advertisement
SIMATIC NET
Industrial Wireless LAN
SCALANCE W760/W720 to IEEE
802.11n Web Based Management
Configuration Manual
01/2017
C79000-G8976-C350-07
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.
DANGER indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION indicates that minor personal injury can result if proper precautions are not taken.
NOTICE indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.
Siemens AG
Division Process Industries and Drives
Postfach 48 48
90026 NÜRNBERG
GERMANY
C79000-G8976-C350-07
Ⓟ 01/2017 Subject to change
Copyright © Siemens AG 2013 - 2017.
All rights reserved
Table of contents
1
2
3
4
5
2.1
2.2
2.3
2.4
1.1
1.2
4.1
4.2
4.3
4.4
2.5
2.6
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.11.1
4.12
5.1
5.2
5.3
5.4
5.5
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
3
4
Table of contents
6
6.1
6.2
6.3
6.3.1
6.3.1.1
6.3.1.2
6.3.1.3
6.3.1.4
6.3.1.5
6.3.1.6
6.3.1.7
6.3.1.8
6.3.1.9
6.3.1.10
6.3.1.11
6.3.1.12
6.3.1.13
6.4.8.4
6.4.9
6.4.10
6.4.11
6.4.12
6.4.13
6.4.13.1
6.4.13.2
6.4.13.3
6.4.13.4
6.4.14
6.4.14.1
6.4.14.2
6.4.14.3
6.4.14.4
6.4.14.5
6.4
6.4.1
6.4.2
6.4.3
6.4.4
6.4.4.1
6.4.4.2
6.4.5
6.4.5.1
6.4.5.2
6.4.6
6.4.7
6.4.8
6.4.8.1
6.4.8.2
6.4.8.3
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Table of contents
6.4.14.6
6.4.14.7
6.4.14.8
6.4.14.9
6.4.15
6.4.15.1
6.4.15.2
6.4.15.3
6.4.15.4
6.4.15.5
6.5.9.1
6.5.9.2
6.5.10
6.5.11
6.5.11.1
6.5.11.2
6.5.11.3
6.5.11.4
6.5.12
6.5.12.1
6.5.12.2
6.5.12.3
6.5.12.4
6.5.13
6.5.13.1
6.5.13.2
6.5
6.5.1
6.5.2
6.5.2.1
6.5.2.2
6.5.3
6.5.4
6.5.4.1
6.5.5
6.5.6
6.5.7
6.5.8
6.5.8.1
6.5.8.2
6.5.8.3
6.5.9
6.5.13.3
6.5.13.4
6.5.13.5
6.5.13.6
6.5.14
6.5.15
6.5.16
6.5.16.1
6.5.16.2
6.5.17
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
5
6
Table of contents
6.7
6.7.1
6.7.1.1
6.7.1.2
6.7.2
6.7.3
6.7.3.1
6.7.3.2
6.7.3.3
6.7.3.4
6.7.3.5
6.7.4
6.7.5
6.8
6.8.1
6.8.1.1
6.8.1.2
6.9
6.9.1
6.9.1.1
6.9.1.2
6.9.2
6.9.2.1
6.9.2.2
6.9.2.3
6.9.3
6.9.3.1
6.9.3.2
6.9.4
6.9.4.1
6.5.18
6.5.19
6.6
6.6.1
6.6.1.1
6.6.1.2
6.6.2
6.6.2.1
6.6.2.2
6.6.2.3
6.6.2.4
6.6.2.5
6.6.2.6
6.6.2.7
6.6.2.8
6.6.2.9
6.6.2.10
6.6.2.11
6.6.2.12
6.6.2.13
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Table of contents
7
8
A
B
C
D
6.9.4.2
6.9.4.3
6.9.4.4
6.9.4.5
6.9.4.6
6.9.5
6.9.5.1
6.9.5.2
6.9.5.3
6.9.6
6.9.6.1
6.9.6.2
6.9.6.3
6.9.6.4
6.9.7
6.10
6.10.1
6.10.1.1
6.10.2
6.10.3
7.1
7.2
7.3
8.1
8.2
8.3
8.4
8.5
8.6
A.1
B.1
C.1
D.1
D.2
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
7
Table of contents
8
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Introduction
1
1.1 Information on the Configuration Manual
Validity of the configuration manual
This Configuration Manual covers the following products:
● SCALANCE W721-1 RJ-45
● SCALANCE W722-1 RJ-45
● SCALANCE W761-1 RJ-45
This Configuration Manual applies to the following software version:
● SCALANCE W700 firmware as of version V 6.1
Purpose of the Configuration Manual
This Configuration Manual is intended to provide you with the information you require to commission and operate SCALANCE W700 devices correctly. It explains how to configure the devices and how to integrate them in a WLAN network.
The operating instructions for the corresponding SCALANCE W700 devices describe how to install and connect up the devices correctly.
Orientation in the documentation
Apart from the Configuration Manual you are currently reading, the following documentation is also available from SIMATIC NET on the topic of Industrial Wireless LANs:
● Configuration Manual: SCALANCE W760 / W720 Command Line Interface
This document contains the CLI commands that are supported by SCALANCE W700 devices.
● Performance data 802.11 abgn SCALANCE W760/W720
This document contains information about the frequency, modulation, transmit power and receiver sensitivity.
● Operating Instructions SCALANCE W721-1 / W722-1 / W761-1
This document contains information on installing and connecting up the following products and their approvals.
– SCALANCE W721-1 RJ-45
– SCALANCE W722-1 RJ-45
– SCALANCE W761-1 RJ-45
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
9
Introduction
1.1 Information on the Configuration Manual
● System Manual Structure of an Industrial Wireless LAN
Apart from the description of the physical basics and a presentation of the main IEEE standards, this also contains information on data security and a description of the industrial applications of wireless LAN.
You should read this manual if you want to set up WLAN networks with a more complex structure (not simply a connection between two devices).
● System manual RCoax
This system manual contains both an explanation of the fundamental technical aspects as well as a description of the individual RCoax components and their functionality.
Installation/commissioning and connection of RCoax components and their operating principle are explained. The possible applications of the various SIMATIC NET components are described.
● System manual - Passive Network Components IWLAN
This system manual explains the entire IWLAN cabling that you require for your IWLAN application. For a flexible combination and installation of the individual IWLAN components both indoors and outdoors, a wide ranging selection of compatible coaxial accessories are available. The system manual also covers connecting cables as well as a variety of plug-in connectors, lightning protectors, a power splitter and an attenuator.
SIMATIC NET manuals
You will find SIMATIC NET manuals on the Internet pages of Siemens Industry Online
Support:
● Using the search function: support.automation.siemens.com
( http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo2&aktprim=99&la ng=en )
Enter the entry ID of the relevant manual as the search item.
● In the navigation panel on the left-hand side in the area "Industrial Communication":
Industrial communication
( http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=de&siteid= csius&aktprim=0&extranet=standard&viewreg=WW&objid=10805878&treeLang=en )
Go to the required product group and make the following settings: tab "Entry list", Entry type "Manuals"
You will find the documentation for the SIMATIC NET products relevant here on the data storage medium that ships with some products:
● Product CD / product DVD
● SIMATIC NET Manual Collection
● SIMATIC NET IWLAN CD
10
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Further documentation
The "SIMATIC NET Industrial Ethernet Network Manual" contains information on other
SIMATIC NET products that you can operate along with the SCALANCE W700 devices of this product line in an Industrial Ethernet network. There, you will find among other things optical performance data of the communication partners that you require for the installation.
The "SIMATIC NET Industrial Ethernet Network Manual" can be found on the Internet pages of Siemens Industry Online Support under the following entry ID:
27069465 ( http://support.automation.siemens.com/WW/view/en/27069465 )
Terms used
Introduction
1.1 Information on the Configuration Manual
The designation . . .
IPv4 address
IPv6 address
IP address
IPv4 interface
IPv6 interface
IP interface stands for . . .
IPv4 address
IPv6 address
IPv4/IPv6 address
Interface that supports IPv4.
Interface that supports IPv6. The interface can have more than one
IPv6 address The IPv6 addresses have different ranges (scope), e.g. link local
Interface that supports both IPv4 and IPv6. As default the IPv4 support is already activated. The IPv6 support needs to be activated extra.
Security information
Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions only form one element of such a concept.
Customer is responsible to prevent unauthorized access to its plants, systems, machines and networks. Systems, machines and components should only be connected to the enterprise network or the internet if and to the extent necessary and with appropriate security measures (e.g. use of firewalls and network segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be taken into account. For more information about industrial security, please visit http://www.siemens.com/industrialsecurity ( http://www.siemens.com/industrialsecurity )
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends to apply product updates as soon as available and to always use the latest product versions. Use of product versions that are no longer supported, and failure to apply latest updates may increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS
Feed under http://www.siemens.com/industrialsecurity ( http://www.siemens.com/industrialsecurity ).
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
11
Introduction
1.1 Information on the Configuration Manual
SIMATIC NET glossary
Explanations of many of the specialist terms used in this documentation can be found in the
SIMATIC NET glossary.
You will find the SIMATIC NET glossary here:
● SIMATIC NET Manual Collection or product DVD
The DVD ships with certain SIMATIC NET products.
● On the Internet under the following address:
50305045 ( http://support.automation.siemens.com/WW/view/en/50305045 )
License conditions
Note
Open source software
Read the license conditions for open source software carefully before using the product.
You will find license conditions in the following documents on the supplied data medium:
● Readme_OSS_ScalanceW700_80.htm
● Readme_OSS_ScalanceW700_80.pdf
Trademarks
The following and possibly other names not identified by the registered trademark sign
®
are registered trademarks of Siemens AG:
SIMATIC NET, SCALANCE, C-PLUG, RCOAX
Firmware
The firmware is signed and encrypted. This ensures that only firmware created by Siemens can be downloaded to the device.
12
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Introduction
1.2 Type designations
1.2 Type designations
Abbreviations used
The information in the manuals for the SCALANCE W700 product family often applies to more than one product variant. In such situations, the designations of the products are shortened to avoid having to list all the type designations. The following table shows how the abbreviations relate to the product variants.
Product group Product name
Access point
Client
Client with iFeatures
All SCALANCE W devices
The designation . . . stands for . . .
W761-1
W721-1
W722-1
W700
SCALANCE W761-1 RJ-45
SCALANCE W721-1 RJ-45
SCALANCE W722-1 RJ-45
SCALANCE W761-1 RJ-45
SCALANCE W721-1 RJ-45
SCALANCE W722-1 RJ-45
The type designation of a SCALANCE W700 is made up of several parts that have the following meaning:
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
13
Introduction
1.2 Type designations
14
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
2
Note
Interruption of the WLAN communication
The WLAN communication can be influenced by high frequency interference signals and can be totally interrupted.
Remember this and take suitable action.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
15
Description
2.1 Network structures
2.1 Network structures
The following article deals with the setting up of various network structures using access points and clients. A client is also an access point in client mode.
Standalone configuration with access point
This configuration does not require a server and the access point does not have a connection to a wired Ethernet. Within its transmission range, the access point forwards data from one WLAN node to another.
The wireless network has a unique name. All the SCALANCE W700 devices exchanging data within this network must be configured with this name.
The gray area in the graphic symbolizes the wireless range of the access point.
16
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
2.1 Network structures
Wireless access to a wired Ethernet network
If one (or more) access points have access to wired Ethernet, the following applications are possible:
● A single device as gateway:
A wireless network can be connected to a wired network via an access point.
● Span of wireless coverage for the wireless network with several access points:
The access points are all configured with the same unique SSID (network name). All nodes that want to communicate over this network must also be configured with this
SSID.
If a mobile station moves from the area covered by one access point to the area covered by another access point, the wireless link is maintained (roaming).
The following graphic shows the wireless connection of a mobile station over two wireless cells (roaming).
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
17
Description
2.1 Network structures
Multichannel configuration
If neighboring access points use the same frequency channel, this can lead to longer response times due to any collisions that may occur. If the configuration shown in the figure is implemented as a single-channel system, computers A and B cannot communicate at the same time with the access points in their wireless cells.
If neighboring access points are set up for different frequencies, this leads to a considerable improvement in performance. As a result, neighboring wireless cells each have their own medium available and the delays resulting from time-offset transmission no longer occur.
The channel spacing should be as large as possible; a practical value is 25 MHz. Even in a multichannel configuration, all access points can be configured with the same network name.
The following graphic shows a multichannel configuration on channels 1 and 2 with four access points.
18
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
2.1 Network structures
Wireless Distribution System (WDS)
WDS allows direct links between access points and or between access points and other
WDS-compliant devices. These are used to create a wireless backbone or to connect an individual access point to a network that cannot be connected directly to the cable infrastructure due to its location.
Two alternative configurations are possible. The WDS partner can be configured using the
WDS ID or using its MAC address.
The following graphic shows the implementation of WDS with four access points.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
19
Description
2.1 Network structures
Network access with a client or an access point in client mode
The SCALANCE W700 device can be used to integrate wired Ethernet devices (for example
SIMATIC S7 PLC) in a wireless network.
The following graphic shows the connection of a SIMATIC S7 PLC to a wireless LAN.
20
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
2.2 Possible applications of SCALANCE W700 devices
2.2 Possible applications of SCALANCE W700 devices
Note
The SIMATIC NET WLAN products use OpenSSL.
This is open source code with license conditions (BSD).
Please refer to the current license conditions.
Since the driver includes encryption software, you should also adhere to the appropriate regulations for your specific country.
Possible applications of the SCALANCE W761
The SCALANCE W761 is equipped with an Ethernet interface and a WLAN interface. This makes the SCALANCE W700 device suitable for the following applications:
● The SCALANCE W761 forwards data within its transmission range from one node to another without a connection to wired Ethernet being necessary.
● The SCALANCE W761 can be used as a gateway from a wired to a wireless network.
● The SCALANCE W761 supports protection class IP20.
Possible applications of the SCALANCE W722
The SCALANCE W722 is equipped with an Ethernet interface and a WLAN interface. This makes the SCALANCE W700 device suitable for the following applications:
● The SCALANCE W722 can be used as a gateway from a wired to a wireless network.
● The SCALANCE W722 can be used with iPCF as a client.
● The SCALANCE W722 supports protection class IP20.
Possible applications of the SCALANCE W721
The SCALANCE W721 is equipped with two Ethernet interfaces and a WLAN interface. This makes the SCALANCE W700 device suitable for the following applications:
● The SCALANCE W721 can be used as a gateway from a wired to a wireless network.
● The SCALANCE W721 supports protection class IP20.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
21
Description
2.3 Product characteristics
2.3 Product characteristics
Properties of the SCALANCE W700 devices
● The Ethernet interface supports the following:
– 10 Mbps and 100 Mbps both in full and half duplex
– Autocrossing
– Autopolarity
● Operating the WLAN interface in the frequency bands 2.4 GHz and 5 GHz.
● The WLAN interface is compatible with the standards IEEE 802.11a , IEEE 802.11b , and
IEEE 802.11g. In the 802.11a and 802.11g mode, the gross transmission rate is up to 54
Mbps.
● IEEE 802.11n
High-speed WLAN standard (wireless LAN) and can operate in the 2.4 GHz and in the 5
GHz range.
● IEEE 802.11h - Supplement to IEEE 802.11a
In the 802.11h mode, the methods "Transmit Power Control (TPC)" as well as "Dynamic
Frequency Selection (DFS)" are used in the range 5.25 - 5.35 and 5.47 - 5.75 GHz. In some countries, this allows the frequency subband of 5.47 - 5.725 GHz to be used in the outdoor area even with higher transmit powers.
TPC is a method of adapting the transmit power.
With DFS, the access point searches for primary users for 60 seconds before starting communication on the selected channel. During this time the access point does not send beacons. If signals are found on the channel, the channel is blocked for 30 minutes, the access point changes channel and repeats the check. Primary users are also searched for during operation.
● Support of the authentication standards WPA, WPA-PSK, WPA2, WPA2-PSK and
IEEE 802.1x and the encryption methods WEP, AES and TKIP.
Note
The transmission standard IEEE 802.11n with the setting "802.11n" or "802.11n only" supports only WPA2/WPA2-PSK with AES in the security settings.
● For better transmission via WLAN, the function WMM (wireless multimedia) is enabled.
The frames are evaluated according to their priority and sent prioritized via the WLAN interface.
● Suitable for inclusion of a RADIUS server for authentication.
● Device-related and application-related monitoring of the wireless connection.
● The interoperability of the SCALANCE W700 devices with Wi-Fi devices of other vendors was tested thoroughly.
● Before commissioning the SCALANCE W700, check the wireless conditions on site. If you intend to use Industrial Wireless LAN systems and WirelessHART systems in the 2.4
GHz band, you will need to plan the use of the channels. At all costs, avoid parallel use of
22
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
2.3 Product characteristics overlapping frequency ranges. The following overlaps exist with Industrial Wireless LAN and WirelessHART:
IWLAN channel
IEEE 802.11 b/g/n
1
6
7
11
13
WHART channel
IEEE 802.15.4
11 - 16
15 - 20
16 - 21
20 - 25
21 - 25
Note
All SCALANCE W700 access points can be reconfigured for client mode.
Features of the SCALANCE W700
Type Number of
WLAN ports
SCALANCE W761-1 RJ-45 1
SCALANCE W722-1 RJ-45 1
Antennas Number and type of Ethernet interface external 1 x 10/100 Mbps
Ethernet (copper) external 1 x 10/100 Mbps
Ethernet (copper)
Degree of protection
IP20
IP20
SCALANCE W721-1 RJ-45 1 external 1 x 10/100 Mbps
Ethernet (copper)
IP20
(1) US variant
(2) Israel variant
Article number
6GK5761-1FC00-0AA0
6GK5761-1FC00-0AB0
(1)
6GK5722-1FC00-0AA0
6GK5722-1FC00-0AB0
(1)
6GK5722-1FC00-0AC0
(2)
6GK5721-1FC00-0AA0
6GK5721-1FC00-0AB0
(1)
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
23
Description
2.4 IEEE 802.11n
2.4
Overview
IEEE 802.11n
The standard IEEE 802.11n is an expansion of the 802.11 standard and was approved in
2009.
Previous standards worked either in the 2.4 GHz frequency band (IEEE 802.11g /b) or in the
5 GHz frequency band (IEEE 802.11a). IEEE 802.11n can operate in both frequency band.
In the IEEE 802.11n standard, there are mechanisms implemented in PHY and MAC layers that increase the data throughput and improve the wireless coverage.
● MIMO antenna technology
● Maximum ratio combining (MRC)
● Spatial multiplexing
● Channel bonding
● Frame aggregation
● Accelerated guard interval
● Modulation and coding scheme
● Data throughput rates up to 450 Mbps (gross)
This is not possible on all SCALANCE W700 devices.
24
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
2.4 IEEE 802.11n
MIMO antenna technology
MIMO (Multiple Input - Multiple Output) is based on an intelligent multiple antenna system.
The transmitter and the receiver have several spatially separate antennas. The spatially separate antennas transmit the data streams at the same time. Up to four data streams are possible. The data streams are transmitted over spatially separate paths and return over different paths due to diffraction, refraction, fading and reflection (multipath propagation).
The multipath propagation means that at the point of reception a complex, space- and timedependent pattern results as a total signal made up of the individual signals sent. MIMO uses this unique pattern by detecting the spatial position of characteristic signals. Here, each spatial position is different from the neighboring position. By characterizing the individual senders, the recipient is capable of separating several signals from each other.
Maximum ratio combining (MRC)
In a multiple antenna system, the wireless signals are received by the individual antennas and combined to form one signal. The MRC method is used to combine the wireless signals.
The MRC method weights the wireless signals according to their signal-to-noise ratio and combines the wireless signals to form one signal. The signal-to-noise ratio is improved and the error rate is reduced.
Spatial mutliplexing
With spatial multiplexing, different information is sent using the same frequency. The data stream is distributed over n transmitting antennas; in other words, each antenna sends only
1/n of the data stream. The division of the data stream is restricted by the number of antennas. At the receiver end, the signal is reconstructed.
Due to the spatial multiplexing, there is a higher signal-to-noise ratio and a higher data throughput.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
25
Description
2.4 IEEE 802.11n
Channel bonding
With IEEE 802.11n, data can be transferred via two directly neighboring channels. The two
20 MHz channels are put together to form one channel with 40 MHz. This allows the channel bandwidth to be doubled and the data throughput to be increased.
To be able to use channel bonding, the recipient must support 40 MHz transmissions. If the recipient does not support 40 MHz transmissions, the band is automatically reduced to 20
MHz. This means that IEEE 802.11n can also communicate with IEEE 802.11a/b/g devices.
The channel bundling is set on the "AP" WBM page with the "HT Channel Width [MHz]" parameter.
Frame aggregation
With IEEE 802.11n, it is possible to group together individual data packets to form a single larger packet; this is known as frame aggregation. There are two types of frame aggregation:
Aggregated MAC Protocol Data Unit (A-MPDU) and Aggregated MAC Service Data Unit (A-
MSDU).
The frame aggregation reduces the packet overheads. Frame aggregation can only be used if the individual data packets are intended for the same receiving station (client).
The SCALANCE W700 devices support both types of frame aggregation. You specify the settings for the A-MPDU data packet on the "AP 802.11n" WBM page.
26
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
2.4 IEEE 802.11n
Accelerated guard interval
The guard interval prevents different transmissions being mixed together. In telecommunications, this mixing is also known as intersymbol interference (ISI).
When the send time has elapsed, a send pause (guard interval) must be kept to before the next transmission begins.
The guard interval of IEEE 802.11a /b/g is 800 ns. IEEE 802.11n can use the reduced guard interval of 400 ns. You specify the guard interval on the "AP 802.11n" WBM page.
Modulation and coding schemes
The IEEE 802.11n standard supports different data rates. The data rates are based on the number of spatial streams, the modulation method and the channel coding. The various combinations are described in modulation and coding schemes.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
27
Description
2.5 Requirements for installation and operation
2.5 Requirements for installation and operation
Requirements for installation and operation of SCALANCE W700 devices
A PG/PC with a network connection must be available in order to configure
SCALANCE W700 devices. If no DHCP server is available, a PC on which the Primary
Setup Tool (PST) is installed is necessary for the initial assignment of an IP address to the
SCALANCE W700 devices. For the other configuration settings, a computer with Telnet or a
Web browser is necessary.
28
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
2.6 ConfigPack
2.6 ConfigPack
Configuration information in the ConfigPack
With ConfigPack it is possible to install ta device configuration on several devices.
Note
Using configurations with DHCP
Create a ConfigPack only from device configurations that use DHCP. Otherwise disruptions will occur in network operation due to multiple identical IP addresses.
You assign fixed IP addresses extra following the basic installation.
The device configuration, user accounts and certificates are stored in the ConfigPack.
The storage of the active firmware of the creating device must be released in the CLI.
You save and load the ConfigPack using the WBM. if the firmware was stored as well, when installing the firmware the device performs a firmware upgrade/downgrade if the firmware versions differ from each other.
For more information, refer to the section Upkeep and maintenance (Page 347).
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
29
Description
2.6 ConfigPack
30
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Security recommendations
3
To prevent unauthorized access, note the following security recommendations.
General
● You should make regular checks to make sure that the device meets these recommendations and/or other security guidelines.
● Evaluate your plant as a whole in terms of security. Use a cell protection concept with suitable products.
● When the internal and external network are disconnected, an attacker cannot access internal data from the outside. Therefore operate the device only within a protected network area.
● For communication via non-secure networks use additional devices with VPN functionality to encrypt and authenticate the communication.
● Terminate management connections correctly (WBM. Telnet, SSH etc.).
Physical access
● Restrict physical access to the device to qualified personnel.
● The memory card or the PLUG (C-PLUG, KEY-PLUG, security PLUG) contains sensitive data such as certificates, keys etc. that can be read out and modified.
Software (security functions)
● Keep the software up to date. Check regularly for security updates of the product.
You will find information on this on the Internet pages "Industrial Security
( http://www.siemens.com/industrialsecurity )".
● Inform yourself regularly about security advisories and bulletins published by Siemens
ProductCERT ( http://www.siemens.com/cert/en/cert-security-advisories.htm
).
● Only activate protocols that you really require to use the device.
● Use the security functions such as address translation with NAT (Network Address
Translation) or NAPT (Network Address Port Translation) to protect receiving ports from access by third parties.
● Restrict access to the device with a firewall or rules in an access control list (ACL -
Access Control List).
● If RADIUS authentication is via remote access, make sure that the communication is within the secured network area or is via a secure channel.
● The option of VLAN structuring provides good protection against DoS attacks and unauthorized access. Check whether this is practical or useful in your environment.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
31
Security recommendations
● Enable logging functions. Use the central logging function to log changes and access attempts centrally. Check the logging information regularly.
● Configure a Syslog server to forward all logs to a central location.
● Use WPA2/ WPA2-PSK with AES to protect the WLAN. If iPCF or iPCF-MC is used, use the AES encryption.
Passwords
● Define rules for the use of devices and assignment of passwords.
● Regularly update passwords and keys to increase security.
● Change all default passwords for users before you operate the device.
● Only use passwords with a high password strength. Avoid weak passwords for example password1, 123456789, abcdefgh.
● Make sure that all passwords are protected and inaccessible to unauthorized personnel.
● Do not use the same password for different users and systems or after it has expired.
Keys and certificates
This section deals with the security keys and certificates you require to set up HTTPS (
HyperText Transfer Protocol Secured Socket Layer).
● We strongly recommend that you create your own HTTPS certificates and make them available.
There are preset certificates and keys on the device. The preset and automatically created HTTPS certificates are self-signed.
We recommend that you use HTTPS certificates signed either by a reliable external or by an internal certification authority. The HTTPS certificate checks the identity of the device and controls the encrypted data exchange. You can install the HTTPS certificate via the
WBM (System > Load and Save).
● Handle user-defined private keys with great caution if you use user-defined SSH or SSL keys.
● Use the certification authority including key revocation and management to sign the certificates.
● Verify certificates and fingerprints on the server and client to avoid "man in the middle" attacks.
● We recommend that you use certificates with a key length of 2048 bits.
● Change keys and certificates immediately, if there is a suspicion of compromise.
32
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Security recommendations
Secure/non-secure protocols
● For the DCP function, enable the "DCP read-only" mode after commissioning.
● Avoid and disable non-secure protocols, for example Telnet and TFTP. For historical reasons, these protocols are still available, however not intended for secure applications.
Use non-secure protocols on the device with caution.
● The following protocols provide secure alternatives:
– SNMPv1/v2 → SNMPv3
Check whether use of SNMPv1 is necessary. SNMPv1 is classified as non-secure.
Use the option of preventing write access. The product provides you with suitable setting options.
If SNMP is enabled, change the community names. If no unrestricted access is necessary, restrict access with SNMP.
Use SNMPv3 in conjunction with passwords.
– HTTP → HTTPS
– Telnet → SSH
– SNTP → NTP
● Use secure protocols when access to the device is not prevented by physical protection measures.
● To prevent unauthorized access to the device or network, take suitable protective measures against non-secure protocols.
● If you require non-secure protocols and services, operate the device only within a protected network area.
● Restrict the services and protocols available to the outside to a minimum.
Available protocols per port
The following list provides you with an overview of the open ports on this device.
The table includes the following columns:
● Protocol
All protocols that the device supports
● Port number
Port number assigned to the protocol
● Port status
– Open
The port is always open and cannot be closed.
– Open (when configured)
The port is open if it has been configured.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
33
Security recommendations
● Factory setting
– Open
The factory setting of the port is "Open".
– Closed
The factory setting of the port is "Closed".
● Authentication
Specifies whether or not the protocol is authenticated.
Protocol
SSH
Port number Port status
TCP/22
Factory setting of the port
Open
TELNET
HTTP
HTTPS
SNTP
NTP
SNMP
TCP/23
TCP/80
TCP/443
UDP/123
Open (when configured)
Open (when configured)
Open (when configured)
Open (when configured)
Open (when configured)
Open
Open
Open
Closed
Open
PROFINET
Syslog
EtherNet/IP
DHCP
RADIUS
TFTP
UDP/161
UDP/34964,
UDP/49154,
49155
UDP/514
Open (when configured)
Open
TCP/44818,
UDP/2222,4
4818
Open (when configured)
Open (when configured)
UDP/67,68 Open (when configured)
UDP/1812,1
813
Open (when configured)
UDP/69 Open (when configured)
Open
Open
Open
Closed
Closed
Closed
No
No
No
No
No
Yes
Yes
No
Authentication
Yes
Yes
Yes
No
34
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Technical basics
4.1 Configuration limits for WBM and CLI
Configuration limits of the device
The following table lists the configuration limits for Web Based Management and the
Command Line Interface of the device.
System
Depending on your device, some functions are not available.
Interfaces
Layer 2
Configurable function
Syslog server
SMTP server
SNMPv1 trap recipient
SNTP server
NTP server
DHCP pools
IPv4 addresses managed by the DHCP server (dynamic + static)
DHCP static assignments per DHCP pool
DHCP options
Force destination addresses for roaming
Virtual LANs (port-based; including VLAN 1)
Multiple Spanning Tree instances
20
20
10
3
16
Maximum number
3
3
10
2
1
1
100
4
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
35
Technical basics
4.1 Configuration limits for WBM and CLI
Security
Configurable function
IP addresses from RADIUS servers
Management ACLs (access rules for management)
MAC ACL rule configuration
Ingress and egress rules for MAC ACL (total)
IP ACL rule configuration
Ingress and egress rules for IP ACL IP (total)
User roles
User groups
Users
Maximum number
• AAA: 4
•
WLAN: 2
10
20
40 per interface (20 ingress rules /
20 egress rules)
• Client: 80 (P1, WLAN)
•
Access point: 680 (P1, WDS
1.Y, VAP 1.Y)
20
40 per interface (20 ingress rules /
20 egress rules)
•
Client: 120 (P1, WLAN, management VLAN)
• Access point: 720 (P1, WDS
1.Y, VAP 1.Y, management
VLAN)
•
Dual access point: 1360 (P1,
WDS X.Y, VAP X.Y, management VLAN)
28
32
28
36
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Technical basics
4.2 Interfaces and system functions
4.2 Interfaces and system functions
Availability of the interfaces
The following table shows the availability of the physical and logical interfaces. Note that in this table all interfaces are listed. Depending on the system function, some interfaces are not available. On the WBM pages you can only select the available interfaces.
We reserve the right to make technical changes.
Wireless interface (WLAN)
IP interface:
LAN interface
VLAN
VAP interface 1)
WDS interface
1)
VLAN
1)
only in access point mode
Client device
-
_
3
W722-1 RJ45
W721-1 RJ45
WLAN 1
P1
ManagementVLAN
Access points
W761-1 RJ45
WLAN 1
P1
ManagementVLAN
VAP 1.1
WDS 1.1
3
Availability of the system functions
The following table shows the availability of the system functions on the devices. Note that all functions are described in this configuration manual and in the online help. Depending on the mode and the KEY-PLUG, some functions are not available.
We reserve the right to make technical changes.
Access point mode
Information WLAN Overview AP
Client List
WDS List
Overlap AP
Force Roaming
Overview Client
Available AP
IP Mapping
WLAN Statistics Faults
Management Sent ✓
Management Received ✓
Data Sent
Data Received
✓
✓
-
-
✓
✓
✓
✓
✓
✓
-
Access points in client mode
✓
✓
✓
-
-
✓
✓
✓
✓
✓
-
-
Client devices
-
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
37
Technical basics
4.2 Interfaces and system functions
System
Interfaces
Layer 3
Security iFeatures
WLAN
NAT
WLAN iPCF iPCF-MC
Access point mode
PROFINET
EtherNet/IP
Basic
Advanced
Antennas
Allowed Channels
802.11n
AP
AP WDS
AP 802.11a/b/g Rates
AP 802.11n Rates
Force Roaming
Signal recorder
Spectrum Analyzer
Basic
NAPT
Basic
AP Communication
AP RADIUS Authenticator
Client RADIUS Supplicant
Keys
-
-
✓
✓
✓
✓
✓
✓
-
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
-
✓
-
- iPRP -
Access points in client mode
-
-
✓
✓
✓
-
-
-
✓
-
-
-
✓
✓
✓
✓
✓
Client devices
✓
✓
✓
✓
✓
Only W722-1 RJ45
This can be integrated in a
WLAN with iPCF, iPCF-MC.
✓
Only W722-1 RJ45
This can be integrated in a
WLAN with iPCF, iPCF-MC.
✓
Only W722-1 RJ-45
Support of IPv6
The following system functions do not support IPv6 addresses:
● Inter AP blocking
● Force roaming
● IP ACL
● Management ACL
38
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Technical basics
4.3 EtherNet/IP
4.3
EtherNet/IP
EtherNet/IP
EtherNet/IP (Ethernet/Industrial Protocol) is an open industry standard for industrial real-time
Ethernet based on TCP/IP and UDP/IP. With EtherNet/IP, Ethernet is expanded by the
Common Industrial Protocol (CIP) at the application layer. In EtherNet/IP, the lower layers of the OSI reference model are adopted by Ethernet with the physical, network and transport functions.
You configure EtherNet/IP in "System > EtherNet/IP (Page 217)".
Common Industrial Protocol
The Common Industrial Protocol (CIP) is an application protocol for automation that supports transition of the field buses in Industrial Ethernet and in IP networks. This industry protocol is used by field buses/industrial networks such as DeviceNet, ControlNet and EtherNet/IP at the application layer as an interface between the deterministic fieldbus world and the automation application (controller, I/O, HMI, OPC, ...). The CIP is located above the transport layer and expands the pure transport services with communications services for automation engineering. These include services for cyclic, time-critical and event-controlled data traffic.
CIP distinguishes between time-critical I/O messages (implicit messages) and individual query/response frames for configuration and data acquisition (explicit messages). CIP is object-oriented; all data "visible" from the outside is accessible in the form of objects. CIP has a common configuration basis: EDS (Electronic Data Sheet).
Electronic Data Sheet
Electronic Data Sheet (EDS) is an electronic datasheet for describing devices.
The EDS required for EtherNet/IP operation can be found in "System > Load&Save
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
39
Technical basics
4.4 PROFINET
4.4
PROFINET
PROFINET
PROFINET is an open standard (IEC 61158/61784) for industrial automation based on
Industrial Ethernet. PROFINET uses existing IT standards and allows end-to-end communication from the field level to the management level as well as plant-wide engineering. PROFINET also has the following features:
● Use of TCP/IP
● Automation of applications with real-time requirements
– Real-Time (RT) communication
– Isochronous Real-Time (IRT) communication
● Seamless integration of fieldbus systems
You configure PROFINET in "System > PROFINET (Page 215)".
PROFINET IO
Within the framework of PROFINET, PROFINET IO is a communications concept for implementing modular, distributed applications. PROFINET IO is implemented by the
PROFINET standard for programmable controllers (IEC 61158-x-10).
40
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Technical basics
4.5 VLAN
4.5 VLAN
Network definition regardless of the spatial location of the nodes
VLAN (Virtual Local Area Network) divides a physical network into several logical networks that are shielded from each other. Here, devices are grouped together to form logical groups.
Only nodes of the same VLAN can address each other. Since multicast and broadcast frames are only forwarded within the particular VLAN, they are also known as broadcast domains.
The particular advantage of VLANs is the reduced network load for the nodes and network segments of other VLANs.
To identify which frame belongs to which VLAN, the frame is expanded by 4 bytes. This expansion is also known as VLAN tag and includes not only the VLAN ID but also priority information.
Note
When the device receives a doubly tagged frame, the first tag (vlan) is evaluated for the path and the second tag for the priority.
Options for the VLAN assignment
There are various options for the assignment to VLANs:
● Port-based VLAN
Each port of a device is assigned a VLAN ID. You configure port-based VLAN in "Layer 2
● Protocol-based VLAN
Each port of a device is assigned a protocol group.
● Subnet-based VLAN
The IP address of the device is assigned a VLAN ID.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
41
Technical basics
4.6 MAC-based communication
4.6 MAC-based communication
Frames sent by the client to the access point always have the MAC address of the WLAN client as the source MAC address. In the "Learning Table" of the access point there is therefore only the MAC address of the WLAN client.
MAC mode "Automatic", "Manual" and "Own"
If the MAC address of a device connected to the client is adopted (Automatic) or is set manually (Manual), both the MAC-based and the IP-based frames find their destination for precisely this device. If the MAC address of the Ethernet interface of the WLAN client is used
(Own), the MAC-based and IP-based frames only reach the WLAN client.
The access point checks whether the destination MAC address matches the MAC addresses of the connected clients. Since a WLAN client can only use a MAC address, communication at the MAC address level (ISO/OSI layer 2) can be to a maximum of one node downstream from the client or the client itself.
With IP Mapping, several nodes downstream from a client can be addressed based on the IP protocol. The IP packets are broken down according to an internal table and forwarded to the connected devices.
Maximum possible number of Ethernet nodes with layer 2 communication downstream from the client: 1
Notes on the "Automatic" setting:
● As long as there is no link on the Ethernet interface, the device uses the MAC address of the Ethernet interface so that it can be reached in this status. In this status, the device can be found using the Primary Setup Tool and configured with WBM or CLI.
● As soon as there is a link on the Ethernet interface, the device adopts the source MAC address of the first received frame.
Note
From the moment that the device adopts another MAC address (manually or automatically), the device no longer responds to queries of the Primary Setup Tool when the query is received over the WLAN interface. Queries of the PST over the Ethernet interface continue to be replied to.
MAC mode "Layer 2 Tunnel"
With the setting "Layer 2 Tunnel", the client provides information about the devices downstream from it when it registers with an access point. This makes it possible to enter the
MAC addresses of these devices in the "learning table" of the access point. The access point can forward MAC-based frames for the devices downstream from the client to the appropriate client.
In much the same way as with WDS, a separate port is created for the L2T client over which the Ethernet frames are sent without changing the destination MAC address.
Maximum possible number of Ethernet nodes downstream from the client: 4
42
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Technical basics
4.7 iPCF / iPCF-MC
4.7 iPCF / iPCF-MC
The wireless range of an IWLAN system can be expanded by using multiple access points. If a client moves from the area covered by one access point to the area covered by another access point, the wireless link is maintained after a short interruption (roaming).
In an industrial environment, there are applications that require a deterministic response when there are large numbers of nodes and when roaming to another cell require handover times of less than 100 milliseconds.
● iPCF (industrial Point Coordination Function) iPCF ensures that the entire data traffic of a cell is ordered, controlled by the access point. Even with large numbers of nodes, collisions can also be avoided. iPCF also allows fast cell changes.
You configure iPCF in "iFeatures > iPCF (Page 341)".
● iPCF-MC (industrial Point Coordination Function - Management Channel) iPCF-MC was developed to make the advantages of iPCF available to fully mobile nodes that communicate without being dependent on RCoax cable or directional antennas. With iPCF-MC, the client also searches for potentially suitable access points when it receives iPCF queries from the access point and the existing connection to an access point is working problem-free. This means that if a change to a different access point is necessary, this is achieved extremely quickly. In contrast to iPCF, the handover times for iPCF-MC are not dependent on the number of wireless channels being used.
You configure iPCF-MC in "iFeatures > iPCF-MC (Page 342)".
iPCF / iPCF-MC - how it works
The access point checks all nodes in the wireless cell cyclically. At the same time, the scan includes the downlink traffic for this node. In the reply, the node sends the uplink data. The access point scans a new node at least every 5 ms.
The scan of a node is seen by all other nodes in the cell. This allows a client to detect the quality of the wireless link to the access point even when it is not communicating with the access point itself. If the client does not receive any frames from the access point for a certain time, it starts to search for a new access point.
In iPCF mode, both the search for a new access point and the registration with this access point have been optimized in terms of time. Handover times significantly below 50 ms are achieved.
Stable PNIO communication is only possible when a WLAN client is in a cell with more than
60 % (-65 dBm) signal strength at all times. This can be checked by activating and deactivating the various wireless cells.
This does not mean that the client needs to change when there is a signal strength < 60 %
(< -65 dBm). Make sure that access points are available with adequate signal strength.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
43
Technical basics
4.7 iPCF / iPCF-MC
44
①
Wireless cell of access point 1
②
Wireless cell of access point 2
③
Wireless cell of access point 3
④
Wireless cell of access point 4
⑤
Plant
Figure 4-1 Configuration example of iPCF-MC
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Restrictions
Technical basics
4.7 iPCF / iPCF-MC
● iPCF and iPCF-MC are developments of Siemens AG and function only with nodes on which iPCF / iPCF-MC is implemented.
● With an access point with several WLAN interfaces, it is possible to use both iPCF as well as standard WLAN at the same time.
● Access points with a WLAN interface cannot take part in the iPCF-MC procedures, iPCF is, however, possible.
Requirements for iPCF-MC
iPCF-MC uses the two wireless interface of the access point in different ways: One interface works as the management interface and sends a beacon every five milliseconds. The other interface transfers the user data.
The following requirements must be met before you can use iPCF-MC:
● Only SCALANCE W700 devices with two WLAN interfaces can be used as access points
● The data interface (WLAN1) and management interface (WLAN2) must be operated in the same frequency band and must match in terms of their wireless coverage. iPCF-MC will not work if the two wireless interfaces are equipped with directional antennas that cover different areas.
● The management interfaces of all access points to which a client can change must use the same channel. A client scans only this one channel to find accessible access points.
● Transmission based on IEEE 802.11h (DFS) cannot be used for the management interface. 802.11h (DFS) is possible for the data interface.
● A client must support this feature on its WLAN interface.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
45
Technical basics
4.8 iPRP
4.8 iPRP
The "Parallel Redundancy Protocol" (PRP) is a redundancy protocol for cabled networks. It is defined in Part 3 of the IEC 62439 standard.
With the "industrial Parallel Redundancy Protocol" (iPRP) the PRP technology can be used in wireless networks. iPRP improves the availability of wireless communication.
How it works
A PRP network consists of two completely independent networks. If one network is disrupted, the frames are sent without interruption/reconfiguration via the parallel redundant network. To achieve this the Ethernet frames are sent to the recipient in duplicate via both networks. Devices capable of PRP have at least two separate Ethernet interfaces that are connected to independent networks.
With devices not capable of PRP a redundancy box (RedBox) is connected upstream. This allows access for so-called Single Attached Nodes (SAN) to PRP networks. The RedBox duplicates every Ethernet frame to be sent and among other things adds the VLAN ID and a sequence number. The RedBox sends a copy of the frame at the same time on both
Ethernet interfaces via both networks.
With PRP the SCALANCE W700 devices PRP can be used in wireless networks.
46
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Technical basics
4.8 iPRP
The access points (AP 1, AP 2 and AP 3) and the RedBox A are connected to each other via a switch. The PRP frames are sent to the access points via both networks (PRP A, PRP B).
The access points receive the PRP frame.
The PRP frames are sent at the same time on two different wireless links to the recipients.
The clients A and B are connected to different access points at the same time. The clients are never connected to the access point via the same interface. The clients and the RedBox
B are connected via a switch.
Note
The interface of the switch and of the client must be members of the same VLAN (PRP network). For client A, VLAN 10 (PRP A) is set in the PRP network. The Ethernet interface of the switch may only be a member in VLAN 10 but not in VLAN 20 of client B.
The RedBox B forwards the first PRP frame to arrive and discards the second PRP frame.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
47
Technical basics
4.8 iPRP
The redundant partners (here: AP1 and AP3 or client A and client B) communicate with each other to prevent the two redundant PRP frames from arriving at the RedBox with too great a time difference.
If for example communication between AP1 and client A is not possible, the PRP frame comes to its destination via redundant client B.
You configure iPRP in "iFeatures > iPRP".
Requirement
● The base bridge mode "802.1Q VLAN Bridge" is set.
● The VLANs have been created.
● The VLANs are configured on the same interface.
● Access point mode: The VAP interface is enabled.
● Client mode: In MAC mode "Layer 2 Tunnel" is set.
● Depending on the configuration the clients can communicate with every access point.
48
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Technical basics
4.9 NAT/NAPT
4.9 NAT/NAPT
Layer 3 possible only with SCALANCE W722-1 RJ-45
The use of the layer 3 functions is possible only with the client SCALANCE W722-1 RJ-45.
What is NAT?
With Network Address Translation (NAT), the IPv4 address in a data packet is replaced by another. NAT is normally used on a gateway between a private LAN and an external network with globally valid IPv4 addresses. A local IPv4 address of the internal LAN is changed to an external global IPv4 address by a NAT device at the gateway.
To translate the internal into the global IPv4 address, the NAT device maintains a translation
list. The address assignment is automatic. You configure the address assignment in "Layer 3
What is NAPT?
In "Network Address Port Translation" (NAPT) or "Port Address Translation" (PAT), several internal source IPv4 addresses are translated into the same external source IPv4 address.
To identify the individual source nodes, the port of the source device is also stored in the translation list of the NAT gateway and translated for the external address.
If several local clients send a query to the same external destination IPv4 address via the
NAT gateway, the gateway enters its own external source IPv4 address in the header of these data packets. Since the forwarded data packets have the same global source IPv4 address, the NAT gateway assigns the data packets to the clients using different port number.
Note
NAT/NAPT is possible only on layer 3 of the ISO/OSI reference model. To use the NAT function, the networks must use the IP protocol.
When using the ISO protocol that operates at layer 2, it is not possible to use NAT.
If a client from the global network wants to use a service in the internal network, the translation list for the static address assignment needs to be configured. You configure the
translation list for NAPT in "Layer 3 > NAT > NAPT (Page 294)".
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
49
Technical basics
4.10 SNMP
4.10
Introduction
SNMP
With the aid of the Simple Network Management Protocol (SNMP), you monitor and control network components from a central station, for example routers or switches. SNMP controls the communication between the monitored devices and the monitoring station.
Tasks of SNMP:
● Monitoring of network components
● Remote control and remote parameter assignment of network components
● Error detection and error notification
In versions v1 and v2c, SNMP has no security mechanisms. Each user in the network can access data and also change parameter assignments using suitable software.
For the simple control of access rights without security aspects, community strings are used.
The community string is transferred along with the query. If the community string is correct, the SNMP agent responds and sends the requested data. If the community string is not correct, the SNMP agent discards the query. Define different community strings for read and write permissions. The community strings are transferred in plain text.
Standard values of the community strings:
● public has only read permissions
● private has read and write permissions
Note
Because the SNMP community strings are used for access protection, do not use the standard values "public" or "private". Change these values following the initial commissioning.
Further simple protection mechanisms at the device level:
● Allowed Host
The IP addresses of the monitoring systems are known to the monitored system.
● Read Only
If you assign "Read Only" to a monitored device, monitoring stations can only read out data but cannot modify it.
SNMP data packets are not encrypted and can easily be read by others.
The central station is also known as the management station. An SNMP agent is installed on the devices to be monitored with which the management station exchanges data.
50
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
SNMPv3
Technical basics
4.10 SNMP
The management station sends data packets of the following type:
● GET
Request for a data record from the SNMP agent
● GETNEXT
Calls up the next data record.
● GETBULK (available as of SNMPv2c)
Requests multiple data records at one time, for example several rows of a table.
● SET
Contains parameter assignment data for the relevant device.
The SNMP agent sends data packets of the following type:
● RESPONSE
The SNMP agent returns the data requested by the manager.
● TRAP
If a certain event occurs, the SNMP agent itself sends traps.
SNMPv1/v2c/v3 use UDP (User Datagram Protocol) and use the UDP ports 161 and 162.
The data is described in a Management Information Base (MIB).
Compared with the previous versions SNMPv1 and SNMPv2c, SNMPv3 introduces an extensive security concept.
SNMPv3 supports:
● Fully encrypted user authentication
● Encryption of the entire data traffic
● Access control of the MIB objects at the user/group level
With the introduction of SNMPv3 you can no longer transfer user configurations to other devices without taking special action, e.g. by loading a configuration file or replacing the C-
PLUG.
According to the standard, the SNMPv3 protocol uses a unique SNMP engine ID as an internal identifier for an SNMP agent. This ID must be unique in the network. It is used to authenticate access data of SNMPv3 users and to encrypt it.
Depending on whether you have enabled or disabled the “SNMPv3 User Migration” function, the SNMP engine ID is generated differently.
Restriction when using the function
Use the "SNMPv3 User Migration" function only to transfer configured SNMPv3 users to a substitute device when replacing a device.
Do not use the function to transfer configured SNMPv3 users to multiple devices. If you load a configuration with created SNMPv3 users on several devices, these devices use the same
SNMP engine ID. If you use these devices in the same network, your configuration contradicts the SNMP standard.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
51
Technical basics
4.10 SNMP
Compatibility with predecessor products
You can only transfer SNMPv3 users to a different device if you have created the users as migratable users. To create a migratable user the "SNMPv3 User Migration" function must be activated when you create the user.
52
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Technical basics
4.11 Spanning Tree
4.11 Spanning Tree
Avoiding loops
The Spanning Tree algorithm detects redundant physical network structures and prevents the formation of loops by disabling redundant paths. It evaluates the distance and performance of a connection or bases the decisions on settings made by the user. Data is then exchanged only over the remaining connection paths.
If the preferred data path fails, the Spanning Tree algorithm then searches for the most efficient path possible with the remaining nodes.
Root bridge and bridge priority
The identification of the most efficient connection is always related to the root bridge, a network component that can be considered as a root element of a tree-like network structure. With the "Bridge Priority" parameter, you can influence the selection of the root bridge. The computer with the lowest value set for this parameter automatically becomes the root bridge. If two computers have the same priority value, the computer with the lower MAC address becomes the root bridge.
Response to changes in the network topology
If nodes are added to a network or drop out of the network, this may affect the optimum path selection for data packets. To be able to respond to such changes, the root bridge sends configuration messages (BPDUs) at regular intervals. You can set the interval between two configuration messages with the "Hello Time" parameter.
Keeping configuration information up to date
With the "Max Age" parameter, you set the maximum age of configuration information. If a bridge has information that is older than the time set in Max Age, it discards the message and initiates recalculation of the paths.
New configuration data is not used immediately by a bridge but only after the period specified in the "Forward Delay" parameter. This ensures that operation is started with the new topology only after all the bridges have the required information.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
53
Technical basics
4.11 Spanning Tree
4.11.1 RSTP, MSTP, CIST
Rapid Spanning Tree Protocol (RSTP)
One disadvantage of STP is that if there is a disruption or a device fails, the network needs to reconfigure itself: The devices start to negotiate new paths only when the interruption occurs. This can take up to 30 seconds. Fur this reason, STP was expanded to create the
"Rapid Spanning Tree Protocol" (RSTP, IEEE 802.1w). This differs from STP essentially in that the devices are already collecting information about alternative routes during normal operation and do not need to gather this information after a disruption has occurred. This means that the reconfiguration time for an RSTP controlled network can be reduced to a few seconds.
This is achieved by using the following functions:
● Edge ports (end node port)
Edge ports are ports connected to an end device.
A port that is defined as an edge port is activated immediately after connection establishment. If a spanning tree BPDU is received at an edge port, the port loses its role as edge port and it takes part in (R)STP again. If no further BPDU is received after a certain time has elapsed (3 x hello time), the port returns to the edge port status.
● Point-to-point (direct communication between two neighboring devices)
By directly linking the devices, a status change (reconfiguration of the ports) can be made without any delays.
● Alternate port (substitute for the root port)
A substitute for the root port is configured. If the connection to the root bridge is lost, the device can establish a connection over the alternate port without any delay due to reconfiguration.
● Reaction to events
Rapid spanning tree reacts to events, for example an aborted connection, without delay.
There is no waiting for timers as in spanning tree.
● Counter for the maximum bridge hops
The number of bridge hops a package is allowed to make before it automatically becomes invalid.
In principle, therefore with rapid spanning tree, alternatives for many parameters are preconfigured and certain properties of the network structure taken into account to reduce the reconfiguration time.
Multiple Spanning Tree Protocol (MSTP)
The Multiple Spanning Tree Protocol (MSTP) is a further development of the Rapid
Spanning Tree Protocol. Among other things, it provides the option of operating several
RSTP instances within different VLANs or VLAN groups and, for example, making paths available within the individual VLANs that the single Rapid Spanning Tree Protocol would globally block.
54
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Technical basics
4.11 Spanning Tree
Common and Internal Spanning Tree (CIST)
CIST identifies the internal instance used by the switch that is comparable in principle with an internal RSTP instance.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
55
Technical basics
4.12 User management
4.12 User management
Overview of user management
Access to the device is managed by configurable user settings. Set up users with a password for authentication. Assign a role with suitable rights to the users.
The authentication of users can either be performed locally by the device or by an external
RADIUS server. You configure how the authentication is handled on the "Security > AAA >
General" page.
Local logon
The local logging on of users by the device runs as follows:
1. The user logs on with user name and password on the device.
2. The device checks whether an entry exists for the user.
→ If an entry exists, the user is logged in with the rights of the associated role.
→ If no corresponding entry exists, the user is denied access.
Login via an external RADIUS server
RADIUS (Remote Authentication Dial-In User Service) is a protocol for authenticating and authorizing users by servers on which user data can be stored centrally.
Depending on the RADIUS authorization mode you have selected on the "Security > AAA >
RADIUS Client" page, the device evaluates different information of the RADIUS server.
RADIUS authorization mode "Standard"
If you have set the authorization mode "conventional", the authentication of users via a
RADIUS server runs as follows:
1. The user logs on with user name and password on the device.
2. The device sends an authentication request with the login data to the RADIUS server.
3. The RADIUS server runs a check and signals the result back to the device.
– The RADIUS server reports a successful authentication and returns the value
"Administrative User" to the device for the attribute "Service Type".
→ The user is logged in with administrator rights.
– The RADIUS server reports a successful authentication and returns a different or even no value to the device for the attribute "Service Type".
→ The user is logged in with read rights.
– The RADIUS server reports a failed authentication to the device:
→ The user is denied access.
RADIUS authorization mode "SiemensVSA"
Requirement
56
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Technical basics
4.12 User management
For the RADIUS authorization mode "Siemens VSA" the following needs to be set on the
RADIUS server:
● Manufacturer code: 4196
● Attribute number: 1
● Attribute format: Character string (group name)
Procedure
If you have set the authorization mode "SiemensVSA", the authentication of users via a
RADIUS server runs as follows:
1. The user logs on with user name and password on the device.
2. The device sends an authentication request with the login data to the RADIUS server.
3. The RADIUS server runs a check and signals the result back to the device.
Case A: The RADIUS server reports a successful authentication and returns the group assigned to the user to the device.
– The group is known on the device and the user is not entered in the table "External
User Accounts"
→ The user is logged in with the rights of the assigned group.
– The group is known on the device and the user is entered in the table "External User
Accounts"
→ The user is assigned the role with the higher rights and logged in with these rights.
– The group is not known on the device and the user is entered in the table "External
User Accounts"
→ The user is logged in with the rights of the role linked to the user account.
– The group is not known on the device and the user is not entered in the table "External
User Accounts"
→ The user is logged in with the rights of the role "Default".
Case B: The RADIUS server reports a successful authentication but does not return a group to the device.
– The user is entered in the table "External User Accounts":
→ The user is logged in with the rights of the linked role "".
– The user is not entered in the table "External User Accounts":
→ The user is logged in with the rights of the role "Default".
Case C: The RADIUS server reports a failed authentication to the device:
– The user is denied access.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
57
Technical basics
4.12 User management
58
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Assignment of an IP address
5
5.1 Structure of an IP address
Address classes
IP address range
1.x.x.x through 126.x.x.x
128.0.x.x through 191.255.x.x
192.0.0.x through 223.255.255.x
224.0.0.0 - 239.255.255.255
240.0.0.0 - 255.255.255.255
Max. number of networks Max. number of hosts/network
126
16383
2097151
Multicast applications
Reserved for future applications
16777214
65534
254
Class
A
B
C
D
E
CIDR
/8
/16
/24
An IP address consists of 4 bytes. Each byte is represented in decimal, with a dot separating it from the previous one. This results in the following structure, where XXX stands for a number between 0 and 255:
XXX.XXX.XXX.XXX
The IP address is made up of two parts, the network ID and the host ID. This allows different subnets to be created. Depending on the bytes of the IP address used as the network ID and those used for the host ID, the IP address can be assigned to a specific address class.
Subnet mask
The bits of the host ID can be used to create subnets. The leading bits represent the address of the subnet and the remaining bits the address of the host in the subnet.
A subnet is defined by the subnet mask. The structure of the subnet mask corresponds to that of an IP address. If a "1" is used at a bit position in the subnet mask, the bit belongs to the corresponding position in the IP address of the subnet address, otherwise to the address of the computer.
Example of a class B network:
The standard subnet address for class B networks is 255.255.0.0; in other words, the last two bytes are available for defining a subnet. If 16 subnets must be defined, the third byte of the subnet address must be set to 11110000 (binary notation). In this case, this results in the subnet mask 255.255.240.0.
To find out whether two IP addresses belong to the same subnet, the two IP addresses and the subnet mask are ANDed bit by bit. If both logic operations have the save result, both IP addresses belong to the same subnet, for example, 141.120.246.210 and 141.120.252.108.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
59
Assignment of an IP address
5.1 Structure of an IP address
Outside the local area network, the distinction between network ID and host ID is of no significance, in this case packets are delivered based on the entire IP address.
Note
In the bit representation of the subnet mask, the "ones" must be set left-justified; in other words, there must be no "zeros" between the "ones".
60
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Assignment of an IP address
5.2 Initial assignment of an IP address
5.2 Initial assignment of an IP address
Configuration options
An initial IP address for a SCALANCE W700 cannot be assigned using Web Based
Management (WBM) or the Command Line Interface (CLI) over Telnet because these configuration tools require that an IP address already exists.
The following options are available to assign an IP address to an unconfigured device currently without an IP address:
● DHCP (default)
● Primary Setup Tool
● STEP 7
● NCM PC
Note
When the product ships and following "Restore Factory Defaults and Restart", DHCP is enabled. If a DHCP server is available in the local area network, and this responds to the
DHCP request of a SCALANCE W700, the IP address, subnet mask and gateway are assigned automatically when the device first starts up. " Restore Memory Defaults and
Restart" does not delete an IP address assigned either by DHCP or by the user.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
61
Assignment of an IP address
5.3 Address assignment with DHCP
5.3 Address assignment with DHCP
Properties of DHCP
DHCP (Dynamic Host Configuration Protocol) is a method for automatic assignment of IP addresses. It has the following characteristics:
● DHCP can be used both when starting up a device and during ongoing operation.
● The assigned IP address remains valid only for a limited time known as the lease time.
When half the period of validity has elapsed. the DHCP client can extend the period of the assigned IPv4 address. When the entire time has elapsed, the DHCP client needs to request a new IPv4 address.
● There is normally no fixed address assignment; in other words, when a client requests an
IP address again, it normally receives a different address from the previous address. It is possible to configure the DHCP server so that the DHCP client always receives the same fixed address in response to its request. The parameter with which the DHCP client is identified for the fixed address assignment is set on the DHCP client. The address can be assigned via the MAC address, the DHCP client ID or the system name. You configure
the parameter in "System > DHCP Client (Page 181)".
● The following DHCP options are supported:
– DHCP option 6: Assignment of a DNS server address
– DHCP option 66: Assignment of a dynamic TFTP server name
– DHCP option 67: Assignment of a dynamic boot file name
– DHCP option 82: Assignment of IP addresses depending on the device index, switch port, the VLAN ID or user-defined identification values of the DHCP relay agent.
Note
DHCP uses a mechanism with which the IP address is assigned for only a short time
(lease time). If the device does not reach the DHCP server with a new request on expiry of the lease time, the assigned IP address, the subnet mask and the gateway continue to be used.
The device therefore remains accessible under the last assigned IP address even without a DHCP server. This is not the standard behavior of office devices but is necessary for problem-free operation of the plant.
62
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Assignment of an IP address
5.4 Address assignment with the Primary Setup Tool
5.4
Introduction
Address assignment with the Primary Setup Tool
The PST (Primary Setup Tool) is capable of assigning such an address to unconfigured devices that do not yet have an IP address.
Requirement
The devices can be reached via Ethernet.
Note
For more detailed information, refer to the Primary Setup Tool configuration manual.
You will find the PST at Siemens Industry Automation and Drives Service & Support on the
Internet under entry ID 19440762. The URL for this entry is: http://support.automation.siemens.com/WW/view/en/19440762
( http://support.automation.siemens.com/WW/view/en/19440762 )
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
63
Assignment of an IP address
5.5 Address assignment with STEP 7
5.5 Address assignment with STEP 7
In STEP 7, you can configure the topology, the device name and the IP address; in other words, an IP address is specified for the MAC address of the device. If you connect the unconfigured device to the controller, the controller assigns the configured device name and the IP address to the device automatically.
STEP 7 V5.x and earlier
For further information on the assignment of the IP address using STEP 7 V5.x and earlier, refer to the documentation "Configuring Hardware and Communication Connections STEP
7", in the section "Steps for Configuring a PROFINET IO System".
STEP 7 as of V13
For further information on assigning the IP address using STEP 7 as of V13, refer to the online help "Information system", section "Addressing PROFINET devices".
64
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6
6.1 Web Based Management
How it works
The device has an integrated HTTP server for Web Based Management (WBM). If a device is addressed with a Web browser, it returns HTML pages to the client PC depending on the user input.
The user enters the configuration data in the HTML pages sent by the device. The device evaluates this information and generates reply pages dynamically.
The advantage of this method is that only a Web browser is required on the client.
Note
Secure connection
WBM also allows you to establish a secure connection via HTTPS.
Use HTTPS for protected data transmission. If you wish to access WBM only via a secure connection, activate the option "HTTPS Server only" in "System > Configuration".
Requirements
WBM display
● The device has an IP address
● There is a connection between the device and the client device. With the Windows ping command, you can check whether or not a connection exists.
● Access via HTTPS is enabled.
● JavaScript is activated in the Web browser.
● The Web browser must not be set so that it reloads the page from the server each time the page is accessed. The updating of the dynamic content of the page is ensured by other mechanisms. In the Internet Explorer, you can make the appropriate setting in the
"Options > Internet Options > General" menu in the section "Browsing history" with the
"Settings" button. Under "Check for newer versions of stored pages:", select
"Automatically".
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
65
Configuring with Web Based Management
6.1 Web Based Management
● If a firewall is used, the relevant ports must be opened.
– For access using HTTP: Port 80
– For access using HTTPS: Port 443
● The display of the WBM was tested with the following desktop Web browsers:
– Microsoft Internet Explorer 11
Note
Compatibility view
In Microsoft Internet Explorer, disable the compatibility view to ensure correct display and to allow problem-free configuration using WBM.
– Mozilla Firefox 38 ESR
– Chrome V46
Display of the WBM on mobile devices
For mobile devices, the following minimum requirements must be met:
Resolution
960 x 640 pixels
Operating system
Android as of version 4.2.1 iOS as of version 6.0.2
Internet browser
Chrome as of version 18 on Android
Safari as of version 6 on iOS
● Tested with the following Internet browsers for mobile devices:
– Safari as of version 8 on iOS as of V8.1.3 (iPad Mini Model A1432)
– Chrome as of version 46 on Android as of version 5.0.2 (Nexus 7C Asus)
– Firefox as of version 35 on Android as of version 5.0.2
Note
Display of the WBM and working with it on mobile devices
The display on the WBM pages and how you work with them on mobile devices may differ compared with the same pages on desktop devices. Some pages also have an optimized display for mobile devices.
66
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.2 Login
6.2 Login
Establishing a connection to a device
Follow the steps below to establish a connection to a device using an Internet browser:
1. There is a connection between the device and the client PC. With the ping command, you can check whether or not a connection exists.
2. In the address box of the Internet browser, enter the IP address or the URL of the device.
If there is a problem-free connection to the device, the logon page of Web Based
Management (WBM)is displayed.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
67
Configuring with Web Based Management
6.2 Login
Logging in using the Internet browser
Selecting the language of the WBM
1. From the drop-down list at the top right, select the language version of the WBM pages.
2. Click the "Go" button to change to the selected language.
Note
Available languages
As of version 5.2 English and German are available. Other languages will follow in a later version.
Logon with HTTP
There are two ways in which you can log on via HTTP. You either use the logon option in the center of the browser window or the logon option in the upper left area of the browser window.
68
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.2 Login
The following steps apply when logging on, whichever of the above options you choose:
1. Enter the following in the "Name" input box:
– "admin": With this user type, you can change the settings of the device (read and write access to the configuration data).
2. Enter your password in the "Password" input box.
When you log in for the first time or following a "Restore Factory Defaults and Restart", enter the standard password in the "Password" input box.
– "admin": Standard password "admin"
3. Click the "Login" button or confirm your entry with "Enter".
When you log in for the first time or following a "Restore Factory Defaults and Restart", with the default user "admin" you will be prompted to change the password.
You need to repeat the password as confirmation. The password entries must match.
Click the "Set Values" button to complete the action and activate the new password.
Once you have logged in successfully, the start page appears.
Logon with HTTPS
Web Based Management also allows you to connect to the device over the secure connection of the HTTPS protocol. Follow these steps:
1. Click on the link "Switch to secure HTTP" on the login page or enter "https://" and the IP address of the device in the address box of the Internet browser.
2. Check the displayed certificate warning and confirm it if applicable.
The logon page of Web Based Management appears.
3. Enter the following in the "Name" input box:
– "admin": With this user type, you can change the settings of the device (read and write access to the configuration data).
4. Enter your password in the "Password" input box.
When you log in for the first time or following a "Restore Factory Defaults and Restart", enter the standard password in the "Password" input box.
– "admin": Standard password "admin"
5. Click the "Login" button or confirm your entry with "Enter".
When you log on for the first time or following a "Restore Factory Defaults and Restart", with the default user "admin" you will be prompted to change the password.
You need to repeat the password as confirmation. The password entries must match.
Click the "Set Values" button to complete the action and activate the new password.
Once you have logged in successfully, the start page appears.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
69
Configuring with Web Based Management
6.3 "Wizard" menu
6.3 "Wizard" menu
6.3.1
Introduction
Basic Wizard
With the Basic Wizard, menus guide you through the configuration of the most important parameters.
On the Basic Wizard pages, you can only configure the parameters important for the basic functionality. You make further settings when you have finished with the Basic Wizard.
Requirement
● The device is in the status it was when it was shipped and can be reached via the
Ethernet interface.
● You have assigned an IP address to the device. For more detailed information, refer to
the section "Assignment of an IP address (Page 59)".
● You are logged on in WBM as the "admin" user. For more detailed information, refer to
the section "Login (Page 67)".
Starting the Basic Wizard
Click on "Wizard > Basic Wizard" in the navigation area to start the Basic Wizard.
If you log on the first time or log on after a "Restore Memory Defaults and Restart", the Basic wizard is always started automatically after you have changed the default password.
Buttons you require often
The WBM pages of the Basic Wizard contain the following buttons:
Button Description
Goes to the next page
Goes back to the previous page
The Basic Wizard is closed without adopting the settings.
Saves the configuration and exits the Wizard.
Navigation within the pages of the Basic Wizard is possible only with the "Prev" and "Next" buttons.
70
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.3 "Wizard" menu
6.3.1.1
Introduction
System Settings
On this Basic Wizard page, you specify the mode of the device. After changing the mode, a message is displayed.
If you confirm the message with "OK", the device restarts with the factory-set configuration settings. Log in again and start the Basic Wizard to continue the configuration of the device for the selected mode.
Note
Because only access points can work in client mode as well, the mode can only be selected for these devices.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
71
Configuring with Web Based Management
6.3 "Wizard" menu
Description
The Basic Wizard page contains the following boxes:
● Restore Memory Defaults and Restart
If you click this button, the factory configuration settings are restored with the exception of the parameters below followed by a restart.
– IP address
– Subnet mask
– IP address of the default gateway
– DHCP client ID
– DHCP
– System name
– System location
– System contact
– User names and passwords
– Mode of the device
After restarting the device, you will need to log in again and start the Basic wizard again to configure the device.
● Device Mode
Select the mode of the device. This selection is available only for access points.
The following operating modes are possible:
– AP: Access point mode
– Client: Client mode
72
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.3 "Wizard" menu
6.3.1.2
Introduction
Country Settings
On this Basic Wizard page, you configure the country and the system name.
Description
The Basic Wizard page contains the following boxes
● Country Code
From this drop-down list, select the country in which the device will be deployed. You do not need to know the data for the specific country, the channel division and output power are set by the device according to the country you select.
Note
Locale setting
The correct country setting is mandatory for operation complying with the approvals.
Selecting a country different from the country of use can lead to legal prosecution.
● System Name
You can enter the name of the device. If you configure this box, this configuration is adopted and displayed in the selection area. A maximum of 255 characters are possible.
The system name is also displayed in the CLI input prompt. The number of characters in the CLI input prompt is limited. The system name is truncated after 16 characters.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
73
Configuring with Web Based Management
6.3 "Wizard" menu
6.3.1.3
Introduction
IP Address Settings
One of the basic steps in configuration of a device is setting the IP address. The IP address identifies a device in the network uniquely.
Description
The Basic Wizard page contains the following boxes
● DHCP Client
Specify how the IP address will be assigned. There are two methods of assigning IP addresses.
– Enabled
The device obtains a dynamic IP address from a DHCP server.
– Disabled
You enter the IP settings in the input boxes "IP Address" and "Subnet Mask".
● IP Address
Enter an IP address that is unique within your network.
● Subnet Mask
Enter the subnet mask of the device.
● Default gateway
Enter the IP address of the default gateway so that the device can communicate with devices in other subnets, for example diagnostics stations, e-mail server.
74
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.3 "Wizard" menu
6.3.1.4 Management Interfaces
System configuration
On this Basic Wizard page, you specify the services with which the device can be accessed.
With some services, there are further configuration pages on which more detailed settings can be made. Configure these services after completing the Basic Wizard.
Description
The page contains the following boxes:
● Telnet Server enable or disable the "Telnet Server" service for unencrypted access to the CLI.
● SSH Server
Enable or disable the "SSH Server" service for encrypted access to the CLI.
● HTTPS Server only
Enable or disable access using HTTPS.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
75
Configuring with Web Based Management
6.3 "Wizard" menu
● DCP Server
Specify whether or not the device can be accessed with DCP (Discovery and
Configuration Protocol):
– "-" (disabled)
DCP is disabled. Device parameters can neither be read nor modified.
– Read/Write
With DCP, device parameters can be both read and modified.
– Read Only
With DCP, device parameters can be read but cannot be modified.
● SNMP
Select the protocol from the drop-down list. The following settings are possible:
– "-" (SNMP disabled)
Access to device parameters via SNMP is not possible.
– SNMPv1/v2c/v3
Access to device parameters is possible with SNMP versions 1, 2c or 3. You can configure other settings in "System > SNMP > General".
– SNMPv3
Access to device parameters is possible with SNMP version 3. You can configure other settings in " System > SNMP > General".
● SNMPv1/v2 Read-Only
Enable or disable write access to SNMP variables with SNMPv1/v2c.
● SINEMA configuration interface
If the SINEMA configuration interface is enabled, you can download configurations to the device via the TIA Portal.
76
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.3 "Wizard" menu
6.3.1.5
Introduction
Antenna Settings
On this Basic Wizard page, you configure the settings for the external antenna.
Description
This table contains the following columns:
● Connector
Shows the name of the relevant antenna connector.
● Antenna Type
Select the type of external antenna connected to the device. If the type of your antenna is not available, select the entry "User defined".
● Antenna Gain [dBi]
If you select the "User defined" entry for the "Antenna Type", enter the antenna gain manually in the "dBi" unit.
– Antenna Gain 2.4 GHz [dBi]
Enter the antenna gain the antenna has in the 2.4 GHz frequency band.
– Antenna Gain 5 GHz [dBi]Enter the antenna gain the antenna has in the 5 GHz frequency band.
● Cable length [m]
Enter the length of the flexible antenna connecting cable in meters between the device and the external antenna.
● Additional Attenuation [dB]
Here, specify the additional attenuation caused, for example, by an additional splitter.
Note
If you use other WLAN interfaces, make sure that you have adequate channel spacing.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
77
Configuring with Web Based Management
6.3 "Wizard" menu
6.3.1.6
Introduction
Radio Settings
On this Basic Wizard page, you specify the configuration for the WLAN interface.
Description
78
This table contains the following columns:
● Radio
Shows the available WLAN interfaces.
● Enabled
Enable or disable the WLAN interface. The WLAN interface is disabled when the device is supplied.
● Radio Mode
ZeShows the mode of the WLAN interface.
● Frequency Band
Specify the frequency band.
● WLAN-Modus
Select the required transmission standard for the configured frequency band.
– WLAN Mode 2.4 GHz
Specify the transmission standard for the 2.4 GHz frequency band.
– WLAN Mode 5 GHz
Specify the transmission standard for the 5 GHz frequency band. The selection depends on the country setting.
● DFS (802.11h)
– Enabled
If the access point discovers a disruption on the current channel, for example due to a primary user, it automatically switches to an alternative channel. You specify the alternative channel on the "AP Settings" Basic Wizard page. DFS is also required for the use of certain wireless channels. This can only be enabled in the 5 GHz band.
– Disabled
The DFS function is not used.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.3 "Wizard" menu
● Outdoor Mode
– Enabled
In outdoor mode, the selection of country-dependent channels and the transmit power for operation are extended for outdoor use.
– Disabled
The device is being operated in indoor mode. In indoor mode, the selection of countrydependent channels and the transmit power for operation in a building are restricted.
● max. Tx Power
Specify the transmit power of the device. It may be necessary to reduce the transmit power depending on the antennas being used to avoid exceeding the maximum legal transmit power. Reducing the transmit power effectively reduces cell size
Note
The maximum possible transmit power varies depending on the channel and data rate.
For more detailed information on transmit power, refer to the documentation
"Characteristics radio interface".
● Tx power check
Indicates whether the settings that have been made will violate the permitted transmit power restrictions of the selected country. The following parameters influence this calculation: max. Tx Power, Antenna Gain, Additional Attenuation.
The following displays can appear:
– Allowed
The channels can be used with the current settings.
– Not Allowed (Some Channels)
Among the channels, there are some on which the current transmit power exceeds the maximum permitted transmit power.
– Not Allowed (All Channels)
No permitted operation is possible. The transmit power is too high.
6.3.1.7
Introduction
Access Point Settings
On this Basic Wizard page, you specify the configuration for the access point.
Note
This page is available only in access point mode.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
79
Configuring with Web Based Management
6.3 "Wizard" menu
Description of the displayed boxes
Table 1 contains the following columns:
● Radio
Shows the available WLAN interfaces.
● Channel
Specify the main channel. If you want the access point to search for a free channel itself, use "Auto". If you want to use a fixed channel, select the required channel from the dropdown list.
80
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.3 "Wizard" menu
● Alternative DFS Channel
If you have enabled the DFS function on the Basic Wizard page "Radio", specify the alternative channel here. If you want the access point to search for a free channel itself, use "Auto". If you want to use a fixed channel, select the required channel from the dropdown list.
● HT Channel Width [MHz]
You can specify the channel bandwidth with the IEEE 802.11n transmission standard.
The following settings are possible.
– 20
Channel bandwidth 20 MHz
– 40 up
Channel bandwidth 40 MHz. The configured channel and the neighboring channel above it are used.
– 40 down
Channel bandwidth 40 MHz. The configured channel and the neighboring channel below it are used.
Table 2 contains the following columns:
● Port
Shows the first VAP interface per WLAN interface.
● SSID
Enter the SSID. The length of the character string for SSID it is 1 to 32 characters.
The ASCII code 0x20 to 0x7e is used for the SSID.
After completing the Basic Wizard, you can define further SSIDs with "Interfaces > WLAN
> Access Point Settings".
6.3.1.8
Introduction
Client Settings
On this Basic Wizard page, you specify the configuration for clients, for example the assignment of the MAC address.
Note
This page is only available in client mode.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
81
Configuring with Web Based Management
6.3 "Wizard" menu
82
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.3 "Wizard" menu
Table 1 contains the following columns:
● Radio
Shows the available WLAN interfaces.
● MAC Mode
Specify how the MAC address is assigned to the client. The following are possible:
– Automatic
The client automatically adopts the source MAC address of the first frame that it receives over the Ethernet interface.
– Manual
If you select "Manual", enter the MAC address in the "MAC Address" column.
– Own
– The client uses the MAC address of the Ethernet interface for the WLAN interface.
– Layer 2 Tunnel
The client uses the MAC address of the Ethernet interface for the WLAN interface.
The network is also informed of the MAC addresses connected to the Ethernet interface of the client. Up to eight MAC addresses can be used.
● MAC Address
Enter the MAC address of the client. The input box can only be edited if you have set
"Manual" for the "MAC Mode".
● Any SSID
– Enabled
In client mode, the device attempts to connect to the network with the best transmission quality and that has suitable security settings.
– Disabled
The client attempts to connect to the network from the SSID list that has the best transmission quality.
Table 2 contains the following columns:
● Radio
Shows the available WLAN interfaces.
● SSID
Enter the SSID of the access point with which the client connects. In the Basic Wizard, you can only specify one SSID. After completing the Basic Wizard, you can define further
SSIDs with "Interfaces > WLAN > Client".
● Security Context
Shows the assigned security context. In the Basic Wizard only one security context is available. After completing the Basic Wizard, you can create and configure further security contexts in "Security > WLAN > Basic".
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
83
Configuring with Web Based Management
6.3 "Wizard" menu
6.3.1.9
Introduction
Client Allowed Channel Settings
For communication, a specific channel within a frequency band is used. On this page, you can either set this channel specifically or configure so that the channel is selected automatically.
Note
This page is only available in client mode.
Description
Table 1 contains the following columns:
● Radio
Shows the available WLAN interfaces.
● Use Allowed Channels only
If you enable the option, you restrict the selection of channels via which the client is allowed to establish the connection.
In the following tables, you define the channels on which the client searches for an AP.
The tables are divided up according to frequency bands.
84
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.3 "Wizard" menu
If the option is disabled, the channels available based on the settings (country code, antennas, transmit power etc.) are used.
Above the tables for the frequency bands, you will find the following check box:
● Select / Deselect all
– Enabled
If you enable the check box, all channels are selected.
– Disabled
If you deselect the check box, only the first valid channel of the frequency band remains enabled.
The tables of the frequency bands have the following columns:
● Radio
Shows the available WLAN interfaces in this column.
● Radio Mode
Shows the operating mode of the device.
● Channel number
To specify the valid channels for the required frequency band, select the appropriate check box for the channel number.
The table displays the permitted channels of the country. Only the valid channels can be enabled. Invalid channels are grayed out and cannot be enabled.
Note
To specify the channels, the setting "Use Allowed Channels only" must be enabled.
6.3.1.10
Introduction
Security Settings
To make the network secure, authentication and encryption are used. You specify the security levels with the type of authentication and the encryption procedure.
Use WPA2/AES, to prevent misuse of a password WPA2 (RADIUS) / WPA2-PSK with AES provides the greatest security. You will find further information on security in the configuration manual under "Instructions for secure network design".
The security settings on both devices must match to allow a client to communicate with an access point.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
85
Configuring with Web Based Management
6.3 "Wizard" menu
Description
This table contains the following columns:
● Interface (only in Access Point mode)
Shows the interface to which the settings relate.
● Security Context (in client mode only)
Shows the security context to which the settings relate.
86
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.3 "Wizard" menu
● Authentication Type
Select the type of authentication.
Note
WLAN mode IEEE 802.11 n
With devices operated in WLAN mode IEEE8002.11n only WPA2 (WPA2-PSK and
WPA2 Radius) encryption is possible.
– Open System
Without authentication
– WEP
– WPA-PSK
WPA authentication with WPA key. Enter the WPA key in ""WPA(2) Pass Phrase.
– WPA (RADIUS)
WPA authentication with RADIUS server. You configure the access data on the next
Basic Wizard page.
– WPA2-PSK
WPA2 authentication with WPA2 key. Enter the WPA2 key in ""WPA(2) Pass Phrase.
– WPA2 (RADIUS)
WPA2 authentication with RADIUS server. You configure the access data on the next
Basic Wizard page.
● Cipher
Select the encryption method.
– AUTO
AES or TKIP is selected automatically depending on the capability of the other station.
– TKIP (Temporal Key Integrity Protocol)
A symmetrical encryption method with the RC4 algorithm (Ron’s Code 4). In contrast to the weak WEP encryption, TKIP uses changing keys derived from a main key. TKIP can also recognize corrupted data frames.
– AES (Advanced Encryption Standard)
Strong symmetrical block encryption method based on the Rijndael algorithm that further improves the functions of TKIP.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
87
Configuring with Web Based Management
6.3 "Wizard" menu
● WPA(2) Pass Phrase
Enter a WPA(2) key. The key can be 8 to 63 ASCII characters or exactly 64 hexadecimal characters long. This WPA(2) key must be known on both the client and the access point and is entered by the user at both ends.
Note
The WPA(2) key can be 8 to 63 ASCII characters or exactly 64 hexadecimal characters long. It should be selected so that is complex for example consisting of random numbers, letters (upper-/lowercase), have few repetitions and special characters. Do not use known names, words or terms that could be guessed. If a device is lost or if the key becomes known, change the key on all devices to maintain security.
● WPA(2) Pass Phrase Confirmation
Confirm the entered WPA(2) pass phrase.
6.3.1.11
Introduction
Dot1x Supplicant Settings
On this Basic Wizard page, you configure the user name and the password with which the client will be logged on with the RADIUS server.
If you require additional authentication methods, you can configure them after completing the
Basic Wizard with "Security > WLAN > Client Radius Supplicant".
Note
This page is only available in client mode.
88
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.3 "Wizard" menu
Table 1 contains the following columns:
● Security Context
Shows the available security contexts.
● Dot1x User Name
Enter the user name with which the client will log on with the RADIUS server.
● Dot1x User Password
Enter the password for the user name selected above. The client is logged on with the
RADIUS server using this combination.
For password assignment, ASCII code 0x20 to 0x7e is used.
● Dot1x User Password Confirmation
Enter the password again in this input box.
6.3.1.12
Introduction
Dot1x RADIUS Server Settings
On this Basic Wizard page, you configure the settings for the primary RADIUS Server.
After completing the Basic Wizard, you can configure a backup server and other settings, for example the number of logon attempts with "Security > WLAN > > AP RADIUS
Authenticator.
Note
This page is available only in access point mode.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
89
Configuring with Web Based Management
6.3 "Wizard" menu
Description
This table contains the following columns:
● Server Role
Shows the role of the server.
● Server IP Address
Enter the IP address of the RADIUS server. The use of the computer name (name resolution using DNS) instead of the IP address is not supported.
● Server Port
Enter the port of the RADIUS server.
● Shared Secret
Enter the password of the RADIUS server.
● Shared Secret Conf
Enter the password again in this input box.
90
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.3 "Wizard" menu
6.3.1.13
Introduction
Summary
The settings are summarized on this page. The content of the page depends on the set parameters and the mode of the device.
Check the settings before you exit the Basic Wizard with the "Set Values" button. If settings are incorrect, go back using the "Prev" button and change the settings to the required ones.
Set Values
Click the "Set Values" button to exit the Basic Wizard. The WLAN settings are adopted.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
91
Configuring with Web Based Management
6.4 "Information" menu
6.4 "Information" menu
6.4.1 Start Page
View of the Start page
When you enter the IP address of the device, the start page is displayed after a successful login. You cannot configure anything on this page.
General layout of the WBM pages
The following areas are generally available on every WBM page:
● Selection area (1): Top area
● Display area (2): Top area
92
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
● Navigation area (3): Left-hand area
● Content area (4): Middle area
Configuring with Web Based Management
6.4 "Information" menu
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
93
Configuring with Web Based Management
6.4 "Information" menu
Selection area (1)
The following is available in the selection area:
● Logo of Siemens AG
When you click on the logo, you arrive at the Internet page of the corresponding basic device in Siemens Industry Online Support.
● Display of: "System Location/System Name".
– "System Location" contains the location of the device.
With the settings when the device ships, the IP address of the Ethernet interface is displayed.
– "System Name" is the device name. With the settings when the device ships, the device type is displayed.
You can change the content of this display with "System > General > Device.
● Drop-down list for language selection
● System time and date
You can change the content of this display with "System > System Time".
Display area (2)
In the upper part of the display area, you can see name of the currently logged in user and the full title of the currently selected menu item.
In the lower part of the display area, you will find:
● Logging out
You can log out from any WBM page by clicking the "Logout" link.
● Mode
Shows whether the device is an access point or a client.
● Help
When you click this button, the help page of the currently selected menu item is opened in a new browser window.
● Printer
If you click this button, a popup window opens. The popup window contains a view of the page content optimized for printers.
Note
Printing larger tables
If you want to print large tables, please use the "Print preview" function of your Internet browser.
● LED simulation
Each device has one or more LEDs that provide information on the operating state of the device. Depending on its location, direct access to the device may not always be possible. Web Based Management therefore displays simulated LEDs. Unused
94
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu connectors are displayed as gray LEDs. The meaning of the LED displays is described in the operating instructions.
If you click this button, you open the window for the LED simulation. You can show this window during a change of menu and move it as necessary. To close the LED simulation, click the close button in the LED simulation window.
● Update on / Update off
WBM pages with overview lists can also have the additional "Update" button.
With this button, you can enable or disable updating of the content area. If updating is turned on, the display is updated every 2 seconds. To disable the update, click "On".
Instead of "On", "Off" is displayed. As default, updating is always enabled on the WBM page.
Navigation area (3)
In the navigation area, you have various menus available. Click the individual menus to display the submenus. The submenus contain pages on which information is available or with which you can create configurations. These pages are always displayed in the content area.
Content area (4)
The content area shows a graphic of the device. The graphic always shows the device whose WBM you have called up.
The following is displayed below the picture of the device:
● PROFINET Name of Station
Shows the PROFINET device name.
● Diagnostics Mode
Shows whether EtherNet/IP or PROFINET is enabled.
● System Name
Shows the name of the device.
● Device Type
Shows the type designation of the device.
● PROFINET AR Status
Shows the PROFINET application relation status.
– Online
There is a connection to a PROFINET controller. The PROFINET controller has downloaded its configuration data to the device. The device can send status data to the PROFINET controller.
In this status, the parameters set by the PROFINET controller cannot be configured on the device.
– Offline
There is no connection to a PROFINET controller.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
95
Configuring with Web Based Management
6.4 "Information" menu
● Power Line 1 / Power Line 2 / Power over Ethernet
Status of the power supplies 1 and 2 or power over Ethernet. The power line 2 and Power over Ethernet are only displayed if they are supported by the hardware. You will find further information on this in the compact operating instructions.
● PLUG Configuration
Shows the status of the configuration data on the PLUG, refer to the section "System >
PLUG > Configuration".
● Fault Status
Shows the fault status of the device.
Buttons you require often
The pages of the WBM contain the following standard buttons:
● Refresh the display with "Refresh"
Web Based Management pages that display current parameters have a "Refresh" button at the lower edge of the page. Click this button to request up-to-date information from the device for the current page.
Note
If you click the "Refresh" button, before you have transferred your configuration changes to the device using the "Set Values" button, your changes will be deleted and the previous configuration will be loaded from the device and displayed here.
● Save entries with "Set Values"
Pages in which you can make configuration settings have a "Set Values" button at the lower edge. The button only becomes active if you change at least one value on the page. Click this button to save the configuration data you have entered on the device.
Once you have saved, the button becomes inactive again.
Note
Changing configuration data is possible only with the "admin" login.
● Create entries with "Create"
Pages in which you can make new entries have a "Create" button at the lower edge. Click this button to create a new entry.
● Delete entries with "Delete"
Pages in which you can delete entries have a "Delete" button at the lower edge. Click this button to delete the previously selected entries from the device memory. Deleting also results in an update of the page in the WBM.
● Page down with "Next"
The number of data records that can be displayed on a page is limited. Click the "Next" button to page down through the data records.
● Page back with "Prev"
The number of data records that can be displayed on a page is limited. Click the "Prev" button to page back through the data records.
96
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Messages
Configuring with Web Based Management
6.4 "Information" menu
If you have enabled the "Automatic Save" mode and you change a parameter the following message appears in the display area "Changes will be saved automatically in x seconds.
Press 'Write Startup Config' to save the changes immediately."
Note
Interrupting the save
Saving starts only after the timer in the message has elapsed. How long saving takes depends on the device.
• Do not switch off the device immediately after the timer has elapsed.
6.4.2 Versions
Versions of hardware and software
This page shows the versions of the hardware and software of the device. You cannot configure anything on this page.
Description
Table 1 has the following columns:
● Hardware
– Basic Device
Shows the basic device
– WLAN1
Shows the available wireless card
● Name
Shows the name of the device or module.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
97
Configuring with Web Based Management
6.4 "Information" menu
● Revision
Shows the hardware version of the device. For the wireless card, only one version is then displayed if the WLAN interface is enabled.
● Article number
Shows the article number of the device or described module.
Table 2 has the following columns:
● Software
– Firmware
Shows the current firmware version. If a new firmware file was downloaded and the device has not yet restarted, the firmware version of the downloaded firmware file is displayed here. After the next restart, the downloaded firmware is activated and used.
– Bootloader
Shows the version of the boot software stored on the device.
– Firmware_Running
Shows the firmware version currently being used on the device.
● Description
Shows the short description of the software.
● Version
Shows the version number of the software version.
● Date
Shows the date on which the software version was created.
98
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
6.4.3 Identification & Maintenance
Identification and maintenance data
This page contains information about device-specific vendor and maintenance data such as the article number, serial number, version numbers etc. You cannot configure anything on this page.
Description of the displayed values
The table has the following rows:
● Manufacturer ID
Shows the manufacturer ID.
● Article number
Shows the article number.
● Serial Number
Shows the serial number.
● Hardware Revision
Shows the hardware version.
● Software Revision
Shows the software version.
● Revision Counter
As of firmware version 4.0, the value "0" is always shown here regardless of the version change.
● Revision Date
Date of the revision: Date and time of the last revision
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
99
Configuring with Web Based Management
6.4 "Information" menu
● Function tag
Shows the function tag (plant designation) of the device. The plant designation (HID) is created during configuration of the device with HW Config of STEP 7.
● Location tag
Shows the location tag of the device. The location identifier (LID) is created during configuration of the device with HW Config of STEP 7.
● Date
Shows the date created during configuration of the device with HW Config of STEP 7.
● Descriptor
Shows the description created during configuration of the device with HW Config of
STEP 7.
6.4.4 ARP / neighbors
6.4.4.1 ARP Table
Assignment of MAC address and IPv4 address
With the Address Resolution Protocol (ARP), there is a unique assignment of MAC address to IPv4 address. This assignment is kept by each network node in its own separate ARP table. The WBM page shows the ARP table of the device.
Description of the displayed values
The table has the following columns:
● Interface
Shows the interface via which the row entry was learnt.
● MAC Address
Shows the MAC address of the destination or source device.
100
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
● IP Address
Shows the IP address of the destination device.
● Media Type
Shows the type of connection.
– Dynamic
The device recognized the address data automatically.
– Static
The addresses were entered as static addresses.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
101
Configuring with Web Based Management
6.4 "Information" menu
6.4.4.2 IPv6 Neighbor Table
Assignment of MAC address and IPv6 address
Via the IPv6 neighbor table, there is a unique assignment of MAC address to IPv6 address.
This assignment is kept by each network node in its own separate neighbor table.
Description of the displayed values
The table has the following columns:
● Interface
Displays the interface via which the row entry was learnt.
● MAC Address
Shows the MAC address of the destination or source device.
● IP Address
Shows the IPv6 address of the destination device.
● Media Type
Shows the type of connection.
– Dynamic
The device recognized the address data automatically.
– Static
The addresses were entered as static addresses.
102
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
6.4.5 Log Tables
6.4.5.1 Event Log
Logging events
The device allows you to log occurring events, some of which you can specify on the page of the "System > Events menu. This, for example, allows you to record when an authentication attempt failed or when the connection status of a port has changed.
The content of the events log table is retained even when the device is turned off.
You cannot configure anything on this page.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
103
Configuring with Web Based Management
6.4 "Information" menu
Description
● Severity Filters
You can filter the entries in the table according to severity. To display all the entries, enable or disable all parameters.
– Info
Information
When this parameter is enabled, all entries of the category "Info" are displayed.
– Warning
Warnings
When this parameter is enabled, all entries of the category "Warning" are displayed.
– Critical
Critical
When this parameter is enabled, all entries of the category "Critical" are displayed.
The table has the following columns:
● Restart
Counts the number of restarts since you last reset to factory settings and shows the device restart after which the corresponding event occurred.
● System Up Time
Shows the time the device has been running since the last restart when the described event occurred.
● System Time
Shows the date and time when the described event occurred.
● Severity
Shows the severity of the message.
● Log Message
Displays a brief description of the event that has occurred. You will find the list of possible messages in Appendix D of the configuration manual.
If the system time is set, the time is also displayed at which the event occurred.
104
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
Description of the button
"Clear" button
Click this button to delete the content of the event log file. All entries are deleted regardless of what you have selected in "Severity Filters".
The display is also cleared. The restart counter is only reset after you have restored the device to the factory settings and restarted the device.
Note
For each severity a maximum of 400 entries in the table are possible. If the maximum number of entries is reached for a severity, the oldest entries of this severity are overwritten in the table. The table remains permanently in memory.
"Show all" button
Click this button to display all the entries on the WBM page. Note that displaying all messages can take some time. The button only becomes active if there is more than one page.
"Next" button
Click this button to go to the next page. The button only becomes active if there is more than one page.
"Prev" button
Click this button to go to the previous page. The button only becomes active if there is more than one page.
Drop-down list for page change
From the drop-down list, select the page you want to go to. This list only becomes active if there is more than one page.
"Update" button
Refreshes the display of the values in the table.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
105
Configuring with Web Based Management
6.4 "Information" menu
6.4.5.2 WLAN Authentication Log
Logging authentication attempts
This page shows a table with information on successful or failed authentication attempts.
You cannot configure anything on this page.
Description
● Severity Filters
You can filter the entries in the table according to severity. To display all the entries, enable or disable all parameters.
– Info
Information
When this parameter is enabled, all entries of the category "Info" are displayed.
– Warning
Warnings
When this parameter is enabled, all entries of the category "Warning" are displayed.
– Critical
Critical
When this parameter is enabled, all entries of the category "Critical" are displayed.
The table has the following columns:
● Restart
Counts the number of restarts since you last reset to factory settings and shows the device restart after which the corresponding event occurred.
● System Up Time
Shows the time the device has been running since the last restart when the described event occurred.
106
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
● System Time
Shows the date and time when the described event occurred.
● Severity
Shows the severity of the message.
● Log Message
Displays a brief description of the event that has occurred. You will find the list of possible messages in Appendix D of the configuration manual.
If the system time is set, the time is also displayed at which the event occurred.
Description of the button
"Clear" button
Click this button to delete the content of the log file. All entries are deleted regardless of what you have selected under "Severity Filters".
The display is also cleared. The restart counter is only reset after you have restored the device to the factory settings and restarted the device.
Note
For each severity a maximum of 400 entries in the table are possible. If the maximum number of entries is reached for a severity, the oldest entries of this severity are overwritten in the table. The table remains permanently in memory.
"Show all" button
Click this button to display all the entries on the WBM page. Note that displaying all messages can take some time.
"Next" button
Click this button to go to the next page.
"Prev" button
Click this button to go to the previous page.
Drop-down list for page change
From the drop-down list, select the page you want to go to.
"Update" button
Refreshes the display of the values in the table.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
107
Configuring with Web Based Management
6.4 "Information" menu
6.4.6
Error status
Faults
This page displays any errors that occur. Errors of the "Cold/Warm Start" event can be deleted following confirmation.
If there are no more unanswered error/fault messages, the fault LED goes off.
The time calculation always begins after the last system start. When the system is restarted, a new entry with the type of restart is created in the fault memory.
Description
The page contains the following boxes:
● No. of Signaled Faults
Indicates how often the fault LED lit up and not how many faults occurred.
● "Reset Counters" button
The number is reset with this button.
The table contains the following columns:
● Fault Time
Shows the time the device has been running since the last restart when the described fault occurred.
● Fault Description
Displays a brief description of the error/fault that has occurred.
● Clear Fault State
To delete errors of the "Cold/Warm Start" event, click the "Clear Fault State" button.
108
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
6.4.7
Introduction
Redundancy
The page shows the current information about the Spanning Tree and the settings of the root bridge.
If Spanning Tree is turned off, only the basic information about this device is displayed.
If Spanning Tree is turned on, the information about the status of the instance selected in the
"Instance ID" drop-down list is displayed and the information about the configured ports is shown in the table. The information shown depends on the Spanning Tree mode.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
109
Configuring with Web Based Management
6.4 "Information" menu
Description
The page contains the following boxes:
● Spanning Tree Mode
Shows the set mode. You specify the mode in "Layer 2 > Configuration" and in "Layer 2 >
MSTP > General".
The following values are possible:
– '-'
– STP
– RSTP
– MSTP
● Instance ID
Shows the number of the instance. The parameter depends on the configured mode.
● Bridge Priority / Root Priority
Which device becomes the root bridge is decided based on the bridge priority. The bridge with the highest priority (in other words, with the lowest value for this parameter) becomes the root bridge. If several devices in a network have the same priority, the device whose
MAC address has the lowest numeric value will become the root bridge. Both parameters, bridge priority and MAC address together form the bridge identifier. Since the root bridge manages all path changes, it should be located as centrally as possible due to the delay of the frames. The value for the bridge priority is a whole multiple of
4096 with a range of values from 0 to 32768.
110
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
● Bridge Address / Root Address
The bridge address shows the MAC address of the device and the root address shows the MAC address of the root bridge.
● Root Cost
The path costs from this device to the root bridge.
● Bridge Status
Shows the status of the bridge, e.g. whether or not the device is the root bridge.
● Regional root priority (available only with MSTP)
For a description, see Bridge priority / Root priority
● Regional root address (available only with MSTP)
Shows the MAC address of the device.
● Regional Root Cost (available only with MSTP)
Shows the path costs from the regional root bridge to the root bridge.
The table contains the following boxes:
● Port
Shows the port via which the device communicates.
● Role shows the status of the port. The following values are possible:
– Disabled
The port was removed manually from the spanning tree and will no longer be taken into account by the spanning tree.
– Designated
The ports leading away from the root bridge.
– Alternate
The port with an alternative route to a network segment
– Backup
If a switch has several ports to the same network segment, the "poorer" Port becomes the backup port.
– Root
The port that provides the best route to the root bridge.
– Master
This port points to a root bridge located outside the MST region.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
111
Configuring with Web Based Management
6.4 "Information" menu
● State
Displays the current state of the port. The values are only displayed. The parameter depends on the configured protocol. The following statuses are possible:
– Discarding
The port receives BPDU frames. Other incoming or outgoing frames are discarded.
– Listening
The port receives and sends BPDU frames. The port is involved in the spanning tree algorithm. Other outgoing and incoming frames are discarded.
– Learning
The port actively learns the topology; in other words, the node addresses. Other outgoing and incoming frames are discarded.
– Forwarding
Following the reconfiguration time, the port is active in the network. The port receives and sends data frames.
● Oper. Version
Describes the type of spanning tree in which the port operates
● Priority
If the path calculated by the spanning tree is possible over several ports of a device, the port with the highest priority (in other words the lowest value for this parameter) is selected. A value between 0 and 240 can be entered for the priority in steps of 16. If you enter a value that cannot be divided by 16, the value is automatically adapted. The default is 128.
● Path Cost
This parameter is used to calculate the path that will be selected. The path with the lowest value is selected as the route. If several ports of a device have the same value, the port with the lowest port number will be selected.
If the value "Cost Calc." box is "0", the automatically calculated value is shown.
Otherwise, the value of the "Cost Calc." box is displayed.
The calculation of the path costs is largely based on the transmission speed. The higher the achievable transmission speed is, the lower the value of the path costs.
Typical values for path costs with rapid spanning tree:
– 10,000 Mbps = 2,000
– 1000 Mbps = 20,000
– 100 Mbps = 200,000
– 10 Mbps = 2,000,000.
112
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
● Edge Type
Shows the type of the connection. The following values are possible:
– Edge Port
An edge port is connected to this port.
– No Edge Port
There is a spanning tree or rapid spanning tree device at this port.
● P.t.P. Type shows the type of the point-to-point link. The following values are possible:
– P.t.P.
With half duplex, a point-to-point link is assumed.
– Shared Media
With a full duplex connection, a point-to-point link is not assumed.
Note
Point-to-point link means a direct connection between two devices. A shared media connection is, for example, a connection to a hub.
6.4.8 Ethernet Statistics
6.4.8.1 Interface Statistics
Interface statistics
The page shows the statistics from the interface table of the Management Information Base
(MIB).
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
113
Configuring with Web Based Management
6.4 "Information" menu
Displayed values
The table has the following columns:
● In Octet
Shows the number of received bytes.
● Out Octet
Shows the number of sent bytes.
● In Unicast
Shows the number of received unicast frames.
● In Non Unicast
Shows the number of received frames that are not of the type unicast.
● Out Unicast
Shows the number of sent unicast frames.
● Out Non Unicast
Shows the number of sent frames that are not of the type unicast.
● In Errors
Shows the number of all possible RX errors, refer to the "Packet Error" tab.
Description of the button
"Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are reset by a restart.
6.4.8.2 Packet Size
Frames sorted by length
This page displays how many frames of which size were received at each port. You cannot configure anything on this page.
114
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.4 "Information" menu
The table has the following columns:
● Port
Shows the available ports.
● Frame lengths
The other columns after the port number contain the absolute numbers of incoming frames according to their frame length.
The following frame lengths are distinguished:
– 64 bytes
– 65 - 127 bytes
– 128 - 255 bytes
– 256 - 511 bytes
– 512 - 1023 bytes
– 1024 - max.
Description of the button
"Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are reset by a restart.
6.4.8.3 Frame Type
Received frames sorted by type
This page displays how many frames of the type "UnicastUnicast", "MulticastMulticast", and
"BroadcastBroadcast" were received at each port. You cannot configure anything on this page.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
115
Configuring with Web Based Management
6.4 "Information" menu
Description
The table has the following columns:
● Port
Shows the available ports.
● Unicast/Multicast /Broadcast
The other columns after the port number contain the absolute numbers of the incoming frames according to their frame type "Unicast", "Multicast" and "Broadcast"
Description of the button
"Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are reset by a restart.
6.4.8.4 Packet Error
Bad received frames
This page shows how many bad frames were received per port. You cannot configure anything on this page.
116
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.4 "Information" menu
The table has the following columns:
● Port
Shows the available ports.
● Error types
The other columns after the port number contain the absolute numbers of the incoming frames according to their error type.
In the columns of the table, a distinction is made according to the following error types:
– CRC
Packets whose content does not match the CRC checksum.
– Undersize
Packets with a length less than 64 bytes.
– Oversize
Packets discarded because they were too long.
– Fragments
Packets with a length less than 64 bytes and a bad CRC checksum.
– Jabbers
VLAN-tagged packets with an incorrect CRC checksum that were discarded because they were too long.
– Collisions
Collisions that were detected.
Description of the button
"Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are also reset by a restart on the device.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
117
Configuring with Web Based Management
6.4 "Information" menu
6.4.9 Learning Table
Address filtering
This WBM page shows the current content of the learning table. This table lists the source addresses of unicast address frames.
Description
This table contains the following columns:
● VLAN ID
Shows the VLAN ID of the node.
Note
This column appears in the table only if a VLAN is configured.
● MAC Address
Shows the MAC address of the node.
● State
Shows the status of each address entry:
– Learnt
The specified address was learned by receiving a frame from this node and will be deleted when the aging time expires if no further packets are received from this node.
– Invalid
These values are not evaluated.
● Port
Shows the port via which the node with the specified address can be reached. Frames received by the device whose destination address matches this address will be forwarded to this port.
Description of the button
"Show all" button
118
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
Click this button to display all the entries on the WBM page. Note that displaying all messages can take some time.
"Next" button
Click this button to go to the next page.
"Prev" button
Click this button to go to the previous page.
Drop-down list for page change
From the drop-down list, select the page you want to go to.
6.4.10
Introduction
IPv6 routing
This page shows the IPv6 routes currently being used.
Description of the displayed values
The table has the following columns:
● Destination Network
Shows the destination address of this route.
● Prefix Length
Shows the prefix length of this route.
● Gateway
Shows the gateway for this route.
● Interface
Shows the interface for this route.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
119
Configuring with Web Based Management
6.4 "Information" menu
● Metric
Shows the metric of the route. The higher value, the longer packets require to their destination.
● Routing Protocol
Shows the routing protocol from which the entry in the routing table originates. The following entries are possible:
– connected: Connected routes
– Static: Static routes
– RIPng: Routes via RIPng
– OSPFv3: Routes via OSPFv3
– other: Other routes
6.4.11 DHCP Server Bindings
This page shows which IPv4 addresses were assigned to the devices by the DHCP server.
Description
● IP Address
Shows the IPv4 address assigned to the DHCP client.
● Pool ID
Shows the number of the IPv4 address band.
● Identification method
Shows the method according to which the DHCP client is identified.
● Identification value
Shows the MAC address ot he client ID of the DHCP client.
● Remote ID
Shows the remote ID of the DHCP client.
● Circuit ID
Shows the circuit ID of the DHCP client.
120
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
● Allocation Method
Shows whether the IPv4 address was assigned statically or dynamically. You configure the static entries in "System > DHCP > Static Leases".
● Binding State
Shows the status of the assignment.
– Assigned
The assignment is used.
– Not used
The assignment is not used.
– Probing
The assignment is being checked.
– Unknown
The status of the assignment is unknown.
● Expire Time
Shows how long the assigned IPv4 address is still valid. Once this period has elapsed, the DHCP client must either request a new IPv4 address or extend the lease time of the existing IPv4 address.
Description of the buttons and input boxes
"Show all" button
Click this button to display all the entries on the WBM page. Note that displaying all messages can take some time.
"Next" button
Click this button to go to the next page.
"Prev" button
Click this button to go to the previous page.
Drop-down list for page change
From the drop-down list, select the page you want to go to.
"Refresh" button
Refreshes the display of the values in the table.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
121
Configuring with Web Based Management
6.4 "Information" menu
6.4.12 SNMP
This page displays the created SNMPv3 groups. You configure the SNMPv3 groups in
"System" > SNMP"..
Description
The table has the following columns:
● Group Name
Shows the group name.
● User Name
Shows the user that is assigned to the group.
122
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
6.4.13
6.4.13.1
Configuring with Web Based Management
6.4 "Information" menu
Security
Overview
Note
The values displayed depend on the rights of the logged-on user.
This page shows the security settings and the local and external user accounts.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
123
Configuring with Web Based Management
6.4 "Information" menu
Description
Services
The "Services" list shows the security settings.
● Telnet Server
You configure the setting in "System > Configuration".
– Enabled: Unencrypted access to the CLI.
– Disabled: No unencrypted access to the CLI.
● SSH Server
You configure the setting in "System > Configuration".
– Enabled: Encrypted access to the CLI.
– Disabled: No encrypted access to the CLI.
● Web Server
You configure the setting in "System > Configuration".
– HTTP/HTTPS: Access to the WBM is possible with HTTP and HTTPS.
– HTTPS: Access to the WBM is now only possible with HTTPS.
● SNMP
You can configure setting in "System > SNMP > General".
– "-" (SNMP disabled)
Access to device parameters via SNMP is not possible.
– SNMPv1/v2c/v3
Access to device parameters is possible with SNMP versions 1, 2c or 3.
– SNMPv3
Access to device parameters is possible only with SNMP version 3.
● Management ACL
You configure the setting in "Security > Management ACL".
– Enabled: Restricted access only: Access is restricted using an Access Control List
(ACL).
– Disabled: No access restriction: Management ACL is not enabled.
– Enabled: No access restriction: Management ACL is enabled, but access is not restricted using an Access Control List (ACL).
124
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
● Login Authentication
You configure the setting in "Security > AAA > General".
– Local
The authentication must be made locally on the device.
– RADIUS
The authentication must be handled via a RADIUS server.
– Local and RADIUS
The authentication is possible both with the users that exist on the device (user name and password) and via a RADIUS server.
The user is first searched for in the local database. If the user does not exist there, a
RADIUS query is sent.
– RADIUS and fallback local
The authentication must be handled via a RADIUS server.
A local authentication is performed only when the RADIUS server cannot be reached in the network.
● Password Policy
Shows which password policy is currently being used.
Local and external user accounts
You configure local user accounts and roles in "Security > User Accounts"
When you create a local user account an external user account is generated automatically.
Local user accounts involve users each with a password for logging in on the device.
In the table "External User Accounts" a user is linked to a role. In this example the user
"Observer" is linked to the "user" role. The user is defined on a RADIUS server. The roll is defined locally on the device. When a RADIUS server authenticates a user, the corresponding group however is unknown or does not exist, the device checks whether or not there is an entry for the user in the table "External User Accounts". If an entry exists, the user is logged in with the rights of the associated role. If the corresponding group is known on the device, both tables are evaluated. The user is assigned the role with the higher rights.
Note
The table "External User Accounts" is only evaluated if you have set "SiemensVSA" in the
RADIUS Authorization Mode".
With CLI you can access external user accounts.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
125
Configuring with Web Based Management
6.4 "Information" menu
6.4.13.2
The table "Local User Accounts" has the following columns:
● User Account
Shows the name of the local user.
● Role
Shows the role of the user. You can obtain more information on the function rights of the role in "Information > Security > Roles".
The table "External User Accounts" has the following columns:
● User Account
Shows the name of the user on the RADIUS server.
● Role
Shows the role assigned to the user on the device. You can obtain more information on this in "Information > Security > Roles".
Supported Function Rights
Note
The values displayed depend on the role of the logged-on user.
The page shows the function rights available locally on the device.
Description of the displayed values
● Function Right
Shows the number of the function right. Different rights relating to the device parameters are assigned to the numbers.
● Description
Shows the description of the function right.
126
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
6.4.13.3
Configuring with Web Based Management
6.4 "Information" menu
Roles
Note
The values displayed depend on the role of the logged-on user.
The page shows the roles valid locally on the device.
Description of the displayed values
This table contains the following columns:
● Role
Shows the name of the role.
● Function Right
Shows the function right of the role:
– 1
Users with this role can read device parameters but cannot change them.
– 15
Users with this role can both read and change device parameters.
– 0
This is a role that the device assigns internally when a user could not be authenticated. The user is denied access to the device.
● Description
Shows a description of the role.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
127
Configuring with Web Based Management
6.4 "Information" menu
6.4.13.4 Groups
Note
The values displayed depend on the role of the logged-on user.
This page shows which group is linked to which role. The group is defined on a RADIUS server. The roll is defined locally on the device.
Description of the displayed values
The table has the following columns:
● Group
Shows the name of the group. The name matches the group on the RADIUS server.
● Role
Shows the name of the role. Users who are authenticated with the linked group on the
RADIUS server receive the rights of this role locally on the device.
● Description
Shows a a description for the link.
128
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
6.4.14 WLAN
6.4.14.1 Overview AP
Overview of the configuration
This page shows these settings/properties of the WLAN or the WLAN interface.
Note
This tab is available only in access point mode.
Description
Table 1 has the following columns:
● Radio
Shows the available WLAN interfaces.
● WLAN Mode
Shows the transmission standard. If DFS is activated, the transmission standard
"802.11h" is not shown additionally but only the configured transmission standard
"802.11a".
● Configured Channel
Shows the configured channel. If "Auto" is displayed, the access point searches for a free channel itself.
● Alternative DFS Channel
If the DFS function is enabled, the configured alternative channel of the access point is displayed.
If "Auto" is displayed, the access point searches for an alternative channel itself.
If the DFS function is activated and the access point browses for primary users for 60 seconds before starting communication with the selected channel, the text "scanning ..." is displayed instead of the channel.
● Operational channel
Shows the channel of the access point via which the access point communicates.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
129
Configuring with Web Based Management
6.4 "Information" menu
● HT Channel Width [MHz]
Shows the channel bandwidth.
– 20
Channel bandwidth 20 MHz
– 40 up
Channel bandwidth 40 MHz. The configured channel and the neighboring channel above it are used.
– 40 down
Channel bandwidth 40 MHz. The configured channel and the neighboring channel below it are used.
Note
Channel bandwidth 40 MHz and frequency band 2.4 GHz
If the access point detects another access point on the configured channel or on neighboring channels, the access point changes the channel bandwidth from 40 MHz to 20 MHz. If you set a "free" channel on the access point, the access point uses the channel bandwidth 40 MHz.
● iFeatures
Shows which iFeatures are used.
– - iFeatures are not used.
– iPCF
● Status
Shows the status of the WLAN interface.
– enabled
The WLAN interface is enabled.
– disabled
The WLAN interface is disabled.
Table 2 has the following columns:
● Radio
Shows the available WLAN interfaces in this column.
● Port
Shows the port of the virtual access point.
● MAC Address
Shows the MAC address of the virtual access point.
● SSID
Shows the SSID.
130
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
● Security
Shows which authentication method is used.
If the authentication method "Open System + Encryptionor "Shared Key" is used, the
"Encrypted (WEP/AES)" authentication method is displayed for both.
● State
Shows the status of the WLAN interface.
– enabled
The WLAN interface is enabled.
– disabled
The WLAN interface is disabled.
6.4.14.2 Client List
Logged-on clients
The WBM page shows the clients logged on to the access point as well as additional information, for example status, signal strength, MAC address.
Note
This WBM page is only available in access point mode.
Description
● Logged-on clients
Shows the number of clients logged on to the access point.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
131
Configuring with Web Based Management
6.4 "Information" menu
The table has the following columns:
● AID (Associated ID)
Shows the connection ID of the client. If the client connects to the access point via the
VAP interface, the client is assigned a connection ID. The connection ID is unique within a VAP interface. If two clients log on at different VAP interfaces, both clients can receive the same ID.
● Radio
Shows the available WLAN interfaces.
● Port
Shows the VAP interface.
● Type
Shows the client type, for example "Sta" stands for IEEE 802.11 standard client.
● MAC Address
Shows the MAC address of the client.
● System Name
Shows the system name of the client if the client communicates this to the access point.
Not all clients support this parameter.
● Channel
Shows the channel over which the client communicates with the access point.
● Signal Strength [dBm]
Shows the signal strength of the connected client in decibel milliwatts.
● Signal strength [%]
Shows the signal strength of the connected client as a percentage.
● Age [s]
Shows the time that has elapsed since the last client activity.
● Security
Shows which authentication method is used.
If the authentication method "Open System + Encryptionor "Shared Key" is used, the
"Encrypted (WEP/AES)" authentication method is displayed for both.
● WLAN Mode
Shows the transmission standard. If DFS is activated, the transmission standard
"802.11h" is not shown additionally but only the configured transmission standard
"802.11a".
● Max. Data Rate (Mbps)
Shows the maximum data transmission speed in megabits per second.
● State
Shows the current status of the connection, for example connected means that the client is connected to the access point and is ready to communicate with the AP.
132
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
6.4.14.3 WDS List
Communication between access points
In normal operation, the access point is used as an interface to a network and communicates with clients. There are, however, situations in which several access points need to communicate with each other, for example to extend wireless coverage or to set up a wireless backbone. This mode is possible with WDS (Wireless Distributed System).
As default, the list is updated every 2 seconds. To disable the update, click "On". Instead of
"On", "Off" is displayed. As default, updating is always enabled on the WBM page.
Note
This WBM page is only available in access point mode.
This page shows information about the WDS connections of the access point.
Description
The table has the following columns:
● Radio
Shows the available WLAN interfaces.
● Port
Shows the port.
● BSSID
● Shows the MAC address of the WDS partner.
● WDS ID
Shows the name of the WDS partner.
● Channel
Shows the channel over which the access point communicates with the WDS partner.
● Signal Strength [dBm]
Shows the signal strength of the connected access point in bBm.
● Signal strength [%]
Shows the signal strength of the connected access point as a percentage.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
133
Configuring with Web Based Management
6.4 "Information" menu
● Security
Shows which authentication method is used.
If the authentication method "Open System + Encryptionor "Shared Key" is used, the
"Encrypted (WEP/AES)" authentication method is displayed for both.
● Max. Data Rate (Mbps)
Shows the maximum data transmission speed for the relevant WDS partner.
● State
Shows the current status of the WDS connection.
6.4.14.4 Overlap AP
Overlapping channels
Note
This WBM page is only available in access point mode.
For optimum data throughput, it is important that the set wireless channel is not used by other access points. In the 2.4 GHz band (802.11b or 802.11g), there is overlapping of the channels so that an access point occupies not only the set channel but also the two or three adjacent channels. You should therefore make sure that there is adequate channel spacing to neighboring access points.
This WBM page shows all access points that are visible on the set or adjacent channels (at
2.4 GHz). If entries exist here, the maximum data throughput of the access point and the availability of the communication link to the access point is potentially impaired.
134
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.4 "Information" menu
Table 1 has the following columns:
● Radio
Shows the available WLAN interfaces.
● Aging Time [min]
Specify the life time of the entries in the list. If an access point is inactive for longer than the set time, it is removed from the list.
Note
Changing the aging time
The aging time is a WLAN setting. For this reason, if a change is made, the WLAN connection is briefly interrupted to accept the new value.
The table has the following columns:
● Radio
Shows the available WLAN interfaces in this column.
● Type
Shows the mode of the WLAN interface.
● SSID
Shows the SSID of the access point.
● BSSID
Shows the MAC address of the access point.
● System Name
Shows the system name of the SCALANCE W700-Geräts. The entry depends on the access point. Not all access points support this parameter.
● Channel
Shows the channel over which the client communicates with the access point.
● Signal Strength [dBm]
Shows the signal strength of the client in bBm.
● Signal strength [%]
Shows the signal strength of the client as a percentage.
● Age [s]
Shows the time that has elapsed since the last access point activity.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
135
Configuring with Web Based Management
6.4 "Information" menu
6.4.14.5
● Security
Shows which authentication method is used.
If the authentication method "Open System + Encryptionor "Shared Key" is used, the
"Encrypted (WEP/AES)" authentication method is displayed for both.
● WLAN Mode
Shows the transmission standard. If DFS is activated, the transmission standard
"802.11h" is not shown additionally but only the configured transmission standard
"802.11a" or "802.11n".
Force Roaming
This WBM page shows the current status of the connection. It also shows whether there is roaming.
Note
This WBM page is only available in access point mode.
The device monitors the connection to certain addresses cyclically. To achieve this, the device sends echo messages (pings) to the configured destination addresses at regular intervals.
136
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.4 "Information" menu
The table has the following columns:
● Port
Shows the available VAP interfaces.
● Destination Address / State
Shows which destination address is monitored and the status of the connection. You configure the destination address in "Interfaces > WLAN > Force Roaming".
– not configured: No destination address is configured.
– idle: The configuration is incomplete.
– up:The destination address is reachable.
– down: The destination address is unreachable.
● Force Roaming on IP down
Indicates whether roaming is currently being performed.
– inactive: No roaming is being performed.
– active: Roaming is being performed. None of the destination addresses is reachable.
6.4.14.6 Overview Client
Overview of the configuration
Note
This page is only available for clients or access points in client mode.
The page shows an overview of the existing clients and their configuration.
Description
● Radio
Shows the available WLAN interfaces in this column.
● WLAN Mode
Shows the transmission standard.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
137
Configuring with Web Based Management
6.4 "Information" menu
● MAC Mode
Shows how the MAC address is assigned to the interface.
– Automatic
The client automatically adopts the source MAC address of the first frame that it receives over the Ethernet interface.
– Manual
The address was entered manually.
– Own
The client uses the MAC address of the Ethernet interface for the WLAN interface.
– Layer 2 Tunnel
The client uses the MAC address of the Ethernet interface for the WLAN interface.
The network is also informed of the MAC addresses connected to the Ethernet interface of the client. Up to 4 MAC addresses can be used.
● MAC Address
Shows the MAC address of the WLAN interface.
● Operational channel
Shows the channel of the access point with which the client is connected.
● HT Channel Width [MHz]
Shows the channel bandwidth.
– 20
Channel bandwidth 20 MHz
– 40up
Channel bandwidth 40 MHz. The configured channel and the neighboring channel above it are used.
– 40down
Channel bandwidth 40 MHz. The configured channel and the neighboring channel below it are used.
Note
Channel bandwidth 40 MHz and frequency band 2.4 GHz
If the access point detects another access point on the configured channel or on neighboring channels, the access point changes the channel bandwidth from 40 MHz to 20 MHz. If you set a "free" channel on the access point, the access point uses the channel bandwidth 40 MHz.
● Connected BSSID
Shows the MAC address of the access point with which the client is connected.
● Connected SSID
Shows the SSID of the access point with which the client is connected.
● Security
Shows which authentication method is used.
If the authentication method "Open System + Encryption or "Shared Key" is used,
"Encrypted (WEP/AES)" is displayed for both authentication methods.
138
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
● iFeatures
Shows which iFeatures are used.
– - iFeatures are not used.
– iPCF iPCF is enabled.
● Max. Data Rate [Mbps]
Shows the maximum transmission rate of the interface.
● State
Shows the status of the WLAN interface.
– enabled
The WLAN interface is enabled.
– disabled
The WLAN interface is disabled.
6.4.14.7 Available AP
Available access points
Note
This page is only available for clients or access points in client mode.
This page shows all the access points visible to the client. The list also includes the access points to which the client cannot connect due to its configuration.
Note
Display when iPCF mode is activated
If the iPCF mode is active with a SCALANCE W700, the display is different. Since the client does not run a background scan in this case, only the access point with which the client is currently connected is displayed.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
139
Configuring with Web Based Management
6.4 "Information" menu
Description
The table has the following columns:
● Radio
Shows the WLAN interface visible to the access point.
● SSID
Shows the SSID of the access point.
● BSSID
Shows the MAC address of the access point.
● System Name
Shows the system name of the access point. The entry depends on the access point. Not all access points support this parameter.
● Channel
Shows the channel on which the access point transmits or communicates.
● Signal Strength [dBm]
Shows the signal strength of the access point in bBm.
● Signal strength [%]
Shows the signal strength of the access point as a percentage.
● Type
Shows the mode of the WLAN interface.
● Security
Shows which authentication method is used.
If the authentication method "Open System + Encryptionor "Shared Key" is used, the
"Encrypted (WEP/AES)" authentication method is displayed for both.
● WLAN Mode
Shows the transmission standard. If DFS is activated, the transmission standard
"802.11h" is not shown additionally but only the configured transmission standard
"802.11a" or "802.11n".
● State
Shows the status of the access point, for example whether or not the access point is available.
6.4.14.8 IP Mapping
WLAN access for several SCALANCE W700 devices via a client
Note
This WBM page is only available for clients or access points in client mode.
140
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.4 "Information" menu
You can make WLAN access available for several SCALANCE W700 devices with one client if you use IP mapping. This means that you do not need to equip every SCALANCE W700 device with its own WLAN client. This is possible only if the connected SCALANCE W700 devices are addressed only by IP frames. Communication at MAC address level (ISO/OSI layer 2) can
● be established with one component whose MAC address is configured on the client,
● be established with a maximum of eight components if the "Layer 2 Tunnel" function is selected.
The "Layer 2 Tunnel" setting meets the requirements of industrial applications in which MAC address-based communication takes place with several SCALANCE W700 devices downstream from the client. Clients with this setting cannot connect on standard Wifi access points.
The client maintains a table with the assignment of MAC address and IP address to send incoming IP frames to the correct MAC address. This WBM page shows this table.
Note
IP mapping table
If "Layer 2 Tunnel" is configured for a client, the IP mapping table is not displayed.
Description
The table has the following columns
● MAC Address
The MAC address of a device located downstream from the WLAN client from the perspective of the access point.
● IP Address
The IP address managed for this device by the WLAN client.
● Type
There are two options for the type:
– system
The information relates to the WLAN client itself.
– learned
The information relates to a device downstream from the WLAN client.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
141
Configuring with Web Based Management
6.4 "Information" menu
MAC mode
Frames sent by the client to the access point always have the MAC address of the WLAN client as the source MAC address. In the "learning table" of the access point there is therefore only the MAC address of the WLAN client.
If there are further SCALANCE W700 devices downstream from the client, the "Automatic" option should not be enabled. In this case, the MAC address would be assigned indiscriminately to the first SCALANCE W700 device that signals over Ethernet. If there is only IP communication between the access point and the client, the default setting "Own" can be retained. If MAC address-based frames are also to be sent by SCALANCE W700 devices downstream from the client, you need to select the settings "Automatic", "Manual" or
"Layer 2 Tunnel".
6.4.14.9 Background noise
The page displays the background noise of the channel.
Description
● Connector
Shows the name of the relevant antenna connector.
● Channel [dBm]
Shows the background noise of the set channel.
● Extended Channel [dBm]
Shows the background noise of the extended channel (HT-40).
142
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
6.4.15
6.4.15.1
Configuring with Web Based Management
6.4 "Information" menu
WLAN Statistics
Faults
The WBM page show how many bad frames were received or sent per WLAN interface. If an increased number of errors occurs, you should check the settings for the WLAN interface(s), the setup of the SCALANCE W700 devices and the connection quality.
Description
The Sent Errors table has the following columns:
● Interface
Shows the WLAN interface to which the entries apply.
● Error types
The other columns after the WLAN interface contain the absolute numbers of the frames sent according to their error type.
The columns of the table distinguish the following error types:
– Transmission Errors
Shows the number and percentage of bad frames that were sent.
– Dropped Frames
Shows the number and percentage of frames that were discarded.
Despite all the retries, the frame could not be successfully sent.
The frame has not yet been sent and the recipient has logged off in the meantime.
– Send Retries
Shows the number and percentage of frames sent successfully that required one or more retries.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
143
Configuring with Web Based Management
6.4 "Information" menu
6.4.15.2
The Received Errors table has the following columns:
● Interface
Shows the WLAN interface to which the entries apply.
● Error types
The other columns after the WLAN interface contain the absolute numbers of the frames received according to their error type.
The columns of the table distinguish the following error types:
– Received Errors
Shows the number and percentage of bad frames that were received.
– Duplicated Frames
Shows the number and percentage of frames that were received twice.
– Decryption Errors
Shows the number and percentage of incorrectly encrypted frames.
– FCS Errors
Shows the number and percentage of frames in which the checksum was incorrect.
"Reset Counters" button
Click this button to reset the counters.
Management Sent
The WBM page shows how many frames in response to logging on or logging off were counted per VAP interface.
Note
This WBM page is only available in access point mode.
144
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
6.4.15.3
Configuring with Web Based Management
6.4 "Information" menu
The table has the following columns:
● Interface
Shows the VAP interface to which the entries apply.
● Frame
– Management Frames
Shows the number of management frames
– Association Requests
Shows the number of requesting association frames relevant for a logon.
– Association Responses
Shows the number of responding association frames relevant for a logon.
– Disassociation Requests
Shows the number of requesting disassociation frames relevant for a logoff.
– Authentication Requests
Shows the number of requesting authentication frames relevant for a logon.
– Authentication Responses
Shows the number of responding authentication frames relevant for a logon.
– Deauthentication Requests
Shows the number of deauthentication frames relevant for a logoff.
"Reset Counters" button
Click this button to reset the counters.
Management Received
The WBM page shows how many frames in response to logging on or logging off were counted per VAP interface.
Note
This WBM page is only available in access point mode.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
145
Configuring with Web Based Management
6.4 "Information" menu
Description
The table has the following columns:
● Interface
Shows the VAP interface to which the entries apply.
● Frame
– Management Frames
Shows the number of management frames
– Association Requests
Shows the number of requesting association frames relevant for a logon.
– Association Responses
Shows the number of responding association frames relevant for a logon.
– Disassociation Requests
Shows the number of requesting disassociation frames relevant for a logoff.
– Authentication Requests
Shows the number of requesting authentication frames relevant for a logon.
– Authentication Responses
Shows the number of responding authentication frames relevant for a logon.
– Deauthentication Requests
Shows the number of deauthentication frames relevant for a logoff.
"Reset Counters" button
Click this button to reset the counters.
146
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
6.4.15.4
Configuring with Web Based Management
6.4 "Information" menu
Data Sent
The WBM page shows how many frames were sent per VAP interface.
Description
The table has the following columns:
● Interface
Shows the VAP interface to which the entries apply.
● Frame types
The other columns after the VAP interface contain the absolute numbers of the sent frames according to the frame types.
In the columns of the table, a distinction is made according to the following frame types:
– Data Frames
Shows the number of sent data frames.
– Multicast/Broadcast Frames
Shows the number of sent multicast and broadcast frames.
– Unicast Frames
Shows the number of sent unicast frames.
– Average Data Rate
Shows the average data rate of the last data frames sent.
"Reset Counters" button
Click this button to reset the counters.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
147
Configuring with Web Based Management
6.4 "Information" menu
6.4.15.5 Data Received
The WBM page shows how many frames were received per VAP interface.
Description
The table has the following columns:
● Interface
Shows the VAP interface to which the entries apply.
● Frame types
The other columns after the VAP interface contain the absolute numbers of the received frames according to the frame types.
In the columns of the table, a distinction is made according to the following frame types:
– Data Frames
Shows the number of sent data frames.
– Multicast/Broadcast Frames
Shows the number of sent multicast and broadcast frames.
– Unicast Frames
Shows the number of sent unicast frames.
– Average Data Rate
Shows the average data rate of the last data frames sent.
"Reset Counters" button
Click this button to reset the counters.
148
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
6.5 "System" menu
Configuring with Web Based Management
6.5 "System" menu
6.5.1 Configuration
System configuration
The WBM page contains the configuration overview of the access options of the device.
Specify the services that access the device. With some services, there are further configuration pages on which more detailed settings can be made.
Description of the displayed boxes
The page contains the following boxes:
● Telnet Server
Enable or disable the "Telnet Server" service for unencrypted access to the CLI.
● SSH Server
Enable or disable the "SSH Server" service for encrypted access to the CLI.
● HTTPS Server only
Enable or disable access using HTTPS.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
149
Configuring with Web Based Management
6.5 "System" menu
● DNS Client
Enable or disable the DNS client. You can configure other settings in "System > DNS".
● SMTP Client
Enable or disable the SMTP client. You can configure other settings in "System > SMTP
Client".
● Syslog Client
Enable or disable the Syslog client. You can configure other settings in "System > Syslog
Client".
● DCP Server
Specify whether or not the device can be accessed with DCP (Discovery and
Configuration Protocol):
– "-" (disabled)
DCP is disabled. Device parameters can neither be read nor modified.
– Read/Write
With DCP, device parameters can be both read and modified.
– Read Only
With DCP, device parameters can be read but cannot be modified.
● Time
Select the setting from the drop-down list. The following settings are possible:
– Manual
The system time is set manually. You can configure other settings in "System >
System Time > Manual Setting".
– SIMATIC Time
The system time is set using a SIMATIC time transmitter. You can configure other settings in "System > System Time > SIMATIC Time Client".
– SNTP Client
The system time is set via an SNTP server. You can configure other settings in
"System > System Time > SNTP Client".
– NTP Client
The system time is set via an NTP server. You can configure other settings in "System
> System Time > NTP Client".
● SNMP
Select the protocol from the drop-down list. The following settings are possible:
– "-" (SNMP disabled)
Access to device parameters via SNMP is not possible.
– SNMPv1/v2c/v3
Access to device parameters is possible with SNMP versions 1, 2c or 3. You can configure other settings in "System > SNMP > General".
– SNMPv3
Access to device parameters is possible only with SNMP version 3. You can configure other settings in "System > SNMP > General".
150
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
● SNMPv1/v2 Read-Only
Enable or disable write access to SNMP variables with SNMPv1/v2c.
● SNMPv1 Traps
Enable or disable the sending of traps (alarm frames). You can configure other settings in
"System > SNMP > Traps".
● DHCP Client
Enable or disable the DHCP client. You can configure other settings in "System > DHCP".
● DHCPv6 Client
Enable or disable the DHCPv6 client.
● SINEMA configuration interface
If the SINEMA configuration interface is enabled, you can download configurations to the device via the TIA Portal.
● Configuration Mode
Select the mode from the drop-down list. The following modes are possible:
– Automatic Save
Automatic backup mode. Approximately 1 minute after the last parameter change or when you restart the device, the configuration is automatically saved. In addition to this, the following message appears in the display area "Changes will be saved automatically in x seconds. Press 'Write Startup Config' to save immediately.
Note
Interrupting the save
Saving starts only after the timer in the message has elapsed. How long saving takes depends on the device.
During the save, the message "Saving configuration data in progress. Please do not switch off the device" is displayed.
• Do not switch off the device immediately after the timer has elapsed.
– Trial
Trial mode. In Trial mode, although changes are adopted, they are not saved in the configuration file (startup configuration).
To save changes in the configuration file, use the "Write startup config" button. The
"Write startup config" button is displayed when you set trial mode. In addition to this after every parameter change the following message is displayed in the display area:
"Trial Mode Active – Press "Write Startup Config" button to make your settings persistent" as soon as there are unsaved modifications. This message can be seen on every WBM page until the changes made have either been saved or the device has been restarted.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
151
Configuring with Web Based Management
6.5 "System" menu
Procedure
1. To use the required function, select the corresponding check box.
2. Select the options you require from the drop-down lists.
3. Click the "Set Values" button.
6.5.2 General
6.5.2.1 Device
General device information
This page contains the general device information.
The boxes "Current System Time", "System Up Time" and "Device Type" cannot be changed.
Description
The page contains the following boxes:
● Current System Time
Shows the current system time. The system time is either set by the user or by a time-ofday frame: either SINEC H1 time-of-day frame, NTP or SNTP. (readonly)
● System Up Time
Shows the operating time of the device since the last restart. (readonly)
● Device Type
Shows the type designation of the device. (readonly)
● System Name
You can enter the name of the device. The entered name is displayed in the selection area. A maximum of 255 characters are possible.
152
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
The system name is also displayed in the CLI input prompt. The number of characters in the CLI input prompt is limited. The system name is truncated after 16 characters.
● System Contact
You can enter the name of a contact person responsible for managing the device. A maximum of 255 characters are possible.
● System Location
You can enter the location where the device is installed. The entered installation location is displayed in the selection area. A maximum of 255 characters are possible.
Note
The ASCII code 0x20 to 0x7e is used in the input boxes.
At the start and end of the boxes"System name", "System Contact" and "System
Location", the characters "<", ">" and "space" are not permitted.
Procedure
1. Enter the contact person responsible for the device in the "System Contact" input box.
2. Enter the identifier for the location at which the device is installed in the "System
Location" input box.
3. Enter the name of the device in the "System Name" input box.
4. Click the "Set Values" button.
6.5.2.2 Coordinates
Information on geographic coordinates
In the "Geographic Coordinates" window, you can enter information on the geographic coordinates. The parameters of the geographic coordinates (latitude, longitude and the height above the ellipsoid according to WGS84) are entered directly in the input boxes of the
"Geographic Coordinates" window.
Getting the coordinates
Use suitable maps for obtaining the geographic coordinates of the device.
The geographic coordinates can also be obtained using a GPS receiver. The geographic coordinates of these devices are normally displayed directly and only need to be entered in the input boxes of this page.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
153
Configuring with Web Based Management
6.5 "System" menu
Description
The page contains the following boxes. These are purely information boxes with a maximum length of 32 characters.
● "Latitude" input box
Geographical latitude: Here, enter the value for the northerly or southerly latitude of the location of the device.
For example, the value +49° 1´31.67" means that the device is located at 49 degrees, 1 arc minute and 31.67 arc seconds northerly latitude.
A southerly latitude is shown by a preceding minus character.
You can also append the letters N (northerly latitude) or S (southerly latitude) to the numeric information (49° 1´31.67" N).
● "Longitude" input box
Geographic longitude: Here, you enter the value of the eastern or western longitude of the location of the device.
The value +8° 20´58.73" means that the device is located at 8 degrees, 20 minutes and
58.73 seconds east.
A western longitude is indicated by a preceding minus sign.
You can also add the letter E (easterly longitude) or W (westerly longitude) to the numeric information (8° 20´58.73" E).
● Input box: "Height"
Height Here, you enter the value of the geographic height above sea level in meters.
For example, 158 m means that the device is located at a height of 158 m above sea level.
Heights below sea level (for example the Dead Sea) are indicated by a preceding minus sign.
Procedure
1. Enter the calculated latitude in the "Latitude" input box.
2. Enter the calculated longitude in the "Longitude" input box.
3. Enter the height above sea level in the "Height" input box.
4. Click the "Set Values" button.
154
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
6.5.3 Agent IPv4
Configuration of the IP addresses
On this WBM page, you configure the IPv4 address for the device.
Description
The page contains the following boxes:
● IP Assgn. Method
● Shows how the IPv4 address is assigned.
– Static
The IPv4 address is static. You enter the IP settings in the input boxes "IP Address" and "Subnet Mask".
– Dynamic (DHCP)
The device obtains a dynamic IPv4 address from a DHCP server.
● IP Address
Enter the IPv4 address of the device.
After clicking the "Set Values" button, this IPv4 address is also displayed in the address bar of the Web browser. If this does not take place automatically, you will need to enter the IPv4 address in the address bar of the Web browser manually.
● Subnet Mask
Enter the subnet mask of the device.
● Default gateway
Enter the IPv4 address of the default gateway to be able to communicate with devices in another subnet, for example diagnostics stations, e-mail server.
● Agent VLAN ID
Select the VLAN ID from the drop-down list. The drop-down list is available only if the
"Base Bridge Mode" parameter is set to "802.1 Q VLAN Bridge". You configure the
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
155
Configuring with Web Based Management
6.5 "System" menu parameter in "Layer 2 > VLAN > General". You can only select VLANs that have already been configured.
Note
Changing the Agent VLAN ID
If the configuration PC is connected directly to the device via Ethernet and you change the agent VLAN ID, the device is no longer reachable via Ethernet following the change.
● MAC Address
Shows the MAC address of the device. The MAC address is linked to the hardware and cannot be modified.
Procedure
1. In the input boxes, enter the IP address, subnet mask and the default gateway.
2. Select the assigned VLAN ID from the "Agent VLAN ID" drop-down list. If the drop-down list cannot be enabled, check whether the "Base Bridge Mode" parameter is set to "802.1
Q VLAN Bridge". You configure the parameter in "Layer 2 > VLAN > General".
3. Click the "Set Values" button.
6.5.4 Agent IPv6
Configuration of the IP addresses
On this page, enable IPv6 on the management VAN. This VLAN interface is also called an
IPv6 interface. An IPv6 interface can have several IPv6 addresses.
156
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
Description
The page contains the following:
● Interface
Shows the VLAN interface on which IPv6 will be enabled.
● IPv6 Enable
Enable or disable IPv6 on the interface. When you enable the setting and accept it, the link local address is created automatically.
● IPv6 Address
Enter the IPv6 address. The entry depends on the selected address type.
● Prefix Length
Enter the number of left-hand bits belonging to the prefix
● IPv6 Address Type
Select the address type:
– Unicast
– Link Local: IPv6 address is only valid on the link.
● Address Configuration
Specify the mechanism for the address configuration:
– Automatic (default)
The IPv6 address is created using a stateless mechanism or a stateful mechanism.
– DHCPv6
Stateful: Obtains the IPv6 address and the configuration file from the DHCPv6 server.
– SLAAC (Stateless Address Auto Configuration)
Stateless autoconfiguration using NDP (Neighbor Discovery Protocol)
– Static
Enter a static IPv6 address.
● Rapid Commit
When enabled the procedure for the IPv6 address assignment is shortened. Instead of 4
DHCPv6 messages (SOLICIT, ADVERTISE , REQUEST, REPLY) only 2 DHCPv6 messages (SOLICIT, REPLY) are used. You will find further information on the messages in RFC 3315.
The table has the following columns:
● Select
Select the check box in the row to be deleted.
● Interface Name
Shows the name of the VLAN interface.
● IPv6 Address
Shows the IPv6 address.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
157
Configuring with Web Based Management
6.5 "System" menu
● Prefix Length
Shows the prefix length.
● IPv6 Address Type
Displays the address type. The following values are possible:
– Unicast
– Link Local
Procedure
6.5.4.1
Forming a link local address automatically
1. Enable IPv6.
2. Click the "Create" button. In the table an entry with the interface is created and the automatically formed link local IPv6 address is displayed.
Assigning link local address
1. Enable IPv6.
2. In "IPv6 Address" enter the link local address, e.g. FE80::21B:1BFF:FE40:9155
3. Enter "128" in "Prefix Length".
4. For "IPv6 Address Type" select the entry "Link Local".
5. For "Address Configuration" select the entry "Static".
6. Click the "Create" button. In the table an entry with the interface is created and the IPv6 address is displayed.
The automatically created local address is overwritten.
IPv6 default routes
On this page, you configure the default IPv6 routes.
158
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.5 "System" menu
The page contains the following:
● Destination Network
Enter the network address of the destination that can be reached via this route.
● Prefix Length
Enter the number of left-hand bits belonging to the prefix
● Gateway
Enter the IPv4 address of the gateway via which this network address is reachable.
● Metric
Enter the metric for the route. The metric corresponds to the quality of a connection, based for example on speed or costs. If there are several equal routes, the route with the lowest metric value is used.
Range of values: 1 - 254
● Interface
Specify the interface via which the network address of the destination is reached.
This table contains the following columns:
● Select
Select the check box in the row to be deleted.
● Destination Network
Shows the network address of the destination.
● Prefix Length
Shows the prefix length.
● Gateway
Shows the IPv6 address of the next gateway.
● Interface
Shows the Interface of the route.
● Metric
Enter the metric for the route. When creating the route, "not used" is entered automatically. The metric corresponds to the quality of a connection, based for example on speed or costs. If there are several equal routes, the route with the lowest metric value is used.
Range of values: 1 - 254
● Status
Shows whether or not the route is active.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
159
Configuring with Web Based Management
6.5 "System" menu
Steps in configuration
1. Enter the network address of the destination.
2. Enter the prefix length.
3. Enter the IPv6 address of the gateway.
4. Select the required interface.
5. Enter the metric of the route.
6. Click the "Create" button. A new entry is generated in the table.
7. Click the "Set Values" button.
6.5.5 DNS
On this page, you configure the DNS server for the device.
Note
Only resource records of type A (IPv4 address of a host) are supported.
160
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.5 "System" menu
The page contains the following boxes:
● DNS client
If the check box is enabled, the "DNS client" function is enabled.
● Used DNS Servers
Here you specify which DNS server the device uses:
– learned only
The device uses only the DNS servers assigned by DHCP.
– manual only
The device uses only the manually configured DNS servers. The DNS servers must be connected to the Internet. A maximum of three DNS servers can be configured.
– all
The device uses all available DNS servers.
● DNS Server Address
Enter the IP address of the DNS server.
The table for the DNS servers with the following columns:
● Select
Select the check box in the row to be deleted.
● DNS Server Address
Shows the IP address of the DNS server.
● Origin
This shows whether the DNS server was configured manually or was assigned by DHCP.
Procedure
Activating DNS
1. Enable the "DNS Client" check box.
2. Click the "Set Values" button.
Creating a DNS server
1. In the "DNS Server Address" box, enter the IP address of the DNS server.
2. Click the "Create" button.
Filtering DNS servers
1. In the "Used DNS Servers" drop-down list, select which DNS servers are to be used.
2. Click the "Set Values" button.
Deleting a DNS server
1. Enable "Select" in the row to be deleted.
2. Click the "Delete" button. The entry is deleted.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
161
Configuring with Web Based Management
6.5 "System" menu
6.5.6 Restart
Resetting to the defaults
In this screen, there is a button with which you can restart the device and various options for resetting to the device defaults.
Note
Note the following points about restarting a device:
•
You can only restart the device with administrator privileges.
• A device should only be restarted with the buttons of this menu or with the appropriate
CLI commands and not by a power cycle on the device.
•
Any modifications you have made only become active on the device after clicking the "Set values" button on the relevant WBM page. If the device is in "Trial" mode, configuration modifications must be saved manually before a restart. In "Automatic Save" mode, the last changes are saved automatically before a restart.
162
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.5 "System" menu
To restart the device, the buttons on this page provide you with the following options:
● Restart
Click this button to restart the system. You must confirm the restart in a dialog box.
During a restart, the device is reinitialized, the internal firmware is reloaded, and the device runs a self-test. The learned entries in the address table are deleted. You can leave the browser window open while the device restarts. You then need to log in again.
● Restore Memory Defaults and Restart
Click this button to restore the factory configuration settings with the exception of the following parameters and to restart:
– IP addresses
– Subnet mask
– IP address of the default gateway
– DHCP client ID
– DHCP
– System name
– System location
– System contact
– User names and passwords
– Mode of the device
● Restore Factory Defaults and Restart
Click this button to restore the factory defaults for the configuration. The protected defaults are also reset.
An automatic restart is triggered.
Note
By resetting all the defaults to the factory configuration settings, the IP address is also lost. Following this, the device can only be accessed using the Primary Setup Tool or using DHCP.
With the appropriate attachment, a previously correctly configured device can cause circulating frames and therefore the failure of the data traffic.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
163
Configuring with Web Based Management
6.5 "System" menu
6.5.7 Commit Control
Change management
On this page, you specify when the WLAN settings become effective on the SCALANCE
W700 device.
If you change a WLAN setting and confirm the change with "Set Values", this change is adopted and takes effect immediately. To do this, the WLAN connection is briefly interrupted.
This means that you can lose the WLAN connection to your SCALANCE W700 device before it is fully configured.
With the "Manual Commit" setting, you have the opportunity of first fully configuring the
SCALANCE W700 device. The changes are accepted, but are not active immediately. The changes only take effect when you confirm the changes with the "Commit Changes" button.
Note
If you configure the SCALANCE W700 device via the WLAN interface, we recommend that you use the "Manual Commit" setting. Check the parameters again before you confirm the changes with the "Commit Changes" button.
Description
The page contains the following boxes:
● Commit Mode
Select the required setting from the drop-down list.
– Automatic Commit
Each change in the WLAN settings is adopted and is immediately effective when you click the "Set Values" button. With its default setting, the SCALANCE W700 device is set to Automatic Commit.
– Manual Commit
The changes are accepted, but are not effective immediately. The changes only take effect when you click the "Commit Changes" button. The "Commit Changes" button is displayed when you set "Manual Commit". In addition to this the message “Manual
Commit Mode active - Press 'Commit Changes' button to provide current configuration to driver.” appears as soon as there are WLAN changes. This message can be seen
164
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu on every WBM page until the changes made have either taken effect or the
SCALANCE W700 device has been restarted.
Note
When the changes take effect, the WLAN connections to all WLAN interfaces will be interrupted for a short time. The WLAN driver is started with the new settings.
6.5.8 Load & Save
Overview of the file types
Table 6- 1 HTTP
File type Description
Config Start configuration
ConfigPack Detailed configuration information. for example, start configuration, users, certificates, firmware of the device (if saved as well).
For more detailed information on creating and using the ConfigPack incl. firmware, refer to the section "Maintenance".
CountryList The zip file contains the country list as a csv and as a pdf file.
Debug
EDS
This file contains information for Siemens Support.
Electronic Data Sheet (EDS)
Electronic data sheets for describing devices in the
EtherNet/IP mode
Firmware Loading firmware updates
GSDML Information on the device properties (PROFINET)
HTTPS Cert HTTPS certificate
Maximum file size: 8192 bits
LogFile
MIB
File with entries from the event log table
Private MSPS MIB file "Scalance_w_msps.mib"
RunningCLI This file contains an overview of the current configuration in the form of CLI commands. You can download the text file. The file is not intended to be uploaded again unchanged.
Script CLI script file
StartupInfo Startup log file
Users
WLANAuthlo g
File with user names and passwords
File with entries from the WLAN Authentication Log
(information on successful or failed authentication attempts)
Download
X
X
--
--
--
X
--
X
--
--
--
X
--
X
--
Save
X
X
X
X
X
X
X
X
--
X
X
X
X
X
X
Delete
--
--
--
--
--
--
--
X
--
--
--
--
--
--
X
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
165
Configuring with Web Based Management
6.5 "System" menu
File type
WLANCert
(in client mode only)
Description
User certificate. You can specify a password for the user certificate on the WBM page "Load&Save >
Password".
Maximum file size: 8192 bits
Server certificate
Maximum file size: 8192 bits
Download
X
X WLANServC ert
(in client mode only)
WLANSigRe c
(in client mode only)
WLANSpectrumAnalyzer
(Only in access point mode)
The zip file contains the following:
• csv file with the measured values of the signal recorder
• pdf file with the measured values and an additional graphic representation of the measured values.
You will find information about the measured values and their graphic representation in the section
The Zip file contains a csv file with the measured values of the spectrum analyzer.
You will find information about the measured values and their graphic representation in the section
"Spectrum analyzer (Page 265)".
--
--
Save
X
X
X
X
Delete
X
X
X
X
166
Table 6- 2 TFTP
File type
Config
ConfigPack
CountryList
Debug
EDS
Firmware
GSDML
HTTPS Cert
LogFile
Description
Start configuration
Detailed configuration information. for example, start configuration, users, certificates, firmware of the device (if saved as well).
For more detailed information on creating and using the ConfigPack incl. firmware, refer to the section
"Maintenance".
The zip file contains the country list as a csv and as a pdf file.
This file contains information for Siemens Support.
Electronic Data Sheet (EDS)
Electronic data sheets for describing devices in the
EtherNet/IP mode
Loading firmware updates
Information on the device properties (PROFINET)
HTTPS certificate
Maximum file size: 8192 bits
File with entries from the event log table
Save
X
X
X
X
X
X
X
X
X
Download
X
X
--
--
--
X
--
X
--
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
File type Description
MIB
RunningCLI
Script
StartupInfo
Users
WLANAuthlog
WLANCert
(in client mode only)
WLANServerCert
(in client mode only)
WLANSigRec
(in client mode only)
WLANSpectrumAnalyzer
(Only in access point mode)
Private MSPS MIB file "Scalance_w_msps.mib"
This file contains an overview of the current configuration in the form of CLI commands. You can download the text file. The file is not intended to be uploaded again unchanged.
CLI script file
Startup log file
File with user names and passwords
File with entries from the WLAN Authentication Log
(information on successful or failed authentication attempts)
User certificate. You can specify a password for the user certificate on the WBM page "Load&Save >
Password".
Maximum file size: 8192 bits
Server certificate
Maximum file size: 8192 bits
The zip file contains the following:
• csv file with the measured values of the signal recorder
• pdf file with the measured values and an additional graphic representation of the measured values.
You will find information about the measured values
and their graphic representation in the section "Signal recorder (Page 254)".
The Zip file contains a csv file with the measured values of the spectrum analyzer.
You will find information about the measured values and their graphic representation in the section
"Spectrum analyzer (Page 265)".
Save
X
X
X
X
X
X
--
X
X
X
Download
--
--
X
--
X
--
X
--
X
--
6.5.8.1 HTTP
Loading and saving data via HTTP
The WBM allows you to store device data in an external file on your client PC or to load such data from an external file from the PC to the devices. This means, for example, that you can also load new firmware from a file located on your client PC.
Note
This WBM page is available both for connections using HTTP and for connections using
HTTPS.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
167
Configuring with Web Based Management
6.5 "System" menu
Firmware
The firmware is signed and encrypted. This ensures that only firmware created by Siemens can be downloaded to the device.
Note
Incompatibility with predecessor versions
During the installation of a previous version, the configuration data and log files can be lost.
In this case, the device starts up with the factory settings after the firmware has been installed.
Configuration files
Note
Configuration files and trial mode/Automatic Save mode
In Automatic Save mode, the data is saved automatically before the configuration files
(ConfigPack and Config) are transferred.
In Trial mode, although the changes are adopted, they are not saved in the configuration files (ConfigPack and Config). Use the "Write Startup Config" button on the "System >
Configuration" WBM page to save changes in the configuration files.
CLI script file
You can download existing CLI configurations (RunningCLI) and upload your own CLI scripts
(Script).
Note
The downloadable CLI script (RunningCLI) is not intended to be uploaded again unchanged.
168
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
Description
The table has the following columns:
● Type
Shows the designation of the file.
● Description
Shows the short description of the file type.
● Load
With this button, you can upload files to the device. The button can be enabled, if this function is supported by the file type.
● Save
With this button, you can save files from the device. The button can only be enabled if this function is supported by the file type and the file exists on the device.
● Delete
With this button, you can delete files from the device. The button can only be enabled if this function is supported by the file type and the file exists on the device.
Note
Following a firmware update, delete the cache of the Web browser.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
169
Configuring with Web Based Management
6.5 "System" menu
Procedure
Loading files using HTTP
1. Start the load function by clicking the one of the "Load" buttons.
The dialog for loading a file opens.
2. Go to the file you want to load.
3. Click the "Open" button in the dialog.
The file is now loaded.
Whether or not a restart is necessary, depends on the loaded file. If a restart is necessary, a message to this effect will be output. Other files are active and executed immediately, for example the CLI script file.
1. After loading, restart the device. The changes only take effect a restart.
Saving files using HTTP
1. Start the save function by clicking the one of the "Save" buttons. Depending on the size of the file this may take some time.
2. Depending on your browser configuration you will be prompted to select a storage location and a name for the file. Or you accept the proposed file name. To make the selection, use the dialog in your browser. After making your selection, click the "Save" button.
Deleting files using HTTP
1. Start the delete function by clicking the one of the "Delete" buttons.
The file will be deleted.
Reusing configuration data
If several devices are to receive the same configuration and the IP addresses are assigned using DHCP, the effort for configuration can be reduced by saving and reading in the configuration data.
Follow the steps below to reuse configuration data:
1. Save the configuration data of a configured device on your PC.
2. Download this configuration file to all other devices you want to configure.
3. If individual settings are necessary for specific devices, these must be made online on the relevant device.
Note that the configuration data is coded when it is saved. This means that you cannot edit the files with a text editor.
170
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
6.5.8.2 TFTP
Loading and saving data via a TFTP server
On this page, you can configure the TFTP server and the file names. The WBM also allows you to store device data in an external file on your client PC or to load such data from an external file from the PC to the devices. This means, for example, that you can also load new firmware from a file located on your client PC.
Firmware
The firmware is signed and encrypted. This ensures that only firmware created by Siemens can be downloaded to the device.
Note
Incompatibility with predecessor versions
During the installation of a previous version, the configuration data and log files can be lost.
In this case, the device starts up with the factory settings after the firmware has been installed.
Configuration files
Note
Configuration files and trial mode/Automatic Save mode
In Automatic Save mode, the data is saved automatically before the configuration files
(ConfigPack and Config) are transferred.
In Trial mode, although the changes are adopted, they are not saved in the configuration files (ConfigPack and Config). Use the "Write Startup Config" button on the "System >
Configuration" WBM page to save changes in the configuration files.
CLI script file
You can download existing CLI configurations (RunningCLI) and upload your own CLI scripts
(Script).
Note
The downloadable CLI script (RunningCLI) is not intended to be uploaded again unchanged.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
171
Configuring with Web Based Management
6.5 "System" menu
Description
The page contains the following boxes:
● TFTP Server Address"
Enter the IP address or the FQDN name of the TFTP server with which you exchange data.
● TFTP Server Port
Here, enter the port of the TFTP server over which data exchange will be handled. If necessary, you can change the default value 69 to your own requirements.
The table has the following columns:
● Type
Shows the designation of the file.
● Description
Shows the short description of the file type.
172
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
● Filename
Enter a file name here.
● Actions
Select the action from the drop-down list. The selection depends on the selected file type, for example the log file can only be saved.
The following actions are possible:
– Save file
With this selection, you save a file on the TFTP server.
– Load file
With this selection, you load a file from the TFTP server.
Procedure
Loading or saving data using TFTP
1. Enter the IP address or the FQDN name of the TFTP server in the "TFTP Server
Address" input box.
2. Enter the server port to be used in the in the "TFTP Server Port" input box.
3. Enter the name of a file in which you want to save the data or take the data from in the
"Filename" input box.
4. Select the action you want to execute from the "Actions" drop-down list.
5. Click the "Set Values" button to start the selected actions. Depending on the size of the file this may take some time.
6. After loading the configuration and the SSL certificate, restart the device. The changes only take effect a restart.
Reusing configuration data
If several devices are to receive the same configuration and the IP addresses are assigned using DHCP, the effort for configuration can be reduced by saving and reading in the configuration data.
Follow the steps below to reuse configuration data:
1. Save the configuration data of a configured device on your PC.
2. Download this configuration file to all other devices you want to configure.
3. If individual settings are necessary for specific devices, these must be made online on the relevant device.
Note that the configuration data is coded when it is saved. This means that you cannot edit the files with a text editor.
6.5.8.3 Passwords
Password for certificates
With this menu item, you can enter a password for encrypted certificates.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
173
Configuring with Web Based Management
6.5 "System" menu
User, server or HTTPS certificates can exist as PKCS#12 certificates (.p12 and .pfx) and
PEM certificates (.pem).
Note
User and server certificate in one file
If the user and the server certificate are located in the same file, load this file on the device as the user certificate and as the server certificate.
Note
In Access Point mode, only the HTTPS certificate is available.
Description
The table has the following columns:
● Type
Shows the certificate.
● Description
Shows a short description of the certificate.
● Enabled
Specifies whether the certificate needs a password. If you enable the setting, specify the password in "Password".
● Password
Enter the password for the certificate.
Note
When assigning the password, you can only use the following readable ASCII characters:
0x20 - 0x7e.
174
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
● Password Confirmation
Confirm the password.
● State
Shows whether the current settings for the file match the device.
– Valid the "Enabled" check box is selected and the password matches the certificate.
– Invalid the "Enabled" check box is selected but the password does not match the certificate or no certificate has been loaded yet.
– '-'
The password cannot be evaluated or is not yet being used. The "Enabled" check box is not selected.
Procedure
Assigning the password
1. Enter the password in "Password".
2. To confirm the password, enter the password again in "Password Confirmation".
3. Select the "Enabled" option.
4. Click the "Set Values" button.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
175
Configuring with Web Based Management
6.5 "System" menu
6.5.9 Events
6.5.9.1 Configuration
Selecting system events
On this page, you specify how a device reacts to system events. By enabling the appropriate options, you specify how the device reacts to events. To enable or disable the options, click the relevant check boxes of the columns.
Description
With Table 1, you can enable or disable all check boxes of a column of Table 2 at once.
Table 1 has the following columns:
● All Events
Shows that the settings are valid for all events of table 2.
● E-Mail / Trap / Log Table / Syslog / Error
Enable or disable the required type of notification for all events. If "No Change" is selected, the entries of the corresponding column in table 2 remain unchanged.
● Copy to Table
If you click the button, the setting is adopted for all events of table 2.
176
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
Table 2 has the following columns:
● Event
The column contains the following values:
– Cold/warm restart
The device was turned on or restarted by the user.
– Link Change
This event occurs only when the port status is monitored and has changed, see
"System > Fault Monitoring > Link Change".
– Authentication error
This event occurs when attempting access with a bad password.
– Power Change
This event occurs only when power supply line 1 is monitored. It indicates that there was a change to line 1, see "System > Fault Monitoring >Power Supply".
– Spanning Tree Change
The STP or RSTP or MSTP topology has changed.
– Fault State Change
The fault status has changed. The fault status can relate to the activated port monitoring, the response of the signaling contact or the power supply monitoring.
– Overlap AP Detection (Only in access point mode)
This event is triggered when there is an entry in the overlap AP list.
– WDS (Only in access point mode)
The connection status of a WDS link has changed.
– DFS (Only in access point mode)
This event occurs if a radar signal was received or the DFS scan was started or stopped.
– WLAN General (Only in access point mode)
This event occurs if a the channel bandwidth has changed.
– WLAN Authentication Log
Forwarding of the entries from the WLAN authentication log to the system protocol server.
– WLAN De/Authentication(Only in client mode)
With successful or failed WLAN authentication attempts.
– iPCF Poll Size (available only with client SCALANCE W722-1)
This event occurs if the PROFINET data size is too large for transfer.
The device sends an e-mail. This is only possible if the SMTP server is set up and the
"SMTP client" function is enabled.
● Trap
The device sends an SNMP trap. This is only possible if "SNMPv1 Traps" is enabled in
"System > Configuration".
● Log Table
The device writes an entry in the event log table.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
177
Configuring with Web Based Management
6.5 "System" menu
● Syslog
The device writes an entry to the system log server. This is only possible if the system log server is set up and the "Syslog client" function is enabled.
● Faults
The device triggers an error. The error LED lights up
Procedure
Follow the steps below to change entries:
1. Select the check box in the row of the required event. Select the event in the column under the following actions:
– Trap
– Log Table
– Syslog
– Faults
2. Click the "Set Values" button.
6.5.9.2 Severity
Setting the Severity Filters
On this page, set the threshold levels for sending system event notifications.
178
The first table column shows the client type for which you are making the settings:
Sending system event messages by e-mail
● Log Table
Entry of system events in the log table
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
● Syslog
Entry of system events in the Syslog file
● WLAN Authentication Log
Entering system events in the WLAN authentication log
Select the required level from the drop-down lists of the second table column.
You can select from the following values:
● Critical
System events are processed as of the severity level "Critical".
● Warning
System events are processed as of the severity level "Warning".
● Info
System events are processed as of the severity level "Info".
Procedure
Follow the steps below to configure the required level:
1. Select the required values from the drop-down lists of the second table column after the client types.
2. Click the "Set Values" button.
6.5.10 SMTP Client
Network monitoring with e-mails
The device provides the option of automatically sending an e-mail if an alarm event occurs
(for example to the network administrator). The e-mail contains the identification of the sending device, a description of the cause of the alarm in plain language, and a time stamp.
This allows centralized network monitoring to be set up for networks with few nodes based on an e-mail system. When an e-mail error message is received, the WBM can be started by the Internet browser using the identification of the sender to read out further diagnostics information.
On this page, you can configure up to three SMTP servers and the corresponding e-mail addresses.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
179
Configuring with Web Based Management
6.5 "System" menu
Description
The page contains the following boxes:
● SMTP Client
Enable or disable the SMTP client.
● Sender Email Address
Enter the name of the sender to be included in the e-mail, for example the device name.
This setting applies to all configured SMTP servers.
● Send Test Mail
Send a test e-mail to check your configuration.
● SMTP Port
Enter the port via which your SMTP server can be reached.
Factory settings: 25
This setting applies to all configured SMTP servers.
● SMTP Server Address
Enter the IP address or the FQDN (Fully Qualified Domain Name) of the SMTP server.
This table contains the following columns:
● Select
Select the check box in a row to be deleted.
● SMTP Server Address
Shows the IP address or the FQDN (Fully Qualified Domain Name) of the SMTP server.
● Receiver Email Address
Enter the e-mail address to which the device sends an e-mail if a fault occurs.
180
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Procedure
Configuring with Web Based Management
6.5 "System" menu
1. Enable the "SMTP Client" option.
2. Enter the IP address of the SMTP server or the FQDN in the "SMTP Server Address" input box.
3. Click the "Create" button. A new entry is generated in the table.
4. In the Receiver Email Address input box. enter the e-mail address to which the device sends an e-mail if a fault occurs.
5. Click the "Set Values" button.
Note
Depending on the properties and configuration of the SMTP server, it may be necessary to adapt the "Sender E-Mail Address” input box for the e-mails. Check with the administrator of the SMTP server.
See also
Address assignment with DHCP (Page 62)
6.5.11 DHCP
6.5.11.1 DHCP Client
Setting of the DHCP mode
If the device is configured as a DHCP client, it starts a DHCP query. As the reply to the query the device receives an IPv4 address from the DHCP server. The server manages an address range from which it assigns IPv4 addresses. It is also possible to configure the server so that the client always receives the same IPv4 address in response to its request.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
181
Configuring with Web Based Management
6.5 "System" menu
Description
The page contains the following boxes:
● DHCP client configuration file request (opt 66, 67)
Select this option if you want the DHCP client to use options 66 and 67 to download and then enable a configuration file.
● DHCP Mode
Select the DHCP mode from the drop-down list. The following modes are possible:
– via MAC Address
Identification is based on the MAC address.
– via DHCP Client ID
Identification is based on a freely defined DHCP client ID.
– Via System Name
Identification is based on the system name. If the system name is 255 characters long, the last character is not used for identification.
– via PROFINET Name of Station
The identification is made using the PROFINET device name.
The table has the following columns:
● Interface
Interface to which the setting relates.
● DHCP
Enable or disable the DHCP client for the relevant interface.
Procedure
1. Select the required mode from the "DHCP Mode" drop-down list. If you select the DHCP mode "via DHCP Client ID" an input box appears.
– In the enabled input box "DHCP client ID" enter a string to identify the device. This is then evaluated by the DHCP server.
2. Select the "DHCP Client Configuration Request (Opt. 66, 67) option", if you want the
DHCP client to use options 66 and 67 to download and then enable a configuration file.
3. Enable the "DHCP" option in the table.
4. Click the "Set Values" button.
Note
If a configuration file is downloaded, this can trigger a system restart. If the currently running configuration and the configuration in the downloaded configuration file differ, the system is restarted.
Make sure that the option "DHCP Client Configuration Request (Opt. 66, 67"is no longer set.
182
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
See also
Configuring with Web Based Management
6.5 "System" menu
6.5.11.2
Address assignment with DHCP (Page 62)
DHCP server
Note
This tab is available only on the access point SCALANCE W761-1 RJ45 and the client
SCALANCE W722-1 RJ45.
You can operate the device as a DHCP server. This allows IPv4 addresses to be assigned automatically to the connected devices. The IPv4 addresses are either distributed dynamically from an address band you have specified or a specific IPv4 address (static) can be assigned to a particular device.
On this page, specify the IPv4 address band from which the device receives any IPv4 address.
You configure the static assignment of the IPv4 addresses in "Static Leases".
Note
Maximum number of IP addresses
The maximum number of IPv4 addresses that the DHCP server supports is 100. In other words, a total of 100 IPv4 addresses (dynamic + static).
With the static assignments, you can create a maximum of 20 entries.
Requirements for the DHCP server
● NAT is enabled. You enable NAT in "Layer 3 > NAT".
● The connected devices are configured so that they obtain the IPv4 address from a DHCP server.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
183
Configuring with Web Based Management
6.5 "System" menu
Description
The page contains the following boxes:
● Enable DHCP Server
Enable or disable the DHCP server on the device.
Note
To avoid conflicts with IPv4 addresses, only one device may be configured as a DHCP server in the network.
● Probe address with ICMP echo before offer
When selected, the DHCP server checks whether or not the IP address has already been assigned. To do this the DHCP server sends ICMP echo messages (ping) to the IPv4 address. If no reply is received, the DHCP server can assign the IPv4 address.
Note
If there are devices in your network on which the echo service is disabled as default, there may be conflicts with the IPv4 addresses. To avoid this, assign these devices an
IPv4 address outside the IPv4 address band.
The table has the following columns:
● Select
Select the check box in the row to be deleted.
● Pool ID
Shows the number of the IPv4 address band. If you click the "Create" button, a new row with a unique number is created (pool ID).
Note
Only one Pool ID (ID = 1) can be created.
● Interface
Specify the interface via which the IPv4 addresses are dynamically assigned. The requirement for the assignment is that the IPv4 address of the interface is located within the IPv4 address band. If this is not the case, the interface does not assign any IPv4 addresses.
● Enable
Specify whether or not this IPv4 address band will be used.
Note
If you enable the IPv4 address band. the settings in this and the other DHCP tabs ate grayed out and can no longer be edited.
● Subnet
Enter the network address range that will be assigned to the devices. Use the CIDR notation.
184
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
6.5.11.3
Configuring with Web Based Management
6.5 "System" menu
● Lower IP address
Enter the IPv4 address that specifies the start of the dynamic IPv4 address band. The
IPv4 address must be within the network address range you configured for "Subnet".
● Upper IP address
Enter the IPv4 address that specifies the end of the dynamic IPv4 address band. The
IPv4 address must be within the network address range you configured for "Subnet".
● Lease Time (sec)
Specify for how many seconds the assigned IPv4 address remains valid. When half the lease time has elapsed. the DHCP client can extend the period of the assigned IPv4 address. When the entire time has elapsed, the DHCP client needs to request a new IPv4 address.
DHCP Options
Note
This tab is available only on the access point SCALANCE W761-1 RJ45 and the client
SCALANCE W722-1 RJ45.
On this page you specify which DHCP options the DHCP server supports. The various
DHCP options are defined in RFC 2132.
Description
The page contains the following boxes:
● Pool ID
Select the required IPv4 address band.
● Option Code
Enter the number of the required DHCP option. A maximum of 20 DHCP options are
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
185
Configuring with Web Based Management
6.5 "System" menu possible.
The various DHCP options are defined in RFC 2132. The DHCP options 1, 3, 6, 66 and
67 are created automatically when the IPv4 address band is created. With the exception of option 1, the options can be deleted.
With the DHCP option 3, the internal IPv4 address of the device is automatically set as a
DHCP parameter
Note
DHCP options not supported
The DHCP options 50 - 60 and 255 are not supported.
The table has the following columns:
● Select
Select the check box in the row to be deleted.
Pool ID
Shows the number of the IPv4 address band.
● Option Code
Shows the number of the DHCP option.
● Use Interface IP
Specify whether or not the internal IPv4 address of the device will be used.
● Value
Enter the value that is transferred to the DHCP client. The content depends on the DHCP option.
Some examples of this are as follows:
– DHCP option 67 (boot file name)
Enter the name of the boot file in the string format.
– DHCP options 3 (Router) and 6 (DNS):
Enter the DHCP parameter as an IPv4 address, e.g. 192.168.100.2. With DHCP option 6, you can specify several IPv4 addresses separated by commas.
– DHCP option 12 (host name):
Enter the host name in the string format.
– DHCP option 66 (TFTP Server):
Enter the DHCP parameter as an IPv4 address, e.g. 192.168.100.2 or the FQDN name. You can specify several IPv4 addresses separated by commas.
– All other DHCP options
Enter the DHCP parameter in hexadecimal, e.g. the IPv4 address 192.168.100.2 corresponds to "C0A86402".
186
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
6.5.11.4
Configuring with Web Based Management
6.5 "System" menu
Static Leases
Note
This tab is available only on the access point SCALANCE W761-1 RJ45 and the client
SCALANCE W722-1 RJ45.
On this page you specify that devices with a certain MAC address are assigned to the selected IPv4 address.
Description
The page contains the following boxes:
● Pool ID
From the drop-down list, select the required IPv4 address band.
● Hardware Type
Select the method according to which a client is identified.
– Ethernet MAC
The client is identified by its MAC address.
– Client ID
The client is identified by a freely defined DHCP client ID. The client ID can be up to a maximum of 254 characters long.
● Value
Enter the MAC address or the client ID and click the "Create" button to create the entry.
Note
A maximum of 20 entries are possible.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
187
Configuring with Web Based Management
6.5 "System" menu
The table has the following columns:
● Select
Select the check box in the row to be deleted.
● Pool ID
● Shows the number of the IPv4 address band.
Note
Only Pool ID = 1 is supported.
● Hardware Type
Shows whether the client is identified by its MAC address or the client ID.
● Value
Shows the MAC address to which the IPv4 address is assigned.
● IP Address
Specify the IPv4 address. The IPv4 address must match the subnet of the IPv4 address band.
6.5.12 SNMP
6.5.12.1 General
Configuration of SNMP
On this page, you make the basic settings for SNMP. Enable the check boxes according to the function you want to use.
188
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.5 "System" menu
The page contains the following boxes:
● SNMP
Select the SNMP protocol from the drop-down list. The following settings are possible:
– "-" (disabled)
SNMP is disabled.
– SNMPv1/v2c/v3
SNMPv1/v2c/v3 is supported.
Note
Note that SNMP in versions 1 and 2c does not have any security mechanisms.
– SNMPv3
Only SNMPv3 is supported.
● SNMPv1/v2c Read-Only
If you enable this option, SNMPv1/v2c can only read the SNMP variables.
Note
Community String
For security reasons, do not use the standard values "public" or "private". Change the community strings following the initial installation.
The recommended minimum length for community strings is 6 characters.
● SNMPv1/v2c Read Community String
Enter the community string for read access of the SNMP protocol.
● SNMPv1/v2c Read/Write Community String
Enter the community string for read and write access of the SNMP protocol.
● SNMPv1 Traps
Enable or disable the sending of SNMPv1 traps (alarm frames). On the "Trap" tab, specify the IP addresses of the devices to which SNMPv1 traps will be sent.
● SNMPv1/v2c Trap Community String
Enter the community string for sending SNMPv1/v2c messages.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
189
Configuring with Web Based Management
6.5 "System" menu
● SNMPv3 User Migration
– Enabled
If the function is enabled, an SNMP engine ID is generated that can be migrated. You can transfer configured SNMPv3 users to a different device.
If you enable this function and load the configuration of the device on another device, configured SNMPv3 users are retained.
– Disabled
If the function is disabled, a device-specific SNMP engine ID is generated. To generate the ID, the agent MAC address of the device is used. You cannot transfer this SNMP user configuration to other devices.
If you load the configuration of the device on another device, all configured SNMPv3 users are deleted.
● SNMP Engine ID
Shows the SNMP engine ID.
Procedure
1. Select the required option from the "SNMP" drop-down list:
– "-" (disabled)
– SNMPv1/v2c/v3
– SNMPv3
2. Enable the "SNMPv1/v2c Read Only" check box if you only want read access to SNMP variables with SNMPv1/v2c.
3. Enter the required character string in the "SNMPv1/v2c Read Community String" input box.
4. Enter the required character string in the "SNMPv1/v2c Read/Write Community String" input box.
5. If necessary, enable the SNMPv3 User Migration.
6. Click the "Set Values" button.
190
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
6.5.12.2 Traps
SNMP traps for alarm events
If an alarm event occurs, a device can send SNMP traps (alarm frames) to up to ten different management stations at the same time. Traps are only sent if the events specified in the
"Events" menu occur.
Note
Traps are only sent if you have enabled the option "SNMPv1 Traps" in the "General" tab or in "System > Configuration".
Description
● Trap Receiver Address
Enter the IP address or the FQDN name of the station to which the device sends SNMP traps. You can specify up to ten different recipients servers.
The table has the following columns:
● Select
Select the row you want to delete.
● Trap Receiver Address
If necessary, change the IP addresses or the FQDN names of the stations.
● Trap
Enable or disable the sending of traps. Stations that are entered but not selected do not receive SNMP traps.
Procedure
Creating a trap entry
1. In "Trap Receiver Address", enter the IP address or the FQDN name of the station to which the device sends traps.
2. Click the "Create" button to create a new trap entry.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
191
Configuring with Web Based Management
6.5 "System" menu
3. Select the check box in the required row "Trap".
4. Click the "Set Values" button.
Deleting a trap entry
1. Enable "Select" in the row to be deleted.
2. Click the "Delete" button. The entry is deleted.
6.5.12.3 v3 Groups
Security settings and assigning permissions
SNMP version 3 allows permissions to be assigned, authentication, and encryption at protocol level. The security level and read/write permissions are assigned according to groups. The settings automatically apply to every member of a group.
Description
The page contains the following boxes:
● Group Name
Enter the name of the group. The maximum length is 32 characters.
● Security Level
Select the security level (authentication, encryption) valid for the selected group. You have the following options for the security levels:
– no Auth/no Priv
No authentication enabled / no encryption enabled.
– Auth/no Priv
Authentication enabled / no encryption enabled.
– Auth/Priv
Authentication enabled / encryption enabled.
192
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
The table has the following columns:
● Select
Select the row you want to delete.
● Group Name
Shows the defined group names.
● Security Level
Shows the configured security level.
● Read
Enable or disable read access for the required group.
● Write
Enable or disable write access for the required group.
Note
For write access to work, you also need to enable read access.
● Persistence
Shows whether or not the group is assigned to an SNMPv3 user. If the group is not assigned to an SNMPv3 user, no automatic saving is triggered and the configured group is deleted after restarting the device.
– Yes
The group is assigned to an SNMPV3 user.
– No
The group is not assigned to an SNMPV3 user.
Procedure
Creating a new group
1. Enter the required group name in "Group Name".
2. Select the required security level from the "Security Level" drop-down list.
3. Click the "Create" button to create a new entry.
4. Specify the required read rights for the group in " Read".
5. Specify the required write rights for the group in " Write".
6. Click the "Set Values" button.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
193
Configuring with Web Based Management
6.5 "System" menu
Modifying a group
1. Specify the required read rights for the group in " Read".
2. Specify the required write rights for the group in " Write".
3. Click the "Set Values" button.
Note
Once a group name and the security level have been specified, they can no longer be modified after the group is created. If you want to change the group name or the security level , you will need to delete the group and recreate it and reconfigure it with the new name.
Deleting a group
1. Enable "Select" in the row to be deleted.
Repeat this for all groups you want to delete.
2. Click the "Delete" button. The entries are deleted.
194
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
6.5.12.4 v3 Users
User-specific security settings
On the WBM page, you can create new SNMPv3 users and modify or delete existing users.
The user-based security model works with the concept of the user name; in other words, a user ID is added to every frame. This user name and the applicable security settings are checked by both the sender and recipient.
Description
The page contains the following boxes:
● User Name
Enter a freely selectable user name. After you have entered the data, you can no longer modify the name.
The table has the following columns:
● Select
Select the row you want to delete.
● User Name
Shows the created users.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
195
Configuring with Web Based Management
6.5 "System" menu
● Group Name
Select the group which will be assigned to the user.
● Authentication Protocol
Specify the authentication protocol for which a password will be stored.
The following settings are available:
– None
– MD5
– SHA
● Encryption Protocol
Specify whether or not a password should be stored for encryption with the DES algorithm. Can only be enabled when an authentication protocol has been selected.
● Authentication Password
Enter the authentication password in the first input box. This password must have at least
6 characters, the maximum length is 32 characters.
● Authentication Password Confirmation
Confirm the password by repeating the entry.
● Privacy Password
Enter your encryption password. This password must have at least 6 characters, the maximum length is 32 characters.
● Privacy Password Confirmation
Confirm the encryption password by repeating the entry.
● Persistence
Shows whether or not the user is assigned to an SNMPv3 group. If the user is not assigned to an SNMPv3 group, no automatic saving is triggered and the configured user is deleted after restarting the device.
– Yes
The user is assigned to an SNMPv3 group.
– No
The user is not assigned to an SNMPv3 group.
Procedure
Create a new user
1. Enter the name of the new user in the "User Name" input box.
2. Click the "Create" button. A new entry is generated in the table.
3. In "Group Name", select the group to which the new user will belong.
If the group has not yet been created, change to the "v3 Groups" page and make the settings for this group.
196
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
4. If an authentication is necessary for the selected group, select the authentication algorithm in "Authentication Protocol".
In the relevant input boxes, enter the authentication password and its confirmation.
5. If encryption was specified for the group, select the algorithm in "Privacy Protocol". In the relevant input boxes, enter the encryption password and the confirmation.
6. Click the "Set Values" button.
Delete user
1. Enable "Select" in the row to be deleted.
Repeat this for all users you want to delete.
2. Click the "Delete" button. The entry is deleted.
6.5.13 System Time
There are different methods that can be used to set the system time of the device. Only one method can be active at any one time.
If one method is activated, the previously activated method is automatically deactivated.
6.5.13.1 Manual Setting
Manual setting of the system time
On this page, you set the date and time of the system yourself. For this setting to be used, enable "Time Manually".
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
197
Configuring with Web Based Management
6.5 "System" menu
Description
The page contains the following boxes:
● Time Manually
Enable or disable the manual time setting. If you enable the option, the "System Time" input box can be edited.
● System Time
Enter the date and time in the format "MM/DD/YYYY HH:MM:SS".
After a restart, the time of day begins at 01/01/2000 00:00:00.
● Use PC Time
Click the button to use the time setting of the PC.
● Last Synchronization Time
Shows when the last time-of-day synchronization took place. If no time-of-day synchronization was possible, the box displays "Date/time not set".
● Last Synchronization Mechanism
Shows how the last time synchronization was performed.
– Not set
The time was not set.
– Manual
Manual time setting
– SNTP
Automatic time-of-day synchronization with SNTP
– NTP
Automatic time-of-day synchronization with NTP
– SIMATIC
Automatic time-of-day synchronization using the SIMATIC time frame
● Daylight Saving Time (DST)
Shows whether the daylight saving time changeover is active.
– active (offset +1 h)
The system time was changed to daylight saving time; in other words an hour was added. You can see the current system time at the top right in the selection area of the
WBM.
The set time continues to be displayed in the "System Time" box.
– inactive (offset +0 h)
The current system time is not changed.
198
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Procedure
6.5.13.2
Configuring with Web Based Management
6.5 "System" menu
1. Enable the "Time Manually" option.
2. In the "System Time" input box, enter the date and time in the format "MM/DD/YYYY
HH:MM:SS".
3. Click the "Set Values" button.
The date and time are adopted and "Manual" is entered in "Last Synchronization
Mechanism" box.
DST Overview
On this page, you can create new entries for the daylight saving time changeover.
The table provides an overview of the existing entries.
Settings
● Select
Select the row you want to delete.
● DST No.
Shows the number of the entry.
If you create a new entry, a new line with a unique number is created.
● Name
Shows the name of the entry.
● Year
Shows the year for which the entry was created.
● Start Date
Shows the month, day and time for the start of daylight saving time.
● End Date
Shows the month, day and time for the end of daylight saving time.
● Recurring Date
With an entry of the type "Rule", the period in which daylight saving time is active is displayed consisting of week, day, month and time of day.
With an entry of the type "Date" a "-" is displayed.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
199
Configuring with Web Based Management
6.5 "System" menu
● State
Shows the status of the entry:
– Enabled
The entry was created correctly.
– Invalid
The entry was created new and the start and end date are identical.
● Type
Shows how the daylight saving time changeover is made:
– Date
A fixed date is entered for the daylight saving time changeover.
– Rule
A rule was defined for the daylight saving time changeover.
Procedure
Creating an entry
1. Click the "Create" button.
A new entry is created in the table.
2. Click on the required entry in the "DST No column.
You change to the "DST Configuration" page.
3. Select the required type in the "Type" drop-down list.
Depending on the selected type, various settings are available.
4. Enter a name name in the "Name" box.
5. If you have selected the type "Date", fill in the following boxes.
– Year
– Day (for start and end date)
– Hour (for start and end date)
– Month (for start and end date)
6. If you have selected the type "Rule", fill in the following boxes.
– Hour (for start and end date)
– Month (for start and end date)
– Week (for start and end date)
– Day (for start and end date)
7. Click the "Set Values" button.
200
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
6.5.13.3
Configuring with Web Based Management
6.5 "System" menu
Deleting an entry
1. Enable "Select" in the row to be deleted.
2. Click the "Delete" button. The entry is deleted.
DST-Konfiguration
On this page, you can configure the entries for the daylight saving time changeover. As result of the changeover to daylight saving or standard time, the system time for the local time zone is correctly set.
You can define a rule for the daylight saving time changeover or specify a fixed date.
Settings
Note
The content of this page depends on the selection in the "Type" box.
The boxes "DST No.", "Type" and "Name" are always shown.
● DST No.
Select the type of the entry.
● Type
Select how the daylight saving time changeover is made:
– Date
You can set a fixed date for the daylight saving time changeover.
This setting is suitable for regions in which the daylight saving time changeover is not governed by rules.
– Rule
You can define a rule for the daylight saving time changeover.
This setting is suitable for regions in which the daylight saving time always begins or ends on a certain weekday.
● Name
Enter a name for the entry.
The name can be a maximum of 16 characters long.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
201
Configuring with Web Based Management
6.5 "System" menu
Settings with "Date" selected
202
You can set a fixed date for the start and end of daylight saving time.
● Year
Enter the year for the daylight saving time changeover.
● Start Date
Enter the following values for the start of daylight saving time:
– Day
Specify the day.
– Hour
Specify the hour.
– Month
Specify the month.
● End Date
Enter the following values for the end of daylight saving time:
– Day
Specify the day.
– Hour
Specify the hour.
– Month
Specify the month.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Settings with "Rule" selected
Configuring with Web Based Management
6.5 "System" menu
You can create a rule for the daylight saving time changeover.
● Start Date
Enter the following values for the start of daylight saving time:
– Hour
Specify the hour.
– Month
Specify the month.
– Week
Specify the week.
You can select the first to fourth or the last week of the month.
– Day
Specify the weekday.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
203
Configuring with Web Based Management
6.5 "System" menu
● End Date
Enter the following values for the end of daylight saving time:
– Hour
Specify the hour.
– Month
Specify the month.
– Week
Specify the week.
You can select the first to fourth or the last week of the month.
– Day
Specify the weekday.
6.5.13.4 SNTP Client
Time-of-day synchronization in the network
SNTP (Simple Network Time Protocol) is used for synchronizing the time in the network. The appropriate frames are sent by an SNTP server in the network.
Note
To avoid time jumps, make sure that there is only one time server in the network.
204
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.5 "System" menu
The page contains the following boxes:
● SNTP Client
Enable or disable automatic time-of-day synchronization using SNTP.
● Current System Time
Shows the current date and current normal time received from the server. If you specify a time zone, the time information is adapted accordingly.
● Last Synchronization Time
Shows when the last time-of-day synchronization took place.
● Last Synchronization Mechanism
Shows how the last time synchronization was performed. The following methods are possible:
– Not set
The time was not set.
– Manual
Manual time setting
– SNTP
Automatic time-of-day synchronization with SNTP
– NTP
Automatic time-of-day synchronization with NTP
– SIMATIC
Automatic time-of-day synchronization using the SIMATIC time frame
● Time Zone
In this box, enter the time zone you are using in the format "+/- HH:MM". The time zone relates to UTC standard world time.
The time in the "Current System Time" box is adapted accordingly.
● Daylight Saving Time (DST)
Shows whether the daylight saving time changeover is active.
– active (offset +1 h)
The system time was changed to daylight saving time; in other words an hour was added. You can see the current system time at the top right in the selection area of the
WBM.
The normal time including the time zone continues to be displayed in the "Current
System Time" box.
– inactive (offset +0 h)
The current system time is not changed.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
205
Configuring with Web Based Management
6.5 "System" menu
● "SNTP Mode"
Select the synchronization mode from the drop-down list. The following types of synchronization are possible:
– Poll
If you select this protocol type, the input boxes "SNTP Server Address", "SNTP Server
Port" and "Poll Interval[s]" are displayed to allow further configuration. With this type of synchronization, the device is active and sends a time query to the SNTP server.
– Listen
With this type of synchronization, the device is passive and receives SNTP frames that deliver the time of day.
● SNTP Server Address
Enter the IPV4 address or the FQDN (Fully Qualified Domain Name) of the SNTP server.
● SNTP Server Port
Enter the port of the SNTP server.
The following ports are possible:
– 123 (standard port)
– 1025 to 36564
● Poll Interval[s]
Here, enter the interval between two-time queries. In this box, you enter the query interval in seconds. Possible values are 16 to 16284 seconds.
Procedure
1. Click the "SNTP Client" check box to enable the automatic time setting.
2. In the "Time Zone" input box, enter the local time difference to world time (UTC). The input format is "+/-HH:MM" (for example +02:00 for CEST), because the SNTP server always sends the UTC time. This time is then recalculated and displayed as the local time based on the specified time zone. On the device itself, there is no changeover from the daylight saving to standard time. You also need to take this into account when completing the "Time Zone" input box.
3. Select one of the following options from the "SNTP Mode" drop-down list:
– Poll
For this mode, you need to configure the following:
- time zone difference (step 2)
- time server (step 4)
- Port (step 5)
- query interval (step 6)
- complete the configuration with step 7.
– Listen
For this mode, you need to configure the following:
- time difference to the time sent by the server (step 2)
- complete the configuration with step 7.
4. In the "SNTP Server Address" input box, enter the IPv4 address or the FQDN of the
SNTP server whose frames will be used to synchronize the time of day.
206
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
5. In the "SNTP Server Port" input box, enter the port via which the SNTP server is available. The port can only be modified if the IPv4 address or the FQDN name of the
SNTP server is entered.
6. In the "Poll Interval[s]" input box, enter the time in seconds after which a new time query is sent to the time server.
7. Click the "Set Values" button to transfer your changes to the device.
6.5.13.5 NTP Client
Automatic time-of-day setting with NTP
If you require time-of-day synchronization using NTP, you can make the relevant settings here.
Note
To avoid time jumps, make sure that there is only one time server in the network.
Description
The page contains the following boxes:
● NTP Client
Select this check box to enable automatic time-of-day synchronization with NTP.
● Current System Time
Shows the current date and current normal time received by the IE switch. If you specify a time zone, the time information is adapted accordingly.
● Last Synchronization Time
Shows when the last time-of-day synchronization took place.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
207
Configuring with Web Based Management
6.5 "System" menu
● Last Synchronization Mechanism
Shows how the last time synchronization was performed. The following methods are possible:
– Not set
The time was not set.
– Manual
Manual time setting
– SNTP
Automatic time-of-day synchronization with SNTP
– NTP
Automatic time-of-day synchronization with NTP
– SIMATIC
Automatic time-of-day synchronization using the SIMATIC time frame
● Time Zone
In this box, enter the time zone you are using in the format "+/- HH:MM". The time zone relates to UTC standard world time.
The time in the "Current System Time" box is adapted accordingly.
● Daylight Saving Time (DST)
Shows whether the daylight saving time changeover is active.
– active (offset +1 h)
The system time was changed to daylight saving time; in other words an hour was added. You can see the current system time at the top right in the selection area of the
WBM.
The normal time including the time zone continues to be displayed in the "Current
System Time" box.
– inactive (offset +0 h)
The current system time is not changed.
● NTP Server Address
Enter the IPv4 address or the FQDN (Fully Qualified Domain Name) of the NTP server.
● NTP Server Port
Enter the port of the NTP server.
The following ports are possible:
– 123 (standard port)
– 1025 to 36564
● Poll Interval[s]
Here, enter the interval between two time queries. In this box, you enter the query interval in seconds. Possible values are 64 to 1024 seconds.
208
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Procedure
Configuring with Web Based Management
6.5 "System" menu
1. Click the "NTP Client" check box to enable the automatic time setting using NTP.
2. Enter the necessary values in the following boxes:
– Time zone
– IPv4 address or FQDN of the NTP server
– NTP server port
– Query interval
3. Click the "Set Values" button.
6.5.13.6 SIMATIC Time Client
Time setting via SIMATIC time client
Note
To avoid time jumps, make sure that there is only one time server in the network.
Description
The page contains the following boxes:
● SIMATIC Time Client
Select this check box to enable the device as a SIMATIC time client.
● Current System Time
Shows the current system time.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
209
Configuring with Web Based Management
6.5 "System" menu
● Last Synchronization Time
Shows when the last time-of-day synchronization took place.
● Last Synchronization Mechanism
Shows how the last time synchronization was performed. The following methods are possible:
– Not set
The time was not set.
– Manual
Manual time setting
– SNTP
Automatic time-of-day synchronization with SNTP
– NTP
Automatic time-of-day synchronization with NTP
– SIMATIC
Automatic time-of-day synchronization using the SIMATIC time frame
Procedure
1. Click the "SIMATIC Time Client" check box to enable the SIMATIC Time Client.
2. Click the "Set Values" button.
6.5.14 Auto Logout
Setting the automatic logout
On this page, set the times after which there is an automatic logout from WBM or the CLI following user in activity.
If you have been logged out automatically, you will need to log in again.
210
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Procedure
Configuring with Web Based Management
6.5 "System" menu
1. Enter a value of 60-3600 seconds in the "Web Based Management (s)" input box. If you enter the value 0, the automatic logout is disabled.
2. Enter a value of 60-600 seconds in the "CLI (TELNET, SSH) (s)" input box. If you enter the value 0, the automatic logout is disabled.
3. Click the "Set Values" button.
6.5.15 Syslog Client
System event agent
Syslog according to RFC 3164 is used for transferring short, unencrypted text messages over UDP in the IP network. This requires a Syslog server.
Requirements for sending log entries:
● The Syslog function is enabled on the device.
● The Syslog function is enabled for the relevant event.
● There is a Syslog server in your network that receives the log entries. (Since this is a
UDP connection, there is no acknowledgment to the sender)
● The IP address or the FQDN (Fully Qualified Domain Name) of the Syslog server is entered in the device.
Description
The page contains the following boxes:
● Syslog Client
Enable or disable the Syslog function.
● Syslog Server Address
Enter the IP address or the FQDN (Fully Qualified Domain Name) of the Syslog server.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
211
Configuring with Web Based Management
6.5 "System" menu
This table contains the following columns
● Select
Select the row you want to delete.
● Syslog Server Address
Shows the IP address or the FQDN (Fully Qualified Domain Name) of the Syslog server.
● Server Port
Enter the port of the Syslog server being used.
Procedure
Enabling function
1. Select the "Syslog Client" check box.
2. Click the "Set Values" button.
Creating a new entry
1. In the "Syslog Server Address" input box, enter the IP address or the FQDN of the Syslog server on which the log entries will be saved.
2. Click the "Create" button. A new row is inserted in the table.
3. In the "Server Port" input box, enter the number of the UDP port of the server.
4. Click the "Set Values" button.
Note
The default setting of the server port is 514.
Changing the entry
1. Delete the entry.
2. Create a new entry.
Deleting an entry
1. Select the check box in the row to be deleted.
2. Click the "Delete" button. All selected entries are deleted and the display is refreshed.
6.5.16 Fault Monitoring
6.5.16.1 Power Supply
Settings for monitoring the power supply
Configure whether or not the power supply should be monitored by the messaging system.
212
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
A fault is then signaled by the message system when there is no power on the monitored line
(Line 1) or when the voltage is too low.
Note
You will find the permitted operating voltage limits in the operating instructions of the device.
A fault causes the signaling contact to trigger and the fault LED on the device to light up and, depending on the configuration, can trigger a trap, an e-mail, or an entry in the event log table.
Procedure
1. Click the check box in front of the line name to enable or disable the monitoring function.
2. Click the "Set Values" button.
6.5.16.2 Link Change
Configuration of fault monitoring of status changes on connections
On this page, you configure whether or not an error message is triggered if there is a status change on a network connection.
If connection monitoring is enabled, an error is signaled
● when there should be a link on a port and this is missing.
● or when there should not be a link on a port and a link is detected.
A fault causes the signaling contact to trigger and the fault LED on the device to light up and, depending on the configuration, can trigger a trap, an e-mail, or an entry in the event log table.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
213
Configuring with Web Based Management
6.5 "System" menu
Description
The table has the following columns:
● Port
Shows the available ports.
● Setting
Select the setting from the drop-down list. You have the following options:
– Up
Error handling is triggered when the port changes to the active status.
(From "Link down" to "Link up")
– Down
Error handling is triggered when the port changes to the inactive status.
(From "Link up" to "Link down")
– "-" (disabled)
The error handling is not triggered.
Procedure
1. From the relevant drop-down list, select the options of the slots / ports whose connection status you want to monitor.
2. Click the "Set Values" button.
214
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
6.5.17 PROFINET
Settings for PROFINET
This page shows the PROFINET AR status and the device name.
Description of the displayed boxes
The page contains the following boxes:
● PROFINET Device Diagnostics
Shows whether PROFINET is enabled ("On") or disabled ("Off").
● PROFINET runtime mode for next boot
Set whether PROFINET will be enabled ("On") or disabled ("Off") after the next device restart.
Note
PROFINET and EtherNet/IP
When PROFINET is turned on, EtherNet/IP is turned off. The switchover from PROFINET and EtherNet/IP has no effect on DCP.
Note
PROFINET AR Status
If a PROFINET connection is established; in other words the PROFINET AR status is
"Online", you cannot disable PROFINET.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
215
Configuring with Web Based Management
6.5 "System" menu
● PROFINET AR Status
This box shows the status of the PROFINET connection; in other words whether the device is connected to a PROFINET controller "Online" or "Offline".
Here, online means that a connection to a PROFINET IO controller exists, that this has downloaded its configuration data to the device and that the device can send status data to the PROFINET IO controller. In this status known as "in data exchange", the parameters set via the PROFINET controller cannot be configured.
● PROFINET Name of Station
This box displays the PROFINET device name according to the configuration in HW
Config of STEP 7.
Note
Devices with two Ethernet ports
With devices that have two Ethernet interfaces, only interface P1 should be used for the
PROFINET configuration because LLPD frames can only be sent and received via interface
1. They are blocked at interface P2 and are also not forwarded between the interfaces.
This applies to the following devices:
• SCALANCE W786-2 SFP
•
SCALANCE W774-1 RJ-45
• SCALANCE W774-1 M12 EEC
•
SCALANCE W734-1 RJ-45
SCALANCE W700 and STEP 7
The Ethernet interface can be configured in STEP 7 if the following requirements are met:
● STEP 7 V13 Update 3 with HSP0107 or
● STEP7 version 5.5.4 with GSDML version 2.31
The diagnostics functions can also be used. The WLAN interface cannot be configured with
STEP 7.
216
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
PROFINET for client devices
If a client is to be used as a PROFINET device, the MAC address of the client must be specified as follows (MAC Mode):
● Own
In the network beyond the device, only IP communication and no PROFINET is possible.
● Layer 2 Tunnel
The client and the devices downstream from it can be used as PROFINET devices.
Note
If "Automatic" or "Manual" is configured as the MAC mode for a client, this device cannot be used as a PROFINET device.
6.5.18 EtherNet/IP
EtherNet Industrial Protocol (EtherNet/IP)
On this page, you configure the mode of EtherNet/IP.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
217
Configuring with Web Based Management
6.5 "System" menu
Description
The page contains the following boxes:
● EtherNet/IP Device Diagnostics
Shows whether EtherNet/IP is enabled ("On") or disabled ("Off").
● EtherNet/IP Device Diagnostics for next boot
Set whether EtherNet/IP will be enabled ("On") or disabled ("Off") after the next device restart.
Note
EtherNet/IP and PROFINET
When EtherNet/IP is turned on, PROFINET is turned off. The switchover from EtherNet/IP and PROFINET has no effect on DCP.
Note
PROFINET AR Status
If a PROFINET connection is established; in other words the PROFINET AR status is
"Online", you cannot enable EtherNet/IP.
● Restart with EtherNet/IP Defaults
Click this button to restore the default settings of the EtherNet/IP profile and to restart the device. You must confirm the restart in a dialog box. The dialog box displays these settings specially made for operation with the EtherNet/IP protocol.
NOTICE
By resetting all the settings to the default settings of a profile, the IP address is also lost.
Following this, the device can only be accessed via the serial interface, using the
Primary Setup Tool or using DHCP.
With the appropriate attachment, a previously correctly configured device can cause circulating frames after the reset and therefore the failure of the data traffic.
218
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.5 "System" menu
6.5.19 Ping
Reachability of an address in an IP network
With the ping function, you can check whether a certain IP address is reachable in the network.
Description
The table has the following columns:
● Destination Address
Enter the IPV4, IPv6 address or the FQDN (Fully Qualified Domain Name) of the device.
● Repeat
Enter the number of ping requests.
● DNS resolution
Select the IP address type in which an entered FQDN will be resolved.
– Auto
In this mode, the IP address type is selected automatically.
– IPv4
The entered FQDN will be resolved in an IPv4 address.
– IPv6
The entered FQDN will be resolved in an IPv6 address.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
219
Configuring with Web Based Management
6.5 "System" menu
● Out Interface for IPv6
This selection is only required when the destination address is a multicast or a link local address.
– "-" (factory setting)
– Select the relevant IPv6 interface.
● Ping
Click this button to start the ping function.
● Ping Output
This box shows the output of the ping function.
● Clear
Click this button to empty the "Ping Output" box.
220
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
6.6 "Interfaces" menu
Configuring with Web Based Management
6.6 "Interfaces" menu
6.6.1 Ethernet
6.6.1.1 Overview
Overview of the port configuration
The page shows the configuration for the data transfer for all ports of the device. You cannot configure anything on this page.
Description
The table has the following columns:
● Port
Shows the configurable ports. If you click on the link, the corresponding configuration page is opened.
● Port name
Shows the name of the port.
● State
Shows whether the port is on or off. Data traffic is possible only over an enabled port.
● OperState
Displays the current operational status. The operational status depends on the configured
"Status" and the "Link". The available options are as follows:
– up
You have configured the status "enabled" for the port and the port has a valid connection to the network.
– down
You have configured the status "disabled" or "Link down" for the port or the port has no connection.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
221
Configuring with Web Based Management
6.6 "Interfaces" menu
● Link
Shows the connection status to the network. With the connection status, the following is possible:
– up
The port has a valid link to the network, a link integrity signal is being received.
– down
The link is down, for example because the connected device is turned off.
● Current Transmission Parameters
Shows the transfer parameters of the port.
● MTU (Maximum Transmission Unit)
Shows the packet size.
● Negotiation
Shows whether the automatic configuration is enabled or disabled.
● MAC Address
Shows the MAC address of the port.
6.6.1.2 Configuration
Configuring ports
With this page, you configure the Ethernet port of the device.
222
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.6 "Interfaces" menu
The table has the following rows:
● Port
Select the port to be configured from the drop-down list.
● Status
Specify whether the port is enabled or disabled.
– enabled
The port is enabled. Data traffic is possible only over an enabled port.
– disabled
The port is disabled.
● Port name
Enter a name for the port here.
● MAC Address
Shows the MAC address of the port.
● Mode Type
Note
This parameter cannot be configured for the SCALANCE W760/W720 devices. The value is preset to "Autonegotiation".
● Mode
Shows the transmission speed and the transfer mode of the port.
● Negotiation
Shows whether the automatic configuration of the connection to the partner port is enabled or disabled.
● MTU(Maximum Transmission Unit)
Enter the packet size above which packets are fragmented.
● OperState
Displays the current operational status. The operational status depends on the configured
"Status" and the "Link". The available options are as follows:
– up
You have configured the status "enabled" for the port and the port has a valid connection to the network.
– down
You have configured the status "disabled" or "Link down" for the port or the port has no connection.
● Link
Shows the connection status to the network. The available options are as follows:
– Up
The port has a valid link to the network, a link integrity signal is being received.
– Down
The link is down, for example because the connected device is turned off.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
223
Configuring with Web Based Management
6.6 "Interfaces" menu
Changing the port configuration
Click the appropriate box to change the configuration.
Note
With various automatic functions, the device prevents or reduces the effect on other ports and priority classes (Class of Service) if a port is overloaded. This can mean that frames are discarded even when flow control is enabled.
Port overload occurs when the device receives more frames than it can send, for example as the result of different transmission speeds.
Procedure
Follow the steps below to change the settings:
1. Change the settings according to your configuration.
2. Click the "Set Values" button.
6.6.2 WLAN
6.6.2.1 Basic
Basic settings
On this page, you make several basic settings for the SCALANCE W700 device, for example the country setting and mode.
Note
To configure the WLAN interface, you must always specify the country code first. Some parameters are dependent on the country setting, for example the transmission standard.
224
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.6 "Interfaces" menu
● Country Code
Select the country in which the device will be operated from the drop-down list.
You do not need to know the data for the specific country, the channel division and output power are set by the device according to the country you select.
Note
Locale setting
The correct country setting is mandatory for operation complying with the approvals.
Selecting a country different from the country of use can lead to legal prosecution.
● Device Mode
Select the mode of the device. This selection is available only for access points.
The following operating modes are possible:
– AP: Access point mode
– Client: Client mode
Note
After changing the mode, a message is displayed. If you confirm the message with "OK", the device restarts in the changed mode with the factory-set configuration settings.
If you have restarted the device after changing the mode, you will need to log on again to be able to continue the configuration.
The table has the following columns:
● Radio
Shows the available WLAN interfaces.
● Enabled
Status of the WLAN interface. To enable the WLAN interface, select the check box.
Note
Enabling the WLAN interface
The WLAN interfaces are disabled when the device is supplied. The WLAN interfaces are can be enabled once the country and the antenna settings are configured.
● Radio Mode
Shows the mode of the WLAN interface.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
225
Configuring with Web Based Management
6.6 "Interfaces" menu
● Frequency Band
Specify the frequency band. In client mode, dual-frequency operation is also possible.
– 2.4 GHz
– 5 GHz
– 2.4 GHz + 5 GHz (only in client mode)
Note
Configuring WLAN interfaces of the W786-2IA RJ-45 for different frequency bands
If both WLAN interfaces are configured for the same frequency band on this device, there may be mutual influence or interference. This applies in particular when there is a high data throughput.
● WLAN Mode 2.4 GHz/WLAN Mode 5 GHz
Select the required transmission standard for the configured frequency band. The selection depends on the country setting.
– Auto (only in client mode)
The transmission standard is determined automatically (2.4 GHz + 5 GHz).
– 802.11a
The transmission standard IEEE 802.11a (5 GHz) is set.
– 802.11g
The transmission standard IEEE 802.11g (2.4 GHz) is set. This transmission standard is downwards compatible with IEEE 802.11b
– 802.11n
The transmission standard IEEE 802.11n (2.4 GHz and 5 GHz) is set. This transmission standard is downwards compatible with IEEE 802.11a and IEEE
802.11g.
– 802.11n only
The transmission standard IEEE 802.11n (2.4 GHz and 5 GHz) is set. This transmission standard is downwards compatible with IEEE 802.11a and IEEE
802.11g.
Note
If you select the transmission standard "802.11n", "802.11n only" or "Auto" (only in client mode), you cannot set the threshold value of the fragmentation length see
"Fragmentation Length Threshold" in "Interfaces > WLAN > Advanced".
226
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
● DFS (802.11h)
Enables or disables the "Dynamic Frequency Selection (DFS)" function.
– Enabled if you have enabled this function, additional DFS channels from the 5 GHz band are available to you. These channels are country-specific and are subject to certain DFS regulations.
If the access point discovers a disturbance on the current channel, it changes automatically to an alternative channel and the current channel is blocked for 30 minutes. The disturbance can originate from a primary user or radar interference.
Before the access point starts the communication on a channel it searches 60 seconds for primary users on the channel. During this time the access point does not send beacons. If signals are found on the channel, the access point changes channel and repeats the check. Only when no signals from primary users are detected after 60 seconds does the access point send on a channel.
The access point also searches for primary users during operation.
– Disabled
The DFS function is not used.
● Outdoor Mode
– Enabled
If you have enabled the outdoor mode, you only have the channels available that are permitted for outdoor operation.
– Disabled
If you have disabled the outdoor mode, you only have the channels available that are permitted for operation in a building.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
227
Configuring with Web Based Management
6.6 "Interfaces" menu
● max. Tx Power
Specify the maximum possible transmit power of the device.
If the transmit power is set too high the received signal at the client may be overmodulated. Check the received signal strength at the client (dBm).
It may be necessary to reduce the transmit power depending on the antennas being used to avoid exceeding the maximum legal transmit power. Reducing the transmit power effectively reduces cell size.
Note
The maximum possible transmit power varies depending on the channel and data rate.
For more detailed information on transmit power, refer to the documentation
"Characteristics radio interface".
Note
If both interfaces of access points with two WLAN interfaces are operated in the same frequency range, this may cause wireless interference on one or both interfaces at a transmit power higher than 15 dBm.
● Tx power check
Indicates whether the settings that have been made will violate the permitted transmit power restrictions of the selected country. The following parameters influence this calculation: max. Tx Power, Antenna Gain, Additional Attenuation.
The following displays can appear:
– Allowed
The channels can be used with the current settings.
– Not Allowed (Some Channels)
Among the channels, there are some on which the current transmit power exceeds the maximum permitted transmit power.
– Not Allowed (All Channels)
No permitted operation is possible. The transmit power is too high.
Procedure
1. To configure the WLAN interface, you must always specify the country first. Select the country in which the device will be operated from the "Country Code" drop-down list.
2. Select the required frequency band from the "Frequency Band" drop-down list.
3. From the "WLAN Mode" drop down list, select the required transmission standard for the configured frequency band.
4. Click the "Set Values" button.
228
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
6.6.2.2 Advanced
Further possible settings
On this page, you can specify details of the transmission characteristics. You only need to adapt the parameters on this page if the SCALANCE W700 device cannot be used as it is intended with the default settings.
Description
The table has the following columns:
● Radio
Shows the available WLAN interfaces in this column.
● Beacon Interval [ms] (only in access point mode)
Specify the interval (40 - 1000 ms) at which the access point sends beacons. Beacons are packets that are sent cyclically by an access point to inform clients of its existence.
● DTIM (only in access point mode)
The DTIM interval (1-15) specifies the number of beacons to be sent before the access point sends the collected packets (broadcast, unicast, multicast) to the client.
– If you enter a "1" in this box, the access point transmits broadcast, unicast and multicast packets directly after each beacon (recommended setting for normal network environments).
– If you entered a "5" in this field, this would mean that the access point collects the packets and sends them after every fifth beacon.
Increasing this value allows a longer sleep mode for the clients but means a greater delay for packets.
● RTS/CTS Threshold [Bytes]
RTS/CTS (Request To Send/Clear To Send) is a method for avoiding collisions. The method is based on the exchange of status information prior to sending the actual data
(hidden node problem). To minimize the network load due to additional protocol traffic, this method is used only as of a certain packet size. You specify the packet size with the
"RTS/CTS Threshold" parameter.
● Fragmentation Length Threshold [Bytes]
Specify the maximum packet size transferred on the wireless link. Large packets are divided up into small packets prior to transmission and then reassembled into the original
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
229
Configuring with Web Based Management
6.6 "Interfaces" menu size after they have been received. This can be beneficial if the transmission quality is poor because larger packets are more difficult to transmit. However fragmentation into smaller packets means a poorer throughput.
Note
You can only edit this value if the you have set the transmission standard "802.11g" (2.4
GHz) or "802.11 a" (5 GHz), see "WLAN Mode" in "Interfaces > WLAN > Basic".
● HW Retries
Specify the number of hardware retries. The hardware repetition is performed by the
WLAN chip itself when it tries to repeat an unacknowledged packet immediately.
If all hardware repetitions were unsuccessful, the packet is deleted.
230
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
● Multi Radar Detection (only in access point mode)
– Enabled
This function is only available if you have enabled the "DFS" function on the "Basic" page.
This function is suitable for systems with several access points connected via an
Ethernet network and that send on the same channel.
When an access point detects a radar signal it distributes this information to all connected access points. If at least one further access point verifies the radar signal within 40 ms, all connected access points are informed. All the devices sending on this channel change to a different channel. The channel is blocked for 30 minutes for the access points in the network.
If you have configured "Auto" for the channel on the "Interfaces > WLAN >AP" page, the function cannot be used reliably. In this case the verification of the radar signals is only possible when at least two connected access points happen to transmit on the same channel. If only one access point detects a signal on a channel, it treats this as a valid radar signal.
– Disabled
The function is not used. When an access point detects a radar signal it changes to another channel.. The configured channel is no longer taken into account.
● Prefer Configured DFS Channel (only in access point mode)
– Enabled
This function is only available if you have enabled the "DFS" function on the "Basic" page.
If the configured channel of a WLAN interface was blocked due to radar detection and is released again after 30 minutes the access point changes automatically to the configured channel.
Before the access point starts the communication on the configured channel it searches 60 seconds for primary users on the channel. During this time the access point does not send beacons. If signals are found on the channel, the access point changes channel and repeats the check. Only when no signals from primary users are detected after 60 seconds does the access point send on the channel.
If you have configured "Auto" for the channel on the "Interfaces > WLAN > AP" page, the device does not have a configured channel to which it can return.
– Disabled
The function is not used.
Procedure
1. Enter the values to be set in the input boxes as follows.
2. Select the option checkmarks of the required functions.
3. Click the "Set Values" button.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
231
Configuring with Web Based Management
6.6 "Interfaces" menu
Antennas 6.6.2.3
Overview
Overview of IWLAN antennas:
232
The antenna name provides information about the properties of the antennas listed in the
IWLAN antenna overview:
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Antennas
Configuring with Web Based Management
6.6 "Interfaces" menu
Configuration of external antennas
On this page, you configure the settings for the connected external antenna.
Note
Transmission disruptions without an antenna connected
The antenna R1A1 must be always be connected as soon as the associated WLAN Interface is turned on. If no antenna is connected, the relevant interface must also be disabled for Rx and Tx. Otherwise, there may be transmission disruptions.
Description of the displayed boxes
The table has the following columns:
● Connector
Shows the name of the antenna connector.
● Antenna Type
Select the type of external antenna connected to the SCALANCE W700 device. If the type of your antenna is not available, select the entry "User defined".
● Antenna Gain
If you select the "User defined" entry for the "Antenna Type", enter the antenna gain manually in the "dBi" unit.
– Antenna Gain 2.4 GHz [dBi]
Here, enter the antenna gain the antenna has in the 2.4 GHz frequency band.
– Antenna Gain 5 GHz [dBi]
Here, enter the antenna gain the antenna has in the 5 GHz frequency band.
● Cable Length [m]
Enter the length of the flexible antenna connecting cable in meters between the
SCALANCE W700 device and the external antenna.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
233
Configuring with Web Based Management
6.6 "Interfaces" menu
● Additional Attenuation [dB]
Here, specify the additional attenuation caused, for example, by an additional splitter or a long antenna cable.
● Antenna Mode
For the antenna connector R1 A1, the entry Rx\Tx (transmit and receive) cannot be changed.
Steps in configuration
To configure one or more antennas, follow the steps below:
1. For the antenna connector (R1 A1) in the "Antenna Type" drop-down list, select the type of antenna.
2. In the "Cable Length" input box, enter the length of the connecting cable you are using in meters. For the antenna connector R1 A1, the "Antenna Mode" cannot be changed.
3. Click the "Set Values" button.
6.6.2.4 Allowed Channels
Channel settings
For communication, a specific channel within a frequency band is used. You can either set this channel specifically or configure so that the channel is selected automatically.
On this page, you specify which channels may be used for communication.
234
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Procedure
Configuring with Web Based Management
6.6 "Interfaces" menu
Table 1 contains the following columns:
● Radio
Shows the available WLAN interfaces.
● Use Allowed Channels only
If you enable the option, you restrict the selection of channels via which the AP or the client is allowed to establish the connection.
In the following tables, you define the
– channels that the AP can use to establish a wireless cell when the "Auto" channel setting is enabled.
– the channels on which the client searches for an AP.
The tables are divided up according to frequency bands.
If the option is disabled, the channels available based on the settings (country code, antennas, transmit power etc.) are used.
Above the tables for the frequency bands, you will find the following check box:
● Select / Deselect all
– Enabled
If you enable the check box, all channels are selected.
– Disabled
If you deselect the check box, the first valid channel of the frequency band remains enabled. Enable the required channel.
The tables of the frequency bands have the following columns:
● Radio
Shows the available WLAN interfaces.
● Radio Mode
Shows the mode.
● Channel number
To specify the valid channels for the required frequency band, select the appropriate check box for the channel number.
The table displays the permitted channels of the country. Only the valid channels can be enabled. Invalid channels are grayed out and cannot be enabled.
Note
To specify the channels, the setting "Use Allowed Channels only" must be enabled.
1. Select the "Use Allowed Channels only option for the required WLAN interface.
2. Deselect the check box "Select / Deselect all".
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
235
Configuring with Web Based Management
6.6 "Interfaces" menu
3. Select the relevant check box for the required channel number.
4. Click the "Set Values" button.
6.6.2.5 802.11n
Properties of 802.11n
With the IEEE 802.11n standard, it is possible to put together individual data packets in one larger data packet, the A-MPDU and A-MSDU data packets. This achieves a higher data throughput.
On this page, you make the settings for the A-MPDU and A-MSDU data packets. Some of the settings depend on the set transmission standard and the selected channel width.
Description
The table has the following columns:
● Radio
Shows the available WLAN interfaces.
● A-MPDU
Aggregated MAC Protocol Data Unit (A-MPDU)
Enables or disables that several MPDUs with the same destination address are sent as a large A-MPDU. This allows the total throughput to be increased.
If this check box is disabled, A-MPDU data packets are received but not sent.
● A-MPDU Limit [Frames]
Specify the number of individual data packets grouped together in one A-MPDU data packet.
Range of values: 2 - 64 frames
● A-MPDU Limit [Bytes]
Specify the maximum size of the A-MPDU data packet. Range of values: 1024 - 65535 bytes
236
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
● A-MSDU
Aggregated MAC Service Data Unit (A-MSDU)
Enables or disables that several MSDUs with the same destination address are bundled into an A-MSDU and are sent together. This reduces the network load. Due to their shorter maximum length A-MSDUs are more suitable for the bundling of several shorter frames.
If this check box is disabled, A-MSDU data packets are received but not sent.
● A-MSDU Packet Size [Bytes]
Specify the maximum size of the A-MSDU data packet.
Range of values: 50 - 200
● Guard Interval [ns] (only in access point mode)
Select the send pause that must be kept to between two transmitted OFDM symbols.
The following settings are possible. The selection depends on the selected transmission standard.
– 400 (short): The send pause is 400 ns
– 800 (long): The send pause is 800 ns.
Procedure
Configure 802.11n settings on the access point
1. Enable the "A-MPDU" option.
2. Enter the required values in the "A-MPDU Limit [Frames]" and "A-MPDU Limit [Bytes]" input boxes.
3. Select the "A-MSDU" option.
4. Enter the required value in the "A-MSDU Packet Size" input box.
5. Select the required value from the "Guard Interval [ns]" drop-down list.
6. Click the "Set Values" button.
Configure 802.11n settings on the client
1. Enable the "A-MPDU" option.
2. Enter the required values in the "A-MPDU Limit [Frames]" and "A-MPDU Limit [Bytes]" input boxes.
3. Select the "A-MSDU" option.
4. Enter the required value in the "A-MSDU Packet Size" input box.
5. Click the "Set Values" button.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
237
Configuring with Web Based Management
6.6 "Interfaces" menu
6.6.2.6 AP
Configuration
On this page, you specify the configuration for the access point.
Note
This tab is available only in access point mode.
Description
Table 1 has the following columns:
● Radio
Shows the available WLAN interfaces in this column.
● Channel
Specify the main channel.
If you want the access point to search for a free channel itself, use "Auto". The selection of channels used by an access point when establishing a wireless cell can be restricted.
To do this, select the "Use Allowed Channels only" check box on the "Allowed Channels" tab.
.If you want to use a fixed channel, select the required channel from the drop-down list.
238
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
● Alternative DFS Channel
If you have enabled the "DFS" function, on the "Basic" page, specify the alternative channel here. If you want the access point to search for a free channel itself, use "Auto".
If a primary user was detected both on the main and alternative channel, the access point automatically searches for a free channel.
If you want to use a fixed channel, select the required channel from the drop-down list.
● HT Channel Width [MHz]
You can specify the channel bandwidth only with the IEEE 802.11n transmission standard.
The following settings are possible.
– 20
Channel bandwidth 20 MHz
– 40up
Channel bandwidth 40 MHz. The configured channel and the neighboring channel above it are used.
– 40down
Channel bandwidth 40 MHz. The configured channel and the neighboring channel below it are used.
Note
Channel bandwidth 40 MHz and frequency band 2.4 GHz
If the access point detects another access point on the configured channel or on neighboring channels, the access point changes the channel bandwidth from 40 MHz to 20 MHz. If you set a "free" channel on the access point, the access point uses the channel bandwidth 40 MHz.
Table 2 has the following columns:
● Radio
Shows the available WLAN interfaces in this column.
● Available Channels
This box displays the permitted channels. The display depends on the wireless approvals of the currently selected country and the settings for "Allowed Channels".
Table 3 has the following columns:
● Radio
Shows the WLAN interface.
● Port
Shows the VAP interface.
● Enabled
To use the required VAP interface, select this check box.
● SSID
Enter the SSID of the WLAN. The length of the character string for SSID it is 1 to 32 characters.
The ASCII code 0x20 to 0x7e is used for the SSID.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
239
Configuring with Web Based Management
6.6 "Interfaces" menu
● Broadcast SSID
– disabled
The SSID is no longer sent in the beacon frame of the access point. This means that the SSID is not visible for other devices. Only clients that know the SSID of the access point and that are configured with it can connect to the access point. The "SSID only" option must be disabled on these clients.
– enabled
The SSID is sent in the Beacon frame of the access point and is visible for other devices. This means that clients on which the "Any SSID" option is enabled can also connect to the access point.
Note
Since no encryption is used for the SSID transfer, this function can only provide basic protection against unauthorized access. The use of an authentication method (for example WPA2 (RADIUS) or WPA2-PSK if this is not possible) provides higher security.
You must also expect that end devices may have problems with access to a hidden
SSID.
● WDS only
If you enable this option, the access point only supports communication via WDS. In
WDS mode, all access points must use the same channel.
● WDS ID
Enter the WDS ID. The WDS ID can be a maximum of 32 characters long.
To establish a WDS connection, enter this WDS ID on the WDS Partner.
ASCII code 0x20 to 0x7e is used for the WDS ID.
Procedure
1. Select the required channel from the "Channel" drop-down list.
2. Enter network name in the "SSID" input box for the corresponding WLAN interface and port.
3. For the relevant WLAN interface and the port, select the "Enabled" check box.
4. Click the "Set Values" button.
240
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
6.6.2.7 AP WDS
Communication between access points
In normal operation, the access point is used as an interface to a network and communicates with clients. There are, however, situations in which several access points need to communicate with each other, for example to extend wireless coverage or to set up a wireless backbone. This mode is possible with WDS (Wireless Distributed System).
Note
This tab is available only in access point mode.
Description
The table has the following columns:
● Radio
Shows the available WLAN interfaces in this column.
● Port
Shows the port.
● Port enabled
Enables the WDS interface.
● Connection over
Specify the VAP interface via which the WDS connection is established. Both the MAC address of the VAP as well as security settings (for example WPA2) are used.
● Partner ID Type
Specify the type of WDS communication.
– MAC Address
The MAC address is used. The "Partner WDS ID" input box is grayed out. For "Partner
MAC", enter the MAC address of the WDS partner.
– WDS ID
The WDS ID is used. The "Partner MAC" input box is grayed out. For "Partner WDS
ID" enter the WDS ID od the WDS partner.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
241
Configuring with Web Based Management
6.6 "Interfaces" menu
● Partner MAC
Enter the MAC address of the WDS partner.
● Partner WDS IDEnter the WDS ID of the WDS partner.
For the WDS ID ASCII code 0x20 to 0x7e is used.
Note
Matching security settings in WDS mode
In WDS mode, make sure that the security settings match up for all devices involved. If settings are incorrect or not compatible on the individual devices, no data exchange is possible due to incorrect authentication. Avoid the "Auto" setting in the "Security Settings" tab of the Basic Wizard, because with this setting, synchronization of the security settings between the access points is not possible.
Note
In WDS operation, the following restrictions apply to all access points involved:
• All access points that will communicate with each other must use the same channel, the same transmission procedure and the same data rate.
•
You can select either WEP or WPA(2)-PSK as the encryption method.
You configure the security settings in the assigned VAP interface: "Security > WLAN >
Basic"
You cannot use authentication with a RADIUS server for a WDS connection.
•
In the IEEE 802.11h transmission mode, it is not practical to select the WDS mode. In
WDS mode, all access points must use the same channel. If a signal from a primary user is detected by an access point, the channel is changed automatically and the existing connection is then terminated.
Procedure
1. Select the required VAP interface from the "Connection over" drop-down list.
2. Select the entry "WDS ID" in the "Partner ID Type" drop-down list.
3. In the "WDS ID" input box, enter the WDS ID of the WDS partner. The "MAC Address" input box is grayed out.
4. Click the "Set Values" button.
242
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
6.6.2.8 AP 802.11a/b/g Rates
Data transmission speeds with IEEE 802.11a/b/g
Note
The tab is available only in access point mode.
The WBM page can only be configured if "802.11a", "802.11g" or "802.11n" is set for the
WLAN mode.
The WBM page shows the available data transmission speeds for the WLAN mode
802.11a/b/g. If necessary, you can change the data transmission speeds. Otherwise, we recommend that you retain the default setting for data transmission speeds. The access point will then use only the selected data transmission speeds for communication with the clients.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
243
Configuring with Web Based Management
6.6 "Interfaces" menu
Description
Table 1 has the following columns:
● Radio
Specifies the WLAN interface to which the information relates.
● Use selected data rates only
If you select this option, you can specify the data transmission speeds for the required
WLAN interface.
If this option is disabled, the default values are used. As default, this option is disabled.
Radio"drop down list"
In this drop-down list, select the WLAN interfaces displayed in Table 3 (Data Rate).
With Table 2, you can enable or disable all check boxes of a column of Table 3 (Data Rate) at once. Table 2 has the following columns:
● All data rates settings
Shows that the setting is valid for all entries in Table 3.
● Enabled / Basic
In the drop-down list, select the setting for all entries. If "No Change" is selected, the entry in table 3 remains unchanged.
● Transfer to table
If you click the button, the setting is adopted for all entries of table 3.
Table 3 (Data Rate) consists of the following columns:
● Radio
Specifies the WLAN interface to which the information relates.
● Data Rate [Mbps]
Shows the supported data transmission speeds in megabits per second.
● Enabled
Enable the option to assign the required data transmission speed to the WLAN interface.
Note
You need to enable at least one data transmission speed.
● Basic
Enable the option to declare the required data transmission speed as "Basic". The "Basic" parameter specifies that a client must be capable of this speed to be able to connect to the access point. The "BasicBasic" option can only be enabled if an available data transmission speed has been selected.
Note
At least one data transmission speed needs to be specified as "Basic".
"Default Values" button
The "Default Values" button sets the selection of the values in compliance with the standard.
244
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Procedure
Configuring with Web Based Management
6.6 "Interfaces" menu
To configure a certain data transmission speed on WLAN 1:
1. Enable the "Use selected data rates only'" option for "WLAN 1".
2. From the "Radio" drop-down list, select the entry "WLAN 1".
3. Select the appropriate check box in the "Enabled" column and in the "Basic" column for the required data transmission speed.
4. Click the "Set Values" button.
To reset the selection:
1. Click the "Default Values" button. The selection is reset to the default setting.
6.6.2.9 AP 802.11n Rates
Data transmission speeds in IEEE 802.11n
Note
The tab is available only in access point mode.
The WBM page can only be configured if "Only 802.11n" or "802.11n is set forWLAN Mode.
The WBM page shows the available data transmission speeds (MCS = Modulation and
Coding Schemes) for the WLAN mode 802.11n. You can select any combination of these data transmission speeds. The access point will then use only the selected data transmission speeds for communication with the clients.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
245
Configuring with Web Based Management
6.6 "Interfaces" menu
Description
Table 1 has the following columns:
● Radio
Specifies the WLAN interface to which the information relates.
● Use selected data rates only
If you select this option, you can specify the data transmission speeds for the required
WLAN interface.
If this option is disabled, the default values are used. As default, this option is disabled.
Drop-down list "Radio"
In this drop-down list, select the WLAN interfaces displayed in Table 3 (MCS Index).
With Table 2, you can enable or disable all check boxes of a column of Table 3 (MCS Index) at once. Table 2 has the following columns:
● All data rates settings
Shows that the setting is valid for all entries in Table 3.
● Enabled
In the drop-down list, select the setting for all entries. If "No Change" is selected, the entry in table 3 remains unchanged.
● Transfer to table
If you click the button, the setting is adopted for all entries of table 3.
246
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
Table 3 (MCS Index) consists of the following columns:
● Radio
Specifies the WLAN interface to which the information relates.
● MCS Index
Shows the supported MCS indexes. The displayed MCS indexes depend on the settings
"Antenna Type" and "Antenna Mode". You will find the settings in "Interfaces > WLAN >
Antennas". If, for example, you only use one antenna, only the MCS 0 to 7 are displayed.
● Streams
Shows the maximum possible number of parallel data streams that can be transmitted with the selected MCS index.
● Data Rate[Mbps]
Shows the supported data transmission speeds in megabits per second. The displayed data transmission speeds depend on the settings "Guard Interval" and "HT Channel
Width". You will find the setting "HT Channel Width in "Interfaces > WLAN > AP". The
"Guard Interval" setting can be found in "Interfaces > WLAN > 802.11n"
● Enabled
Enable the option to assign the required data transmission speed to the WLAN interface.
Note
You need to enable at least one MCS index.
"Default Values" button
The "Default Values" button sets the selection of the values in compliance with the standard.
Procedure
To configure a certain data transmission speed on WLAN 1:
1. For "WLAN 1" enable the "Use selected data rates only'" option.
2. From the "Radio" drop-down list, select the entry "WLAN 1".
3. Select the corresponding check box in the "Enabled" column for the selected MCS index.
4. Click the "Set Values" button.
To reset the selection:
1. Click the "Default Values" button. The selection is reset to the default setting.
Or
1. Disable the "Use selected data rates only'" option in Table 1.
2. Click the "Set Values" button.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
247
Configuring with Web Based Management
6.6 "Interfaces" menu
6.6.2.10 Client
Connecting to a network
On this WBM page, you can specify how the SCALANCE W700 device connects to a network as client.
Note
This WBM page is only available in client mode.
Note
WLAN interface disabled
The WLAN interface will be disabled unless at least one SSID is configured or the setting
"Any SSID" is enabled.
248
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.6 "Interfaces" menu
Table 1 has the following columns:
● Radio
Shows the available WLAN interfaces.
● MAC Mode
Specify how the MAC address is assigned to the client. The following are possible:
– Automatic
The client automatically adopts the source MAC address of the first frame that it receives over the Ethernet interface.
– Manual
If you select "Manual", enter the MAC address in the "MAC Address" column.
– Own
The client uses the MAC address of the Ethernet interface for the WLAN interface.
– Layer 2 Tunnel
The client uses the MAC address of the Ethernet interface for the WLAN interface.
The network is also informed of the MAC addresses connected to the Ethernet interface of the client. Up to eight MAC addresses can be used.
● MAC Address
If you have selected "Manual" for "MAC Mode", enter the MAC address of the client.
● Any SSID
– Enabled
In client mode the SCALANCE W700 device attempts to connect to the access point that corresponds to the security settings of security context 1. The clients can only connect to the access point on which the "Broadcast SSID" option is enabled.
– Disabled
The client attempts to connect to the access point from the SSID list whose security settings match one of the defined security contexts.
● DHCP Renew After Roaming
– Enabled
After changing to a different access point, a check is made to find out whether the
IPv4 address of the client is still valid. If he IPv4 address is invalid, a new IPv4 address is requested from the DHCP server.
– Disabled
If the client changes to a different access point the IPv4 address is not checked.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
249
Configuring with Web Based Management
6.6 "Interfaces" menu
● Roaming Threshold
Specify the threshold after which the client roams to the new access point.
– High
Changes only at a significantly higher field strength to the AP with the stronger signal.
– Medium
Changes at a moderately higher field strength to the AP with the stronger signal.
– Low
Changes at a slightly higher field strength to the AP with the stronger signal.
● Background Scan Mode
While the client is connected to an access point, it scans for other access points in the background with which it can connect when necessary. Specify the mode for the scan.
The following options are available:
– always
If the background scan threshold is undershot, the client searches continuously for access points.
– idle
If there is no data traffic for a certain time, a scan is started for further access points.
– disabled
As long as the client is connected, there is no scan for further access points.
● Background Scan Interval [ms]
Specify the interval at which further access points are scanned.
● Background Scan Threshold [dBm]
Specify the threshold. If the threshold is undershot, the client searches for further access points.
Table 2 has the following columns:
● Radio
Shows the WLAN interface.
● Scan Channels
Shows the channels on which the client searches for an access point. The display depends on the wireless approvals of the selected country and the settings for "Allowed
Channels".
Table 3 has the following columns:
● Enabled
Enables or disables the relevant SSID.
● Radio
Shows the WLAN interface.
250
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
● SSID
Enter the SSID of the access point with which the client will connect.
For the SSID, ASCII code 0x20 to 0x7e is used.
● Security
Select a security context. You create and configure a security context in "Security >
WLAN > Basic".
Default setting: Context 1
Note iPCF or iPCF-MC mode activated
If the iPCF or iPCF-MC mode is enabled, you can only select security context 1.
Procedure
6.6.2.11
1. From the "MAC Mode" drop-down list, select the required assignment of the MAC address.
2. In table 3, enter an SSID for "SSID".
3. Select a security context.
4. Enable the required SSID.
The "Any SSID" function is disabled.
5. Click the "Set Values" button.
Force roaming
Note
The WBM page is only available in access point mode.
If the interface is no longer available (cable break, network component faild, connector removed), a client connected over the wireless network is not aware of this. The access point can force the logged-on clients to roam by deactivating the relevant interface.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
251
Configuring with Web Based Management
6.6 "Interfaces" menu
On this page you specify when roaming is performed.
● On connection abort
If the wired Ethernet interface is no longer available the WLAN interface is turned off. The clients roam and then connect to a different access point. As soon as the first access point reaches the server again it switches its WLAN interfaces active again.
● When the destination address is unreachable.
Roaming depends on destination addresses. To monitor the device sends pings to the configured destination addresses at regular intervals.
– VAP interface monitored using a destination address
If no ping response is received from this destination address, the access point turns the relevant VAP interface off.
– VAP interface monitored using several destination addresses
Only when no ping response is received from any of these destination addresses does the access point turn the relevant VAP interface off. As long as at least one destination address is reachable, the VAP interface remains active.
The access point sends a disassociation frame to the WAN clients connected via this
VAP interface. The WLAN clients roam and connect to a different VAP interface. If the address becomes reachable again, the connection can be established again via this VAP interface.
Description
Table 1 has the following columns:
● Radio
Shows the available WLAN interfaces.
● Force roaming on link down
When enabled if there is a connection abort via the Ethernet interface, the WLAN interface is turned off.
252
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
The table "Force Roaming on IP down"has the following columns:
● Select
Select the check box in the row to be deleted.
● Dest. IP
Enter the IPv4 address or the FQDN (Fully Qualified Domain Name) of the destination whose reachability will be checked.
Note
Destination address not in the agent IP subnet
If the destination address is not in the agent IP subnet, a gateway must be entered for
"Layer 2 > Agent IP".
The Base Bridge mode "802.1Q VLAN Bridge"
If you have configured the "Based Bridge Mode" "802.1Q VLAN Bridge" in "Layer 2 >
VLAN", pings are sent into the management VLAN.
● Interval [ms]
Specify the interval at which pings are sent.
● Max. Lost Packets
Specify the maximum number of consecutive lost ping responses. When this number is reached for a destination address, this destination address counts as being unreachable
(down).
● VAP X.Y
Specify which VAP interface will be monitored.
Procedure
Creating force roaming
1. Click the "Create" button.
2. Make the following settings:
– Destination address
– Interval
– Max. Lost Packets
3. Specify which destination address the VAP interface will be monitored with.
4. Click the "Set Values" button.
Deleting force Roaming
1. Select the check box in the row to be deleted.
2. Click the "Delete" button. The entries are deleted and the page is updated.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
253
Configuring with Web Based Management
6.6 "Interfaces" menu
6.6.2.12 Signal recorder
Recording the effective user signal
The signal recorder is used to record the effective user signal between access point and client. Using this data, you can locate areas with an inadequate user signal. The signal recorder can be particularly useful when the client moves along a fixed path.
Note
This WBM page is only available in client mode.
The WLAN interface of the SCALANCE W700 device must be enabled, otherwise no recording is possible.
254
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.6 "Interfaces" menu
The display is divided into two areas.
● Client
Displays the measurement on the client.
● Access point
Displays the measurement of the access point with which the client is currently connected. This requires that the setting "Bidirectional Recording" is enabled and that a firmware version > 6.1 is installed on the access point. The access point sends its data to a maximum of 3 clients on which signal recorders are running. The access point data is not displayed on other clients.
Both areas each contain two graphics.
The first graphic contains the following elements:
● Scroll bar
With the scroll bar, you can look through the entire measurement. To do this you can use the "<<" and ">>" buttons or the arrow keys on the keyboard.
● Bar (left)
In the bar on the left-hand side the user signal of the client / access point is displayed in real time according to the color scheme. The gray line shows the background noise.
If the client has an iPCF-MC connection, the user signal of the management channel is shown with a black line.
● Color scheme
The range > -35 dBm (blue) is the overmodulation range, in other words the WLAN signal is too strong and is received overmodulated. As of approximately -60 dBm (yellow) the
WLAN signal is weaker.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
255
Configuring with Web Based Management
6.6 "Interfaces" menu
● x axis
The x axis shows the course of the measurement in random samples and seconds.
● Measurement data
– Client
The measurement data shows the value of the effective user signal according to the color scheme shown. The gray line shows the background noise.
If the client changes access points during a measurement (roaming) or reconnects, this is displayed by a vertical black line. On the line the previous AP system name and the BSSID are shown.
If during a measurement the client has no connection to an access point, no user signal is displayed. To make it clear that there is no connection to an access point, the
BSSID is set to 00:00:00:00:00:00 and shown in red.
If the client has an iPCF-MC connection, the user signal of the management channel is shown with an additional black line.
– Access point
The measurement data shows the value of the effective user signal according to the color scheme shown. The gray line shows the background noise.
If the client changes access points during a measurement (roaming) or reconnects, this is displayed by a vertical black line.
If the access point does not support the setting "Bidirectional Recording" no user signal is displayed
The second graphic contains the following elements:
● Bar (left)
In the bar on the left-hand side the transfer attempts and the data rate of the client / access point are displayed according to the color scheme.
● Color scheme
The range > -35 dBm (blue) is the overmodulation range, in other words the WLAN signal is too strong and is received overmodulated. As of approximately -60 dBm (yellow) the
WLAN signal is weaker. The individual colors are described again under the graphic.
256
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
● x axis
The x axis shows the course of the measurement in random samples and seconds.
● Measurement data
– Client
The measurement data shows the transfer attempts according to the color scheme shown. The transfer attempts are shown as a bar. The data rate of the sent data packets is represented as a line. If the client changes access points during a measurement (roaming) or reconnects, this is displayed by a vertical black line.
– Access point
The measurement data shows the transfer attempts according to the color scheme shown. The transfer attempts are shown as a bar. The data rate of the sent data packets is represented as a line.
If the client changes access points during a measurement (roaming) or reconnects, this is displayed by a vertical black line. If the access point does not support the setting "Bidirectional Recording" no data is displayed
Beside the graphics the following values are displayed:
● Current Sample
The number of the current measurement
● CL Signal [dBm] / AP Signal [dBm]
The effective user signal of the client / access point in dBm
● CL Noise Floor [dBm] / AP Noise Floor [dBm]
The background noise of the client / access point in dBm
● CL Retries [%] / AP Retries [%]
The transfer repetitions of the client / access point as a percentage.
● CL RSSI / AP RSSI
The raw value of the RSSI (Received Signal Strength Indication) of the client / access point
● CL TX Rate [Mbps] / AP TX Rate [Mbps]
The average data rate of the sent data packets during the current random test
● AP System Name
The system name of the access point
● Client Count
Number of clients connected to the access point.
● BSSID
The BSSID (Basic Service Set Identification)
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
257
Configuring with Web Based Management
6.6 "Interfaces" menu
● Operative Channel
The current channel or the channel on which the client is connected to the access point
● Roaming Counter
The roaming counter shows how often the client has changed the access point. After
99999 changes the counter is reset.
This table contains the following columns:
● Radio
Shows the WLAN interface to which the information applies. Since a client has a WLAN interface, there is only ever one row for "WLAN 1" in this table.
● Interval [ms]
Specify the time interval between acquiring two measured values in milliseconds.
● Samples
Specify how many measurements should be made.
● Endless
If you enable the option check mark, the number of measurements is unlimited The
"Samples" box is grayed out . The signal recorder runs until it is stopped manually or the device is reconfigured.
You can only select this option starting at a time interval ≥ 10 milliseconds.
● Bidirectional Recording
If you enable the setting the values of the access point as of a time interval of ≥ 10 milliseconds.
● Start
Click the button in this column to start recording the wanted signal.
Note
•
If you start a new recording, the previous recording will be overwritten.
• If the recording has lasted less than 10 minutes and has not yet been completed (e.g. due to a restart or power down), the measured values are deleted.
The signal recorder saves the recorded data automatically every 10 minutes. Following a restart, the recording contains all the values up to the last save action.
● Stop
Click the button in this column to stop recording the wanted signal prematurely. If the specified number of measurements has been made, recording of the user data signal stops automatically.
● Displayed Samples
Select how many measured values will be shown in the graphic.
258
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Notes on usage
Note the following tips that will help you to obtain useful measurements with the signal recorder:
● Set a fixed data rate on the access point.
● If you have activated iPCF, set as low a cycle time on the access point as possible for the measurements.
● Make sure that there is enough data communication during the measurement because the statistics functions evaluate incoming data frames.
● The measurement path should be traveled 2 to 3 times with the same parameters to find out whether losses of of the user data signal always occur at the same position.
● Selective measurements at a fixed position should be made over a longer period of time.
Procedure
Configuring with Web Based Management
6.6 "Interfaces" menu
1. Enter the time interval between two measurements.
2. Enter the number of random tests.
3. Reduce the number of random tests displayed.
4. Click the "Start" button.
5. To stop the recording, click the "Stop" button.
6. Change to one of the following menu items to call up the result of the recording:
– System > Load&Save > HTTP
Click the "Save" button in the "WLANSigRec" table row to save the file
"signal_recorder_SCALANCE_W700.zip" in the file system of the connected PC.
– System > Load&Save > TFTP
If necessary, change the file name "signal_recorder_SCALANCE_W700.zip" in the
"WLANSigRec" table row. In the table row "WLANSigRec", select the "Save file" entry from the drop-down list of the last column and click the "Save Values" button.
7. The ZIP file contains two files with the results of the recording:
– A PDF file
– A CSV file
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
259
Configuring with Web Based Management
6.6 "Interfaces" menu
Measurement results
PDF file
The PDF file contains a graphic representation of the course of the effective user data signal in dBm and the course of the data rate in Mbps. In terms of color, the graphic corresponds to the appearance in the Web Based Management. If the client changes the access point
(roaming) during the measurement, this is indicated by vertical black bars with a black square at the tip. The display is divided into two areas:
● Client
Displays the measurement of the client.
● Access point
Displays the measurement of the access point with which the client is currently connected. This requires that the setting "Bidirectional Recording" is enabled and that a firmware version > 6.1 is installed on the access point. The access point sends its data to a maximum of 3 clients on which signal recorders are running. The access point data is not displayed on other clients.
If the client has an iPCF-MC connection, the user signal of the management channel is shown with an additional black line.
Below the graphic, the configuration data of the client is displayed.
The following pages contain the detailed information of all individual measurements in the form of a table. The header row shows the IP address of the client and the BSSID and system name of the access point. The footer row shows a legend of the abbreviations in the table. The data starts on a new page when the client changes access points.
Note
Note the description of the individual columns in the CSV file. These also apply to the columns of the PDF file.
260
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
261
Configuring with Web Based Management
6.6 "Interfaces" menu
262
CSV file
The CSV file contains information on the configuration of the SCALANCE W700 device and detailed information on all individual measurements and is divided into two areas. The first area contains the configured settings:
● System Name
The system name of the client
● Device IP
The IP address of the client
● Device MAC
The MAC address of the client
● Recording Interval
The interval between acquisition of two measured values
● Recorded Samples Client / Access Point
The total number of measured values of the client / access point.
● Max. TX Rate
The maximum data rate of the sent data packets.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
● Max. RX Rate
The maximum data rate of the received data packets.
● Rx Antenna x type
The setting of the external antennas
The second area is a table. The table contains the following for each measured value:
● Sample CL / AP
The current number of the measurement on the client (CL) / on the access point (AP)
● Timestamp
The time stamp
● BSSID
The BSSID (Basic Service Set Identification) of the access point
● Sig% CL / AP
The effective user data signal of the client (CL) / access point (AP) in %
● dBm CL / AP
The effective user data signal of the client (CL) / access point (AP) in dBm
● NF CL / AP
The background noise in dBm
● RSSI CL / AP
The raw value of the RSSI (Received Signal Strength Indication)
● Roam
The roaming counter shows how often the client has changed the access point. After
99999 changes the counter is reset.
● Retry CL / AP
The transfer repetitions of the client (CL) / access point (AP)
● Ch
The current channel or the channel on which the client is connected to the access point
● CL Cnt
Number of clients connected to the access point.
● HT-40
The channel bandwidth 40 MHz
● Scan
The channel on which the client is currently scanning.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
263
Configuring with Web Based Management
6.6 "Interfaces" menu
● TX-Rate
The average data rate of the sent data packets
● RX-Rate
The average data rate of the received data packets
Note
The columns that relate to the management channel only contain a value if there is an iPCF-
MC connection.
● M-Ch
The management channel
● M-Sig
The effective user data signal of the management channel
● M-NF
The background noise of the management channel
● AP System Name
System name of the access point
264
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
6.6.2.13 Spectrum analyzer
Technical information
The frequency range depends on the configuration.
Parameters
Amplitude accuracy
Resolution bandwidth
Min. signal strength
Max. signal strength
Analysis time
Update time
In 2.4 GHz
In 5 GHz
At 40 MHz
At 20 MHz
Value
3 dBm
7 dBm
330 KHz
-100 dBm
0 dBm
120 ms
95 ms
1 s.
Representing signals of the frequency range
With the spectrum analyzer you can recognize and represent the electromagnetic signals of a frequency range. You can measure the strength of all signals located in the environment of the access point.
Note
This WBM page is only available in access point mode.
The WLAN interface of the device must be enabled, otherwise the frequency ranges cannot be scanned.
Note
We recommend that you do not use the spectrum analyzer in the change mode "Manual
Commit".
Note
When the spectrum analyzer is started, all WLAN connections are terminated on both WLAN interfaces. The access point then also does not send any beacons.
Note
Do not enable the spectrum analyzer if the device is operating productively. This can influence the performance of the device.
Note
The functionality of the spectrum analyzer does not replace a dedicated spectrum analyzer.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
265
Configuring with Web Based Management
6.6 "Interfaces" menu
Description
The page contains the following graphics:
266
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
In all graphics, the lower x axis shows the channels around the selected center frequency for which the measurements are made. The upper x axis shows the frequency range. The display of the y axis depends on the selected graphic.
● Realtime
The y axis shows the signal strength in dBm.
The graphic shows the strength of all signals that the access point receives in its environment in the configured frequency range.
The red line shows the maximum values since the start of the measurement. The white line shows the current values. The green line shows the average values.
● Spectrogram
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
267
Configuring with Web Based Management
6.6 "Interfaces" menu
268
The y axis shows the course of the measured values over time from current (0 s) to the values received before 500 s.
The graphic shows the strength of all signals that the access point receives in its environment in the configured frequency range.
The color depends on the setting for "Color Scheme".
● Density Chart
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
The y axis shows the signal strength in dBm.
The graphic shows how often signals occur with a certain strength in the configured frequency range.
The color goes from the lowest value (0%) in black to the highest value (100%) in red.
The page contains the following buttons:
● Zoom in
With this icon you only show one graphic type in large format on the page.
● Zoom out
With this icon you return to the view with all three graphic types.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
269
Configuring with Web Based Management
6.6 "Interfaces" menu
● Color Scheme
With this icon, you change the color scheme for the graphic type "Spectrogram":
– The color goes from the lowest value (-100 dBm) in black to the highest value (0 dBm) in red.
– The color goes from the lowest value (-100 dBm) in red to the highest value (0 dBm) in black.
● Reset
With this icon you reset the maximum and average values of the graphic type "Realtime".
This table contains the following columns:
● Radio
Shows the WLAN interface to which the information applies.
● State
Shows the status of the measurement. The following values are possible:
– stopped
The measurement was stopped.
– running
The measurement is running.
● Frequency Band
Specify the frequency band.
● Center Frequency
Select the center frequency.
● Stop
Click the button in this column to end the measurement.
Procedure
1. Select the required frequency band from the "Frequency Band" drop-down list.
2. Select the required center frequency from the "Center Frequency" drop-down list.
3. Click the "Start" button.
4. To stop the measurement, click the "Stop" button.
5. You can adapt the settings in the second table during the measurement.
6. Change to one of the following menu items to call up the result of the measurement:
– System > Load&Save > HTTP
Click the "Save" button in the "WLANSpectrumAnalyzer" table row to save the file
"wlan_spectrum_analyzer_SCALANCE_W700.zip" in the file system of the connected
PC.
– System > Load&Save > TFTP
If necessary, change the file name "wlan_spectrum_analyzer_SCALANCE_W700.zip" in the "WLANSpectrumAnalyzer" table row. In the table row
270
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.6 "Interfaces" menu
"WLANSpectrumAnalyzer", select the "Save file" entry from the drop-down list of the last column and click the "Save Values" button.
7. The ZIP file contains a CSV file with the results of the measurement..
Measurement results
CSV file
The CSV file contains information on the configuration of the device and detailed information on all individual measurements and is divided into two areas. The first area contains the configured settings:
● System Name
The system name of the access point
● Device IP
The IP address of the device
● Device MAC
The MAC address of the device
● Recording Interval
The interval between acquisition of two measured values
The second area is a table. The table contains the following for each measured value:
● Sample
The consecutive number of the measurement
● Timestamp
The time stamp
● The following columns show all frequencies of the selected frequency band. The cells are only filled for the frequencies for which a value was measured. The measured values show the signal strength in dBm.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
271
Configuring with Web Based Management
6.7 "Layer 2" menu
6.7 "Layer 2" menu
6.7.1 VLAN
6.7.1.1 General
VLAN configuration page
On this page you specify whether or not the device forwards frames with VLAN tags transparently (IEEE 802.1D/VLAN-unaware mode) or takes VLAN information into account
(IEEE 802.1Q/VLAN-aware mode). If the device is in the "802.1Q VLAN Bridge" mode, you can define VLANs and specify the use of the ports .
Note
Changing the Agent VLAN ID
If the configuration PC is connected directly to the device via Ethernet and you change the agent VLAN ID, the device is no longer reachable via Ethernet following the change.
272
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.7 "Layer 2" menu
The page contains the following boxes:
● Base bridge mode
Select the required mode from the drop-down list. The following modes are possible:
Note
Changing Base bridge mode
Note the section "Changing Base bridge mode". This section describes how a change affects the existing configuration.
– 802.1D Transparent Bridge
Sets the mode "VLAN-unaware" for the device. In this mode, VLAN tags are not taken into account or changed but are forwarded transparently. In this mode, you cannot create any VLANs.
– 802.1Q VLAN Bridge
Sets the mode "VLAN-unaware" for the device. In this mode, VLAN tags are not taken into account or changed but are forwarded transparently. In this mode, you cannot create any VLANs. Only a management VLAN is available: VLAN 1.
● VLAN ID
Enter the VLAN ID in the "VLAN ID" input box.
Range of values: 1 ... 4094
The table has the following columns:
● Select
Select the check box in the row to be deleted.
● VLAN ID
Shows the VLAN ID. The VLAN ID (a number between 1 and 4094) can only be assigned once when creating a new data record and can then no longer be changed. To make a change, the entire data record must be deleted and created again. Up to 2 VLANs can be defined.
● Name
Enter a name for the VLAN. The name only provides information and has no effect on the configuration. The length is a maximum of 32 characters.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
273
Configuring with Web Based Management
6.7 "Layer 2" menu
● Status
Shows the status type of the entry in the port filter table. Here, static means that the address was entered as a static address by the user.
● List of ports
Specify the use of the port. The following options are available:
– "-"
The port is not a member of the specified VLAN.
With a new definition, all ports have the identifier "-".
– M
The port is a member of the VLAN. Frames sent in this VLAN are forwarded with the corresponding VLAN tag.
– U (uppercase)
The port is an untagged member of the VLAN. Frames sent in this VLAN are forwarded without the VLAN tag. Frames without a VLAN tag are sent from this port.
– u (lowercase)
The port is an untagged member of the VLAN, but the VLAN is not configured as a port VLAN. Frames sent in this VLAN are forwarded without the VLAN tag.
– F
The port is not a member of the specified VLAN. You can configure other settings in
"Layer 2 > VLAN > Port-based VLAN".
Changing Base bridge mode
VLAN-unaware (802.1D transparent bridge) → VLAN-aware (802.1Q VLAN bridge)
If you change the Base bridge mode from VLAN-unaware to VLAN aware, this has the following effects
● All static and dynamic unicast entries are deleted.
VLAN-aware (802.1Q VLAN bridge) → VLAN-unaware (802.1D transparent bridge)
If you change the Base bridge mode from VLAN-aware to VLAN-unaware, this has the following effects
● All VLAN configurations are deleted.
● A management VLAN is created: VLAN 1.
● All static and dynamic unicast entries are deleted.
802.1Q VLAN bridge: Important rules for VLANs
Make sure you keep to the following rules when configuring and operating your VLANs:
● Frames with the VLAN ID "0" are handled as untagged frames but retain their priority value.
● As default, all ports on the device send frames without a VLAN tag to ensure that the end node can receive these frames.
274
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.7 "Layer 2" menu
● With SCALANCE W devices, the VLAN ID "1" is the default on all ports.
● If an end node is connected to a port, outgoing frames should be sent without a tag (static access port). If, however, there is a further switch at this port, the frame should have a tag added (trunk port).
Procedure
Requirement:
In Base bridge mode "802.1Q VLAN Bridge" is set.
Creating a new VLAN
1. Enter an ID in the "VLAN ID" input box.
2. Click the "Create" button. A new entry is generated in the table. As default, the boxes have "-" entered.
3. Enter a name for the VLAN under Name.
4. Specify the use of the port in the VLAN. If, for example you select M, the port is a member of the VLAN. The frame sent in this VLAN is forwarded with the corresponding
VLAN tag.
5. Specify the mode of the device.
6. Click the "Set Values" button.
6.7.1.2 Port-based VLAN
Processing received frames
On this page, you specify the configuration of the port properties for receiving frames.
Requirement:
● On the "General" page, "802.1Q VLAN Bridge" is set for "Base Bridge Mode".
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
275
Configuring with Web Based Management
6.7 "Layer 2" menu
Description
Table 1 has the following columns:
Note
Table 1 is only available if at least one VLAN is configured.
● Port
Shows that the settings are valid for all ports of table 2.
● Priority / Port VID / Acceptable Frames / Ingress Filtering
In the drop-down list, select the setting for all ports. If "No Change" is selected, the entries of the corresponding column in table 2 remain unchanged.
● Copy to table
If you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows the available ports and interfaces.
● Priority
From the drop-down list, select the priority given to untagged frames.
The CoS priority (Class of Service) used in the VLAN tag. If a frame is received without a tag, it will be assigned this priority. This priority specifies how the frame is further processed compared with other frames.
There are a total of eight priorities with values 0 to 7, where 7 represents the highest priority (IEEE 802.1p Port Priority).
● Port VID
Select the VLAN ID from the drop-down list. Only VLAN IDs defined on the "VLAN >
General" page can be selected.
If a received frame does not have a VLAN tag, it has a tag with the VLAN ID specified here added to it and is sent according to the rules at the port.
● Acceptable Frames
Specify which types of frames will be accepted. The following alternatives are possible:
– Tagged Frames Only
The device discards all untagged frames. Otherwise, the forwarding rules apply according to the configuration.
– All
The device forwards all frames.
● Ingress Filtering
Specify whether the VID of received frames is evaluated.
You have the following options:
– Enabled
The VLAN ID of received frames decides whether they are forwarded: To forward a
276
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.7 "Layer 2" menu
VLAN tagged frame, the receiving port must be a member in the same VLAN. Frames from unknown VLANs are discarded at the receiving port.
– Disabled
All frames are forwarded.
Procedure
1. In the row of the port to be configured, click on the relevant cell in the table to configure it.
2. Enter the values to be set in the input boxes as follows.
3. Select the values to be set from the drop-down lists.
4. Click the "Set Values" button.
6.7.2 Dynamic MAC Aging
Protocol settings and switch functionality
The device automatically learns the source addresses of the connected nodes. This information is used to forward frames to the nodes specifically involved. This reduces the network load for the other nodes.
If a device does not receive a frame whose source address matches a learnt address within a certain time, it deletes the learnt address. This mechanism is known as "Aging". Aging prevents frames being forwarded incorrectly, for example when an end device (for example a programming device) is connected to a different port.
If the check box is not enabled, a device does not delete learnt addresses automatically.
Description
The page contains the following boxes:
● Dynamic MAC Aging
Enable or disable the function for automatic aging of learned MAC addresses:
● Aging Time [s]
Enter the time in seconds. After this time, a learned address is deleted if the device does not receive any further frames from this sender address. The range of values is from 10 seconds to 630 seconds
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
277
Configuring with Web Based Management
6.7 "Layer 2" menu
Procedure
1. Select the "Dynamic MAC Aging" check box.
2. Enter the time in seconds in the "Aging Time [s]" input box.
3. Click the "Set Values" button.
6.7.3 Spanning Tree
6.7.3.1 General
General settings of spanning tree
This is the basic page for spanning tree. Select the compatibility mode from the drop-down list. As default, Multiple Spanning Tree is enabled.
On the configuration pages of these functions, you can make detailed settings.
Depending on the compatibility mode, you can configure the corresponding function on the relevant configuration page.
Note
Client device not as root
Using the configuration of priorities and path costs, make sure that a client device can never become the root node. If a client device becomes the root node the Rapid Spanning Tree function no longer works.
278
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.7 "Layer 2" menu
The page contains the following boxes:
● Spanning Tree
Enable or disable MSTP.
● Protocol Compatibility
Select the compatibility mode of MSTP. For example if you select RSTP, MSTP behaves like RSTP.
The following settings are available:
– STP
– RSTP
– MSTP
Note
If iPCF mode is enabled, only the compatibility modes STP and RSTP are supported.
Procedure
1. Select the "MSTP" check box.
2. Select the compatibility mode from the "Protocol Compatibility" drop-down list.
3. Click the "Set Values" button.
6.7.3.2 CIST General
MSTP-CIST configuration
The page consists of the following parts.
● The left-hand side of the page shows the configuration of the device.
● The central part shows the configuration of the root bridge that can be derived from the spanning tree frames received by an device.
● The right-hand side shows the configuration of the regional root bridge that can be derived from the MSTP frames received by an device. The displayed data is only visible if you have enabled "MSTP" on the "General" page and when "Protocol Compatiblity" is set to "MSTP". This also applies to the "Bridge Max Hop Count" parameter. If the device is a root bridge, the information on the left and right matches.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
279
Configuring with Web Based Management
6.7 "Layer 2" menu
Display in access point mode
Display in client mode
Description
280
The page contains the following boxes:
● Input boxBridge priority" / Root Priority"
Which device becomes the root bridge is decided based on the Bridge priority. The
Bridge with the highest priority becomes the root bridge. The lower the value, the higher the priority. If several devices in a network have the same priority, the device whose MAC address has the lowest numeric value will become the root bridge. Both parameters, bridge priority and MAC address together form the bridge identifier. Since the root bridge manages all path changes, it should be located as centrally as possible due to the delay
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.7 "Layer 2" menu of the frames. The value for the bridge priority is a whole multiple of 4096 with a range of values from 0 to 61440.
● Bridge Address / Root Address
The bridge address shows the MAC address of the device and the root address shows the MAC address of the root bridge.
● Root port
Shows the port via which the switch communicates with the root bridge.
● Root Cost
The path costs from this device to the root bridge.
● Topology Changes / Last Topology Change
The entry for the device shows the number of reconfiguration actions due to the spanning tree mechanism since the last startup. For the root bridge, the time since the last reconfiguration is displayed as follows:
– Seconds: sec unit after the number
– Minutes: min unit after the number
– Hour: hr unit after the number
● "Bridge Hello Time [s]" / "Root Hello Time [s]" input box
Each bridge regularly sends configuration frames (BPDUs). The interval between two such frames is the Hello time. The default for this parameter is 2 seconds.
● "Bridge Forward Delay [s]" / "Root Forward Delay [s]" input box
New configuration data is not used immediately by a bridge but only after the period specified in the forward delay parameter. This ensures that operation is started with the new topology only after all the bridges have the required information. The default for this parameter is 15 seconds.
● "Bridge Max Age" / "Root Max Age" input box
Bridge Max Age defines the maximum age of a received BPDU for it to be accepted as valid by the switch. The default for this parameter is 20.
● "Bridge Max Hop Count" input box
This parameter specifies how many MSTP nodes a BPDU may pass through. If an MSTP
BPDU is received and has a hop count that exceeds the value configured here, it is discarded. The default for this parameter is 20.
● Regional root priority
For a description, see Bridge priority / Root priority
● Regional root address
The MAC address of the device.
● Regional Root Cost
The path costs from this device to the root bridge.
● Input boxRegion Name"
Enter the name of the MSTP region to which this device belongs. As default, the MAC address of the device is entered here. This value must be the same on all devices that belong to the same MSTP region.
● Region Version" input box
Enter the version number of the MSTP region in which the device is located. This value must be the same on all devices that belong to the same MSTP region.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
281
Configuring with Web Based Management
6.7 "Layer 2" menu
● "Reset Counters" button
The values are reset with this button.
● "Layer-2 Tunnel, Admin Edge Port" check box (available only in access point mode)
Select this check box if there can be an end device on a layer 2 tunnel port. Otherwise a reconfiguration of the network will be triggered whenever a link to this port is modified.
The L2T clients should be interconnected.
● "Layer-2 Tunnel, Auto Edge Port" check box (available only in access point mode)
Select this check box if you want to detect automatically whether or not an end device is connected at all layer 2 tunnel ports.
Procedure
1. Enter the data required for the configuration in the input boxes.
2. Click the "Set Values" button.
6.7.3.3 CIST Port
MSTP-CIST port configuration
When the page is called, the table displays the current status of the configuration of the port parameters.
To configure them, click the relevant cells in the port table.
282
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.7 "Layer 2" menu
Table 1 has the following columns:
● Column 1
Shows that the settings made in this table will be adopted for all ports of table 2 after clicking the "Copy to Table" button.
● Spanning Tree Status
Select the setting for all ports from the drop-down list. If "No Change" is selected, the entries of the corresponding column in table 2 remain unchanged.
● Copy to table
If you click the button, the settings are adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows all available ports and the following interfaces.
– Port X
– WLAN X
– VAP X.Y
– WDS X.Y
● Spanning Tree Status
Specify whether or not the port is integrated in the Spanning Tree.
Note
If you disable the "Spanning Tree" option for a port, this may cause the formation of loops. The topology must be kept in mind.
● Priority
Enter the priority of the port. The priority is only evaluated when the path costs are the same.
The value must be divisible by 16. If the value that cannot be divided by 16, the value is automatically adapted.
Range of values: 0 - 240.
The default is 128.
● Cost Calc.
Enter the path cost calculation. If you enter the value "0" here, the automatically calculated value is displayed in the "Path Cost" box.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
283
Configuring with Web Based Management
6.7 "Layer 2" menu
● Path Cost
The path costs from this port to the root bridge. The path with the lowest value is selected as the path. If several ports of a device have the same value, the port with the lowest port number will be selected.
If the "Cost Calc."box has the value "0", the automatically calculated value is shown.
Otherwise, the value of the "Cost Calc." box is displayed.
The calculation of the path costs is largely based on the transmission speed. The higher the achievable transmission speed is, the lower the value of the path costs.
Typical values for path costs with rapid spanning tree:
– 1000 Mbps = 20,000
– 100 Mbps = 200,000
– 10 Mbps = 2,000,000
The values can, however, also be set individually.
● Status
Displays the current status of the port. The values are only displayed and cannot be configured. The "Status" parameter depends on the configured protocol. The following is possible for status:
– Disabled
The port only receives and is not involved in STP, MSTP and RSTP.
– Discarding
In the "Discarding" mode, BPDU frames are received. Other incoming or outgoing frames are discarded.
– Listening
In this status, BPDUs are both received and sent. The port is involved in the spanning tree algorithm.
– Learning
Stage prior to the forwarding status, the port is actively learning the topology (in other words, the node addresses).
– Forwarding
Following the reconfiguration time, the port is active in the network; it receives and forwards data frames.
● Fwd. Trans
Specifies the number of changes from the "Discarding" status to the "Forwarding" status.
284
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.7 "Layer 2" menu
● Edge Type
Specify the type of the edge port. You have the following options:
– "-"
Edge port is disabled. The port is treated as a "no EdgePort".
– Admin
Select this option when there is always an end device on this port. Otherwise a reconfiguration of the network will be triggered each time a connection is changed.
– Auto
Select this option if you want a connected end device to be detected automatically at this port. When the connection is established the first time, the port is treated as a "no
Edge Port".
– Admin/Auto
Select these options if you operate a combination of both on this port. When the connection is established the first time, the port is treated as an Edge Port.
● Edge
Shows the status of the port.
– Enabled
An end device is connected to this port.
– Disabled
There is a Spanning Tree or Rapid Spanning Tree device at this port.
With an end device, a switch can change over the port faster without taking into account spanning tree frames. If a spanning tree frame is received despite this setting, the port automatically changes to the "Disabled" setting for switches.
● P.t.P. Type
Select the required option from the drop-down list. The selection depends on the port that is set.
– P.t.P.
Even with half duplex, a point-to-point link is assumed.
– Shared Media
Even with a full duplex connection, a point-to-point link is not assumed.
Note
Point-to-point link means a direct connection between two devices. A shared media connection is, for example, a connection to a hub.
– "-"
Point to point is determined automatically. If the port is set to half duplex, a point-topoint link is not assumed.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
285
Configuring with Web Based Management
6.7 "Layer 2" menu
● P.t.P.
– Enabled
Shows that a point-to-point link exists.
– Disabled
Shows that no point-to-point link exists
● Hello Time
Enter the interval after which the bridge sends configuration BPDUs. As default, 2 seconds is set.
Range of values: 1-2 seconds
Note
The port-specific setting of the Hello time is only possible in MSTP compatible mode.
Procedure
1. In the input cells of the table row, enter the values of the port you are configuring.
2. From the drop-down lists of the cells of the table row, select the values of the port you are configuring.
3. Click the "Set Values" button.
6.7.3.4 MST General
Multiple Spanning Tree configuration
With MSTP, in addition to RSTP, several VLANs can be managed in a LAN with separate
RSTP trees.
Description
The page contains the following box:
● MSTP Instance ID
Enter the number of the MSTP instance.
286
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.7 "Layer 2" menu
Permitted values: 1 - 64
You can define up to 2 MSTP instances.
The table has the following columns:
● Select
Select the row you want to delete.
● MSTP Instance ID
Shows the number of the MSTP instance.
● Root Address
Shows the MAC address of the root bridge
● Root Priority
Shows the priority of the root bridge.
● Bridge Priority
Enter the bridge priority in this box. The value for the bridge priority is a whole multiple of
4096 with a range of values from 0 to 61440.
● VLAN ID
Enter the VLAN ID. Here, you can also specify ranges with Start ID, "-", End ID. Several ranges or IDs are separated by ",".
Permitted values: 1- 4094
Procedure
Creating a new entry
1. Enter the number of the MSTP instance in the "MSTP Instance ID" box.
2. Click the "Create" button.
3. Enter the identifier of the virtual LAN in the "VLAN ID" input box.
4. Enter the priority of the bridge in the "Bridge Priority" input box.
5. Click the "Set Values" button.
Deleting entries
1. Use the check box at the beginning of the relevant row to select the entries to be deleted.
2. Click the "Delete" button to delete the selected entries from memory. The entries are deleted from the memory of the device and the display on this page is updated.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
287
Configuring with Web Based Management
6.7 "Layer 2" menu
6.7.3.5 MST Port
Configuration of the Multiple Spanning Tree port parameters
On this page, you set the parameters for the ports of the configured multiple spanning tree instances.
Description
The page contains the following box:
● MSTP Instance ID
In the drop-down list, select the ID of the MSTP instance.
Table 1 has the following columns:
● Column 1
Shows that the settings are valid for all ports of table 2.
● MSTP Status
In the drop-down list, select the setting for all ports. If "No Change" is selected, the entries of the corresponding column in table 2 remain unchanged.
● Copy to table
● If you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows all available ports and interfaces.
● MSTP instance ID
Shows the ID of the MSTP instance.
288
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.7 "Layer 2" menu
● MSTP Status
Click the check box to enable or disable this option.
● Priority
Enter the priority of the port. The priority is only evaluated when the path costs are the same.
The value must be divisible by 16. If the value that cannot be divided by 16, the value is automatically adapted.
Range of values: 0 - 240.
The default is 128.
● Cost Calc.
Enter the path cost calculation in the input box. If you enter the value "0" here, the automatically calculated value is displayed in the next box "Path Costs".
● Path Cost
The path costs from this port to the root bridge. The path with the lowest value is selected as the path. If several ports of a device have the same value, the port with the lowest port number will be selected.
If the "Cost Calc." box has the value "0", the automatically calculated value is shown.
Otherwise, the value of the "Cost Calc." box is displayed.
The calculation of the path costs is largely based on the transmission speed. The higher the achievable transmission rate, the lower the value for the path costs will be.
Typical values for rapid spanning tree are as follows:
– 1000 Mbps = 20,000
– 100 Mbps = 200,000
– 10 Mbps = 2,000,000
The values can, however, also be set individually.
● Status
Displays the current status of the port. The values are only displayed and cannot be configured. The following is possible for status:
– Discarding
The port exchanges MSTP information but is not involved in the data traffic.
– Blocked
In the blocking mode, BPDU frames are received.
– Forwarding
The port receives and sends data frames.
● Fwd. Trans.
Specifies the number of status changes Discarding - Forwarding or Forwarding -
Discarding.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
289
Configuring with Web Based Management
6.7 "Layer 2" menu
Procedure
1. In the input cells of the table row, enter the values of the port you are configuring.
2. From the drop-down lists of the cells of the table row, select the values of the port you are configuring.
3. Click the "Set Values" button.
6.7.4
Applications
DCP Forwarding
The DCP protocol is used by STEP 7 and the PST Tool for configuration and diagnostics.
When shipped, DCP is enabled on all ports; in other words, DCP frames are forwarded at all ports. With this option, you can disable the sending of these frames for individual ports, for example to prevent individual parts of the network from being configured with the PST Tool or to divide the full network into smaller parts for configuration and diagnostics.
All the ports of the device are displayed on this WBM page.
Note
Empty table
If you have enabled NAT on the device, the table is empty or will be emptied.
290
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.7 "Layer 2" menu
The table has the following columns:
● Port
Shows the available ports.
● Setting
Specify whether the port should block or forward outgoing DCP frames. You have the following options available:
– Block
No outgoing DCP frames are forwarded via this port. It is nevertheless still possible to receive via this port.
– Forward
The DCP frames are forwarded via this port.
Procedure
1. Specify whether the port blocks or forwards the DCP frames.
2. Click the "Set Values" button.
6.7.5 LLDP
Link Layer Discovery Protocol (LLDP)
PROFINET uses the LLDP protocol for topology diagnostics.
In the factory settings, LLDP is activated on the interface, in other words LLDP frames are sent and received. LLDP is supported only by the Ethernet interface.
On this WBM page, you enable or disable the sending or receiving of LLDP frames on the interface.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
291
Configuring with Web Based Management
6.7 "Layer 2" menu
Description
The table has the following columns:
● Port
Shows the port.
● Setting
Specify the LLDP functionality. The following options are available:
– Tx
This port can only send LLDP frames.
– Rx
This port can only receive LLDP frames.
– Rx & Tx
This port can receive and send LLDP frames.
– "-" (disabled)
This port can neither receive nor send LLDP frames.
Procedure
1. Select the required LLDP functionality from the drop-down list.
2. Click the "Set Values" button.
292
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.8 "Layer 3" menu
6.8 "Layer 3" menu
Layer 3 possible only with SCALANCE W722-1 RJ-45
The use of the layer 3 functions is possible only with the client SCALANCE W722-1 RJ-45.
6.8.1
6.8.1.1
NAT
Basic
Requirements to be able to use NAT:
● Client SCALANCE W722-1 RJ-45 (MLFB 6GK5722-1FC00-0AA0 / 6GK5722-1FC00-
0AB0 (US version))
Note
This tab is only available in the client mode.
On this page, you specify the basic settings for NAT.
Description
The page contains the following boxes:
● Interface
Select the required Ethernet interface from the drop-down list.
● Enable NAT
Enable or disable NAT for the Ethernet interface. Cannot be enabled if Layer 2 Tunnel is set for MAC Mode on the client.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
293
Configuring with Web Based Management
6.8 "Layer 3" menu
● TCP Idle Timeout [s]
Enter the required time in seconds. If no data exchange takes place, the TCP connection is deleted from the translation table when this time has elapsed.
The range of values is 1 to 4294967295.
Default setting: 86400 seconds
● UDP Idle Timeout [s]
Enter the required time in seconds. If no data exchange takes place, the UDP connection is deleted from the translation table when this time has elapsed.
The range of values is 1 to 4294967295.
Default setting: 300 seconds
● Local Interface IP address
Enter the local IP address of the Ethernet interface. This IP address is the gateway address of the local device.
● Local Interface Subnet Mask
Enter the subnet mask for the local Ethernet.
● IPv6 Transparent Mode
When enabled, the transparent mode is activated. IPv6 frames are forwarded unchanged between Ethernet and WLAN. This assumes that "Own" is not set for MAC mode and
IPv6 is turned off.
Procedure
6.8.1.2
1. In the "Local Interface IP address" input box, enter the local IP address of the Ethernet interface.
2. In the "Local Interface Subnet Mask" input box enter the subnet mask for the local
Ethernet.
3. Enable NAT for the Ethernet interface.
4. Click the "Set Values" button.
NAPT
Requirements to be able to use NAT:
● Client SCALANCE W722-1 RJ-45 (MLFB 6GK5722-1FC00-0AA0 / 6GK5722-1FC00-
0AB0 (US version))
Note
This tab is only available in the client mode.
On this WBM page, you define the translation list for communication from the global to the local network. Per WLAN client (NAT gateway), 60 entries are possible.
294
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.8 "Layer 3" menu
Description
The page contains the following boxes:
● Interface
Interface to which the settings relate. Can only be selected if the device has several interfaces.
● Traffic Type
Specify the protocol for which the address assignment is valid. TCP and UDP frames must have parameters set separately.
● Global Port
Enter the global port. Incoming frames with this port as the destination port are forwarded. If the setting is intended to apply to a port range, enter the range with start port "-" end port, for example 30 - 40.
Note
If the port is already occupied by a local service, for example Telnet, a warning is displayed. In this case, avoid using TCP port 23 (Telnet), port 22 (SSH), ports 80/443
(http/https: reachability of the client with the WBM) and UDP port 161 (SNMP) as global port.
● Local IP Address
Enter the IP address of the node in the local network.
● Local Port
Enter the number of the port. This is the new destination port to which the incoming frame will be forwarded. If the setting is intended to apply to a port range, enter the range with start port "-" end port, for example 30 - 40.
If the local port and global port are the same, the frames will be forwarded without port translation.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
295
Configuring with Web Based Management
6.8 "Layer 3" menu
The table has the following columns:
● Select
Select the check box in the row to be deleted.
● Activate
Select the check box in the required row. The entry is used for the address assignment
● Interface
Shows the interface to which the settings relate.
● Traffic Type
Shows whether UDP or TCP frames are assigned to the global port.
● Dynamic Global IP
Shows whether or not dynamic address translation is used.
● Global IP Address
Shows the global IP address to which the local IP address will be translated.
● Global Port
Shows the global port.
● Local IP Address
Shows the IP address of the node in the local network.
● Local Port
Shows the number of the local port.
Procedure
1. From the "Traffic Type" drop-down list, select the protocol for which the address assignment is valid.
2. Enter the number of the global port or a port range in "Global Port".
3. Enter the IP address of the node in the local network in ""Local IP Address".
4. Enter the number of the local port or a port range in "Local Port".
5. Click the "Create" button. A new entry is generated in the table.
6. Click the "Set Values" button. The device is restarted.
296
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
6.9 "Security" menu
Configuring with Web Based Management
6.9 "Security" menu
6.9.1 Passwords
6.9.1.1 Device passwords
Configuration of the device passwords
Note
If you are logged in via a RADIUS server, you cannot change any passwords.
On this page, you can change passwords. If you are logged in with the right to change device parameters, you can change the passwords for all user accounts. If you are logged on as user, you can only change your own password.
Description of the displayed boxes
● Current User
Shows the user that is currently logged in.
● Current User Password
Enter the password for the currently logged in user.
● User Account
Select the user whose password you want to change.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
297
Configuring with Web Based Management
6.9 "Security" menu
● Password Policy
Shows which password policy is being used when assigning new passwords.
Note
Checking the password policy of existing users
Up to now there was no special password policy. As of version V6.0 you can now assign passwords that correspond to the password policy "high".
The set password policy is used when assigning new passwords. Existing passwords are not checked. If you change the password policy from "Low" to "High", the previously used passwords remain valid. As an important measure for increasing security, change the passwords used up to now.
– High
Password length: at least 8 characters, maximum 128 characters at least 1 uppercase letter at least 1 special character at least 1 number
– Low
Password length: at least 6 characters, maximum 128 characters
● New Password
Enter the new password for the selected user.
● Password Confirmation
Enter the new password again to confirm it.
Procedure
1. In the "Current User Password" enter the valid password of the currently logged in user.
2. From the "User Account" drop-down list, select the user whose password you want to change.
3. Enter the new password for the selected user in the "New Password" input box.
298
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
6.9.1.2
Configuring with Web Based Management
6.9 "Security" menu
4. Repeat the new password in the "Password Confirmation" input box.
5. Click the "Set Values" button.
Note
The factory settings for the passwords when the devices ship are as follows:
• admin: admin
When you log in for the first time or following a "Restore Factory Defaults and Restart", with the preset user "aadmin" you will be prompted to change the password.
Note
Changing the password in Trial mode
Even if you change the password in Trial mode, this change is saved immediately.
Password options
On this page you specify which password policy will be used when assigning new passwords.
Description
● Password Policy
Shows which password policy is currently being used
● New Password Policy
Select the required setting from the drop-down list.
– High
Password length: at least 8 characters, maximum 128 characters at least 1 uppercase letter at least 1 special character at least 1 number
– Low
Password length: at least 6 characters, maximum 128 characters
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
299
Configuring with Web Based Management
6.9 "Security" menu
6.9.2
6.9.2.1
Roles
Users
Roles
On this page, you create roles that are valid locally on the device.
Note
The values displayed depend on the rights of the logged-in user.
Description
The page contains the following:
● Role Name
Enter the name for the role. The name must meet the following conditions:
– It must be unique.
– It must be between 1 and 64 characters long.
Note
Role name cannot be changed
After creating a role, the name of the role can no longer be changed.
If a name of a role needs to be changed, the role must be deleted and a new role created.
300
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
The table contains the following columns:
● Select
Select the check box in the row to be deleted.
Note
Predefined roles and assigned roles cannot be deleted or modified.
● Role
Shows the name of the role.
● Function Right
Select the function rights of the role.
– 1
Users with this role can read device parameters but cannot change them. Users with this role can change their own password.
– 15
Users with this role can both read and change device parameters.
Note
Function right cannot be changed
If you have assigned a role, you can no longer change the function right of the role.
If you want to change the function right of a role, follow the steps outlined below:
1. Delete all assigned users.
2. Change the function right of the role:
3. Assign the role again.
● Description
Enter a description for the role. With predefined roles a description is displayed. The description text can be up to 100 characters long.
Procedure
Creating a role
1. Enter the name for the role.
2. Click the "Create" button.
3. Select the function rights of the role.
4. Enter a description of the role.
5. Click the "Set Values" button.
Deleting a role
1. Select the check box in the row to be deleted.
2. Click the "Delete" button. The entries are deleted and the page is updated.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
301
Configuring with Web Based Management
6.9 "Security" menu
6.9.2.2
User Groups
Groups
On this page you link a group with a role.
In this example the group "Administrators" is linked to the "admin"role: The group is defined on a RADIUS server. The role is defined locally on the device. When a RADIUS server authenticates a user and assigns the user to the "Administrators" group, this user is given rights of the "admin" role.
Note
The values displayed depend on the rights of the logged-in user.
Description
The page contains the following:
● Group Name
Enter the name of the group. The name must match the group on the RADIUS server.
The name must meet the following conditions:
– It must be unique.
– It must be between 1 and 64 characters long.
The table contains the following columns:
● Select
Select the check box in the row to be deleted.
● Group
Shows the name of the group.
302
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
● Role
Select a role. Users who are authenticated with the linked group on the RADIUS server receive the rights of this role locally on the device.
You can choose between system-defined and self-defined roles, refer to the page
"Security > Users > Roles.".
● Description
Enter a description for the link of the group.to a role. The description text can be up to
100 characters long.
Procedure
Linking a group to a role.
1. Enter the name of a group.
2. Click the "Create" button.
3. Select a role.
4. Enter a description for the link of a group.to a role.
5. Click the "Set Values" button.
Deleting the link between a group and a role
1. Select the check box in the row to be deleted.
2. Click the "Delete" button. The entries are deleted and the page is updated.
6.9.2.3
Local users
Local Users
On this page, you create local users with the corresponding rights.
When you create or delete a local user this change is also made automatically in the table
"External User Accounts". If you want to make change explicitly for the internal or external user table, use the CLI commands.
Note
The values displayed depend on the rights of the logged-in user.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
303
Configuring with Web Based Management
6.9 "Security" menu
Description
The page contains the following:
● User Account
Enter the name for the user. The name must meet the following conditions:
– It must be unique.
– It must be between 1 and 250 characters long.
– The following characters must not be included: § ? " ; : < =
Note
User name cannot be changed
After creating a user, the user name can no longer be modified.
If a user name needs to be changed, the user must be deleted and a new user created.
Note
Default user "user" set in the factory
As of firmware version 6.0 the default user set in the factory "user" is no longer available when the product ships.
If you update a device to the firmware V6.0 the default user set in the factory "user" is initially still available. If you reset the device to the factory settings ("Restore Factory
Defaults and Restart") the default user set in the factory "user" is deleted.
You can create new users with the role "user".
304
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
● Password Policy
Shows which password policy is being used.
– High
Password length: at least 8 characters, maximum 128 characters
At least 1 uppercase letter
At least 1 special character
At least 1 number
– Low
Password length: at least 6 characters, maximum 128 characters
You configure the password policy on the page "Security > Passwords > Options"".
● Password
Enter the password. The strength of the password depends on the set password policy.
● Password Confirmation
Enter the password again to confirm it.
● Role
Select a role.
You can choose between system-defined and self-defined roles, refer to the page
"Security > Users > Roles.".
The table contains the following columns:
● Select
Select the check box in the row to be deleted.
Note
The preset users as well as logged in users cannot be deleted or changed.
● User Account
Shows the user name.
● Role
Shows the role of the user.
● Description
Displays a description of the user account. The description text can be up to 100 characters long.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
305
Configuring with Web Based Management
6.9 "Security" menu
Procedure
Creating users
1. Enter the name for the user.
2. Enter the password for the user.
3. Enter the password again to confirm it.
4. Select the role of the user.
5. Click the "Create" button.
6. Enter a description of the user.
7. Click the "Set Values" button.
Deleting users
1. Select the check box in the row to be deleted.
2. Click the "Delete" button. The entries are deleted and the page is updated.
6.9.3 AAA
6.9.3.1 General
Login of network nodes
The designation "AAA" stands for "Authentication, Authorization, Accounting". This feature is used to identify and allow network nodes, to make the corresponding services available to them and to specify the range of use.
On this page, you configure the login.
306
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
Description of the displayed boxes
The page contains the following boxes:
Note
To be able to use the login authentication "RADIUS", "Local and RADIUS" or "RADIUS and fallback Local" a RADIUS server must be stored and configured for user authentication.
● Login Authentication
Specify how the login is made:
– Local
The authentication must be made locally on the device.
– RADIUS
The authentication must be handled via a RADIUS server.
– Local and RADIUS
The authentication is possible both with the users that exist on the device (user name and password) and via a RADIUS server.
The user is first searched for in the local database. If the user does not exist there, a
RADIUS request is sent.
– RADIUS and fallback Local
The authentication must be handled via a RADIUS server.
A local authentication is performed only when the RADIUS server cannot be reached in the network.
6.9.3.2 RADIUS client
Authentication over an external server
The concept of RADIUS is based on an external authentication server.
Each row of the table contains access data for one server. In the search order, the primary server is queried first. If the primary server cannot be reached, secondary servers are queried in the order in which they are entered.
If no server responds, there is no authentication.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
307
Configuring with Web Based Management
6.9 "Security" menu
Description of the displayed boxes
The page contains the following boxes:
● RADIUS Authorization Mode
For the login authentication, the RADIUS authorization mode specifies how the rights are assigned to the user with a successful authentication.
– Conventional
In this mode the user is logged in with administrator rights if the server returns the value "Administrative User" to the device for the attribute "Service Type". In all other cases the user is logged in with read rights.
– SiemensVSA
In this mode the assignment of rights depends on whether and which group the server returns for the user and whether or not there is an entry for the user in the table
"External User Accounts".
The table has the following columns:
● Select
Select the row you want to delete.
● RADIUS Server Address
Enter the IPv4 address or the FQDN (Fully Qualified Domain Name) of the RADIUS server.
● Server Port
Here, enter the input port on the RADIUS server. As default, input port 1812 is set. The range of values is 1 to 65535.
● Shared Secret
Enter your access ID here. The range of values is 1...128 characters
● Shared Secret Conf.
Enter your access ID again as confirmation.
● Max. Retrans.
Here, enter the maximum number of retries for an attempted request.
The initial connection attempt is repeated the number of times specified here before another configured RADIUS server is queried or the login counts as having failed. As default 3 retries are set, this means 4 connection attempts. The range of values is 1 to 5.
● Primary Server
Using the options in the drop-down list, specify whether or not this server is the primary server. You can select one of the options "yes" or "no".
308
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
● Test
With this button, you can test whether or not the specified RADIUS server is available.
The test is performed once and not repeated cyclically.
● Test Result
Shows whether or not the RADIUS server is available:
– Not reachable
The IP address is not reachable.
The IP address is reachable, the RADIUS server is, however, not running.
– Reachable, key not accepted
The IP address is reachable, the RADIUS server does not, however accept the shared secret.
– Reachable, key accepted
The IP address is reachable, the RADIUS server accepts the specified shared secret.
Steps in configuration
Entering a new server
1. Click the "Create" button. A new entry is generated in the table.
The following default values are entered in the table:
– RADIUS Server Address: 0.0.0.0
– Server Port: 1812
– Max. Retrans.: 3
– Primary server: No
2. In the relevant row, enter the following data in the input boxes:
– RADIUS Server Address
– Server Port
– Shared Secret
– Shared Secret Conf
– Max. Retrans.: 3
– Primary server: No
3. If necessary check the reachability of the RADIUS server.
4. Click the "Set Values" button.
Repeat this procedure for every server you want to enter.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
309
Configuring with Web Based Management
6.9 "Security" menu
Modifying servers
1. In the relevant row, enter the following data in the input boxes:
– RADIUS Server Address
– Server Port
– Shared Secret
– Shared Secret Conf
– Max. Retrans.
– Primary Server
2. If necessary check the reachability of the RADIUS server.
3. Click the "Set Values" button.
Repeat this procedure for every server whose entry you want to modify
Deleting servers
1. Click the check box in the first column before the row you want to delete to select the entry for deletion.
Repeat this for all entries you want to delete.
2. Click the "Delete" button. The data is deleted from the memory of the device and the page is updated.
310
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
6.9.4 WLAN
6.9.4.1
Safety levels
Basic (Access Point)
To make the network secure, authentication and encryption are used. On this page, you specify the security settings.
Note
WLAN mode IEEE 802.11 n
With devices operated in WLAN mode IEEE8002.11n only WPA2 (WPA2-PSK and WPA2
Radius) encryption is possible. iPCF or iPCF-MC
If iPCF or iPCF-MC is enabled, only "Open System" with the encryption method AES is supported in the security settings.
Description
The table has the following columns:
● Interface
Shows the available interfaces.
● Authentication Type
Select the type of authentication. The selection depends on the operating mode and the transmission standard.
– Open System
There is no authentication. Encryption with a fixed (unchanging) WEP key can be selected as an option. To use the key, enable "Encryption". You define the WEP key on the "Keys" page.
If iPCF mode is enabled, the encryption method AES with 128 bit key length is also supported.
– Shared Key
In Shared Key authentication, a fixed key is stored on the client and access point. This
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
311
Configuring with Web Based Management
6.9 "Security" menu
WEP key is then used for authentication and encryption. You define the WEP key on the "Keys" page.
Note
If you use "Open System" with "Encryption" or "Shared Key", Key 1 must always be set on the "Keys" page.
– WPA (RADIUS)
Wi-Fi Protected Access is a method specified by the Wi-Fi Alliance to close security gaps in WEP. Authentication using a server is stipulated (802.1x). The dynamic exchange of keys at each data frame introduces further security.
– WPA-PSK
WPA Pre Shared Key (WPA-PSK) is a weakened form of WPA. In this method, authentication is not established by a server but is based on a password. This password is configured manually on the client and server.
– WPA2 (RADIUS)
WPA2 (Wi-Fi Protected Access 2) is a further development of WPA and implements the functions of the IEEE 802.11i security standard. WPA authentication works, however, without the RADIUS server.
– WPA2-PSK
WPA2-PSK is based on the 802.11i standard. WPA authentication works, however, without a RADIUS server. Instead of this, a WPA(2) key (WPA(2) Pass Phrase) is stored on each client and access point. The WPA(2) Pass Phrase is used for authentication and further encryption.
– WPA/WPA2-Auto-PSK
Setting with which an access point can process both the "WPA-PSK" as well as the
"WPA2-PSK" type of authentication. This is necessary when the access point communicates with different clients, some using "WPA-PSK" and others "WPA2-PSK".
The same encryption method is set on the clients.
– WPA/WPA2-Auto
Setting with which an access point can process both the "WPA" as well as the "WPA2" type of authentication. This is necessary when the access point communicates with different clients, some using "WPA" and others "WPA2". The same encryption method is set on the clients
● Encryption
Encryption protects the transferred data from eavesdropping and corruption. You can only disable encryption if you have selected "Open System" for authentication. All other security methods include both authentication and encryption.
312
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
● Cipher
Select the encryption method. The selection depends on the transmission standard.
– AUTO
AES or TKIP is used automatically depending on the capability of the other station.
– WEP
WEP (Wired Equivalent Privacy)
A symmetrical stream encryption method with only 40- or 104-bit long keys based on the RC4 algorithm (Ron’s Code 4).
– TKIP (Temporal Key Integrity Protocol)
A symmetrical encryption method with the RC4 algorithm (Ron’s Code 4). In contrast to the weak WEP encryption, TKIP uses changing keys derived from a main key. TKIP can also recognize corrupted data frames.
– AES (Advanced Encryption Standard)
Strong symmetrical block encryption method based on the Rijndael algorithm that further improves the functions of TKIP.
Note
To provide better protection of your data against attacks, use WPA2/ WPA2-PSK with
AES.
● WPA(2) Pass Phrase
Enter a WPA(2) key here. This WPA(2) key must be known on both the client and the access point and is entered by the user at both ends.
For a key with 8 to 63 characters, you can only use the following readable ASCII characters: 0x20 - 0x7e.
For a key with precisely 64 characters, you can use the following ASCII characters: 0 - 9, a - f and A - F.
● WPA(2) Pass Phrase Confirmation
Confirm the entered WPA(2) pass phrase.
● Default Key
Specify the WEP key used to encrypt the data. You define the WEP key on the "Keys" page.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
313
Configuring with Web Based Management
6.9 "Security" menu
Procedure
1. Select the required security settings. Which settings are possible depends on the
"Authentication Type" you have selected.
Authentication Type
Open System
Open System
Open System
Shared Key
WPA (RADIUS)
WPA-PSK
WPA2 (RADIUS)
WPA2-PSK
WPA/WPA2-AutoPSK
WPA/WPA2-Auto
(RADIUS)
Encryption disabled enabled enabled enabled enabled enabled enabled enabled enabled enabled
1)
available only with iPCF or iPCF-MC
2. Click the "Set Values" button.
Cipher
--
WEP
AES
1)
WEP
Auto/TKIP/AES
Auto/TKIP/AES
Auto/TKIP/AES
Auto/TKIP/AES
Auto/TKIP/AES
Auto/TKIP/AES
Encryption key source
--
Default Key
Default Key (128-bit)
Default Key
RADIUS Server
WPA(2) Pass Phrase
RADIUS Server
WPA(2) Pass Phrase
WPA(2) Pass Phrase
RADIUS Server
314
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
6.9.4.2
Safety levels
Basic (Client)
To make the network secure, authentication and encryption are used. On this page, you specify the security settings.
Note
WLAN mode IEEE 802.11 n
With devices operated in WLAN mode IEEE8002.11n only WPA2 (WPA2-PSK and WPA2
Radius) encryption is possible. iPCF or iPCF-MC mode activated
If iPCF or iPCF-MC mode is enabled, only "Open System" with the encryption method AES is supported in the security settings with Security Context 1.
Description
The table has the following columns:
● Select
Select the row you want to delete. Select a check box in this column and click the
"Delete" button to delete an entry in the list.
● Security Context
Shows the number of the entry. If you create a new entry, a new row with a unique number is created.
You can create up to 8 security contexts. The security context 1 cannot be deleted.
● Authentication type
Select the type of authentication. The selection depends on the operating mode and the transmission standard.
– Open System
There is no authentication. Encryption with a fixed (unchanging) WEP key can be selected as an option. To use the key, enable "Encryption". You define the WEP key on the "Keys" page.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
315
Configuring with Web Based Management
6.9 "Security" menu
If iPCF or iPCF-MC mode is enabled, only the encryption method AES with 128 bit key length is supported.
– Shared Key
In Shared Key authentication, a fixed key is stored on the client and access point. This
WEP key is then used for authentication and encryption. You define the WEP key on the "Keys" page.
– WPA (RADIUS)
Wi-Fi Protected Access is a method specified by the Wi-Fi Alliance to close security gaps in WEP. Authentication using a server is stipulated (802.1x). The dynamic exchange of keys at each data frame introduces further security.
Note
Make the relevant RADIUS settings initially on the page "Security > WLAN > Basic".
– WPA-PSK
WPA Pre Shared Key (WPA-PSK) is a weakened form of WPA. In this method, authentication is not established by a server but is based on a password. This password is configured manually on the client and server.
– WPA2 (RADIUS)
WPA2 (Wi-Fi Protected Access 2) is a further development of WPA and implements the functions of the IEEE 802.11i security standard. WPA authentication works, however, without the RADIUS server.
Note
Make the relevant RADIUS settings initially on the page "Security > WLAN > Client
Radius Supplicant".
– WPA2-PSK
WPA2-PSK is based on the 802.11i standard. WPA authentication works, however, without a RADIUS server. Instead of this, a WPA(2) key (WPA(2) pass phrase) is stored on each client and access point. The WPA(2) pass phrase is used for authentication and further encryption.
– WPA/WPA2-Auto-PSK
Setting with which an access point can process both the "WPA-PSK" as well as the
"WPA2-PSK" type of authentication. This is necessary when the access point communicates with different clients, some using "WPA-PSK" and others "WPA2-PSK".
The same encryption method is set on the clients.
– WPA/WPA2-Auto
Setting with which an access point can process both the "WPA" as well as the "WPA2" type of authentication. This is necessary when the access point communicates with different clients, some using "WPA" and others "WPA2". The same encryption method is set on the clients
● Encryption
Encryption protects the transferred data from eavesdropping and corruption. You can only disable encryption if you have selected "Open System" for authentication. All other security methods include both authentication and encryption.
316
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
● Cipher
Select the encryption method. The selection depends on the transmission standard.
– AUTO
AES or TKIP is used depending on the capability of the other station.
– WEP
WEP (Wired Equivalent Privacy)
A symmetrical stream encryption method with only 40- or 104-bit long keys based on the RC4 algorithm (Ron’s Code 4).
– TKIP (Temporal Key Integrity Protocol)
A symmetrical encryption method with the RC4 algorithm (Ron’s Code 4). In contrast to the weak WEP encryption, TKIP uses changing keys derived from a main key. TKIP can also recognize corrupted data frames.
– AES (Advanced Encryption Standard)
Strong symmetrical block encryption method based on the Rijndael algorithm that further improves the functions of TKIP.
Note
To provide better protection of your data against attacks, use WPA2/ WPA2-PSK with
AES.
● WPA(2) Pass Phrase
Enter a WPA(2) key here. This WPA(2) key must be known on both the client and the access point and is entered by the user at both ends.
For a key with 8 to 63 characters, you can only use the following readable ASCII characters: 0x20 - 0x7e.
For a key with precisely 64 characters, you can use the following ASCII characters: 0 - 9, a - f and A - F.
● WPA(2) Pass Phrase Confirmation
Confirm the entered WPA(2) pass phrase.
● Default Key
Specify the WEP key used to encrypt the data. You define the WEP key on the "Keys" page.
Procedure
1. To create a new security context, click the "Create" button.
2. Select the required security settings. Which settings are possible depends on the
"Authentication Type" you have selected.
3. Click the "Set Values" button.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
317
Configuring with Web Based Management
6.9 "Security" menu
6.9.4.3 AP communication
Communications options
On this page, you specify the type of communication allowed by the access point.
Note
This tab is available only in access point mode.
Description
The table has the following columns:
● Radio
Shows the available WLAN interfaces.
● Port
Shows the VAP interface.
● within own VAP
– Enabled
Clients logged on to the same VAP interface of an access point can communicate with each other.
– Disabled
Option is disabled.
Note
"within own VAP" function disabled if the "within own VAP" function is disabled the various WLAN clients can no longer see each other. This means that Address Collision Detection (ACD) also no longer works reliably.
318
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
● with Ethernet
– Enabled
Clients can communicate via the Ethernet interface of the access point.
– Disabled
Option is disabled.
6.9.4.4 AP RADIUS Authenticator
Configuration of the RADIUS server
On this WBM page, you define the RADIUS servers and the RADIUS authentication of the access point. You can enter data for two RADIUS servers.
Note
This WBM page is only available in access point mode.
Description
The page contains the following boxes:
● Reauthentication Mode
Specify who sets the time after which the clients are forced to reauthenticate.
– - (disabled)
Reauthentication mode is disabled.
– Server
Enables time management on the server.
– Local
Enables local time management. In "Reauthentication Interval", specify the time of validity.
● Reauthentication Interval [s]
If time management is local, enter the period of validity of the authentication in seconds.
The minimum time is 1 minute (enter 60), the maximum time is 12 hours (enter 43200).
The default is one hour (3,600 seconds).
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
319
Configuring with Web Based Management
6.9 "Security" menu
The table has the following columns:
● Server IP Address
Here, enter the IP address or the FQDN name of the RADIUS server.
● Server Port
Here, enter the input port on the RADIUS server.
● Shared Secret
Enter the password of the RADIUS server.
For the password, ASCII code 0x20 to 0x7e is used.
● Shared Secret Conf
Confirm the password.
● Max. Retransmissions
Enter the maximum number of connection attempts.
● Primary Server
Specify whether or not this server is the primary server.
– Yes: Primary server
– No: Backup server.
● State
With this check box, you can enable or disable the RADIUS server
Procedure
Entering a new server
To display a new server, follow the steps below:
1. In the relevant row, enter the following data in the input boxes:
– IP address or FQDN name of the RADIUS server.
– Port number of the input port
– Password
– Confirmation of the password
– Maximum number of transmission retries
– Primary server
2. Click the "Set Values" button.
320
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
Modifying servers
1. In the relevant row, enter the following data in the input boxes:
– Server IP address
– Port number of the input port
– Password
– Confirmation of the password
– Maximum number of transmission retries
– Primary server
2. Click the "Set Values" button.
Repeat this procedure for every server whose entry you want to modify.
6.9.4.5 Client RADIUS Supplicant
Client Supplicant
On this WBM page, you configure the settings for the RADIUS authorization of the client.
Note
This WBM page is only available in client mode.
Description
The table has the following columns:
● Security context
Shows the security context.
● Dot1x User Name
Enter the user name with which you want to log on to the RADIUS server.
● Dot1x User Password
Enter the password for the user name selected above. The client logs on with the
RADIUS server using this combination.
For password assignment, ASCII code 0x20 to 0x7e is used.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
321
Configuring with Web Based Management
6.9 "Security" menu
● Dot1x User Password Confirmation
Confirm the password.
● Dot1x Check Server Certificate
Specify whether or not the RADIUS server identifies itself to the client using a certificate.
● Dot1x EAP Types
Specify the authentication method. The following methods are available:
– Auto
EAP-TLS, EAP-TTLS or PEAP is used depending on the capability of the other station.
– EAP-TLS
Client logs on using a certificate.
– EAP-TTLS
The client logs on with the RADIUS server using the user name and password
– PEAP
The client logs on with the RADIUS server using the user name and password.
Procedure
1. Enter the necessary values in the input boxes.
2. Select the required entry in the "Dot1x EAP Types" drop-down list.
3. Click the "Set Values" button.
6.9.4.6 Keys
Specifying the WEP key
To allow you to enable the encryption for the "Open System" and "Shared Key" authentication methods, you must first enter at least one key in the key table.
Description
322
The table has the following columns:
● Key 1 - 4
Enter the WEP key or the AES key.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
For the WEP key, characters of the ASCII code from 0x20 to 0x7E or hexadecimal characters from 0x00 to 0xFF are permitted.
If iPCF or iPCF-MC mode is enabled, only the encryption method AES with 128-bit key length is supported.
You can choose between the following key lengths:
– 5 or 13 ASCII or 10 or 26 hexadecimal characters (40/104 bits)
– 16 ASCII or 32 hexadecimal characters (128 bits)
Note
The hexadecimal characters are entered without being preceded by "0x". One hexadecimal character codes four bits. The entries "ABCDE" (ASCII characters) and
"4142434445" (hexadecimal characters) are therefore the same because the ASCII character "A" has hexadecimal code "0x41".
● Key 1 - 4 Confirmation
Confirm the WEP key.
Procedure
1. Enter at least one WEP key.
2. Click the "Set Values" button.
6.9.5 MAC ACL
6.9.5.1
Introduction
Rules Configuration
On this page, you specify the access rules for the MAC-based Access Control List. Using the
MAC-based ACL, you can specify whether frames of certain unicast MAC addresses are forwarded or discarded.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
323
Configuring with Web Based Management
6.9 "Security" menu
Description of the displayed boxes
The table has the following columns:
● Select
Select the row you want to delete. If this entry is used, this is grayed out and you cannot delete it.
● Rule Number
Shows the number of the ACL rule. If you create a new entry, a new line with a unique number is created.
● Source MAC
Enter the unicast MAC address of the source.
● Dest. MAC
Enter the unicast MAC address of the destination.
● Action
Select whether the frame is forwarded or rejected when it corresponds to the ACL rule.
– Forward
If the frame complies with the ACL rule, the frame is forwarded.
– Discard
If the frame complies with the ACL rule, the frame is not forwarded.
● Ingress Interfaces
Shows a list of all ingress interfaces to which this rule applies.
● Egress Interfaces
Shows a list of all egress interfaces to which this rule applies.
Note
Entering the MAC addresses
You can configure the access rules only for unicast MAC addresses.
Only if you enter the address "00:00:00:00:00:00" for the source and/or destination MAC address, the rule created in this way applies to all source or destination MAC addresses.
Steps in configuration
1. Click the "Create" button. A new row with a unique number (rule number) is created in the table.
2. Enter the unicast MAC address of the source in "Source MAC".
3. Enter the unicast MAC address of the destination in "Destination MAC".
4. In the "Action" drop-down list select whether the frame is forwarded or rejected when it corresponds to the ACL rule.
5. Click the "Set Values" button.
324
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Deleting an entry
You cannot delete active entries.
1. Enable "Select" in the row to be deleted.
2. Click the "Delete" button. The entry is deleted.
Configuring with Web Based Management
6.9 "Security" menu
6.9.5.2
Introduction
Ingress Rules
On this page, you specify the ACL rule according to which incoming frames are filtered at interfaces. You specify the ACL rules in the "Rules Configuration" tab.
Description of the displayed boxes
The page contains the following boxes:
● Interface
Select the required interface from the drop-down list. The available interfaces (Page 37)
depend on your device.
● Add Rule
In the drop-down list select the ACL rule to be assigned to the interface.
● Add
To assign the ACL rule to the interface, click the "Add" button. The configuration is shown in the table.
● Remove Rule
From the "Remove rule" drop-down list, select the ACL rule to be deleted.
● Remove
To remove the ACL rule from the interface, click the "Remove" button.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
325
Configuring with Web Based Management
6.9 "Security" menu
The table has the following columns:
● Rule Order
Shows the order of the ACL rules.
● Rule Number
Shows the number of the ACL rule.
● Source MAC
Shows the unicast MAC address of the source.
● Dest. MAC
Shows the unicast MAC address of the destination.
● Action
Shows the action.
– Forward
If the frame complies with the ACL rule, the frame is forwarded.
– Discard
If the frame complies with the ACL rule, the frame is not forwarded.
Steps in configuration
Follow the steps below to assign an ACL rule to an interface:
1. Select the interface from the "Interface" drop-down list.
2. Select the ACL rule in the "Add Rule" drop-down list.
3. Click the "Add" button. A new entry is generated in the table.
Follow the steps below to remove an ACL rule from an interface:
Note active rules
You cannot delete active rules.
1. Select the interface from the "Interface" drop-down list.
2. Select the ACL rule in the "Remove Rule" drop-down list.
3. Click the "Remove" button. The corresponding entry is removed in the table.
326
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
6.9.5.3
Introduction
Egress Rules
On this page, you specify the ACL rule according to which outgoing frames are filtered at interfaces. You specify the ACL rule in the "Rules Configuration" tab.
Description of the displayed boxes
The page contains the following boxes:
● Interface
Select the required interface from the drop-down list. The available interfaces (Page 37)
depend on your device.
● Add Rule
In the drop-down list select the ACL rule to be assigned to the interface.
● Add
To assign the ACL rule to the interface, click the "Add" button. The configuration is shown in the table.
● Remove Rule
From the "Remove rule" drop-down list, select the ACL rule to be deleted.
● Remove
To remove the ACL rule from the interface, click the "Remove" button.
The table has the following columns:
● Rule Order
Shows the order of the ACL rules.
● Rule Number
Shows the number of the ACL rule.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
327
Configuring with Web Based Management
6.9 "Security" menu
● Source MAC
Shows the unicast MAC address of the source.
● Dest. MAC
Shows the unicast MAC address of the destination.
● Action
Shows the action.
– Forward
If the frame complies with the ACL rule, the frame is forwarded.
– Discard
If the frame complies with the ACL rule, the frame is not forwarded.
Steps in configuration
Follow the steps below to assign an ACL rule to an interface:
1. Select the interface from the "Interface" drop-down list.
2. Select the ACL rule in the "Add Rule" drop-down list.
3. Click the "Add" button. A new entry is generated in the table.
Follow the steps below to remove an ACL rule from an interface:
Note active rules
You cannot delete active rules.
1. Select the interface from the "Interface" drop-down list.
2. Select the ACL rule in the "Remove Rule" drop-down list.
3. Click the "Remove" button. The corresponding entry is removed in the table.
328
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
6.9.6 IP ACL
6.9.6.1
Introduction
Rules Configuration
On this page, you specify the rules for the IP-based Access Control List. Using the IP-based
ACL, you can specify whether frames of certain IPv4 addresses are forwarded or discarded.
Description of the displayed boxes
The table has the following columns:
● Select
Select the row you want to delete. If this entry is used, this is grayed out and you cannot delete it.
● Rule Number
Shows the number of the ACL rule. If you create a new entry, a new line with a unique number is created.
● Source IP
Enter the IPv4 address of the source.
● Source Subnet Mask
Enter the subnet mask of the source.
● Dest. IP
Enter the IPv4 address of the destination.
● Dest. Subnet Mask
Enter the subnet mask of the destination.
● Action
Select whether the frame is forwarded or rejected when it corresponds to the ACL rule.
– Forward
If the frame complies with the ACL rule, the frame is forwarded.
– Discard
If the frame complies with the ACL rule, the frame is not forwarded.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
329
Configuring with Web Based Management
6.9 "Security" menu
● Ingress Interfaces
Shows a list of all ingress interfaces to which this rule applies.
● Egress Interfaces
Shows a list of all egress interfaces to which this rule applies.
Note
Subnet mask for individual hosts
If you create the rule for a single system (one IPv4 address), specify the subnet mask
"255.255.255.255".
Steps in configuration
1. Click the "Create" button. A new row with a unique number (rule number) is created in the table.
2. Enter the data of the source in "Source IP" and in "Source Subnet Mask".
3. Enter the data of the destination in "Dest. IP" and in "Dest. Subnet Mask".
4. In the "Action" drop-down list select whether the frame is forwarded or rejected when the frame corresponds to the ACL rule.
5. Click the "Set Values" button.
Deleting an entry
You cannot delete active entries.
1. Enable "Select" in the row to be deleted.
2. Click the "Delete" button. The entry is deleted.
6.9.6.2 Protocol Configuration
On this page, you specify the rules for protocols.
Settings
Figure 6-1 IP ACL Protocol Configuration
330
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
The table has the following columns:
● Rule Number
Shows the number of the protocol rule. When you create a rule, a new row with a unique number is created.
● Protocol
Select the protocol for which this rule is valid.
● Protocol Number
Enter a protocol number to define further protocols.
This box can only be edited if you have set "Other Protocol" for the protocol .
● Source Port Min.
Enter the lowest possible port number of the source port.
This box can only be edited if you have set "TCP" or "UDP"" for the protocol.
● Source Port Max.
Enter the highest possible port number of the source port.
This box can only be edited if you have set "TCP" or "UDP" for the protocol.
● Dest. Port Min.
Enter the lowest possible port number of the destination port.
This box can only be edited if you have set "TCP" or "UDP" for the protocol.
● Dest. Port Max.
Enter the highest possible port number of the destination port.
This box can only be edited if you have set "TCP" or "UDP" for the protocol.
● Message Type
Enter a message type to decide the format of the message.
This box can only be edited if you have set "ICMP" for the protocol.
● Message Code
Enter a message code to specify the function of the message.
This box can only be edited if you have set "ICMP" for the protocol.
● DSCP
Enter a value for classifying the priority.
This box cannot be edited if you have set "ICMP" for the protocol.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
331
Configuring with Web Based Management
6.9 "Security" menu
6.9.6.3
Introduction
Ingress Rules
On this page, you specify the ACL rules according to which incoming frames are handled by interfaces. You specify the ACL rules in the "Rules Configuration" tab.
332
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
Description of the displayed boxes
The page contains the following boxes:
● Interface
Select the required interface from the drop-down list. The available interfaces (Page 37)
depend on your device.
To select a VLAN interface, an IP interface must be configured.
Note
If you use a VLAN interface, the ACL rule applies to all ports that belong to the VLAN.
● Add Rule
In the drop-down list select the ACL rule to be assigned to the interface.
● Add
To permanently assign the ACL rule to the interface, click the "Add" button. The configuration is shown in the table.
● Remove Rule
From the "Remove rule" drop-down list, select the ACL rule to be deleted.
● Remove
To remove the ACL rule from the interface, click the "Remove" button.
The table has the following columns:
● Rule Order
Shows the order of the ACL rules.
● Rule Number
Shows the number of the ACL rule.
● Protocol
Shows the protocol for which this rule is valid.
● Protocol Number
Shows the protocol number.
● Source IP
Shows the IPv4 address of the source.
● Source Subnet Mask
Shows the subnet mask of the source.
● Dest IP
Shows the IP address of the destination.
● Dest. Subnet Mask
Shows the subnet mask of the destination.
● Action
Select whether the frame is forwarded or rejected when it corresponds to the ACL rule.
– Forward
If the frame complies with the ACL rule, the frame is forwarded.
– Discard
If the frame complies with the ACL rule, the frame is not forwarded.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
333
Configuring with Web Based Management
6.9 "Security" menu
● Source Port Min.
Shows the lowest possible port number of the source port.
● Source Port Max.
Shows the highest possible port number of the source port.
● Dest. Port Min.
Shows the lowest possible port number of the destination port.
● Dest. Port Max.
Shows the highest possible port number of the destination port.
● Message Type
Shows a message type to decide the format of the message.
● Message Code
Shows a message code to specify the function of the message.
● DSCP
Shows a value for classifying the priority.
Steps in configuration
Follow the steps below to assign an ACL rule to an interface:
1. Select the interface from the "Interface" drop-down list.
2. Select the ACL rule in the "Add Rule" drop-down list.
3. Click the "Add" button. A new entry is generated in the table.
Follow the steps below to assign an ACL rule to an interface:
Note active rules
You cannot delete active rules.
1. Select the interface from the "Interface" drop-down list.
2. Select the ACL rule in the "Remove Rule" drop-down list.
3. Click the "Remove" button. The corresponding entry is deleted.
334
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
6.9.6.4
Introduction
Egress Rules
On this page, you specify the ACL rules according to which outgoing frames are handled by interfaces. You specify the ACL rules in the "Rules Configuration" tab.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
335
Configuring with Web Based Management
6.9 "Security" menu
Description of the displayed boxes
The page contains the following boxes:
● Interface
Select the required interface from the drop-down list. The available interfaces (Page 37)
depend on the device.
To select a VLAN interface, an IP interface must be configured.
Note
If you use a VLAN interface, the ACL rule applies to all ports that belong to the VLAN.
● Add Rule
In the drop-down list select the ACL rule to be assigned to the interface.
● Add
To assign the ACL rule to the interface, click the "Add" button. The configuration is shown in the table.
● Remove Rule
From the "Remove rule" drop-down list, select the ACL rule to be deleted.
● Remove
To remove the ACL rule from the interface, click the "Remove" button.
The table has the following columns:
● Rule Order
Shows the order of the ACL rules.
● Rule Number
Shows the number of the ACL rule.
● Protocol
Shows the protocol for which this rule is valid.
● Protocol Number
Shows the protocol number.
● Source IP
Shows the IPv4 address of the source.
● Source Subnet Mask
Shows the subnet mask of the source.
● Dest IP
Shows the IP address of the destination.
● Dest. Subnet Mask
Shows the subnet mask of the destination.
● Action
Select whether the frame is forwarded or rejected when it corresponds to the ACL rule.
– Forward
If the frame complies with the ACL rule, the frame is forwarded.
– Discard
If the frame complies with the ACL rule, the frame is not forwarded.
336
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
● Source Port Min.
Shows the lowest possible port number of the source port.
● Source Port Max.
Shows the highest possible port number of the source port.
● Dest. Port Min.
Shows the lowest possible port number of the destination port.
● Dest. Port Max.
Shows the highest possible port number of the destination port.
● Message Type
Shows a message type to decide the format of the message.
● Message Code
Shows a message code to specify the function of the message.
● DSCP
Shows a value for classifying the priority.
Steps in configuration
Follow the steps below to assign an ACL rule to an interface:
1. Select the interface from the "Interface" drop-down list.
2. Select the ACL rule in the "Add Rule" drop-down list.
3. Click the "Add" button. A new entry is generated in the table.
Follow the steps below to remove an ACL rule from an interface:
Note active rules
You cannot delete active rules.
1. Select the interface from the "Interface" drop-down list.
2. Select the ACL rule in the "Remove Rule" drop-down list.
3. Click the "Remove" button. The corresponding entry is removed in the table.
6.9.7 Management ACL
Description of configuration
On this page, you can increase the security of your device. To specify which station with which IP address is allowed to access your device, configure the IP address or an entire address range.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
337
Configuring with Web Based Management
6.9 "Security" menu
You can select the protocols and the ports of the station with which it is allowed to access the device. You define the VLAN in which the station may be located. This ensures that only certain stations within a VLAN have access to the device.
Note
If you enable this function, note the following
A bad configuration on the "Management Access Control List" page can result in you being unable to access the device. You should therefore configure an access rule that allows access to the management before you enable the function.
Description
The page contains the following boxes:
● Management ACL
Enable or disable the function.
Note
If the function is disabled, there is unrestricted access to the management of the IE switch. The configured access rules are only taken into account when the function is enabled.
● IP Address
Enter the IP address or the network address to which the rule will apply. If you use the IP address 0.0.0.0, the settings apply to all IP addresses.
● Subnet Mask
Enter the subnet mask. The subnet mask 255.255.255.255 is for a specific IP address. If you want to allow a subnet, for example a C subnet, enter 255.255.255.0. The subnet mask 0.0.0.0 applies to all subnets.
338
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.9 "Security" menu
The table has the following columns:
● Select
Select the check box in the row to be deleted.
● Rule Order
Shows the number of the rule. If you click the "Create" button, a new row with a unique number is created.
● IP Address
Shows the IP address.
● Subnet Mask
Shows the subnet mask.
● VLANs Allowed
Only available if 802.1Q VLAN Bridge is set for "Layer 2 > VLAN > General".
Enter the number of the VLAN in which the device is located. The station can only access the device if it is located in this configured VLAN. If this input box remains empty, there is no restriction relating to the VLANs.
● SNMP
Specify whether the station (or the IP address) accesses the device using the SNMP protocol.
● TELNET
Specify whether the station (or the IP address) accesses the device using the TELNET protocol.
● HTTP
Specify whether the station (or the IP address) accesses the device using the HTTP protocol.
● HTTPS
Specify whether the station (or the IP address) accesses the device using the HTTPS protocol.
● SSH
Specify whether the station (or the IP address) accesses the device using the SSH protocol.
● Px
Specify whether the station (or the IP address) accesses the device via this port.
● WLAN 1 (client mode only)
Specify whether or not the station (or the IP address) accesses the device via the WLAN interface.
● VAP X.Y (access point mode only)
Specify whether or not the station or the IP address accesses the device via the VAP interface.
● WDS X.Y(access point mode only)
Specify whether or not the station or the IP address accesses the device via the WDS interface.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
339
Configuring with Web Based Management
6.9 "Security" menu
Procedure
Note
Note that a bad configuration may mean that you can no longer access the device.
You can then only remedy this by resetting the device to the factory defaults and then reconfiguring.
Changing the entry
1. Configure the data of the entry you want to modify.
2. Click the "Set Values" button to transfer the changes to the device.
Creating new entry
1. In the "IP Address" input box, enter the IP address of the device and in the "Subnet
Mask" input box the corresponding subnet mask.
2. Click the "Create" button to create a new row in the table.
3. Configure the entries of the new row.
4. Click the "Set Values" button to transfer the new entry to the device.
Deleting entries
1. Select the check box in the row to be deleted.
2. Repeat this procedure for every entry you want to delete.
3. Click the "Delete" button. The entries are deleted and the page is updated.
340
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.10 "iFeatures" menu
6.10 "iFeatures" menu
iFeatures possible only with SCALANCE W722-1 RJ-45
The use of iPCF, iPCF-MC is possible only with the Client SCALANCE W722-1 RJ-45. You can integrate this in a WLAN with iPCF, iPCF-MC.
6.10.1 iPCF
6.10.1.1 iPCF
Requirements to be able to use iPCF:
● Client SCALANCE W722-1 RJ-45 (MLFB 6GK5722-1FC00-0AA0 / 6GK5722-1FC00-
0AB0 (US version))
When should iPCF be used?
The use of iPCF is advisable particularly if you have a large number of nodes and want to implement highly deterministic operation. This is necessary, for example with PROFINET or other cyclic protocols. You will find a more detailed description of iPCF in the section
"Technical basics" in the section "iPCF / iPCF-MC (Page 43)".
Note
Use of iPCF with other iFeatures
The function iPCF and other iFeatures (e.g. iPCF-MC) are not compatible with each other and cannot be used at the same time on a device.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
341
Configuring with Web Based Management
6.10 "iFeatures" menu
Description
You have the following configuration options:
● Enable iPCF
Enable or disable iPCF mode. For PROFINET communication, we recommend that you enable the iPCF mode. By enabling iPCF, the data rates provided by the access point are adapted. We strongly recommend that you retain the default setting for the data rates
(802.11 a/b/g = 12 Mbps and 802.11n = MCS 2).
Procedure
1. Select the "Enable iPCF" option for the required WLAN interface.
You configure the security settings in "Security > WLAN > Basic".
6.10.2 iPCF-MC
Requirements to be able to use iPCF-MC:
● Client SCALANCE W722-1 RJ-45 (MLFB 6GK5722-1FC00-0AA0 / 6GK5722-1FC00-
0AB0 (US version))
● The management interface and data interface must be operated in the same frequency band and mode and must match in terms of their wireless coverage. iPCF-MC will not work if both wireless interfaces are equipped with directional antennas that cover different areas.
● The management interfaces of all access points to which a client can change must use the same channel. A client scans only this one channel to find accessible access points.
● Transmission based on IEEE801.11h (DFS) cannot be used for the management interface. 801.11h (DFS) is possible for the data interface.
● The client cannot be operated with "Use Allowed Channels only".
● "Force roaming on Ethernet down" is automatically mirrored on the second interface.
● The following applies to clients: All configured and active SSIDs must be assigned to security context 1. An SSID is active when the corresponding check box "Enabled" is selected on the page "Interfaces >WLAN".
● In Japan, iPCF-MC cannot be enabled if the data or management interface uses a frequency of the 4920 MHz - 5080 MH frequency band.
342
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Configuring with Web Based Management
6.10 "iFeatures" menu
When should iPCF-MC be used?
iPCF was developed to achieve short handover times when roaming between cells. The iPCF-MC technique allows short handover times even for freely mobile clients and when a lot of cells are involved or a large number of channels is being used.
Note
Use of iPCF with other iFeatures
The function iPCF-MC and other iFeatures (e.g. iPCF) are not compatible with each other and cannot be used at the same time on a device.
Assignment of the interfaces
With 11n devices, remember that the assignment of the WLAN interfaces is fixed for iPCF-
MC.
•
WLAN1: Data interface
• WLAN2: Management interface
Description
The page contains the following boxes:
● Enable iPCF-MC activated
Enable or disable the iPCF-MC mode of the device.
For PROFINET communication, we recommend enabling the iPCF-MC mode. By enabling iPCF-MC, the data rates provided by the access point are adapted.
We strongly recommend that you retain the default setting for the data rates (802.11 a/b/g
= 6, 9 and 12 Mbps and 802.11n = MCS 2).
● Management Scan Period (in client mode only)
This parameter specifies the time between two management channel scans (specified in iPCF cycles). If, for example, you select two, the client runs a management channel scan only in every second iPCF cycle.
A lower value for the scan interval provides the basis for fast roaming, however this means that no high data throughput can be achieved. A higher value should be selected for a high data throughput.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
343
Configuring with Web Based Management
6.10 "iFeatures" menu
6.10.3 iPRP
Requirements for using iPRP
● Client SCALANCE W722-1 RJ-45 (MLFB 6GK5722-1FC00-0AA0 / 6GK5722-1FC00-
0AB0 (US version))
● The Base Bridge mode "802.1Q VLAN Bridge" is set.
● The VLANs have been created.
● For "MAC Mode", Layer 2 Tunnel is set.
When should iPRP be used?
Note
Use of iPRP with other iFeatures
IPRP and other iFeatures (e.g. iPCF. iPCF-MC, ) are not compatible with each other and cannot be used at the same time on a device. iPRP with oversize frames (jumbo frames)
To be able to use oversize frames, oversize frames (jumbo frames) must be configured on all devices in the network.
With the "industrial Parallel Redundancy Protocol" (iPRP) the PRP technology can be used in a wireless network. With IPRP the PRP frames are transferred parallel via two wireless links. The parallel transfer allows disruptions of the transfer on one wireless link to be compensated on the other.
344
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Description
Configuring with Web Based Management
6.10 "iFeatures" menu
The page contains the following:
● PRP A
Select the VLAN assignment for PRP from the drop-down list.
● PRP B
Select the VLAN assignment for PRP B from the drop-down list.
This table contains the following columns:
● Interface
Shows the available interfaces.
● Enable iPRP
Enable or disable iPRP for the required interface.
● PRP Network
Specify the PRP network in which the interface is a member.
Procedure
1. Select the VLAN assignment for PRP A from the "PRP A" drop-down list.
2. Select the VLAN assignment for PRP B from the "PRP B" drop-down list.
3. Specify the PRP network in which the interface is a member.
4. Select the "Enable iPRP" setting. Click the "Apply settings" button.
The appropriate VLAN settings are made automatically.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
345
Configuring with Web Based Management
6.10 "iFeatures" menu
346
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Upkeep and maintenance
7
7.1
Requirement
Firmware update - via WBM
● The device has an IP address.
● The user is logged in with administrator rights.
Firmware update via HTTP
1. Click "System > Load&Save" in the navigation area. Click the "HTTP" tab.
2. Click the "Load" button in the "Firmware" table row.
3. Go to the storage location of the firmware file.
4. Click the "Open" button in the dialog. The file is uploaded.
Firmware update - via TFTP
1. Click "System > Load&Save" in the navigation area. Click the "TFTP" tab.
2. Enter the IP address of the TFTP server in the "TFTP Server Address" input box.
3. Enter the port of the TFTP server in the "TFTP Server Port" input box.
4. Click the "Load file" button in the "Firmware" table row.
5. Go to the storage location of the firmware file.
6. Click the "Open" button in the dialog. The file is uploaded.
Result
The firmware is has been transferred completely to the device.
On the "Information > Versions" there are the entries "Firmware" and "Firmware Running".
Firmware Runningshows the version of the current firmware. "Firmware" shows the firmware version stored after loading the firmware. To activate this firmware, restart the device with
"System > Restart".
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
347
Upkeep and maintenance
7.2 Embedding firmware in ConfigPack.
7.2 Embedding firmware in ConfigPack.
Please not the additional information and security notes in the operating instructions of your device.
With the the ConfigPack with embedded firmware file you can install a device configuration including the firmware belonging to it on one or more devices.
Creating ConfigPack with embedded firmware
To embed the firmware in a ConfigPack, you need to make a setting in the Command Line
Interface (CLI). To do this, follow the steps outlined below:
Note
Using configurations with DHCP
If you want to use the ConfigPack with embedded firmware to commission multiple devices with the same configuration and firmware create a ConfigPack only from device configurations that use DHCP. Otherwise disruptions will occur in network operation due to multiple identical IP addresses.
You assign fixed IP addresses extra following the basic installation.
1. Start the remote configuration using Telnet (CLI) and log on with a user with the "admin" role.
2. Change to the Global configuration mode with the command "configure terminal".
3. You change to the loadsave configuration mode with the "loadsave" command.
4. Enter the "firmware-in-configpack" command without parameters.
The firmware currently on this device is now included as a separate file in the ConfigPack when you save it.
Note
Embedding firmware in ConfigPack.
When the device is restarted this functionality is lost again and must be reactivated.
If you save a ConfigPack in the WBM or CLI, the firmware is embedded.
Refer to the information in the section AUTOHOTSPOT.
Installing ConfigPack with embedded firmware
Note
Installing ConfigPack with DHCP options 66, 67
You can also install the ConfigPack using DHCP with options 66 and 67 activated.
You activate the options in the menu "System > DHCP > DHCP Client".
If you install a ConfigPack using WBM or CLI, firmware stored there is also installed.
348
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Upkeep and maintenance
7.2 Embedding firmware in ConfigPack.
Procedure in the WBM
1. Connect to the WBM of the device on which you want to install the ConfigPack as administrator.
2. Go to the menu "System > Load&Save".
3. In the row "ConfigPack", click the "Load" button
4. Select the ConfigPack you want to install.
5. Restart the device with "System > Restart".
If there is a different firmware version on the device to be installed compared with that in the ConfigPack, an upgrade/downgrade of the firmware is performed. You can recognize this by the red F-LED flashing (flashing interval; 2 sec on/0.2 sec off). Afterwards the device is restarted and the device configuration incl. users and certificates stored in the
ConfigPack is transferred to the device.
6. Wait until the device has fully started up.
(the red F-LED is off)
7. You can log on the device again or exit the WBM.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
349
Upkeep and maintenance
7.3 Restoring the factory settings
7.3 Restoring the factory settings
NOTICE
Previous settings
If you reset, all the settings you have made will be overwritten by factory defaults.
NOTICE
Inadvertent reset
An inadvertent reset can cause disturbances and failures in a configured network with further consequences.
With the reset button
When pressing the button, remember the information in the section "Reset button" in the operating instructions.
Follow the steps below to reset the device parameters to the factory settings:
1. Turn off the power to the device.
2. Now press the Reset button and reconnect the power to the device while holding down the button.
3. Hold down the button until the red fault LED (F) stops flashing after approximately 10 seconds and is permanently lit.
4. Now release the button and wait until the fault LED (F) goes off again.
5. The device then starts automatically with the factory settings.
Via the configuration
You will find detailed information on resetting the device parameters using the WBM and CLI in the configuration manuals:
● Web Based Management, section "Restart"
● Command Line Interface, section "Reset and Defaults"
350
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Troubleshooting/FAQ
8
8.1
Cause
Firmware update via WBM or CLI not possible
If there is a power failure during the firmware update, it is possible that the device is no longer accessible using Web Based Management or the CLI.
When pressing the button, make sure you adhere to the instructions in the section "Reset button".
Solution
You can then also assign firmware to a SCALANCE W700 using TFTP.
Follow the steps below to load new firmware using TFTP:
1. Turn off the power to the device.
2. Now press the Reset button and reconnect the power to the device while holding down the button.
3. Hold down the button until the red fault LED (F) starts to flash after approximately 2 seconds.
4. Now release the button. The bootloader waits in this state for a new firmware file that you can download by TFTP.
5. Connect a PC to the SCALANCE W700 over the Ethernet interface.
6. Assign an IP address to the SCALANCE W700 with the Primary Setup Tool.
7. Open a DOS box and change to the directory where the file with the new firmware is located and then execute the command "tftp -i <ip address> PUT <firmware>". As an alternative, you can use a different TFTP client.
8. Close the cover to ensure that the device is closed and water and dust proof.
Note
Use of CLI and TFTP in Windows 7
If you want to access the CLI or TFTP in Windows 7, make sure that the relevant functions are enabled in Windows 7.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
351
Troubleshooting/FAQ
8.1 Firmware update via WBM or CLI not possible
Result
The firmware is transferred to the device.
Note
Please note that the transfer of the firmware can take several minutes. During the transmission, the red error LED (F) flashes.
Once the firmware has been transferred completely to the device, the device is restarted automatically.
352
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Troubleshooting/FAQ
8.2 Disrupted data transmission due to the received power being too high
8.2 Disrupted data transmission due to the received power being too high
Causes and effects of excessive received power
If the received power at the input of a SCALANCE W700 device is too high, this overdrives the amplifier circuit. Overdrive can occur on clients and access points. If the received power on the SCALANCE W700 device is greater than -35 dBm, this can result in disrupted communication.
Information about the signal strength [in dBm] is displayed in WBM on the following tabs:
Access point mode:
● Information > WLAN > Client List
Client mode:
● Information > WLAN > Available AP
● Interfaces > WLAN > Signal recorder
The power of the input signal on the SCALANCE W700 device is influenced by the following factors:
● Distance between the WLAN partners
● Reflections of the electromagnetic waves by parts of the building
● Setting of the "max. Tx Power" (transmit power) (Interfaces > WLAN > Basic) and the antenna settings used (Interfaces > WLAN > Antennas).
Solution
If communication is disrupted by an excessive signal strength (greater than -35 dBm), you can eliminate the problem in the following ways:
● Increase the distance between the transmitter and receiver.
● Reduce the transmit power of the IWLAN partner with suitable settings in WBM or CLI.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
353
Troubleshooting/FAQ
8.3 Compatibility with predecessor products
8.3
Mixed mode
Compatibility with predecessor products
Mixed operation with predecessor products (6GK57xx-xAA60-xAx0) is possible.
Further information about predecessor products can be found on the Internet at Siemens
Industry Automation and Drives Service & Support, entry ID: 42784493
( http://support.automation.siemens.com/WW/view/en/42784493 )
Note the following points if you want to make mixed operation possible:
● Transmission standard IEEE 802.11a/b/g/n
The transmission standards IEEE 802.11a/b/g/n are compatible with the predecessor products. The setting "802.11n only" is not compatible with the predecessor products.
The transmission standards IEEE 802.11a/g/h Turbo of the predecessor products are not supported.
● Security settings
The transmission standards IEEE 802.11a/b/g support the same security settings as the predecessor products.
The transmission standard IEEE 802.11n with the setting "802.11n" or "802.11n only" only supports WPA2/ WPA2-PSK with AES in the security settings.
● iPCF / iPCF-MC
The transmission method IEEE 802.11b is not supported along with iPCF.
The devices SCALANCE W700-xRR must not be configured with the operating mode
IEEE 802.11b in mixed operation.
● SSID
For SSID, use only the characters that were supported by the previous products.
● Management only over wired Ethernet interface
In the previous products, there was a function "Management only over wired Ethernet
interface". In the new devices this function is covered by the "Management ACL
● WDS ID
With WDS ID, do not use the ASCII character 0x22 ( " ).
● Key for WEP or AES
With devices with firmware up to version 3.2, the keys for WEP or AES may only contain
ASCII characters or hexadecimal characters from 0x20 to 0x7E.
● Key for WPA(2)-PSK
For devices with firmware version ≤ 5.0, the keys for WPA(2)-PSK can only consist of
ASCII characters or hexadecimal characters from 0x20 to 0x7E.
For devices with firmware version ≥ 5.1, the following specifications apply to WPA(2)-PSK keys:
– For a key with 8 to 63 characters, you can only use the following readable ASCII characters: 0x20 - 0x7e.
– For a key with precisely 64 characters, you can use the following ASCII characters: 0 -
9, a - f and A - F.
354
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
8.4
Troubleshooting/FAQ
8.4 Instructions for secure network design
Instructions for secure network design
Note the following information about protecting your network from attacks:
● Use a secure connection with HTTPS
In contrast to HTTP, HTTPS allows you secure access for configuring the WLAN clients and the access points using Web Based Management. For more detailed information,
refer to the section "Load & Save (Page 165)".
● Use WPA2/ WPA2-PSK with AES
Use only WPA2/AES to prevent password misuse. WPA2/ WPA2-PSK with AES provides
the greatest security. For more detailed information, refer to the section ""Security" menu
● Protect your network from man-in-the-middle attacks
To protect your network from man-in-the-middle attacks, a network setup is recommended that makes it more difficult for the attacker to access the communications path between two end devices.
– You can, for example, protect devices by arranging so that the Agent IP is only accessible via a single management VLAN. For more detailed information, refer to the
section "Agent IPv4 (Page 155)".
– A further option is to install a separate HTTPS certificate on the WLAN client / access point. The HTTPS certificate checks the identity of the device and controls the encrypted data exchange. You can install the HTTPS certificate, for example using
HTTP. For more detailed information, refer to the section "Load & Save (Page 165)".
● Use SNMPv3
SNMPv3 provides you with highest possible security when accessing the devices via
SNMP. For more detailed information, refer to the section "SNMP (Page 188)".
NOTICE
Changing the default password after configuring with STEP 7
If a device in the default status is configured only with STEP 7, it is not possible to change the default password. This change must be made directly on the device using WBM or CLI.
Otherwise the default password is retained and any user could log in using the default password.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
355
Troubleshooting/FAQ
8.5 Message: SINEMA configuration not yet accepted
8.5 Message: SINEMA configuration not yet accepted
When the following message is displayed in the display area an error has occurred transferring the configuration from STEP 7 Basic / Professional as of V13 to the device:
"SINEMA Configuration not accepted yet. With restart of device, all configuration changes will be lost."
One possible cause is, for example, that during transfer the device was not reachable.
If you now change a parameter directly on the device (WBM/CLI/SNMP) these changes are lost when the device restarts.
Solution
1. Open the relevant STEP 7 project in STEP 7 Basic / Professional
2. Open the project view.
3. Select the device in the project tree.
4. Select the "Go to network view" command in the shortcut menu.
5. Select the device in the network view.
6. In the shortcut menu of the selected device select the command "SCALANCE configuration > Save as start configuration".
Result
The configuration is saved on the device. The message is no longer visible in the display area. A configuration change directly on the device is no longer lost due to a restart of the device.
See also
Configure the device using the TIA Portal. (Page 357)
356
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Troubleshooting/FAQ
8.6 Configure the device using the TIA Portal.
8.6 Configure the device using the TIA Portal.
Once you have inserted the network component, you can edit the properties and parameters offline, for example the device name. Offline means there is no connection to the device.
To be able to see the changes on the device, the change must first be compiled and then loaded on the device.
Compiling and loading can be started in different ways:
● with the shortcut menu "Download to device > Hardware configuration"
● with the "Download" button in the toolbar.
Requirement
● The network component has been created in the project.
● The hardware configuration of the network component matches the hardware configuration of the device. If this is not case, the download will be aborted due to errors.
● The firmware version of the network component matches the firmware version of the device.
● The IP address has been set up.
● The device is connected to the configuration PC.
● The required properties and parameters have been configured.
Note
Activating the SINEMA configuration interface
You can only configure a device using the TIA Portal if you have enabled "SINEMA configuration interface" in the WBM in the menu "System > Configuration".
Downloading properties and parameters to the device
To download the change properties and parameters to the device, follow these steps:
1. Select the required network component in the project tree.
2. In the shortcut menu of the network component select the command "Download to device
> Hardware configuration".
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
357
Troubleshooting/FAQ
8.6 Configure the device using the TIA Portal.
3. When the "Extended download to device" dialog opens, configure the "Settings for the download".
– Select the protocol you are using, e.g. HTTPS.
– Configure the relevant interface parameters on the configuration PC. When necessary, make interface or protocol specific settings on the operator panel. Click
"Start search"
The network component is displayed in the "Compatible devices in target subnet" table with its detected IP address.
– Select the address entry in the table and click the "Load" button.
4. The "Load preview" dialog opens. At the same time the hardware configurations compiled. In this dialog you see messages and proposed revisions necessary for loading, e.g. password required.
Check the messages and if necessary enable the actions in the "Action" column.
As soon as loading is possible the button becomes active.
5. Click the "Load" button.
Loading is performed and the dialog "Load results" is displayed.
6. If the loading is completed error-free, select "Save configuration" in "Action".
7. Click the "Finish" button.
Result
After successful loading, the project can be run on the network component.
Updating the SCALANCE configuration of the network component
To update the SCALANCE configuration of the network component, follow these steps:
1. Open the "Devices & Networks" editor and set the network view.
2. Select the network component in the network view.
3. In the shortcut menu of the network component select the command "SCALANCE configuration > Upload to PG/PC".
Result
Once the connection to the device is established you will be prompted to log in to the device.
If the login was successful, the SCALANCE configuration will be loaded from the device to the TIA Portal. Afterwards the properties and parameters are updated in the TIA Portal.
358
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Appendix A
A.1 Supported MIB files
MIB files available for the SCALANCE W700
The following table shows the MIB files available for a SCALANCE W700:
MIB
AUTOMATION SNTP (Siemens)
1) 2)
Root OID
.1.3.6.1.4.1.4329.6.3.11
AUTOMATION SYSTEM MIB (Siemens)
1) 2)
.1.3.6.1.4.1.4329.6.3.2
AUTOMATION TELNET (Siemens)
1) 2)
.1.3.6.1.4.1.4329.6.3.8
AUTOMATION TIME MIB (Siemens)
1) 2)
.1.3.6.1.4.1.4329.6.3.3
BRIDGE MIB
ENTITY-MIB
EtherLike-MIB
IANA-MAU-MIB
IEEE8021-PAE-MIB
IEEE802dot11-MIB
IF-MIB:
.1.3.6.1.2.1.17
.1.3.6.1.2.1.47
.1.3.6.1.2.1.10.7.2
.1.3.6.1.2.1.26.1.1
.1.0.8802.1.1.1
.1.2.840.10036
.1.3.6.1.2.1.2
P-BRIDGE-MIB
Q-BRIDGE-MIB
RADIUS-ACC-CLIENT-MIB
RADIUS-AUTH-CLIENT-MIB
RFC1213-MIB
RMON-MIB
SNMP-COMMUNITY-MIB
.1.3.6.1.2.1.17.4.5
.1.3.6.1.2.1.17.7
.1.3.6.1.2.1.67.2.2
.1.3.6.1.2.1.67.1.2
.1.3.6.1.2.1.4
.1.3.6.1.2.1.16
.1.3.6.1.6.3.18
SNMP-FRAMEWORK-MIB
SNMP NOTIFICATION MIB
SNMP PROXY MIB
SNMP-TARGET-MIB
SNMP USER-BASED SM MIB
SNMPv2-MIB
SNMP VIEW-BASED ACM MIB
SN-MSPS-ACL-MIB (Siemens)
2)
SN-MSPS-CONFIG-MIB (Siemens) 2)
SN-MSPS-CPLUG-MIB (Siemens)
2)
SN-MSPS-DHCP-CLIENT-MIB (Siemens)
2)
SN-MSPS-DIGITAL-IO-MIB (Siemens)
2)3)
SN-MSPS-GENERAL-MIB (Siemens)
2)
.1.3.6.1.6.3.10.2.1
.1.3.6.1.6.3.13
.1.3.6.1.6.3.14
.1.3.6.1.6.3.12
.1.3.6.1.6.3.15
.1.3.6.1.2.1.1
.1.3.6.1.6.3.16
.1.3.6.1.4.1.4329.20.1.1.1.1.30
.1.3.6.1.4.1.4329.20.1.1.1.1.1
.1.3.6.1.4.1.4329.20.1.1.1.1.23
.1.3.6.1.4.1.4329.20.1.1.1.1.17.1
.1.3.6.1.4.1.4329.20.1.1.1.1.39
.1.3.6.1.4.1.4329.20.1.1.1.1.2
Reference
Vendor specific
Vendor specific
Vendor specific
Vendor specific
RFC1493
IEEE 802.1X
IEEE 802.11
RFC2233
RFC2571
RFC2573
RFC2573
RFC2574
RFC1907
RFC2575
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
A
359
Appendix A
A.1 Supported MIB files
MIB
SN-MSPS-HTTP-MIB (Siemens)
2)
SN-MSPS-IF-MIB (Siemens)
2)
SN-MSPS-IP-MIB (Siemens)
2)
SN-MSPS-LOAD-SAVE-MIB (Siemens)
2)
SN-MSPS-LOG-MIB (Siemens)
2)
SN-MSPS-MSTP-MIB (Siemens)
2)
SN-MSPS-NTP-MIB (Siemens)
SN-MSPS-PNAC-MIB (Siemens)
2)
SN-MSPS-PORT-MIB (Siemens)
2)
SN-MSPS-RADIUS-SERVER-MIB (Siemens)
2)
Root OID
.1.3.6.1.4.1.4329.20.1.1.1.1.20
.1.3.6.1.4.1.4329.20.1.1.1.1.34
.1.3.6.1.4.1.4329.20.1.1.1.1.13
.1.3.6.1.4.1.4329.20.1.1.1.1.26
.1.3.6.1.4.1.4329.20.1.1.1.1.31
.1.3.6.1.4.1.4329.20.1.1.1.1.6
.1.3.6.1.4.1.4329.20.1.1.1.1.33
.1.3.6.1.4.1.4329.20.1.1.1.1.10
.1.3.6.1.4.1.4329.20.1.1.1.1.29
.1.3.6.1.4.1.4329.20.1.1.1.1.11.2
SN-MSPS-REPORT-MIB (Siemens)
2)
SN-MSPS-RMON-MIB (Siemens)
2)
SN-MSPS-SINEMA-MIB (Siemens)
2)
SN-MSPS-SNMP-MIB (Siemens)
2)
SN-MSPS-SNTP-CLIENT-MIB (Siemens)
2)
SN-MSPS-STP-L2T-MIB (Siemens)
.1.3.6.1.4.1.4329.20.1.1.1.1.28
.1.3.6.1.4.1.4329.20.1.1.1.1.12
.1.3.6.1.4.1.4329.20.1.1.1.1.25
.1.3.6.1.4.1.4329.20.1.1.1.1.4
.1.3.6.1.4.1.4329.20.1.1.1.1.19.1
.1.3.6.1.4.1.4329.20.1.1.1.1.40
SN-MSPS-SYSLOG-CLIENT-MIB (Siemens)
2)
.1.3.6.1.4.1.4329.20.1.1.1.1.21.1
SN-MSPS-VLAN-MIB (Siemens)
2)
.1.3.6.1.4.1.4329.20.1.1.1.1.3
SN-MSPS-WLAN-MIB (Siemens) 2)
TCP-MIB
UDP-MIB
.1.3.6.1.4.1.4329.20.1.1.1.1.27
.1.3.6.1.2.1.6
.1.3.6.1.2.1.7
Reference
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
Vendor specific
1)
Part of the AUTOMATION.MIB
You can download the AUTOMATION.MIB for SCALANCE W700 from Siemens Industry Automation and Drives Service & Support under the following entry ID 67637278
( http://support.automation.siemens.com/WW/view/en/67637278?Datakey=37421371 )
2)
Part of the private MIB file "Scalance_w_msps.mib". The file can be downloaded in
WBM using "System > Load&Save
> HTTP > MIB" using the "Save" button
3)
This MIB is not supported on devices without a digital input/output.
360
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Appendix B
B
B.1 Private MIB variables
Downloading the MIB of the SCALANCE W700 via WBM
The MIB of the SCALANCE W700 in WBM using "System > Load&Save > HTTP > MIB" and the "Save" button.
OID
The private MIB variables of the SCALANCE W700 have the following object identifiers: iso(1).org(3).dod(6).internet(1).private(4). enterprises(1) siemens(4329) industrialComProducts(20) iComPlatforms(1) simaticNet(1) snMsps(1) snMspsCommon(1)
WLAN-specific MIB variables
The WLAN-specific MIB variables can be found in " snMspsWlan
". You will find further information about the settings and values in the MIB file.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
361
Appendix B
B.1 Private MIB variables
362
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Appendix C
C
C.1 Underlying standards
Standards met by SCALANCE W700 devices completely or partly
The following table lists some of the standards for SCALANCE W700 devices.
Name of the standard
IEEE 802.1AB
IEEE 802.1D-1998
IEEE 802.1Q
IEEE 802.1W-2004
IEEE 802.3-2002
IEEE 802.11
IEEE 802.11a
IEEE 802.11b/g
IEEE 802.11e
IEEE 802.11 h
IEEE 802.11i
IEEE 802.11n
Topic
Link Layer Discovery Protocol (LLDP)
Media Access Control (MAC), bridges
Virtual Bridged LANs (VLAN Tagging, Port Based VLANs)
Rapid Spanning Tree Protocol (RSTP)
Ethernet
Wireless Local Area Network
Wireless standard for use of the 5 GHz frequency band
Wireless standard for use of the 2.4 GHz frequency band
Quality of Service (QoS)
Expansion of the spectrum and transmit power for use of the 5 GHz frequency range in Europe.
Encryption of WLANS
Standard for high transmission rates
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
363
Appendix C
C.1 Underlying standards
364
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Appendix D
D
D.1 Messages in the event log
Messages during system startup (general)
Message
Warm start performed, Ver: V03.00.00 - event/status summary after startup
Power supply:
• L1 is connected
•
L1 is not connected
Description
Type of startup and the loaded firmware version.
Status of the power supply line 1
No line is monitored
MSTP disabled
MSTP enabled
No Fault states pending after startup
Information about monitoring the power supply from the signaling system.
Information on the status of the Spanning Tree protocol.
Fault state following system start.
Status of the power supply
You enable or disable the "Power Change" event in "System > Events".
Message
Power up on line 1.
Power down on line 1.
Description
Power supply available on line 1
Power supply interrupted on line 1
Status of the Ethernet interface
You enable or disable the "Link Change" event in "System > Events".
Message
Link up on P1.
Link down on P1.
Description
A connection exists on the Ethernet interface.
No connection exists on the Ethernet interface.
Status of the WLAN interface (in access point mode only)
Messages
Link down up VAP X.Y.
Link down on VAP X.Y.
WDS Y at WLAN X is up.
The VAP interface Y on the WLAN interface X is enabled.
The VAP interface Y on the WLAN interface X is disabled.
A link exists on the WDS interface Y of WLAN interface X.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
365
Appendix D
D.1 Messages in the event log
Messages
WDS Y at WLAN X is down.
Overlap-AP found on WLAN X: AP <System Name> <MAC> found on channel <channel number.> <RSSI value>
Overlap-AP aged out on WLAN X: AP <System Name>
<MAC> on channel <channel number.> <RSSI value>
DFS: Radar interference detected on WLAN X at channel
<channel number.> (frequency <frequency> MHz). Changing to channel <channel number> (frequency <frequency>
MHz)
DFS: channel <channel number> (frequency <frequency>
MHz) aged out from NOL at WLAN X and can be used again.
DFS: Radar interference detected on WLAN X at channel
<channel number> (frequency <frequency> MHz). No more free channels to use!!
No link exists on the WDS interface Y of WLAN interface X.
A further access point was found on the channel set for the
WLAN interface X or on a neighboring channel.
The overlapping access point could no longer be detected during the configured aging time and was removed from the
"Overlap AP" list.
A primary user (e.g. radar or weather station) was found on the channel set for WLAN interface X or on a neighboring channel. The channel will be blocked for 30 min. The access point changes to the configured alternative channel or to the next free channel on which there is no primary user.
No primary user found any longer on the channel. The channel was removed from the list of blocked channels and can be used again
A primary user was found on all available channels. There is no free channel available, the WLAN interface X will be deactivated until one of the channels becomes available.
Status of the WLAN interface (in client mode only)
Messages
Link up on WLAN X.
Link down on WLAN X.
Description
The WLAN interface X is enabled.
The WLAN interface X is disabled.
Messages on configuration
Messages
WBM: Authentication failure.
Description
When logging in with Web Based Management (WBM), the wrong password was entered. The event can be enabled or disabled in "System -> Events" (authentication failure).
Telnet: Authentication failure. When logging in via Telnet, the wrong password was entered. The event can be enabled or disabled in "System -> Events" (authentication failure).
Restart requested Restart due to a user request. The event can be enabled or disabled in "System ->
Events" (Cold/Warm Start).
Messages about file upload or download
Messages
File upload via HTTP(S): load of FileType <file type> OK
→ restart required
File upload via HTTP(S): load of FileType<file type> OK
File upload via HTTP(S): validation of FileType <file type>
IDENTICAL
File upload via HTTP(S): validation of FileType <file type>
FAILED
Description
Loading the file via HTTP(S) was successful. A restart is required.
Loading the file via HTTP(S) was successful.
Loading the file via HTTP(S) was successful. The file is identical to the existing file.
Loading the file via HTTP(S) failed. The file contains errors or is invalid.
366
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Appendix D
D.1 Messages in the event log
Messages
File upload via TFTP: load of FileType <file type> OK
→ restart required
File upload via TFTP: load of FileType <file type> OK
File upload via TFTP: validation of FileType <file type>
IDENTICAL
File upload via TFTP: validation of FileType <file type>
FAILED
File upload via TFTP: file transfer of FileType <file type>
FAILED
File upload via TFTP: file transfer of FileType <file type> failed. Cannot connect to given IP address
File download via TFTP: file transfer of FileType <file type> failed. Cannot connect to given IP address
Description
Loading the file using TFTP was successful. A restart is required.
Loading the file using TFTP was successful.
Loading the file using TFTP was successful. The file is identical to the existing file.
Loading the file using TFTP failed. The file contains errors or is invalid.
Loading the file using TFTP failed. The file name is incorrect or the file does not exist on the server.
Loading the file using TFTP failed. The TFTP server cannot be reached or the settings are incorrect.
Saving the file using TFTP failed. The TFTP server cannot be reached or the settings are incorrect.
Messages error status
You configure the events in "System > Events". You configure the monitoring of the power supply and the link on the Ethernet port in "System > Fault Monitoring".
Messages
New Fault state:<fault description>
<fault description>:"Warm start performed." "Cold start performed." "Link down on P1." "Link up on P1." "Power down on line L1" "DFS: No channels are available at
WLAN1"
Fault state gone: <fault description>
<fault description>:"Warm start performed." "Cold start performed." "Link down on P1." "Link up on P1." "Power down on line L1" "DFS: No channels are available at
WLAN1"
New Fault state (reconfiguration): <fault description>
<fault description>:"Link down on P1." "Link up on P1."
"Power down on line L1"
Fault state gone (reconfiguration): <fault description>
<fault description>:"Link down on P1." "Link up on P1."
"Power down on line L1".
Fault state: <fault description> cleared.
<fault description>:"Warm start performed" "Cold start performed".
Description
Incoming fault.
Not all events automatically lead to a fault. On the "Events"
WBM page, you specify which events will be logged, for example device restart, changed link on the Ethernet port.
Outgoing fault
Incoming fault.
The event was triggered due to a change in the configuration.
Outgoing fault.
The event was triggered due to a change in the configuration.
Fault was acknowledged by the user.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
367
Appendix D
D.1 Messages in the event log
Messages about MSTP
You enable or disable the "Spanning Tree" event in "System > Events"
Messages
Spanning Tree: topology change detected.
Spanning Tree: new root bridge xx:xx:xx:xx:xx:xx detected.
Description
The topology of the network has changed; the network will be reorganized.
The topology of the network has changed; there is a new root bridge with MAC address xx:xx:xx:xx:xx:xx in the network.
Messages about security
Messages
RADIUS: Access accepted / rejected for client
<MAC>.
Description
The authentication of the client was successful or not successful.
Messages about message system
Messages
Syslog-Server not reachable!
Unable to send messages to syslog server.
Please check syslog socket configuration.
Unable to send e-mail(s) because of IP connection failure.
Unable to send e-mail(s) because of SMTP authentication failure.
Unable to send e-mail(s) because SMTP message transfer failed.
SNMP: Authentification failure.
Description
The configured Syslog server is not accessible.
The syslog server configuration is incomplete.
Sending of e-mail(s) failed. SMTP server cannot be reached (e.g. network connection interrupted).
Sending of e-mail(s) failed. Authentication of the client on the SMTP server incorrect.
Sending of e-mail(s) failed. SMTP server can be reached, configuration incomplete or contains errors (e.g. receiver e-mail address wrong / does not exist).
Authentication of an SNMP client failed; access not possible (e.g.
SNMPv1/v2 read-only configured or Read Community String incorrectly configured).
IP communication is possible. Remote logging is activated. IP communication is possible. Remote logging activated.
IP communication is not possible. Remote logging deactivated. Please check IP configuration and network connectivity.
IP communication is not possible. Remote logging is deactivated.
Check whether or not the device has an IP address.
368
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Appendix D
D.2 Messages in the WLAN Authentication Log
D.2 Messages in the WLAN Authentication Log
Messages in access point mode
Alarm
Client <MAC address> <system name> associated successfully.
Client <MAC address> <system name> disassociated with reason <reason description>
VAP<Num>: Client <MAC> failed to associated; status
(<text>)
VAP<Num>: Client <MAC> disassociated with reason
(<text>)
VAP<Num>: Client <MAC>deauthenticated with reason
(<text>)
VAP<number> Client <MAC> failed to authenticate; status (<status>)
VAP<Num>: Client <MAC> failed to disassociated; status
(<text>)
VAP<Num>: Client <MAC> associated successfully
RADIUS: Access rejected for client <MAC>
RADIUS: Access accepted for client <MAC>
WDS Connection is established to AP <MAC>
WDS disconnect from AP <MAC>
Description
The client has logged in successfully on the access point.
The client was logged off from the access point.
The connection of the client to the VAP has failed. The reason is displayed as text.
The client was successfully disconnected from the VAP. The reason is displayed as text.
The client was logged off from the AP. The reason is displayed as text.
The authentication of the client failed. The reason is displayed as text.
The connection of the client could not be terminated. The reason is displayed as text.
The client has connected successfully to the VAP or the client has logged on successfully to the VAP.
The RADIUS server denies the client access.
The RADIUS server allows the client access.
The WDS connection is successfully established to the access point.
The WDS connection to the access point is terminated.
Messages in client mode
Alarm
Associated successfully to AP <MAC address> <system name> at channel <channel number> (frequency <frequency> MHz)
Disassociated from AP <MAC address> <'sys name'> with reason (Disassociated because sending STA is leaving (or has left) BSS)
Description
The client has logged in successfully on the access point.
The client was logged off from the access point.
Failed to authenticate to AP <MAC>; status (<Text>) The authentication of the client with the access point failed.
The reason is displayed as text.
Failed to disassociate from AP <MAC>; status (<Text>) The connection of the client to the access point could not be terminated. The reason is displayed as text.
Failed to associate to AP <MAC>; status (<Text>) The connection of the client to the access point has failed. The reason is displayed as text.
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
369
Appendix D
D.2 Messages in the WLAN Authentication Log
370
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Index
A
Access point
Overview of logged-on clients, 131
Available system functions, 37
B
Basic Wizard
C
Client
D
Data transmission speed, 243, 245
Default routes
DHCP
DST
Daylight saving time, 199, 201
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
E
Ethernet statistics
Event
F
Factory defaults, 350
Factory setting, 350
Fault monitoring
G
H
HTTPS
I
Information
371
Index
IP address
iPCF-MC
iPRP
IPv6 routing
J
L
Log tables
Logging on
Logout
M
Multichannel configuration, 18
372
Multiple Spanning Tree, 282, 286
N
NTP
O
Overview
P
Port
Power supply
R
Reset device, 350, 350
Restore Factory Defaults, 350
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
Routing
S
SMTP
Spanning Tree
SSH
System
System event log
System events
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
T
Telnet
TFTP
Time of day
SNTP (Simple Network Time Protocol), 204
Time-of-day synchronization, 204
U
V
W
WLAN statistics
Index
373
Index
374
SCALANCE W760/W720 to IEEE 802.11n Web Based Management
Configuration Manual, 01/2017, C79000-G8976-C350-07
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement