Professional Documents
Culture Documents
AK-1000-0022 DeltaV Smart Switch and Safety Switch Software Release Information
AK-1000-0022 DeltaV Smart Switch and Safety Switch Software Release Information
AK-1000-0022 DeltaV Smart Switch and Safety Switch Software Release Information
Affected Products:
Product Line Category Device Version
DeltaV Network SS6041F01C1 DeltaV Safety Switch LSN20-
6TX2TX
DeltaV Network SS6041F01C2 DeltaV Safety Switch LSN20-
6TX2TX-ES
DeltaV Network SS6041F05C1 DeltaV Safety Switch LSN20-
6TX2MM
DeltaV Network SS6041F05C2 DeltaV Safety Switch LSN20-
6TX2MM-ES
DeltaV Network SS6041F06C1 DeltaV Safety Switch LSN20-
6TX2SM
DeltaV Network SS6041F06C2 DeltaV Safety Switch LSN20-
6TX2SM-ES
DeltaV Network SS6048 DeltaV Safety Network Switch SRM100
DeltaV Network VE6041 Smart Switch FP20 - DIN rail 8-port
switch. All RJ45 or with fiber uplink
DeltaV Network VE6042 Smart Switch MD20 - DIN rail 8, 16 or
24-ports switch. All 100MB ports
DeltaV Network VE6043 Smart Switch MD30 - DIN rail 10, 16 or
26-ports switch. Combination of 2 Gigabit and
100MB ports
DeltaV Network VE6046 Smart Switch RM100 - 24 ports
10/100BASE-TX RJ45, plus 2 Gigabit wired
uplinks
DeltaV Network VE6047 Smart Switch RM100 - 8 ports
10/100BASE-TX RJ45, plus 2 Gigabit wired
uplinks
DeltaV Network VE6048 Smart Switch RM100 - 8 ports
10/100BASE-TX RJ45, plus 2 Gigabit wired
uplinks. Has 2 expansion bays
DeltaV Network VE6053 Smart Switch RM104 - 24 ports; 20 x
(10/100/1000BASE-TX, RJ45) & 4 Gigabit
Combo ports(RJ45 or SFP)
DeltaV Network VE6054 Smart Switch RM1040 – 16 ports; 16
Gigabit Combo ports (RJ45 or SFP)
Page 2 of 20
Knowledge Base Article AK-1000-0022 is being re-released for DeltaV smart switch software version 09.0.15.
This Knowledge Base Article is divided into two sections:
1 Emerson DeltaV Smart Switches
1.1 Emerson 100 Mega-Bit Smart Switches
1.2 Emerson Giga-Bit Smart Switches (RM104 and RM1040)
1.3 Functional Changes/Corrections/Enhancements in DeltaV Smart Switches
1.4 Previous Emerson Smart Switch Firmware
2 Emerson DeltaV Safety Switches
Page 3 of 20
The SHA256 checksum results are shown as follows:
Sigcheck v2.55 - File version and signature viewer
Copyright (C) 2004-2017 Mark Russinovich
Sysinternals - www.sysinternals.com
c:\Checksum tools\Sigcheck\nsRM100.bin:
Verified: Unsigned
File date: 11:48 AM 10/3/2017
Publisher: n/a
Company: n/a
Description: n/a
Product: n/a
Prod version: n/a
File version: n/a
MachineType: n/a
MD5: 75BE7D24D574A5FFB60ED6823C593D09
SHA1: B2760AAE4CA43A565665D62D2407A19E4DD0FAA3
PESHA1: B2760AAE4CA43A565665D62D2407A19E4DD0FAA3
PE256: FA8B6C769E4634EBA494188A0A15D129B7964AE6C15925BDCC358F3C6D705581
SHA256: FA8B6C769E4634EBA494188A0A15D129B7964AE6C15925BDCC358F3C6D705581
IMP: n/a
In this example the results for the SHA256 checksum of nsRM100.bin will be:
“fa8b6c769e4634eba494188a0a15d129b7964ae6c15925bdcc358f3c6d705581
Perform this step and compare this result to the respective table in this KBA.
Note: The DeltaV Smart Switch files are digitally unsigned. For downloaded files that are signed, Sigcheck
has the ability to verify the file's digital signature. For example, from a DeltaV v13.3.1 workstation bundle
download which is a signed file.
2. Use Windows directory and select Details under the View tab to determine file size. Compare the value to the File
Size Table included with this KBA (AK-1000-0022).
The Windows directory result will look similar to the following example result which includes file size.
Name Date modified Type Size
Page 4 of 20
1.1 Emerson 100 Mega-Bit Smart Switches
This section covers the three original 100 mega-bit smart switches (FP20, MD20/30, and the RM100).
Software version 09.0.15 build 2018-09-24 contains functional corrections to increase reliability. See section 1.3.1 for
additional details. It is recommended that all DeltaV Smart Switches in the field be upgraded to this latest version to take
advantage of the latest network enhancements.
User:
Included in this release are upgrade file versions for the FP20, MD20/30, and RM100 DeltaV Smart Switches.
Perform the following to download the upgrade file versions:
3. Obtain this release from the following link:
https://gsuds.emerson.com/pickup/PSG/09_0_15_100MB_Smart_Switch_firmware.zip: (Size: 14815 KB)
Checksum: 39D17554AC5A3717C84B16479C6CE1844BDADEA71142BA950AB30FD98C69B100
4. Perform checksum verification on each of the downloaded files. Refer to the following tables for the expected
checksums for each file.
09.0.15 100MB Smart Switch Checksum Table (build date 09/24/2018 04:25)
File Name SHA256 Checksum
09_0_15_100MB_Smart_Switch_firmware.zip 39D17554AC5A3717C84B16479C6CE1844BDADEA71142BA950AB30FD98C69B100
nsFPxx.bin 5F9F0BA7212A32F469720DD042020D5BC6A221AF72AC3A268E7E3684BD1A6BFB
nsMDxx.bin 565F7128B374AA6F9950D1EF7EADBD92752DDB600CAD314D67FA8A492E6B42A5
nsRM100.bin AB744BFBC7D96D511CD983383813ACC5E318B3AB504A4A97EF050E3029A48911
09.0.15 100MB Smart Switch File Size Table (build date 09/24/2018 04:25)
File Name File Size
09_0_15_100MB_Smart_Switch_firmware.zip 14,815 KB
nsFPxx.bin 4,886 KB
nsMDxx.bin 5,047 KB
nsRM100.bin 4,886 KB
Page 5 of 20
Copyright (c) 2018 Emerson
User:
Included in this release are upgrade file versions for the RM104 and RM1040 DeltaV Smart Switches.
Perform the following to download the upgrade file versions:
5. Obtain this release from the following link:
https://gsuds.emerson.com/pickup/PSG/09_0_15_G-Bit_Smart_Switch_firmware.zip: (Size: 11506 KB)
Checksum: 758E080FAD7CEF344A0469A2FF2EBF046C070AB7E42BD3610D235116F60ECCD4
6. Perform checksum verification on each of the downloaded files. Refer to the following tables for the expected
checksums for each file.
09.0.15 G-Bit Smart Switch Checksum Table (build date 09/24/2018 03:40)
File Name SHA256 Checksum
09_0_15_G-Bit_Smart_Switch_firmware.zip 758E080FAD7CEF344A0469A2FF2EBF046C070AB7E42BD3610D235116F60ECCD4
nsRM104.bin B9A3F563C6B405A2BAC9435A76CC808973021E169419AABC98D0FEF09F256554
nsRM1040.bin 077CB547F9DC0462FF747CD818B2E14A7467B1F439B49D8F274994012459E459
09.0.15 G-Bit Smart Switch File Size Table (build date 09/24/2018 03:40)
File Name File Size
09_0_15_G-Bit_Smart_Switch_firmware.zip 11,506 KB
nsRM104.bin 6,073 KB
nsRM1040.bin 6,281 KB
For the installation instructions of this DeltaV Smart Switch release version, refer to AK-1000-0014: DeltaV Smart Switch
and DeltaV Safety Switch Flash Upgrade Procedure
Note: KBA NK-1800-0428: General Information on Smart Switch Secure Shell (SSH) contains information on
the DeltaV Smart Switch Secure Shell (SSH), its set up and other useful information. This KBA also includes
how the end user may implement PuttyGen to create keys, and Solarwinds as a TFTP server to transfer a
user generated key to the smart switch. The KBA also includes information to use the TFTP server and
DeltaV v13.3.1 NDCC to update the DeltaV Smart Switch firmware.
Page 6 of 20
394428). The user has a choice between e (enabled), d (disabled), or r (read-only). From which ever state the
smart switch is currently in, the prompt will include which other two modes are available. With HiDiscovery
disabled, at the NDCC, the end user will be unable to flash the LED’s or update the smart switch firmware using a
TFTP server.
Page 7 of 20
(Emerson RM100) >deltav wizard
DeltaV: Enter DeltaV IP address for the Switch [Currently 10.4.129.1]:
Previous DeltaV IP address not changed!
HiDiscovery protocol is required for DeltaV v10 and higher, are you sure you want to disable it?
(y/n)
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
Allow users to run the DeltaV wizard even if the switches were previously configured with IP addresses out of the
DeltaV ACN IP address ranges – e.g. L2.5 network (TFS # 234843 / 384065)
Allow users to enter any IP address for Syslog server, SNMP traps, and Network time server using the DeltaV
wizard command through the CLI (TFS # 234843 / 384065)
Allow standard network interface configuration (IP address, subnet, default gateway) via the CLI (i.e. network
parms …) (TFS # 234843 / 384065)
Note: For Emerson Smart Switch firmware changes/enhancements prior to firmware version 09.0.12, see
KBA NK-1800-0430: Functional Changes and Enhancements for DeltaV Smart Switch Firmware 08.0.13 and
Earlier.
Page 8 of 20
1.4.1 Functional Changes/Enhancements in Release 09.0.12
The following list documents all the additional functional changes introduced in version 09.0.12.
1. Clarification of an event log entry to make the reported result more understandable. The entry previously read as
follows. Control Line Failure has been changed to “Potential loop detected and prevented”. The entry is a
Spanning Tree logged event and the new description more accurately reports what the event is.
Emerson RM100) >show sysinfo
Device Status.................................. Control Line Failure
Last Alarm 1................................... Control Line Failure
Alarm 2........................................ None
System Description............................. Emerson Network Switch RM100
2. Login Banner – 256 Characters Max, CLI only
The following are the command lines required to enter a login banner.
(Emerson RM100) >set pre-login-banner text “User entered login banner text here”
(Emerson RM100) >set pre-login-banner operation (this command enables the login
Page 9 of 20
Saving Configuration
where:
DA is destination address
SA is source address
SHA is source hardware address
Page 10 of 20
THA is target hardware address
SPA is source protocol address
TPA is target protocol address
b. In Learning mode (switch unlocked), a changed MAC address on a switch port and a changed interface (port
number) for a MAC address. Example Syslog entries below.
Changed ARP entry in learning state (ARP-Request) on Interface 1/4, IP-Address(SPA):10.1.2.3
Original MAC Address: 02:00:33:44:55:66 New MAC Address (SHA): 00:44:AA:AA:AA:AA
c. In Inspection mode (switch locked), a new MAC address on an interface, changed ARP entry for an interface, and
a changed interface for a MAC address. Example Syslog entries below.
New ARP entry in locked state (ARP-Request) on Interface 1/4, New)IP-Address(SPA):10.1.2.3,
MAC Address(SHA):02:00:33:44:55:66
MAC Address(SHA):02:00:33:44:55:66
7. Exclude port lock-down ports for use in virtualization systems (for standby ports to switch over to available unlocked
ports). This could also be used for third party switches connected to smart switches where the third party switch does
not have storm control. See Figure 2 and the support text for further explanation.
(Emerson RM100) >deltav lockdown
Enter new list of ports which should be excluded from lockdown for future lock-cycles.
NOTE! - You must reenter ALL ports you want excluded from lockdown every time you want
to add more excluded ports! Or the original excluded ports will be locked!
If no port is specified, all Switch ports (except probe Port) will be locked in
the future:1/1,1/3,1/5,1/7
The following ports will be excluded from lockdown in future lock-cycles: 1/1,1/3,1/5,1/7
Page 11 of 20
Saving Configuration
8. Uplink ports (switch to switch ports only) ignored by port lock down (but will ‘report’ a violation – not stop a criminal).
User must set up a Syslog Server to send the trap to.
9. If the switch port is not manually excluded from the port lock-down scheme (as mentioned item 7 above), nor it is
identified as an uplink (as mentioned in item 8), then it will be locked with whatever number of MAC addresses on it.
The lock is not dependent on the number or type of MAC addresses anymore. For example, ports with cascaded
CIOCs will be locked.
Note: To support the improved uplink lockdown handling, the static MAC address limit is increased from 256
to 1024 addresses per port.
In version 08.0.13 the capability to configure a probe port was introduced. This port was subject to lockdown.
With version 09.0.12, any configured probe port is automatically excluded (lockdown disabled).
(Emerson RM100) > deltav monitor
If the probe port is changed or deleted, the previous probe port is set back to lockdown enabled, meaning
this port will be locked when the switch is locked.
Note: For system-wide compatibility reasons, all switches on a system should be at the same level of
support regarding network storm control.
Refer to Figure-1 for the following examples to further understand the new port locking features:
Scenario 1: RM1040 (09.0.12) Smart Switch Uplink to Cisco 2960 (no storm control)
As an example, on port 15 of the RM1040 for the connection to the Cisco 2960 switch (no storm control on the Cisco),
when the RM1040 attempts to determine if the other network device is a switch, without storm control on the Cisco 2960,
it will not be detected as such and the RM1040 will not detect port 15 as an uplink port.
When the RM1040 is locked, port 15 will be locked with the 4 MAC addresses for the two DeltaV App Stations and two
DeltaV Op Stations connected to the Cisco 2960. Prior to Emerson Smart Switch version 09.0.12, such connections and
ports would not have been locked. Beginning with version 09.0.12, smart switch ports will be locked, if the Cisco switch
does not have storm control enabled.
Page 12 of 20
Note: Earlier version DeltaV systems that also implemented the use of Cisco switches, the Cisco models
used did not have storm control enabled.
The example Cisco 2960 switch shown in Figure 1 has reached end of life. Emerson acknowledges that
customers may still be using these devices and thus may have combinations of Emerson Smart Switches
and Cisco. It is important to understand the operation of these older Cisco models and the interaction with
Emerson Smart Switches.
The current supported Cisco switch models do have storm control enabled. See KBA NK-1500-0157:
Additional DeltaV Compatible Cisco Switch Models Available for further details.
While the RM1040 is locked, if the user connects an additional DeltaV App Station to the Cisco 2960 switch in this
example without storm control, this will result in a port locking violation at the RM1040 Smart Switch on port 15.
Port violations are reported as they have always been (no change). This applies to switches with multiple MAC address
that do not have storm control and are not detected in the uplink port negotiation. The new alert within uplink ports will not
show up in NDCC or DeltaV, but using CLI a trap can be sent to a Syslog Server.
The Cisco switch in this case is not detected as a switch and therefore port 15 at the RM1040 is locked. All initially
available MAC addresses will still be allowed to communicate, but if new MAC addresses show up, they will not be
allowed through the link.
The newly added App Station at the Cisco 2960 is the only device not able to communicate (for example to controller #1
on the RM100 Smart Switch #1).
To prevent such issues as above from occurring, through the CLI of the RM1040, set port 15 to be excluded and remain
unlocked using the wizard. Or use a Cisco switch model from KBA NK-1500-0157 that comes with storm control enabled
To exclude lockdown ports, use the RM1040’s CLI and enter:
(Emerson RM1040) >deltav lockdown
Some informational text will be displayed followed by a field where excluded ports may be added.
For example, 1/15 in this scenario:
Switch responds with:
The following ports will be excluded from lockdown in future lock-cycles: 1/15
Scenario 2: RM1040 (09.0.12) Smart Switch Uplink to an RM100 Smart Switch #1 (09.0.12)
On port 1 at the RM1040 Smart Switch, it can detect RM100 Smart Switch #1 and thus identifies this port as an uplink
port. When the RM1040 is locked, port 1 will be left as unlocked.
With the RM100 Smart Switch #1 locked, if the RM1040 is unlocked to add an additional App Station, then at the RM100
Smart Switch #1 the user will get an alert (trap) that can be sent to a configured SysLog Server because of the additional
detected MAC address on port 1 of the RM100 Smart Switch #1 coming from the RM1040.
The App Station will be allowed to be connected and communicate once the RM1040 is unlocked as the uplink port alert
is used for detection rather than protection in this firmware version.
To prevent this alert, then also unlock the RM100 Smart Switch #1, add the App Station at the RM1040, wait for a period
of time for both switches to learn the new MAC address, then lock both switches when finished.
At the RM100 Smart Switch #1, port 1/1 is identified as an uplink port so this port will also not be locked when the
RM100 Smart Switch #1 switch is locked. Again, adding devices to the RM1040 will result in an alert but the
communication is allowed to pass through for the new MAC address.
Page 13 of 20
for the new MAC address coming from the RM100 Smart Switch #1. The alert will be a port violation available through the
CLI, NDCC and DeltaV. It can also be sent to a Syslog Server.
Same applies if one of the CIOC’s is replaced. The replacement CIOC will have a different MAC address so the RM100
Smart Switch #1 must first be unlocked and with the RM1040 still locked, there will be an alert at the RM1040 for the new
MAC address.
Scenario 4: RM100 Smart Switch #1 (09.0.12) Uplink to an RM100 Smart Switch #2 (older non-updated switch
without storm control)
Figure-1 also shows an older non-updated RM100 smart switch (RM100 #2) without storm control enabled. From the
perspective of RM100 Smart Switch #1 (port 2), when it is locked, the two MAC addresses for the DeltaV controller and
the Op Station attached to RM100 #2 will be locked on RM100 Smart Switch #1 port 2.
For compatibility purposes, it is important to keep all smart switches on the network at the same firmware version.
Page 14 of 20
Figure -1
Page 15 of 20
Below is a graphic rendition for a virtualized installation using VRTX clusters. This is functional item #7 previously listed.
Figure -2
The six VM’s are active and running in the VRTX #1 cluster. Three of them are running in the same blade (blade #1).
There will be three MAC addresses for these three virtual machines all of which will be seen on port 7 of the example
RM1040 Smart Switch #1. Since the RM1040 Smart Switch can’t identify these ports as uplinks to the virtual switch in the
VRTX, if the RM1040 Smart Switch #1 were to be locked from the virtual App Station running in VRTX#1, port 7 at the
RM1040 Smart Switch #1 will now be locked with the three active VM MAC addresses. If a fourth VM is added to blade
#1, while the RM1040 is locked, the additional VM will fail to communicate when active.
Because the virtual machines in VRTX#2 are standby, there is no communication seen at the RM1040 Smart Switch #2,
there will be no MAC addresses detected at ports 10, 12, 14, & 16 of the RM1040. When RM1040 Smart Switch #2 is
locked, these ports will be disabled if no other action is performed.
It will be necessary to telnet to the RM1040 Smart Switch #2 and use the CLI Lockdown option to exclude these ports
from being locked out. This step is performed prior to the locking of the smart switch from the NDCC. That way when a
switchover is made to make a VM at VRTX #2 active, these VM’s will be able to communicate. These steps should be part
of the VRTX commissioning and the DeltaV Virtualization setup.
In the previous example, the normal VRTX installation will have multiple VM’s running on each blade which results in
multiple MAC addresses seen at the smart switch for each of the ports where the various blades are connected.
Every RM1040 smart switch port associated with a connection to any of the VRTX blades should be excluded in the
lockdown to prevent any issues from occurring as additional virtual machines are created on the blades of the VRTX
cluster causing additional MAC addresses to be present at the RM1040 smart switch. This also includes when a standby
VM is made active and there are switchovers between pairs of VM’s.
Page 16 of 20
2 Emerson DeltaV Safety Switches
Emerson DeltaV Safety Switches are used on the Local Safety Network in conjunction with the DeltaV SIS with Electronic
Marshalling. DeltaV SIS with Electronic Marshalling is based on the CHARMs Smart Logic Solver (CSLS).
The DeltaV Safety Switches were originally introduced with firmware version 04.2.12.
The DeltaV Safety switches are not assigned IP addresses. There are no supported devices located on the Local Safety
Network that could be used to manage a DeltaV Safety Switch.
The HiDiscovery protocol used by the DeltaV Smart Switch Command Center (SSCC) for the DeltaV Smart Switches, has
been disabled on the DeltaV Safety Switches. So has the ingress and egress limits employed on the DeltaV Smart
Switches.
Due to the difference in configuration, DeltaV Smart Switches and DeltaV Safety Switches are not inter-changeable.
Below are examples of the DeltaV Safety Switches. There is a 19 inch rack mount SRM100 Safety Switch. This switch
has two expansion slots, where additional 8 port switch modules may be installed.
There are different options on expansion modules (all expansion modules are 100 MB) that include:
Eight RJ45 Twisted Pair ports
Eight Fiber Optic ports – the fiber may be ordered as either multi-mode fiber or single mode fiber
Eight Small Form Factor (SFP) ports – these ports will then be populated with SFP transceivers
There is also an eight port 24 volt DIN Rail mounted LSN20 Safety Switch. It comes with either 8 twisted pair ports or 6
twisted pair ports and two fiber optic ports. All ports are 100 MB. The fiber may be ordered as either multi-mode or single
mode fiber.
The following graphic shows the relationship between the DeltaV Control Networks and the DeltaV Local Safety Networks
and where they each apply.
Page 17 of 20
Shown below is a sample screenshot from an SRM100 DeltaV Safety Switch that is updated, showing “09.0.15” with a
build date of “2018-09-24”.
Note: While this firmware release has the same security and correction improvements discussed in section 1
concerning firmware version 09.0.15. on the DeltaV Smart Switches, due to the unmanaged nature of the
DeltaV Safety Switches (no IP address) the changes listed in section 1 do not apply to the safety switches.
The purpose of the DeltaV Safety Switch 09.0.15 firmware release is primarily to maintain consistency with
the DeltaV Smart Switches. The DeltaV Safety Switches also do not support the configuration of a monitor
session.
User:
DeltaV Safety Switches are updated in a similar process as the DeltaV Smart Switches.
Refer to AK-1000-0014: DeltaV Smart Switch and DeltaV Safety Switch Flash Upgrade Procedure for instructions:
Page 18 of 20
Included in this release are upgrade file versions for the LSN20 and SRM100 Emerson Safety Switches.
This release may be obtained from the following link:
https://gsuds.emerson.com/pickup/PSG/09_0_15_Safety_Switch_firmware.zip: (Size: 0 KB)
Checksum: E2C52AFAD2AE5E2C43113EEA514C7D81E9445A0DEE91E60A1C6D2260728AECC6
Perform checksum verification on each of the downloaded files. Refer to the following tables for the expected
checksums for each file.
Below are the DeltaV Safety Switch 09.0.15 checksums and file sizes. Refer to Section 1.0 Emerson DeltaV Smart
Switches for the procedure on verifying the checksums.
Contact Information
Services are delivered through our global services network. To contact your Emerson local service provider, click Contact
Us. To contact the Global Service Center, click Technical Support.
To get information on how to use the Sigcheck tool: Click This Link
Page 19 of 20
07 Sep 2015 Added checksum code.
15 Sep 2014 Added the DeltaV Safety Switch in the Affected Products
04 Aug 2014 Added software version 04.2.14 build 03/07/2014
17 Dec 2012 Re-release of firmware 4.2.11
24 Oct 2012 Added information regarding firmware revision 4.2.11
31 Jul 2012 Added software version 04.2.11 build 10/14/2011
24 Mar 2010 Original release of article
©Emerson Automation Solutions 2009-2019. All rights reserved. For Emerson Automation Solutions trademarks and service marks, click this link to
see trademarks. All other marks are properties of their respective owners. The contents of this publication are presented for informational purposes
only, and while diligent effort has been made to ensure their accuracy, they are not to be construed as warrantees or guarantees, express or implied,
regarding the products or services described herein or their use or applicability. All sales are governed by our terms and conditions, which are
available on request. We reserve the right to modify or improve the design or specification of such products at any time without notice.
Page 20 of 20