Configuring Industrial Asset Discovery

Information About Industrial Asset Discovery

The Industrial Asset Discovery (IAD) feature enables users to view details of directly connected end devices. IAD uses discovery messages included in industrial protocols such as Common Industrial Protocol (CIP) and Profinet to discover these details. Because the IE switches are using the same protocol messages as CIP and Profinet devices, there will be no impact to the end devices. End devices will respond normally.

Industrial networks include end devices such as programmable logic controllers (PLCs) and Intelligent Electronic Devices (IEDs) that are used for control process automation. These devices are connected to Supervisory Control and Data Acquisition (SCADA) applications that run protocols such as CIP and Profinet to monitor, control, and manage the end devices. Centralized CIP/Profinet controllers collect device information through broadcast discovery and maintain a device inventory database. However, this information does not include end device layer 2 network connectivity information such as switch, interface, location, and VLAN, which is useful for operators to physically locate and keep track of end devices.

IAD discovery allows detailed location and layer 2 connectivity information to be collected from end devices. This device information is processed and maintained in a local database on the switch. Information collected through CIP/Profinet discovery can be combined with IP device tracking information to provide detailed information about end devices.

Industrial Asset Discovery Operation

When IAD is enabled, after the IE switch boots up, IAD waits for a pre-defined period of time and then sends discovery messages to the industrial protocols that are enabled. Subsequently, the notification is sent at periodic intervals. You can configure this interval using the iad refresh-interval command. You can enable and disable discovery for any or all of the protocols in IAD: CIP, Profinet, IP Device Tracking (IPDT), Cisco Discovery Protocol (CDP), and Link Layer Discovery Protocol (LLDP).

The database is automatically refreshed if an interface goes down and comes back up. IAD sends a notification and waits for a pre-defined interval of time before the sending the next discovery message when a link flap event occurs. This helps to avoid sending too many discovery messages.

Device information received through CIP, Profinet, and IPDT or CDP and LLDP is collated and stored in a local database. Each access switch in the network maintains its own IAD database. The local database is dynamically refreshed based on configurable timer values. Information collected about end devices as part of IAD discovery includes:

  • Interface Status

  • IP-Address

  • Mac Address

  • Serial Number

  • Device PID

  • Vendor

  • Device Type

  • Software version

  • Protocol

  • Timestamp

The resulting output varies, depending on the network for which an end device has been configured.

Guidelines and Limitations

  • IAD is supported on IE3200, IE3300, and IE3400/IE3400H platforms only.

  • For CIP/Profinet, the assumption is that end devices are connected through access ports and switch to switch peer links are connected through trunk ports. End devices discovered on trunk interfaces are not added to the local database.

  • When an interface goes down, all records pertaining to that interface are deleted. When the interface comes up again, discovery messages are initiated and records are collected.

  • For CIP and Profinet discovery messages, an IP address must be assigned to Switched Virtual Interface (SVI) VLAN interface. Same vlan used for Profinet or CIP devices.

  • A maximum of 100 records can be stored in the IAD database. There is no restriction on the number of records received on an interface.

  • SNMP and YANG are not supported.

Default Configuration

IAD is disabled by default.

When IAD is enabled, these are the default settings:

  • Discovery messages are sent for CIP, and Profinet. IPDT is also enabled. The protocol subsystems then send corresponding discovery messages and collect records.

  • Records are received from CDP and LLDP.

  • The default refresh interval for sending protocol notifications to update the local database is 6 hours.

Configuring Industrial Asset Discovery

Before you begin

Ensure that the protocols you want to enable for IAD are enabled at the switch level.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

iad enable [cdp | cip | ipdt | lldp | profinet]

Enables IAD for the specified protocol.

If no protocol is specified, IAD is enabled for all protocols.

Step 3

iad refresh-interval interval

Specify the rate at which CIP/Profinet discovery packets are sent (in seconds).

The range is 60-86400. The default is 21,600 (6 hours).

Example

The following example show how to configure IAD for CIP and Profinet and sets the refresh interval to 3 hours:

IE3400_IAD#config t
IE3400_IAD(config)#iad enable cip
IE3400_IAD(config)#iad enable profinet
IE3400_IAD(config)#iad refresh-interval 10800

Verifying Industrial Asset Discovery Information

Use the following commands to display IAD inventory and configuration status.

Command

Description

show iad inventory [interface | protocol]

Display the IAD device inventory:

  • interface—Filter records by interface

  • protocol—Filter records by protocol:

    • cdp

    • cip

    • ipdt

    • lldp

    • profinet

show iad status

Display present IAD configuration status

The following example shows you how to verify the IAD status:

IE3400#show iad status
IAD Information:
Status : Enabled
Send/Receive Notification to CDP : Enabled
Send/Receive Notification to CIP : Enabled
Send/Receive Notification to IPDT : Enabled
Send/Receive Notification to LLDP : Enabled
Send/Receive Notification to PROFINET : Enabled
Last discovery sent for CIP/Profinet : 14:41:47 UTC Wed Nov 15 2023
IAD Records Refresh Interval Rate : 10 secs

Feature History for Industrial Asset Discovery

Feature Name

Release

Description

Industrial Asset Discovery (IAD)

Cisco IOS XE 17.14.1

Initial release on IE3200, IE3300, and IE3400/IE3400H series switches