0 evaluări0% au considerat acest document util (0 voturi)
12 vizualizări1 pagină
The document provides recommendations for configuring access list filters and network interfaces when connecting a level 2 FTE community to level 3. It recommends:
- Allowing complete access only to the server IP range and established access to the remainder of the FTE subnet, while denying all other access.
- Configuring switch interfaces for 100 Mbps full duplex if SFP/GBIC connections are not used.
- Placing each FTE community in a separate subnet and configuring separate VLANs if using a level 3 switch with routing functionality.
The document provides recommendations for configuring access list filters and network interfaces when connecting a level 2 FTE community to level 3. It recommends:
- Allowing complete access only to the server IP range and established access to the remainder of the FTE subnet, while denying all other access.
- Configuring switch interfaces for 100 Mbps full duplex if SFP/GBIC connections are not used.
- Placing each FTE community in a separate subnet and configuring separate VLANs if using a level 3 switch with routing functionality.
The document provides recommendations for configuring access list filters and network interfaces when connecting a level 2 FTE community to level 3. It recommends:
- Allowing complete access only to the server IP range and established access to the remainder of the FTE subnet, while denying all other access.
- Configuring switch interfaces for 100 Mbps full duplex if SFP/GBIC connections are not used.
- Placing each FTE community in a separate subnet and configuring separate VLANs if using a level 3 switch with routing functionality.
Configure access list filters for the FTE communities that have the following:
– Allow complete access only to the server IP range.
– Allow established access to the remainder of the FTE subnet. – Deny all other access to the FTE subnet. • If SFP/GBIC connections are not used, configure the FTE switch’s router interfaces for 100-megabit full duplex. Attention The router must be connected to a switch interface configured as an uplink port, or to a SFP/GBIC based interface. 5 LEVEL 3 45 • Place each FTE community in a separate subnet. If the level 2 interconnecting device (level 3 switch/router) is a level 3 switch that uses routing functionality, separate VLANs must be configured for each subnet. 5.2.2 Using Redirection Manager (RDM) with Level 3 Honeywell’s Redirection Manager can use the FTE multicast test message multicast from the servers to keep track of when the primary OPC server goes off line. Honeywell recommends to only use the multicast when the OPC client is in the same FTE community as the servers. When the OPC client resides in level 3, or when the client is in another FTE community, a mechanism using ICMP must be selected. In this case, ICMP must be allowed between level 3 nodes and subnets. 5 LEVEL 3 46 www.honeywell.com
5.3 Level 2 to level 3 best practices
5.3.1 Best practice for multiple connections from level 2 to level 3 If you require dual connections between FTE backbone switches and level 3, the best practice is to use two routers running the Hot Standby Router Protocol (HSRP). HSRP provides a redundant level of protection in both connection and equipment for the level 3 router. The level 3 nodes can connect redundantly to both routers using dual Ethernet, FTE or they can be single attached to the primary router. The HSRP algorithm protects against level 2 cable failures when the level 3 nodes are single attached. Standardized configuration files cannot be used to configure the router. Honeywell recommends to consult the Honeywell Network Services for router configuration. 5.3.2 Connecting level 2 to level 3 The following diagram illustrates the level 2 LAN connected to the level 3 LAN with a router connecting the two layers. 5 LEVEL 3 47