Converged Plantwide Ethernet (CPwE) Design and Implementation Guide - Configurations [Design Zone for Manufacturing]

The following is a sample of a Stratix 8000 configuration after running Express Setup. The Stratix 8000 was running Release 3 (IOS version 12.2(50)SE2).

version 12.2

service nagle

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

hostname Stratix8000

boot-start-marker

boot-end-marker

logging buffered 16384

no logging console

enable secret level 1 5 $1$dIHm$S0Rzhzd9OWa9L5dgA5Egl.

enable secret 5 $1$QIyE$FQLtO8wJiuyp.u3BYMi8n.

no aaa new-model

clock timezone EST -5

clock summer-time EST recurring

cip security password rockwell

system mtu routing 1500

ptp mode e2etransparent

vtp mode transparent

udld aggressive

ip subnet-zero

no ip source-route

no ip domain-lookup

ip igmp snooping querier

mls qos map policed-dscp  24 27 31 43 46 47 55 59 to 0

mls qos map dscp-cos  9 11 12 13 14 15 to 0

mls qos map dscp-cos  25 26 28 29 30 to 2

mls qos map dscp-cos  40 41 42 44 45 49 50 51 to 4

mls qos map dscp-cos  52 53 54 56 57 58 60 61 to 4

mls qos map dscp-cos  62 63 to 4

mls qos map cos-dscp 0 8 16 27 32 47 55 59

mls qos srr-queue input bandwidth 40 60

mls qos srr-queue input threshold 1 16 66

mls qos srr-queue input threshold 2 34 66

mls qos srr-queue input buffers 40 60

mls qos srr-queue input cos-map queue 1 threshold 2 1

mls qos srr-queue input cos-map queue 1 threshold 3 0 2

mls qos srr-queue input cos-map queue 2 threshold 2 4

mls qos srr-queue input cos-map queue 2 threshold 3 3 5 6 7

mls qos srr-queue input dscp-map queue 1 threshold 2 8 10

mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7

mls qos srr-queue input dscp-map queue 1 threshold 3 9 11 12 13 14 15 16 17

mls qos srr-queue input dscp-map queue 1 threshold 3 18 19 20 21 22 23 25 26

mls qos srr-queue input dscp-map queue 1 threshold 3 28 29 30

mls qos srr-queue input dscp-map queue 2 threshold 2 32 33 34 35 36 37 38 39

mls qos srr-queue input dscp-map queue 2 threshold 2 40 41 42 44 45 49 50 51

mls qos srr-queue input dscp-map queue 2 threshold 2 52 53 54 56 57 58 60 61

mls qos srr-queue input dscp-map queue 2 threshold 2 62 63

mls qos srr-queue input dscp-map queue 2 threshold 3 24 27 31 43 46 47 48 55

mls qos srr-queue input dscp-map queue 2 threshold 3 59

mls qos srr-queue output cos-map queue 1 threshold 3 7

mls qos srr-queue output cos-map queue 2 threshold 2 1

mls qos srr-queue output cos-map queue 2 threshold 3 0 2 4

mls qos srr-queue output cos-map queue 3 threshold 3 5 6

mls qos srr-queue output cos-map queue 4 threshold 3 3

mls qos srr-queue output dscp-map queue 1 threshold 3 59

mls qos srr-queue output dscp-map queue 2 threshold 2 8 10

mls qos srr-queue output dscp-map queue 2 threshold 3 0 1 2 3 4 5 6 7

mls qos srr-queue output dscp-map queue 2 threshold 3 9 11 12 13 14 15 16 17

mls qos srr-queue output dscp-map queue 2 threshold 3 18 19 20 21 22 23 25 26

mls qos srr-queue output dscp-map queue 2 threshold 3 28 29 30 32 33 34 35 36

mls qos srr-queue output dscp-map queue 2 threshold 3 37 38 39 40 41 42 44 45

mls qos srr-queue output dscp-map queue 2 threshold 3 49 50 51 52 53 54 56 57

mls qos srr-queue output dscp-map queue 2 threshold 3 58 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 3 43 46 47 48 55

mls qos srr-queue output dscp-map queue 4 threshold 3 24 27 31

mls qos queue-set output 1 buffers 10 25 40 25

mls qos queue-set output 2 buffers 10 25 40 25

no mls qos rewrite ip dscp

mls qos

macro global description ab-password | ab-global | ab-qos-map-setup | ab-qos-queue-setup

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause security-violation

errdisable recovery cause channel-misconfig

errdisable recovery cause pagp-flap

errdisable recovery cause dtp-flap

errdisable recovery cause link-flap

errdisable recovery cause sfp-config-mismatch

errdisable recovery cause gbic-invalid

errdisable recovery cause psecure-violation

errdisable recovery cause port-mode-failure

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause mac-limit

errdisable recovery cause vmps

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery cause loopback

errdisable recovery cause small-frame

errdisable recovery interval 30

no mac authentication

mac authentication table version 0

spanning-tree mode mst

spanning-tree loopguard default

spanning-tree portfast bpduguard default

spanning-tree portfast bpdufilter default

spanning-tree EtherChannel guard misconfig

spanning-tree extend system-id

alarm profile defaultPort

 alarm 3

 syslog 3

 notifies 3

alarm profile ab-alarm

 alarm 1 2 3 4

 syslog 1 2 3 4

 notifies 1 2 3 4

 relay-major 2

 relay-minor 1 3 4

alarm facility power-supply relay major

alarm facility power-supply syslog

alarm facility power-supply notifies

alarm facility temperature primary relay major

alarm facility temperature primary syslog

alarm facility temperature primary notifies

alarm facility temperature secondary relay minor

alarm facility temperature secondary syslog

alarm facility temperature secondary notifies

alarm facility temperature secondary low 0

alarm facility temperature secondary high 90

vlan internal allocation policy ascending

class-map match-all 1588-PTP-General

 match access-group 107

class-map match-all 1588-PTP-Event

 match access-group 106

class-map match-all CIP-Implicit_dscp_any

 match access-group 104

class-map match-all CIP-Other

 match access-group 105

class-map match-all voip-data

 match ip dscp ef

class-map match-all voip-control

 match ip dscp cs3  af31

class-map match-all CIP-Implicit_dscp_43

 match access-group 103

class-map match-all CIP-Implicit_dscp_55

 match access-group 101

class-map match-all CIP-Implicit_dscp_47

 match access-group 102

policy-map Voice-Map

 class voip-data

  set dscp ef

  police 320000 8000 exceed-action policed-dscp-transmit

 class voip-control

  set dscp cs3

  police 32000 8000 exceed-action policed-dscp-transmit

policy-map CIP-PTP-Traffic

 class CIP-Implicit_dscp_55

  set ip dscp 55

 class CIP-Implicit_dscp_47

  set ip dscp 47

 class CIP-Implicit_dscp_43

  set ip dscp 43

 class CIP-Implicit_dscp_any

  set ip dscp 31

 class CIP-Other

  set ip dscp 27

 class 1588-PTP-Event

  set ip dscp 59

 class 1588-PTP-General

  set ip dscp 47

interface FastEthernet1/1

 ptp enable

 alarm profile ab-alarm

 service-policy input CIP-PTP-Traffic

interface FastEthernet1/2

 ptp enable

 alarm profile ab-alarm

 service-policy input CIP-PTP-Traffic

interface FastEthernet1/3

 ptp enable

 alarm profile ab-alarm

 service-policy input CIP-PTP-Traffic

interface FastEthernet1/4

 ptp enable

 alarm profile ab-alarm

 service-policy input CIP-PTP-Traffic

interface FastEthernet1/5

 ptp enable

 alarm profile ab-alarm

 service-policy input CIP-PTP-Traffic

interface FastEthernet1/6

 ptp enable

 alarm profile ab-alarm

 service-policy input CIP-PTP-Traffic

interface FastEthernet1/7

 ptp enable

 alarm profile ab-alarm

 service-policy input CIP-PTP-Traffic

interface FastEthernet1/8

 ptp enable

 alarm profile ab-alarm

 service-policy input CIP-PTP-Traffic

interface GigabitEthernet1/1

 ptp enable

 alarm profile ab-alarm

 service-policy input CIP-PTP-Traffic

interface GigabitEthernet1/2

 ptp enable

 alarm profile ab-alarm

 service-policy input CIP-PTP-Traffic

interface Vlan1

 ip address 10.17.10.10 255.255.255.0

 no ip route-cache

 cip enable

ip default-gateway 10.17.10.1

ip http server

access-list 101 permit udp any eq 2222 any dscp 55

access-list 102 permit udp any eq 2222 any dscp 47

access-list 103 permit udp any eq 2222 any dscp 43

access-list 104 permit udp any eq 2222 any

access-list 105 permit udp any eq 44818 any

access-list 105 permit tcp any eq 44818 any

access-list 106 permit udp any eq 319 any

access-list 107 permit udp any eq 320 any

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps transceiver all

snmp-server enable traps tty

snmp-server enable traps cluster

snmp-server enable traps entity

snmp-server enable traps rep

snmp-server enable traps cpu threshold

snmp-server enable traps vtp

snmp-server enable traps vlancreate

snmp-server enable traps vlandelete

snmp-server enable traps flash insertion removal

snmp-server enable traps port-security

snmp-server enable traps auth-framework sec-violation

snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan

snmp-server enable traps envmon fan shutdown supply temperature status

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps config-ctid

snmp-server enable traps energywise

snmp-server enable traps rtr

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency

snmp-server enable traps syslog

snmp-server enable traps alarms informational

snmp-server enable traps mac-notification change move threshold

snmp-server enable traps vlan-membership

snmp-server enable traps errdisable

control-plane

line con 0

 password 7 1500040F0F3D2E2824

line vty 0 4

 password 7 1500040F0F3D2E2824

 login

line vty 5 15

 password 7 1500040F0F3D2E2824

 login

monitor flash reload-check

end

IE 3000 with Recommended System Setup Enabled

The following is a sample of an IE 3000 configuration after running Express Setup and enabling the recommended System Setup. The IE 3000 was running IOS Release 12.2(50)SE2 using the LAN BASE WITH WEB BASED DEV MGR feature set.

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname IE3000

boot-start-marker

boot-end-marker

enable secret 5 $1$rgWL$kPKiLLQdUlakTsiCTSshm.

no aaa new-model

clock timezone EST -5

clock summer-time EST recurring

system mtu routing 1500

ptp mode e2etransparent

udld aggressive

ip subnet-zero

ip igmp snooping querier

mls qos map policed-dscp  24 27 31 43 46 47 55 59 to 0

mls qos map dscp-cos  9 11 12 13 14 15 to 0

mls qos map dscp-cos  25 26 28 29 30 to 2

mls qos map dscp-cos  40 41 42 44 45 49 50 51 to 4

mls qos map dscp-cos  52 53 54 56 57 58 60 61 to 4

mls qos map dscp-cos  62 63 to 4

mls qos map cos-dscp 0 8 16 27 32 47 55 59

mls qos srr-queue input bandwidth 40 60

mls qos srr-queue input threshold 1 16 66

mls qos srr-queue input threshold 2 34 66

mls qos srr-queue input buffers 40 60

mls qos srr-queue input cos-map queue 1 threshold 2 1

mls qos srr-queue input cos-map queue 1 threshold 3 0 2

mls qos srr-queue input cos-map queue 2 threshold 2 4

mls qos srr-queue input cos-map queue 2 threshold 3 3 5 6 7

mls qos srr-queue input dscp-map queue 1 threshold 2 8 10

mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7

mls qos srr-queue input dscp-map queue 1 threshold 3 9 11 12 13 14 15 16 17

mls qos srr-queue input dscp-map queue 1 threshold 3 18 19 20 21 22 23 25 26

mls qos srr-queue input dscp-map queue 1 threshold 3 28 29 30

mls qos srr-queue input dscp-map queue 2 threshold 2 32 33 34 35 36 37 38 39

mls qos srr-queue input dscp-map queue 2 threshold 2 40 41 42 44 45 49 50 51

mls qos srr-queue input dscp-map queue 2 threshold 2 52 53 54 56 57 58 60 61

mls qos srr-queue input dscp-map queue 2 threshold 2 62 63

mls qos srr-queue input dscp-map queue 2 threshold 3 24 27 31 43 46 47 48 55

mls qos srr-queue input dscp-map queue 2 threshold 3 59

mls qos srr-queue output cos-map queue 1 threshold 3 7

mls qos srr-queue output cos-map queue 2 threshold 2 1

mls qos srr-queue output cos-map queue 2 threshold 3 0 2 4

mls qos srr-queue output cos-map queue 3 threshold 3 5 6

mls qos srr-queue output cos-map queue 4 threshold 3 3

mls qos srr-queue output dscp-map queue 1 threshold 3 59

mls qos srr-queue output dscp-map queue 2 threshold 2 8 10

mls qos srr-queue output dscp-map queue 2 threshold 3 0 1 2 3 4 5 6 7

mls qos srr-queue output dscp-map queue 2 threshold 3 9 11 12 13 14 15 16 17

mls qos srr-queue output dscp-map queue 2 threshold 3 18 19 20 21 22 23 25 26

mls qos srr-queue output dscp-map queue 2 threshold 3 28 29 30 32 33 34 35 36

mls qos srr-queue output dscp-map queue 2 threshold 3 37 38 39 40 41 42 44 45

mls qos srr-queue output dscp-map queue 2 threshold 3 49 50 51 52 53 54 56 57

mls qos srr-queue output dscp-map queue 2 threshold 3 58 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 3 43 46 47 48 55

mls qos srr-queue output dscp-map queue 4 threshold 3 24 27 31

mls qos queue-set output 1 buffers 10 25 40 25

mls qos queue-set output 2 buffers 10 25 40 25

no mls qos rewrite ip dscp

mls qos

crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR

 enrollment selfsigned

 serial-number

 revocation-check none

 rsakeypair HTTPS_SS_CERT_KEYPAIR

crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR

 certificate self-signed 01

  30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  3B311030 0E060355 04031307 49453330 30302E31 27300F06 03550405 13083143

  33303841 38303014 06092A86 4886F70D 01090216 07494533 3030302E 301E170D

  30393036 31373132 30393335 5A170D32 30303130 31303030 3030305A 303B3110

  300E0603 55040313 07494533 3030302E 3127300F 06035504 05130831 43333038

  41383030 1406092A 864886F7 0D010902 16074945 33303030 2E30819F 300D0609

  2A864886 F70D0101 01050003 818D0030 81890281 8100D1FD F4FED5F3 C28A8DDC

  864A2BF1 3D7D8853 64AB3775 0DB46748 938FDA4A 430B03B7 F01A939F 5F3A5BD0

  B20A182D D1AA826A 47B25679 85814D80 EFE26FFA 9AE20F8C 5CCE680E F23807FB

  3CC016D8 37385B12 F7D3EC82 D77A342F 2275092C 8CDD5E06 080B9312 930A3A66

  4572668E 3389E090 B9F18B63 DB927ADE 9752C2FD 3A570203 010001A3 67306530

  0F060355 1D130101 FF040530 030101FF 30120603 551D1104 0B300982 07494533

  3030302E 301F0603 551D2304 18301680 14443056 FBDE73C1 1766C192 3BCE4455

  590E2CC2 A0301D06 03551D0E 04160414 443056FB DE73C117 66C1923B CE445559

  0E2CC2A0 300D0609 2A864886 F70D0101 04050003 81810082 A8454321 5ECDA2F5

  574A48B7 A97324BD 357ED4DD 1BC8A1FF F9DB3AE9 FD9C134E F3C63CC7 CF613C41

  1D5F54D0 DEE2D8AC 5DD0DF81 52427FB0 CF53DF62 853CBA04 E893D820 221A2F6B

  638098E1 41EFC650 7BE0601A 06472FD9 E85B0F26 AC91C92F C6E6962D DD8123EE

  5112A029 3E43F872 54A2CE84 B3F1A045 845C40A0 6FD8C7

  quit

macro global description cisco-global | cisco-ie-global | cisco-ie-qos-map-setup | 
cisco-ie-qos-queue-setup

errdisable recovery cause link-flap

errdisable recovery interval 60

no mac authentication

mac authentication table version 0

spanning-tree mode mst

spanning-tree loopguard default

spanning-tree EtherChannel guard misconfig

spanning-tree extend system-id

alarm profile defaultPort

 alarm 3

 syslog 3

 notifies 3

alarm facility temperature primary relay major

alarm facility temperature primary syslog

alarm facility temperature primary notifies

vlan internal allocation policy ascending

class-map match-all 1588-PTP-General

 match access-group 107

class-map match-all 1588-PTP-Event

 match access-group 106

class-map match-all CIP-Implicit_dscp_any

 match access-group 104

class-map match-all CIP-Other

 match access-group 105

class-map match-all voip-data

 match ip dscp ef

class-map match-all voip-control

 match ip dscp cs3  af31

class-map match-all CIP-Implicit_dscp_43

 match access-group 103

class-map match-all CIP-Implicit_dscp_55

 match access-group 101

class-map match-all CIP-Implicit_dscp_47

 match access-group 102

policy-map Voice-Map

 class voip-data

  set dscp ef

  police 320000 8000 exceed-action policed-dscp-transmit

 class voip-control

  set dscp cs3

  police 32000 8000 exceed-action policed-dscp-transmit

policy-map CIP-PTP-Traffic

 class CIP-Implicit_dscp_55

  set ip dscp 55

 class CIP-Implicit_dscp_47

  set ip dscp 47

 class CIP-Implicit_dscp_43

  set ip dscp 43

 class CIP-Implicit_dscp_any

  set ip dscp 31

 class CIP-Other

  set ip dscp 27

 class 1588-PTP-Event

  set ip dscp 59

 class 1588-PTP-General

  set ip dscp 47

interface FastEthernet1/1

 ptp enable

interface FastEthernet1/2

 ptp enable

interface FastEthernet1/3

 ptp enable

interface FastEthernet1/4

 ptp enable

interface GigabitEthernet1/1

 ptp enable

interface GigabitEthernet1/2

 ptp enable

interface Vlan1

 ip address 10.17.10.11 255.255.255.0

 no ip route-cache

 cip enable

ip default-gateway 10.17.10.1

ip http server

ip http secure-server

access-list 101 permit udp any eq 2222 any dscp 55

access-list 102 permit udp any eq 2222 any dscp 47

access-list 103 permit udp any eq 2222 any dscp 43

access-list 104 permit udp any eq 2222 any

access-list 105 permit udp any eq 44818 any

access-list 105 permit tcp any eq 44818 any

access-list 106 permit udp any eq 319 any

access-list 107 permit udp any eq 320 any

control-plane

line con 0

line vty 0 4

 password rockwell

 login

line vty 5 15

 password rockwell

 login

monitor flash reload-check

end

Smartports

Stratix 8000

Automation Device

The Automation Device Smartport should be used for any EtherNet/IP devices. This includes controllers, HMI displays, distributed I/O, etc. The Automation Device Smartport enables the following features:

•Sets the port to host mode

•Enables MAC flooding attack protection

•Sets the VLAN number

•Enables the automation QoS policy

•Configures the output queues

•Enables the alarm profile

•Disables Cisco Discovery Protocol (CDP)

Macro name : ab-ethernetip

Macro type : default interface

# macro keywords $access_vlan

#macro description ab-ethernetip

switchport host

switchport port-security

switchport port-security maximum 1

switchport port-security violation restrict

switchport port-security aging type inactivity

switchport access vlan $access_vlan

service-policy input CIP-PTP-Traffic

priority-queue out

srr-queue bandwidth share 1 19 40 40

alarm profile ab-alarm

load-interval 30

no cdp enable

Automation Device with QoS

The Automation Device with QoS should be used for CIP Sync and CIP Motion devices. The Automation Device with QoS Smartport enables the following features:

•Sets the port in trunk mode

•Enables Spanning Tree Portfast

•Disables Dynamic Trunking Protocol (DTP)

•Sets the native VLAN number

•Enables MAC flooding attack protection

•Enables the automation QoS policy

•Configures the output queues

•Enables the alarm profile

•Disables Cisco Discovery Protocol (CDP)

•Sets the port to trust DSCP

Macro name : ab-syncmotion

Macro type : default interface

#macro keywords $native_vlan

#macro name ab-syncmotion

#macro description ab-syncmotion

switchport mode trunk

spanning-tree portfast trunk

switchport nonegotiate

switchport trunk native vlan $native_vlan

switchport port-security

switchport port-security maximum 1

switchport port-security violation restrict

switchport port-security aging type inactivity

service-policy input CIP-PTP-Traffic

priority-queue out

srr-queue bandwidth share 1 19 40 40

alarm profile ab-alarm

load-interval 30

no cdp enable

mls qos trust dscp

Desktop for Automation

The Desktop for Automation Smartport should be used for PCs used on the Cell/Area zone EtherNet/IP network. It should not be used for any systems running virtual machines with out turning the port security configuration off. If the Desktop for Automation Smartport is used with a virtual machine, the port security configuration will need to be modified using CNA or CLI. The Desktop for Automation Smartport enables the following features:

•Sets the port in access mode

•Set the VLAN number

•Enables MAC flooding attack protection

•Enables Spanning Tree Portfast

•Enables Spanning Tree BPDU Guard

•Enables the automation QoS policy

•Sets the alarm profile

Macro name : desktop-automation

Macro type : default interface

#macro keywords $access_vlan

#macro name desktop-automation

switchport mode access

switchport access vlan $access_vlan

switchport port-security

switchport port-security maximum 1

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input CIP-PTP-Traffic

no alarm profile

alarm profile ab-alarm

Switch for Automation

The Switch for Automation Smartport is used on ports that connect to other managed Ethernet switches. The Switch for Automation enables the following features:

•Sets the port in trunk mode

•Sets the native VLAN

•Sets Spanning Tree to use a point-to-point link

•Sets the port to trust COS

•Enables the automation QoS policy

•Configures the output queues

•Sets the alarm profile

Macro name : switch-automation

Macro type : default interface

#macro keywords $native_vlan

#macro name: switch-automation

switchport mode trunk

switchport trunk native vlan $native_vlan

spanning-tree link-type point-to-point

mls qos trust cos

service-policy input CIP-PTP-Traffic

priority-queue out

srr-queue bandwidth share 1 19 40 40

no alarm profile

alarm profile ab-alarm

The switch for Automation Smartport does not disable DTP. This must be done manually with the switchport nonegotiate interface configuration command.

Router for Automation

The Router for Automation Smartport is used on ports that connect to routers such as the Cisco 2800 Series ISR. The Router for Automation Smartport enables the following features:

•Sets the port in trunk mode

•Sets the native VLAN

•Enables Spanning Tree Portfast

•Enables Spanning Tree BPDU Guard

•Sets the port to trust DSCP

•Enables the automation QoS policy

•Configures the output queues

•Sets the alarm profile

Macro name : router-automation

Macro type : default interface

#macro keywords $native_vlan

#Macro name router-automation

switchport mode trunk

switchport trunk native vlan $native_vlan

spanning-tree portfast trunk

spanning-tree bpduguard enable

mls qos trust dscp

service-policy input CIP-PTP-Traffic

priority-queue out

srr-queue bandwidth share 1 19 40 40

no alarm profile

alarm profile ab-alarm

Phone for Automation

The Phone for Automation Smartport is used on ports that connect to a VoIP phone. The Phone for Automation Smartport enables the following features:

•Sets the port in access mode

•Sets the voice and data VLANs

•Enables MAC Flooding protection

•Enables Spanning Tree Portfast

•Enables Spanning Tree BPDU Guard

•Enables the VoIP QoS policy

•Configures the output queues

•Sets the alarm profile

Macro name : phone-automation

Macro type : default interface

#macro keywords: $access_vlan $voice_vlan

#macro  name phone-automation

switchport mode access

switchport access vlan $access_vlan

switchport voice vlan $voice_vlan

switchport port-security

switchport port-security maximum 2

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

no service-policy input CIP-PTP-Traffic

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input Voice-Map

srr-queue bandwidth share 10 10 60 20

no alarm profile

alarm profile ab-alarm

Wireless for Automation

The Wireless for Automation Smartport is used on ports that connect to wireless access points or Wireless LAN Controllers. The Wireless for Automation Smartport enables the following features:

•Sets the port in trunk mode

•Sets the native VLAN

•Disables Dynamic Trunking Protocol (DTP)

•Enables Spanning Tree BPDU Guard

•Sets the port to trust COS

•Enables the Automation QoS policy

•Configures the output queues

•Sets the alarm profile

Macro name : wireless-automation

Macro type : default interface

#macro keywords:  $native_vlan

 #macro name: wireless-automation

switchport mode trunk

switchport trunk native vlan $native_vlan

switchport nonegotiate

spanning-tree bpduguard enable

mls qos trust cos

service-policy input CIP-PTP-Traffic

srr-queue bandwidth share 1 19 40 40

no alarm profile

alarm profile ab-alarm

Port Mirroring

The Port Mirroring Smartport is used to mirror traffic from one interface to another. This feature is used in conjunction with a network traffic analyzer to troubleshoot system and application problems.

None

The None Smartport is used to clear all Smartport configurations from the port.

IE 3000

IE Desktop

The IE Desktop Smartport is used on ports that have a single desktop computer connected. The IE Desktop Smartport enables the following features:

•Sets the port to access mode

•Sets the VLAN number

•Enables MAC Address Flooding protection

•Enables Spanning Tree Portfast

•Enables Spanning Tree BPDU Guard

Macro name : cisco-ie-desktop

Macro type : default interface

# macro keywords $access_vlan

#macro name cisco-ie-desktop

switchport mode access

switchport access vlan $access_vlan

switchport port-security

switchport port-security maximum 1

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

spanning-tree portfast

spanning-tree bpduguard enable

IE Switch

The IE Switch Smartport is used on ports that connect to other switches. The IE Switch enables the following features:

•Sets the port to trunk mode

•Sets the native VLAN

•Sets the Spanning Tree link type to point-to-point

•Sets the port to trust CoS

•Enables the Automation QoS policy

•Configures the output queues.

Macro name : cisco-ie-switch

Macro type : default interface

# macro keywords $native_vlan

#macro name: cisco-ie-switch

switchport mode trunk

switchport trunk native vlan $native_vlan

spanning-tree link-type point-to-point

mls qos trust cos

service-policy input CIP-PTP-Traffic

priority-queue out

srr-queue bandwidth share 1 19 40 40

The switch for Automation Smartport does not disable DTP. This must be done manually with the switchport nonegotiate interface configuration command.

IE Router

The IE Router Smartport is used on ports that connect to Cisco routers such as the 2800 Series ISR. The IE Router smartport enables the following features:

•Sets the port to trunk mode

•Sets the native VLAN

•Enables Spanning Tree Portfast

•Enables Spanning Tree BPDU Guard

•Sets the port to trust DSCP

•Enables the automation QoS policy

•Configures the output queues

Macro name : cisco-ie-router

Macro type : default interface

# macro keywords $native_vlan

#Macro name cisco-ie-router

switchport mode trunk

switchport trunk native vlan $native_vlan

spanning-tree portfast trunk

spanning-tree bpduguard enable

mls qos trust dscp

service-policy input CIP-PTP-Traffic

priority-queue out

srr-queue bandwidth share 1 19 40 40

IE Phone

The IE Phone Smartport is used to connect VoIP phones to the switch. The IE Phone Smartport enables the following features:

•Sets the switch port to access mode

•Sets the voice and data VLANs

•Enables MAC Address Flooding protection

•Enables Spanning Tree Portfast

•Enables Spanning Tree BPDU Guard

•Sets the port to trust the CoS from the phone

•Sets the VoIP service policy

•Configures the output queues

Macro name : cisco-ie-phone

Macro type : default interface

# macro keywords $access_vlan $voice_vlan

#macro  name cisco-ie-phone

switchport mode access

switchport access vlan $access_vlan

switchport voice vlan $voice_vlan

switchport port-security

switchport port-security maximum 2

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

spanning-tree portfast

spanning-tree bpduguard enable

no service-policy input CIP-PTP-Traffic

mls qos trust device cisco-phone

mls qos trust cos

service-policy input Voice-Map

srr-queue bandwidth share 10 10 60 20

IE Wireless

The IE Wireless Smartport is used to connect to Access Points and Wireless LAN Controllers. The IE Wireless Smartport enables the following features:

•Set the port to trunk mode

•Set the native VLAN

•Disable Dynamic Trunking Protocol (DTP)

•Enables Spanning Tree BPDU Guard

•Set the port to trust CoS

•Configures the output queues

Macro name : cisco-ie-wireless

Macro type : default interface

#macro keywords $native_vlan

#macro name: cisco-ie-wireless

switchport mode trunk

switchport trunk native vlan $native_vlan

switchport nonegotiate

spanning-tree bpduguard enable

mls qos trust cos

srr-queue bandwidth share 1 19 40 40

Cisco EtherNet/IP

The Cisco EtherNet/IP Smartport is used to connect to EtherNet/IP devices such as PAC, distributed I/O, etc. The Cisco EtherNet/IP Smartport enables the following features:

•Sets the port to host

•Sets the access VLAN

•Enables broadcast storm control

•Enables the Automation service policy

•Configures the output queues

Macro name : cisco-ethernetip

Macro type : default interface

#macro keywords $access_vlan

#macro name cisco-ethernetip

#macro description cisco-ethernetip

switchport host

switchport access vlan $access_vlan

storm-control broadcast level 3.00 1.00

service-policy input CIP-PTP-Traffic

priority-queue out

srr-queue bandwidth share 1 19 40 40

Diagnostics

The Diagnostics Smartport is used to mirror traffic from one interface to another. This feature is used in conjunction with a network traffic analyzer to troubleshoot system and application problems.

None

The None Smartport is used to clear all Smartport configurations from the port.

	Converged Plantwide Ethernet (CPwE) Design and Implementation Guide
	Configurations
Converged Plantwide Ethernet (CPwE) Design and Implementation Guide Preface Converged Plantwide Ethernet Overview Converged Plantwide Ethernet Solution CPwE Solution Design—Cell/Area Zone Solution Design—Manufacturing and Demilitarized Zones Implementing and Configuring the Cell/Area Zone Plant Network Security and the Demilitarized Zone Testing the CPwE Solution CIP Motion CIP Sync Sequence of Events DHCP Persistence in the Cell/Area Zone Key Terms and Definitions Test Result Analysis Complete Test Data Configurations Reference Documents	Download this chapter Configurations Download the complete book Converged Plantwide Ethernet (CPwE) Design and Implementation Guide (PDF - 19 MB) Table Of Contents Configurations Express Setup Stratix 8000 IE 3000 with Recommended System Setup Enabled Smartports Stratix 8000 Automation Device Automation Device with QoS Desktop for Automation Switch for Automation Router for Automation Phone for Automation Wireless for Automation Port Mirroring None IE 3000 IE Desktop IE Switch IE Router IE Phone IE Wireless Cisco EtherNet/IP Diagnostics None Configurations Express Setup Stratix 8000 The following is a sample of a Stratix 8000 configuration after running Express Setup. The Stratix 8000 was running Release 3 (IOS version 12.2(50)SE2). version 12.2 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname Stratix8000 ! boot-start-marker boot-end-marker ! logging buffered 16384 no logging console enable secret level 1 5 $1$dIHm$S0Rzhzd9OWa9L5dgA5Egl. enable secret 5 $1$QIyE$FQLtO8wJiuyp.u3BYMi8n. ! no aaa new-model clock timezone EST -5 clock summer-time EST recurring cip security password rockwell system mtu routing 1500 ptp mode e2etransparent vtp mode transparent udld aggressive ip subnet-zero no ip source-route ! ! no ip domain-lookup ip igmp snooping querier ! mls qos map policed-dscp 24 27 31 43 46 47 55 59 to 0 mls qos map dscp-cos 9 11 12 13 14 15 to 0 mls qos map dscp-cos 25 26 28 29 30 to 2 mls qos map dscp-cos 40 41 42 44 45 49 50 51 to 4 mls qos map dscp-cos 52 53 54 56 57 58 60 61 to 4 mls qos map dscp-cos 62 63 to 4 mls qos map cos-dscp 0 8 16 27 32 47 55 59 mls qos srr-queue input bandwidth 40 60 mls qos srr-queue input threshold 1 16 66 mls qos srr-queue input threshold 2 34 66 mls qos srr-queue input buffers 40 60 mls qos srr-queue input cos-map queue 1 threshold 2 1 mls qos srr-queue input cos-map queue 1 threshold 3 0 2 mls qos srr-queue input cos-map queue 2 threshold 2 4 mls qos srr-queue input cos-map queue 2 threshold 3 3 5 6 7 mls qos srr-queue input dscp-map queue 1 threshold 2 8 10 mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7 mls qos srr-queue input dscp-map queue 1 threshold 3 9 11 12 13 14 15 16 17 mls qos srr-queue input dscp-map queue 1 threshold 3 18 19 20 21 22 23 25 26 mls qos srr-queue input dscp-map queue 1 threshold 3 28 29 30 mls qos srr-queue input dscp-map queue 2 threshold 2 32 33 34 35 36 37 38 39 mls qos srr-queue input dscp-map queue 2 threshold 2 40 41 42 44 45 49 50 51 mls qos srr-queue input dscp-map queue 2 threshold 2 52 53 54 56 57 58 60 61 mls qos srr-queue input dscp-map queue 2 threshold 2 62 63 mls qos srr-queue input dscp-map queue 2 threshold 3 24 27 31 43 46 47 48 55 mls qos srr-queue input dscp-map queue 2 threshold 3 59 mls qos srr-queue output cos-map queue 1 threshold 3 7 mls qos srr-queue output cos-map queue 2 threshold 2 1 mls qos srr-queue output cos-map queue 2 threshold 3 0 2 4 mls qos srr-queue output cos-map queue 3 threshold 3 5 6 mls qos srr-queue output cos-map queue 4 threshold 3 3 mls qos srr-queue output dscp-map queue 1 threshold 3 59 mls qos srr-queue output dscp-map queue 2 threshold 2 8 10 mls qos srr-queue output dscp-map queue 2 threshold 3 0 1 2 3 4 5 6 7 mls qos srr-queue output dscp-map queue 2 threshold 3 9 11 12 13 14 15 16 17 mls qos srr-queue output dscp-map queue 2 threshold 3 18 19 20 21 22 23 25 26 mls qos srr-queue output dscp-map queue 2 threshold 3 28 29 30 32 33 34 35 36 mls qos srr-queue output dscp-map queue 2 threshold 3 37 38 39 40 41 42 44 45 mls qos srr-queue output dscp-map queue 2 threshold 3 49 50 51 52 53 54 56 57 mls qos srr-queue output dscp-map queue 2 threshold 3 58 60 61 62 63 mls qos srr-queue output dscp-map queue 3 threshold 3 43 46 47 48 55 mls qos srr-queue output dscp-map queue 4 threshold 3 24 27 31 mls qos queue-set output 1 buffers 10 25 40 25 mls qos queue-set output 2 buffers 10 25 40 25 no mls qos rewrite ip dscp mls qos ! ! macro global description ab-password \| ab-global \| ab-qos-map-setup \| ab-qos-queue-setup ! ! ! errdisable recovery cause udld errdisable recovery cause bpduguard errdisable recovery cause security-violation errdisable recovery cause channel-misconfig errdisable recovery cause pagp-flap errdisable recovery cause dtp-flap errdisable recovery cause link-flap errdisable recovery cause sfp-config-mismatch errdisable recovery cause gbic-invalid errdisable recovery cause psecure-violation errdisable recovery cause port-mode-failure errdisable recovery cause dhcp-rate-limit errdisable recovery cause mac-limit errdisable recovery cause vmps errdisable recovery cause storm-control errdisable recovery cause arp-inspection errdisable recovery cause loopback errdisable recovery cause small-frame errdisable recovery interval 30 no mac authentication mac authentication table version 0 ! spanning-tree mode mst spanning-tree loopguard default spanning-tree portfast bpduguard default spanning-tree portfast bpdufilter default spanning-tree EtherChannel guard misconfig spanning-tree extend system-id ! alarm profile defaultPort alarm 3 syslog 3 notifies 3 ! alarm profile ab-alarm alarm 1 2 3 4 syslog 1 2 3 4 notifies 1 2 3 4 relay-major 2 relay-minor 1 3 4 ! alarm facility power-supply relay major alarm facility power-supply syslog alarm facility power-supply notifies alarm facility temperature primary relay major alarm facility temperature primary syslog alarm facility temperature primary notifies alarm facility temperature secondary relay minor alarm facility temperature secondary syslog alarm facility temperature secondary notifies alarm facility temperature secondary low 0 alarm facility temperature secondary high 90 ! vlan internal allocation policy ascending ! ! class-map match-all 1588-PTP-General match access-group 107 class-map match-all 1588-PTP-Event match access-group 106 class-map match-all CIP-Implicit_dscp_any match access-group 104 class-map match-all CIP-Other match access-group 105 class-map match-all voip-data match ip dscp ef class-map match-all voip-control match ip dscp cs3 af31 class-map match-all CIP-Implicit_dscp_43 match access-group 103 class-map match-all CIP-Implicit_dscp_55 match access-group 101 class-map match-all CIP-Implicit_dscp_47 match access-group 102 ! ! policy-map Voice-Map class voip-data set dscp ef police 320000 8000 exceed-action policed-dscp-transmit class voip-control set dscp cs3 police 32000 8000 exceed-action policed-dscp-transmit policy-map CIP-PTP-Traffic class CIP-Implicit_dscp_55 set ip dscp 55 class CIP-Implicit_dscp_47 set ip dscp 47 class CIP-Implicit_dscp_43 set ip dscp 43 class CIP-Implicit_dscp_any set ip dscp 31 class CIP-Other set ip dscp 27 class 1588-PTP-Event set ip dscp 59 class 1588-PTP-General set ip dscp 47 ! ! ! interface FastEthernet1/1 ptp enable alarm profile ab-alarm service-policy input CIP-PTP-Traffic ! interface FastEthernet1/2 ptp enable alarm profile ab-alarm service-policy input CIP-PTP-Traffic ! interface FastEthernet1/3 ptp enable alarm profile ab-alarm service-policy input CIP-PTP-Traffic ! interface FastEthernet1/4 ptp enable alarm profile ab-alarm service-policy input CIP-PTP-Traffic ! interface FastEthernet1/5 ptp enable alarm profile ab-alarm service-policy input CIP-PTP-Traffic ! interface FastEthernet1/6 ptp enable alarm profile ab-alarm service-policy input CIP-PTP-Traffic ! interface FastEthernet1/7 ptp enable alarm profile ab-alarm service-policy input CIP-PTP-Traffic ! interface FastEthernet1/8 ptp enable alarm profile ab-alarm service-policy input CIP-PTP-Traffic ! interface GigabitEthernet1/1 ptp enable alarm profile ab-alarm service-policy input CIP-PTP-Traffic ! interface GigabitEthernet1/2 ptp enable alarm profile ab-alarm service-policy input CIP-PTP-Traffic ! interface Vlan1 ip address 10.17.10.10 255.255.255.0 no ip route-cache cip enable ! ip default-gateway 10.17.10.1 ip http server access-list 101 permit udp any eq 2222 any dscp 55 access-list 102 permit udp any eq 2222 any dscp 47 access-list 103 permit udp any eq 2222 any dscp 43 access-list 104 permit udp any eq 2222 any access-list 105 permit udp any eq 44818 any access-list 105 permit tcp any eq 44818 any access-list 106 permit udp any eq 319 any access-list 107 permit udp any eq 320 any snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps rep snmp-server enable traps cpu threshold snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps alarms informational snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable ! control-plane ! ! line con 0 password 7 1500040F0F3D2E2824 line vty 0 4 password 7 1500040F0F3D2E2824 login line vty 5 15 password 7 1500040F0F3D2E2824 login ! monitor flash reload-check end IE 3000 with Recommended System Setup Enabled The following is a sample of an IE 3000 configuration after running Express Setup and enabling the recommended System Setup. The IE 3000 was running IOS Release 12.2(50)SE2 using the LAN BASE WITH WEB BASED DEV MGR feature set. version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname IE3000 ! boot-start-marker boot-end-marker ! enable secret 5 $1$rgWL$kPKiLLQdUlakTsiCTSshm. ! no aaa new-model clock timezone EST -5 clock summer-time EST recurring system mtu routing 1500 ptp mode e2etransparent udld aggressive ip subnet-zero ! ! ip igmp snooping querier ! mls qos map policed-dscp 24 27 31 43 46 47 55 59 to 0 mls qos map dscp-cos 9 11 12 13 14 15 to 0 mls qos map dscp-cos 25 26 28 29 30 to 2 mls qos map dscp-cos 40 41 42 44 45 49 50 51 to 4 mls qos map dscp-cos 52 53 54 56 57 58 60 61 to 4 mls qos map dscp-cos 62 63 to 4 mls qos map cos-dscp 0 8 16 27 32 47 55 59 mls qos srr-queue input bandwidth 40 60 mls qos srr-queue input threshold 1 16 66 mls qos srr-queue input threshold 2 34 66 mls qos srr-queue input buffers 40 60 mls qos srr-queue input cos-map queue 1 threshold 2 1 mls qos srr-queue input cos-map queue 1 threshold 3 0 2 mls qos srr-queue input cos-map queue 2 threshold 2 4 mls qos srr-queue input cos-map queue 2 threshold 3 3 5 6 7 mls qos srr-queue input dscp-map queue 1 threshold 2 8 10 mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7 mls qos srr-queue input dscp-map queue 1 threshold 3 9 11 12 13 14 15 16 17 mls qos srr-queue input dscp-map queue 1 threshold 3 18 19 20 21 22 23 25 26 mls qos srr-queue input dscp-map queue 1 threshold 3 28 29 30 mls qos srr-queue input dscp-map queue 2 threshold 2 32 33 34 35 36 37 38 39 mls qos srr-queue input dscp-map queue 2 threshold 2 40 41 42 44 45 49 50 51 mls qos srr-queue input dscp-map queue 2 threshold 2 52 53 54 56 57 58 60 61 mls qos srr-queue input dscp-map queue 2 threshold 2 62 63 mls qos srr-queue input dscp-map queue 2 threshold 3 24 27 31 43 46 47 48 55 mls qos srr-queue input dscp-map queue 2 threshold 3 59 mls qos srr-queue output cos-map queue 1 threshold 3 7 mls qos srr-queue output cos-map queue 2 threshold 2 1 mls qos srr-queue output cos-map queue 2 threshold 3 0 2 4 mls qos srr-queue output cos-map queue 3 threshold 3 5 6 mls qos srr-queue output cos-map queue 4 threshold 3 3 mls qos srr-queue output dscp-map queue 1 threshold 3 59 mls qos srr-queue output dscp-map queue 2 threshold 2 8 10 mls qos srr-queue output dscp-map queue 2 threshold 3 0 1 2 3 4 5 6 7 mls qos srr-queue output dscp-map queue 2 threshold 3 9 11 12 13 14 15 16 17 mls qos srr-queue output dscp-map queue 2 threshold 3 18 19 20 21 22 23 25 26 mls qos srr-queue output dscp-map queue 2 threshold 3 28 29 30 32 33 34 35 36 mls qos srr-queue output dscp-map queue 2 threshold 3 37 38 39 40 41 42 44 45 mls qos srr-queue output dscp-map queue 2 threshold 3 49 50 51 52 53 54 56 57 mls qos srr-queue output dscp-map queue 2 threshold 3 58 60 61 62 63 mls qos srr-queue output dscp-map queue 3 threshold 3 43 46 47 48 55 mls qos srr-queue output dscp-map queue 4 threshold 3 24 27 31 mls qos queue-set output 1 buffers 10 25 40 25 mls qos queue-set output 2 buffers 10 25 40 25 no mls qos rewrite ip dscp mls qos ! crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR enrollment selfsigned serial-number revocation-check none rsakeypair HTTPS_SS_CERT_KEYPAIR ! ! crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR certificate self-signed 01 30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030 3B311030 0E060355 04031307 49453330 30302E31 27300F06 03550405 13083143 33303841 38303014 06092A86 4886F70D 01090216 07494533 3030302E 301E170D 30393036 31373132 30393335 5A170D32 30303130 31303030 3030305A 303B3110 300E0603 55040313 07494533 3030302E 3127300F 06035504 05130831 43333038 41383030 1406092A 864886F7 0D010902 16074945 33303030 2E30819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D1FD F4FED5F3 C28A8DDC 864A2BF1 3D7D8853 64AB3775 0DB46748 938FDA4A 430B03B7 F01A939F 5F3A5BD0 B20A182D D1AA826A 47B25679 85814D80 EFE26FFA 9AE20F8C 5CCE680E F23807FB 3CC016D8 37385B12 F7D3EC82 D77A342F 2275092C 8CDD5E06 080B9312 930A3A66 4572668E 3389E090 B9F18B63 DB927ADE 9752C2FD 3A570203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603 551D1104 0B300982 07494533 3030302E 301F0603 551D2304 18301680 14443056 FBDE73C1 1766C192 3BCE4455 590E2CC2 A0301D06 03551D0E 04160414 443056FB DE73C117 66C1923B CE445559 0E2CC2A0 300D0609 2A864886 F70D0101 04050003 81810082 A8454321 5ECDA2F5 574A48B7 A97324BD 357ED4DD 1BC8A1FF F9DB3AE9 FD9C134E F3C63CC7 CF613C41 1D5F54D0 DEE2D8AC 5DD0DF81 52427FB0 CF53DF62 853CBA04 E893D820 221A2F6B 638098E1 41EFC650 7BE0601A 06472FD9 E85B0F26 AC91C92F C6E6962D DD8123EE 5112A029 3E43F872 54A2CE84 B3F1A045 845C40A0 6FD8C7 quit ! ! macro global description cisco-global \| cisco-ie-global \| cisco-ie-qos-map-setup \| cisco-ie-qos-queue-setup ! ! ! errdisable recovery cause link-flap errdisable recovery interval 60 no mac authentication mac authentication table version 0 ! spanning-tree mode mst spanning-tree loopguard default spanning-tree EtherChannel guard misconfig spanning-tree extend system-id ! alarm profile defaultPort alarm 3 syslog 3 notifies 3 ! alarm facility temperature primary relay major alarm facility temperature primary syslog alarm facility temperature primary notifies ! vlan internal allocation policy ascending ! ! class-map match-all 1588-PTP-General match access-group 107 class-map match-all 1588-PTP-Event match access-group 106 class-map match-all CIP-Implicit_dscp_any match access-group 104 class-map match-all CIP-Other match access-group 105 class-map match-all voip-data match ip dscp ef class-map match-all voip-control match ip dscp cs3 af31 class-map match-all CIP-Implicit_dscp_43 match access-group 103 class-map match-all CIP-Implicit_dscp_55 match access-group 101 class-map match-all CIP-Implicit_dscp_47 match access-group 102 ! ! policy-map Voice-Map class voip-data set dscp ef police 320000 8000 exceed-action policed-dscp-transmit class voip-control set dscp cs3 police 32000 8000 exceed-action policed-dscp-transmit policy-map CIP-PTP-Traffic class CIP-Implicit_dscp_55 set ip dscp 55 class CIP-Implicit_dscp_47 set ip dscp 47 class CIP-Implicit_dscp_43 set ip dscp 43 class CIP-Implicit_dscp_any set ip dscp 31 class CIP-Other set ip dscp 27 class 1588-PTP-Event set ip dscp 59 class 1588-PTP-General set ip dscp 47 ! ! ! interface FastEthernet1/1 ptp enable ! interface FastEthernet1/2 ptp enable ! interface FastEthernet1/3 ptp enable ! interface FastEthernet1/4 ptp enable ! interface GigabitEthernet1/1 ptp enable ! interface GigabitEthernet1/2 ptp enable ! interface Vlan1 ip address 10.17.10.11 255.255.255.0 no ip route-cache cip enable ! ip default-gateway 10.17.10.1 ip http server ip http secure-server access-list 101 permit udp any eq 2222 any dscp 55 access-list 102 permit udp any eq 2222 any dscp 47 access-list 103 permit udp any eq 2222 any dscp 43 access-list 104 permit udp any eq 2222 any access-list 105 permit udp any eq 44818 any access-list 105 permit tcp any eq 44818 any access-list 106 permit udp any eq 319 any access-list 107 permit udp any eq 320 any ! control-plane ! ! line con 0 line vty 0 4 password rockwell login line vty 5 15 password rockwell login ! monitor flash reload-check end Smartports Stratix 8000 Automation Device The Automation Device Smartport should be used for any EtherNet/IP devices. This includes controllers, HMI displays, distributed I/O, etc. The Automation Device Smartport enables the following features: •Sets the port to host mode •Enables MAC flooding attack protection •Sets the VLAN number •Enables the automation QoS policy •Configures the output queues •Enables the alarm profile •Disables Cisco Discovery Protocol (CDP) Macro name : ab-ethernetip Macro type : default interface # macro keywords $access_vlan #macro description ab-ethernetip switchport host switchport port-security switchport port-security maximum 1 switchport port-security violation restrict switchport port-security aging type inactivity switchport access vlan $access_vlan service-policy input CIP-PTP-Traffic priority-queue out srr-queue bandwidth share 1 19 40 40 alarm profile ab-alarm load-interval 30 no cdp enable Automation Device with QoS The Automation Device with QoS should be used for CIP Sync and CIP Motion devices. The Automation Device with QoS Smartport enables the following features: •Sets the port in trunk mode •Enables Spanning Tree Portfast •Disables Dynamic Trunking Protocol (DTP) •Sets the native VLAN number •Enables MAC flooding attack protection •Enables the automation QoS policy •Configures the output queues •Enables the alarm profile •Disables Cisco Discovery Protocol (CDP) •Sets the port to trust DSCP Macro name : ab-syncmotion Macro type : default interface #macro keywords $native_vlan #macro name ab-syncmotion #macro description ab-syncmotion switchport mode trunk spanning-tree portfast trunk switchport nonegotiate switchport trunk native vlan $native_vlan switchport port-security switchport port-security maximum 1 switchport port-security violation restrict switchport port-security aging type inactivity service-policy input CIP-PTP-Traffic priority-queue out srr-queue bandwidth share 1 19 40 40 alarm profile ab-alarm load-interval 30 no cdp enable mls qos trust dscp Desktop for Automation The Desktop for Automation Smartport should be used for PCs used on the Cell/Area zone EtherNet/IP network. It should not be used for any systems running virtual machines with out turning the port security configuration off. If the Desktop for Automation Smartport is used with a virtual machine, the port security configuration will need to be modified using CNA or CLI. The Desktop for Automation Smartport enables the following features: •Sets the port in access mode •Set the VLAN number •Enables MAC flooding attack protection •Enables Spanning Tree Portfast •Enables Spanning Tree BPDU Guard •Enables the automation QoS policy •Sets the alarm profile Macro name : desktop-automation Macro type : default interface #macro keywords $access_vlan #macro name desktop-automation switchport mode access switchport access vlan $access_vlan switchport port-security switchport port-security maximum 1 switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity spanning-tree portfast spanning-tree bpduguard enable service-policy input CIP-PTP-Traffic no alarm profile alarm profile ab-alarm Switch for Automation The Switch for Automation Smartport is used on ports that connect to other managed Ethernet switches. The Switch for Automation enables the following features: •Sets the port in trunk mode •Sets the native VLAN •Sets Spanning Tree to use a point-to-point link •Sets the port to trust COS •Enables the automation QoS policy •Configures the output queues •Sets the alarm profile Macro name : switch-automation Macro type : default interface #macro keywords $native_vlan #macro name: switch-automation switchport mode trunk switchport trunk native vlan $native_vlan spanning-tree link-type point-to-point mls qos trust cos service-policy input CIP-PTP-Traffic priority-queue out srr-queue bandwidth share 1 19 40 40 no alarm profile alarm profile ab-alarm The switch for Automation Smartport does not disable DTP. This must be done manually with the switchport nonegotiate interface configuration command. Router for Automation The Router for Automation Smartport is used on ports that connect to routers such as the Cisco 2800 Series ISR. The Router for Automation Smartport enables the following features: •Sets the port in trunk mode •Sets the native VLAN •Enables Spanning Tree Portfast •Enables Spanning Tree BPDU Guard •Sets the port to trust DSCP •Enables the automation QoS policy •Configures the output queues •Sets the alarm profile Macro name : router-automation Macro type : default interface #macro keywords $native_vlan #Macro name router-automation switchport mode trunk switchport trunk native vlan $native_vlan spanning-tree portfast trunk spanning-tree bpduguard enable mls qos trust dscp service-policy input CIP-PTP-Traffic priority-queue out srr-queue bandwidth share 1 19 40 40 no alarm profile alarm profile ab-alarm Phone for Automation The Phone for Automation Smartport is used on ports that connect to a VoIP phone. The Phone for Automation Smartport enables the following features: •Sets the port in access mode •Sets the voice and data VLANs •Enables MAC Flooding protection •Enables Spanning Tree Portfast •Enables Spanning Tree BPDU Guard •Enables the VoIP QoS policy •Configures the output queues •Sets the alarm profile Macro name : phone-automation Macro type : default interface #macro keywords: $access_vlan $voice_vlan #macro name phone-automation switchport mode access switchport access vlan $access_vlan switchport voice vlan $voice_vlan switchport port-security switchport port-security maximum 2 switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity no service-policy input CIP-PTP-Traffic spanning-tree portfast spanning-tree bpduguard enable service-policy input Voice-Map srr-queue bandwidth share 10 10 60 20 no alarm profile alarm profile ab-alarm Wireless for Automation The Wireless for Automation Smartport is used on ports that connect to wireless access points or Wireless LAN Controllers. The Wireless for Automation Smartport enables the following features: •Sets the port in trunk mode •Sets the native VLAN •Disables Dynamic Trunking Protocol (DTP) •Enables Spanning Tree BPDU Guard •Sets the port to trust COS •Enables the Automation QoS policy •Configures the output queues •Sets the alarm profile Macro name : wireless-automation Macro type : default interface #macro keywords: $native_vlan #macro name: wireless-automation switchport mode trunk switchport trunk native vlan $native_vlan switchport nonegotiate spanning-tree bpduguard enable mls qos trust cos service-policy input CIP-PTP-Traffic srr-queue bandwidth share 1 19 40 40 no alarm profile alarm profile ab-alarm Port Mirroring The Port Mirroring Smartport is used to mirror traffic from one interface to another. This feature is used in conjunction with a network traffic analyzer to troubleshoot system and application problems. None The None Smartport is used to clear all Smartport configurations from the port. IE 3000 IE Desktop The IE Desktop Smartport is used on ports that have a single desktop computer connected. The IE Desktop Smartport enables the following features: •Sets the port to access mode •Sets the VLAN number •Enables MAC Address Flooding protection •Enables Spanning Tree Portfast •Enables Spanning Tree BPDU Guard Macro name : cisco-ie-desktop Macro type : default interface # macro keywords $access_vlan #macro name cisco-ie-desktop switchport mode access switchport access vlan $access_vlan switchport port-security switchport port-security maximum 1 switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity spanning-tree portfast spanning-tree bpduguard enable IE Switch The IE Switch Smartport is used on ports that connect to other switches. The IE Switch enables the following features: •Sets the port to trunk mode •Sets the native VLAN •Sets the Spanning Tree link type to point-to-point •Sets the port to trust CoS •Enables the Automation QoS policy •Configures the output queues. Macro name : cisco-ie-switch Macro type : default interface # macro keywords $native_vlan #macro name: cisco-ie-switch switchport mode trunk switchport trunk native vlan $native_vlan spanning-tree link-type point-to-point mls qos trust cos service-policy input CIP-PTP-Traffic priority-queue out srr-queue bandwidth share 1 19 40 40 The switch for Automation Smartport does not disable DTP. This must be done manually with the switchport nonegotiate interface configuration command. IE Router The IE Router Smartport is used on ports that connect to Cisco routers such as the 2800 Series ISR. The IE Router smartport enables the following features: •Sets the port to trunk mode •Sets the native VLAN •Enables Spanning Tree Portfast •Enables Spanning Tree BPDU Guard •Sets the port to trust DSCP •Enables the automation QoS policy •Configures the output queues Macro name : cisco-ie-router Macro type : default interface # macro keywords $native_vlan #Macro name cisco-ie-router switchport mode trunk switchport trunk native vlan $native_vlan spanning-tree portfast trunk spanning-tree bpduguard enable mls qos trust dscp service-policy input CIP-PTP-Traffic priority-queue out srr-queue bandwidth share 1 19 40 40 IE Phone The IE Phone Smartport is used to connect VoIP phones to the switch. The IE Phone Smartport enables the following features: •Sets the switch port to access mode •Sets the voice and data VLANs •Enables MAC Address Flooding protection •Enables Spanning Tree Portfast •Enables Spanning Tree BPDU Guard •Sets the port to trust the CoS from the phone •Sets the VoIP service policy •Configures the output queues Macro name : cisco-ie-phone Macro type : default interface # macro keywords $access_vlan $voice_vlan #macro name cisco-ie-phone switchport mode access switchport access vlan $access_vlan switchport voice vlan $voice_vlan switchport port-security switchport port-security maximum 2 switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity spanning-tree portfast spanning-tree bpduguard enable no service-policy input CIP-PTP-Traffic mls qos trust device cisco-phone mls qos trust cos service-policy input Voice-Map srr-queue bandwidth share 10 10 60 20 IE Wireless The IE Wireless Smartport is used to connect to Access Points and Wireless LAN Controllers. The IE Wireless Smartport enables the following features: •Set the port to trunk mode •Set the native VLAN •Disable Dynamic Trunking Protocol (DTP) •Enables Spanning Tree BPDU Guard •Set the port to trust CoS •Configures the output queues Macro name : cisco-ie-wireless Macro type : default interface #macro keywords $native_vlan #macro name: cisco-ie-wireless switchport mode trunk switchport trunk native vlan $native_vlan switchport nonegotiate spanning-tree bpduguard enable mls qos trust cos srr-queue bandwidth share 1 19 40 40 Cisco EtherNet/IP The Cisco EtherNet/IP Smartport is used to connect to EtherNet/IP devices such as PAC, distributed I/O, etc. The Cisco EtherNet/IP Smartport enables the following features: •Sets the port to host •Sets the access VLAN •Enables broadcast storm control •Enables the Automation service policy •Configures the output queues Macro name : cisco-ethernetip Macro type : default interface #macro keywords $access_vlan #macro name cisco-ethernetip #macro description cisco-ethernetip switchport host switchport access vlan $access_vlan storm-control broadcast level 3.00 1.00 service-policy input CIP-PTP-Traffic priority-queue out srr-queue bandwidth share 1 19 40 40 Diagnostics The Diagnostics Smartport is used to mirror traffic from one interface to another. This feature is used in conjunction with a network traffic analyzer to troubleshoot system and application problems. None The None Smartport is used to clear all Smartport configurations from the port.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks

Table Of Contents

Configurations

Express Setup

Stratix 8000

IE 3000 with Recommended System Setup Enabled

Smartports

Stratix 8000

Automation Device

Automation Device with QoS

Desktop for Automation

Switch for Automation

Router for Automation

Phone for Automation

Wireless for Automation

Port Mirroring

None

IE 3000

IE Desktop

IE Switch

IE Router

IE Phone

IE Wireless

Cisco EtherNet/IP

Diagnostics

None