EasyManua.ls Logo

Rockwell Automation Stratix 4300 - User Manual

Rockwell Automation Stratix 4300
42 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
Loading...
Stratix 4300 Remote Access
Routers
Catalog Number 1783-RA2TGB, 1783-RA5TGB
User Manual
Original Instructions

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the Rockwell Automation Stratix 4300 and is the answer not in the manual?

Overview

  1. Function Description
  2. Important Technical Specifications
  3. 1783-RA2TGB Front View Indicators
  4. 1783-RA5TGB Front View Indicators
  5. Router Top View (Common to both models)
  6. Default Network Settings
  7. Usage Features
  8. Maintenance Features

The Stratix 4300 Remote Access Router is a full gigabit router designed to provide secure remote connectivity for industrial operations, enabling manufacturers and OEMs to maintain their systems remotely via VPN. This solution aims to reduce costs, add value to customer operations, and foster collaboration between OEMs and customers by allowing skilled resources to access and manage equipment regardless of their physical location.

Function Description:

The Stratix 4300 router facilitates remote access to industrial machines and networks through Virtual Private Network (VPN) connections. It is managed by FactoryTalk® Remote Access software, which handles user and group configurations to segment network access and permissions. The router is designed to optimize VPN connections for industrial communications, ensuring reduced latency.

The remote access solution involves three key components:

  1. Stratix 4300 Remote Access Router: Establishes a VPN connection.
  2. Server Infrastructure: A distributed cloud-based server infrastructure that facilitates connections.
  3. FactoryTalk Remote Access: A web-based client used to maintain and initiate remote connections.

The router supports two primary use cases for secure remote connectivity:

  • Cell/Area Zone SRA: In this architecture, the Stratix 4300 is integrated into an industrial zone, providing remote access to devices within that zone. It can be positioned to handle North/South and East/West traffic, with an Industrial Ethernet Switch (IES) providing routing and switching services. The Stratix 4300 requires Internet access, which can be provided through the IES or directly connected to distribution switches.
  • Modem Direct/Isolated Machine: This architecture is designed for remote, isolated cells where an Internet modem (typically from an Internet service provider) is used for the Internet connection. The Stratix 4300 connects to this modem, providing remote access to the isolated machines (e.g., drives, controllers, HMIs) within that cell.

Important Technical Specifications:

The Stratix 4300 Remote Access Router is available in two catalog numbers: 1783-RA2TGB and 1783-RA5TGB.

1783-RA2TGB Front View Indicators:

  • Restart Status Indicator: Indicates the restart status.
  • Server/USB Status Indicator: Shows the status of the server connection and USB port.
  • COM RX Status Indicator: Indicates data reception on the COM port.
  • USB 2.0: USB port.
  • WAN: Wide Area Network port.
  • LAN: Local Area Network port.
  • COM: Serial communication port.
  • Power Status Indicator: Indicates power status.
  • Remote Connect Status Indicator: Shows the status of the remote connection.
  • COM TX Status Indicator: Indicates data transmission on the COM port.

1783-RA5TGB Front View Indicators:

  • Restart Status Indicator: Indicates the restart status.
  • Server/USB Status Indicator: Shows the status of the server connection and USB port.
  • COM RX Status Indicator: Indicates data reception on the COM port.
  • USB 2.0: USB port.
  • WAN: Wide Area Network port.
  • LAN1, LAN2, LAN3, LAN4: Multiple Local Area Network ports.
  • COM: Serial communication port.
  • Power Status Indicator: Indicates power status.
  • Remote Connect Status Indicator: Shows the status of the remote connection.
  • COM TX Status Indicator: Indicates data transmission on the COM port.

Router Top View (Common to both models):

  • Power Connector: For power input.
  • Digital Input/Output Connector: Provides digital I/O functionality.
    • IN0: Input works as a Connection mode, also referred to as selector key input. When active, the router connects to its associated Domain. This input can be driven by a mechanical selector, a key selector, or a PLC output.
    • IN1: Input controls the device restart from outside. The operation corresponds to a paper clip reset. When the command is received, a proper feedback is returned by the status indicator.
    • OUT0: Output is active when the router is connected to its associated Domain. This output is active when at least one user is remotely connected to the Stratix 4300 and is required to be successfully authenticated to the Domain.
    • OUT1: Output is active when at least one user is remotely connected to the router.
  • Factory Reset Button: Resets the router to factory settings.
  • Restart Button: Forces a complete initialization of all internal electronics and software.

Default Network Settings:

  • Default IP address (LAN ports): 192.168.0.1
  • WAN ports: Set to request an address via DHCP.
  • Default username and password: "admin"

Usage Features:

  • Initial Setup:
    • Connect via Ethernet to the device using the default IP address (192.168.0.1).
    • Login with the default username and password ("admin").
    • Change the default password upon first login.
    • Restart the device to apply password changes.
    • Configure date and time settings, including NTP server interfaces.
    • View system information (product name, firmware version, OS version, system manager version, runtime version).
    • Configure WAN and LAN interfaces, including MAC addresses and IP configurations (DHCP or static).
    • Select Serial port mode (e.g., RS232C).
    • Configure VPN connection options under the Networking tab, including reserving static IP pools for VPN connections.
    • Configure server connection availability mode:
      • Always on: Router connects to the Domain immediately after power up and restores connection if dropped.
      • Digital input: Router connects to the Domain only when the IN0 digital input is activated.
    • Manage user accounts, including changing passwords for existing users.
    • Use the Diagnostic tab for network troubleshooting, such as pinging network addresses.
  • IP Address Management: Add or remove IP addresses for LAN interfaces.
  • Domain Association:
    • In the FactoryTalk Remote Access environment, select a domain and click "Add Device."
    • Enter router credentials (username and password).
    • Find the router in the list by its MAC address and register it.
    • Name the router in the "Initial name" box and click "Register."
  • Remote Connectivity:
    • Connect to the device over VPN via the VPN bar in the FactoryTalk Remote Access client.
    • View connection details, VPN data flow, and remote network information.
  • Multi-factor Authentication (MFA):
    • MFA is a secure way to protect account access and is enabled upon first sign-in to FactoryTalk Remote Access.
    • Users are prompted to configure and activate MFA.
    • A QR code is provided for scanning with authenticator apps (Authy, Google Authenticator, Duo, Microsoft Authenticator).
    • Alternatively, a security code can be used if the QR code cannot be scanned.
    • After the first login, subsequent logins require an authenticator code, which updates every 3 minutes.
  • Firewall Policies:
    • The integrated firewall defines and applies policies to VPN traffic for enhanced security.
    • Firewall policies are created and managed within the FactoryTalk Remote Access environment.
    • Policies can be created by clicking "Create firewall policy" within a selected folder.
    • Rules can be configured by adding MAC addresses, Ethernet types, IP addresses, IP protocols, and IP ports.
    • Existing firewall policies can be imported.

Maintenance Features:

  • Protect Against Unwanted Domain Change:
    • The Stratix 4300 Router includes security features to prevent unauthorized domain changes.
    • Once a domain is registered, the server stores binding details, blocking changes without a dedicated procedure.
    • If an attempt is made to bypass this security (e.g., by restoring to factory settings), the router's status indicators will show two blinking red lights, rendering it unusable.
    • Refer to FactoryTalk Remote Access Help for more information on domain change procedures.
  • Remove and Move Devices:
    • A device associated with a domain can be deleted and moved to another domain.
    • To delete a device, click its icon and execute the delete command.
    • After removal, the router can be registered to a new domain.
  • Update the System:
    • Software components can be upgraded by inserting a USB stick with the update file into the router's USB port.
    • The router will power cycle, and the system software update procedure will begin.
    • The update status can be checked in the cloud portal page.
  • Factory Reset:
    • Resets the router to its factory settings, deleting system and complete reset data.
    • Procedure: Turn off the device, press and hold the factory reset button, then turn on the device.
    • The Server/USB status indicator will blink red and green for at least 15 seconds during the process.
    • During the process, the Server/USB indicator blinks green. If the router shuts down during this process, the factory reset is not completed.
    • At the end of the reset process, the Server/USB indicator turns on and starts to blink red, indicating the reset is complete.
  • Router Restart:
    • Forces a complete initialization of all internal electronics and software.
    • Procedure: Turn on the device, then press and release the restart button.
    • The Restart status indicator turns red, then blinks green four times to indicate completion.
    • The router can also be restarted from Device Manager over VPN.
  • Export Logs:
    • The Stratix 4300 Device Manager webpage allows exporting various logs for troubleshooting and diagnostics:
      • RuntimeService_log: Contains information about the status of the Stratix service, network interface configurations, and VPN connection phases.
      • SystemManager_log: Includes device status, activated licenses, and IP addresses assigned to Ethernet ports.
      • NetworkDriver_log: Provides information about the driver status for managing the VPN channel and other network options.
  • Audit Logs:
    • FactoryTalk Remote Access clients automatically record operations performed on domain resources by users.
    • These audit logs can be queried by administrators and cannot be disabled or deleted.
    • Each log includes: the user, operation code, resource object, timestamp, and a description.
    • The audit trail covers login/logout events, CRUD operations (create, rename, update, delete) on all domain resources (users, groups, permissions, devices, configurations), and remote access operations with start and end times.

Rockwell Automation Stratix 4300 Specifications

General IconGeneral
BrandRockwell Automation
ModelStratix 4300
CategoryNetwork Router
LanguageEnglish