1

EIP Book of KnowledgeAnswer ID 57174

02/28/2012

2

Contents• Purpose• What’s changed in this document update?• Stratix Switches• Multicast Considerations• System Performance• Media• Media Resiliency• Loop prevention protocols• Segmentation• Network Topologies• Wireshark• Device Level Ring (DLR)• CIP Safety on EtherNet/IP• Troubleshooting EIP• Timeouts – CIP and TCP• Multicast Considerations• Procurement spec for Stratix 8x00• Miscellaneous (minor topics)• Q&A• References

02/28/2012

3

Purpose and scope

This document is intended to be a single source that includes practical information that may not be included in other documentation.

With time, some of the information may be included in formal publications. Likewise, a topic may not be well understood at one point but eventually is well known and can be deleted from this document.

Additions/deletions/clarifications, are made several times a year and this document is then reposted in Rockwell’s Knowledgebase.

02/28/2012

4

What has changed in this doc update?

• Added troubleshooting I/O connection loss (see Wireshark – advanced, 1/6)

02/28/2012

5

Stratix Switches

02/28/2012

6

Stratix 8000 multicast

The default number of multicast groups that a switch can store is 256.

If there are more than 256 groups seen by a switch, the switch will flood (out all ports) those groups in excess of 256. Flooding is not desired but may not necessarily be the cause of an anomaly.

However, the maximum number can be increased to 1K groups by reconfiguring the switch to use the SDM routing template instead of the default template. See Cisco IE3000 user manual for details.

If your application is approaching 200 multicast groups, it is recommended that you configure for the SDM routing template.

02/28/2012

7

Stratix 8000/8300 SSH

SSH (secure shell) is available on the Stratix 8000 however a specific (IOS) is required to support it. This is because there are government regulations on its use and customers must register when they use it.

To enable SSH you must buy the SSH IOS via catalog item 1783-MCS. When you do this the customer will be asked to register. Note that ordering this item is an electronic download so the customer will get an email with access to a secure site where they go to download the SSH FM. Then the customer must use Device Manager to load it in to the switch. This loading process is documented in the Stratix 8000 user manual.

Also note that the latest version of the S8000 User manual (on literature library) includes SSH.

02/28/2012

8

Stratix Passwords

Stratix8000

When running the web browser for the first time, you will be running Express Setup.

The password you need to enter will be ‘switch’. No username is needed.

Stratix6000– Default

• The default password is PASSWORD (all upper case). You can change this to whatever you want.

– Upload configuration file• User: uploader• Password: PASSWORD

02/28/2012

9

Reset to factory defaults

Stratix8000Cycle power and use paper clip to select Express Setup.When you see 3 LEDS (EIP Mod, EIP Net, Setup) turn solid red, release the paper clip. (CLI: delete flash:config.text, delete flash:vlan.dat, reload)

Stratix6000Remove the plastic clip from the rear of the switch and you will see a small reset button. Remove power from the switch. Then, hold the small reset button and then apply power. Keep hold the reset button for 30 seconds. Cycle power to complete the reset. The IP address is now 192.168.1.1. User = (no username), pw = PASSWORD

02/28/2012

10

Stratix8000 Alarms and Faults

Basic alarm information:

• What alarms are there?• What causes alarms to become active?• What alarms activate minor and major relays?• How do I reset/clear an alarm?

• The same questions as above but for faults.

02/28/2012

Alarms and Faults

1102/28/2012

In the RSLogix5000 add-on profile, Switch Status tab:

Select Help on Switch Status and Port Status tabs.

12

Stratix8000 Alarms

Q: How do I view the state of both switch relays?

A: View the switch AOP, Switch Status tab.The screenshot below shows that the minor relay is closed and the cause is a port alarm. The port

alarm which is causing the relay to be closed is not show.

02/28/2012

13

Stratix 8x00 SFPs

To determine which SFP you should purchase, read the release notes for the switch (industrial or commercial grade) you are going to use.

SFPs support copper or fiber (single/multimode) and 10/100/1000Mbps.

Stratix8x00 switches require “ruggidized” SFPs.

See user manual, 1783-UM003E-EN-E

02/28/2012

14

Stratix 8X00 Smartport RoleIdentification

Commercial Engineering and Cisco use this info to identify switch port configuration.

02/28/2012

15

Stratix Macros

There are currently 33 macros defined in a Stratix 8K switch. These include both Cisco and Rockwell.

Rockwell macros are run during Express Setup.

To view all the macros, use CLI commandshow parser macro

Use the space bar to view all the macro commands.

02/28/2012

16

Stratix Smartport RolesUsing CLI, Show Run, you can see the details of port configuration:

• interface FastEthernet1/1• switchport access vlan 10 Sets access VLAN to 10.• switchport mode access Puts switch port into access mode.• switchport port-security Allows only 1 MAC.• switchport port-security aging time 2• switchport port-security violation restrict• switchport port-security aging type inactivity• macro description desktop-automation Desktop for Automation• alarm profile ab-alarm Sets content of alarms. Show Alarm-Profile to view.• spanning-tree portfast Skips span-tree listen/learn states.• spanning-tree bpduguard enable Err-diable this port if a BPDU is received.• service-policy input CIP-PTP-Traffic• !• interface FastEthernet1/2• switchport access vlan 10• switchport mode access• switchport port-security• switchport port-security violation restrict• switchport port-security aging type inactivity• load-interval 30• srr-queue bandwidth share 1 19 40 40• priority-queue out • macro description ab-ethernetip Automation Device• alarm profile ab-alarm• no cdp enable• spanning-tree portfast• service-policy input CIP-PTP-Traffic

02/28/2012

17

Stratix Smartport Roles

• !• interface FastEthernet1/4• alarm profile ab-alarm None• service-policy input CIP-PTP-Traffic• !• interface GigabitEthernet1/1• switchport mode trunk• srr-queue bandwidth share 1 19 40 40• priority-queue out • mls qos trust cos• macro description switch-automation Switch for Automation• alarm profile ab-alarm• spanning-tree link-type point-to-point• service-policy input CIP-PTP-Traffic

02/28/2012

18

Stratix Smartport Roles• !• interface FastEthernet1/2• switchport mode trunk• switchport nonegotiate• switchport port-security• switchport port-security violation restrict• switchport port-security aging type inactivity• load-interval 30• srr-queue bandwidth share 1 19 40 40• priority-queue out• mls qos trust dscp• macro description ab-syncmotion Automation Device with QoS• alarm profile ab-alarm• no cdp enable• spanning-tree portfast trunk• service-policy input CIP-PTP-Traffic• !• interface FastEthernet1/2• switchport mode trunk• switchport nonegotiate• srr-queue bandwidth share 1 19 40 40• mls qos trust cos• macro description wireless-automation Wireless for Automation• alarm profile ab-alarm• spanning-tree bpduguard enable• service-policy input CIP-PTP-Traffic• !

02/28/2012

19

Stratix Smartport Roles• !• interface FastEthernet1/2• switchport mode access• switchport port-security maximum 2• switchport port-security• switchport port-security aging time 2• switchport port-security violation restrict• switchport port-security aging type inactivity• srr-queue bandwidth share 10 10 60 20• macro description phone-automation Phone for Automation• alarm profile ab-alarm• spanning• !• interface FastEthernet1/2• switchport mode trunk• srr-queue bandwidth share 1 19 40 40• priority-queue out• mls qos trust dscp• macro description router-automation Router for Automation• alarm profile ab-alarm• spanning-tree portfast trunk Portfast is significant - keeps this link up during span-tree

event.• spanning-tree bpduguard enable• service-policy input CIP-PTP-Traffic

02/28/2012

20

Stratix 6000 Configuration

Upload/download S6000 configuration

See online user manual for description.02/28/2012

21

Stratix 8x00 Configuration

Upload/download configuration using:– Logix AOP (add-on profile)– CLI (from the compact flash card)

02/28/2012

22

Q&A

• How do I clear the configuration of a S8000 switch?

Answer: Use either of the 2 methods described below.

1. Power up Stratix000 and hold a paper clip in the Express Setup hole.

2. Use the CLI commands as follows:- write erase (deletes startup config file)- delete flash:vlan.dat - reload (uses the non-existing config file)

02/28/2012

23

Q & A

How do I configure a S8K switch Smartport when connecting to a DLR?

Answer:

Select ‘None’ in the Smartport pull-down menu.

02/28/2012

24

Stratix Switches

02/28/2012

25

Multicast Considerations

02/28/2012

26

Unicast, multicast, broadcastUnicast - Used for point-to-point communications.- Uses IP addressing classes A, B, or C.- Can be TCP (most frequent) or UDP.- Example: HMI, MSGing, programming.

Multicast- Used for one-to-many communications.- Uses IP addressing class D.- Always is UDP (at least for EtherNet/IP)- Video (which is not EIP protocol) and EIP I/O are 2 examples.- More switch management knowledge is required than for unicast.

BroadcastUsed for one-to-all communications.Can be either OSI layer 2 (ARP) or OSI layer 3 (AB_ETHIP driver.)

02/28/2012

27

Multicast considerations

What are considerations for multicast?

Answer:- EIP uses multicast for I/O and produce tag- IGMP recommended (Internet Group Management Protocol)- TTL (time-to-live)

If the producer and the consumer are in the same network, TTL is not a factor. (TTL is a Internet Protocol parameter). Also, if in the same network, multicast routing is not needed.

IGMP reference: EtherNet/IP 10 Commandments(www.ab.com/networks/site-index.html)

02/28/2012

28

Multicast - IGMP Snooping

Recommendations• Select IGMP Snooping on all switches• Enable IGMP querier on all switches• Verify operation with Wireshark --- look for multicast flooding• Troubleshooting – an IGMP Leave message is an indicator

See KnowledgeBase 55266, IGMP Leave

Note: With version 2, all the switches will negotiate and the lowest IP address will be the IGMP querier. IGMP v1 enabled queriers will not negotiate.

02/28/2012

29

Multicast - IGMP Querier Compatibility

Version 2Is a superset of version 1. Version 2 added a Leave

function whereas v1 handled this with a timeout.

V1 & V2Interoperability includes consideration of a number of

factors such as the network mix of querier version and host IGMP version. However, there are some simple statements such as IGMPv1 multicast consumers will work with IGMP v2 queries.

V3The author has not seen any v3 messaging.

02/28/2012

30

Multicast - IGMP Leave happens when?

A Logix Ethernet module sends an IGMP Leave when all CIP connections through that module are broken for the multicast address being consumed.

Case 1: Startup• When a consumer receives a successful Forward Open reply for a multicast group,

the consumer starts sending heartbeats and also sends an IGMP Join.• If the first multicast is not received in 10 seconds, the consumer sends an IGMP

Leave.The consumer considers the CIP connection as timed out and stops sending unicast.

• Examples of timeouts after the first data:– A 2ms RPI has a CIP connection timeout of 128ms. Then, X >128ms.– A 100ms RPI has a CIP connection timeout of 400ms. Then, X > 400ms.

Case 2: Two controllers consuming same tag thru same ENBx• At the consumer Logix chassis, if there are 2 consumer controllers for the same tag

and both are consuming thru the same ENBT module, then that ENBT will send a Leave for that multicast group when both Logix controllers no longer want to consume that group. A Logix controller will not consume under the following conditions:– consumed tag is inhibited or deleted– I/O connection is inhibited or deleted

02/28/2012

31

Multicast IGMP Leave – happens when?

Case 3: Tag producer dies/disconnected/disappears• At the consumer Logix chassis, if the tag producer dies or is

disconnected or the infrastructure (switch) dies, the consumer Ethernet module no longer detects the produced tag and the CIP connection will close.

Case 4: Duplicate multicast address• Consider the case of 2 Logix controllers each consuming data from

different data producers. And, each data producer transmits its data using the same multicast address. This is allowed in the EIP spec because each multicast stream includes unique information that differentiates.

• If 2 or more multicast producers are using the same multicast address, the consumer ENBT module will not send a Leave until all consumer Logix controllers no longer want to receive that multicast group.

02/28/2012

32

System Performance

02/28/2012

33

System PerformanceSystem performance requires:

- Few customers request performance analysis but it is important for I/O- Characterizing each component in the system (network, Logix, switch, I/O, HMI)- Combining the components for end-end result (e.g.“screw-to-screw” for I/O)- Note that system performance is not Ethernet interface loading (connections or packet rates)

Network Considerations:– Latency (including queuing in Logix Ethernet modules)– Jitter– Multicast containment– Broadcast limiting– QoS (queuing in Ethernet switches)

!!! Network AvailabilityIf every link/cable is no more than 50%-60% utilized and QoS is implemented, then the network should not have a problem supporting any EIP application (Motion, PTP, I/O, etc.).

02/28/2012

34

Media

02/28/2012

35

Media

• Copper• Fiber• Slip rings• RF (wireless)

02/28/2012

36

Media – resiliency

• Ring topology• Redundant star topology• Etherchannel (Cisco switches)

– Both links active• Flex Links (Cisco switches)

– One active, one backup

02/28/2012

37

Media

• Copper types for EIP

Category 5e, category 6 recommended by ODVA

• RA sells copper cables and connectors- http://ab.com/sensors/ethernet/- Unshielded twisted pair- Shielded

• See EtherNet/IP Media Selection and Installation Guide

http://www.odva.org/Home/ODVATECHNOLOGIES/EtherNetIP/EtherNetIPLibrary/tabid/76/Default.aspx

02/28/2012

38

Media, fiber Offerings at RAFiber compatability chart

Fiber type Number of ports Mode Speed Connector type

1783-SFP100FX (100mbps multimode)

1783-SFP100LX (100mbps single mode)

1783-SFP1GSX (1000mbps multimode)

1783-SFP1GLX (1000mbps single mode)

Stratix 80001783-MS06T SFP up to 2 (optional) based on SFP type based on SFP type LC X X X X1783-MS10T SFP up to 2 (optional) based on SFP type based on SFP type LC X X X X1783-MX08T Fixed 8 Multimode (FX) 100mbps LC1783-MX08F None

Stratix 60001783-EMS04T None1783-EMS08T SFP 1 (optional) based on SFP type 1000mbps LC X X

Stratix 20001783-US05T None1783-US08T None

1783-US03T01F Fixed 1 Multimode (FX) 100mbps LC1783-US06T01F Fixed 1 Multimode (FX) 100mbps LC

1756-EN2F Fixed multimode, LC connector, no autonegotiation, Speed = 100M, Duplex=half/full (see notes)

1783-fiberETAP everything the same as EN2F above, LC only.

Stratix6000, See above. Also, autonegotiation not supported, LC only.

Stratix8000 (uplinks) See above. Also, autonegotiation not supported, LC only

Stratix8000 (expansion) See above. Also, autonegotiation not supported, LC only.

02/28/2012

39

Media Fiber• Simply, there is no autonegotiation on fiber.

• The speed on fiber is always determined by the fiber transceiver. If the transceiver is a SFP the speed can be changed by exchanging out the fiber SFP (Small Form-factor Pluggable) module with one of a different speed, for example a 100BASE-FX for a 1000BASE-SX. The host that the SFP module is plugged in must be able to support the data rate of the SFP module. For example if the host has the ability to only support 100BASE data rates, putting a 1000BASE SFP in will not give you 1000BASE speeds. In fact the host may warn or produce an error indication that an incorrect/unsupported SFP has been installed. Some products use a fixed fiber transceiver (SFF, Small Formfactor Fiber), It is not possible to change the speed or connector of a SFF since it is soldered directly to the board.

• The fiber type (Single Mode or Multi Mode) does not determine the duplex. Duplex is determined by the host and in most if not all cases will be full duplex for fiber. Because of the dedicated TX and RX channels in fiber systems, there is no need or benefit to have HD on fiber. Single mode and multimode refer to the mode of light propagation through the fiber not the duplex capability of the link. Typically fiber transceivers are designed exclusively for specific launch mode into a matching fiber. For example you cannot use a SM fiber on a multimode transceiver or a multimode fiber on a single mode transceiver.

02/28/2012

40

Media - Kinetix 6500The Kinetix 6500 EtherNet/IP solution has been tested in high noise

environments. This system does require shielded cables. I do not think that you will have problems with these drives as long as you follow good installation practices and the guidelines given in either the ODVA EtherNet/IP Planning and Install guide or in IEC 61784-5-2 and IEC 61918. If you are concerned or are aware of ground loops, install a equalization conductor between the two drives locations where the cabling is installed. Guidance for the equalization conductor can also be found in the ODVA PNI.

Rockwell AutomationBob Lounsbury – Principal Engineer

02/28/2012

41

Media

• Slip ringsTwo basic types: optical, mechanical

• Slip-ring vendors used by at least one customer for I/O

- Meridian on rotary fillers, http://www.meridianlab.com/index.html

- Label (a French company), http://www.label.fr/accueil_en.htmlSlip-rings have not been validated by ODVA or Rockwell.

02/28/2012

42

Media, slip-rings

Example of how one customer is using

02/28/2012

43

Media color codes

I do not know of any standards that call out specific color codes, however Red is common for safety communications cabling. Teal is commonly used for robotics and control cabling.

02/28/2012

44

Media – RA sells mediaThe customer should contact our Chelmsford division to arrange to

purchase the cables for an application. For those who wish to make their own or have requirements that our cables cannot provide, use the guidance doc. Our robotic cables have weld splatter jackets, meet 10 million flexes, are low noise and are sealed to IP67. For M12 connectors, see

http://www.ab.com/catalogs/connectivity/onmachinepartno.html

RA sells UTP and STP (2009)media.

02/28/2012

45

Loop Prevention Protocols

02/28/2012

46

Loop Prevention Protocols

• Rapid Spanning-tree (see next slide)• Resilient Ethernet Protocol (REP, Cisco)• DLR

02/28/2012

47

Spanning-tree protocols

STP (50 sec)

PVST(2?-50 sec), CiscoRSTP (2 sec)

MSTP (2 sec) Rapid PVST (2 sec), Cisco

Question: What are the spanning-tree protocols and how did they evolve?

The protocols high-lighted in blue are supported in the Stratix8000.

02/28/2012

48

Loop prevention protocols

STP (50 sec)

RSTP(2 sec)

REP (100ms)

DLR (3 ms) max

Question: What is range of network recovery times (convergence) for a single link fault?

02/28/2012

49

Segmentation

02/28/2012

50

Segmentation• How many nodes can I put on a subnetwork/VLAN?

Fewer is better (see notes) because of the following:– Broadcast storm size and duration is less– Protection against defective device behavior (might affect all nodes on subnet)– Spanning-tree event (re-convergence) reduced exposure

• Why do I segment?– Performance and security

• How do I segment automation networks?– VLAN (connected thru a router, if needed)– Subnetworks (connected thru router, if needed)– Isolation– EIP-only protocol (CLGX bridge)

• Best approachFirst understand the customer’s requirements, including data types, flow, security, and performance. Then decide on the best way to segment.

02/28/2012

51

Network Topologies

02/28/2012

52

Topologies

What topologies are there?

• Line • Ring (media redundancy)• Star• Double star (distribution switch and media

redundancy)• Combinations

02/28/2012

53

Linear topology

• Advantages– Architecturally, a drop-in replacement for RIO.

• Calculations– To determine how many switches your application can support, you must calculate worst-

case latency and jitter. (see next page)• Disadvantage

– Some traffic may traverse multiple switches- A single media loss will stop communications between the isolated areas

- Recommendation: A star to ring are preferred topologies.

Switch1 Switch2 Switch3 Switch4

02/28/2012

54

Linear topology

How many switches can I have in a line?

ANSWER:That depends on several factors:

– Single point of failure consideration– Client’s tolerance for delay (e.g. timeout)– Switch’s capacity (e.g. wire-speed on all ports, switching fabric)– The amount of traffic (unicast, multicast, broadcast) queued in front of a

message under test.– Troubleshooting a longer line is more difficult to find the problem

02/28/2012

55

Wireshark

(capture and just a little analysis)

02/28/2012

56

Wireshark

The simple version is:

“Get a capture of that EN2T traffic.”

However, there are a few details involved.

02/28/2012

57

Files we need & more Network drawing (inc switches, routers, copper/fiber converters, wireless, etc.)

IP address of the nodes and also the types of devices (e.g. Flex I/O, switches, etc.)

Switch configuration and operating status including errors, duplex, forced/auto (use either a web browser or Command Line Interface) For Stratix 8000/8300, use Device Manger (see Answer ID 70473 for details)

For Stratix 8000/8300, use CLI Show Tech command to get switch status.

Status of LEDs and module display

Logix acd file(s)

Firmware versions

If you use HTTrack software, this will be provided by the software.

Module screen captures (use HTtrack Website Copier, www.httrack.com) HTtrack software is free and easy to use. It copies all the pages quickly. (RECOMMENDED)

Page Examples: Home, Diagnostics Overview, Ethernet statistics, I/O connections

For devices that need a user name/password (e.g. 1734-AENT), HTTrack errors. For these devices, you will need to manually take screen captures of web pages.

If a Wireshark (network capture) is requested:

Identify the device (e.g. EN2T) that was port mirrored

Tell us if the anomaly occurred during the Wireshark capture02/28/2012

58

Agenda

If a network capture is requested:1. Install Wireshark (free at www.wireshark.org)2. Disable security on the PC port(s) that you are using to capture.3. Identify what device (e.g. 1756-ENBT) needs to be mirrored4. Configure port mirroring on a switch5. Configure Wireshark display during capture6. Is your PC adequate to capture all packets?7. Take a quick (30 seconds) test capture8. Multiple Wireshark files (circular buffer) may be required9. Two or three simultaneous Wireshark PCs10. Stop capture

02/28/2012

59

1. Install WiresharkUse the current stable version.

http://www.wireshark.org/download.html

Current stable

version

02/28/2012

60

2. Disable security, PC interface

If you don’t disable, you will see only some traffic.02/28/2012

2. Disable security, PC interface

If you run Wireshark and don’t see traffic you expected (example: multicast I/O is active but you don’t see any multicast), disable securing on your PC Ethernet port and run Wireshark again. See below for Symantec Network Protection disabled.

02/28/2012 61

62

3. Identify the device(s) to be monitored

CLGX_1

CLGX_2

FA1/5

FA1/1 FA1/6

FA1/4

Example:

Configure switch port mirroring to mirror CLGX_1 traffic to unused port FA1/8.

02/28/2012

63

Use a managed switch (has port mirroring)

Common methods for configuring port mirroring

- Web browser (e.g. Internet Explorer)

- CLI (switch console cable or telnet)

4. Port mirroring basics

Double-check the mirroring config immediately!02/28/2012

64

4. Port mirroring basics

Specify the following: - Source port(s), one or more devices to be monitored

- Destination port, only one

- rx, tx, or both (default), for the source port(s)

Both (in and out) is recommended

- See notes for this page for some details

Example: Mirror all traffic from FA1/5 (in/out ) to FA1/8

02/28/2012

65

4. Select a method for configuration

When you configure mirroring, you can use 2 different methods:

Use an administration port (Recommended)Example: Connect your Wireshark PC to FA1/1. This would be the mirroring

administration port. Configure mirroring: Source port is FA1/5. Destination port is FA1/8.After configuring mirroring, you will need to physically move the PC Ethernet cable from FA1/1 to the destination port, FA1/8 The advantage of this method is that any traffic you see on the destination port will strictly be traffic to/from FA1/5. No PC administration traffic would be seen..

Configuration from the destination portExample: Connect your PC to the destination port and then configure port mirroring.This is feasible only if port mirroring is configurable to the extent that configuration traffic is allowed ingress (from you PC to the switch) after port mirroring is

configured.If ingress traffic is not configured, then after mirroring is configured, you can monitor BUT you cannot change the mirror configuration from the destination port.

02/28/2012

66

4. Port mirroring, more

Port mirroring has several variables: Number of sessions

- Only 1 session configurable using Device Manager.- More than 1 session configurable by using CLI.

Number of source ports (per session), name of the source ports- One or more (including all ports in a VLAN, on this switch)- Port names and contiguous or non-contiguous

- Contiguous example: FA1/1 and FA1/2- Non-contiguous example: FA1/1 and FA1/5

Number of destination ports (always 1), name of destination port

02/28/2012

67

4. Port mirroring, moreWarning:

With Device Manager, if you mirror a port, FA1/1 for example, to the target port, FA1/8 for example, all is well. However, if you then decide to mirror a different source port, FA1/2 for example, to the same destination port, then both source ports will be mirrored. This is OK if you want to mirror multiple ports.

However, to mirror only 1 port at a time, first select a Smartports role of None before changing the source port.

NOTE!!! You can mirror 1 or more source ports simultaneously (or a whole VLAN) to a destination port. However, after you mirror, verify that you don’t over-utilize the destination port. Use Device Manager to easily verify % usage of the destination port.

02/28/2012

68

4. Port mirroring, advancedThere are times where you may need multiple mirroring sessions.

-- Session 1: source port A to destination port B -- Session 2: source port C to destination D.

Multiple sessions are configurable using CLI but not by using Device Manager.

CLI configuration exampleSwitch_4(config)#monitor session 1 source interface Fast1/2

Switch_4(config)#monitor session 1 destination interface Fast1/7

Switch_4(config)#monitor session 2 source interface G1/1Switch_4(config)#monitor session 2 destination interface Fast1/8

To view monitor sessionsSwitch_4# show monitor sessions all

To disable all monitor sessions using CLISwitch_4# no monitor sessions all

02/28/2012

69

4. Port mirroring, advancedYou can specify multiple source ports.

For the Stratix8000, you can do this with Device Manager or CLI.

CLI example: Source ports are FA1/2 thru FA1/3Show monitor session all // to view currentConfig tSwitch_4(config)#monitor session 1 source interface FA1/2 – 3Switch_4(config)#monitor session 1 destination interface fa1/8Exit

1. With CLI, you can specify a range of contiguous ports as show above (FA1/2 – 3).Note that there is a space before and after the hyphen.

2. As an alternate to specifying a range of ports, you can configure source ports one at a time.

3. Multiple source ports can be contiguous or non-contiguous.

02/28/2012

70

What happens if I have a switch but I forget to port mirror?

If you forgot to configure port mirroring and then use Wireshark, your Wireshark file will include only broadcast since this is supposed to flood all switch ports.

Also, if IGMP is not configured, multicast will also flood all ports and will be seen in the Wireshark file.

Verify all expected packets, including unicast, are in the trace and that flooding is not occuring.

4. Port mirroring Q&A

02/28/2012

71

5. Configure Wireshark live displaySelect Ethernet

interface.Motherboard

recommended.

Uncheck this box

When running Wireshark, don’t display during capture.

And, don’t run applications other than Wireshark to make the PC CPU available for Wireshark.

Uncheck this box

02/28/2012

72

6. Is your Wireshark PC adequate?

Depending on the operating system and PC Ethernet interface* (hardware and driver), you might capture all the packets (good) or only some packets (not good).

To test your PC, configure a fast (2ms) stream of produce tag or I/O traffic.

Configure port mirroring and run Wireshark for a short time (10 seconds) and stop the capture. Filter on the 2ms stream and look at the sequence (SEQ) numbers to identify if any are missing. The next page has an example.

* Some people have found that the PC motherboard Ethernet interface may be more reliable than USB or PCMCIA Ethernet interfaces.

02/28/2012

73

6. Is your Wireshark PC adequate?Use a web browser to identify a 2ms stream.

Then, filter using that address.

SEQ 5010 followed by SEQ 5015 means that 4 packets were missed.

Delta time since previous packet was 13ms. This is

much more than 2ms.

You should see consecutive sequence numbers to ensure that you are not missing any packets. The above shows that packets are being missed.

Are packets actually absent or is your PC not fast enough to capture all the packets? The next slide will provide information to help you answer this question.

02/28/2012

74

6. Is your Wireshark PC adequate?

This EN2T web page shows that this stream of data (239.192.2.150) has a 2ms RPI and no is missed packets.

From this page, my conclusion is that all packets are flowing on the network --- none are missing. Therefore, I conclude that the PC was not able to capture all packets.

239.192.2.150 0 Missed packets

2ms RPI

02/28/2012

75

7. Quick capture

Purpose is to verify port mirror and Wireshark configuration

• 30 seconds only• Verify that you see unicast to/from device mirrored (e.g. 1756-EN2T)• Verify that you do NOT see unicast that doesn’t include 1756-EN2T• Verify that you see all expected IP addresses• If you expect to see multicast, verify it is present• Verify that multicast flooding is not occurring (assumes IGMP)

Now, you are almost ready to start the real trace.

02/28/2012

76

8. Multiple Wireshark files

If the capture must be running over a period of time and a single file will be too large (>10Mbytes), then configure a circular buffer in Wireshark.

See next slide.

You must manually stop the trace BEFORE the event of interest is overwritten in the circular buffer.

02/28/2012

77

8. Multiple Wireshark files

Multiple file capture configuration – circular buffer

Specify enough files to insure that

you have time to stop the capture before the event is

overwritten.100-1000 files would

hopefully be adequate.

Limit file size to

10Mbytes to make it easy for analysis

Select a directory to store files

Select PC Ethernet module

Uncheck this box

100

Uncheck this box

02/28/2012

78

8. Multiple Wireshark files

Why would I need more than 1 capture file?

1. Size is too big (> 10Mbytes)

2. Need time to stop the capture

02/28/2012

79

8. Multiple Wireshark files Wireshark circular buffer size

How much disk space will the circular buffer require?

Example: A circle of 100 files that are each 10Mbytes.

Total = 1Gbyte

02/28/2012

80

9.Two/three Wireshark PCs

Switches and routers

Sometimes, two simultaneous captures are needed. Connection IDs will be tracked.

02/28/2012

81

10. Stop Wireshark capturing

If you have a circular buffer configured (multiple Wireshark files), you need to stop capturing before overwriting the event we need to see.

How much time do you have before the event is over written?

To answer the question:Run a simple test to estimate how quickly the circular buffer

fills completely (and then starts to overwrite).

02/28/2012

Wireshark – advanced, 1/6

Troubleshooting I/O Connection Loss

02/28/2012 82

Wireshark – advanced, 2/6

When troubleshooting I/O connection loss, you need to identify root cause. Three possibilities exist: - The scanner - The adapter- The switched infrastructure

To determine which of the above is the root cause, you need to learn the bi-directional CIP connection IDs. However, if connections are lost and then recovered automatically, you probably won’t know the connection IDs unless you are lucky enough to have seen both a fwdOpen and a fwdClose for each lost connection. This can be simplified by have a web browser monitor the I/O connections, making them visible to Wireshark.

02/28/2012 83

Wireshark – advanced, 3/6

For analysis:

The two connection IDs associated with each CIP connection need to be identified. These can be obtained from a EN2T web page. To make them available dynamically in Wireshark, configure a web browser (ex. Internet Explorer) to read the EN2T page shown below.

02/28/2012 84

Wireshark – advanced, 4/6

For analysis:After a Wireshark capture is obtained, you need to learn the I/O connection IDs that were valid prior to an I/O connection loss. To do this:

1. Set a filter in Wireshark

TCP and ip.src==IP_of_IE_pc and ip.dst==IPofTheEN2T and tcp.seq==0

Example: TCP and ip.src==192.168.1.250 and ip.dst==192.168.1.200 and tcp.seq==0

2. Examine the first TCP packet in the TCP/HTTP sequence prior to the loss. Below, notice the 1 second interval between 1.663 and 2.763

02/28/2012 85

Wireshark – advanced, 5/6

• Now, with that packet select Analysis and Follow TCP Stream

• Then, select Raw and Save as an html file.

• Then, open the html file with a web browser such as Internet Explorer (see next page).

02/28/2012 86

Wireshark – advanced, 6/6

02/28/2012 87

The connection IDs on the Ethernet media (copper, fiber, wireless) are shown above. Notice that the Target PortID is 2 and this means the front plane (Ethernet), not the backplane. (The backplane has a port identifier of 1.)

These connection IDs can then be used in a Wireshark filter to monitor packet flow from source to destination.

88

Device Level Ring

02/28/2012

89

Configure DLR supervisor and backup super

How do I configure DLR supervisor and backup supervisor?

• For my supervisor, I selected:• Supervisor check box.• Precedence of 255.• IGMP Querier.

• How do I configure a backup supervisor?• I select Supervisor. • I select precedence of 0 (default). • I select IGMP Querier because I need a backup

querier.

02/28/2012

90

What is latency of two-port devices?

• Cut-thru(3us) + queuing(24us) ~30us. For 50 nodes, it is ~1.5msecs. Queuing assumes a packet of 300 bytes is queued in front of an incoming packet. This could be a single motion packet or possibly 2 smaller packets.

• Most IO frames are ~100 bytes or less, motion frames ~280bytes or less, produce/consume tags frames 572 bytes or less. HMI frames can be 1522 bytes but there won't be many of these.

• Say most of the frames on network are less than 600 bytes. Depending on when a frame hits a node it may be delayed by 0 to 600 bytes. So, on average it will be delayed by 300 bytes (30usecs) per node.

02/28/2012

91

How do I configure an ETAP?

• Place an ETAP into the RSLogix5000 I/O tree. The AOP can be used to configure (assuming that you assigned an IP address).

• RSLinx RSWho (assuming that you assigned an IP address)

NOTES:

1. If you simply want to connect a Drive to an ETAP, you do not need to add an ETAP to the I/O tree.

2. Because there are no system tags associated with an ETAP, you cannot configure an ETAP using system tags.

3. You can MSG to an ETAP to get status or you can use a web browser to read status.

02/28/2012

92

DLR Q&A

• How do I know where to position a mirroring ETAP?Answer: Port 2 of the supervisor is blocked in normal mode

of operation. Position the mirroring ETAP anywhere between the originator and the target. Make sure that the supervisor is not between the originator and the target.

• When would I need to change the beacon rate?Answer: Normally, you don’t need to change from the

default. However, there are valid reasons to consider a rate change:

- A ring greater than 50 devices (slower rate)- A noisy environment (slower rate)

02/28/2012

93

CIP Safety on EtherNet/IP

02/28/2012

94

CIP Safety on EIP

• Number of CIP connections• Input module CRTL• Output module CRTL• Safety task interval maximum (100ms)• Safety I/O modules

– 1791ES-IB16– 1791-OBXIB8– 1734-IBS– 1734-OBS

02/28/2012

95

Safety CRTL for 1791ES-IB16

02/28/2012

96

Safety 1791ES-IB16 modules

• This module always has an input connection and also an optional output connection.

• Input connection informationThe controller will not produce data on the 0->T side until it gets T->O data. It will wait 2 seconds for first data reception before timing out.

• Output connection informationThe controller will start producing safety output data (O->T) without receiving any data (T->O) initially from the 1791 block.

02/28/2012

97

Safety Produce Tag

To configure a Safety produce/consume tag:• Select CST for each controller• Configure a produce tag

– Must first create a UDT with the first member being a CONNECTION_STATUS data type. Remaining members can be whatever you want.

• In the producer controller acd file, in controller properties, Copy the Safety Network Number

• In the consumer controller acd file, in the I/O tree, select the producer controller and properties. Paste the Safety Network Number.

02/28/2012

98

Safety Multicast/Unicast

• RSLogix5000 v18 and earlier– Produce Tag multicast only– I/O multicast only

• RSLogix5000 v19– Produce tag unicast is available– I/O multicast only

• RSLogix5000 v20 and later– I/O unicast will be available

02/28/2012

99

Troubleshooting EIP

02/28/2012

100

Troubleshooting - GeneralGet a description of the anomaly

What is the problem the customer sees? (simple description) Example: The I/O tree in RSLogix5000 has a yellow triangle on a Flex I/O module.

Only a single device is being lost?

Example: Only a single device, a 1794-IB16 module, has a yellow triangle

Was it ever operating correctly or did this start recently?

How often does it happen? (constantly, once per hour, once per week?)

For how long does the anomaly last? (3 seconds, forever?)

How do you recover? (cycle power to device?, recovers by itself?)

What additional steps, if any, did you already take to troubleshoot?E.g. hardware changes

02/28/2012

101

Troubleshooting - General

See “Files We Need” later in this document.

02/28/2012

102

Troubleshooting - Key Module Diagnostics

Module diagnostics (basic) --- see web server1. Link state: Link should be up (connected to a powered switch).

2. Duplex: Full duplex

3. Auto/forced: Autonegotiate

4. Speed: 100Mbps

5. Errors: In errors and out errors should be 0. Very important!

6. CIP connection timeouts: 0 is expected

7. CIP connections: <= 80-90% of the module’s capacity

8. TCP connections: <= 80-90% of the module’s capacity

9. CPU usage %: <= 80-90%

10. Missed I/O packets: 0

11. HMI packets/sec: <= 80-90% of the module’s capacity

12. I/O packets/sec: <= 80-90% of the module’s capacity

02/28/2012

103EN2T v3 firmware – 12 Diagnostics that are important.

Troubleshooting - Key Module Diagnostics

02/28/2012

104

3 params not on this page

- Link state

- Errors

- HMI pps

ENBT 12 Diagnostics that are important.

Troubleshooting - Key Module Diagnostics

02/28/2012

105

Troubleshooting

There has been 1 report (March 30, 2011) of Internet Explorer not expanding the Diagnostic folder on a EN2T. See screen capture below.

The person reporting this found that by using IE7 instead of IE6 he was able to expand the folder.

02/28/2012

106

Troubleshooting - common

One common anomaly….duplex mismatchAutonegotiation is out-of-the-box easy to use and reliable. But, if your company

policy is to force the duplex and speed, this is legitimate. However, if you force, remember to force both the switch port and the corresponding end-device. Other wise, there will be a mismatch and communications problems will occur.

Depending on the timing of who-transmits-when, the problem may not be obvious or may be very obvious.

Examine both the switch port and the end-device (e.g. 1756-ENBT) for Ethernet errors. Signature errors for duplex mismatch include:

- Late collisions- FCS/CRC errors- Alignment errors

02/28/2012

107

Troubleshooting – S8000

If you cycle power, the date/time changes to

Feb 28 1993

This is how the product was designed by Cisco. There is no battery to retain the date/time. CompactFlash retains the switch configuration but not the date/time.

02/28/2012

108

Troubleshooting – S8000

To gather switch data quickly, especially with multiple switches, use Cisco Network Assistant to look at the Monitor tab:

1. Reports tabPort Statistics

2. ViewsTopology – shows all the switches, health

3. System MessagesThis info is close, if not identical, to the switch log file.

4. For maintenance, upgrade multiple switches simutaneoulsy.5. Monitor

Reports, IOS inventory for all switches

02/28/2012

109

Troubleshooting – S8000

What do I look at first with a Stratix 8000?(How do I know if the switch is happy?)

a) Log file (Device mgr or CLI)- Dev Mgr, Monitor Alert Log- CLI, show log

b) Interfaces (Device Mgr or CLI)- Look for errors- Look for autonegotiation, speed, and duplex

c) CIP object- Look that it is enabled and on which VLAN

d) Verify smartport rolesd) Additional steps are anomaly dependent:

Example: show spanning-treeshow rep

02/28/2012

110

Troubleshooting

Useful CLI commands:

• If you are suspicious of physical port related problems (e.g. port won’t come up)– Show interface status (connected, speed, duplex)– Show interface status err (see if error disabled)

02/28/2012

Troubleshooting - multicast

• A system that has a high multicast count may have EtherNet/IP connections problems. If the number of multicast addresses exceeds the Stratix spec of 256, the result is that you will may lose connections or, more likely, you may not be able to establish CIP connections.

• If your customer has more than approximately 200 multicast connections thru any switch, this is approaching the default capacity of the Stratix8000 switch you should consider testing with the solutions listed on the next slide.

• If CIP connections cannot be established, you will not be able to view the multicast count (multicast groups) on a Stratix switch. However, you can examine each device in the RSLogix5000 I/O tree to count multicast connections.

11102/28/2012

Troubleshooting - multicast

• Solution 1: You can change the configuration of our Stratix8000 switches to allow for up to 1000 multicast addresses. When you do this, the maximum number of MAC addresses that can be stored in the switch is reduced from 8000 MAC addresses to 2000.

However, 2000 MAC addresses is a lot of MAC addresses.

• Solution 2: Reconfigure the multicast connections for uni-cast. Note: Uni-cast is now the default for many Rockwell products but not all. I believe that the PF40 is multicast only. Safety will allow uni-cast in v20. There may be a few others. Uni-cast is recommended because it is overall an easier approach to manage a system. Multicast is a valuable traffic type but does require additional consideration.

11202/28/2012

Troubleshooting - multicast

If you are losing I/O connections:Get a Wireshark capture.

In the Wireshark file, if you see that IGMP General Queries are an unexpectedly short intervals (less than configured in the Querier switch), examine a Wireshark file to see if STP root changes are occurring. Frequent root changes are not expected.

Typically, General queries will occur in the range of 60-120 seconds.

11302/28/2012

114

Troubleshooting – module Rejects“Rejects” means that the Logix Ethernet module hardware passed an I/O packet to the firmware but the firmware looks at the packet and then dropped it. This increments the Reject diagnostic and also counts toward CPU usage. Rejects will occur for the following reasons:

-Duplicate multicast streamsThe firmware enables module hardware to accept specific multicast groups. The hardware cannot distinguish duplicates.Recommendation: Avoid duplicate multicast groups by having less than 1025 nodes on a network.

- The hash table (hardware) is not perfect Resulting in some multicast being past to the module firmware.Recommendation: None.

- One of the CIP bi-directional communication streams stops A network event disrupts traffic. The consumer times out and closes the connection. The data producer has not yet timed out. Then, the absent stream starts arriving at the consumer again because the network is now working good. The restarted stream will be rejected by the

consumer because there no longer is a CIP connection open with that connection identifier.Recommendation: None.

All three of the above are the similar in that the firmware can’t associate a received packet with an active CIP connection ---- it's rejected .02/28/2012

115

If the basic troubleshooting steps above do not solve the problem…

Examine grounding (use visual inspection)

Also, see 1794-AENT statement in section B above.

Examine cable lay and re-route (noise could be induced into a cable)

Replace hardware

Cable, switch, RA Ethernet module.

Examine power to the device

Troubleshooting – now what?

02/28/2012

116

Troubleshooting

When connecting a Stratix8000 to a Stratix 6000:

- If you select autonegotiate, a straight-through or cross-over cable can be used.

- If you select forced speed/duplex, a cross-over cable is needed.

02/28/2012

117

Troubleshooting

What’s wrong with inserting a hub to allow port mirroring?

1. You have to break a connection to insert.

2. If link was full-duplex, hubs can run only half-duplex.

3. Half-duplex may disallow normal throughput.

02/28/2012

118

Troubleshooting –Duplicate IP Address

Question: Can I programmatically detect a duplicate IP condition?

A: Some of the Ethernet bridge modules do set the "Minor recoverable fault" bit in the Identity object status word attribute for a dup IP condition. But not all products and revs do.......For example:

- 1756-EN2T- L2xE/L3xE, v18- 1756-ENBT and L4x, not sure about these

So, the answer for the general case is no. See next page.

02/28/2012

119

TroubleshootingDuplicate IP Address

For the L3x controllers:• When the L35E detects a duplicate IP condition, the MS led is flashing red and the NS led is solid

red. The module can not talk through the Ethernet port ( no pings, web pages, CIP traffic, etc.) until the duplicate IP condition is resolved and the cable is disconnected/connected or the module power-cycled. If both LEDs are solid red, this is a crash situation, and the module is totally dead. In this case the crash log should provide some information.

• Modules with a 4-char display like the 1756-ENB scroll the duplicate IP information. Modules like the L35E without a display, store this information on a web page - but unfortunately you have to resolve the duplicate IP condition before you can get to the web page....

• Storing duplicate IP information on the L3x web pages was added for V18 in rev 3.72 (Ethernet firmware):

See Diagnostics | Advanced Diagnostics | EIP Stats | Error StatsSee screen capture on the next slide.

02/28/2012

TroubleshootingDuplicate IP Address

12002/28/2012

121

Troubleshooting – S8300

Description:You already created multiple VLANs (10,20,30,40) and you assigned an IP to

each VLAN (192.168.10.1, 192.168.20.1, etc). And you enabled routing.

Problem:From your PC, connected to FA1/1 (VLAN 10), you can ping VLAN 10 but you

cannot ping the other VLANs on the 8300.

Solutions:1. Does your PC have the correct gateway configured? (e.g. 192.168.10.1)?

2. If you have more than 1 Ethernet interface on your PC, disconnect all but the one connected to the 8300.

02/28/2012

122

Troubleshoot – multicast flooding

Verify if multicast is floodingThe customer may be using multicast (produce tag or I/O). If multicast is

flooding:- IGMP is not enabled or - there is no IGMP querier or- a switch is seeing more multicast groups than it can store.

For a Stratix8000, 256 groups is the default.

• Install Wireshark (free, www.wireshark.org)• Do NOT port mirror• Connect your PC to an unused switch port• Run Wireshark for at least 2 minutes (120 seconds)• Provide a list of all IP addresses• Provide network drawing• With CLI, use the command show ip igmp snooping groups

02/28/2012

123

Troubleshooting

Cannot reconfigure (I/P, mask, gw) your I/O adapter?

• You are probably getting error code 16 because you have an I/O connection. For security reasons we don't allow you to set port config params when we have an I/O connection. Error code 16 is "Module state conflict". Try inhibiting the adapter and changing the config again.

• If you changed it on the web page, it is probably already set. If you look at the fine print on the bottom of the web page, you'll see that changes take affect at the next power up. Try cycling power to see if the module is then reachable.

02/28/2012

Troubleshooting

• Cannot Ping remote IP Address

From my PC, on VLAN 1, I could not ping 192.168.10.1, on VLAN 10.

I had 2 Ethernet NICs in my PC, 192.168.1.233 and 10.88.79.9.

The corresponding 2 gateways were confusing to Windows.

On my PC, from a DOS shell, I added a static route to the remote 192.168.10.0 network via the 192.168.1.1 interface as follows:

 

Route add 192.168.10.0 mask 255.255.255.0 192.168.1.1

 

To see the fields for the route command, enter only ‘route’.

12402/28/2012

Troubleshooting

An EIP device capable of I/O will provide missed (aka lost) packet information. This type of packet is relevant to received packets, not transmitted packets.

Please note that for the 1734 Ethernet adapter, the Lost/Slot column refers to The upper number is for Lost packets and the lower number refers to a Slot number with a EIP connection. (fyi, a Slot with a 0 means a Rack connection)

Caution: Do not interpret the lower number as I/O packets lost.

02/28/2012 125

126

Timeouts – CIP and TCP

02/28/2012

127

TCP Timeouts

Without any activity, TCP connections will close automatically in approximately 2.5 minutes.

Closing TCP connections sooner, could be desirable for different reasons:

- Limited TCP connections (e.g. uLogix1400)- TCP keep-alives will reduce the network bandwidth on a slow link

(19.2Kbaud).

02/28/2012

128

TimeoutsThere are 4 timers associated with MSG instructions:- MSG timeout

- Default 30 seconds- User configurable (up or down)

- TCP retransmission timers- Not user configurable- Retransmission occurs if a TCP ACK is not received

- TCP keep-alive timer - Not user configurable- Occurs if there is no TCP traffic (user or retransmission)- Keep-alive packets sent on a variable scale (1, 2, 4, 8 seconds)

- CIP inactivity timer (detailed on the next page)- User configurable (in MSG path) for unconnected CIP messages.- Effectively closes a TCP connection if no activity.- May cause the MSG to error if the MSG has not yet completed successfully

02/28/2012

129

TCP Timeouts – CIP,TCP• CIP inactivity timeout

- Ethernet module monitor CIP unconnected traffic on each TCP connection- The CIP inactivity timeout can be configured in 1 sec increments from 1 sec to approx 120 sec. This can be specified in the MSG Path of the TCP originator. The default is 120 seconds. See next slide for an example. If this timeout occurs, the TCP connection will be closed by the originator.

- If this timeout is specified in a CIP connected MSG, it is ignored.- If this timeout occurs but the MSG has not yet received a response, the MSG will error at the MSG timeout specified, not instantaneously.

• TCP inactivity timeout (CIP connected or CIP unconnected)- Ethernet modules (source and destination) monitor activity on each TCP connection- Not user configurable- If a TCP packet (data or TCP retransmission) is not received within 8 sec, a keep-alive is sent. - If any TCP packet is received on a TCP connection, a keep-alive timer will reset.

- If no TCP data or keep-alive packet is received by 75 sec, another keep-live is sent. If no data or keep-alive acknowledge is received by 150 sec, the TCP connection will be

closed (by originator and/or target).

NOTE: MSG instruction timeout- When a MSG (CLGX, CPX) times out, it does not close a TCP connection.- MSG timeout default is 30 seconds for CLGX and CPX and is user configurable in MSG control structure.- The originator uses this timeout and also the target Ethernet module uses this timeout.

02/28/2012

130

CIP inactivity closes TCPExample of setting the CIP message inactivity timeout configuration. This timeout is valid only for unconnected MSGs. Screen capture below copied from Rockwell knowledge base document 22644.

If this timeout occurs, the MSG will error (0x204) at the specified MSG timeout.

The Ethernet module does not inform the controller of the inactivity timeout. This timer begins when MSG.EN = 1.

02/28/2012

131

CIP inactivity closes TCPIn the previous slide, notice the timeout portion (120 seconds) in the path, 100.100.90.6:inactivity-120Timeouts values are in integer seconds. The minimum value is 1 second.

Examples of TCP connection closes and MSG status (DN, ER):1. Setup: Inactivity timeout = default (2 minutes), MSG timeout = default (30 seconds)

If the MSG completes, DN or ER. in 1 second, then the TCP connection closes in 2 minutes.The inactivity timeout has no affect on the MSG status.

2. Setup: Inactivity timeout = default (2 minutes), MSG timeout = default (30 seconds)If the MSG times out (default of 30 seconds), then the TCP connection closes in 2 minutes.The inactivity timeout has no affect on the MSG status.

3. Setup: Inactivity timeout = 15 seconds, MSG timeout = default (30 seconds)If the MSG does not get a response from the target within 15 seconds, then the TCP connection closes at 15 seconds. The Ethernet module does not notify Logix.The MSG will timeout at 30 seconds, 0x204, because of the inactivity timeout.

4. Setup: Inactivity timeout = 15 seconds, MSG timeout = default (30 seconds)If the MSG gets a response (DN, ER) from the target within 15 seconds, then the TCP connection closes at 15 seconds.The inactivity timeout had no affect on MSG status.

02/28/2012

132

TCP Connection Timeouts1756-EN2x diagnostic shows default TCP timeout.

02/28/2012

133

TCP timeouts – MicroLogix 1400

Using the break bit in a MSG instruction will cause the TCP connection to break as soon as the MSG completes (DN or ER).

Using the break bit allows the ML to conserve the number of TCP connections in use.

02/28/2012

134

Multicast Considerations

02/28/2012

135

Multicast considerations

What are considerations for multicast?

Answer:- EIP uses multicast for I/O and produce tag- IGMP recommended (Internet Group Management Protocol)- TTL (time-to-live)

If the producer and the consumer are in the same network, TTL is not a factor. (TTL is a Internet Protocol parameter). Also, if in the same network, multicast routing is not needed.

IGMP reference: EtherNet/IP 10 Commandments(www.ab.com/networks/site-index.html)

02/28/2012

136

IGMP Snooping

Recommendations• Select IGMP Snooping on all switches• Enable IGMP querier on all switches• Verify operation with Wireshark --- look for multicast flooding• Troubleshooting – an IGMP Leave message is an indicator

See KnowledgeBase, IGMP Leave 55266

Note: With version 2, all the switches will negotiate and the lowest IP address will be the IGMP querier. IGMP v1 enabled queriers will not negotiate.

02/28/2012

137

IGMP Querier Compatibility

Version 2Is a superset of version 1. Version 2 added a Leave

function whereas v1 handled this with a timeout.

V1 & V2Interoperability includes consideration of a number of

factors such as the network mix of querier version and host IGMP version. However, there are some simple statements such as IGMPv1 multicast consumers will work with IGMP v2 queries.

V3The author has not seen any v3 messaging.

02/28/2012

138

IGMP Leave – happens when?A Logix Ethernet module sends an IGMP Leave when all CIP connections through that

module are broken for the multicast address being consumed.

Case 1: Startup• When a consumer receives a successful Forward Open reply for a multicast group,

the consumer starts sending heartbeats and also sends an IGMP Join.• If the first multicast is not received in 10 seconds, the consumer sends an IGMP

Leave.The consumer considers the CIP connection as timed out and stops sending unicast.

• Examples of timeouts after the first data:– A 2ms RPI has a CIP connection timeout of 128ms. Then, X >128ms.– A 100ms RPI has a CIP connection timeout of 400ms. Then, X > 400ms.

Case 2: Two controllers consuming same tag thru same ENBx• At the consumer Logix chassis, if there are 2 consumer controllers for the same tag

and both are consuming thru the same ENBT module, then that ENBT will send a Leave for that multicast group when both Logix controllers no longer want to consume that group. A Logix controller will not consume under the following conditions:– consumed tag is inhibited or deleted– I/O connection is inhibited or deleted

02/28/2012

139

IGMP Leave – happens when?Case 3: Tag producer dies/disconnected/disappears• At the consumer Logix chassis, if the tag producer dies or is

disconnected or the infrastructure (switch) dies, the consumer Ethernet module no longer detects the produced tag and the CIP connection will close.

Case 4: Duplicate multicast address• Consider the case of 2 Logix controllers each consuming data from

different data producers. And, each data producer transmits its data using the same multicast address. This is allowed in the EIP spec because each multicast stream includes unique information that differentiates.

• If 2 or more multicast producers are using the same multicast address, the consumer ENBT module will not send a Leave until all consumer Logix controllers no longer want to receive that multicast group.

02/28/2012

140

Miscellaneous

02/28/2012

Stratix 8x00 Procurement Spec

14102/28/2012

http://ramilwapps02.ra.rockwell.com/Applications/Channel/abusa_chmk.nsf/Article%20Heirarchy%20Default/F5929574260023F1862573EE0073E494?OpenDocument

142

Unicast/Multicast Q&A• How many controller connections are used by a unicast

connection? – A: In the producer controller, connections = 1+#consumers

(Note that a unicast tag can be produced to multiple consumers.)- In the producer controller, the same algorithm is applicable to

multicast connections. i.e. connections = 1+#consumers- In the consumer, only 1 connection per tag.

• Can a single tag be produced as both multicast and a unicast to two different consumers?– A: Yes. This assumes that you configure the produced tag to allow

unicast and also configure the ptag for sufficient consumers.• How many multicast groups are used if multiple

produced tags are consumed by the same controller? – A: One for each multicast tag.

02/28/2012

143

Unicast/Multicast Q&A

• What do you need to know for configuring unicast?- In the producer, configure the tag for “Allow for unicast”

(Note that if you configure “Allow for unicast”, the tag may not be produced unicast IF the consumer is configured for multicast.)

- In the consumer, do NOT select “Use unicast”

• Can I produce unicast between VLAN/subnets?- Yes. Because the TTL value is 64 for RA products (at least for CLGX

as of the year 2008)

- However, be aware that the L3 switch (or router) may affect latency.

• Can a unicast tag have more than one consumer?– Yes. But the traffic will be greater since the producer must

transmit to each consumer.

02/28/2012

144

Network Address Translation

• Not available in Rockwell products today.• Will be available in Stratix5700• Stratix5700 available in 2nd calendar qtr 2012• Announced at AutoFair, 2011

02/28/2012

145

L2x TCP Connections

• During testing we found that with 8 TCP connections it was relatively easy to get locked out (using all the connections and not having one to get with a programming computer).

• We decided to add 4 more to avoid that, but leaving the "formal" spec at 8.. .the 12 connections are available, although 8 are the recommended number.

• This was the first product where the TCP connection number was easily reachable, and did not want to run in too many tech-support calls for this.

02/28/2012

146

1756-EN2x buffer and connection limits

• A max of 128 incoming (from wire) buffers• A max of 128 outgoing (to wire) buffers• A buffer is required temporarily to establish

a CIP connection.• A max of 128 TCP connections

This is a total of incoming plus outgoing.

• A max of 256 CIP connectionsThis is a total of incoming plus outgoing.

02/28/2012

147

Enable CIP object

As requested by an IT guy, the following CLI will allow you to place an S8K switch into the Logix I/O tree. However, running Express Setup is the recommended.

1. In global config mode (config term), enter the following:

cip security password xxxxxxxxx

2. On VLAN interface chosen for automation (CIP object is supported on only 1 VLAN), enter the following:

cip enable

02/28/2012

148

Pushwheel for IP AddressAt power up, here is the sequence for selecting the IP address.

1. If the wheels are in the range of 1-254, the module will use that address (default mask = 255.255.255.0).

2. If wheels are not in above range, module looks at DHCP flag. If set, send a boot request. (Note that a wheel setting of 888 sets the module to factory defaults and sets the DHCP flag). Also, a setting of 999 is reserved for DHCP.

3. If wheels not 1-254 and DHCP flag not set, then module looks at what is configured in memory. For example, if you had set an address of 10.11.12.13 and then set the wheels something outside 1-254 and excluding 888 and 999, then the module would use the IP configured.

User Manual example: Provides the same info as above. http://literature.rockwellautomation.com/idc/groups/literature/documents/in/1734-in590_-en-p.pdf

02/28/2012

149

8300 Switch

Where can I find CLI commands for the 8300?

Answer: IE3000 software manual

02/28/2012

150

CIP Sync (PTP)• Time synchronization across an Ethernet network can be done

within 100ns.• Stratix8000 supports: transparent (default), boundary, and forward

modes.• RSLogix5000 (see notes)

v16 and v17 supports EN2x v2 firmware only (knows zero about PTP)- EN2x will automatically be a PTP participant.- A MSG is required to make it a Grand Master.

– v18 supports EN2x v2 and v3 firmware• Must select System Time Master to participate in PTP.

• EN2T/EN2TR– v2 automatically participates in PTP

The EN2x with best clock accuracy is Grand Master.– v3 requires that you configure CIP Sync on a EN2x in the I/O tree.

• All PTP packets are multicast.• A grandmaster can be a CLGX controller or satellite.

02/28/2012

151

CIP Sync (PTP)

• In release 6 of the Stratix 8000 SW the expansion module ports will be able to pass through the switch a PTP message. Today a PTP message is dropped.

• This is different than the base switch ports which participate as a 1588 PTP device. There is no short term plans to expand this to the expansion modules as the current HW will not support this enhancement.

02/28/2012

152

EtherNet/IP – new in v18

• 1756-EN2x higher packet rates• QoS support (EN2x, two-port I/O, K6500)

• CIP Sync (Logix AOP, K6500)• Unicast I/O (all DIO I/O families, excluding Safety)• L3x Dup. IP diagnostics (program access, web server access)

• Stratix 8300 switch• 1783-ETAP fiber ports (1 or 2)

02/28/2012

153

v3 En2x I/O Capacity

Module Throughput

0

5000

10000

15000

20000

25000

30000

35000

0 100 200 300 400 500

Packet Size (bytes)

Packets

Per

Seco

nd

EN2xxx Major Rev 1 & 2

EN2xxx Major Rev 3

Current Series at 3.6

This curve with EN2x release 3 or later and L7 controller

02/28/2012

154

1756-EN2x v3 CPU Utilization(I/O and HMI total)

Max I/O packet rate

(pkt rate at 100% utilization depends on packet sizes)I/O % Utilization

CPU% available for HMICPU % module

total

Packets/second

• CPU utilization is a combination of I/O and HMI• With 100% I/O utilization, there is still module capacity for HMI.• Max I/O pps = f(RPI, size) for each connection

CPU% in use for I/O

100 %

With 100% I/O utilization, there is still module capacity for HMI.

02/28/2012

155

1756-EN2x v3 web server

The Actual Rate (I/O PPS) counts packets for the backplane plus the Ethernet port. Example, if a L6x sends a produce tag to another Logix on Ethernet each second, this number will be 2 (1 backplane + 1 Ethernet port).Also, Safety I/O and Safety produce tag are included in addition to standard I/O and standard produce tag.

The total CPU utilization will always be less than 100% for only I/O. For example, the Ethernet port is running approx 25,500pps. This is nearly the full 26Kpps I/O limit. Because the CPU shows 54.1%, this means that this module has capacity for HMI and MSGs. With 45% CPU available, this module could handle 45% of the 3200 HMI pps rating.

02/28/2012

156

EN2x web server deep dive

CIP connection originator located on port 1 (backplane) Originator in this

backplane slot

CIP connection target located on this port (Ethernet)

Target IP

Target is producing this multicast group

Originator traffic type

Target traffic type

Example Summary:

Each row consists of both CIP connection originator and target information.

The EN2T module we are viewing is 192.168.1.13 (not shown in the screen shot above)

The packets we are viewing have the connection originator on 192.168.1.13’s backplane, in slot 6.

The target device is on Ethernet is producing multicast and also producing unicast.

Originators and targets are both sending and receiving packets on each connection. Missed packets are meaningful to only received packets.

Connection uptime Missed pkts Missed pkts

02/28/2012

157

EN2x web serverThe Applications Connections page of EN2T web server shows non-bridged connections.

- CLGX redundancy connections always shown, 3 (inactive or active)- Rack optimized connections- Assembly connections (if someone did a connected MSG instruction to the EN2T)

The purpose is to create 3 CIP connections: Connections are active only in CLGX redundancy system- One is for EN2T to record events in RM log.- One is for RM to send cmds to EN2T.- One is for EN2T to send cmds to partner EN2T.

The assembly connection is the "CIP Motion/Time Sync" connection you can choose when you configure an EN2T in RSLogix5000. It is used to allocate CIP Motion axes in the EN2T, and to turn on PTP.

Note that the Rack connection seen in the web shot shows the rack connection on the Ethernet side. If you were to start populating that rack connection, you would see connections to the individual I/O modules show up on this page also.

02/28/2012

158

QoS prioritizationQoS can help smooth out the peak loads and make sure that the important

traffic has priority. However, the most important thing is to make sure you have enough bandwidth to begin with

• QoS = quality of serviceRefers to mechanism that provides precedence to applications.Mechanisms include ToS and CoS.

• TOS = type of service (layer 3)Byte in IP header

6 bits, Differentiated Services Code Point (DSCP)Of the 6 bits, 3 bits of precedence.

• CoS = Class of service (layer 2)3 bit field in Ethernet frame

Priority 0-7

02/28/2012

159

QoS support• Any 2-port module will be marking packets with DSCP values (at the

default values per the EIP spec)– Two-port 1732 I/O– Two-port 1734-AENTR– Two-port 1738 I/O– 1756-EN2TR/EN3TR(See Knowbase Answer 49185 for complete list)

• The 1756-EN2T/EN2F/EN2TXT will mark only for CIP Motion and CIP Sync. Other traffic (e.g. I/O) will have the default DSCP marking of 0.

• If a packet is unmarked, the Stratix8000 switches will mark packets based on CIP TCP/UDP port numbers (I/O is UDP port 2222, HMI is TCP port 44818). This feature is enabled with Express Setup.

See References section for more on QoS.

02/28/2012

160

QoS support

However, you can change the EN2x QoS default values via MSG instruction to the QoS Object should one desire that. Not sure why this would need to be done.

• ETAP will not remark any packets that are being produced by the attached device. So if the device doesn't mark, the ETAP will not change this.

02/28/2012

161

CIP Safety on EIP

02/28/2012

162

CIP Safety on EIP

• Number of CIP connections• Input module CRTL• Output module CRTL• Safety task interval maximum (100ms)• Safety I/O modules

– 1791ES-IB16– 1791-OBXIB8– 1734-IBS– 1734-OBS

02/28/2012

163

Safety CRTL for 1791ES-IB16

02/28/2012

164

Safety 1791ES-IB16 modules

• This module always has an input connection and also an optional output connection.

• Input connection informationThe controller will not produce data on the 0->T side until it gets T->O data. It will wait 2 seconds for first data reception before timing out.

• Output connection informationThe controller will start producing safety output data (O->T) without receiving any data (T->O) initially from the 1791 block.

02/28/2012

165

Safety Produce Tag

To configure a Safety produce/consume tag:• Select CST for each controller• Configure a produce tag

– Must first create a UDT with the first member being a CONNECTION_STATUS data type. Remaining members can be whatever you want.

• In the producer controller acd file, in controller properties, Copy the Safety Network Number

• In the consumer controller acd file, in the I/O tree, select the producer controller and properties. Paste the Safety Network Number.

02/28/2012

166

Safety Multicast/Unicast

• RSLogix5000 v18 and earlier– Produce Tag multicast only– I/O multicast only

• RSLogi5000 v19– Produce tag unicast is available– I/O multicast only

• RSLogix5000 v20 and later– Produce tag unicast is available– I/O unicast is available

02/28/2012

167

Spanning-tree & OtherLoop Prevention protocols

02/28/2012

168

Spanning-tree protocols

STP (50 sec)

PVST(2?-50 sec), CiscoRSTP (2 sec)

MSTP (2 sec) Rapid PVST (2 sec), Cisco

Question: What are the spanning-tree protocols?

The protocols high-lighted in blue are supported in the Stratix8000.

02/28/2012

First came spanning-tree

169

Loop prevention protocols

STP (50 sec)

RSTP(2 sec)

REP (50ms)

DLR (1 ms)

Question: What is range of recovery times for a single link fault?

02/28/2012

170

Etherchannel - resiliency

Switch_1 P P Switch_2

P P

Switch_1

P P

Switch_2

Switch_3

P P

Example: No ring, 0ms link loss recovery

Example: Ring, 0ms link loss recovery

02/28/2012

171

Software – frequently used• RSLogix5000• RSLinx• RSNetWorx for Ethernet

Calculates Ethernet module loading (scanners and adapters)• Ping• Web server (in each Ethernet module)• Logix Controller task monitor• Network management software

– Example: IntraVue• Packet capture

– Examples: Ethereal, Sniffer• Centralized module diagnostics application

– Use FT View to monitor diagnostics on all EIP modules

02/28/2012

172

CIP Connections

• Most devices use 1 CIP connection• A few devices use more than 1 connection

– 1756-DNB uses 2 (status, data)– RSLinx opens as many as 5

• Produce tag– The controller that produces a tag uses connections as follows:

1 + #consumers.

Note that with 125 tags produced (with only 1 consumer each),

a CLGX would be out of connections.

– EIP modules count connections as follows:#consumers

02/28/2012

173

Sending emails

• Sending emails– CPX, CLGX, FlexLogix Ethernet modules can

initiate emails (ENET-UM001, KBase 30937, 32295)

– EWEB modules can also be used to send emails

02/28/2012

174

Intrinsically safe

Are there intrinsically safe products on EIP?

Answer:

Not directly on EIP. However, you can use intrinsically safe RA I/O products and put an EIP adapter outside the hazardous area by using 1797-BIC and CEC.

Reference:http://www.odva.org/tabid/154/ctl/Detail/mid/520/xmid/18469/xmfid/8/Default.aspx

02/28/2012

175

Unicast produce tag

What do you need to know?

• Unicast produce tag available in standard EIP (not Safety) in v16 RSLogix5000.

• Configure for unicast at both the producer and consumer.

• TTL value is 64 for RA products (at least for CLGX as of the year 2008)

• A tag can be consumed from multiple consumers (remember to config the produced tag for the correct number of consumers.)

02/28/2012

176

• Not every device and application can speak the EtherNet/IP protocol.• Numerous customer requests for this feature:

– Material Handling– Semiconductor– RFID reader integration– OEM’s in various businesses

• Primary uses for the socket interface:– Connect Logix to devices that don’t speak EtherNet/IP

• RFID readers, weigh scales, bar code readers, etc.– Connect Logix to applications on OS platforms not well-supported by

RSLinx• Linux, VMS, etc.

Socket style interfaces are supported by competitors such as Siemens and Schneider.

Why a socket interface for Logix?

02/28/2012

177

• Logix communications to non-EtherNet/IP devices• CPX (L43/45), CLGX, and MicroLogix1400 platforms have EWEB modules• 1756-EWEB modules support up to 20 sockets• Each socket specifies a single logical “port” to receive on• Each socket can be used to transmit to any target port and any target IP

Note that there are a few ports that are EWEB blocked so you should not use (or you will get immediate error status):

- TCP 44818(decimal), used by RSLinx and CLGX MSGing

- UDP 2222(decimal), used for CIP I/O and produce tag

- TCP 80(decimal), used for http

• See EWEB user manuals and Knowbase 48879

Why a socket interface for Logix?

02/28/2012

Sockets Comparison

02/28/2012 178

Ethernet module

1756-EWEB

1756-EN2T

CPXL43

CPX L1y-L3y

uLogix1400

Numbersockets

20 32 20 32 8

Max packetsize(bytes)

500 4000 500 500 240 (read)236(write)

179

Sockets in more modules

Starting in v20, the socket feature will only be added to the 1756-EN2T and other X-scale EtherNet/IP modules. This include the EN2F, EN3TR, EN2TR, and the EN2TXT. The EN2T will be the first to have the feature and the rest will follow. The 1756-ENBT and 1768-ENBT modules will not get this enhancement.

The differences between the 1756-EWEB and 1756-EN2T:- EN2T limited to ~4,000 byte packet (not 500 bytes)- EN2T limited to 32 sockets (not 20)

02/28/2012

180

Sockets in 1756-EN2x

• Planned for RSLogix5000 v20• Firmware upgradeable

02/28/2012

181

Sockets Q&A

Q: Can any TCP or UDP port number be used in a sockets application?

A: Ports 2222, 23, 80, 44818 cannot be opened as server ports because they may affect operation of the module either with respect to browsing, rswho, cip, telnet.

As long as you don't try to open any of these ports as a server you’re OK. If Logix is the client, and a 3rd party device is a server, that would be OK. But if the 3rd party device tried to initiate a conversation to Logix, that wouldn't work.

02/28/2012

182

PC with enet interface

(wired or wireless)

and VPN client sw

Telephone modem or

DSL modem or

Cable modem or

Wireless access pt or

Wireless broadband modem

internetVPN concentrator

E.g. Cisco,

Checkpoint.

(Hardware or software.)

Internal network

ISP

- First, purchase VPN concentrator and then purchase recommended VPN client software.

- ISP (internet service provider) provides access to internet.- VPN client software allows you to be connected to a remote network.

server

Your PC

Remote access basics

02/28/2012

183

Wireless FAQs

• Use wireless for:– Moving equipment (slip rings, reconfig plants, overhead cranes)– Long distance (3-7 miles:unlic, 40-70 miles:licensed)– Connect across the highway

• Is wireless less expensive than wired Ethernet? (see Use wireless for above)

• Longer distances means slower data rates.• 802.11n is backward compatible with

802.11a/b/g• See web sites for Esteem, Prosoft, Cisco, etc.

02/28/2012

184

Legacy

Describe communication protocols between Rockwell legacy products (PLC5E, PLC5 Sidecar, and SLC5/05) and Logix (CLGX, CPX).

- Communications initiated from legacy (to Logix)- Legacy supports PCCC commands and very few CIP commands- Only explicit messaging (no implicit)- Only CIP connected- Legacy knows how to create a CIP connection- Legacy knows how to encapsulate a PCCC command in a CIP wrapper- Legacy sends commands to the PCCC object in a Logix controller

- Communications initiated from Logix (to legacy)- Logix supports unconnected or connected messaging to legacy.

02/28/2012

185

Legacy

PLC5 Ethernet Sidecar firmware• 1785-ENET Ser C firmware distributed by technical support• You need to call TS and have a ticket number

• Ser A and Ser B firmware must be purchased by the customer via distributor

02/28/2012

186

• Not every device and application supports the EtherNet/IP protocol.• Numerous customer requests for this feature:

– Material Handling– Semiconductor– RFID reader integration– OEM’s in various businesses

• Primary uses for the socket interface:– Connect Logix to devices that don’t speak EtherNet/IP

• RFID readers, weigh scales, bar code readers, etc.– Connect Logix to applications on OS platforms not well-supported by

RSLinx• Linux, VMS, etc.

• Socket style interfaces are supported by competitors such as Siemens and Schneider.

Why a socket interface for Logix?

02/28/2012

187

• CPX (L43/45), CLGX, and MicroLogix1400 platforms have EWEB modules• EWEB modules support up to 20 sockets• Each socket specifies a single logical “port” to receive on• Each socket can be used to transmit to any target port and any target IP

Note that there are a few ports that are EWEB blocked so you should not use (or you will get immediate error status):

- TCP 44818(decimal), used by RSLinx and CLGX MSGing

- UDP 2222(decimal), used for CIP I/O and produce tag

- TCP 80(decimal), reserved, used for http

• See EWEB user manuals and Knowbase 48879

Why a socket interface for Logix?

02/28/2012

188

Sockets in more modules

Starting in v20, the socket feature will only be added to the 1756-EN2T and other X-scale EtherNet/IP modules. This include the EN2F, EN3TR, EN2TR, and the EN2TXT. The EN2T will be the first to have the feature and the rest will follow. The 1756-ENBT and 1768-ENBT modules will not get this enhancement.

02/28/2012

189

Sockets in 1756-EN2x

• Planned for RSLogix5000 v20• Summer 2011• Firmware upgrade

02/28/2012

Q & A

19002/28/2012

Q&A• At this time, who are sources for EtherNet/IP drivers?

• Answer:In the following list of companies, you will need to research each to determine the functionality supported (explicit or implicit messaging, client/server, etc. )

- Pyramid Solutions

- NSD, Co.

- IXXAT Automation

- RTA

Also, if your customer is developing an I/O adapter, there is an open source project for an EtherNet/IP adapter on SourceForge

- see: http://sourceforge.net/projects/opener/

ODVA Terms of Usage Agreement requires conformance testing of all products at by an ODVA Test Service Provider (located in USA, Germany, Japan or China)

02/28/2012 191

Q & A

Q: What if my PC runs slow when connected to a DLR ring or line?

A: DLR beacons can affect your PC performanceIf a supervisor is configured, this module will transmit beacon packets intended

to detect loss of continuity in a ring topology. If you are running debug (port mirroring) on an ETAP or accidently have a supervisor configured in a linear topology, your anti-virus software may be affected by the beacons. You can temporarily disable the software as a test.

- If you have a ring, make sure that a DLR supervisor is configured and your PC is connected via an ETAP.

- If you are operating DLR devices in a linear topology, make sure that a supervisor is NOT configured. Your PC can be connected directly to a 2-port device or through an ETAP.

19202/28/2012

193

Q & A– Produce tag option, “Send State Change Event To Consumer”

means what?• If you check the box:

- You are expected to use an IOT, as the Help shows.- The IOT will increment a sequence number in the

produced tag packet which will cause the consumer event based task (task based on consumed tag) to execute.

- The tag RPI timer is reset when an IOT is executed.- If the produced tag RPI timer expires before its IOT is

executed, the tag is produced and consumed but the sequence number is not incremented.

• If you check the box but do not use an IOT:- The tag will be produced at the RPI rate and the

sequence number will not be incremented and, if you have a consumed tag event based task, it will not execute.

02/28/2012

194

Q & AWhat are Ethernet network considerations for CLGX redundancy?

Answers:1. CLGX Primary and Secondary must be in same L2 and L3 network to make IP swapping work.2. Up to 7 total CNet and/or ENet modules supported per CLGX chassis.3. I/O on Ethernet must be multicast. (v19.5 and later)4. The “ping” between each Ethernet module pair is used as part of qualification (system coming up)

or disqualification (system already running). This “ping” is actually a CIP message.5. As relates to Ethernet, the only condition that will cause switchover is link lost.6. Ethernet modules complete their switchover in less than 100ms.7. HMI switchover is up to 1 minute and is dependent on RSLinx timeouts and secondary upload of

tags from the CLGX controller (more tags, more time). Is this still true? L7? Enhance Linx?8. IP swapping is selectable --- for each Ethernet module pair.9. Ethernet modules don’t backup one another. Redundancy is chassis based, not module based.10. I/O on Ethernet with CLGX redundancy must be on DLR to avoid connection loss.11. What is the switch/router topology recommendation for HMI redundancy? Work in progress…12. Recommended reading – CIP Sync manual, CLGX Redundancy manual.

02/28/2012

195

Q & A

What is the difference between 1756-EN2T series A and B?

Answer:

The difference between EN2T series A and EN2T series B is that we upgraded the backplane ASIC in the hardware. There are no functional or performance differences between the two modules. The reason we changes series was because the firmware is not forward compatible. So while both version 1.x and version 2.x firmware could go into the series A hardware, only version 2.x and above could be used in series B.

02/28/2012

196

Q & A

What firmware and hardware is required to get improved backplan/Ethrnet performance with CLGX?

Answer:See Answer ID 35482

Rev 3.006 Improved backplane communication supportThe hardware (see series designation below) has been enhanced for improved backplane communicationbetween the controller and module when using the 1756-L7x controller (and later revisions).1756-EN2T: series C1756-EN2F: series B1756-EN2TXT: series C

02/28/2012

Q & A

• Q: Can the number of 1756-EN2T multicast addresses be increased from the default of 32? Also, can the TCP connections be increased from the default?

• A: The number of multicast addresses can be increased to 256. The number of TCP addresses cannot be increased from the default of 128.

19702/28/2012

Q & ALarge packet sizes• Q1. What is the maximum size of data that can be sent over Rockwell Ethernet/P - ControlLogix and

CompactLogix?

ANSWER:

CIP historically limited a packet size to ~500 bytes on a network. However, on Ethernet, the limit is the MTU

(max transmission unit) 1500 bytes.

For several years now (since v16), the 1756-EN2T and CLGX controllers supported extended forward opens to allow more than 500 bytes in a packet on the network for connected explicit messaging.

Example: In a connected MSG, you could specify a large number of bytes (ex, 30,000 DINTs) and then on Ethernet, you would see many 1500 byte packets. This fragmentation is done for you. This has nothing to do with sockets.

However, in v20, the EN2T will support sockets. And, for connected MSGs, you can specify a large amount of data --- 3984 bytes for connected reads, 3972 for connected writes. See Sockets application guide ENET-AT002-EN-P. Again, on the wire, packets will be limited to the MTU of 1500 bytes. Fragmentation will be done for you.

• Q2. Has Rockwell released a CompactLogix platform that would support this type of application?

ANSWER:

For the CPX (2x, 3x, 4x) with a connected MSG, you can configure a large data transfer size (e.g. 30,000 DINTs), but on the Ethernet wire, the packet size will be limited to 500 bytes.

19802/28/2012

199

References

02/28/2012

200

References• ODVA

– www.odva.org/Home/ODVATECHNOLOGIES/EtherNetIP/EtherNetIPLibrary/tabid/76/Default.aspx

• EIP diagnostic faceplates– samplecode.rockwellautomation.com/idc/groups/public/documents/webassets/sc

_home_page.hcstProduct: Network CommunicationsTechnology: FaceplatesTitle: Ethernet

• Reference architecture, Design & Implementation Guide (DIG)– www.ab.com/networks/architectures.html

• Publication ENET-UM001G-EN-P Provides connection and packet rate specs for modules

02/28/2012

201

References

• Publication– ENET-AT002A-EN-P, December 2011, EtherNet/IP Socket Interface

• Knowbase– ID 67910, Inter-VLAN routing (8300)– ID 66324, Unicast I/O, firmware/software versions– ID 66326, ControlLogix 1756-ENxxx V3.x performance increase– ID66325, QoS Compatibility with Embedded Switch Technology

products– ID48879, Socket Services– ID273519, Stratix Switch Troubleshooting

02/28/2012

202

References• ODVA

– www.odva.org/Home/ODVATECHNOLOGIES/EtherNetIP/EtherNetIPLibrary/tabid/76/Default.aspx

• EIP diagnostic faceplates– samplecode.rockwellautomation.com/idc/groups/public/documents/webassets/sc

_home_page.hcstProduct: Network CommunicationsTechnology: FaceplatesTitle: Ethernet

• Reference architecture, Design & Implementation Guide (DIG)– www.ab.com/networks/architectures.html

• Publication ENET-UM001I-EN-P Provides connection and packet rate specs for modules

02/28/2012

203

Questions?

02/28/2012