PROFINET Configuration Guide, Cisco Catalyst IE3x00, IE3400 Heavy Duty, and ESS3300 Series Switches
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The following Cisco Industrial IE switches meet the requirements of PROFINET Conformance Class B:
Cisco Catalyst IE3100 Rugged Series Switches
Cisco Catalyst IE3200 Rugged Series Switches
Cisco Catalyst IE3300 Rugged Series Switches
Cisco Embedded Services 3300 Series Switches
Cisco Catalyst IE3400 Heavy-Duty Series Switches
The rest of this document refers to these switches as "the switch."
PROFINET Conformance Class B is included PROFINET Real Time (RT). The switches do not support Isochronous Real Time (IRT).
Information About Configuring PROFINET
PROFINET is the leading Industrial Ethernet standard that uses TCP/IP and IT standards to connect and control machines in
real time. It is widely used in industrial automation and process control networks, especially for motion control and precision
instrumentation. PROFINET emphasizes fast, reliable data exchange and defines communication paths to meet different speed
requirements.
Conformance Classes: PROFINET has different conformance classes that define supported features.
Class B: Common in factory automation, it supports fast, real-time communication and diagnostics — ideal for applications like production
lines and equipment monitoring. Class B includes PROFINET Real Time (RT), which prioritizes important data to reduce delays, with cycle times around 10 ms. This makes RT suitable for tasks like
conveyor belt and packaging machine control. However, the switches do not support Isochronous Real Time (IRT), which is required for ultra-precise synchronization.
Communication Levels: PROFINET communication is scalable across three levels:
Non-Real-Time (NRT): Uses TCP/IP with bus cycle times around 100 ms.
Real-Time (RT): Enables faster cycle times, approximately 10 ms.
Isochronous Real-Time (IRT): Achieves highly precise synchronization with cycle times as low as 1 ms (not supported in Class B).
PROFINET I/O System: PROFINET I/O is a flexible communication framework for distributed automation. It uses cyclic data transfer to exchange information,
alarms, and diagnostics between controllers, I/O devices, and automation systems like motion controllers.
PROFINET Device Roles
An I/O controller is a programmable logic controller (PLC) that controls I/O devices and exchanges data such as configuration,
alarms, and I/O data through an automation program. The I/O controller and the I/O supervisor exchange diagnostic information.
The I/O controller shares configuration and I/O information with an I/O device and receives alarms from the I/O device.
There are three main types of I/O devices:
I/O Devices: Field devices connected to controllers.
I/O Controllers: Manage and control field devices.
I/O Supervisors: Tools for diagnostics and configuration.
Figure 1. PROFINET Device Roles
PROFINET is designed to serve as the sole or primary management system platform for industrial networks. It streamlines device
configuration and communication, reducing the need for manual setup.
Automatic Device Detection and Configuration:The I/O controller automatically detects switches using the Discovery and Configuration Protocol (DCP). It sets the device
name and IP address, so you don’t need to enter Cisco IOS commands for basic configurations.
Advanced Configuration with Cisco IOS: For advanced features, like Quality of Service (QoS), DHCP, and similar capabilities, you’ll need to configure the switch
using Cisco IOS commands. These advanced settings cannot be managed directly through PROFINET.
An I/O supervisor is an engineering station, such as a human machine interface (HMI) or PC, used for commissioning, monitoring,
and diagnostic analysis. The I/O supervisor exchanges diagnostic, status, control, and parameter information with the I/O
device.
An I/O device is a distributed I/O device such as a sensor, an actuator, or a motion controller.
Note
If Profinet DCP cannot detect the switch, PLC, or IO mac addresses, temporarily disable the firewall or virus scan from the
Windows PC that installed the Siemens STEP7 or TIA Portal Automation application.
In a PROFINET I/O system, all the I/O devices communicate over an Ethernet communication network to meet the automation industry
requirement for bus cycle times of less than 100 ms. The network uses switches and full-duplex data exchange to avoid data
collisions. The Cisco Catalyst IE3x00 Rugged Series
switches play the role of I/O device in PROFINET Device Roles.
PROFINET Device Data Exchange
After PROFINET uses DCP to discover devices, including the switch, the devices establish application relationships (ARs) and
communication relationships (CRs). After a connection is established and information about device parameters is exchanged,
I/O data is exchanged. The switch uses non-real-time CRs to exchange the data attributes listed below.
Table 1. PROFINET I/O Switch Attributes
PROFINET I/O Switch Configuration Attributes
Value or Action
Device name
Configures a name for the device.
TCP/IP
IP address, subnet mask, default gateway, and switch virtual interface (SVI).
Primary temperature alarm
Enables or disables monitoring for the specified alarm.
Secondary temperature alarm
Enables or disables monitoring for the specified alarm.
SD card alarm
Enables or disables monitoring for the specified alarm.
RPS failed alarm
Enables or disables monitoring for the redundant power supply alarm.
Note
Before enabling monitoring for the RPS failed alarm, the user must configure the command "power-supply dual" in CLI to trigger
an alarm when one of the power supplies is missing or inoperable.
Relay major alarm
Enables or disables monitoring for the specified alarm.
Reset to factory
Reset to factory (Mode 2: Communication parameter) Uses the PROFINET I/O controller to reset the switch communication parameter.
This action removes the Profinet device ID, IP address, and configured SNMP writable MIBs.
Relay major configuration
Specifies the type of port alarm, for example, link fault, that triggers the major relay. Any port configured with the specified
alarm type can trigger the major relay.
Table 2. PROFINET I/O Port Attributes
PROFINET I/O Port Configuration Attributes
Value or Action
Speed
10, 100, 1000, or auto.
Duplex
half, full, or auto.
Port mode
access or trunk.
Link status
shut down or no shut down.
Configure rate limiting
Broadcast, unicast, or multicast threshold exceeds configured levels.
Port link fault alarm
Enables or disables monitoring for specified alarm.
Port not forwarding alarm
Enables or disables monitoring for specified alarm.
Port not operating alarm
Enables or disables monitoring for specified alarm.
Port FCS threshold alarm
Enables or disables monitoring for specified alarm.
General Station Description File
PROFINET devices interwork by using a general station description (GSD) file that contains the data for engineering and data
exchange between the I/O controller, the I/O supervisor, and the I/O devices, including the switch. Each PROFINET I/O device
must have an associated GSD file that describes the properties of the device and contains all this information required for
configuration:
Device identification information (device ID, vendor ID and name, product family, number of ports)
Number and types of pluggable modules
Error text for diagnostic information
Communication parameters for I/O devices, including the minimum cycle time, the reduction ratio, and the watch dog time
Configuration data for the I/O device modules, including speed, duplex, VLAN, port security information, alarms, and broadcast
rate limiting thresholds
Parameters configured for I/O device modules for the attributes listed above
The PROFINET GSD file is bundled with the Cisco IOS release. After the switch boots at least one time, the GSD files for the
switch are located in a directory called ProfinetGSD. In this directory, there is a zip file containing all the GSDs for all
switch SKUs. The file is called CISCO_product_id.zip, for example, CISCO_IE3xxx.zip.
The GSD file is in the switch and the I/O supervisor uses this file to manage the switch. For IOS XE-based platforms, the
GSD file can be found in the Flash: or SDFlash: file system. If you want to load the GSD file for the Cisco IOS XE platform
into the I/O supervisor, you need to copy it from the switch.
Note
You must use the GSD file that is associated with the Cisco IOS release on the switch to manage your PROFINET network. Both
the I/O supervisor and the Cisco IOS software alert you to a mismatch between the GSD file and the switch's Cisco IOS software
version.
The status of GSD match or mismatch can be determined using the show profinet status command.
Configuring PROFINET
You can use either the SIMATIC STEP7 or TIA Portal Automation application on the I/O supervisor, or you can use the Cisco
IOS software to configure PROFINET on the switch.
After you enable PROFINET, Link Layer Discovery Protocol (LLDP) is automatically enabled on the switch because PROFINET relies
on LLDP to fully function. If you disable PROFINET, you can enable or disable LLDP as needed.
Configure the default PROFINET settings on a switch
This task explains how to activate PROFINET on a switch by enabling the default VLAN 1 configuration.
PROFINET is enabled by default on all switches. The default configuration operates on VLAN 1, but you can assign it to another
VLAN ID if required. By default, VLAN 1 is in a shutdown state when the switch is first powered on. To activate PROFINET on
an out-of-the-box switch, you must unshut VLAN 1.
Procedure
Step 1
Enter the global configuration mode, with the configure terminal command.
Example:
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Step 2
Access the VLAN 1 interface with the interface vlan 1 command.
Example:
Switch(config)#interface vlan 1
Specify VLAN 1 as the interface to be configured
Step 3
Enable VLAN 1 with the no shut command.
Example:
Switch(config-if)#no shut
Step 4
Exit the configuration mode.
Example:
Switch(config-if)#end
If PROFINET has been disabled, follow the specific procedure for enabling PROFINET on the switch in Enabling PROFINET
Note
Cisco devices undergo the Profinet Certification process to ensure compliance with industrial automation standards. During
this process, the use of non-standard protocols such as CDP results in test failures, preventing certification. As a result,
Cisco devices intended for Profinet environments must use IEEE standard LLDP instead of CDP.
Enabling PROFINET
To enable PROFINET, follow these steps:
Procedure
Step 1
Enter global configuration mode:
Switch# configure terminal
Step 2
Enable PROFINET on the switch:
Switch(config)# profinet
After PROFINET is enabled, you can configure the device as described in Configuring the Switch with STEP7/TIA (recommended) or by using the Cisco IOS commands provided in the subsequent steps.
Step 3
(Optional) Set the PROFINET device identifier (ID) by using the Cisco IOS software:
Switch(config)# profinet id line
The maximum length of the ID string can be 240 characters. The only special characters allowed are period (.) and hyphen (-),
and they are allowed only in specific positions within the ID string. The ID can have multiple labels within the string. Each
label can be from 1 to 63 characters, and labels must be separated by a period (.). The final character in the string must
not be zero (0).
For more details about configuring the PROFINET ID, see the PROFINET specification, document number TC2-06-0007a, filename
PN-AL-protocol_2722_V22_Oct07, available at PROFIBUS.
This step is optional and can be done through STEP7 or TIA PORTAL STEP 7 or the TIA Portal Automation application installed
on the Supervisor (recommended).
Step 4
(Optional) Change the VLAN number. The default VLAN number is 1. The VLAN ID range is from 1 to 4096. One PROFINET VLAN is
supported per switch.
Switch(config)# profinet vlan vlan_id
Note
You must create a VLAN before assigning a new VLAN to PROFINET if you are using a nondefault VLAN.
Step 5
Return to privileged EXEC mode:
Switch(config)# end
Step 6
Verify your entries:
Switch# show running-config
Step 7
(Optional) Save your entries in the configuration file:
Switch# copy running-config startup-config
Configuring the Switch with STEP7/TIA
Complete the following steps to configure the switch with STEP7/TIA. TIA v15.1 is used in the following example. Ensure that
you do not use the CLI to configure or modify the switch configuration when PROFINET and TIA are in use.
Procedure
Step 1
Check the availability of the GSD file on the switch. You must use the same version that matches the GSD file bundled with
the Cisco IOS release image.
In STEP7/TIA, choose Options > Manage general stations description files, and browse to the location of the GSD file on the PC through source path.
The tool displays all the available GSD files.
Check the check box adjacent to the appropriate the desired GSD file and click Install.
Step 3
After the installation is completed, give it a few seconds to update the Hardware catalog. Add the switch from the Hardware catalog:
In the Device view, configure IP address and PROFINET device name and save the configuration. These settings are for STEP7/TIA only; the switch is actually configured later during discovery
steps.
Configure the required expansion module or pluggable modules in Device view.
Step 4
After the device is added in the program, discover the device through the interface of the PC connected to the PROFINET topology.
Topology discovery uses LLDP for discovery. LLDP is enabled by default on the switch. You will see the new device listed as
Accessible device followed by the MAC address under the network card of the PC.
In the Devices pane on the left, under Online access, find the PC network card and click Update accessible device. This initiates the discovery of all the devices in the network.
Step 5
In the Devices pane, expand the Accessible device folder, and click Online & diagnostics to further configure the device.
In the IP address field, enter the IP address and click Assign IP address to push the IP address configuration to the switch.
In the PROFINET device name field, enter the device name and click Assign name to push the device name configuration to the switch.
Step 6
Download the project from STEP7/TIA and go online.
Compile, download, and load the project to the PLC (I/O Controller).
Go online.
Quality of Service for PROFINET
The switch prioritizes PROFINET traffic using a quality of service (QoS) policy, which is configured when the switch goes
into Connected mode. The default configuration for PROFINET QoS is shown here:
class-map match-all profinet-cos-2
match cos 2
class-map match-all profinet-cos-3
match cos 3
class-map match-all profinet-cos-1
match cos 1
class-map match-all profinet-cos-6
match cos 6
class-map match-all profinet-cos-7
match cos 7
class-map match-all profinet-cos-4
match cos 4
class-map match-all profinet-cos-5
match cos 5
!
policy-map profinet-qos
class profinet-cos-7
priority percent 10
class profinet-cos-6
bandwidth percent 1
class profinet-cos-5
bandwidth percent 1
class profinet-cos-4
bandwidth percent 1
class profinet-cos-3
bandwidth percent 1
class profinet-cos-2
bandwidth percent 1
class profinet-cos-1
bandwidth percent 1
interface GigabitEthernet1/1
service-policy output profinet-qos
!
interface GigabitEthernet1/2
service-policy output profinet-qos
To change the QoS policy, for example, for a PROFINET QoS configuration that works regardless of the VLAN tagging on interfaces,
it is best to match on PROFINET Ethertype.
COS is a value found in the VLAN tag of an Ethernet frame. To match on COS value, the PROFINET Ethernet frames must have a
VLAN tag associated with them. If PROFINET Ethernet frames are being forwarded through the network without VLAN tags, as shown
above, then this QoS policy may not work as expected.
mac access-list extended Profinet_macacl
permit any any 0x8892 0x0
!
!
class-map match-any COS_6_Class
match cos 6
class-map match-any class_match_profinet_in
match access-group name Profinet_macacl
!
policy-map Profinet_out_policy
class COS_6_Class
priority
policy-map Profinet_in_policy
class class_match_profinet_in
set cos 6
!
!
interface GigabitEthernet1/8
service-policy input Profinet_in_policy
!
interface GigabitEthernet1/9
service-policy output Profinet_out_policy
!
Note
Use the Cisco IOS show running-config command to view the IE switch configuration.
Profinet Connection Configuration
When a Profinet connection/session is established, the network device automatically applies and saves the CLI configurations
(including SNMP) given in the table below.
Table 3. CLI for the PROFINET Configuration
CLI
Purpose
snmp-server community private RW
snmp-server community public RO
Configure two Simple Network Management Protocol (SNMP) community strings, each with a read-write and read-only access.
LLDP
lldp timer 5
lldp holdtime 20
lldp run
Enable the Link Layer Discovery Protocol (LLDP) with a frame transmission interval of 5 seconds and a holdtime of 20 seconds.
CDP
no cdp run
Disable the Cisco Discovery Protocol (CDP).
Power-supply
power-supply dual
Set up the device to manage dual power supplies, ensuring it can operate redundantly if one power supply fails.
Preventing Default Gateway and CDP Loss During Reloads and Upgrades
Cisco IE switches have Profinet (PN) enabled by default to facilitate management through the Siemens TIA application portal,
similar to other I/O devices, Programmable Logic Controllers (PLCs), and I/O devices within the Local Area Network (LAN).
Upon reloading an Industrial Ethernet (IE) switch operating on Cisco IOS XE 17.x or performing an upgrade from version 16.x,
you may experience unexpected network connectivity disruptions. This phenomenon arises because the default gateway configuration
fails to persist in the running configuration, resulting in its silent disappearance. Moreover, the Cisco Discovery Protocol
(CDP) may also be disabled during this process. To rectify the loss of default gateway and CDP configurations, see the Recommended Solution section. While both the default gateway and CDP configurations are retained in the startup configuration, they do not appear
in the running configuration post-reload or upgrade.
Technical Evaluation
When the Profinet feature is active, the Profinet subsystem conducts several critical checks to ensure proper configuration:
Non-Zero Values: The switch IP address configured on the Profinet VLAN, gateway address, and netmask must all be non-zero.
Subnet Consistency: The IP address and gateway address must reside within the same subnet.
Uniqueness: The IP address and gateway address must not be identical.
If any of these conditions are not met while the Profinet feature is enabled, the default gateway configuration is removed
from the running configuration. Additionally, if you save this incomplete configuration to the startup configuration using
the write mem command, the erroneous settings will persist through power cycles.
Recommended Solution
To rectify the loss of default gateway and CDP configurations, execute the following steps:
Disable Profinet.
Enter the no profinet command to disable the Profinet feature.
Reconfigure settings.
Manually re-enter the CDP and default gateway configurations.
Save configuration.
Use the write mem command to save the updated configuration.
Verify configuration.
Optionally, reload the switch to confirm that the configurations are correctly reflected in the running configuration post-reload.
Check Profinet status.
Use the show profinet status to ensure that Profinet is disabled.
Monitoring and Maintaining PROFINET
Table 4. Commands for Displaying the PROFINET Configuration
Command
Purpose
show profinet alarm
Displays all the alarms supported by PROFINET.
show profinet lldp
Displays whether LLDP is active or inactive on the ports.
show profinet sessions
Displays the currently connected PROFINET sessions.
show profinet status
Displays the status of the PROFINET subsystem.
show profinet mrp ring 1
Displays the status of the MRP ring.
Note
PROFINET MRP is not supported for Cisco Catalyst IE3100 Rugged Series Switches in Cisco IOS XE Dublin 17.10.1b.
show lldp neighbor interface interface_numberdetail
Displays information about the adjacent interface.
The following example displays the PROFINET status and currently connected PROFINET sessions.
Switch#sh profinet status
Profinet : Enabled
Connection Status : Connected
Vlan : 1
Profinet ID : dut
GSD version : Match
Reduct Ratio : 128
MRP : Enabled
MRP License Status : Active
MRP Max Rings Allowed : 3
Switch#sh profinet session
Session #1
----------
Connected: Yes
Number Of IO CR's: 2
Number Of DiffModules: 0
Session #2
----------
Connected: No
Number Of IO CR's: 0
Number Of DiffModules: 2
Session #3
----------
Connected: No
Number Of IO CR's: 0
Number Of DiffModules: 0
Session #4
----------
Connected: No
Number Of IO CR's: 0
Number Of DiffModules: 0
**************************
Mode = Standard Mode
Monitoring Configuration Changes in PROFINET Sub-Systems
The PROFINET sub-system operates in real-time and adjusts the configuration of the device based on provisions made by remote
engineering tools such as TIA Portal or in response to incoming network traffic. These dynamic updates to the running configuration
often occur without your awareness. As a result, this can potentially lead to unexpected changes in system behavior.
To enhance user awareness and system transparency, syslog messages are generated whenever modifications occur in critical
configuration fields. By monitoring these syslog messages, you can stay informed about real-time changes to the system configuration,
ensuring better management and understanding of the PROFINET environment.
The following fields or protocols generate syslogs:
Link Layer Discovery Protocol (LLDP)
Cisco Discovery Protocol (CDP)
Simple Network Management Protocol (SNMP)
IP address and gateway configurations
Example of the syslog messages:
*Jun 19 14:41:11.247: %PROFINET_MODULE-6-PN_RUNNING_CONFIG: IP / netmask: persistent configuration applied
*Jun 19 14:41:11.248: %PROFINET_MODULE-6-PN_RUNNING_CONFIG: Gateway IP criteria met, configuring default gateway
*Jun 19 14:41:11.260: %SYS-5-CONFIG_I: Configured from console by vty0
*Jun 19 14:41:11.260: %PROFINET_MODULE-6-PN_RUNNING_CONFIG: CDP Global: service stopped
*Jun 19 14:41:11.276: %SYS-5-CONFIG_I: Configured from console by vty0
*Jun 19 14:41:11.280: %SYS-5-CONFIG_I: Configured from console by vty0
*Jun 19 14:41:11.280: %PROFINET_MODULE-6-PN_RUNNING_CONFIG: SNMP Global: service started
%PROFINET_MODULE-6-PN_RUNNING_CONFIG: LLDP Global: Tx Freq = 5 secs & Holdtime = 20 secs
*Jun 19 14:41:44.283: %PROFINET_MODULE-6-PN_RUNNING_CONFIG: Applying dot1p config on one or more interfaces
Troubleshooting PROFINET
The PLC has LEDs that display red for alarms. The I/O supervisor software monitors those alarms.
To troubleshoot PROFINET, use the debug profinet privileged EXEC command with the keywords listed in the following table.
Caution
Be aware that the output of a debug command might cause a Telnet connection to fail due to long debug outputs. When you use this command, use the serial or console
port rather than Telnet using Ethernet to access the Cisco IOS CLI. You should use these commands only under the guidance
of a Cisco Technical Support engineer.
Table 5. Commands for Troubleshooting the PROFINET Configuration
Command
Purpose
debug profinet alarm
Displays the alarm status (on or off) and content of the PROFINET alarms.
debug profinet cyclic
Displays information about the time-cycle-based PROFINET Ethernet frames.
debug profinet error
Displays the PROFINET session errors.
debug profinet packet ethernet
Displays information about the PROFINET Ethernet packets.
debug profinet packet udp
Displays information about the PROFINET Upper Layer Data Protocol (UDP) packets.
debug profinet platform
Displays information about the interaction between the Cisco IOS software and PROFINET.
Feedback