigned to VLAN 2. To correct this error, recon-
figure the switch using the latest revision of the SCAS software, configuring
VLANs, as discussed in this document.
ERROR 13.....Switch’s Spanning This error indicates that the switch’s spanning tree algorithm has been dis-
Tree Protocol is not enabled. abled; the switch must have the spanning tree algorithm enabled. To correct
this error, reconfigure the switch using the latest revision of the SCAS soft-
ERROR 14.....Switch’s Spanning This error indicates that the switch’s spanning tree bridge hello mode has
Tree bridge administrative Protocol is been disabled; the switch must have this function enabled. To correct this
disabled. error, reconfigure the switch using the latest revision of the SCAS software,
ERROR 15.....Switch’s Spanning This error indicates that the switch’s spanning tree bridge trap messaging
Tree root bridge trap messaging is has been disabled; the switch must have this function enabled to notify the
disabled. network when root has changed. To correct this error, reconfigure the
switch using the latest revision oF the SCAS software, as discussed in this
document.
ERROR 16.....Port Spanning tree has This error indicates that the port level spanning tree algorithm has been dis-
been disabled on port <port#> abled; all ports must have the spanning tree algorithm enabled. To correct
ERROR 17.....Port Spanning tree This error indicates that the Fast Ethernet device port spanning tree P2P
point-to-point has been disabled on function has been disabled; all ports must have this Function enabled. To
port <FE port#> correct this error, reconfigure the switch using the latest revision of the SCM
ERROR 18.....Switch’s IGMP Snoop- This error indicates that the IGMP snooping function has been enabled; this
ing is enabled function should disabled and must be disabled when using the Loop Detec-
tion Policy commands. To correct this error, reconfigure the switch using the
latest revision of the SCAS software, as discussed in this document.
ERROR 19.....Switch’s Spanning This error indicates that the switch level spanning tree mode has been dis-
Tree Protocol is not enabled. abled; the spanning tree mode must be enabled for “ieee8021”. To correct
ERROR 20.....Min Switch Chip Revi- This error indicates that a DFE-blade Dip switch 4 has not been set cor-
sion: 1.51 (Rapid Failover Enabled) is rectly. To correct this error, power down the chassis, refer to The MESH
not enabled ensure Dip Switch 4 is Control Network Hardware Instructions B0700CK ‘N-series Chassis Switch
set to ON. Jumper Settings’ for the correct hardware setup, reconfigure the switch
using the latest revision of the SCAS software, as discussed in this docu-
ment.
ERROR 21.....Switch’s ISL Stacking This error indicates that the switch’s stacking ports have not been config-
ports are setup incorrectly. ured correctly; the stacking ports must be configured as Ethernet ports and
the switch’s member count should be unit 1. To correct this error, reset the
staking ports and then reconfigure the switch using the latest revision of the
SCAS software, as discussed in this document.
189

ERROR 22.....Switch has been con- This error indicates that the Root switch Bridge Priority Value has been set
figured as a Root switch with an as an edge switch. To correct this error, reconfigure the switch using the lat-
incorrect Bridge Priority Value. est revision of the SCAS software, as discussed in this document. Ensure
the bridge priority value is set to 28672 for the root and 28673 for the
backup root switches.
ERROR 23.....Edge switch IGMP This error indicates that the IGMP function has been enabled; this function
Protocol function has been enabled. should be disabled and must be disabled when using the Loop Detection
Policy commands. To correct this error, reconfigure the switch using the lat-
est revision of the SCAS software, as discussed in this document. By
default, all edge and distribution switch configurations disable the IGMP
function.
ERROR 24.....IGMP Protocol Query- This error indicates that the IGMP Query-interval function has been set to a
interval has been enabled on VLAN value greater than 2 seconds; this setting must be decreased when using
___ at rate of ____ seconds. “>2 sec- the Loop Detection Policy commands. To correct this error, reconfigure the
onds” switch using the latest revision of the SCAS software, as discussed in this
document. Ensure the Beacon Interval is not set to exceed two seconds;
this setting is recommended to be set a one second interval as per default.
ERROR 25.....Switch’s RSTP (Rapid This error indicates that the Spanning tree protocol function has been set to
Spanning Tree Protocol) is not a setting other than RSTP; this Spanning Tree Protocol function must be
enabled. set to RSTP when configuring a switch for The MESH Control Network. To
correct this error, reconfigure the switch using the latest revision of the
SCAS software, as discussed in this document. By default, all switch con-
figurations enable the RSTP function.
ERROR 26.....Switch’s Primary Host- This error indicates that the switch’s SNMP Primary Hosting Trap IP
ing Trap IP Address has not been Address has been set; this setting must be configured on the switch for The
configured. MESH Control Network. To correct this error, reconfigure the switch using
the latest revision of the SCAS software, as discussed in this document.
Ensure the Primary Hosting Trap IP Address has been set correctly.
ERROR 27.....Port Flow-Control is This error indicates that the port Flow-control is enabled on the switch’s
enabled. ports; all ports must have port Flow-Control disabled. To correct this error,
discussed in this document, ensuring the port Flow-Control disabled.
ERROR 28.....Port Duplex is not set This error indicates that the port duplex is enabled on the switch’s copper
to 'Full' ports; all copper ports must have port duplex set to lull. To correct this error,
discussed in this document, ensuring the port duplex is set to full.
ERROR 29.....port duplex <FE This error indicates which Fast Ethernet copper device port the port duplex
port#> is set to half duplex is enabled on; all copper ports must have port duplex set to full. To correct
ware, as discussed in this document, ensuring the port duplex is set to full.
ERROR 30.....Device port Auto- This error indicates that the port Auto-negotiation is enabled on the last
Negotiation is Enabled. Ethernet device ports; all last Ethernet device ports must have port Auto-
negotiation disabled. To correct this error, reconfigure the switch using the
latest revision of the SCAS software, as discussed in this document, ensur-
ing the port Auto-negotiation is disabled on all East Ethernet device ports.
ERROR 31.....ISL Port Auto-Negotia- This error indicates that the ISL port Auto-negotiation is disabled on the ISL
tion is disabled. ports; all ISL ports must have port Auto-negotiation enabled. To correct this
as discussed in this document, ensuring the Uplink (ISL) Auto-negotiation
is enabled.
ERROR 32..... port negotiation <FE This error indicates which Fast Ethernet device port the Auto-negotiation is
port#> enable d enabled on; Ethernet device ports must have port Auto-negotiation dis-
abled. To correct this error, reconfigure the switch using the latest revision
of the SCAS software, as discussed in this document, ensuring the port
Auto-negotiation is disabled on all Fast Ethernet device ports.
190

ERROR 33.....100M Port speed is set This error indicates that the port speed is to the wrong speed on the
at wrong speed. switch’s copper ports; all copper ports must have port speed set to
100Mbps. To correct this error, reconfigure the switch using the latest revi-
sion of the SCAS software, as discussed in this document, ensuring the
port speed set to l00Mbps.
ERROR 34.....port speed <FE port#> This error indicates which Fast Ethernet copper device port the port speed
10 is enabled on; all East Ethernet copper device ports must have port speed
set to 100Mbps. To correct this error, reconfigure the switch using the latest
revision of the SCAS software, as discussed in this document, ensuring the
port speed set to 100Mbps.
ERROR 35.....Fast Ethernet Port This error indicates that a Fast Ethernet device ports spantree AdminEdge
Admin Edge is disabled. is set to false; all Fast Ethernet device ports must have spantree Admin-
Edge is set to true. To correct this error, reconfigure the switch using the lat-
est revision of the SCAS software, as discussed in this document, ensuring
the ‘AdminEdge on Edge Devices ENABLED’ is selected.
ERROR 36.....spantree AdminEdge This error indicates which Fast Ethernet device port the port spantree
<FE port#> false AdminEdge is set incorrectly on; all Fast Ethernet device ports must have
spantree AdminEdge set to true. To correct this error, reconfigure the switch
using the latest revision of the SCAS software, as discussed in this docu-
ment, ensuring the ‘AdminEdge on Edge Devices ENABLED’ is selected.
ERROR 37.....ISL Port AdminEdge is This error indicates that an ISL port spantree AdminEdge is set to true; all
enabled. ISL device ports must have spantree AdminEdge set to true To correct this
error, reconfigure the switch using the latest revision of the SCM software,
as discussed in this document, ensuring that all ISL device port spantree
AdminEdge is set to false.
ERROR 38..... spantree AdminEdge This error indicates which ISL port the port spantree AdminEdge is set
<ISL port#> true incorrectly on; all ISL device ports must have spantree AdminEdge set to
false. To correct this error, reconfigure the switch using the latest revision of
the SCAS software, as discussed in this document, ensuring that all ISL
device port spantree AdminEdge is set to false.
ERROR 39.....Switch’s BPDU-For- This error indicates that the Switch’s spanning tree BPDU-Forwarding is
warding is disabled. disabled; the BPDU forwarding must be enabled. To correct this error,
ERROR 40.....GVRP is enabled. This error indicates that the GVRP Protocol function is enabled. To correct
ware, as discussed in this document, ensuring the GVRP Protocol setting
under the ‘Switch Security’ is disabled.
ERROR 41.....MAC Locking is This error indicates that the MAC Locking function is enabled. To correct
enabled. this error, reconfigure the switch using the latest revision of the SCAS soft-
ware, as discussed in this document, ensuring the MAC Locking function
setting under the ‘Switch Security’ is disabled.
ERROR 42.....WebView is enabled. This error indicates that the WebView function is enabled. The WebView
function is a non-supported function and unsecure method to monitor or
modify a switch configuration; this function must be disabled. To correct this
as discussed in this document, ensuring the HTTP (WebView) function is
disabled under the “Command Line Access” settings.
ERROR 43.....SNMP (Simple Net- This error indicates that the SNMP Target “trap” parameter function is not
work Management Protocol) Target setup correctly. To correct this error, reconfigure the switch using the latest
Parameters have not been setup cor- revision of the SCAS software, as discussed in this document.
rectly.
191

ERROR 44.....SNMPv1 (Simple Net- This error indicates that the SNMPv1 write (set) function is enabled. The
work Management Protocol version SNMPv1 write (set) function is an unsecure and potentially dangerous to
1) write function is Enabled. switch security; the SNMPv1 write function must be disabled. To correct this
as discussed in this document, ensuring the “SNMP Set commands Dis-
abled” function is selected under the “Command Line Access” settings.
ERROR 47.....Switch’s Password has This error indicated that the switch’s password has not been changed from
NOT been changed from its factory its factory default. This is not a functional error, however, a security feature
default! that is recommended. To correct this error, use the latest revision of the
SCAS software, as discussed in this document, use the “Change Switch
Password” function to modify the default password.
ERROR 48.....Switch’s FE Broadcast This error indicates that the Fast Ethernet port Broadcast Suppression rate
Suppression Rate is set beyond its is set beyond its recommended setting of 500 packets per second. To cor-
recommended setting. rect this error, reconfigure the switch using the latest revision of the SCAS
software, as discussed in this document, ensuring the FE Broadcast Sup-
pression rate is set to a value of 500 PPS or less.
ERROR 49.....Switch’s ISL Broadcast This error indicates that the ISL port Broadcast Suppression rate is set
Suppression rate is set beyond its beyond its recommended setting of 5000 packets per second. To correct
recommended setting. this error, reconfigure the switch using the latest revision of the SCAS soft-
ware, as discussed in this document, ensuring the ISL Broadcast Suppres-
sion rate is set to a value of 5000 PPS or less.
ERROR 50.....Port Link Flap is dis- This error indicates that the Link Flap function has been disabled; this func-
abled. tion should be enabled to minimize the risk of excessive network re-spans
potently resulting in network disruptions and / or failure. To correct this
as discussed in this document, ensuring the Link Flap function has been
selected and enabled.
ERROR 51.....Switch’s Error System This error indicates that the switch’s error logging has been disabled, it is
logging is Disabled. recommended that this function be enabled in the event of a network failure
error messages can aid in the attempt to correct and identify the cause of
the failure. To correct this error, reconfigure the switch using the latest revi-
sion of the SCAS software, as discussed in this document, ensuring the
Syslog function are enabled and setup correctly.
ERROR 52.....Switch’s Fast Ethernet This error indicates that the Fast Ethernet port Broadcast Suppression rate
Port Broadcast Suppression is dis- has been disabled. To correct this error, reconfigure the switch using the lat-
abled. est revision of the SCAS software, as discussed in this document, ensuring
the FE Broadcast Suppression rate has been selected and the rate setting
is at value of 500 PPS or less.
ERROR 53.....Switch’s ISL Port This error indicates that the ISL port Broadcast Suppression rate has been
Broadcast Suppression is disabled. disabled. To correct this error, reconfigure the switch using the latest revi-
sion of the SCAS software, as discussed in this document, ensuring the ISL
Broadcast Suppression rate has been selected and the rate setting is at
value of 5000 PPS or less.
192

ERROR 54.....Switch’s Edge Port This error indicates that the SpanGuard function was not enabled. To cor-
SpanGuard is disabled. rect this error, reconfigure the switch using the latest revision of the SCAS
software, as discussed in this document, before the SpanGuard function
can be enabled you must enable AdminEdge than the SpanGuard function
can be enabled.
ERROR 55.....Switch’s FaultLock is This error indicates that the Faultlock function was not enabled. To correct
disabled. (A-series only). this error, reconfigure the switch using the latest revision of the SCAS soft-
ware, as discussed in this document, and under the Switch Security section
ensure the Faultlock function is enabled.
ERROR 56.....Systems Network This error indicates that the SNTP function was not enabled. To correct this
Time Protocol (SNTP) is disabled. error, reconfigure the switch using the latest revision of the SCAS software,
ERROR 57.....Switch’s file logging This error indicates that the SNTP function was not enabled. To correct this
has been enabled but SNTP is dis- error, reconfigure the switch using the latest revision of the SCAS software,
abled. as discussed in this document.
ERROR 58.....Switch’s Inline power This error indicates that the inline power trap messaging function has been
trap messaging is disable. disabled. To correct this error, return the switch to it factory default than
ERROR 59.....VLANs have been This error indicates that VLANs have been deployed on the switch, but the
Enabled but the Host VLAN has not switch’s Host port was not assigned to the system monitoring VLAN. To cor-
been assigned correctly. rect this error, reconfigure the switch using the latest revision of the SCAS
software, as discussed in this document. Ensure that VLAN 2 has been
assigned to the switch.
ERROR 60.....VLANs have been This error indicates that VLAN 2 has not been deployed on the switch, but
Enabled but VLAN 2 has not been other VLANs have. This can cause a communications breakdown of The
assigned. MESH network. To correct this error, reconfigure the switch using the latest
revision of the SCAS software, as discussed in this document. Ensure that
VLAN 2 has been assigned to the switch.
ERROR 61.....The Network Root This error indicates that the Spanning tree Bridge Priority Mode protocol
switch’s Bridge Priority Mode is set to function has been set to 802.1t on the root switch. It is recommended that
802.1t. 802.1d be used when configuring a switch for The MESH network. To cor-
rect this error, reconfigure the switch using the latest revision of the SCAS
software, as discussed in this document. Ensure that the Bridge Priority
Mode is set to 802.1d. If the Bridge Priority Mode 802.1d is not supported
by the switch type being configured, the switch’s firmware needs to be
upgraded.
ERROR 62.....Loop Detection Policy This error indicates that VLAN 2 has not been deployed on the switch, but
'LDP' has been deployed but VLANs (LDP) has. IF LDP is deployed without VLANs, false port hit may occur dur-
have not been enabled. ing testing, repairs and power cycling of switches. To correct this error,
discussed in this document. Ensure that VLAN 2 has been assigned prior
to setting up the LDP rules.
LDP ERROR 100.....Switch’s LDP This error indicates that the VLAN function was not enabled; it is recom-
'Circuit Breaker' Policy Profile is mended that VLANs be deployed while using the LDP functions. To correct
deployed without VLANs assigned. this error, reconfigure the switch using the latest revision of the SCAS soft-
LDP ERROR 101.....LDP 'Circuit This error indicates that while setting up The LDP function the Root switch
Breaker PBQ' IP Address does not Beacon IP address was not entered correctly. To correct this error, reconfig-
match the switch’s IP address.’ ure the switch using the latest revision of the SCAS software, as discussed
in this document, ensuring the proper Beacon IP addresses are used dur-
ing the setup.
193

LDP ERROR 102.....LDP 'Circuit This error indicates that the Circuit Breaker PBQ rule will not responded
Breaker PBQ' rule reaction error. correctly in the event of a network loop between the two root switches. To
LDP ERROR 103.....LDP 'Circuit This error indicates that while setting up The LDP function the Backup Root
Breaker SBQ' IP Address does not switch Beacon IP address was not entered correctly. To correct this error,
match the switch’s IP address. reconfigure the switch using the latest revision of the SCAS software, as
discussed in this document, ensuring the proper Beacon IP addresses are
used during the setup.
LDP ERROR 104.....LDP 'Circuit This error indicates that the Circuit Breaker SBQ rule will not responded
Breaker SBQ' rule reaction error. correctly in the event of a network loop between the two root switches. To
LDP ERROR 105.....The LDP 'Cir- This error indicates that the Circuit Breaker LDP rules disabled ports in
cuit Breaker' Policy Rule has disabled responds to rule violation. To correct this error, clear the port hits, as dis-
ports <port #> on this switch! cussed in this document.
Configuration Warning Messages

When validating a switch’s running configuration (see “Validating Switches Running Configura-
tion” on page 103), the Configuration Validation dialog box may display one or more of the fol-
lowing warning messages. Table 12-3 explains each warning message and how to resolve it.
Table 12-3. Configuration Warning Messages

WARNING 1.....Spanning Tree Span- This message indicates that the switch’s configuration has been modified.
Guard traps are disabled. To resolve this message, reconfigure the switch using the latest revision of
the SCAS software, as discussed in this document.
WARNING 2.....Port <FE port #> is This message indicates that the switch’s VLAN configuration has been
configured to only pass tagged pack- modified. To resolve this message, reconfigure the switch using the latest
ets. revision of the SCAS software, as discussed in this document.
WARNING 3.....Switch has an This message indicates that the switch’s configuration has been modified.
unknown Policy Profile deployed “+ To resolve this message, reconfigure the switch using the latest revision of
<name> the SCAS software, as discussed in this document.
WARNING 4.....dot1x '802.1X This message indicates that the switch’s configuration has been modified.
authentication' has been enabled. To resolve this message, reconfigure the switch using the latest revision of
WARNING. 5....Switch RADIUS This message indicates that the switch’s configuration has been modified.
server has been enabled. To resolve this message, reconfigure the switch using the latest revision of
WARNING 6.....Port <port#> VLAN This message indicates that the switch’s configuration has been modified.
ingress-filtering has been disabled. To resolve this message, reconfigure the switch using the latest revision of
WARNING 7.....ISL Port <port #> This message indicates that the switch's configuration has been modified.
Loop Protection Algorithm 'LPA' has To resolve this message, reconfigure the switch using the latest revision of
been enabled. the SCAS software, as discussed in this document.
WARNING 8.....Flow Limit has been This message indicates that the switch’s configuration has been modified.
enabled. To resolve this message, reconfigure the switch using the latest revision of
194
Table 12-3. Configuration Warning Messages (Continued)

WARNING 9.....Switch has been con- This message indicates that the switch’s configuration has been setup as
figured as an Edge switch with an an edge switch with a root bridge priority setting. To resolve this message,
incorrect Bridge Priority Value. reconfigure the switch using the latest revision of the SCAS software, as
WARNING 10.....Switch’s IP Version This message indicates that the switch’s configuration has been modified.
6 is enabled. To resolve this message, reconfigure the switch using the latest revision of
WARNING 11.....IGMP Protocol This message indicates that the switch’s configuration has been modified
Query-interval has been enabled on beyond the set recommendations. To resolve this message, reconfigure the
VLAN ___ at rate of ___ seconds. switch using the latest revision of the SCAS software, as discussed in this
document.
WARNING 12.....CDP (CableTron This message indicates that the CDP function was not disabled. To resolve
Discovery Protocol) is enabled. this message, reconfigure the switch using the latest revision of the SCAS
WARNING 13.....Switch’s Password This message indicates that the Password aging time was not set at the
has been changed however the aging time of the password. To resolve this message, Change the password and
time has not been set! adjust the password expire setting.
WARNING 15.....Cisco Discovery This message indicates that the CDP function was not disabled. To resolve
Protocol is enabled. this message, reconfigure the switch using the latest revision of the SCAS
WARNING 16.....Switch has mir- This message indicates that a port mirror is enabled on the switch. To
rored ports enabled. resolve this message, update the port mirroring setting, as discussed in this
document.
WARNING 17.....Switch’s Bridge Pri- This message indicates that a Bridge Priority Mode is set to 802.1t on this
ority Mode is set to 802.1t. switch, reconfigure the switch using the latest revision of the SCAS soft-
ware ensure the 802.1d setting is selected, as discussed in this document.
WARNING 18.....Switch’s Telnet This message indicates that the Telnet function is enabled; reconfigure the
function is enabled. switch using the latest revision of the SCAS software, as discussed in this
document.
WARNING 19.....Switch’s Router Tel- This message indicates that the switch’s configuration has been modified.
net function is enabled. To resolve this message, reconfigure the switch using the latest revision of
WARNING 20.....Switch’s file logging This message indicates that the file logging function is enabled, but no IP
has been enabled ensure Trap IP address was assigned to the syslog server; reconfigure the switch using
address is designated. the latest revision of the SCAS software, as discussed in this document.
WARNING 21.....Switch’s Read-Write This message indicates that the switch’s configuration has been modified.
login is enabled. To resolve this message, reconfigure the switch using the latest revision of
WARNING 22.....No Ports have been This message indicates that the switch has not ports disabled; it is always a
disabled on this switch, Cau- security recommendation that all unused ports be disabled, if they exist. If
tion.Unused Ports should be dis- all ports are being used, ignore this message. To resolve this message,
abled! reconfigure the switch using the latest revision of the SCAS software, as
discussed in this document. Ensure all unused ports are disabled or
append a list of unused ports to the switch (see “Appending Port Com-
mands” on page 60).
Warning 101.....LACP has been dis- This message indicates that the switch’s configuration has been modified.
abled at the switch level. However, To resolve this message, reconfigure the switch using the latest revision of
Port <port#> LACP function is the SCAS software, as discussed in this document.
enabled!”
Warning 102.....The switch’s This message indicates that the switch’s configuration has been modified.
enhanced buffer mode has been To resolve this message, reconfigure the switch using the latest revision of
enabled. the SCAS software, as discussed in this document.
195
Table 12-3. Configuration Warning Messages (Continued)

Warning 103.....FE Port <port#> This message indicates that the switch’s configuration has been modified.
Loop Protection Algorithm 'LPA' has To resolve this message, reconfigure the switch using the latest revision of
been enabled. the SCAS software, as discussed in this document.
Warning 104.....FE Port <port#> LPA This message indicates that the switch’s configuration has been modified.
Capable Partner feature has been To resolve this message, reconfigure the switch using the latest revision of
enabled. the SCAS software, as discussed in this document.
Warning 105.....CEP phone detection This message indicates that the switch’s configuration has been modified.
has been enabled. To resolve this message, reconfigure the switch using the latest revision of
Warning 106.....(PWA) Port Web This message indicates that the switch’s configuration has been modified.
Authentication has been enabled. To resolve this message, reconfigure the switch using the latest revision of
Warning 107.....RAD (Runtime This message indicates that the switch’s configuration has been modified.
Address Discovery) protocol has To resolve this message, reconfigure the switch using the latest revision of
been disabled. the SCAS software, as discussed in this document.
Warning 108.....Port Spanning tree This message indicates that the switch’s configuration has been modified.
point-to-point has been enabled on To resolve this message, reconfigure the switch using the latest revision of
port <port#> the SCAS software, as discussed in this document.
Warning 109.....Switch’s TACACS This message indicates that the switch’s configuration has been modified.
server protocol is enabled. To resolve this message, reconfigure the switch using the latest revision of
Warning 110.....Switch’s DHCP This message indicates that the switch’s configuration has been modified.
server protocol is enabled. To resolve this message, reconfigure the switch using the latest revision of
Warning 111.....Switch’s EAPOL This message indicates that the switch’s configuration has been modified.
server protocol authentication mode To resolve this message, reconfigure the switch using the latest revision of
is enabled. the SCAS software, as discussed in this document.
Warning 112.....Switch’s Spanning This message indicates that the switch’s configuration has been modified.
Tree legacy path cost is enabled. To resolve this message, reconfigure the switch using the latest revision of
Warning 113.....Switch’s WebView This message indicates that the switch’s configuration has been modified.
Secure Shell encryption is enabled To resolve this message, reconfigure the switch using the latest revision of
196
Appendix A. Switch Information
Form
This appendix provides the forms for recording all pertinent information regarding Ethernet
switches.
Topology Star Ring Tree Switch Name

Switch Type I/A Series software
Revision
Switch IP Address
Trap IP Address Trap IP Address
Location Contact
Switch’s Network Root Bridge Backup Root Bridge Edge

Location
Bridge Priority Mode 802.1d
Bridge Priority Mode 802.1t
197
B0700CA – Rev L Appendix A. Switch Information Form
If Applicable Blade Type

VLAN Un- Up- Connection1 VLAN Un- Up- Connection1
ID# used link ID# used link
Port 1 Port 2
Port 3 Port 4
Port 5 Port 6
Port 7 Port 8
Port 9 Port 10
Port 11 Port 12
Port 13 Port 14
Port 15 Port 16
Port 17 Port 18
Port 19 Port 20
Port 21 Port 22
Port 23 Port 24
Port 25 Port 26
Port 27 Port 28
Port 29 Port 30
Port 31 Port 32
Port 33 Port 34
Port 35 Port 36
Port 37 Port 38
Port 39 Port 40
Port 41 Port 42
Port 43 Port 44
Port 45 Port 46
Port 47 Port 48
Gigabit Expansion module installed

Uplink Un- Connection1
used
Uplink 1
Uplink 2
Uplink 3
Uplink 4
Uplink 5
Uplink 6
1. The device to which the uplink connects.
198
Appendix B. Qualified Switch
Firmware Compatibilities Matrix
This appendix provides the matrix for compatibilities between Ethernet switches with allowed
firmware versions in the standard and Security Enhanced Configurations.
Ethernet switches with certain firmware versions may be incompatible with:
♦ other Ethernet switches, and
♦ the Security Enhanced Configuration.
NOTE
The information in this appendix should be taken into consideration when plan-
ning The MESH control network (V8.x) or the I/A Series control network (V7.x)
for your system.
Qualified Switches for The MESH Control Network

Table B-1 indicates each switch’s compatibilities with the standard and Security Enhanced
Configurations.
Table B-1. Qualified Switch Standard/Security Enhanced Configuration

Compatibilities Matrix
VLAN Security LDP

Switch Type Standard Supported Enhanced Deployable
2H258-17R (P0973MJ) Yes No Yes1,2 No
E-series (P0972LS) Yes No No No
E-series (P0972LT) Yes No No No
E-series (P0972LU) Yes No Yes1,2 No
E-series (P0972LV) Yes No Yes1,2 No
E-series (P0972LW) Yes No Yes1,2 No
E-series (P0972LX) Yes No Yes1,2 No
E-series (P0972TY) Yes No Yes1,2 No
E-series (P0972TZ) Yes No Yes1,2 No
E-series DFE-Platinum Yes Yes Yes Yes
(P0973BS)
V-series (P0972YC) Yes Yes Yes1 No
V-series (P0972WP) Yes Yes Yes1 No
A-series (P0973BJ) Yes Yes Yes1 No
A-series (P0973BK) Yes Yes Yes1 No
199
B0700CA – Rev L Appendix B. Qualified Switch Firmware Compatibilities
Table B-1. Qualified Switch Standard/Security Enhanced Configuration

Compatibilities Matrix (Continued)
VLAN Security LDP

Switch Type Standard Supported Enhanced Deployable
A-series (P0973BH) Yes Yes Yes1 No
C-series (P0973BL/HA) Yes Yes No No
I-series (P0973GA/GB/HB/HC) Yes Yes Yes1 No
DFE-Series Gold (P0972YJ) Yes Yes Yes3 Yes3
DFE-Series Gold (P0972YG) Yes Yes Yes3 Yes3
DFE-Series Platinum (P0973BQ) Yes Yes Yes Yes
DFE-Series Platinum (P0973BR) Yes Yes Yes Yes
DFE-Series Platinum (P0973BT) Yes Yes Yes Yes
1.
This switch can be used in a Security Enhanced Configuration if only used as an edge switch
in a Star or Modified inverted tree topology.
2.
This switch series can be used in a Security Enhanced Configuration if the B0973BS blade is
installed in the Chassis, only if the B0973BS uplink ports are used to interface to other
switches within the network.
3.
This switch must be upgraded with a policy license key (P0973GZ), before allowing LDP to
be deployed or the switch to be used as a root or distribution switch in a Security Enhanced
Network.
Switch Utilization in the Security Enhanced Configurations

Since the Security Enhanced Configurations deploy Policy algorithm methods to monitor and
protect the network from STP loop failures, specific switch types must be used in a variety of
required locations within the network.
♦ In a linear topology in a Security Enhanced Configuration, both switches must be
“LDP Deployable”; refer to the last column in Table B-1 to determine which switch
can be utilized.
♦ A ring topology cannot be supported as Security Enhanced Configuration.
♦ In a star topology in a Security Enhanced Configuration, both root and backup root
switches must be “LDP Deployable” (see Table B-1 above). All other switches within
the star network can be from any switch type that can be used in a Security Enhanced
Configuration; refer to the “Security Enhanced” column in Table B-1 to determine
which switch can be utilized.
♦ In an inverted tree topology in a Security Enhanced Configuration, all switches within
the network must be “LDP Deployable”; refer to the last column in Table B-1 to
determine which switch can be utilized.
♦ The modified inverted tree topology in a Security Enhanced Configuration requires
that all switches within the network core are “LDP Deployable”; refer to the last col-
umn in Table B-1 to determine which switch can be utilized. All outer edge switches
within the tree network can be any switch type as indicated in the “Security
Enhanced” column referenced in Table B-1; however, the redundant switches (A/B
switches) must be deployed on different tiers.
200
Appendix B. Qualified Switch Firmware Compatibilities Matrix B0700CA – Rev L
♦ As noted in Table B-1, all Security Enhanced Configuration topologies require “LDP
Deployable” switches (DFE Platinum) as the root or backup root.
Switch Firmware Compatibility

All qualified firmware versions in Table B-2 are compatible with each other and within The
MESH control network (I/A Series software, V8.x) or the I/A Series control network (V7.x)
unless otherwise listed below in Table B-3.
Table B-2. Qualified Firmware for Use in The MESH Control Network
Switch Type Revision

V-Series (P0972WP/YC)1 ES3526V-60_V2.5.2.5
ES3526V-60_V2.6.0.4
A-Series (P0973BH/BJ/BK)1 a2-series_01.03.18
a2-series_02.01.00.0011
a2-series_02.01.44.0003
I-Series (P0973GA/GB/HB/HC) i3-series_1.01.14
i3-series_01.01.18.0008
C2-Series (P0973BL) c2-series_04.00.31
c2-series_05.02.06.0004
c2-series_05.02.07.0006
C3-Series (P0973HA) c3-series_01.02.06.0004
c3-series_06.03.01.0008
DFE-Series: Gold DFE-G-05.25.16
Gold (P0972YG/P0972YJ) Gold DFE-G-05.42.04
Platinum (P0973BQ/BR/BS/BT) Gold DFE-G-06.12.03.0003
Platinum DFE-P-05.32.06
Platinum DFE-P-05.42.04
Platinum DFE-P-06.12.03.0003
E-Series/2H258-17R1 05.07.12
05.08.12
1. Switch compatible with I/A Series control networks (V7.x), discussed in B0400DV.
201
Table B-3. Firmware Rules for Switches in The MESH Control Network
Rules
All switch pairs (A and B Edge/Distribution, Root and Backup) must be of the same switch type or
compatibility:
V-series and A-series (P0972WP and P0973BH) or (P0972YC and P0973BJ) are of
the same compatibility.
NOTE
Switch combination when installed into The MESH control net-
work (V8.x) requires 802.1t bridge priority settings if the V-series
(P0972WP/YC) switch is installed at the primary Root or Backup
Root level running firmware 2.5.2.5.
I-series switches can be compatible with the A-series, depending on switch location
and port count.
♦ (P0973GA and P0973BH) - Both units have the same number of
Copper device ports but the P0973GA has only two SFP ISL ports.
♦ (P0973HB and P0973BJ) - P0973HB has 16-Fiber device and 2 SFP
ISL ports, were the P0973BJ has 24-Fiber device ports and four ISL
ports.
♦ (P0973HC and P0973BK) - P0973HC has 8-Fiber, 12-Copper
device and two SFP ISL ports were the P0973BK has 8-Fiber, 8-Cop-
per device and four SFP ISL ports.
The I-series switches have not been qualified to be utilized at the Root / Distribution
switch level, I-series switches are to be used as edge switches only.
C2-series and C3-Series (P0973BL and P0973HA) are of the same compatibility.
C2-series (P0973BL) Firmware version c2-series_05.02.06.0004 must be utilized on the C2-switch
when using C2-series and C3-series switches as switch pairs at the root.
C2-series (P0973BL) Firmware version c2-series_05.01.01.0040 has been disqualified for use in the
I/A Series control network (v7.x).
DFE-Gold Series (P0972YG/YJ) Firmware version DFE-G-05.13.04 has been disqualified for use
in the I/A Series control network (v7.x).
Root or distribution A-series switches (P0973BH, P0973BJ, and P0973BK) with firmware
02.01.00.0011 or 02.01.44.0003 are not supported when V-series switches are attached to them as
edge switches. This is because this combination of switches may not achieve sub-second failover in
The MESH network. A-series switch firmware 01.03.18 must be used.
NOTE
The I-series switch is not qualified for the I/A Series control network (v7.x).
202
Appendix B. Qualified Switch Firmware Compatibilities Matrix B0700CA – Rev L
Switch’s firmware can be upgraded as described below:

♦ To upgrade V-series firmware, DFE-series “Gold” switches (P0972YG and P0972YJ),
DFE-series “Platinum” switches (P0973BQ, P0973BR, P0973BS and P0973BT), A-
series switches (P0973BH, P0973BK, and P0973BJ) or C-series switches
(P0973BL/HA) to the current released firmware revision, refer to Chapter 11 “Down-
loading Qualified Firmware Images” on page 167 to download qualified firmware
images.
♦ To upgrade E-series switch firmware to the current released revision, refer to the
P0972YZ upgrade kit, which includes the Firmware Upgrade Special Instructions.
203
204
Appendix C. Understanding Loop
Detection (Security Enhanced
Configuration)
This appendix details the concepts of the Loop Detection policy (LDP) on the Platinum (DFE)
blades and switches. LDP is an integral feature to the Security Enhanced Configuration for
The MESH control network. It provides overview guidelines and requirements for designing,
installing, and maintaining LDP on The MESH control network.
NOTE
The topics discussed in this appendix should be well understood before implement-
ing an LDP solution.
This appendix is intended for use by process engineers and maintenance personnel, who are
involved in designing, configuring, installing and maintaining The MESH control network. It is
expected that they have an advanced knowledge of Ethernet LANs and I/A Series configurations.
A good working knowledge and implementation of spanning tree or STP loops on switch-based
control networks is necessary to understand the LDP concepts discussed in this appendix.
NOTE
All graphics of switches and media converters in this document are intended as
generic illustrations of networking concepts and do not necessarily reflect the cur-
rently offered products.
Introduction
This appendix discusses the deployment of LDP on networks that function with redundant links
and that may have traffic storms resulting from an STP loop failure. The purpose of LDP is to
isolate a switch producing a storm.
Also discussed within is the concept of how “Loop Detection” works, the design benefits it pro-
vides, recommended topologies for the “Circuit Breaker”, and some topologies that are not rec-
ommended. This appendix does not discuss other methods that may assist in recovering a looped
network, or their initial prevention.
Physical loops are often introduced into a network as redundant links (paths). The spanning tree
protocol keeps redundant links in a 'blocking' mode until its primary link is unavailable/failed. In
the absence of the spanning tree protocol or the presents of a STP loop failure caused by incorrect
software configurations or hardware failures, redundant links can cause real network data loops
which have no ingress or egress filtering. This condition confuses the basic bridge forwarding
algorithm in switches and allows duplicate frames to be forwarded. This will lead to a sudden
increase in network traffic (traffic storm), resulting in a network flooding (Network Storm).
205
B0700CA – Rev L Appendix C. Understanding Loop Detection (Security
Also, refer to the “Terms and Definitions” on page 206 in Appendix C “Understanding Loop
Detection (Security Enhanced Configuration)”.
Additional Information
Additional documentation provides the information specific to the hardware and switch configu-
ration for The MESH control network deploying the LDP.
The following documents provide additional or related information to the hardware that can sup-
port the LDP used in The MESH control network:
♦ The MESH Control Network Hardware Instructions for N-Series Switches
(P0973AR/P0973AS/P0972YE) (B0700CK)
♦ E7 Chassis and 16-port Fiber (P0972MK/P0972MJ) Switches, Hardware and Software
Configuration Instructions (B0700CM)
♦ The MESH Control Network Architecture Guide (B0700AZ)
♦ The MESH Control Network Architecture (PSS 21H-7C2 B3)
♦ The MESH Control Network Ethernet Equipment (PSS 21H-7C3 B4)
♦ I/A Series System Definition: A Step-by-Step Procedure (B0193WQ)
♦ I/A Series Configuration Component (IACC) User's Guide (B0400BP)
For detailed and specific information on the Ethernet equipment, refer to the documentation sup-
plied by the switch vendor. These documents may also be available on the IPS Global Client Sup-
port web site at http://support.ips.invensys.com.
After logging in to the web page, go to: Support -> Foxboro -> Product Information ->
Briefs/Product Releases -> then select MESH Network Switches Documentation.
Terms and Definitions

The following terms discussed in this appendix may be unfamiliar, and are defined with addi-
tional detail (not found in the Preface) below.
LDP Loop Detection Policy
PBQ (Primary Beacon Queryer) One of two root switches which has the IGMP
“Beacon” protocol enabled and has the lowest IP address of the two, this
switch must be configured as the root switch.
SBQ (Secondary Beacon Query) One of two root switches which has the IGMP
“Beacon” protocol enabled and has the highest IP address of the two, this
switch must be configured as the backup root switch.
IGMP Internet Group Management Protocol, used to establish host member-

ships in particular multicast groups on a single network.
Flood Refers to a condition where excessive volume of data packets, traverses the
network.
Data Loop or Loop Refers to a condition where data traverses a redundant path with no termi-
nation point.
206
Appendix C. Understanding Loop Detection (Security Enhanced Configuration) B0700CA – Rev L
Policy A group of rules a network device uses to make forwarding, blocking or

port-disable decisions upon.
Beacon This is used to refer to the packet type and packet on the network which
the port disabling is acted upon.
Circuit Breaker This is used to refer to a policy rule that will disable a port that receives an
incoming packet of an out going Beacon packet “Loop”.
Circuit Breaker This is used to refer to policy rules that will disable an uplink port that
PBQ/SBQ interfaces two root switches that receives an incoming packet of an out
(CBPBQ and going Beacon packet “Loop”. This function is a subset of the Circuit
CBSBQ) Breaker Rules.
Back Plane Circuit This is used to refer to a policy rule that will disable a Back Plane port that
Breaker (BPCB) receives an incoming packet of an out going Beacon packet “Loop”. This
function is a subset of the Circuit Breaker Rules. This function is only
available when bridging between FTM1 and FTM2 back planes.
Role A collection of services
Service A collection of Rules
BPP (Beacon Priority Policy) a role/service that allows for the Beacon packet to
have the highest priority when propagating though the network. This
ensures the Beacon packet will be transmitted back to the PBQ in a
flooded switch
CBP (Circuit Breaker Policy) a role/service that disables a port when a Beacon
packet is received from an edge switch or from the tier below.
Rules Packet classifiers that are used to identify packet types on the network.
Rule Hit An action when a packet classifier finds the packet
Rule Accounting Shows that a port and a role have taken a rule hit or not.
Enforce When rules are applied to a switch.
Implementation Methodology For Security Enhanced

Configuration
There are several elements necessary to implement LDP. These will be considered in the
configuration components of the system.
1. A “Beacon” packet
2. A trigger policy (Circuit Breaker Policy, Circuit Breaker PBQ and Circuit Breaker
SBQ)
3. A prioritize policy
4. A physical and logical loop in the network
207
The “Beacon” is a packet that ingresses from one point of the network “the root” to as many egress
points on the network as necessary. To accomplish this requirement, the IGMP query message is
used, with the time set to one second to maintain the sub-second requirements for The MESH
control network.
The implementation takes on a two-policy approach for deployment. One policy is used to prior-
itize the “Beacon” as it egresses through the network. The critical second policy is the “Circuit
Breaker” policy. Its intent is to look for the “Beacon” packet to be sourced from an invalid direc-
tion. Once a “Beacon” packet is seen on a port that is egressing towards the “Beacon” source (the
root), the “Circuit Breaker” policy will disable this port. Disabling a physical port takes away its
ability to form a physical loop. Because in many cases this response can be faster than Rapid
Spanning Tree Protocol (RSTP), false Rule Hits may occur during a network start-up. To over-
come this concern, the network start-up should start by powering up switches at the outer edges
moving towards the root.
The prioritize policy uses a layer 2 priority tagging method as specified in 802.1Q to mark these
“Beacon” packets between switch links. This ensures that the “Beacon” packets are forwarded first
in a strict-priority mode. So even during a data loop condition, the “Beacon” packets will be one
of the packets in the loop.
Once the “Beacon” packet is received on an incorrect port, the “Circuit Breaker” policy takes
effect dropping the first “Beacon” packet, and disabling the port from forwarding data.
Deploying Loop Detection Policies

! WARNING
When deploying the Loop Detection policy, it is critical that you have a good
understanding of the network and the function of the policy prior to deploying this
application on to the network.
The Circuit Breaker Policy (CBP) is deployed at the root switch level on all edge switch uplinks
ports. The Circuit Breaker PBQ/SBQ Policy is deployed on the uplink ports interfacing the two
root switches. The edge switches are deployed with the Beacon Priority Policy (BPP) on all uplink
ports facing the root and the Circuit Breaker Policy (CBP) is deployed on all uplink ports facing
the outer edge (away from the root). The outer-most edge switches require the spanning tree
admin path cost to be increased (≥200000) if the switches do not support LDP. Adjusting the
admin path cost ensures efficient port blocking at the outer edge when BPP is not deployed.
If the P0973BS blade is used in an E7-Series Chassis switch, then the Back Plane Circuit Breaker
(BPCB) should be deployed on each P0973BS blade. This feature protects the integrity of the
network's backbone when E7-Series second and third generation Chassis blades are used (see
page 14 for the list of blade part numbers). This feature allows for minimum impact on The
MESH network backbone by isolating the E7-series second and third generation Chassis blades
within the Chassis in the event of a STP loop failure. If an E7-Series Chassis is using second or
third generation blades within the Chassis and the BPCB is deployed on the P0973BS module, all
of the second or third generation modules within the Chassis can be isolated from the network,
maintaining the integrity of The MESH backbone.
208
! WARNING
The Backplane Circuit Breaker Policy (BPCB) (used only on E-series blade
P0973BS) should be used to detect STP loop failures on the E-series second and
third generation blades only (part numbers listed on page 14). It is not
recommended that any other switches be interfaced to these second and third gener-
ation blades via uplink or data ports. Blades protected with the BPCB policy (i.e. E-
series second and third generation blades) should reside at the outer most edge of
the network. Refer to Table B-1 “Qualified Switch Standard/Security Enhanced
Configuration Compatibilities Matrix” on page 199 for a list of applicable part
numbers.
! WARNING
If Backplane Circuit Breaker Policy (BPCB) is to be used, proper precautions must
be made to ensure that the workstation which is responsible for hosting the second
or third generation blade being protected by the policy (part numbers listed on
page 14) is not physically attached to the switch. If the hosting workstation (to
which the switch sends traps) is attached to this switch, the System Management
will not detect the backplane rule hit (port disabling) in the event of a STP loop
failure on that switch. To prevent this issue, the workstation must be attached to a
different switch within the network. In general, it is good practice for a workstation
monitoring a switch to not be connected to that switch.
209
The MESH Security Enhanced Control Network

Topologies
A key feature of The MESH control network is that single points of failure will not prevent com-
munications among all the devices in the network. This is accomplished by using a MESH net-
work design in which each I/A Series station is connected to two different Ethernet switches. Each
of the Ethernet switches is then connected to two other Ethernet switches. This design provides
redundant data paths so that the failure of a single device doesn’t cause operational network prob-
lems.
The MESH Security Enhanced Control Network must be constructed using the network config-
urations/topologies described below with the LDP rules deployed as described in this appendix.
The topology chosen depends largely on the size, complexity, site requirements, and network
specifications of The MESH Security Enhanced Control Network. The following paragraphs pro-
vide some guidelines for choosing a network configuration (topology).
NOTE
All graphics of switches and media converters below are intended as generic illustra-
tions of networking concepts and do not necessarily reflect the currently offered
products.
There are four basic Security Enhanced Configurations that are supported by The MESH control
network. These are:
♦ Linear
♦ Star
♦ Inverted tree
♦ Modified inverted tree
The following diagrams provide examples of the different topologies deploying the loop detection
algorithm (LDP) as well as recommendations on where they might be used.
210
“Linear” Networks
A small network, consisting of two switches, could be configured as shown in Figure C-1.
Circuit Breaker SBQ Policy
Gigabit Ethernet over

Fiber Uplink Ports
P92
Fiber Managed
Switches Circuit Breaker PBQ Policy
FCP270
Figure C-1. Small Network (Linear) (Security Enhanced Configuration)
In this configuration, the Circuit Breaker PBQ and Circuit Breaker SBQ are the only rules
required to support LDP on this network.
NOTE
Two connections between switches are required for proper redundancy.
N1 or larger DFE-series Chassis switches can be used instead of the non-Chassis Fiber switches.
These Chassis switches will allow hundreds of workstations, controllers and FCMs to be con-
nected to The MESH control network. This provides a small network but quite a large control
system. Multiple FCP270/FCM100s/ZCP270s, ATS modules and workstations can be connected
to a redundant switch.
211
Star Topology
The star topology is the preferred topology for all networks. It is the easiest to maintain, expand,
and deploy. In a star topology, the switches at the outside edge of the network have connections to
each of the two root switches. The two root switches are connected to each other and all edge
switches. Redundant data paths allow the network to continue to operate if any one component
fails.
The deployment of the loop detection algorithm (LDP) allows for redundant network condition
monitoring by both RSTP and LDP. Figure C-2 illustrates a star network in the Security
Enhanced Configuration. In a Security Enhanced star topology, as many as 166 edge switches can
be connected to the Chassis switch using 1 Gb uplinks. In this configuration, if RSTP fails on an
edge switch, LDP will remove any loops by isolating the switch from the rest of the network
allowing the redundant switch to take over. An inverted tree topology or modified inverted tree
topology can be considered if there is a larger number of edge switches required.
In the Security Enhanced Star topology, the following rules apply:
♦ Circuit Breaker Policy (CBP) is deployed at the two root switches on all uplink ports
connecting to edge switches.
♦ The Circuit Breaker PBQ/SBQ Policy is deployed on the uplink ports interfacing the
two root switches together.
♦ If BPP is not deployed, the edge switches require the spanning tree admin path cost to
be increased (≥200000), to ensure sufficient port blocking at the outer edge.
♦ The root and backup root must be a switch type that supports LDP. (See Table B-1
“Qualified Switch Standard/Security Enhanced Configuration Compatibilities
Matrix” on page 199 in Appendix B “Qualified Switch Firmware Compatibilities
Matrix”).
212
Legend:
Circuit Breaker Policy
Circuit Breaker PBQ/SBQ Policy
The defined edge switches need their spanning tree admin path cost increased (≥200000)
to ensure efficient port blocking.
*For Primary and Backup Root Switches: IGMP Query packet is used as a beacon, injected at
root every 1 second. The secondary (backup) IGMP Query will be injected at the backup root in the
event of a root switch failure.
Figure C-2. Medium Network (Star Topology) (Security Enhanced Configuration)
213
Double Star Topology

The double star topology is one of the easiest topologies to maintain, expand, and deploy over a
large geographical area. In a double star topology, the switches at the outside edge of the network
have connections to each of the two root switches. The two root switches are connected to each
other and all edge switches. Redundant data paths allow the network to continue to operate if any
one component fails.
The deployment of the loop detection algorithm (LDP) allows for redundant network condition
monitoring by both RSTP and LDP. Figure C-3 illustrates a star network in the Security
Enhanced Configuration. In a Security Enhanced star topology, as many as 166 edge switches can
be connected to the Chassis switch using 1 Gb uplinks. In this configuration, if RSTP fails on an
edge switch, LDP will remove any loops by isolating the switch from the rest of the network
allowing the redundant switch to take over. An inverted tree topology or modified inverted tree
topology can be considered if there is a larger number of edge switches required.
In the Security Enhanced Star topology, the following rules apply:
♦ The Circuit Breaker PBQ/SBQ Policy is deployed on the uplink ports connecting the
♦ The Beacon Priority Policy (BPP) is not required since the “Beacon” only traverses one
hop.
♦ If BPP is not deployed, the edge switches require the spanning tree admin path cost to
be increased (≥200000), to ensure sufficient port blocking at the outer edge.
♦ The root and backup root must be a switch type that supports LDP. (See Table B-1
“Qualified Switch Standard/Security Enhanced Configuration Compatibilities
Matrix” on page 199 in Appendix B “Qualified Switch Firmware Compatibilities
Matrix”).
214
Expandable Chassis Switches

N-Series N-Series
Primary Root Secondary Root
Gigabit Ethernet over Tier 1

Fiber Uplink Ports
A-, I- or V-Series Switches A-, I- or V-Series Switches
Tier 2
N-Series Switches
Blades
A-, I- or V-Series Switches A-, I- or V-Series Switches
Tier 3
A-, I- or V-Series Switches
Legend:
Beacon Prioritize Policy
The defined edge switches need their spanning tree admin path cost
increased (≥200000) to ensure efficient port blocking.
*For Primary and Secondary Root Switches: IGMP Query packet is used as a beacon, injected at
Figure C-3. Double Star Topology
215
Inverted Tree Topology

The inverted tree topology is suited for very large networks with specific physical constraints. In
this topology, the switches are arranged in tiers, with the root switches in the top tier and up to
three tiers below them (a maximum of four tiers). The two root switches are connected to each
other and the other switches each have a connection to two of the switches in the tiers above and
below them. Redundant data paths allow the network to continue to operate if any one compo-
nent fails. The deployment of the loop detection algorithm allows for redundant network condi-
tion monitoring by both RSTP and LDP.
In the Security Enhanced Inverted Tree topology the following rules apply:
♦ Circuit Breaker Policy (CBP) is also deployed on all uplink ports of other switches fac-
ing the outer edge (away from the root).
♦ The edge switches are deployed with the Beacon Priority Policy (BPP) on all uplink
ports facing the root.
♦ All switches must be a switch type that supports LDP. (See Table B-1 “Qualified
Switch Standard/Security Enhanced Configuration Compatibilities Matrix” on
page 199 in Appendix B “Qualified Switch Firmware Compatibilities Matrix”).
An inverted tree network topology is illustrated in Figure C-4. There can be no more than four-
tiers of switches (including the root) in order to comply with the I/A Series system requirement,
limiting the number of switches between devices to seven.
216
* *
Uplink paths should
be gigabit paths Note: Primary and Backup
Root Switches have two
connections.
Legend:
Circuit Breaker Policy *For Primary and Backup Root Switches: IGMP Query
packet is used as a beacon, injected at root every 1
second. The secondary (backup) IGMP Query will be
injected at the backup root in the event of a root switch
failure.
Figure C-4. Large Network (Inverted Tree Topology) (Security Enhanced Configuration)
217
Modified Inverted Tree Topology

The modified inverted tree topology is similar to the inverted tree topology but with consider-
ations to cost restraints. The modified inverted tree topology is suited for very large networks.
However, this topology utilizes low end, low cost switches as edge devices. In this topology, the
switches are arranged in tiers, with the root switches in the top tier and up to three tiers below
them (maximum of four tiers). The two root switches are connected to each other and the other
switches each have a connection to two of the switches in the tiers above and below them. Redun-
dant data paths allow the network to continue to operate if any one component fails.
By deploying LDP, the loop detection algorithm allows for redundant network condition moni-
toring by both RSTP and LDP.
In the Security Enhanced Modified Inverted Tree topology, the following rules apply:
♦ Circuit Breaker Policy (CBP) is also deployed on all uplink ports of other switches fac-
ing the outer edge (away from the root).
♦ All edge switches are deployed with the Beacon Priority Policy (BPP) on all uplink
ports facing the root. (See the note below).
♦ The outer tier edge switches require the spanning tree admin path cost to be increased
(≥200000) on uplinks to ensure efficient port blocking at the outer edge if BPP is not
deployed. (See the note below).
♦ All switches except the outer tier must be a switch type that supports LDP. (See
Table B-1 “Qualified Switch Standard/Security Enhanced Configuration Compatibil-
ities Matrix” on page 199 in Appendix B “Qualified Switch Firmware Compatibilities
Matrix”).
NOTE
If the outer tier uses switches that support LDP and the BPP is deployed, then the
admin path cost does not have to be adjusted.
An enhanced inverted tree network topology is illustrated in Figure C-5.

There can be no more than four-tiers of switches (including the root) in order to comply with the
I/A Series system requirement, limiting the number of switches between devices to seven.
218
Note: Primary and

Backup Root * *
Switches have two
connections.
Legend:
The defined edge switches need their spanning tree admin path cost
increased (≥200000) to ensure efficient port blocking.
*For Primary and Secondary Root Switches: IGMP Query packet is used as a beacon, injected at
Figure C-5. Large Network (Modified Inverted Tree Topology)

(Security Enhanced Configuration)
219
220
Appendix D. Understanding Virtual
Local Area Networks (VLANs)
This appendix details the concepts of VLANs on the I/A Series system with The MESH Control
Network. It provides overview guidelines and requirements for designing, installing, and
maintaining VLANs on The MESH control network.
This appendix is intended for use by process engineers and maintenance personnel, who are
involved in designing, configuring, installing and maintaining The MESH control network. It is
expected that they have an advanced knowledge of Ethernet LANs and I/A Series configurations.
A good working knowledge and implementation of the network is necessary to understand the
VLAN concepts discussed in this appendix.
Introduction
This appendix provides information to give you a better understanding of Virtual Local Area Net-
works (VLANs) and their use. However, in some instances, each VLAN technique may or may
not be applicable to The MESH Network architecture. The following sections define a VLAN
and describe its benefits as well as some limitations. This appendix explains why it is important
for a network engineer or manager to understand VLANs, and gives some basic instructions to
determine how many VLANs would typically be needed.
This information is provided to further your understanding of the changes that will occur as part
of SCAS and to assist you in designing, assigning, and implementing VLAN ports on The MESH
control network. If VLANs are well conceived in advance, the need to readdress devices and mod-
ify VLAN configurations more than once will not become an issue. This will save a great deal of
effort and minimize the amount of changes that will be needed following the initial configuration.
VLAN Terms
To fully understand the operation and configuration of port based VLANs, it is essential to
understand the definitions of several key terms.
VLAN ID or VID A unique number (between 1 and 4094) that identifies a particular
VLAN.
VLAN Name A 32-character alphanumeric name associated with a VLAN ID. The
VLAN Name is intended to make user-defined VLANs easier to identify
and remember.
Filtering Database Addressing information that the device learns about a VLAN is stored in
identifier (FID) the filtering database assigned to that VLAN. By default a VLAN is
assigned to the FID that matches its VLAN ID.
Tag Header Four bytes of data inserted in a frame that identifies the VLAN/frame
(VLAN Tag) classification. The Tag Header is inserted into the frame directly after the
221
B0700CA – Rev L Appendix D. Understanding Virtual Local Area Networks
Source MAC address field. Twelve bits of the Tag Header represent the
VLAN ID. The remaining bits are other control in formation.
Tagged Frame A data frame that contains a Tag Header. A VLAN aware device can add
the Tag Header to any frame it transmits.
Untagged Frame A data frame that does not have a Tag Header.
Default VLAN The VLAN to which all ports are assigned upon initialization. The
Default VLAN has a VLAN ID of 1 and cannot be deleted or renamed.
Forwarding List A list of the ports on a particular device that are eligible to transmit frames
for a selected VLAN.
Port VLAN List A per-port list of all eligible VLANs whose frames can be forwarded out
one specific port and the frame format (tagged or untagged) of transmis-
sions for that port. The Port VLAN List specifies what VLANs are associ-
ated with a single port for frame transmission purposes.
Egress List Ports configured to transmit frames for a VLAN.
Forbidden Egress Ports prevented from transmitting frames to a selected VLAN.

Ports
Untagged Egress A port configured to forward packets without adding a tag to the packet.
Ingress Filter When ingress filtering is enabled on a port, the VLAN IDs of incoming
frames are compared to the port's egress list. If the received VLAN ID
does not match a VLAN ID on the port's egress list, then the frame is
dropped.
Filtering Database A database structure within the switch that keeps track of the associations
between MAC addresses, VLANs, and interface (port) numbers. The Fil-
tering Database is referred to when a switch makes a forwarding decision
on a frame.
802.1Q Protocol to allow multiple bridged networks to transparently share the

same physical network link without leakage of information between net-
works (i.e. trunking).
1Q Trunk “tagged” A connection between 802.1Q switches that passes only traffic with a
VLAN Tag I--leader inserted in the frame. By default, a port designated as
a 1Q Trunk port has all VLANs in its Port VLAN List and is configured
to transmit all frames as tagged frames. A 1Q Trunk drops all incoming
frames that do not have a VLAN tag.
Cisco® Discovery Primarily used to obtain protocol addresses of neighboring devices and
Protocol (CDP) discover the platform of those devices.
Port Aggregation Cisco Systems® proprietary networking protocol, which is used for the
Protocol (PAgP) automated, logical aggregation of ethernet switch ports.
222
Appendix D. Understanding Virtual Local Area Networks (VLANs) B0700CA – Rev L
VLAN Trunk Provides VLAN management of the switches connected on a network.

Protocol (VTP) VTP helps the network administrator to perform tasks such as changing,
adding or deleting names on VLANs, and VTP reports the new informa-
tion to all of the switches on the network.
What Is a VLAN?
A Layer 2 (L2) switch is a device capable of grouping subsets of its ports into virtual broadcast
domains isolated from each other. These domains are commonly known as virtual LANs
(VLANs). The devices that make up a particular VLAN may be widely separated, both by geogra-
phy and location in the network.
The creation of VLANs allows devices located in separate areas or connected to separate ports to
belong to a single VLAN group. Devices that are assigned to such a group will send and receive
broadcast and multicast traffic as though they were all connected to a common network. VLAN-
aware switches isolate broadcast, multicast, and unknown traffic received from VLAN groups, so
that traffic from stations in a VLAN is confined to that VLAN.
When stations are assigned to a VLAN, the performance of their network connection is not
changed. Stations connected to switched ports do not sacrifice the performance of the dedicated
switched link to participate in the VLAN. As a VLAN is not a physical location, but a member-
ship, the network switches determine VLAN membership by associating a VLAN with a particu-
lar port or frame type.
As with any networking technology, it is important to understand the operational characteristics
of VLANs if they are to be implemented within The MESH control network. This understanding
will help to both implement well-designed VLANs and reduce the amount of time required to
troubleshoot problems, should they occur.
Why Use VLANs?

There are several reasons a network engineer or manager may want to create one or more logical
groupings of devices. In most cases, these reasons are broadcast control, security, Layer-3 address
management, and consolidation of the networking resources.
VLAN Benefits
There are several benefits to using VLANs. To summarize, VLAN architecture benefits include:
♦ Increased performance
♦ Improved manageability
♦ Network tuning and simplification of software configurations
♦ Physical topology independence
♦ Increased security options
Increased Performance
Switched networks by nature will increase performance over shared media devices in use today,
primarily by reducing the size of collision domains. Grouping devices into logical networks will
also increase performance by limiting broadcast traffic to devices within individual workgroups.
223
Improved Manageability
VLANs provide an easy, flexible, less costly way to modify logical groups in changing environ-
ments. VLANs make large networks more manageable by allowing centralized configuration of
devices located in physically diverse locations.
Network Tuning and Simplification of Software Configurations

VLANs allow for “fine tuning” The MESH control network by logically grouping devices, func-
tions and processes. Software configurations can be made uniform across machines with the con-
solidation of a process's resources into a single subnet. IP addresses, subnet masks, and local
network protocols will be more consistent across the entire VLAN.
Physical Topology Independence

VLANs provide independence from the physical topology of the network by allowing physically
diverse workgroups to be logically connected within a single broadcast domain. If the physical
infrastructure is already in place, it now becomes a simple matter to add ports in new locations to
existing VLANs if a control process expands or relocates. These assignments can take place in
advance of the move, and it is then a simple matter to move devices with their existing configura-
tions from one location to another. The old ports can then be “decommissioned” for future use,
or reused by the control process for new devices on the VLAN.
Increased Security Options

VLANs have the ability to provide additional security not available in a shared media network
environment. By nature, a switched network delivers frames only to the intended recipients, and
broadcast frames only to other members of the VLAN. In addition, monitoring of a port with a
traffic analyzer will only view the traffic associated with that particular port, making discreet mon-
itoring of network traffic more difficult.
It should be noted that the security method that is mentioned above is not to be considered an
absolute safeguard against security infringements. What this provides is additional safeguards
against “casual” but unwelcome attempts to view network traffic.
Additional Benefits And Restrictions

The primary benefit of the VLAN technology is that it provides localization of traffic. This func-
tion also offers improvements in security and performance to stations assigned to a VLAN. While
the localization of traffic to VLANs can improve security and performance, it imposes some
restrictions on network devices that participate in the VLAN. Through the use of Filtering Data-
base ID’s (FIDs), security can be implemented to enable or prevent devices from one or more
VLANs from communicating with each other. However, for the sake of security, the members of
one FID cannot communicate with the members of another FID.
To set up a VLAN, all the network switch devices that are assigned to the VLAN must support the
IEEE 802.1Q specification for VLANs.
VLAN Challenges
One of the greatest challenges when using VLANs within a local area network is documentation.
When connecting a device to a switch, there is no easy way to know which VLAN has been
assigned to the port, or whether the port has been configured to be a VLAN trunk. In most cases,
the only way to determine the VLAN configuration of a switch port is to gain access to the
224
switches management (CLI) port and display the configuration of the switch port in question.
This process requires the appropriate login passwords and knowledge of the configuration com-
mands for the specific switch and manufacturer. As additions, moves and changes occur within a
network, this challenge becomes even greater. When the switch was originally deployed, the pol-
icy may have been to assign the first 12 ports of each slot to VLAN2 “I/A Control Ports”. How-
ever, as time passed, network engineer or managers may have altered these assignments due to a
lack of available ports, or a lack of understanding of the network standards. Either way, when con-
necting a new device to the switch, there is no longer a guarantee that the first 12 ports belong to
VLAN 2 “I/A Control Ports”.
VLAN Best Practices

Healthy VLANs are carefully designed and maintained with the goal of optimum performance in
mind. If attention is not paid to the design of VLANs, the resulting network will be overly com-
plicated and difficult to maintain and troubleshoot.
Determine Reasons For Using VLANs

Four possible reasons for using VLANs were outlined at the beginning of this section:
♦ broadcast control
♦ security
♦ Layer-3 address management
♦ consolidation of network resources
When designing a VLAN network, each of these reasons should be carefully explored. For exam-
ple, if all of the devices within your environment need access to all of the servers and network
devices, security would not be a reason for implementing VLANs. However, if you are imple-
menting a Tri-Station solution, putting the Tri-Station traffic on one VLAN and I/A Series con-
trol traffic on another might be a good reason for implementing VLANs. By separating these two
types of traffic, quality of service (QoS) can be applied to the assigned VLANs to reduce delay
times and packet loss by increasing or decreasing packet priority of the traffic on each VLAN.
Keep the Number of VLANs To a Minimum

There is a tendency to create more VLANs than necessary. While the switches themselves can sup-
port thousands of VLANs, the addition of each VLAN can create additional overhead for network
devices.
VLAN “Security” Best Practices

Any attempt to create a secure switched network starts from basic security principles. If a user
does not want one of his or her devices to be tampered with, physical access to the device must be
strictly controlled. Furthermore, it is important for any network engineer or manager to use all
the proven security tools available for The MESH control network devices: from the very basic
configuration of system passwords, the use of IP permit filters, and login banners, all the way to
more advanced tools such as Netsight Policy Manager, and so forth. The concept of a VLAN is
similar to other concepts in the networking world where traffic is identified by the use of a Tag
Header or label. Identification is crucial for a L2 device to be able to isolate ports and properly
forward the traffic received.
225
Precautions for the Use of VLAN 1 “Default”

The reason VLAN 1 became a special VLAN is that L2 devices needed to have a default VLAN to
assign to their ports, including their management port(s). In addition to that, many L2 protocols
such as CDP, PAgP, and VTP needed to be sent on a specific VLAN on trunk links. For all these
purposes, VLAN 1 was chosen.
As a consequence, VLAN 1 may sometimes end up unwisely spanning the entire network if not
appropriately pruned and, if its diameter is large enough, the risk of instability can increase signif-
icantly. Besides the practice of using a potentially omnipresent VLAN for management purposes
puts trusted devices to higher risk of security attacks from un-trusted devices that by misconfigu-
ration or pure accident gain access to VLAN 1 and try to exploit this unexpected security hole. To
redeem VLAN 1 from its bad reputation, a simple common-sense security principle can be used:
as a generic security rule the network engineer or manager should prune any VLAN, and in par-
ticular VLAN 1, from all the ports where that VLAN is not strictly needed.
Therefore, with regard to VLAN 1, the above rule simply translates into the following recommen-
dation:
♦ It is recommended that VLAN 1 “Default” not be used for in-band management
(WebView, Telnet, SNMP and so forth) traffic. Pick a different, specially dedicated
VLAN (VLAN 2 “I/A Control Ports”) that keeps management traffic (Netsight Con-
sole, Policy Manager, SMDH, SYSMON, and so forth) separate from Non-I/A Series
user data and protocol traffic.
♦ Prune VLAN 1 “Default” from all the trunks and from all the access ports that do not
require it (including non-connected and shutdown “disabled” ports). Similarly, the
above rule applied to the management VLAN reads:
♦ Don't configure the management VLAN (VLAN 2 “I/A Control Ports”) on any
trunk or access port that doesn't require it (including non-connected and shut-
down “disabled” ports).
♦ For foolproof security, when feasible, prefer out-of-band management (CLI port) to
in-band management.
As a general design rule it is desirable to “prune” unnecessary traffic from particular VLANs.
If VLANs other than VLAN 1 or the management VLAN represent a security concern, then man-
ual pruning should be applied. Manual pruning of VLANs is commonly considered the most
effective method to exert a stricter level of control over a VLAN-based network.
Types Of VLANS
There are three common methods used to assign a device to a VLAN:
1. Port based VLANs
2. Protocol based VLANs, (Not Supported in The MESH Control Network)
3. MAC based VLANs, (Not Supported in The MESH Control Network)
Port Based VLANs

For port based VLANs, a switch port is manually configured to be a member of a specific VLAN.
Any device connected to this port will belong to the same broadcast domain as all other ports con-
figured with the same VLAN number.
226
The challenge of port based VLANs becomes documenting which port belongs to each VLAN.
The VLAN membership information is not displayed on the front of the switch. As a result, the
VLAN membership cannot be determined just by looking at the physical switch port.
Protocol Based VLANs (Not Supported in The MESH Control

Network)
With Protocol based VLANs, the Layer-3 protocol being carried by the frame is used to deter-
mine VLAN membership. While this may work in multi-protocol environments, in a predomi-
nately IP based network, this method is not practical.
MAC Based VLANs (Not Supported in The MESH Control

Network)
In a MAC based VLAN, the VLAN membership is based on the MAC addresses of the end
device, not the physical switch port. If a device is moved from one switch port to another, the
VLAN membership will follow that device. Unfortunately, the correlation of MAC address to
VLAN is a very time consuming. Each time an end device requires replacement (MAC address
changes), the switch will require an updated MAC address table (switch configuration). This
becomes a nearly impossible process for maintaining a control network, because of this, this type
of VLAN is not used.
VLAN Tagging
VLAN tags are used to indicate VLAN membership within a frame going across the network.
These tags are attached to the frame as it enters a switch port belonging to a VLAN and the tags
are removed when the frame leaves a port belonging to the VLAN. The type of port within the
VLAN will determine whether the VLAN tag header is stripped from the frame or whether it
remains attached to the frame. The two port types within a VLAN environment are known as
access ports and trunk ports.
Access Ports
Access ports are used where a frame enters or exits the VLAN. When an access port receives a
frame, the frame does not contain a VLAN tag. As the frame enters the access port, the VLAN tag
is attached to the frame.
While the frame is within the switch, it carries the VLAN tag that was attached when it entered
through the access port. As the frame leaves the switch through the destination access port, the
VLAN tag is removed. The transmitting device and the receiving device are not aware that the
VLAN tag was ever attached.
Trunk Ports
In networks containing more than one switch, it becomes necessary to be able to send VLAN
tagged frames from one switch to another. The difference between trunk ports and access ports is
that trunk ports do not strip off the VLAN tag before sending the frame. With the VLAN tag pre-
served, the receiving switch wi1l know the membership of the transmitted frame. This frame can
then be sent out the appropriate ports on the receiving switch.
227
VLAN Tagging Technologies

Each VLAN tagged frame contains fields that denote its VLAN membership. This is accom-
plished by the 802.1Q IEEE standardized format. The 802.1Q format is designed to allow VLAN
tagged frames to pass between switches from multiple vendors. An 802.1Q VLAN switch deter-
mines the VLAN membership of a data frame by its Tag Header. If the frame received is not
tagged, the switch classifies the frame into the VLAN that is assigned as the default VLAN of the
switch. If a frame received is tagged, the frame is forwarded to the GVRP ports that are config-
ured to transmit frames associated with the frame VLAN ID and protocol. If the received frame is
not tagged, the frame is examined and tagged as belonging to the default VLAN. The primary
benefit of the VLAN technology is that is provides localization of traffic. This function also offers
improvement in security and performance to stations assigned to a VLAN.
VLAN Operation
The 802.1Q VLAN operation is slightly different than the operation of traditional switched net-
working systems. These differences are due to the importance of keeping track of each frame and
its VLAN association as it passes from switch to switch or from port to port within a switch.
VLAN Components
Before describing the operation of an 802.1Q VLAN, it is important to understand the basic ele-
ments that are combined to make up an 802.lQ VLAN.
♦ Station - A station is any end device that belongs to a network. In the vast majority of
cases, stations are the computers through which the devices access the network.
♦ Switches - In order to configure a group of stations into a VLAN, the stations must be
connected to VLAN aware switches. It is the job of the switch to classify received
frames into VLAN memberships and transmit frames, according to VLAN member-
ship, with or without a VLAN Tag Header.
VLAN Switch Operation

IEEE 802.1Q VLAN switches act on the classification of frames into VLANs. Sometimes, VLAN
classification is based on tags in the headers of data frames. These VLAN tags are added to data
frames by the switch as the frames are transmitted out certain ports, and are later used to make
forwarding decisions by the switch and other VLAN aware switches.
NOTE
Tags are added prior to egressing. As all packets egress, tags are added to their packet
as they enter the switch since they must egress, and all packets must be transmitted
when egressed.
In the absence of a VLAN tag header, the classification of a frame into a particular VLAN
depends upon the configuration of the switch port that received the frame.
Receiving Frames from VLAN Ports

When a switch is configured to support the 802.1Q standard, every frame received by the switch
must belong, or be assigned, to a VLAN.
228
Untagged Frames
The switch receives a frame from Port 1 and examines the frame. The switch notices that this
frame does not currently have a VLAN tag. The switch recognizes that Port 1 is a member of
VLAN A and classifies the frame as such. In this fashion, all untagged frames entering a VLAN
switch assume membership in a VLAN. The switch will now make a forwarding decision on the
frame.
Tagged Frames
The switch receives a tagged frame from Port 4. The switch examines the frame and notices the
frame is tagged for VLAN C. This frame may have already been through a VLAN aware switch,
or originated from a station capable of specifying a VLAN membership. If a switch receives a
frame containing a tag header, the switch will classify the frame in regard to its tag rather than the
PVID for its port.
Forwarding Decisions
The type of frame under consideration and the filter setting of a VLAN switch determine how it
forwards VLAN frames. There are two modes by which a switch can learn and use the VLAN
addressing information.
♦ Independent Virtual Local Area Network (VLAN) Learning (IVL):
Each VLAN uses its own filtering database. Transparent source address learning per-
formed as a result of incoming VLAN traffic is not made available to any other VLAN
for forwarding purposes. This filter setting would be useful for handling devices (such
as servers) with NICs that share a common MAC address. Only one filtering database
(FID) is allotted per VLAN.
♦ Shared Virtual Local Area Network (VLAN) Learning (SVL):
Two or more VLANs are grouped to share common source address information. This
setting would be useful for configuration of more complex VLAN traffic patterns,
without forcing the switch to flood the unicast traffic in each direction. This allows
VLANs to share addressing information. It enables ports or switches in different
VLANs to communicate with each other when their individual ports are configured
to allow this communication to occur. Only one filtering database/FID is used by two
or more VLANs. (This function is not supported on The MESH control network.)
Broadcasts, Multicasts, and Unknown Unicasts

If a frame with a broadcast, multicast, or other unknown address is received by an 802.1Q
VLAN-aware switch, the switch checks the VLAN classification of the frame. The switch then
forwards the frame out all ports that are identified in the Forwarding List for that VLAN. For
example, if Port 3 (for VLAN C) receives the frame, the frame would then be sent to all ports that
had VLAN C in their Port VLAN List.
Known Unicasts
When a VLAN switch receives a frame with a known MAC address as its destination address, the
action taken by the switch to determine how the frame is transmitted depends on the VLAN, the
VLAN associated FID, and if the port identified to send the frame is enabled to do so. When a
frame is received, it is classified into a VLAN. The destination address is looked up in the FID
associated with the VLAN. If a match is found, it is forwarded out the port identified in the
229
lookup if, and only if, that port is allowed to transmit frames for that VLAN. If a match is not
found, then the frame is flooded out all ports that are allowed to transmit frames belonging to
that VLAN. For example, assume that a frame is received by the switch. The frame is a unicast
untagged frame received on Port 3. The frame is classified for VLAN C. The switch makes its for-
warding decision by comparing the destination MAC address to its filtering database. In this case,
the MAC address is looked up in the filtering database FID 3, which is associated with VLAN C
and VLAN D. The switch recognizes the destination MAC address of the frame as being located
out Port 4. Having made the forwarding decision, the switch then examines the Port VLAN List
of Port 4 to determine if it may transmit a frame belonging to VLAN C. If so, the frame is trans-
mitted out Port 4. If Port 4 has not been configured to transmit frames belonging to VLAN C,
the frame is discarded.
Configuration Process
Defining a VLAN
A VLAN must exist and have a unique identity before any ports or rules can be assigned to it. The
Network engineer or manager defines a VLAN by assigning it a unique identification number
(the VLAN ID), a filter database association, and an optional name. The VLAN ID is the number
that will identify data frames originating from, and intended for, the ports that will belong to this
new VLAN.
Classifying Frames to a VLAN

Once a VLAN has been created, rules are defined to classify all frames in a VLAN. This is accom-
plished through management by associating a VLAN ID with each port on the switch. Option-
ally, frames can be classified according to a protocol identifier contained within the frame. The
order of frame classification priority is by VLAN Tag, a protocol match, and lastly the PVID. This
combination of the switch port's identification and the VLAN ID becomes the Port VLAN ID
(PVID). At the same time, the Network engineer or manager configures the trunk ports that need
to consider themselves members of every VLAN. The configuration of trunk ports is very impor-
tant in multi-switch VLAN configurations where a frame's VLAN membership needs to be main-
tained across several switches.
Conclusion
As the use of virtual LAN technology has become common, designing and maintaining networks
must now account for the presence of VLANs. That is where best practices and tools apply to help
set up your VLAN and keep it healthy. The security of VLAN technology has proven very reliable
and only user misconfiguration or improper use of features have been pointed out as ways to
undermine its robustness.
Any network engineer or manager first needs to understand how and why VLANs work within
the network and institute good documentation practices in order to effectively troubleshoot prob-
lems and optimize VLAN performance. The most serious mistake that a network engineer or
manager can make is to underestimate the importance of the Data Link layer and of VLANs in
particular, in the sophisticated architecture of switched networks. Any good networking design
should incorporate the best practice guidelines described in this document as an effective way to
protect a network's L2 security architecture from dangerous vulnerabilities.
230
Appendix E. Quick Reference
Guide
This appendix provide quick reference guides for the common tasks discussed in this document.
Building a Switch Configuration File

From the Switch Setup dialog box (page 29), enter the following:
1. Select the Site Directory database to be used. If applicable, select the System/Site
Location database.
2. Select the Use Commit Network Data (if applicable).
3. Select the switch ID name from the drop-down window (if applicable), or enter the
switch’s ID name.
4. Ensure the following switch’s information is entered:
♦ IP address
♦ Location
♦ Contact
♦ Trap IP Address(es)
5. Select the switch type.
6. Click Create Configuration (Step-By-Step or Custom).
7. Select the switch’s firmware revision.
8. If using the Create a Configuration (Step-By-Step) function, follow the screen
prompts. Otherwise, refer to the “Custom Configuration” section below.
a. When setting up the SNTP parameter, ensure the Time Zone settings are correct.
b. Daylight savings settings can be changed by de-selecting the selection than re-
selecting it. This will provide a popup screen allowing you to modify the settings.
c. (DFE-series switches only) When deploying LDP:
♦ At the root switches, all ports are assigned the “Circuit Breaker” policy rule except
the ports that link the two root switches, which get (PBQ or SBQ 'backup root”).
♦ At the edge switches or the switches at the distribution level, all ports are assigned
the “Circuit Breaker” policy except the ports that link back to the roots (towards
the root) which get the “Beacon” policy.
9. The prompt “Add File to Configurator Tool Set” must be answered as YES to be used
as a switch configuration.
10. Proceed to “Configuring the Switch” on page 232.
231
B0700CA – Rev L Appendix E. Quick Reference Guide
Custom Configuration
In the Switch Configuration Parameters dialog box (page 48), enter the switch’s desired settings,
starting from the top left corner moving: top to bottom, then left to right.
♦ Do not change any Device Port Settings.
♦ Disable all unused ports.
♦ Select any 100Mbit ISL ports (if applicable).
♦ Adjust the Admin Port Cost (if applicable).
♦ Select the Bridge Priority. (All switches are “Edge / Distribution” except the two root
switches.)
♦ Enable STNP.
♦ When setting up the SNTP parameter, ensure the Time Zone settings are correct.
♦ Daylight savings settings can be changed by de-selecting the selection than re-
selecting this will provide a popup screen allowing you to modify the settings.
♦ Enable VLANs (if applicable).
♦ (DFE-series switches only) When deploying LDP:
♦ At the root switches, all ports are assigned the “Circuit Breaker” policy rule except
the ports that link the two root switches, which get (PBQ or SBQ “backup root”).
♦ At the edge switches or the switches at the distribution level, all ports are assigned
the “Circuit Breaker” policy except the ports that link back to the roots (towards
the root) which get the “Beacon” policy.
♦ Enable the Syslog Server.
NOTE
The Switch Configuration Parameters dialog box requires that all “check boxes”
should be checked (as per recommended settings) before building the configuration
file.
♦ Select Build Config File and follow the prompts.

♦ The prompt “Add File to Configurator Tool Set” must be answered as YES to be used
as a switch configuration.
♦ Proceed to the section “Configure the Switch”.
Configuring the Switch

It is assumed the configuration file has been saved as per Chapter 3 “Building a Configuration
File”.
Location database.
2. Click CLI Switch Interface.
3. Select the COM port to be used.
232
Appendix E. Quick Reference Guide B0700CA – Rev L
4. Click Interrogate Device and follow the prompts.

5. Click Continue after the VT100 window has closed.
6. Select the file to be downloaded via the “Download File” pull-down menu.
7. Click Download Commands to Switch.
8. Once complete, go to step 6 of the next section “Validating a Switch Configuration”.
Validating a Switch Configuration

Location database.
6. Click Validate Switch’s Running Configuration.
7. When the VT100 window closes, in the Configuration Validation dialog box
(page 103), click Update Status Messages.
8. If any Errors or Warnings are displayed, refer to “Configuration Error Messages” on
page 188 and “Configuration Warning Messages” on page 194 to determine the
required actions needed to correct the configuration.
Importing a Switch Configuration

Location database.
6. In the CLI Switch Interface dialog box (page 96), click Import Switch’s Running
Config.
7. Once the VT100 window closes, click Update Results.
8. The CLI Switch Interface dialog box will display the running configuration.
9. Click Save Config File and follow the prompts.
10. The prompt “Add File to Configurator Tool Set” must be answered as YES to be
used as a switch configuration.
233
Updating Firmware
Location database.
6. In the CLI Switch Interface dialog box (page 96), click Update Switch Firmware.
(At this time, the SCAS CLI port download selection is only selectable for C-series,
A-series and I-series switches.)
7. The Firmware Download dialog box will appear (page 168). Select the method to
download the firmware (TFTP or CLI).
For TFTP downloads, enter the TFTP server’s IP address and on the TFTP server,
navigate to the directory where the firmware resides.
8. In the Firmware Download dialog box, select the firmware to be downloaded
9. Click Download Firmware and follow all prompts.
Clearing Stacked Ports (A-Series Switches Only)

Location database.
6. Remove all connections from the stack ports.
7. Click Reset Stacking Ports.
8. Proceed to step 6 of “Configuring the Switch” on page 232 to reconfigure the switch
(required).
Collecting Switch Diagnostic Information

1. Set up the TFTP Server.
Location database.
234
Appendix E. Quick Reference Guide B0700CA – Rev L

7. Click Upload Switch Diagnostic Information.
8. Enter the TFTP Server IP address.
9. Click Upload Syslog Files.
10. Once the VT100 window closes, click Update Results.
Viewing and Clearing Switch LDP Port Hits

This applies to DFE-Series Switches only. From the Switch Setup dialog box (page 29), enter the
following:
Location database.
6. Click View LDP Port Hits and follow the prompts.
Setting Up Port Mirrors

1. Select the Systems Drop Down Menu database to be used.
6. Click Setup Port Mirroring. The Port Mirroring Setup dialog box will appear
(page 105).
7. Enter the Source and Target ports.
8. Click Create (Disable or Enable).
9. Click Enter Ports.
10. Click Deploy Mirror.
11. Return to the CLI Switch Interface dialog box (page 96), and click Deploy Com-
mands to Switch.
235
Changing the Switch’s CLI Prompt

If changing the switch’s prompt is necessary to establishing communications to the switch via
SCAS, perform the following steps. You must enter the correct default prompt on the switch for
the SCAS software to be able to interface with the switch. This prompt allows SCAS to recognize
the switch type and allow for the correct commands to be entered, while ensuring the correct con-
figuration can be downloaded to the switch.
1. Establish communications with the switch (via HyperTerminal - see “Connecting
Ethernet Switch to the PC” on page 93).
2. Enter the login name “admin”.
3. Enter the password - see “Default Passwords” on page 94.
4. Enter the appropriate command from Table E-1 for the switch type being configured.
Table E-1. Correct Prompt Formats for Switches
Switch P/N Switch Type Command

P0972WP, P0972YC V-series prompt V2
P0973BH, P0973BJ, A-series set prompt A2
P0973BK
P0973BL C2-series set prompt C2
P0973HA C3-series set prompt C3
P0973GA, P0973GB, I-series set prompt I3
P0973HB, P0973HC
P0972YG, P0972YJ, DFE-series (N-Series/ set prompt DFE
P0973BQ, P0973BR, E-Series chassis)
P0973BS, P0973BT Platinum/Gold
236
Appendix F. I/A Series Switch
Change Notice History (K0173ZU)
This change notice describes the history of the I/A Series Switch Configurator Application
Software (SCAS) versions provided on the K0173ZU CD-ROM.
The standard format for Version Numbers is as follows:
“rev. 1.2.3”
♦ 1 = Indicates changes were made that changes the tools look, operation, or function.
♦ 2 = Indicates changes were made that incorporates a switch's feature or function that
improves or increases network security, stability or capabilities.
♦ 3 = Indicates changes were made to incorporate a new switch / blade type and/or a
minor bug fix.
Change notice:
Status Version No. Type Release Date
Current Version 3.3.3 New Product Release February 2010
Previous Version 3.2.2 New Product Release August 2009
Previous Version 3.0.1 New Product Release April 2008
Previous Version 2.2.6 New Product Release July 2007
Previous Version 2.2.5 New Product Release March 2007
Previous Version 1.1.4 New Product Release November 2006
Previous Version 1.0.4 Product Enhancement October 2006
Previous Version 1.0.3 Product Enhancement August 15, 2006
Previous Version 1.0.2 Note Released June 15, 2006
Previous Version 1.0.1 Application Upgrade May 30, 2006
Product Released Rev. A 8.1 Release June 27, 2005
237
B0700CA – Rev L Appendix F. I/A Series Switch Configurator Application
Changes and Enhancements in 3.3.3:
NOTE
Configuration files built with SCAS 2.2.6 or earlier are not compatible with this
revision, due to the enhancements and features available to this revision.
♦ Added support for the P0973GA/HB/HC (I3-series switches).

♦ Added support for firmware releases:
♦ I-series (P0973GA/GB/HB/HC) firmware release i3-series_01.01.18.0008.
♦ Resolved an issue with SNTP Broadcast, which did not function correctly.
♦ This firmware has been developed to function with the new switch hardware
drivers.
♦ C2-series (P0973BL) firmware release c3-series_05.02.07.0006
♦ Resolved an issue whereby remote login via SSH failed to generate a Syslog
message.
♦ Resolved an issue whereby pressing the password reset button on the switch
failed to reset the password for the “admin” user account.
♦ Corrected an issue where the MAC addresses of devices connected to the
switch front panel failed to appear in the port MAC address table.
♦ Power Supply and Fan Monitoring via SNMP enables visibility to potential
hardware issues that could affect network availability. The early view enables
administrators to proactively address hardware issues and ensure business con-
tinuity.
♦ C3-series (P0973HA) firmware release c3-series_06.03.01.0008
♦ Resolved a potential memory leak associated with the “show config” CLI
command.
♦ Corrected a CLI issue where the “show config all” command could result in
loss of management or high CPU utilization when the screen length was
greater than zero.
♦ Corrected an issue where the MAC addresses of devices connected to the
switch front panel failed to appear in the port MAC address table.
♦ Power Supply and Fan Monitoring via SNMP enables visibility to potential
hardware issues that could affect network availability. The early view enables
administrators to proactively address hardware issues and ensure business
continuity.
♦ DFE-Gold series (P0972YJ/YG) firmware release DFE-G-6123-0003
♦
Resolved a potential issue - when the power on the status counter reaches 497
days of uptime, it causes the CPU Utilization to increase to 100% resulting in
a chassis reset.
♦ DFE-Platinum series (P0973BR/BQ/BS/BT) firmware release DFE-P-6123-0003
♦ Resolved a potential issue - when the power on status counter reaches 497
days of uptime, it causes the uptime timer to rollover resulting CPU Utiliza-
tion to increase to 100% resulting in a chassis reset.
238
Appendix F. I/A Series Switch Configurator Application Software Change Notice History (K0173ZU) B0700CA – Rev L
♦ SCAS 3.2.2 known issues:

♦ A new SCAS 3.2.2 feature, in which importing network information from the
SysDef commit allows for the setup of the SNTP time sync with the system
MTK. When a second SysDef commit MTK address is imported, the prior MTK
data file is overwritten. Because of this, the switch’s SNTP configuration from the
first SysDef import cannot be configured correctly. SCAS 3.3.3 has corrected this
issue.
♦ When using the SCAS 3.2.2 and if the DFE-Gold series switch’s interrogate hard-
ware function is utilized, the software will appear to stop functioning (no user
interface). SCAS 3.3.3 has corrected this issue.
♦ SCAS 3.2.2 does not support SysDef 2.7 commit disk, when using SysDef files
created with 2.7. These files cannot be imported correctly. SCAS generates an
error stating a file error occurred. SCAS 3.3.3 has corrected this issue.
♦ In SCAS 3.2.2, when importing SysDef files with switch ID names starting with
numerical values, the import function hangs. SCAS 3.3.3 has corrected this issue.
♦In SCAS 3.2.2, the SNTP function requires the input of a MTK and a BMTK.
However, when importing SysDef files with only the MTK assigned, the import
function hangs. SCAS 3.3.3 has corrected this issue.
♦ SCAS 3.3.3 feature additions:
♦ Added support for I/O network switch configuration.
♦ Improved configuration file directory structure.
NOTE
Configuration files built with SCAS 2.2.6 or earlier are not compatible with this
revision, due to the enhancements and features available to this revision.
♦ Added support for the P0973HA (C3-series switch).

♦ Added support for firmware releases:
♦ A-series (P0973BK/BH/BJ) firmware release a2-series_02.01.44.0003
♦ C-series (P0973BL) firmware release c2-series_05.02.06.0004
♦ Added the Validate Switch’s Running Configuration function, which allows the user
to validate a switch’s running configuration and report errors within the
configuration.
♦ Added the Setup Port Mirroring feature.
♦ Added a feature to support CLI (RS-232) firmware downloads.
♦ Added the SysDef commit functions allowing for easier switch configuration builds.
♦ Added the Clean Up Drop Down Menu Database function which allows the user to
delete configuration files from a selected drop-down menu database.
♦ Added the Systems Drop Down Menu feature to support multiple systems by allow-
ing multiple drop down menus, which supports the configuration of multiple
network configurations.
239
♦ Added the Collect Switch Diag Files functionality to interrogate the switch’s
port/cpu status, and upload Syslog server files from the switches. Additionally when
using this function on DFE-chassis switches, it will retrieve all Syslog files from all
blades installed.
♦ Added functionality to support FaultLock™ functionality. When deploying A-series
switches running firmware a2-series_02.01.44.0003, the configurator will enable the
FaultLock™ function of this firmware allowing the user to set the activation rate
limit.
♦ Added functionality that will auto-enable the daylight saving feature if the time zone
selected utilizes daylight saving. The daylight saving feature defaults to a recurring
yearly event, starting on the second Sunday of March and ending on the first Sunday
of November.
♦ Added functionality that allows the user to append the Command Line Access (CLI)
settings (SNMP, SSH, Telnet, HTTP and Read-Only) to a switch.
♦ Added functionality that allows the user to interrogate the DFE-series chassis and I-
series switches when attached to the CLI to determine blade/module types installed,
minimizing errors when identifying blade/module types.
♦ Added a feature that interrogates the switch to determine if the A-series switch stack
ports are stacked or not. If stacked, it notifies the user to configure the stack ports
before continuing, minimizing errors made when configuring A-series switches.
♦ Added functionality to timestamp the configuration file on when the configuration
file was built.
♦ Updated Loop Detection Policy (LDP) installation dialog box and the rule assign-
ment process, also by default enabled Circuit Breaker on all used or unused ports not
assigned to other rules.
♦ Added Help screens for SNTP and Syslog server setup.
♦ In release 1.1.4, the Comex Multicast Suppression function was disabled due to the
conflicts with the addition of LDP (Loop Detection Policy). This has been resolved
and re-enabled in this release, supporting both the DFE-Gold and DFE-Platinum
Series switches.
♦ In previously released revisions, a previously stacked C-series switch (not supported)
could not be re-configured correctly. This has been corrected.
♦ Added functionality to support Password Aging, History and Length.
NOTE
Configuration files built with SCAS 2.2.6 or earlier revisions are not compatible
with this revision, due to the enhancements and features available to this revision.
♦ Existing switch configuration can how be imported from a switch's running configu-
ration and saved in the “.scs” format. This allows the configuration to be saved for
future use or when appending commands to the switch.
♦ Features have been add to the SCAS rev 3.0.1 to download qualified switch firmware
revisions to the switch.
240
♦ A Step-by-Step configuration feature can be utilized to build “Typical” I/A Series

configurations for The MESH network. Refer to Table 3-1 and Table 3-2 for the sup-
ported features. This feature is to streamline the configuration build process,
decreasing the complexity of building a configuration file.
♦ Switches undergoing configuration can now be interrogated by SCAS to ensure
switch type and firmware revisions are set correctly before a configuration is build or
downloaded.
♦ When downloading a configuration to a switch, the end user can interrogate the
switch for its type and firmware level and compare this information to a per-build
configuration. SCAS notifies the end user if the firmware level / switch type is com-
patible with the switch being configured, decreasing the possibility for an incorrect
configuration being downloaded.
♦ Data within a Data field can now be deleted by double-clicking on that field.
♦ A-series switches running firmware 02.01.00.0011 or higher now support the
LinkFlap feature, and can be enabled to protect the network from end devices that
have respective link transition issues that can cause switch/network degradation.
♦ Loop Detection Policy (LDP) is now supported on DFE-Gold series blades with
policy license key for blade types P0972YJ and P0972YG.
♦ When VLANs are being setup, Port Priority, Priority-Queue, and Priority Queue
Bandwidth are now scalable for each VLAN.
♦ Switch function setting can now be appended to a running switch configuration.
These switch function settings are as follows:
♦ Disabling switch ports
♦ SNTP settings
♦ Switch VLAN assignments and settings
♦ Loop Detection Policy (LDP) settings
♦ The CLI Switch Interface application has been changed allowing more flexibility to
the end user, eliminating the “Invensys Default Configuration Tool”. Its features are
as follows:
♦ The CLI interface application does not require the switch’s password to be
returned to factory default before performing configuring a task.
♦ The CLI interface application now requires the end user to select the switch type
being configured, which is determined by interrogating the switch. By doing this,
the application now only displays the saved switch configurations compatible with
the selected switch type and firmware revision. Displaying the compatible config-
urations in the Download File window eliminates the chance of incorrect switch
configurations being downloaded to the switch undergoing configuration.
♦ The CLI interface application now returns the switch to its factory default setting
automatically before downloading a new configuration, eliminating potential
errors.
♦ The CLI interface application now automatically configures A-series stacking
ports as Ethernet ports (uplink ports) before downloading a new configuration,
eliminating potential port stacking errors.
241
♦ In addition to the previous feature, the CLI interface application can now reset A-
series stacking ports to an un-stacked state in the event that the ports auto-stacked
during installation, allowing the ports to be converted over to Ethernet ports
(uplink ports).
♦ The CLI interface application allows the end user to interrogate the switch under
test for LDP disabled ports.
♦ The CLI interface application allows the end user to change switch passwords.
♦ The CLI interface application now prompts the end user when a password has
been deleted due to returning the switch to a factory default configuration,
prompting the end user to change the default password.
♦ The “Invensys Default Configuration Tool” will break connections with the switch’s
CLI port before a configuration can be saved. In previous builds, if the end user re-
enters the CLI before the tack is completed, this has the potential to corrupt the
switch configuration. However, this has been corrected with the CLI Switch interface
application.
♦ If an incorrect character was entered when entering an IP address, a run-time error
would occur exiting the program. This has been corrected, notifying the end user to
re-entry correct data.
♦ A feature that allows the user to view the definition of a function has been added to
SCAS. If the right mouse button is depressed when over a function pick/button, a
popup window appears describing the function selected.
♦ Added the capability to configure I-series Industrial switches.
♦ Added the capability to configure SNTP to sync switch time to the Master
Timekeeper.
♦ In previous versions, C-series switches could not be configured as an edge switch. This
function has been changed.
♦ Added the capability to create VLANs.
♦ Added the capability to configure all DFE blades within a Chassis at one time.
♦ Added the capability to configure the Read-Only guest password to allow read-only
access to the switch for switch monitoring.
♦ In previous versions, when entering an IP address byte leading with a zero, the value
was converted to a hex number by the switch. The Configurator has added a feature
that will remove zeroes that lead an IP address byte.
♦ In previous versions, when entering incorrect values or alphanumeric characters in the
following field settings, the program would accept the incorrect or wrong value. This
problem has been corrected.
♦ Bridge Priority Value
♦ SpanGuard Timeout value
♦ FE Broadcast suppression rate limit
♦ Uplink Broadcast suppression rate limit
242
♦ In previous versions, the switch configurator did not compensate for V-series switches
with only one uplink module installed. This problem has been corrected.
♦ In previous versions, when enabling LDP rules, GVRP becomes enabled and the abil-
ity to disable the function was not possible, GVRP must be disabled for VLANs. This
has been changed.
♦ In previous versions, when configuring a V-series switch for a I/A Series software
version 7.x control network, the MAC address aging time command generates an
error. This has been corrected.
♦ Added the capability to configure DFE-series Platinum series blades.
♦ Added the capability to configure E7 Chassis switches when populated with DFE-
series blades
♦ Added the capability to deploy Loop Detection Policy (LDP) rules for DFE-series
Platinum series blades.
♦ Added the capability to adjust Admin Path Cost on edge switch 1 Gb ports.
♦ When disabling unused ports the ports will be disabled from applying other functions
to that port, but will not be disabled when applying LDP rules.
♦ Enabled LinkFlap function as a default setting.
♦ Changed LinkFlap default configuration settings.
♦ Disabled the Multicast Suppression function.
♦ In previously released revision, when disabling unused ports on DFE-series switches
the configurator would not disable the port, this has been corrected.
♦ Disabled LinkFlap function as a default setting.
♦ The A-series switch when powered down within 2 minutes of downloading the con-
figuration the switch would not save the configuration. This has been corrected by
using a default switch command to save the configuration immediately after
downloading.
♦ Added the ability to input the Trap Subnet Mask for A-series switches
♦ When selecting the A-series P0973BK (A2H254-16) switch the copper port speed
was not set correctly, this has been corrected.
♦ Enabled LinkFlap function as a default setting.
♦ The I/A Series Switch Configurator Application Software was developed to create
custom configurations files supported by the Invensys Default Configuration Tool.
243
IPS Corporate Headquarters Foxboro Global Client Support

5601 Granite Parkway Suite 1000 Inside U.S.: 1-866-746-6477
Plano, TX 75024 Outside U.S.: 1-508-549-2424 or
United States of America contact your local Foxboro
www.ips.invensys.com representative.
Facsimile: 1-508-549-4999
Printed in U.S.A. 0210

b0700CA L

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

b0700CA L

Uploaded by

Copyright:

Available Formats

B0700CA

I/A Series® System

Copyright 2005-2010 Invensys Systems, Inc.

SOFTWARE LICENSE AND COPYRIGHT INFORMATION

2. Installing the I/A Series Switch Configurator Application Software (SCAS).................... 15

Site Directory ..................................................................................................................... 21

3. Building a Configuration File.......................................................................................... 23

4. Downloading/Uploading to/from a Switch via the I/A Series SCAS................................ 93

Downloading to a Switch ........................................................................................................ 95

5. Loop Detection Policy (LDP) Algorithms ..................................................................... 113

6. Adding or Replacing an Existing Switch, Blade or NEM in

7. Loading Configuration Files to/from Switches .............................................................. 127

9. Loop Detection Monitoring and Maintenance .............................................................. 135

Active Monitoring ................................................................................................................. 136

10. VLANs Usage on The MESH Control Networks ........................................................ 159

11. Downloading Qualified Firmware Images ................................................................... 167

12. Troubleshooting.......................................................................................................... 181

Appendix A. Switch Information Form ............................................................................. 197

Appendix B. Qualified Switch Firmware Compatibilities Matrix ...................................... 199

Appendix C. Understanding Loop Detection (Security Enhanced Configuration)............. 205

Appendix D. Understanding Virtual Local Area Networks (VLANs) ................................. 221

VLAN Tagging Technologies ........................................................................................... 228

Appendix E. Quick Reference Guide ................................................................................. 231

3-35. Comex Multicast Rate Limiting .................................................................................. 76

11-11. Connecting PC to C-series (P0973BL/P0973HA) Ethernet Switch, Utilizing

System Software Requirements

♦ Updated step 1 of “Creating a Custom Configuration” on page 42.

♦ A-Series (P0973BH/P0973BJ/P0973BK) Switches, Hardware and Software Configura-

General Terms and Definitions

100Base-TX 100 Mb twisted-pair Fast Ethernet

100Base-FX 100 Mb fiber optic Fast Ethernet

ANSI American National Standards Institute

BootP Bootstrap Protocol

CAT5 Category 5 Twisted Pair Cable - such as 10Base-T, 100Base-TX and

CLI Command Line Interface

CRC Cyclic Redundancy Check

CSMA/CD Carrier Sense Multiple Access/Collision Detection

DCE Data Communications Equipment (modem)

DSR Data Set Ready

DTE Data Terminal Equipment

DTR Data Terminal Ready

ESD Electrostatic Discharge

FCS Frame Check Sequence

FTM Frame Transfer Matrix

GARP Generic Attribute Registration Protocol

GBIC Gigabit Interface Converter

GVRP GARP VLAN Registration Protocol

HTTP Hypertext Transfer Protocol

ICMP Internet Control Message Protocol

IEEE Institute of Electrical and Electronics Engineers

IGMP Internet Group Management Protocol, used to establish host member-

IOM Input/Output Module

ISL Inter-Switch Link as defined in this document is a port designated as an

LAN Local Area Network

LDP Loop Detection Policy (described in detail in this document)

LED Light Emitting Diode

MAC Media Access Control

MDI Media Dependent Interface or Media Device Interface

MIB Management Information Base

MMF Multi-mode Fiber cable

NEM Network Expansion Module

RFC Request for Comment

RMON Remote Monitoring