WAGO IX4 Lean Managed Switch Instruction Manual

The Lean Managed Switch Release IX4 is a networking device designed for advanced port security and alarm relay functions. It is manufactured by WAGO GmbH & Co. KG, and it comes with a detailed user manual for configuration and setup.

Lean Managed Switch Release IX4:

Port Security Advanced PROFINET® Conformance Class A Configuration of ALM Output

1. Notes about this Documentation

1.1 Copyright

This Manual, including all figures and illustrations, is copyright-protected. Any further use of this Manual by third parties that violate pertinent copyright provisions is prohibited. Reproduction, translation, electronic and phototechnical filing/archiving (e.g., photocopying) as well as any amendments require the written consent of WAGO GmbH & Co. KG, Minden, Germany. Non-observance will involve the right to assert damage claims.

1.2 Symbols

Personal Injury!
Indicates a high-risk, imminently hazardous situation which, if not avoided, will result in death or serious injury.
Personal Injury Caused by Electric Current!

Indicates a high-risk, imminently hazardous situation which, if not avoided, will result in death or serious injury.

Personal Injury!
Indicates a moderate-risk, potentially hazardous situation which, if not avoided, could result in death or serious injury.

Personal Injury!
Indicates a low-risk, potentially hazardous situation which, if not avoided, may result in minor or moderate injury.

Damage to Property!
Indicates a potentially hazardous situation which, if not avoided, may result in damage to property.

Damage to Property Caused by Electrostatic Discharge (ESD)!
Indicates a potentially hazardous situation which, if not avoided, may result in damage to property.

Important Note!
Indicates a potential malfunction which, if not avoided, however, will not result in damage to property.

Additional Information:
Refers to additional information which is not an integral part of this documentation (e.g., the Internet).

1.3 Number Notation
Table 1: Number Notation

Number Code	Example	Note
Decimal	100	Normal notation
Hexadecimal	0x64	C notation
Binary	‘100’ ‘0110.0100’	In quotation marks, nibble separated with dots (.)

1.4 Font Conventions
Table 2: Font Conventions

Font Type	Indicates
italic	Names of paths and data files are marked in italic-type. e.g.: C:\Program Files\WAGO Software
Menu	Menu items are marked in bold letters. e.g.: Save
>	A greater-than sign between two names means the selection of a menu item from a menu. e.g.: File > New
Input	Designation of input or optional fields are marked in bold letters, e.g.: Start of measurement range
“Value”	Input or selective values are marked in inverted commas. e.g.: Enter the value “4 mA” under Start of measurement range.
[Button]	Pushbuttons in dialog boxes are marked with bold letters in square brackets. e.g.: [Input]
[Key]	Keys are marked with bold letters in square brackets. e.g.: [F5]

1.5 Legal Bases

1.5.1 Subject to Changes

WAGO GmbH & Co. KG reserves the right to provide for any alterations or modifications. WAGO GmbH & Co. KG owns all rights arising from the granting of patents or from the legal protection of utility patents. Third-party products are always mentioned without any reference to patent rights. Thus, the existence of such rights cannot be excluded.

1.5.2 Personal Qualifications

The use of the product described in this document is exclusively geared to specialists having qualifications in PLC programming, electrical specialists or persons instructed by electrical specialists who are also familiar with the appropriate current standards.

Moreover, the persons cited here must also be familiar with all of the products cited in this document, along with the operating instructions. They must also be capable of correctly predicting any hazards which may not arise until the products are combined.

WAGO GmbH & Co. KG assumes no liability resulting from improper action and damage to WAGO products and third-party products due to non-observance of the information contained in this document.

1.5.3 Limitation of Liability

This documentation describes the use of various hardware and software components in specific example applications. The components may represent products or parts of products from different manufacturers. The respective operating instructions from the manufacturers apply exclusively with regard to intended and safe use of the products. The manufacturers of the respective products are solely responsible for the contents of these instructions.

The sample applications described in this documentation represent concepts, that is, technically feasible application. Whether these concepts can actually be implemented depends on various boundary conditions. For example, different versions of the hardware or software components can require different handling than that described here. Therefore, the descriptions contained in this documentation do not form the basis for assertion of a certain product characteristic.

Responsibility for safe use of a specific software or hardware configuration lies with the party that produces or operates the configuration. This also applies when one of the concepts described in this document was used for implementation of the configuration.

WAGO GmbH & Co. KG is not liable for any actual implementation of the concepts.

2. Port Security Advanced feature

2.1 Brief description

The Port Security Advanced feature is an easy-to-use security feature to prevent unauthenticated users from accessing a network. When a connection is lost, a learned port on a Lean Managed Switch is locked and can only be unlocked by the administrator.

Port Security Advanced helps to secure the network by preventing unknown devices from accessing the network.

Note:
The Port Security Advanced feature increases network security but may reduce system availability. The following instructions must be followed when using Port Security Advanced:

The Port Security Advanced feature should not be enabled on portsused to establish ring networks with ERPS or RSTP.
To allow permanent access to the device, the Port Security Advancedfeature should not be enabled on uplink ports.
Blocked ports can only be unblocked by the administrator. For thispurpose, a login to the device is required.

2.2 Using the Port Security Advanced feature

2.2.1 Required for the setup:

PCs x 1
WAGO switches x 3 (852-1813)
RJ-45 cables x 4

2.3 Configuration of the Port Security Advanced feature

2.3.1 CLI configuration

L2SWITCH#configure terminal
L2SWITCH(config)#port-security-adv enable
L2SWITCH(config-if)#port-security-adv enable
L2SWITCH(config)#write memory
Note: CLI configuration for port registration:
L2SWITCH#configure terminal
L2SWITCH(config)# port-registration learn
L2SWITCH(config)# port-registration reset

2.3.2 WBM configuration

2.3.3 Configuration check – CLI

2.3.4 Configuration check – WBM

2.4 Test of the Port Security Advanced feature

2.4.1 Execution :

Activation of the Port Security Advanced feature (global)
Activation of the Port Security Advanced feature for the individual ports
Removing an ETHERNET cable (in this example the cable connected to port 6)

Reconnect the ETHERNET cable
Checking the results in the CLI or in the WBM.
– Expectation:
-Port 6 should have been locked after link-down.
– An SNMP trap should have alerted to the locking of port 6.
– The port should be able to be ulocked by an administrator.

2.4.3 Test results – WBM

2.4.4 Test results – SNMP Trap

2.4.5 Test results – Unlocking port 6

To unlock the port of the switch, the administrator must log in to the device and reset the port.

2.5 Appendix

2.5.1 Command list of the CLI

Node	Befehl	Beschreibung
Enable	show port- security-adv	This command displays the current configurations of the Port Security Advanced feature.
configure	port-security- adv (disable\|enable)	This command globally disables/enables the Port Security Advanced feature on the switch.
(config-if)	port-security- adv (disable\|enable)	This command disables / enables the Port Security Advanced feature on the interface.
(config-if)	port-registration reset	Reset command to activate a locked port for a normal connection.
(config-if)	port-registration learn	The command sets the ports to the extended port security state.

2.5.2 Overview of settings in the WBM

Parameter				Beschreibung
Global State				Globally enable/disable Port Security Advanced feature on the switch.
Port Range				Select the ports on which you want to enable/disable the Port Security Advanced feature.
Port State				Select whether to enable/disable the Port Security Advanced feature on the selected ports.
Submit				Click the “Submit” button to apply the settings.

3. Use in simple PROFINET® systems

Lean Managed Switches (from firmware release IX3) prioritize PROFINET® data packets in the network. Prioritization is based on the EtherType=0x8892, which identifies each PROFINET RT data packet. This enables reliable “real-time” data exchange in the PROFINET® system. The switches meet the requirements of Conformance Class A.
Lean Managed Switches do not have a GSDML file and cannot be configured by the TIA Portal or a PROFINET® controller. The WAGO products 852-602, 852-603 and 852-1605 meet these requirements.

3.1 Configuration of the switch

Lean Managed Switches can be configured using a web browser. For example, selected communication protocols can be prioritized.

In the default setting, the prioritization of the PROFINET® data packets are enabled. Ethernet/IP and GOOSE data packets can also be prioritized in this menu.

In addition, unused ports can be deactivated in Web-based Management easily. This increases the security in PROFINET® systems, compared to the use of unmanged switches, such as the 852-1111/000-001. On the following page the configuration page is shown. Detailed information about the configuration of the Lean Managed Switches can be found in the product manual

To integrate the product 852-1812 into a PROFINET® project the marked “Ethernet device” from the hardware catalog must be used.

In this example, the Lean Managed Switch with part number 852-1812 was integrated into a test system. To ensure that no errors are displayed in the TIA Portal, monitoring of the ETHERNET connections between the Lean Managed Switch and the other Conformance Class B devices must be deactivated.

The project must be loaded into the PROFINET® system with the monitoring function disabled. The PROFINET® system is active

Now the ETHERNET connection between the 0852-1812 and the pfc200-1 has been interrupted. A system error can be recognized directly

The analysis of the diagnostic buffer clarifies the loss of connection of the PROFINET® device pfc200-1. The PROFINET® device pfc200-1 is not reachable.

A close look at the connecting line between the 852-1812 and the pfc200-1 can identify a color difference of the green connection.

Of course, the diagnostic features of a Managed Switch with Conformance Class B are better. A red color is easily detected.

3.3 Diagnosis with the Web-based Management

The diagnostics dashboard is accessed via the IP address. In this, the system status of the switch is signaled in traffic light colors. This dashboard helps to troubleshoot the system.

A defective cable is detected by a red marking.

It is useful to provide the system operator with a link to this dashboard. This can reduce downtimes.

The Modbus registers in the Lean Managed Switch enable a detailed diagnosis of the switch from the application. For this purpose, the respective Modbus registers must be queried and analyzed from the application.

The system log of the Lean Managed Switches offers another diagnostic option. Analyzing these entries can also speed up troubleshooting in the system.

4. Configuration of alarm relay function

To use the alarm relay function with Lean Managed Switch, various alarm messages are provided on the website, such as the status of the ERPS ring or the status of the port. In addition, the relay direction can be user-defined. The relay opens or closes when the alarm function is active (Normal open or Normal close).

Note: 852-1816 does not support the full function due to hardware limitations.

The port parameter indicates the status of the monitored port (port link up or link down). An alarm will occur if there is a port link up or link down. In this case, the ALM relay changes status. The status of the ERPS rings can also be monitored.

Specifications:

Product: Lean Managed Switch Release IX4

Version: 1.1.0
Manufacturer: WAGO GmbH & Co. KG
Website: www.wago.com

Technical Support

Phone: +49 (0) 571/8 87 – 4 45 55
Fax: +49 (0) 571/8 87 – 84 45 55
E-Mail: support@wago.com

Every conceivable measure has been taken to ensure the accuracy and completeness of this documentation. However, as errors can never be fully excluded, we always appreciate any information or suggestions for improving the documentation.

E-Mail: documentation@wago.com

We wish to point out that the software and hardware terms as well as the trademarks of companies used and/or mentioned in the present manual are generally protected by trademark or patent.

WAGO is a registered trademark of WAGO Verwaltungsgesellschaft mbH.

FAQ:

Q: Is it possible to integrate additional Ethernet devices with this switch?

A: Yes, you can add additional Ethernet devices to the switch by following the instructions provided in the TIA-Portal section of the user manual.

Q: How can I diagnose issues using the Web-based Management feature?

A: You can utilize the Web-based Management tool for diagnosing network problems. Refer to the relevant section in the user manual for detailed instructions.

Documents / Resources

WAGO IX4 Lean Managed Switch [pdf] Instruction Manual
Release IX4, IX3, IX4 Lean Managed Switch, IX4, Lean Managed Switch, Managed Switch, Switch

References

User Manual

WAGO IX4 Lean Managed Switch