westermo 4100 Configuration and Management Tool User Guide

June 5, 2024
westermo

4100 Configuration and Management Tool
User Guide

WeConfig
Westermo Configuration and Management Tool, version 1.15

Legal information
The contents of this document are provided “as is”. Except as required by applicable law, no warranties of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose, are made in relation to the accuracy and reliability or contents of this document. Westermo reserves the right to revise this document or withdraw it at any time without prior notice.
Under no circumstances shall Westermo be responsible for any loss of data or income or any special, incidental, consequential or indirect damages howsoever caused.
More information about Westermo can be found at http://www.westermo.com

WeConfig Quick Start Guide

The Westermo configuration and management tool, WeConfig, is used for the configuration and maintenance of Westermo products.

Installation

To be able to locate the connection to the WeConfig computer, use WinPcap 4.1.3 or Npcap 1.6 or later. WinPcap is installed by default unless WinPcap or Npcap is already installed.
If neither WinPcap nor Npcap is installed, WeConfig will run in a reduced mode and not all functionality will be available.
config will not be able to find the connection between the computer and the network if the NIC discards LLDP frames. This is known to happen with low-end USB NICs.
Note! If you are using Npcap make sure that you have acquired a valid license. Licensing details are available at https://npcap.com.

Device Requirements

WeConfig is designed for Westermo devices with WeOS version 4.13 or later. WeConfig will however find and try to display some information about other types of devices too.  Earlier WeOS versions might have functional features, but they are however not supported.
The following functionalities must be enabled on the managed switches/routers to get the most out of the tool:

  • IPConfig protocol

  • HTTPS (Web) must be enabled on port 433. The administrator password must be set up in the Project settings dialogue.

  • SNMP protocol
    – The read community must be set. The same read community must be set up in the Project settings dialogue.
    – The SNMP trap host must be set to the IP address of the WeConfig computer if traps should be listed in WeConfig. For full functionality, MS Windows Trap Host server needs to be disabled. WeConfig has its own built-in trap host server.

  • LLDP protocol

  •  SSH must be enabled

The functionality depends on the respective item above is described below.

  • Use SNMP to gather information from the device. This includes topology information in order to draw a device map. The topology information gathered with the use of  SNMP requires the LLDP protocol to be enabled on the devices.
  • The link information and automatic unit discovery can be performed if SNMP traps are set up on the devices. The topology map will mark link status based on link traps received, and new devices connected can be automatically discovered through link traps.
  • Basic Setup uses the IPConfig protocol to configure devices. IPConfig protocol must be enabled on the devices to use Basic Setup.
  • Backup, restore, firmware and bootloader upgrade all use the HTTPS interface.
  • Upgrade with HTTPS-upload method uses the HTTPS interface.
  • All configuration functions are performed with SSH; hence SSH must be enabled on the target devices.

When the launch of interactive SSH sessions to the devices (e.g. via context menu), WeConfig will start Putty (see http://www.putty.org/). To use another SSH client, it must be set up in the tool settings.

Basic Usage

User Interfacewestermo 4100 Configuration and Management Tool - figure
1

In the top section, the global operations are present. There is a drop-down list to select between:

  • Device scan, either using:
    – Discovery – combines Westermo IPConfig protocol and DNS, or
    – ICMP Ping Discovery (See chapter “4.3 Scan for Devices” for more information)

  • Update of device information with the use of SNMP

There is also a Project button for project management up in the left corner.
On the right top side there is a Flag button for notifications (see chapter “4.5 Notifications”, a search field used to search for devices (it can handle multiple search terms to narrow down the search result), a user guide button, a cog wheel button for tool settings, an i button for information and a stop button to stop ongoing work.

The large empty area is split into two main tabs: the Topology view, and the Diagnostics view. The Topology view contains two tabs: a Physical Network and a Logical Network.

  • Topology
    The Physical Network will display network devices and their connections. To the left in this tab are display options for the Topology view, e.g. zoom and auto layout and alignment functionality. The “i” icon gives more information about links in the topology map. The “eraser” icon clears the project from devices but keeps settings and configuration backup files. The area to the right, the operations panel, contains different tabs for information display and configuration and maintenance.
    The Logical Network will display network devices divided into logical groups. The groups are displayed to the left in a tree-view. To group devices, select the desired devices and select the Make layer. To ungroup, select the group and select “Deconstruct layer”.

  • Diagnostics
    The Diagnostics view shows a graph of monitored devices and applicable data sources.

The bottom panel main view is the list view where all detected devices will be listed after a scan (Devices tab). It also contains a Traps tab, Communication Summary tab, and Attachments tab.
Optionally, it contains an Alarms & Events tab, if the alarm monitor is enabled. The Filters button to the left in the Devices tab shows/hides a filter panel where predefined filters can be applied to the device list and the topology map. The Devices tab and the Traps tab can be undocked (click the icon) and resized. When undocked, just close the window to dock it again.

Align Devices

To align devices in the topology, select the desired devices and select an appropriate edge to align on. For example, elect to align to the top, all devices are aligned to the top. The baseline for the alignment is the topmost device of the selected devices. Align on the bottom, left and right sides work the same way. To make the space between devices equal, use the distribute function. For example, select an array of devices, and choose to distribute horizontally. WeConfig will then measure the distance between the left and right most device. The measured distance will then be equally divided among the devices between the left and right most device. WeConfig will only move the middle devices along the horizon.

Distribute space vertically works similarly but along the vertical. Note that WeConfig does not guarantee that there will be any space between the devices after a distribution operation. For example, if the distance between the left and right of most devices is less than required, then the devices will overlap along the horizon. No, align or distribute operation take connections between devices into consideration. These operations are purely geometrical.

Lock Topology
Click the Padlock in the left panel to lock or unlock the topology view. When it is locked it is not possible to move devices with the mouse nor with the Auto Layout or Align  Selected Devices buttons.
Zoom and Pan still work when locked.
Undo/Redo
The Undo/Redo operations apply to actions made in the topology view, such as moving or deleting devices or connections. Undo and Redo buttons are located in the left panel but keyboard shortcuts can also be used, Ctrl+Z to undo and Ctrl+Y to redo.
Context Menu
Right-click in the topology and a context menu is shown.
Right-click in the white area between the devices, and the context menu should only contain one option.
Right-click on a device and the menu contains several options. The context menu options might change depending on the type of selected device.

Add Device
Add device allows adding devices ad-hoc to the topology. The application will ask for a model, IP address, hostname, and location.
Set Image
Right-click a non-Westermo device to bring up the context menu with the Set Image option. Use this to set a custom image for the device.
Blink “ON”-LED
Right-click a Westermo device to bring up the context menu with the Blink “ON”-LED option. Using this option will start the device’s “ON”-LED to blink which makes it easier to identify the device visually. The device will keep blinking as long as it is selected.
Under the access sub-menu, three choices are given to access the device, either through HTTP, HTTPS or SSH/CLI. If SSH/CLI is elected, the configured SSH client is used  (see application settings for options).

Add Connection
This is used to set the connection between two devices manually.
Copy Device
Select Copy Device from the context menu on the source device. WeConfig will copy the settings from the latest saved backup configuration for the device. Right-click the  target device and choose Paste and Restore. WeConfig will change the settings for the target device to the settings from the source device. This is a useful operation when a  faulty device has been replaced with a new one.
Delete Devices
This removes the selected devices and all their connections from the topology.
Reboot
This reboots the selected device.
Factory Reset
Factory Reset resets the selected device to the factory configuration. Use with caution.
Disable/Enable SNMP
Select this option to enable/disable SNMP. Note: Only valid for MRD/BRD devices.

Scan for Devices
To get started, a scan operation is necessary. To get as much information as possible with the scan operations, the SNMP read community string should first be set in the project settings dialogue to allow automatic SNMP queries to collect information about the units, e.g. the topology information to draw the topology map.
Perform a re-scan and any newly found devices will be located at a fixed position on the topology map, with a slight overlap of each other. An auto- layout performance or to the position by hand is necessary. Each newly detected device will also be marked with a “New” icon; this icon will be removed in the next scan or when the project is saved.
Devices will not be automatically removed at any time. They can be deleted with the context menu on devices in the topology map or in the device list. Links between devices can also be removed manually; just click the “i” icon on the left to show the information icon on all links, click the information icon for the link of interest and operate on displayed info.
The links between devices are displayed in different colors based on the type. Blue color for fiber, brown for copper, green for DSL, and black for manually added links or unknown types.
Discovery Scan
The Discovery scan is recommended for new units (factory default settings) or unknown configurations. The Discovery scan combines IPConfig, DNS, and Powerline scan.  The scan will find devices and show them in the topology where further operations can be performed. Note, the IPConfig protocol can be turned off on the Westermo devices.  If so, they will not be identified with the IPConfig protocol. The mDNS and Powerline scan can be enabled/disabled from general Settings, see chapter “4.6 Settings”.
Powerline scan is disabled per default.

Select an IP address in the drop-down list to scan with the associated network interface. The subnet mask for the IP address should be 255.255.255.0. If a different subnet mask  is used, an alternative IP address can be added, see chapter “4.3.3 Alternative IP Setting”.

ICMP Ping Discovery
The ICMP Ping Discovery is recommended for the scan of units when they are configured since it will also find other units in the network, and thus get a more complete map of the network. If devices from other vendors supply topology information in the same manner as WeOS devices, the topology map will also be able to display their connections in the topology view.

Enter a start address and end address for the IP range to ping. Click the red Cancel button to cancel a ping scan operation in progress.

Alternative IP Setting
An address with subnet mask 255.255.255.0 must be used to scan, due to a shortcoming in the IPConfig protocol. To work around this problem, there are two solutions: Let  WeConfig use WinPcap or Npcap (WinPcap is installed with WeConfig if neither WinPcap nor Npcap is installed), to let WeConfig work around the limitations of IPConfig, or follow the text below.
Make sure that the PC’s interface connected to the device network is a member of a subnet that is 8 bits wide. If no such subnet is available, add an additional address for a smoother operation. Make sure the address selection does not interfere with other devices in the network.
Open Network Settings with the Windows control panel in the TCP/IP properties dialogue and click the Advanced button.

Now click the Add button and enter an alternative address with subnet mask 255.255.255.0. There should now be two addresses available. westermo 4100
Configuration and Management Tool - figure 8

Diagnostics
In Trend diagnostics, the following data sources can be plotted:

• Available memory • RSSI
• CPU load • SFP Rx/Tx Power
• Device temperature • SFP Port temperature
• FRNT change count • SHDSL SNR margin
• PoE Power

To monitor the data source, select the desired devices in the list below, and click the Add button located on the right side. Only the applicable data sources for the selected devices will be possible to probe. Select the desired data source on the devices in the list on the right side and click the Start button.
If needed to log the sample data for later analysis, make sure to check just below the graph, and select a path to the file. It is imperative not to open the CSV file in Excel or any other application at the sample, as the file might become locked then.

westermo 4100 Configuration and Management Tool - figure
9

It is possible to show and hide individual graphs at the sampling. Click the “eye” icon in the list of monitored devices on the right side. Although WeConfig will auto-assign colors to each graph, it is possible to change the color for each graph. Select the color of choice in the combo box in the device list.
Click on any individual graph line to trace the line and then move the mouse near the graph line.
WeConfig will show a cross hair on the graph line, and a panel with the exact value at that point on the graph.

Use the scroll wheel on the mouse to zoom in and out on the graph. Right-click on the graph. Drag the mouse while the right button is pressed down to pan the graph up/down/left/right. Click the middle mouse button, and keep it pressed down. Form a rectangular area over the graph. When the middle button is released, the selected area will be zoomed in. It is possible to reset the zoom.
Double-click the middle button or click the Reset Zoom button. When a monitor session is restarted, the graph is cleared.  Data saved to CSV will not be lost. A new monitor session will add data to the CSV file, not replace it.

Notifications
WeConfig has an information section where notifications are shown. Three types of notification severities are shown:

  • Information
  • Warnings
  • Errors
    westermo 4100 Configuration and Management Tool - figure
10

Click the “flag” icon in the upper right to view/hide the notification list. Use the Pin button to pin the
information. Each notification can then be expanded to show more details. The flag changes color
depending on the severity of the notifications in the list:

  • Blue = Information
  • Yellow = Warnings
  • Red = Errors
  • Unfilled = No notifications

The number (if any) presented in a badge over the “flag” icon indicates how many unread notifications that exist in the list. The badge will flash for a short time to indicate that new notifications exist.

The notifications are grouped in categories:

  • Application – This shows information about the application. Can be hinted about installation packages, error information, configuration guideline, etc.
  • Security Advisories – Known security advisories for products published by Westermo.
  • Software Updates – Information that new versions are available. Can be new firmware for Westermo devices, new language packages, new WeConfig etc.
  • Security Hardening – If Security Scanning is enabled, WeConfig can identify security hardening possibilities and suggest actions.

Settings
Settings made via the cogwheel are valid for the applications and will automatically be applied for all new projects (can be changed per project, see chapter “5.2 Settings”).
The following settings can be made:

  • Application – Configure search path to firmware, editors, SSH client, etc. from here configured.

  • Default Project – Same settings as for the project settings (see chapter “5.2.1 General”).

  • Advanced – Settings regarding graphical layout and the possibility to enable/disable automatic hardening scanning. Settings regarding discovery can be set here. Powerline and mDNS scan can be enabled/disabled. For DNS, there is also the possibility to enable/disable ARP-ing of
    link-local addresses for the PC.

  • Notifications – Notifications that are not of interest to a user can be set as ignored from the Notifications area. This means that any following notifications of this type will not be viewed.
    Here in the settings dialog, these settings can be turned on/off.

Projects

Management
Projects are saved, renamed or deleted with the options found under the Project button in the top panel. The projects can be password protected with a password, look at the  Project menu.

Settings
Project settings are also found under the Project button in the top panel.

General
In this dialog, the following can be configured: severity of the notifications in the list:

  • Default settings for SNMP read community
  • If the hostname and location should be visible in the topology
  • If WeConfig should automatically scan for new devices
  • If scheduled backup should be enabled
  • Settings for retrial regarding firmware upgrade
  • SNMP auto-refresh options
  • Enabling the WeConfig as a Syslog server
  • Enabling the Alarm monitoring function
  • Enabling the Alarm/Event logging function

Device Access
Access authority and ports (ssh, web) can be set per device on the project level, via the Device Access menu option. These settings are used for device access and are not actually applied on the device level. To change the settings on the device, use the functionality under the tabs Configuration/ Password and Configuration/SNMP.

In Device Access, the Management IP address can be selected. All known addresses on a device interface (VLAN) are fetched during a refresh action. In Device Access, the address that WeConfig should use to contact the device can be selected. The selected addresses are stored in the project.

Configuration Manager
The Configuration Manager can be used to manage all configuration files contained in the project.
For example:

  • Delete a configuration
  • Edit a configuration
  • Export a configuration to a separate file
  • Associate a configuration with another device

Import of Devices
To import devices into the project from a CSV file, choose Import/Devices from the Project menu.
Browse for the CSV file, and specify encoding, delimiter and whether the file has headers or not. The defaults are often good enough. Use the combo boxes to specify which column in the CSV file should map to which device attribute. Click Import to start.westermo 4100 Configuration and Management Tool -
figure 11

Project Gold File
A Project gold file is a template file that represents an entire network with the devices and all their connections and settings. This gold file can be used to setup new networks on network topologies that are exactly the same regarding the number of devices, model, and physical connections.

Export from Current Project
In order to make a template of the current project, the following criteria must be met:

  • WeConfig’s connection in the topology is known
  • All devices must support the gold file functionality

Currently, only WeOS devices are supported. Export functionality can be found under the Project button in the top panel and under the menu option Templates and Export from the current project.

Build Network from Template
Browse and select the gold file template which will then be applied to the network. The build network process is wizard-based. It will guide and inform what to do to complete the operation.
Build network from template functionality can be found under the Project button in the top panel and under the menu option Templates and Build network from the template.

Reports
Under the Reports menu, found under the Project button in the top panel, the different reports are found. The reports contain information about:

  • Deployment, the devices, and their connections
  • Security Baseline, potential vulnerabilities, and security issues
  • Network Baseline, characteristics, and settings tied to the function and performance of a system

The reports are displayed in a report viewer after creation. From the viewer, the report can be printed or exported to numerous formats. All reports are saved as attachments in the project.

Operations Panel

The tabs Selected Device, Basic Setup, Firmware Upgrade, Configuration, Security, Licensing and CLI can be undocked (click the icon) and resized. When undocked, just close  the window to dock it again.

Selected Device
Properties
Select a device and the device information will be displayed in the Selected Device tab in the operations panel. The information is collected with SNMP. Information is updated when a device is selected, or when the global operation Refresh is used.

During the selection/refresh of a device, information is also fetched via SSH connection. For instance, all known addresses on a device interface (VLAN). In Device Access, the address that WeConfig should use to contact the device can be selected.

Configuration Files
Select a device and currently, available configuration file backups are listed (in local time order) in the Configuration Files tab in the operations panel. Configuration can be backed up, restored, edited, imported, exported or deleted.
When selecting Automatically update baseline after backup the following backup will be used as a new baseline, see also chapter “6.6.6 Configuration Baselines” for more information.
Configuration files can also be copied between units with the copy/paste functionality found in the device context menus in the topology map or device list.
When a listed configuration backup file differs from the previous entry in the list, an “i” icon is shown to the left of the entry. Click the icon to show actual file differences in a  separate window. WeConfig uses an internal viewer that shows differences. This viewer can be changed to any other viewer via the tools settings (upper right corner of  WeConfig).

Communication Details
Select a device and a port on the device in the Communication Summary tab (found in the bottom panel) and a detailed view of communication information is displayed in this tab. The information can be automatically updated by selecting an interval option in the Auto-refresh drop-down found on the Communication Summary tab in the bottom  panel.

Attachments
Attached information (e.g. notes, images etc.) specific to the device can be managed. The attachments are saved in the project file.

Basic Setup
Select devices in the topology map (Ctrl + click a device to select devices in desired order) or device list view (Ctrl+A in the list selects all devices) and click the Add button in the Basic Setup tab to add them to the work selected for the basic setup of devices. IP address, subnet mask, default gateway, hostname and location can be set. IP address field also accepts CIDR notation. accepts CIDR notation, for example, 198.18.2.1/24.
Use the Fill functionality to generate IP-series. Use the sort feature to order the units or select them in the desired order.
Leave one or more fields empty and Fill will leave the field as-is.

Firmware Upgrade
To be able to use this feature, download the firmware packages to the WeConfig computer. The folder where the files will be placed must be configured in the tool-settings dialogue. The default upgrade protocol is HTTPS. If TFTP/FTP is selected, a TFTP or FTP server must be installed on the WeConfig computer.
Note: Use the same folder for all firmware packages whether HTTPS or TFTP/FTP is used. Select devices in the topology map (Ctrl + click a device to select devices in desired order) or list view (Ctrl+A in the list selects all devices) and click the Add button in the Firmware Upgrade tab to add them to the work selected for the basic setup of devices.
Use the sort feature to order the units in desired order before upgrading or selecting them in the desired order.

Bootloader Upgrade
To be able to use the Bootloader Upgrade, download the firmware package(s) (bootloader is included in the firmware) to the WeConfig computer. The folder where the file(s) are placed must be configured in the tool settings dialogue. The default upgrade protocol is HTTPS.
Select devices in the topology map (Ctrl + click a device to select devices in desired order) or list view (Ctrl+A in the list selects all devices) and click the Add button in the  Firmware Upgrade tab to add them to the work selection. Then select Device Image = Bootloader.
The bootloader is selected by pointing out a firmware (pkg file) under the Firmware option. Use the sort feature to order the units in desired order before upgrade. The order  can also be chosen depending on how you select the units into the configuration tab. Note: Upgrading the bootloader is supported for WeOS 4.27.0 and newer 4.X releases and  for WeOS 5.11.0 and newer 5.X releases.

Configuration
Backup
Select devices in the topology map or list view and click the Add button in the Backup tab to add them to the work selection to perform backup of devices. Files are saved with  UTC time stamp. When selecting Automatically update baseline after backup then the following backup will be used as new baseline for the devices, see also chapter “6.6.6  Configuration Baselines” for more information.

SNMP
Select devices in the topology map or list view and click the Add button in the SNMP tab to add them to the work selection to perform SNMP configuration of the devices.
Edit the fields directly in the list or use the Fill functionality (above the list); to use a field when filling, just check the checkbox to the left of the field. To clear all fields in the list click the Clear button.
Click Apply and the configuration will be applied on the devices in the list.

SNMPv2
Under the tab SNMPv2 for the devices, device access parameters can be specified. If the read community is changed then the Device Access for the project is automatically updated.
Note: To disable the SNMPv2 read community, leave the field blank for the devices.

SNMPv3
Under the tab SNMP v3 for the devices, you can create new users and set up authority for the account.
Note: If no read community is specified on the device for SNMPv2 and no SNMPv3 user is specified in Device Access for the project, then WeConfig will automatically select one of the new users and update the Device Access for the project.
FRNT
Select devices in the topology map (Ctrl + click a device to select devices in desired order) or list view (Ctrl+A in the list selects all devices) and click the Add button in the  FRNT tab to add them to the work selection to perform FRNT configuration of the devices.

Click Propose Ports to get a suggestion for the M/N port settings. Edit the fields directly in the list.
Click Apply and the configuration will be applied to the devices in the list. Ring coupling (Rico) can be configured to achieve redundant connectivity between FRNT-rings.

MRP
Select devices in the topology map (Ctrl + click a device to select devices in desired order) or list view (Ctrl+A in the list selects all devices) and click the Add button in the MRP  tab to add them to the work selection to perform MRP configuration of the devices.
For devices running WeOS 5.11 and newer, multiple ring configurations is supported, and up to two rings can be added. Only one ring of type Client or two of type Manager is allowed.
Click Propose Ports to get a suggestion for the Ring port settings. Edit the fields directly in the list.
Click Apply and the configuration will be applied on the devices in the list.

RSTP
Select devices in the topology map (Ctrl + click a device to select devices in desired order), or list view (Ctrl+A in the list selects all devices) and click the Add button in the RSTP tab to add them to the work selection, to perform RSTP configuration of the devices. Edit the fields directly in the list. To enable RSTP or to set Admin Edge on port level click the “down-arrow” icon to the left of each device in the list. Click Apply and the configuration will be applied on the devices in the list.
Note that the network might be unstable when the configuration is applied, and the connection might be lost.

VLAN
Select devices in the topology map (Ctrl + click a device to select devices in desired order) or list view (Ctrl+A in the list selects all devices) and click the Add button in the  VLAN tab to add them to the work selection to perform VLAN configuration of the devices.
The VLAN tab is divided in two sub-tabs, Ports and Interfaces. In the Ports tab, the VLAN is applied on the actual ports as tagged, untagged or not a member. Edit the fields directly in the list. When a new VLAN is added, it is tagged for all devices in the list, on all ports with a connection to another WeOS device, and for all ports that has either  FRNT or RSTP (non-Admin Edge) configured. It is important to remember that this is only a suggestion. It is the responsibility of the user to decide which ports shall be tagged.
In the Interface tab, the actual VLAN interfaces can be configured. Edit the fields directly in the list or use the Fill functionality (use the “down- arrow” icon above the list).  Click Apply and the configuration will be applied to the devices in the list.

Ethernet Ports
Select devices in the topology map (Ctrl + click a device, to select devices) or list view (Ctrl+A in the list selects all devices) and click the Add button in the Ports tab to add them to the work selection to perform Ports configuration of the devices.
To set a specific speed/duplex on ports, just select the wanted speed/duplex in the speed combo box for the wanted port.
Note: For WeOS 5 devices several speed/duplexes can be selected. To select Auto-negotiation, just select this option in the same combo box.
To set specific ingress/egress on ports, just select wanted ingress/egress in the ingress/egress combo box for the wanted port.
Click Apply and the configuration will be applied to the devices in the list.

SHDSL Ports
Select devices in the topology map, or the device list, and click the Add button. WeConfig will only allow adding of devices that have SHDSL ports. For each port, select Role  (CO/CPE). When applicable, select G.HS threshold, link rate, EMF (emergency freeze), noise margin, and low jitter. It will also be possible to select Pass. When applicable, it will be possible to select PAF (SHDSL bonding).
To ensure that a device is not configured so it is unreachable, WeConfig will detect if port pairs have incompatible configurations. This will only work if all connected SHDSL  devices are added to the configuration panel. WeConfig will also remind to click Propose Order before the use of new configurations. Propose Order will order the devices in such a way that device configurations are applied in such an order that WeConfig is not locked out by unstable intermediate links. This function will only work if WeConfig has established its connection to the topology.

CPU
With this panel it is possible to configure CPU bandwidth throttling. Select devices in the topology map, or the device list, and click the Add button. Then for each added  device, choose the follow parameters in the combo box:

  • Disable – no CPU bandwidth will be throttled
  • Auto – WeOS will automatically throttle the CPU bandwidth as it sees fit
  • Manual – enter a fixed value (expressed with a unit selected in the combo box to the right)

General
Select devices in the topology map (Ctrl + click a device to select devices in desired order) or list view (Ctrl+A in the list selects all devices) and click the Add button in the  General tab to add them to the work selection to perform general configuration of the devices.
The General tab is divided in four sub-tabs; Logging, Network, Time/date, and Alarm.
Click Apply and the configuration from all General sub-tabs, will be applied to the devices in the list.

  • Logging – Configure Syslog Server settings
  • Network – Configure default gateway, enable/disable routing and DNS servers 1 and 2
  • Time/date – Either configure time/date with the current host time or SNTP. Configure time zone,

NTP server address and NTP poll interval.

  • Alarm – Disable link alarm on all ports. Enable on all tagged ports, all untagged ports, all FRNT ports, all RSTP ports (non-Admin Edge) or on all ports that currently have link status up (link to PC excluded).

Password
Select devices in the topology map (Ctrl + click a device to select devices in desired order) or list view (Ctrl+A in the list selects all devices) and click the Add button in the  Password tab to add them to the work selection to perform password(s) configuration of the devices.
The password(s) stored in Device Access is automatically updated when password(s) is changed.
Note: The devices that are affected by multiple passwords are the MRD/BRD family.

Powerline
If powerline devices exist in the topology, the Powerline configuration tab is visible.
Select powerline devices in the topology map and click Add in the Powerline tab to add them to the work selection to perform the configuration of the devices.

Security
Port Protection
This panel will show if the ports on a device are protected by MAC filter/802.1X and if the ports is used. It will offer options to enable/disable the port and/or set Link Up  Alarm triggers.

MAC filter
Use this panel to scan the network for access port traffic and to make MAC filters for each access port, such that it will only allow traffic that has been observed at the scan.  WeConfig will assist to build a ”white list” for all access ports.

Access ports are ports that connect to non-Westermo devices, such as PLCs, printers, cameras, etc.
To start the scan, first add the devices and then click Scan. It is imperative that all devices has LLDP turned on for all ports, or this scan will fail.
WeConfig will continuously query the selected devices for access port activity until the Finish button is clicked. To be certain that all relevant access ports have been detected as  such, keep the scan running as long as possible to capture all normal traffic that flows 4100-22000 25 through the network. If possible, manually exercise the network with the  end-point applications for which the network was designed.

The list in the panel will be populated with devices and their ports, together with found nonWestermo addresses, as well as any previous MAC filter settings.
The list is basically the blue print for the MAC filters  WeConfig will configure when Apply is clicked.
Before the configuration is applied, it is possible to do the following operations:

  • Disable access ports – useful for ports that have not been detected as ”used”. For rapid configuration use either Enable used or Disable unused.
  • Optimize MAC addresses to MAC wildcards – useful for ports that have detected several distinct devices from a single vendor
  • Add hard-coded MAC addresses (or wildcards) that should be exempt from the MAC filter As the list can become very large, it is possible to opt to only show certain ports:
  • Unused ports only
  • Trunk ports only (ports that connect to other Westermo devices)
  • Access ports only

Note: Before applying the configuration, make sure that it is correct. It is possible to be locked out of the network!

802.1X
To configure 802.1X port authentication, select appropriate devices in either the topology view or the device list, and click Add.
If this configure is from scratch, consider using the RADIUS Settings Template feature, which allows for the configuration of RADIUS settings in one place, and then propagates those settings to all devices added to the list with the Fill button.
To propagate the RADIUS settings from one device onto all devices, select the ”master device’s” RADIUS settings and click the Make template button. Now the template area has the same settings as the ”master device”. Then click Fill to propagate to all devices. To add a RADIUS server, select Server in the Type combo box. Add a description,  address (IP or DNS name), and service password.
Click the button with a plus sign on it, and the entry will be added to the table above the input fields.
To add a RADIUS server group, first, create one or more server entries. Then select Server group in the Type combo box and add a description. To link server entries to this group, type in the descriptions of the entries in the Server member’s textbox, separated by a comma. Click the + button and the entry will be added to the table above the input fields. To select an entry in the RADIUS server/groups table as the entry to use for 802.1X authentication, click the checkbox on the correct row.
For each device and VLAN that should be protected by 802.1X, click the desired Enabled checkbox. If any port on any device and VLAN should be excluded from 802.1X  authentication, then click the desired port’s checkbox in the Excluded ports area. To apply the configuration, click Apply.

Management Hardening
Use this panel to scan all or the selected devices in the project for known management hardening issues. These include the use of:

  • HTTP for the web service
  • SNMPv2 write community
  • The default admin password
  • IPConfig
  • Telnet

When Scan is clicked, each device in the project will be interrogated for any of these issues. When the scan is finished, WeConfig will list all devices and their found issues.
WeConfig will by default suggest removing all issues. If the default admin password has been used on any device, it will not be possible to apply the fixes until the password has been changed.
If any of the known issues are ignored, it is necessary to be explicit and uncheck the issue. This can be done easily from the Autofill section.

Routing Hardening
With this panel, it is possible to scan all of the selected devices in the project that are configured to be routers. It detects OSPF or rips router settings that do not use MD5-  HMAC to sign routing traffic.
When Scan is clicked, each device in the project will be interrogated to see whether there are router configurations that do not use MD5-HMAC signatures. A presentation of each device with an issue, all VLANs, and all routing protocols that do not use MD5- HMAC. Then it is possible to enter the key ID and key for each device/VLAN/protocol combination. The Autofill section can be used to great effect for this if there are many devices. To apply the settings, click Apply.

Configuration Baselines
With this panel, it is possible to set up a configuration baseline for any device. A configuration baseline is a configuration file, to which all future backups are compared to. If a  change is detected, the device’s Status column in the device list will indicate that there is a baseline difference. Optionally, if Alarms & Events have been enabled, an alarm will be posted in that list to persistently mark the anomaly.
To add a configuration baseline for any device, first, make sure the device is in a known secure state.
Then take a backup of the device with WeConfig. Once the backup has been made, select the device in the topology map or the device list, and then click the Add button. The device will be added to the list with a configuration baseline set to No baseline selected. Select the backup that is to be the security baseline and click Apply.

Licensing
Select devices in the topology map (Ctrl + click a device to select devices in desired order) or list view (Ctrl+A in the list selects all devices) and click the Add button in the  Licensing tab to add them to the work selection to perform configuration of the devices.
Licenses can be managed for the selected devices, either separately or as a bundle. A bundle contains licenses for multiple devices. (Note: Only 4.23 and newer are supported).

CLI
To enable the CLI tab you need to open the general Settings for WeConfig and select the Advanced User Interface.
When enabled, select devices in the topology map (Ctrl + click a device to select devices in desired order) or list view (Ctrl+A in the list selects all devices) and click the Add button in the CLI tab to add them to the work selection to perform CLI scripting of the devices.
The resulting output of a CLI scripting can be exported to a text file.

Bottom Panel

Filters
In this section quick filters for the devices in the network is set, e.g. highlight, dim, and hide devices, depending on the filter parameters set.
Devices
Devices lists all devices found when scanning. To automatically pan the topology map to the device selected in this list, check the Auto pan checkbox found below the list. Click on the headings to sort the list.
Click the Export button to export the list to a CSV file. Click the Support button to upload tech support files from the selected device.

Powerline Devices
Powerline devices list all powerline devices found when scanning. If no powerline devices exist in the topology, this tab is not visible. Click on the headings to sort the list. Click the Export button to export the list to a CSV file.

Traps
Traps lists trap received from SNMP agents. Requires configuration of trap host address on the devices.
WeConfig uses a Windows trap host when enabled. For full functionality, the Windows trap host must be disabled; in that case WeConfig will use its own trap host server.
Click the Export button to export the list to a CSV file. Click the Clear button to clear the list.

Alarm and Events
This tab can be enabled/disabled from the General Project Setting dialog under the Alarm monitoring section. Enable the Combine FRNT ring down and link down will merge the alarms that corresponds to one entry in the alarm and event list.
The supported alarms are Link down, Link up, FRNT, Temp, and SNR. Acknowledge the alarms one by one or click the Ack. all button to acknowledge the whole visible list. It depends on the applied filter.
Each entry can be manually deactivated. Select the alarm and click Deactivate. The alarm and event list can be exported into a CSV file.

Communication Summary
Communication Summary lists a summary of communication information for ports on a selected device.
Select a port in the list and detailed information will be available in the Communication Details tab found under the Selected Device tab in the operations panel to the right.
The communication information can be automatically updated every 5, 10, 30, or 60 seconds. Select an option in the drop-down found below the communication summary list.  Click the Export button and the list is exported to a CSV file.

Attachments
Attachments list all files that have been attached to a project. Attachments are saved in the project file. When a project file is shared, all attachments are shared as well. As a  consequence, large files make the project file bigger.
To attach a file to the project, drag a file onto the list from Windows Explorer, or click the Import button. To export an attachment from the project, drag the attachment from the list and onto a folder in Windows Explorer, or select the attachment and click Export. All files generated by The WeConfig are automatically saved as attachments in the project file.
To open or edit an attachment, click on the file name in the attachment list, and the associated application will be opened for the file. At the closure of the current project (or  WeConfig), make sure to save any changes in applications that have attachments open. It is recommended to save and close such applications before the closure of projects or  WeConfig.

Syslog
To enable the Syslog tab, go into the General project settings and select the Syslog server option.
All devices that are configured to use WeConfig as a Syslog server will display their Syslog messages in this tab. The log messages are filtered per device. The Syslog can also be exported to a file.

Tools

The tools are opened from the main Project menu.

SHDSL Reach Calculator
The SHDSL Reach Calculator allows to the exploration of indicative signal attenuation and data rates for the two parameters environment and cable.
Select a combination of environment and cable parameters and click Add. The combination will then be plotted on the graph. The Y-axis represents a theoretical maximum data rate in Mb/s, and the X-axis represents the distance in kilometers. To remove a graph line, select the legend on the right side, and click Remove.

SHA256 Hash Calculator
The SHA256 Hash Calculator is a tool to calculate the SHA256 hash for a selected file (firmware) and it allows the user to compare the calculated SHA Hash with a manually entered one.

Subnet Calculator
The Subnet Calculator is a tool to help the user calculate a subnet based on:

  • IP address and Number of wanted hosts/net
  • IP range
  • IP address and a given netmask.

The tool calculates the following data:

  • Subnet address
  • Broadband address
  • Netmask
  • Minimum/maximum IP address
  • Number of hosts/nets

Language

The WeConfig user interface may be localized for different languages. The language packages are installed separately. The default language for WeConfig is English. Click the  “Settings” icon . In the Application tab, select the desired display language.

Revision notes

Version Date Description of changes
WeConfig 1.15 February-22 Chapter 2 updated.

Chapter 4.3.3 updated. Chapter 6.5.10 updated Chapter 6.6.4 updated
WeConfig 1.14| September-21| Chapter 5.2.2 updated. Chapter 6.1 updated. Chapter 6.4 updated. Chapter 6.5.4 updated Minor changes to the wording
WeConfig 1.13| January-21| New documents transferred to the new format. Changes of the front page.
Changed Ch 6.5.7 text updated.
Heading 4/4.1 changed.
Changed illustration Ch 5.2.4.
Changed illustration Ch 4.2.
Minor changes to the wording
WeConfig 1.12| August-20| New Westermo logo, Ch 4.3.1 text updated, Ch 4.6 text updated, Ch 6.5.12 new chapter, Ch 7.3 new chapter
WeConfig 1.11| November-19| Ch 1 text updated, Ch 3 text updated, Ch 4.1 text and illustration updated, illustration added, Ch 4.2 text updated, Ch 4.2.10 new chapter, Ch
4.3.2 text updated, Ch 4.5 text added, illustration added, Ch 4.6 new chapter, Ch 5.2,1 text updated, Ch 6.4 new chapter, Ch 6.4.11 text updated, Ch 9 illustration added
WeConfig 1.10| May-19| Updated frontpage, Ch 4.4 new screenshot, Ch 4.5 updated, Ch 5.2.2 updated, Ch 6.5.1 new chapter, Ch 6.5.2 updated, Ch 7.6 updated, updated back page
WeConfig 1.9| October-18| 4.1 image updated, 4.5 new chapter, 5.2.1 text updated, 5.4 texts updated, 8 entire chapters updated, 9 new chapter
WeConfig 1.8| May-18| New frontpage, Ch 2, Ch 4.1 updated & new screenshot, Ch 4.2 updated, Ch 4.2.1 new screenshot, Ch 4.2.6, Ch 4.2.9, Ch 4.3.1, Ch 4.3.2, Ch 4.3.3 updated, Ch 4.4 new screenshot & updated, Ch 5.2.2, Ch 5.2.3, Ch 5.2.4, Ch 5.4, Ch 6, Ch 6.1.2 updated, Ch 6.1.4 new chapter, Ch 6.2, Ch 6.4.1 updated, Ch 6.4.2.1, Ch 6.4.2.2, Ch 6.4.4 new chapter, Ch 6.4.5, Ch 6.4.10 updated, Ch 6.4.11 new chapter, Ch 6.5.1, Ch 6.5.3, Ch 6.5.4 updated, Ch 6.6, Ch 6.7, Ch 7.1, Ch 7.7 new chapter, new back page
WeConfig 1.7| June-17| New chapter 4.2.3, back page updated
WeConfig 1.6| December
2016| Minor updates in the WeConfig application., but non that affects the manual
WeConfig 1.5| Oct-16| Frontpage illustration updated, 4.1 illustration updated, 4.1.2 and 4.1.3 new chapters, 4.2.1 updated illustration, 4.2.2 new chapter, 4.2.4 updated, 4.2.6 updated, 4.4 updated, 5.3 and 5.4 new chapters, inside of back page Revision notes inserted

Westermo « Merallverksgatan 6, SE-721 30 Vasteras, Sweden
Tel +46 16 42 80 00 Fax +46 16 42 80 01
E-mail: info@westermo.com
www.westermo.com

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

westermo User Manuals

Related Manuals