- Preface
- CPwE Parallel Redundancy Protocol Overview
- CPwE Parallel Redundancy Protocol Design Considerations
- CPwE Parallel Redundancy Protocol Configuration
- CPwE Parallel Redundancy Protocol Monitoring and Troubleshooting
- References
- Test Hardware and Software
- Acronyms
- About the Cisco Validated Design Program
Deploying Parallel Redundancy Protocol within a Converged Plantwide Ethernet Architecture CVD
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- Updated:
- November 11, 2019
Chapter: CPwE Parallel Redundancy Protocol Configuration
CPwE Parallel Redundancy Protocol Configuration
IES Configuration
This section describes how to configure Stratix IES in the CPwE PRP architecture using recommendations provided in Chapter2, “CPwE Parallel Redundancy Protocol Design Considerations” The included configurations have been validated during testing. The network infrastructure has been configured to support HSRP routing redundancy, VLAN segmentation and VLAN trunking, multicast IACS traffic, and CIP Sync.
Note
The configuration examples and screen captures below are provided for Stratix 5700 and Stratix 5400 platforms and should be used only as reference. Configurations should be modified and applied according to the specific network topology, company standards, and practices.
Initial Configuration
Before configuring IES features for the PRP network, switches should be configured according to general recommendations and best practices for IACS networks:
- Apply initial configuration using Express Setup procedure, Plug-n-Play (PnP) method, Command Line Interface (CLI) using serial console connection, or by transferring the configuration file to the SD flash card.
- Make sure that all IES in the PRP network are assigned unique management IP addresses.
- Configure switch ports according to their function using Smartport roles. Smartports optimize switch port configuration according to the type of device connected to the port.
- Configure network protocols, security, and other settings on the switch as appropriate per your company’s policy and standards.
Configuration files can be transferred to a Stratix switch using SD flash cards, Stratix Device Manager, or Studio 5000 Logix Designer® Add-on Profile (AOP).
For more information, refer to:
- Stratix Managed Switches User Manual
https://literature.rockwellautomation.com/idc/groups/literature/documents/um/1783-um007_-en-p.pdf
Infrastructure IES Configuration
Configuration of infrastructure switches in LAN A and LAN B depends on the chosen topology and resiliency protocol in the LAN (if applicable). Refer to the Stratix switch user manual, corresponding application guides, and CPwE design guides for more information (see Appendix A, “References” ).
The next steps describe required or recommended settings for infrastructure IES that are specific to the PRP operation. IP addresses, VLAN IDs, and port numbers are examples only.
Step 1 Configure Maximum Transmission Unit (MTU) size to 1506 bytes or greater.
Note After submitting the MTU change, the switch will restart.
Figure 3-1 Configure System MTU Size
Step 2 If the infrastructure switch connects to a RedBox IES using VLAN trunking (Smartport Switch for Automation), configure PortFast Trunk on the port(s) connected to the RedBox.
Figure 3-2 Configure PortFast Trunk
PTP (CIP Sync) Configuration
Step 3 If time synchronization is enabled in the network (CIP Sync) and the switch supports PTP, configure PTP End-to-End Transparent mode.
Step 4 Enable PTP on the ports with CIP Sync devices in the PTP VLAN and on the trunk ports to other infrastructure switches. Disable PTP on the ports in other VLANs.
Figure 3-3 PTP Transparent Mode
IGMP Snooping Configuration
Step 5 Disable IGMP Querier on the switch. Leave IGMP Snooping enabled for all VLANs.
Step 6 Enable Extended Flood option with the default value of 10 seconds.
Step 7 Configure static mrouter on all ports in the possible path to the IGMP queriers for every VLAN that has multicast traffic. This step is necessary to help prevent multicast loss if there is a querier change, e.g., the HSRP failover. This is CLI only configuration.
- In a star or linear topology, configure uplink ports to the aggregation or distribution IES as static mrouter ports.
- In a ring topology, configure both ports in the ring as static mrouter ports.
- The above recommendations assume that RedBox IEs with HSRP are configured with lowest IP addresses in the VLAN and take the querier role in the election process.
Note CLI commands are executed in a terminal emulation software via a serial or USB console port or by using remote access methods such as Secure Shell (SSH). For more information on configuring switches using the CLI and its functionality, refer to the Cisco IOS Configuration Fundamentals Configuration Guide for the applicable IOS release version on the IES.
CLI Configuration Example
This is an example of the CLI commands for an infrastructure IES for steps 1-7 above. VLAN IDs and names are just examples. The CLI command syntax is specific to the test hardware and IOS version and may be different for your environment. Note that the other settings may also change depending on the switch platform, topology, resiliency protocol in the LAN, and other factors.
RedBox IES Configuration—Access Layer
The next steps describe required or recommended settings for RedBox IES that are specific to the PRP operation. These steps apply to the access layer RedBox IES (Layer 2 switches). IP addresses, VLAN IDs, and port numbers are examples only.
Parallel Redundancy Protocol Channel Configuration
Step 1 Configure ports that will be in the PRP channel for VLAN trunking using the Switch for Automation Smartport template. The applicable ports are shown in Table 3-1 .
|
|
|
|
|---|---|---|
Figure 3-5 Smartports for PRP Channel Ports
Step 2 Configure PortFast Trunk mode for ports that will be in the PRP channel.
Step 3 Configure PRP Channel Group(s) in the trunk mode.
Note A RedBox IEs can also be connected to the infrastructure with PRP ports and the PRP channel in the access mode (single VLAN, smartport Multiport Automation Device). In this case, the management interface of the RedBox and all VDANs are assigned to the same VLAN and IP subnet.
Step 4 Configure PortFast Trunk mode for the PRP channel logical interface. This is CLI only configuration.
Step 5 If PRP-enabled ports are using fiber media, disable Unidirectional Link Detection (UDLD) on the ports. UDLD is not supported with PRP and will cause fiber ports to go to err-disable mode. This is CLI only configuration.
For more information on selection of copper versus fiber media, refer to Appendices C-F of the Deploying A Resilient Converged Plantwide Ethernet Architecture Design and Implementation Guide :
PTP (CIP Sync) Configuration
Step 6 If time synchronization is enabled in the network (CIP Sync), configure PTP Boundary mode on the access layer RedBox IES. Configure Priority1 value as 10 (lower than default) and Priority2 value as 1.
Figure 3-8 PTP Configuration for Boundary Mode
Step 7 Verify that PTP is enabled on the PRP channel ports and on the ports with CIP Sync devices in the PTP VLAN. Disable PTP on the ports in other VLANs or on the ports that do not require CIP Sync operation.
Step 8 Configure PTP VLAN ID on the trunk ports, including the PRP channel ports if the trunk mode is used.
Figure 3-9 PTP Port Configuration
Step 9 Configure the following settings to improve PTP performance and resiliency (CLI only):
For more information on these settings and other considerations for plant-wide or site-wide time distribution refer to:
- Deploying Scalable Time Distribution within a Converged Plantwide Ethernet Architecture
https://literature.rockwellautomation.com/idc/groups/literature/documents/td/enet-td016_-en-p.pdf
CLI Configuration Example
This is an example of the CLI commands for an access layer RedBox IES for steps 1-9 above. The CLI command syntax is specific to the test hardware and IOS version and may be different for your environment.
RedBox IES Configuration—Distribution Layer
The next steps describe required or recommended settings for the distribution layer RedBox IES (Layer 3 switches with HSRP) in the CPwE PRP architecture. IP addresses, VLAN IDs, and port numbers are examples only.
Parallel Redundancy Protocol Channel Configuration
Step 1 Configure ports that will be in the PRP channel for VLAN trunking using the Switch for Automation Smartport template.
Step 2 Configure PortFast Trunk mode for ports that will be in the PRP channel.
Step 3 Configure PRP Channel Group(s) in the trunk mode. Enable IGMP General Query option.
Figure 3-10 PRP Channel for Distribution RedBox
Step 4 Configure PortFast Trunk mode for the PRP channel logical interface. This is CLI only configuration.
Step 5 If PRP-enabled ports are using fiber media, disable Unidirectional Link Detection (UDLD) on the ports. UDLD is not supported with PRP and will cause fiber ports to go to err-disable mode. This is CLI only configuration.
HSRP Configuration
Hot Standby Routing Protocol (HSRP) is enabled and configured on the Switch Virtual Interface (SVI) of each distribution switch for each VLAN in the PRP-enabled Cell/Area Zone. This section describes how to configure HSRP features to achieve optimum performance and fast convergence for routed traffic.
This is CLI only configuration.
Note HSRP feature is only available in the Layer 3 firmware type on Stratix 5400 switches (catalog numbers ending with -R) and Stratix 5410 switches (catalog numbers -RDC and -RAC).
- HSRP is enabled by configuring an instance, specified by an ID value, and the virtual IP that will be shared between the HSRP peers. The virtual IP will be used as the default gateway address for hosts in the PRP VLAN.
- The primary HSRP peer should be configured with the lower physical IP address so that it will win elections for protocols that do not rely on the virtual IP, such as IGMP. The secondary HSRP peer is typically assigned the next IP address in the subnet.
- The desired active peer should be configured with a higher HSRP priority so that it consistently wins the election.
- HSRP timers (hello and hold timers) should be decreased from default values to provide sub-second protocol convergence.
- HSRP preemption should be disabled. As a result, when the active HSRP RedBox IES reboots, it assumes the standby HSRP role, which minimizes routing convergence.
- The HSRP process should be delayed on startup to help prevent a new HSRP peer from assuming too quickly that it is the only peer in the network and taking on the active role.
Step 6 Configure each SVI on the primary HSRP switch. The following CLI configuration has been used for CPwE PRP testing:
Step 7 Configure each SVI on the secondary HSRP switch. The following CLI configuration has been used for CPwE PRP testing:
Layer 3 EtherChannel Configuration
For additional resiliency, distribution RedBox IES should be connected to the core switch infrastructure and to each other with Layer 3 (routed) EtherChannel links. Note that Layer 2 connections are not allowed between the RedBoxes except for the PRP channel ports.
Each distribution RedBox IES is configured with two Layer 3 EtherChannels: one for the uplink connection to the core switch, and another for a peer connection to the other distribution IES.
Step 8 Configure ports that will be part of the Layer 3 EtherChannel groups as routed ports (No IP Address).
Figure 3-11 Routed Port Configuration
Step 9 Configure two EtherChannel groups using previously configured routed ports. LACP Active mode is recommended. The channel mode should be compatible with the mode on the connected switch.
Figure 3-12 EtherChannel Configuration
Step 10 Configure IP address for each routed EtherChannel port according to the IP scheme in the routed network.
Figure 3-13 Routed EtherChannel Configuration
EIGRP Configuration
The following steps are provided only as an example of the EIGRP configuration that was used for the CPwE PRP testing. Note that routing protocol configuration can be very specific to the network environment and EIGRP parameters in your environment may be different.
Note Dynamic routing protocols like EIGRP are only available in the Layer 3 firmware type on Stratix 5400 switches (catalog numbers ending with -R) and Stratix 5410 switches (catalog numbers -RDC and -RAC).
The following steps apply to both distribution RedBox IES.
Step 11 Enable routing on the switch.
Step 12 Configure the EIGRP instance on the switch. In most cases, default settings are sufficient.
Step 13 Configure network addresses and wildcard masks for IP subnets that are associated with an EIGRP routing process. The network information should include IP subnets associated with the PRP VLANs.
Step 14 As best practice, suppress routing updates (Passive mode) on all ports not participating in the EIGRP. In this example, passive mode is enabled on the PRP channel ports (Gi1/1 and Gi1/2).
Figure 3-17 EIGRP Passive Interfaces
Step 15 If necessary, configure a static default route to the core switch or other static routes as required in your environment. Typically, the default route information is distributed from the core router to the distribution layer dynamically, in which case this step is not required.
IGMP Snooping Configuration
The following configuration steps are recommended for the distribution RedBox IES with the IGMP snooping querier role. In the CPwE PRP architecture, distribution IES (active and standby HSRP gateway) should be assigned the lowest IP addresses in each PRP VLAN to win the querier election.
Step 16 Enable IGMP Snooping for PRP VLANs where multicast traffic management is necessary. Enable IGMP Querier.
Figure 3-18 IGMP Snooping for Distribution RedBox
PTP (CIP Sync) Configuration
For information on how to configure RedBox IES in the boundary clock mode, see steps 6-9 in the previous section for the access layer RedBox IES.
The following steps are necessary only if the distribution RedBox IES are primary and backup Grandmaster clocks (NTP/PTP mode) for the PTP-enabled VLAN in the network. In this case, switches use NTP time source in the plant-wide or site-wide network to distribute time in the PTP-enabled VLAN.
Step 17 Configure the distribution IES with the active HSRP gateway role in the NTP-PTP Clock mode with Priority1 value 1 and Priority2 value 1 (primary Grandmaster).
Figure 3-19 NTP-PTP Mode for Primary Grandmaster
Step 18 Configure the distribution IES with the standby HSRP gateway role in the NTP-PTP Clock mode with Priority1 value 1 and Priority2 value 2 (secondary Grandmaster).
Figure 3-20 NTP-PTP Mode for Secondary Grandmaster
Step 19 For both distribution IES, verify that PTP is enabled on the PRP channel ports and configure PTP VLAN ID.
Step 20 Disable PTP on the Layer 3 EtherChannel ports.
Figure 3-21 PTP Port Configuration on Distribution IES
CLI Configuration Example
This is an example of the CLI commands for the primary distribution RedBox IES for steps 1-20 above.
- Configuration for the secondary distribution IES is similar except for IP addresses and HSRP priority values.
- PTP configuration is given for the NTP-PTP clock mode on the distribution switch. It does not apply when the Grandmaster clock is in the Cell/Area Zone (not on the distribution switches).
The CLI command syntax is specific to the test hardware and IOS version and may be different for your environment.
IACS Configuration
PRP-capable IACS devices do not require configuration of any PRP parameters. Certain DANs may require enabling PRP mode explicitly, for example if the device is capable of switching between PRP and DLR modes of operation. Refer to device user manual for details.
- To enable devices to communicate with each other across a PRP network, DAN, VDAN, and SAN IP addresses must be unique within the same subnet. In the CPwE PRP converged architecture with multiple VLAN and routing, unique address requirements apply to any device across the Cell/Area Zone.
- Static IP address assignment is recommended for DANs and SANs.
- Dynamic Host Configuration Protocol (DHCP) and DHCP Persistence per port on IES for DANs and SANs are outside of scope for this CPwE PRP release.
- DHCP Persistence per port feature is supported for VDANs connected to a Layer 2 RedBox IES.
Feedback