Print
PDFOverview
With the NI MES-3980 managed switch, you can add security, network redundancy, local alarming, and monitoring to an Ethernet network without additional support from IT. This document covers common questions you might encounter when using the MES-3980 on a private network. If you are adding the MES-3980 to a corporate network and need to configure specific features for IT support and compatibility, please refer to Top 5 Questions When Adding a Managed Switch to Your Corporate Network.
Before adding any devices to a corporate IT network, contact your IT department and request permission. The IT department often requests the end device meet specific standards. The NI managed switch is compatible with a majority of these standards. To find answers to specific questions, refer to the Industrial Ethernet Switches - Managed and Unmanaged Datasheet, which lists supported standards.
Note: The following examples use the MES-3980 Web Console. For more information on how to configure an IP address and open the Web Console visit KB: Configuring the NI MES-3980 IP Address and Accessing the Web Console.
1. How do I control access to my system by port?
Regardless of if the managed switch is configured for DHCP or static IP, you can use the basic Port Settings and Port Lock by MAC address to secure unused ports on the switch and ensure only predefined devices are able to access the system. This prevents unauthorized access to the switch by blocking unused ports and discourages access from unplugging end devices on active ports.
Disable Unused Ports and Configure Static Port Lock by MAC Address
Select Basic Settings >> Port to disable all ports not in use. Caution: If the port used for configuration is disabled, communication to the switch is lost.
To lock a port by MAC address, add the end device MAC addresses to the Port Access Control Table by selecting Port Access Control >> Static Port Lock and then choose the port that the end device is connected to.
2. How can I configure local password and login security levels?
The managed switch provides a local database of user-defined usernames and passwords that filters local PCs connected by port to implement a layer of security. To access a specific port you will need to provide a username and password in the local database.
Creating Local Usernames and Passwords by Port
Select Port Access Control << IEEE 802.1X << Local User Database and add the necessary usernames and passwords.
After creating the necessary user accounts, select Port Access Control >> IEEE 802.1X >> 802.1X Setting. Select Local for Database Option and activate Re-Auth to require users to be reauthenticated after the set time period. Select the port to implement 802.1X local security and then select Activate. To confirm reauthorization, select Port Access Control >> IEEE 802.1X >> 802.1X Re-Auth and check the port for activating reauthentication.
If the port selection table is disabled, then confirm that RSTP is not activated on all ports. The managed switch will not support RSTP and IEEE 802.1X using the Local Database on the same port.
3. How can I configure network redundancy using a ring topology?
The MES-3980 uses Turbo Ring™ network redundancy in addition to the rapid spanning tree protocol (RSTP). The entire switch must be configured for either Turbo Ring™ or RSTP based on how the network is configured.
Configuring Turbo Ring for Network Redundancy
Select Communication Redundancy and then for the Redundancy Protocol select Turbo Ring. If this switch is intended to be the Master switch, then check Set as Master and then select Activate. You can configure any two ports on the switch for Turbo Ring. With Ring Coupling, you can connect two rings to provide an additional layer of redundancy. For more information see the NI MES-3980 User’s Manual.
4. How can I configure local alarms?
Local alarms are available through two relay outputs on the MES-3980. The output of these relays is configured through the Web Console. E-mail alarms are also used for managed switches on a corporate network with a mail server.
To configure local alarms select Auto Warning >> Relay Warning >> Event Setup and select the system and port events that will result in a closed relay. You can select more than one system and port event for a single relay and either event will cause a relay closure.
5. How can I monitor traffic on the switch?
The NI managed switch provides a local Monitor that is customizable by port and data type. Monitor all ports for total packets or error packets. With this tool, you can monitor bandwidth usage to determine if a device is above expected bandwidth usage as well as network errors.
Summary
The MES-3980 is a managed switch with a wide range of features for use on a corporate or private network. This document covered some of the common features, however, there are many more features and uses for this device. For a complete list of features and support for configuration, visit the NI MES-3980 User’s Manual.
Key Collateral
Industrial Ethernet Switches – Managed and Unmanaged
Top 5 Questions When Adding a Managed Switch to Your Corporate Network
Reader Comments | Submit a comment »
Legal
This tutorial (this "tutorial") was developed by National Instruments ("NI"). Although technical support of this tutorial may be made available by National Instruments, the content in this tutorial may not be completely tested and verified, and NI does not guarantee its quality in any way or that NI will continue to support this content with each new revision of related products and drivers. THIS TUTORIAL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND AND SUBJECT TO CERTAIN RESTRICTIONS AS MORE SPECIFICALLY SET FORTH IN NI.COM'S TERMS OF USE (http://ni.com/legal/termsofuse/unitedstates/us/).