Siemens SCALANCE W1788-1 M12, Configuration Manual

Page 1: ...agement Configuration Manual 11 2019 C79000 G8976 C485 03 Introduction 1 Description 2 Security recommendations 3 Technical basics 4 IP addresses 5 Configuring with Web Based Management 6 Upkeep and maintenance 7 Troubleshooting FAQ 8 Appendix A A Appendix B B Appendix C C Appendix D D Appendix E E ...

Page 2: ...sonnel are those who based on their training and experience are capable of identifying risks and avoiding potential hazards when working with these products systems Proper use of Siemens products Note the following WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation If products and components from other manufacturers a...

Page 3: ...ations 29 4 Technical basics 33 4 1 Configuration limits 33 4 2 Interfaces and system functions 34 4 3 EtherNet IP 36 4 4 PROFINET 37 4 5 VLAN 37 4 6 SNMP 38 4 7 Spanning Tree 40 4 7 1 RSTP MSTP CIST 41 4 8 User management 42 4 9 iFeatures 44 4 9 1 iPRP 44 5 IP addresses 47 5 1 IPv4 IPv6 47 5 2 IPv4 address 49 5 2 1 Structure of an IPv4 address 49 5 2 2 Initial assignment of an IPv4 address 51 5 2...

Page 4: ...ver Settings 81 6 3 1 13 Summary of Settings 82 6 4 Information menu 84 6 4 1 Start page 84 6 4 2 Versions 90 6 4 3 I M 91 6 4 4 ARP neighbors 93 6 4 4 1 ARP Tabelle 93 6 4 4 2 IPv6 Neighbor Table 94 6 4 5 Log Tables 95 6 4 5 1 Event log 95 6 4 5 2 WLAN authentication log 97 6 4 6 Faults 98 6 4 7 Redundancy 99 6 4 8 Ethernet Statistics 103 6 4 8 1 Interface Statistics 103 6 4 8 2 Packet Size 104 6...

Page 5: ...5 2 2 Coordinates 144 6 5 3 Agent IPv4 IPv6 145 6 5 4 DNS 146 6 5 4 1 DNS Client 146 6 5 4 2 DNS Domain 147 6 5 5 Restart 149 6 5 6 Commit Control 151 6 5 7 Load Save 152 6 5 7 1 File list 152 6 5 7 2 HTTP 155 6 5 7 3 TFTP 158 6 5 7 4 SFTP 160 6 5 7 5 Passwords 164 6 5 8 Events 166 6 5 8 1 Configuration 166 6 5 8 2 Severity Filters 169 6 5 9 SMTP client 170 6 5 9 1 General 170 6 5 9 2 Recipient 17...

Page 6: ...20 6 6 2 WLAN 223 6 6 2 1 Basic 223 6 6 2 2 Advanced 228 6 6 2 3 Antennas 230 6 6 2 4 Allowed Channels 235 6 6 2 5 802 11n ac 237 6 6 2 6 Client 238 6 6 2 7 Signal recorder 242 6 6 2 8 AP 251 6 6 2 9 AP WDS 254 6 6 2 10 Force Roaming 257 6 6 3 Remote Capture 258 6 7 Layer 2 menu 261 6 7 1 VLAN 261 6 7 1 1 General 261 6 7 1 2 Port Based VLAN 265 6 7 2 Dynamic MAC Aging 268 6 7 3 Spanning Tree 269 6...

Page 7: ... 5 Management ACL 323 6 10 6 Inter AP Blocking 326 6 10 6 1 Basic 326 6 10 6 2 Allowed Addresses 327 6 11 iFeatures menu 329 6 11 1 iPRP 329 7 Upkeep and maintenance 333 7 1 Firmware update via WBM 333 7 2 Embedding firmware in ConfigPack 334 7 3 Device configuration with PRESET PLUG 335 7 4 Restoring the factory settings 337 8 Troubleshooting FAQ 339 8 1 Firmware update via WBM or CLI not possibl...

Page 8: ...sages in the WLAN Authentication Log 353 E Appendix E 355 E 1 Format of the syslog messages 355 E 2 Parameters in Syslog messages 356 E 3 Syslog messages 357 Index 365 Table of contents SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 8 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 9: ...devices and how to integrate them in a WLAN network How you install and connect up the device correctly is described in the operating instructions of the device Orientation in the documentation Apart from the Configuration Manual you are currently reading the following documentation is also available from SIMATIC NET on the topic of Industrial Wireless LANs Configuration Manual SCALANCE W1780 W174...

Page 10: ...pplications of the various SIMATIC NET components are described System manual Passive Network Components IWLAN This system manual explains the entire IWLAN cabling that you require for your IWLAN application For a flexible combination and installation of the individual IWLAN components both indoors and outdoors a wide ranging selection of compatible coaxial accessories are available The system man...

Page 11: ...hines and networks In order to protect plants systems machines and networks against cyber threats it is necessary to implement and continuously maintain a holistic state of the art industrial security concept Siemens products and solutions constitute one element of such a concept Customers are responsible for preventing unauthorized access to their plants systems machines and networks Such systems...

Page 12: ...TIC NET glossary here SIMATIC NET Manual Collection or product DVD The DVD ships with certain SIMATIC NET products On the Internet under the following address 50305045 https support industry siemens com cs ww en view 50305045 License conditions Note Open source software Read the license conditions for open source software carefully before using the product You will find license conditions in the f...

Page 13: ...CE W1788 2 M12 SCALANCE W1788 2 M12 EEC SCALANCE W1788 2IA M12 SCALANCE W1748 1 M12 Access Points IP 65 SCALANCE W1780 SCALANCE W1788 1 M12 SCALANCE W1788 2 M12 SCALANCE W1788 2 M12 EEC SCALANCE W1788 2IA M12 Client IP65 SCALANCE W1740 SCALANCE W1748 1 M12 Structure of the type designation The type designation of the device is made up of several parts that have the following meaning 0 6RFNHW 1XPEH...

Page 14: ...Introduction 1 2 Type designations SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 14 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 15: ...th access point This configuration does not require a server and the access point does not have a connection to a wired Ethernet Within its transmission range the access point forwards data from one WLAN node to another The wireless network has a unique name All SCALANCE W devices exchanging data within this network must be configured with this name The gray area in the graphic symbolizes the wire...

Page 16: ...nts use the same frequency channel this can lead to longer response times due to any collisions that may occur If the configuration shown in the figure is implemented as a single channel system computers A and B cannot communicate at the same time with the access points in their wireless cells If neighboring access points are set up for different frequencies this leads to a considerable improvemen...

Page 17: ...k that cannot be connected directly to the cable infrastructure due to its location Two alternative configurations are possible The WDS partner can be configured using the WDS ID or using its MAC address The following graphic shows the implementation of WDS with four access points 1 1 1 1 A B Description 2 1 Network structures SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Co...

Page 18: ...wired to a wireless network The SCALANCE W1788 can be used as a wireless bridge between two networks The SCALANCE W1788 can be used as a bridge between two cells operating at different frequencies The SCALANCE W1788 comes with an integrated switch and can be networked in a variety of ways over its two managed Ethernet Gigabit ports The SCALANCE W1788 supports degree of protection IP65 which means ...

Page 19: ... DFS the access point searches for primary users for 60 seconds before starting communication on the selected channel During this time the access point does not send beacons If signals are found on the channel the channel is blocked for 30 minutes the access point changes channel and repeats the check Primary users are also searched for during operation Support of the authentication standards WPA ...

Page 20: ... 4 x exter nal 2 x gigabit Ethernet copper 1 x PoE IP65 6GK5788 1GY01 0AA0 SCALANCE W1788 2 M12 2 8 x exter nal 2 x gigabit Ethernet copper 1 x PoE IP65 6GK5788 2GY01 0AA0 SCALANCE W1788 2 M12 EEC 2 8 x exter nal 2 x gigabit Ethernet copper 1 x PoE IP65 6GK5788 2GY01 0TA0 SCALANCE W1788 2IA M12 2 8 x inter nal 2 x gigabit Ethernet copper 1 x PoE IP65 6GK5788 2HY01 0AA0 SCALANCE W1748 1 M12 1 4 x e...

Page 21: ... and reflection multipath propagation The multipath propagation means that at the point of reception a complex space and time dependent pattern results as a total signal made up of the individual signals sent MIMO uses this unique pattern by detecting the spatial position of characteristic signals Here each spatial position is different from the neighboring position The specific characteristics of...

Page 22: ...gins The guard interval of IEEE 802 11a b g is 800 ns IEEE 802 11n ac can use the reduced guard interval of 400 ns You specify the guard interval on the WBM page AP 802 11n ac Page 237 Frame aggregation With IEEE 802 11n ac it is possible to bundle together individual frames to form one larger frame a process referred to as frame aggregation There are two types of frame aggregation Aggregated MAC ...

Page 23: ...T With FT the WLAN client must not authenticate every time the access point changes For this purpose the access points are grouped into a mobility domain The WLAN client receives the mobility domain ID from the first access point to which it logs on The log on information is buffered within the mobility domain This logon is valid for all members of the mobility domain Based on the ID the WLAN clie...

Page 24: ... PLUG is inserted With PLUG If an empty PLUG as supplied is inserted in the device the device automatically backs up the configuration data on the PLUG during startup If the PLUG contains a license additional functions are also enabled Changes to the configuration are stored directly on the PLUG and in the internal memory The configuration stored on the PLUG is displayed over the user interfaces W...

Page 25: ...e Restore factory defaults and restart with a PRESET PLUG inserted If you reset a device to the factory defaults when the device restarts an inserted PRESET PLUG is formatted and the PRESET PLUG functionality is lost You then need to create a new PRESET PLUG We recommend that you remove the PRESET PLUG before you reset the device to the factory settings For more detailed information on creating an...

Page 26: ...ssion and power supply according to IEEE 802 3at With 10 100 Mbps four wires of the Ethernet cable are used for data transmission and power supply according to IEEE 802 3af With PoE there are power generators Power Source Equipment PSE and power consumers Power Devices PD Whether a device power consumer supports variant 1 and variant 2 or only variant 2 can be found in the operating instructions o...

Page 27: ...ug PRO 4x2 X coded 0 to 90 m IE FC TP Flexible Cable GP 4x2 AWG24 with IE FC M12 Plug PRO 4x2 X coded 0 70 m IE TP Train Cable GP 4x2 AWG 24 with IE FC M12 Plug PRO 4x2 X coded 0 100 m Table 2 2 Fitting connectors PIN Color of the wire CAT5 Color of the wire CAT6a Use Power over un used wires 10 100 Mbps only Phantom power 1 Yellow Green white Data Data power 2 Orange Green Data Data power 3 White...

Page 28: ...Description 2 9 Power over Ethernet PoE SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 28 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 29: ...ys etc that can be read out and modified Lock unused physical ports on the device Unused ports can be used to access the system without authorization Software security functions Keep the firmware up to date Check regularly for security updates of the product You will find information on this on the Internet pages Industrial Security https www siemens com industrialsecurity Inform yourself regularl...

Page 30: ...zed personnel Do not use the same password for different users and systems or after it has expired Certificates and keys On the device there is a preset SSL certificate with key Replace this certificate with a self made certificate with key We recommend that you use a certificate signed either by a reliable external or by an internal certification authority Use a certification authority including ...

Page 31: ...SH TFTP SFTP Use secure protocols when access to the device is not prevented by physical protection measures To prevent unauthorized access to the device or network take suitable protective measures against non secure protocols If you require non secure protocols and services operate the device only within a protected network area Restrict the services and protocols available to the outside to a m...

Page 32: ... 80 Open HTTPS TCP 443 Open NTP Client UDP 123 Outgoing only PROFINET UDP 34964 UDP 49154 UDP 49155 Open RADIUS UDP 1812 Closed Remote Capture TCP 2002 Closed SFTP client TCP 22 Closed SMTP client TCP 25 Closed SMTP secure Client TCP 465 Closed Optional SNMPv1 V2c UDP 161 Open SNMPv3 UDP 161 Open Optional Optional SNMP traps UDP 162 Outgoing only SNTP Client UDP 123 Outgoing only SSH TCP 22 Open S...

Page 33: ...00 DHCP static assignments per DHCP pool 20 DHCP options 20 Interfaces Force destination addresses for roaming 10 Connected clients per VAP interface 255 with security Open System 128 with Security WPA WPA2 Shared Key Layer 2 Virtual LANs port based including VLAN 1 24 Multiple Spanning Tree instances 16 Layer 3 IP interface 2 1 subnet per IP interface DHCP client 1 Security IP addresses from RADI...

Page 34: ...int W1748 1 M12 W1788 1 M12 W1788 2 M12 W1788 2 M12 EEC W1788 2IA M12 Wireless interface WLAN WLAN 1 WLAN 1 WLAN 1 WLAN 2 LAN interface P1 LAN P2 LAN PoE P1 LAN P2 LAN PoE P1 LAN P2 LAN PoE VAP interface VAP 1 Y Y 1 8 VAP X Y X 1 2 Y 1 8 WDS interface WDS 1 Y Y 1 8 WDS X Y X 1 2 Y 1 8 VLAN 24 24 24 Availability of the system functions The following table shows the availability of the system functi...

Page 35: ...ved Data Sent Data Received WLAN iFeatures iPRP System PROFINET EtherNet IP DHCP DHCP Client DHCP Server DHCP Options Static Leases Interfaces WLAN Basic Advanced Antennas Allowed Channels 802 11n ac AP AP WDS Client 802 11a b g data rates Client 802 11n data rates Force Roaming Signal recorder Layer 3 IPv4 IPv6 Subnets Static route Technical basics 4 2 Interfaces and system functions SCALANCE W17...

Page 36: ...trial Protocol CIP is an application protocol for automation that supports transition of the field buses in Industrial Ethernet and in IP networks This industry protocol is used by field buses industrial networks such as DeviceNet ControlNet and EtherNet IP at the application layer as an interface between the deterministic fieldbus world and the automation application controller I O HMI OPC The CI...

Page 37: ...for implementing modular distributed applications PROFINET IO is implemented by the PROFINET standard for programmable controllers IEC 61158 x 10 4 5 VLAN Network definition regardless of the spatial location of the nodes VLAN Virtual Local Area Network divides a physical network into several logical networks that are shielded from each other Here devices are grouped together to form logical group...

Page 38: ...ment Protocol SNMP you monitor and control network components from a central station for example routers or switches SNMP controls the communication between the monitored devices and the monitoring station Tasks of SNMP Monitoring of network components Remote control and remote parameter assignment of network components Error detection and error notification In versions v1 and v2c SNMP has no secu...

Page 39: ...hich the management station exchanges data The management station sends data packets of the following type GET Request for a data record from the SNMP agent GETNEXT Calls up the next data record GETBULK available as of SNMPv2c Requests multiple data records at one time for example several rows of a table SET Contains parameter assignment data for the relevant device The SNMP agent sends data packe...

Page 40: ...s You can only transfer SNMPv3 users to a different device if you have created the users as migratable users To create a migratable user the SNMPv3 User Migration function must be activated when you create the user 4 7 Spanning Tree Avoiding loops The Spanning Tree algorithm detects redundant physical network structures and prevents the formation of loops by disabling redundant paths It evaluates ...

Page 41: ...Rapid Spanning Tree Protocol RSTP IEEE 802 1w This differs from STP essentially in that the devices are already collecting information about alternative routes during normal operation and do not need to gather this information after a disruption has occurred This means that the reconfiguration time for an RSTP controlled network can be reduced to a few seconds This is achieved by using the followi...

Page 42: ...sed by the switch that is comparable in principle with an internal RSTP instance 4 8 User management Overview of user management Access to the device is managed by configurable user settings Set up users with a password for authentication Assign a role with suitable rights to the users The authentication of users can either be performed locally by the device or by an external RADIUS server You con...

Page 43: ...turns the value Administrative User to the device for the attribute Service Type The user is logged in with administrator rights The RADIUS server reports a successful authentication and returns a different or even no value to the device for the attribute Service Type The user is logged in with read rights The RADIUS server reports a failed authentication to the device The user is denied access RA...

Page 44: ... the rights of the role linked to the user account The group is not known on the device and the user is not entered in the table External User Accounts The user is logged in with the rights of the role Default Case B The RADIUS server reports a successful authentication but does not return a group to the device The user is entered in the table External User Accounts The user is logged in with the ...

Page 45: ...usly sends a copy of the frame to the PRP A and PRP B network At the receiving end the duplicate frame is discarded by the RedBox For this the RedBox requires certain transfer times designed for Ethernet networks For this reason using PRP in WLAN networks results in duplicate and delayed frames With iPRP this problem is solved and the use of PRP in WLAN with SCALANCE W devices becomes possible QGX...

Page 46: ...faces of the SCALANCE W devices may be configured With iPRP the redundant partners here AP1 and AP3 or client A and client B communicate with each other via a switch to prevent the two redundant PRP frames from arriving at the RedBox with too great a time difference If for example the communication between AP1 and client A is very slow the slower frame is discarded at the receiving end You configu...

Page 47: ... 1 1 with port 192 168 1 1 20 Hexadecimal 2a00 ad80 0123 with port 2a00 ad80 0123 20 Loopback 127 0 0 1 1 IP addresses of the interface 4 IP addresses Multiple IP addresses LLA A link local address formed automatically fe80 128 per interface ULA Several unique local unicast addresses per interface GUA Several global unicast addresses per interface Header Checksum Variable length Fragmentation in t...

Page 48: ...by the DHCPv6 client to localize DHCPv6 servers 2 ADVERTISE The available DHCPv6 servers reply to this 3 REQUEST The DHCPv6 client requests an IPv6 address and the configuration settings from the DHCPv6 server 4 REPLY The DHCPv6 server sends the IPv6 address and the configuration settings If the client and server support the function Rapid commit the procedure is shortened to two DHCPv6 messages S...

Page 49: ... address within the IPv4 address Example Correct values 255 255 0 0 D 1111 1111 1111 1111 0000 0000 0000 0000 B 255 255 128 0 D 1111 1111 1111 1111 1000 0000 0000 0000 B 255 254 0 0 D 1111 1111 1111 1110 0000 0000 0000 0000 B Incorrect value 255 255 1 0 D 1111 1111 1111 1111 0000 0001 0000 0000 B Subnet mask 255 255 0 0 11111111 11111111 00000000 00000000 In the example for the IP address mentione...

Page 50: ...et to 1 the number of private networks doubles and the number of nodes contained in them is halved Externally the network still looks like a single network Example You change the default subnet mask for a subnet of address class B e g IP address 129 80 xxx xxx as follows Masks Decimal Binary Default subnet mask 255 255 0 0 11111111 11111111 00000000 00000000 Subnet mask 255 255 128 0 11111111 1111...

Page 51: ...mask and gateway are assigned automatically when the device first starts up Restore Factory Defaults and Restart does not delete an IP address assigned either by DHCP or by the user 5 2 3 Address assignment via DHCPv4 Properties of DHCP DHCP Dynamic Host Configuration Protocol is a method for automatic assignment of IP addresses It has the following characteristics DHCP can be used both when start...

Page 52: ...t time lease time If the device does not reach the DHCP server with a new request on expiry of the lease time the assigned IP address the subnet mask and the gateway continue to be used The device therefore remains accessible under the last assigned IP address even without a DHCP server This is not the standard behavior of office devices but is necessary for problem free operation of the plant 5 2...

Page 53: ... system section Addressing PROFINET devices 5 3 IPv6 address 5 3 1 IPv6 terms Network node A network node is a device that is connected to one or more networks via one or more interfaces Router A network node that forwards IPv6 packets Host A network node that represents an end point for IPv6 communication relations Link A link is according to IPv6 terminology a direct layer 3 connection within an...

Page 54: ...ernet the interface ID is formed from the MAC address of the interface Divides the MAC address into the manufacturer specific part OUI and the network specific part NIC and inserts FFFE between the two parts Example MAC address AA BB CC DD EE FF OUI AA BB CC NIC DD EE FF EUI 64 OUI FFFE NIC AA BB CC FF FE DD EE FF Scope Defines the range of the IPv6 address 5 3 2 Structure of an IPv6 address IPv6 ...

Page 55: ...address Unicast Anycast and Multicast The following section describes the structure of the global unicast addresses IPv6 prefix Suffix Global prefix n bits Subnet ID m bits Interface ID 128 n m bits Assigned address range Description of the location also subnet prefix or subnet Unique assignment of the host in the net work The ID is generated from the MAC address The prefix for the link local addr...

Page 56: ...possible in the notations described above IPv6 addresses are always shown in the hexadecimal notation IP addresses 5 3 IPv6 address SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 56 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 57: ...rowser is required on the client Note Secure connection WBM also allows you to establish a secure connection via HTTPS Use HTTPS for protected data transmission If you wish to access WBM only via a secure connection activate only the HTTPS server under System Configuration Requirements WBM display The device has an IP address There is a connection between the device and the client device With the ...

Page 58: ...lem free configuration using WBM Mozilla Firefox 38 ESR Chrome V46 Display of the WBM on mobile devices For mobile devices the following minimum requirements must be met Resolution Operating system Internet browser 960 x 640 pixels Android as of version 4 2 1 iOS as of version 6 0 2 Chrome as of version 18 on Android Safari as of version 6 on iOS Tested with the following Internet browsers for mob...

Page 59: ... Switch to secure HTTP on the login page or enter https and the IP address of the device in the address box of the Internet browser If you use a port other than the standard port enter a colon as separator between the IP address and the port number Example https 192 168 16 178 49152 You change the port in System Configuration If there is a problem free connection to the device the login page of We...

Page 60: ...en you log in for the first time or following a Restore Factory Defaults and Restart enter the password of the default user preset in the factory admin admin Note The password for the admin user has been changed for devices with the US version Specialist personnel for professional WLAN installations can obtain the password from Siemens support Enter the password of the relevant user account 3 Clic...

Page 61: ...on refer to the section Login Page 59 Starting the Basic Wizard Click on Wizard Basic Wizard in the navigation area to start the Basic Wizard When you log in for the first time or following a Restore Factory Defaults the Basic wizard is started automatically after you have changed the default password Buttons you require often The WBM pages of the Basic Wizard contain the following buttons Button ...

Page 62: ...et configuration settings Log in again and start the Basic Wizard to continue the configuration of the device for the selected mode Note Because only access points can work in client mode as well the mode can only be selected for these devices Configuring with Web Based Management 6 3 Wizard menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 62 Configuration Manual 11 2019 C...

Page 63: ...location System contact User names and passwords Mode of the device After restarting the device you will need to log in again and start the Basic wizard again to configure the device Device Mode Select the mode of the device This selection is available only for access points The following operating modes are possible AP Access point mode Client Client mode Configuring with Web Based Management 6 3...

Page 64: ...ng is mandatory for operation complying with the approvals Selecting a country different from the country of use can lead to legal prosecution System Name You can enter the name of the device If you configure this box this configuration is adopted and displayed in the selection area A maximum of 255 characters are possible The system name is also displayed in the CLI input prompt The number of cha...

Page 65: ...namic IP address from a DHCP server Disabled You enter the IP settings in the input boxes IP Address and Subnet Mask IP Address Enter an IP address that is unique within your network Subnet Mask Enter the subnet mask of the device Default gateway Enter the IP address of the default gateway so that the device can communicate with devices in other subnets for example diagnostics stations e mail serv...

Page 66: ... unencrypted access to the CLI SSH Server Enable or disable the SSH Server service for encrypted access to the CLI DCP Server Specify whether or not the device can be accessed with DCP Discovery and Configuration Protocol disabled DCP is disabled Device parameters can neither be read nor modified Read Write With DCP device parameters can be both read and modified Read Only With DCP device paramete...

Page 67: ...onfigure other settings in System SNMP General SNMPv1 v2 Read Only Enable or disable write access to SNMP variables with SNMPv1 v2c SINEMA configuration interface If the SINEMA configuration interface is enabled you can download configurations to the device via the TIA Portal 6 3 1 5 Antenna Settings Introduction On this Basic Wizard page you configure the settings for the external antennas Config...

Page 68: ...ectors that are not used must have a 50 Ω terminating resistor fitted Select the entry Not used Connect 50 Ohm Termination Note 50 Ω terminating resistor Each WLAN interface has four antenna connectors Connectors that are not used must have a 50 Ω terminating resistor fitted An antenna must always be connected to the antenna connectors R1 A1 and R2 A1 as soon as the WLAN interface is switched on I...

Page 69: ...d the channel bandwidth on the WLAN interface is set to 160 MHz The prerequisite is that DFS and IEEE 802 11ac are enabled There are only enough channels available for operation at 160 MHz if DFS is activated 6 3 1 6 Radio Settings Introduction On this Basic Wizard page you specify the configuration for the WLAN interfaces Description The table contains the following columns Radio Shows the availa...

Page 70: ... country specific DFS documentation Before the access point transmits over one of these channels it checks for competing radar signals for 60 seconds according to the CAC Channel Availability Check The access point also does not send any beacons for the duration of the search With weather radar channels 5 6 5 65 GHz the duration of the search is 10 minutes If no radar signals are detected after th...

Page 71: ...on Characteristics 801 11ac SCALANCE W1700 Note If both interfaces of an access point are operated in the same frequency range this may cause wireless interference on one or both interfaces at a transmit power higher than 15 dBm Tx Power Check Indicates whether the settings that have been made will violate the permitted transmit power restrictions of the selected country The calculated value of ma...

Page 72: ...erfaces Channel Specify the main channel If you want the access point to search for a free channel itself use Auto If you want to use a fixed channel select the required channel from the drop down list Configuring with Web Based Management 6 3 Wizard menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 72 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 73: ...for operation at 160 MHz if DFS is activated Table 2 contains the following columns Port Shows the first VAP interface per WLAN interface SSID Enter the SSID The length of the character string for SSID it is 1 to 32 characters The ASCII code 0x20 to 0x7e is used for the SSID After completing the Basic Wizard you can define further SSIDs with Interfaces WLAN Access Point Settings 6 3 1 8 Client Set...

Page 74: ...Configuring with Web Based Management 6 3 Wizard menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 74 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 75: ...the following columns Radio Shows the available WLAN interfaces SSID Enter the SSID of the access point with which the client connects In the Basic Wizard you can only specify one SSID After completing the Basic Wizard you can define further SSIDs with Interfaces WLAN Client Security Context Shows the assigned security context In the Basic Wizard only one security context is available After comple...

Page 76: ...uency bands If the option is disabled the channels available based on the settings country code antennas transmit power etc are used Above the tables for the frequency bands you will find the following check box Select Deselect all Enabled If you enable the check box all channels are selected Disabled If you deselect the check box only the first valid channel of the frequency band remains enabled ...

Page 77: ...ify the channels the setting Use Allowed Channels only must be enabled 6 3 1 10 Security settings Introduction To make the network secure authentication and encryption are used You specify the security levels with the type of authentication and the encryption procedure Use WPA2 AES to prevent password misuse WPA2 RADIUS WPA2 PSK with AES provides the greatest security The security settings on both...

Page 78: ...erface to which the settings relate Security Context only in client mode Shows the security context to which the settings relate Configuring with Web Based Management 6 3 Wizard menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 78 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 79: ...The dynamic exchange of keys at each data frame introduces further security WPA PSK WPA Pre Shared Key WPA PSK is a weakened form of WPA In this method authentication is not carried out by a server but is based on a password This password is configured manually on the client and server WPA2 RADIUS WPA2 Wi Fi Protected Access 2 is a further development of WPA and implements the functions of the IEE...

Page 80: ...mes AES Advanced Encryption Standard Strong symmetrical block encryption method based on the Rijndael algorithm that further improves the functions of TKIP Note To provide better protection of your data against attacks use WPA2 WPA2 PSK with AES WPA 2 Pass Phrase Enter a WPA 2 key here This WPA 2 key must be known on both the client and the access point and is entered by the user at both ends For ...

Page 81: ...e RADIUS server Dot1x User Password Enter the password for the user name selected above The client is logged on with the RADIUS server using this combination For password assignment ASCII code 0x20 to 0x7e is used Dot1x User Password Confirmation Enter the password again in this input box 6 3 1 12 Dot1x RADIUS Server Settings Introduction On this Basic Wizard page you configure the settings for th...

Page 82: ...rver Port Enter the port of the RADIUS server Shared Secret Enter the password of the RADIUS server Shared Secret Conf Enter the password again in this input box 6 3 1 13 Summary of Settings Introduction The settings are summarized on this page The content of the page depends on the set parameters and the mode of the device Check the settings before you exit the Basic Wizard with the Set Values bu...

Page 83: ...tton to exit the Basic Wizard The WLAN settings are adopted Configuring with Web Based Management 6 3 Wizard menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C485 03 83 ...

Page 84: ...cannot configure anything on this page General layout of the WBM pages The following areas are generally available on every WBM page Selection area 1 Top area Display area 2 Top area Configuring with Web Based Management 6 4 Information menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 84 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 85: ...eft hand area Content area 4 Middle area Configuring with Web Based Management 6 4 Information menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C485 03 85 ...

Page 86: ...e Logout link Device name Shows the name of the device Mode Shows the mode Access point LED simulation Each device has one or more LEDs that provide information on the operating state of the device Depending on its location direct access to the device may not always be possible Web Based Management therefore displays simulated LEDs Unused connectors are displayed as gray LEDs The meaning of the LE...

Page 87: ...or TFTP Update on Update off WBM pages with overview lists can also have the additional Update button With this button you can enable or disable updating of the content area If updating is turned on the display is updated every 2 seconds To disable the update click On Instead of On Off is displayed As default updating is always enabled on the WBM page Navigation area 3 In the navigation area you h...

Page 88: ...hether or not the function is enabled Buttons you require often The pages of the WBM contain the following standard buttons Refresh the display with Refresh Web Based Management pages that display current parameters have a Refresh button at the bottom edge of the page Click this button to request up to date information from the device for the current page Note If you click the Refresh button befor...

Page 89: ...ompletely delete the data set Button Show all You can show all entries in pages with a large number of data sets Click Show all to display all entries on the page Note that displaying all messages can take some time Drop down list for page change In pages with a large number of data records you can navigate to the desired page From the drop down list select the affected page to display it Reset Co...

Page 90: ...hows the available wireless card Name Shows the name of the device or module Revision Shows the hardware version of the device For the wireless card only one version is then displayed if the WLAN interface is enabled Article number Shows the article number of the device or described module Configuring with Web Based Management 6 4 Information menu SCALANCE W1780 W1740 according to IEEE 802 11ac We...

Page 91: ...urrently being used on the device Description Shows the short description of the software Version Shows the version number of the software version Date Shows the date on which the software version was created 6 4 3 I M Identification and maintenance data This page contains information about device specific vendor and maintenance data such as the article number serial number version numbers etc You...

Page 92: ... designation of the device The plant designation HID is created during configuration of the device with HW Config of STEP 7 Location tag Shows the location tag of the device The location identifier LID is created during configuration of the device with HW Config of STEP 7 Date Shows the date created by STEP 7 during configuration of the device with HW Config Descriptor Shows the description create...

Page 93: ...has the following columns Interface Shows the interface via which the row entry was learnt MAC Address Shows the MAC address of the destination or source device IP Address Shows the IP address of the destination device Media Type Shows the type of connection Dynamic The device recognized the address data automatically Static The addresses were entered as static addresses Configuring with Web Based...

Page 94: ...Displays the interface via which the row entry was learnt MAC Address Shows the MAC address of the destination or source device IP Address Shows the IPv6 address of the destination device Media Type Shows the type of connection Dynamic The device recognized the address data automatically Static The addresses were entered as static addresses Configuring with Web Based Management 6 4 Information men...

Page 95: ...ord when an authentication attempt failed or when the connection status of a port has changed The content of the events log table is retained even when the device is turned off You cannot configure anything on this page Configuring with Web Based Management 6 4 Information menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C485 03 95...

Page 96: ...ritical are displayed The table has the following columns Restart Counts the number of restarts since you last reset to factory settings and shows the device restart after which the corresponding event occurred System Up Time Shows the time the device has been running since the last restart when the described event occurred System Time Shows the date and time when the described event occurred Seve...

Page 97: ...ximum number of entries is reached for a severity the oldest entries of this severity are overwritten in the table The table remains permanently in the memory Info Information When this parameter is enabled all entries of the category Info are displayed Warning Warnings When this parameter is enabled all entries of the category Warning are displayed Critical Critical When this parameter is enabled...

Page 98: ...sages in Appendix D Page 349 of the configuration manual If the system time is set the time is also displayed at which the event occurred 6 4 6 Faults Error status If a fault occurs it is shown on this page On the device faults are indicated by the red fault LED lighting up Internal faults of the device and faults that you configure on the following pages are indicated System Events System Fault M...

Page 99: ...error fault that has occurred Clear Fault State Some faults can be acknowledged and thus removed from the fault list e g a fault of the event Cold Warm Start You can acknowledge these faults or remove them from the fault list with the Clear Fault State button 6 4 7 Redundancy Introduction The page shows the current information about the Spanning Tree and the settings of the root bridge If Spanning...

Page 100: ...mes the root bridge is decided based on the bridge priority The bridge with the highest priority in other words with the lowest value for this parameter becomes the root bridge If several devices in a network have the same priority the device whose MAC address has the lowest numeric value will become the root bridge Both parameters bridge priority and MAC address together form the bridge identifie...

Page 101: ...e contains the following boxes Port Shows the port via which the device communicates Role Shows the status of the port The following values are possible Disabled The port was removed manually from the spanning tree and will no longer be taken into account by the spanning tree Designated The ports leading away from the root bridge Alternate The port with an alternative route to a network segment Ba...

Page 102: ... words the lowest value for this parameter is selected A value between 0 and 240 can be entered for the priority in steps of 16 If you enter a value that cannot be divided by 16 the value is automatically adapted The default is 128 Path Cost This parameter is used to calculate the path that will be selected The path with the lowest value is selected as the route If several ports of a device have t...

Page 103: ...med Shared Media With a full duplex connection a point to point link is not assumed Note Point to point link means a direct connection between two devices A shared media connection is for example a connection to a hub 6 4 8 Ethernet Statistics 6 4 8 1 Interface Statistics The page shows the statistics from the interface table of the Management Information Base MIB Configuring with Web Based Manage...

Page 104: ... of the type unicast In Errors Shows the number of all possible RX errors refer to the Packet Error tab Reset Counters button Click Reset Counters to reset all counters The counters are reset by a restart 6 4 8 2 Packet Size Frames sorted by length This page displays how many frames of which size were received at each port You cannot configure anything on this page Configuring with Web Based Manag...

Page 105: ...s page displays how many frames of the type Unicast Multicast and Broadcast were received at each port You cannot configure anything on this page Description Port Shows the available ports Unicast Multicast Broadcast The other columns after the port number contain the absolute numbers of the incoming frames according to their frame type Unicast Multicast and Broadcast Reset Counters button Click R...

Page 106: ...he packet is invalid Undersize The packet length is less than 64 bytes The CRC of the packet is valid Oversize The packet size is more than 2048 bytes The CRC of the packet is valid Fragments The packet length is less than 64 bytes The CRC of the packet is invalid Jabbers The frame length is more than 2048 bytes The CRC of the packet is invalid Collisions Frames in which a collision event was dete...

Page 107: ...h address entry Learnt The specified address was learned by receiving a frame from this node and will be deleted when the aging time expires if no further packets are received from this node Invalid These values are not evaluated Port Shows the port via which the node with the specified address can be reached Frames received by the device whose destination address matches this address will be forw...

Page 108: ... ID Device ID of the connected device The device ID corresponds to the device name assigned via PST STEP 7 If no device name is assigned the MAC address of the device is displayed Local Interface Port at which the device received the information Hold Time An entry remains stored on the device for the time specified here If the IE switch does not receive any new information from the connected devic...

Page 109: ...tes currently being used Description The table has the following columns Destination Network Shows the destination address of this route Subnet Mask Shows the subnet mask of this route Gateway Shows the gateway for this route Interface Shows the interface for this route Configuring with Web Based Management 6 4 Information menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management C...

Page 110: ... IPv6 Routing Introduction This page shows the IPv6 routes currently being used Description The table has the following columns Destination Network Shows the destination address of this route Prefix Length Shows the prefix length of this route Gateway Shows the gateway for this route Interface Shows the interface for this route Configuring with Web Based Management 6 4 Information menu SCALANCE W1...

Page 111: ... the DHCP server Description IP Address Shows the IPv4 address assigned to the DHCP client Pool ID Shows the number of the IPv4 address band Identification Method Shows the method according to which the DHCP client is identified Identification value Shows the MAC address or the client ID of the DHCP client Allocation Method Shows whether the IPv4 address was assigned statically or dynamically You ...

Page 112: ...est a new IPv4 address or extend the lease time of the assigned IPv4 address See also Start page Page 84 6 4 14 SNMP This page displays the created SNMPv3 groups You configure the SNMPv3 groups in System SNMP Description The table has the following columns Group Name Shows the group name User Name Shows the user that is assigned to the group Configuring with Web Based Management 6 4 Information me...

Page 113: ...onfiguration enabled Unencrypted access to the CLI disabled No unencrypted access to the CLI SSH Server You configure the setting in System Configuration enabled Encrypted access to the CLI disabled No encrypted access to the CLI Configuring with Web Based Management 6 4 Information menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 ...

Page 114: ...led but no access rules have been defined Enabled restricted access only The access control is enabled and access rules have been defined Login Authentication You configure the setting in Security AAA General Local Login with local user name and password RADIUS Login using a RADIUS server Local and RADIUS The login is possible both with the users that exist in the firmware user name and password a...

Page 115: ...n user The page shows the function rights available locally on the device Description of the displayed values Function Right Shows the number of the function right Different rights relating to the device parameters are assigned to the numbers Description Shows the description of the function right 6 4 15 3 Roles Note The values displayed depend on the role of the logged on user Configuring with We...

Page 116: ... the device assigns internally when a user could not be authenticated The user is denied access to the device Description Shows a description of the role 6 4 15 4 Groups Note The values displayed depend on the role of the logged on user This page shows which group is linked to which role The group is defined on a RADIUS server The roll is defined locally on the device Configuring with Web Based Ma...

Page 117: ...receive the rights of this role locally on the device Description Shows a a description for the link 6 4 15 5 Inter AP Blocking Note This WBM page is only available in access point mode The WBM page shows a list of the devices with which the clients are allowed to communicate Configuring with Web Based Management 6 4 Information menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Manage...

Page 118: ...ce with which the client may communicate Resolver IP Address Shows the IPv4 address with which the access point resolves the permitted IPv4 address 6 4 16 WLAN 6 4 16 1 Overview AP Note This WBM page is only available in access point mode Overview of the configuration This page shows the settings properties of the access point Configuring with Web Based Management 6 4 Information menu SCALANCE W17...

Page 119: ...ore starting communication with the selected channel the text scanning is displayed instead of the channel Operational channel Shows the channel including the frequency via which the access point communicates At 80 MHz the channel range is displayed additionally Channel Width MHz Shows the set channel bandwidth 20 MHz 40 MHz only with IEEE 802 11n ac 80 MHz or 160 MHz only with IEEE 802 11ac iFeat...

Page 120: ...uthentication method is used If the authentication method Open System Encryption or Shared Key is used Encrypted WEP AES is displayed for both authentication methods State Shows the status of the WLAN interface enabled The WLAN interface is enabled disabled The WLAN interface is disabled 6 4 16 2 Overview Client Overview of the configuration Note This page is only available for clients or access p...

Page 121: ... address of the Ethernet interface for the WLAN interface The network is also informed of the MAC addresses connected to the Ethernet interface of the client Up to eight MAC addresses can be used MAC Address Shows the MAC address of the WLAN interface Operational channel Shows the channel including frequency of the access point to which the client is connected At 80 MHz the channel range is displa...

Page 122: ...pted WEP AES is displayed for both authentication methods Context Shows which security context is used iFeatures Shows which iFeatures are used iFeatures are not used iPRP Max Data Rate Mbps Shows the maximum data transmission speed in megabits per second State Shows the status of the WLAN interface enabled The WLAN interface is enabled disabled The WLAN interface is disabled 6 4 16 3 Client List ...

Page 123: ... IEEE 802 11 standard client MAC Address Shows the MAC address of the client System Name Shows the system name of the client if the client communicates this to the access point Not all clients support this parameter Channel Shows the channel over which the client communicates with the access point Signal Strength dBm Shows the signal strength of the connected client in decibel milliwatts Signal st...

Page 124: ... visible to the client The list also includes the access points to which the client cannot connect due to its configuration Description The table has the following columns Radio Shows the WLAN interface visible to the access point SSID Shows the SSID of the access point BSSID Shows the MAC address of the access point System Name Shows the system name of the access point The entry depends on the ac...

Page 125: ...to equip every SCALANCE W device with its own WLAN client The prerequisite for this is that the connected SCALANCE W devices are addressed only with IP frames Communication at MAC address level ISO OSI layer 2 can be established with one component whose MAC address is configured on the client be established with a maximum of eight components if the Layer 2 Tunnel function is selected The Layer 2 T...

Page 126: ...the MAC address of the WLAN client If there are multiple SCALANCE W devices downstream from the client the Automatic option should not be enabled In this case the MAC address would be assigned indiscriminately to the first SCALANCE W device that signals over Ethernet If there is only IP communication between the access point and the client the default setting Own can be retained If MAC address bas...

Page 127: ...terfaces Port Shows the port BSSID Shows the MAC address of the WDS partner WDS ID Shows the name of the WDS partner Channel Shows the channel over which the access point communicates with the WDS partner Signal Strength dBm Shows the signal strength of the connected access point in bBm Signal strength Shows the signal strength of the connected access point as a percentage Security Shows which aut...

Page 128: ...hannels at 2 4 GHz If entries exist here the maximum data throughput of the access point and the availability of the communication link to the access point is potentially impaired Description Table 1 has the following columns Radio Shows the available WLAN interfaces Aging Time min Specify the life time of the entries in the list If an access point is inactive for longer than the set time it is re...

Page 129: ...ication method is used If the authentication method Open System Encryption or Shared Key is used Encrypted WEP AES is displayed for both authentication methods WLAN Mode Shows the transmission standard If DFS is activated the transmission standard 802 11h is not shown additionally but only the configured transmission standard with the suffix DFS 6 4 16 8 Force Roaming Note This WBM page is only av...

Page 130: ...s reachable Down The destination address is not reachable IP address not reachable Force roaming Indicates whether roaming is currently being performed Inactive The client is not forced to perform roaming The corresponding VAP interface is not deactivated Active None of the destination addresses is reachable To force the logged on clients to roam the access point has disabled the relevant VAP inte...

Page 131: ...es sent according to their error type The columns of the table distinguish the following error types Transmission Errors Shows the number and percentage of bad frames that were sent Dropped Frames Shows the number and percentage of frames that were discarded Despite all the retries the frame could not be successfully sent The frame has not yet been sent and the recipient has logged off in the mean...

Page 132: ... Shows the number and percentage of bad frames that were received Duplicated Frames Shows the number and percentage of frames that were received twice Decryption Errors Shows the number and percentage of incorrectly encrypted frames FCS Errors Shows the number and percentage of frames in which the checksum was incorrect See also Start page Page 84 Configuring with Web Based Management 6 4 Informat...

Page 133: ...mes in response to logging on or logging off were counted per VAP interface Configuring with Web Based Management 6 4 Information menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C485 03 133 ...

Page 134: ...ociation Requests Shows the number of requesting disassociation frames relevant for a logoff Authentication Requests Shows the number of requesting authentication frames relevant for a logon Authentication Responses Shows the number of responding authentication frames relevant for a logon Deauthentication Requests Shows the number of deauthentication frames relevant for a logoff Configuring with W...

Page 135: ...rames in response to logging on or logging off were counted per VAP interface Configuring with Web Based Management 6 4 Information menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C485 03 135 ...

Page 136: ...ociation Requests Shows the number of requesting disassociation frames relevant for a logoff Authentication Requests Shows the number of requesting authentication frames relevant for a logon Authentication Responses Shows the number of responding authentication frames relevant for a logon Deauthentication Requests Shows the number of deauthentication frames relevant for a logoff Configuring with W...

Page 137: ...he columns of the table a distinction is made according to the following frame types Data Frames Shows the number of sent data frames Multicast Broadcast Frames Shows the number of sent multicast and broadcast frames Unicast Frames Shows the number of sent unicast frames Average Rate kbps Shows the average data rate of the last data frames sent Configuring with Web Based Management 6 4 Information...

Page 138: ...s In the columns of the table a distinction is made according to the following frame types Data Frames Shows the number of sent data frames Multicast Broadcast Frames Shows the number of sent multicast and broadcast frames Unicast Frames Shows the number of sent unicast frames Average Rate kbps Shows the average data rate of the last data frames sent Configuring with Web Based Management 6 4 Infor...

Page 139: ... Partner Client Shows the MAC address of the partner client Partner BSS Shows the MAC address of the access point to which the partner client is connected Delete Frames Sent Shows the number of sent iPRP delete frames that the device has sent to its partner device Delete Frames Received Shows the number of iPRP delete frames that the device has received from its partner device Frames Deleted Shows...

Page 140: ... service over the standard port e g TIA Portal accesses HTTPS over standard port 443 Before you change the port check which port the program uses When you change the standard port you must access the service using the changed port Description The page contains the following boxes Telnet Server Enable or disable the Telnet Server service for unencrypted access to the CLI Telnet port Specify the por...

Page 141: ...abled DCP is disabled Device parameters can neither be read nor modified Read Write With DCP device parameters can be both read and modified Read Only With DCP device parameters can be read but cannot be modified Time Select the setting from the drop down list The following settings are possible Manual The system time is set manually You can configure other settings in System System Time Manual Se...

Page 142: ... the save Saving starts only after the timer in the message has elapsed How long saving takes depends on the device During the save the message Saving configuration data in progress Please do not switch off the device is displayed Do not switch off the device immediately after the timer has elapsed Trial Trial mode In Trial mode although changes are adopted they are not saved in the configuration ...

Page 143: ...er the name of the device The entered name is displayed in the selection area A maximum of 255 characters are possible The system name is also displayed in the CLI input prompt The number of characters in the CLI input prompt is limited The system name is truncated after 16 characters System Contact You can enter the name of a contact person responsible for managing the device A maximum of 255 cha...

Page 144: ...hic coordinates The parameters of the geographic coordinates latitude longitude and the height above the ellipsoid according to WGS84 are entered directly in the input boxes of the Geographic Coordinates window Getting the coordinates Use suitable maps for obtaining the geographic coordinates of the device The geographic coordinates can also be obtained using a GPS receiver The geographic coordina...

Page 145: ... A western longitude is indicated by a preceding minus sign You can also add the letter E easterly longitude or W westerly longitude to the numeric information 8 20 58 73 E Input box Height Height Here you enter the value of the geographic height above sea level in meters For example 158 m means that the device is located at a height of 158 m above sea level Heights below sea level for example the...

Page 146: ...s queried first A total of 7 DNS servers can be configured on the device Manually configured DNS servers are given preference The DNS server Domain Name System assigns a domain name to an IP address so that a device can be uniquely identified If this function is enabled the device can communicate with a DNS server as a DNS client You have the option of entering names in IP address boxes Note The D...

Page 147: ...is shows whether the DNS server was configured manually or was assigned by DHCP Procedure Activating DNS 1 Enable the DNS Client check box 2 Click the Set Values button Creating a DNS server 1 In the DNS Server Address box enter the IP address of the DNS server 2 Click the Create button Filtering DNS servers 1 In the Used DNS Servers drop down list select which DNS servers are to be used 2 Click t...

Page 148: ...n the row to be deleted Domain Name Shows the name of the other domain Origin Shows whether the domain name was configured manually or was assigned by DHCP Procedure Specify primary domain 1 In the Primary Domain field enter the name of the primary domain 2 Click the Set Values button Specify additional domain 1 In the Domain Name field enter the name of the other domain 2 Click the Create button ...

Page 149: ...with the appropriate CLI commands and not by a power cycle on the device Any modifications you have made only become active on the device after clicking the Set values button on the relevant WBM page If the device is in Trial mode configuration modifications must be saved manually before a restart In Automatic Save mode the last changes are saved automatically before a restart Configuring with Web...

Page 150: ... of the default gateway DHCP client ID DHCP System name System location System contact User names and passwords Mode of the device DHCPv6 Rapid Commit Restore Factory Defaults and Restart Click this button to restore the factory defaults for the configuration The protected defaults are also reset An automatic restart is triggered Note By resetting all the defaults to the factory configuration sett...

Page 151: ...ual Commit setting you have the opportunity of first fully configuring the SCALANCE W device The changes are accepted but are not active immediately The changes only take effect when you confirm the changes with the Commit Changes button Note If you configure the SCALANCE W device via the WLAN interface we recommend that you use the Manual Commit setting Check the parameters again before you confi...

Page 152: ...LAN interfaces will be interrupted for a short time The WLAN driver is started with the new settings 6 5 7 Load Save 6 5 7 1 File list Overview of the file types Table 6 1 HTTP Type Description Download Save Delete Config This file contains the start configuration Among other things this file contains the definitions of the users roles groups and function rights The passwords are stored in the fil...

Page 153: ... startup X Users File with user names and passwords X X WBMFav WBM favorites This file contains the favorites that you created in the WBM You can download this file and upload it to other devices X X X WLANAuthlog File with entries from the WLAN Authentication Log informa tion on successful or failed authentication attempts X WLANCert only in client mode User certificate You can specify a password...

Page 154: ...TTPS certificates sign ed either by a reliable external or by an internal certification authority The HTTPS certificate checks the identity of the device and controls the encryp ted data exchange There are files to which access is password protected To successfully load the file into the device enter the password specified for the file on the WBM page Passwords Page 164 Maximum file size 8192 bits...

Page 155: ...external file on your client PC or to load such data from an external file from the PC to the devices This means for example that you can also load new firmware from a file located on your client PC Note This WBM page is available both for connections using HTTP and for connections using HTTPS Firmware The firmware is signed and encrypted This ensures that only firmware created by Siemens can be d...

Page 156: ...umns Type Shows the name of the file Note Size of certificate files With certificate files only certificates with a maximum of 8192 bits are supported Description Shows the short description of the file type Load With this button you can load files on the device The button can be enabled if this function is supported by the file type Configuring with Web Based Management 6 5 System menu SCALANCE W...

Page 157: ...one of the Save buttons Depending on the size of the file this may take some time 2 Depending on your browser configuration you will be prompted to select a storage location and a name for the file Or you accept the proposed file name To make the selection use the dialog in your browser After making your selection click the Save button Deleting files using HTTP 1 Start the delete function by click...

Page 158: ... and trial mode Automatic Save mode In Automatic Save mode the data is saved automatically before the configuration files ConfigPack and Config are transferred In Trial mode although the changes are adopted they are not saved in the configuration files ConfigPack and Config Use the Write Startup Config button on the System Configuration WBM page to save changes in the configuration files CLI scrip...

Page 159: ...ecessary you can change the default value 69 to your own requirements The table has the following columns Type Shows the name of the file Note Size of certificate files With certificate files only certificates with a maximum of 8192 bits are supported Description Shows the short description of the file type Configuring with Web Based Management 6 5 System menu SCALANCE W1780 W1740 according to IEE...

Page 160: ... and the SSL certificate restart the device The changes only take effect a restart Reusing configuration data If several devices are to receive the same configuration and the IP addresses are assigned using DHCP the effort for configuration can be reduced by saving and reading in the configuration data Follow the steps below to reuse configuration data 1 Save the configuration data of a configured...

Page 161: ...s saved automatically before the configuration files ConfigPack and Config are transferred In Trial mode although the changes are adopted they are not saved in the configuration files ConfigPack and Config Use the Write Startup Config button on the System Configuration WBM page to save changes in the configuration files CLI script file You can download existing CLI configurations RunningCLI and up...

Page 162: ...his assumes that a user with the corresponding rights has been created on the SFTP server The name must meet the following conditions It must be unique It must be between 1 and 250 characters long The following characters must not be included The characters for Space and Delete also cannot be included SFTP Password Enter the password for the user SFTP Password Confirmation Confirm the password Con...

Page 163: ... Address 2 Enter the port of the SFTP server to be used in SFTP Server Port 3 Enter the user data user name and password required for access to the SFTP server 4 If applicable enter the name of a file in which you want to save the data or take the data from in Filename Note Files whose access is password protected To be able to load these files on the device successfully you need to enter the pass...

Page 164: ...onfiguration data has a checksum If you change the data you can no longer upload it to the IE switch 6 5 7 5 Passwords There are files to which access is password protected For example to be able to use the HTTPS certificate you need to specify the corresponding password on this WBM page Description The table has the following columns Type Shows the file type Description Shows the short descriptio...

Page 165: ...no file has been loaded yet The password cannot be evaluated or is not yet being used The Enabled check box is not selected Procedure 1 Enter the password in Password 2 To confirm the password enter the password again in Password Confirmation 3 Select the Enabled option 4 Click the Set Values button Configuring with Web Based Management 6 5 System menu SCALANCE W1780 W1740 according to IEEE 802 11...

Page 166: ...s All Events Shows that the settings are valid for all events of table 2 E mail Trap Log Table Syslog Faults Enable or disable the required type of notification for all events If No Change is selected the entries of the corresponding column in table 2 remain unchanged Copy to Table If you click the button the setting is adopted for all events of table 2 Configuring with Web Based Management 6 5 Sy...

Page 167: ...Detection only in access point mode This event is triggered when there is an entry in the Overlap AP list WDS Only in access point mode The connection status of a WDS link has changed DFS Only in access point mode This event occurs if a radar signal was received or the DFS scan was started or stopped WLAN Authentication Log Forwarding of the entries from the WLAN authentication log to the system p...

Page 168: ... log server This is only possible if the system log server is set up and the Syslog Client function is enabled Error The device triggers an error The error LED lights up and the currently pending error is displayed under Information Faults Procedure Follow the steps below to change entries 1 Select the check box in the row of the required event Select the event in the column under the following ac...

Page 169: ...og Severity Select the required level The following settings are possible Critical System events are processed as of the severity level Critical Warning System events are processed as of the severity level Warning Info System events are processed as of the severity level Info Procedure Follow the steps below to configure the required level 1 Select the required values from the drop down lists of t...

Page 170: ...xists under System SMTP Client Recipient and the setting Send is activated Description The page contains the following boxes SMTP Client Enable or disable the SMTP client SMTP Server Address Enter the IP address or the FQDN Fully Qualified Domain Name of the SMTP server The table contains the following columns Select Select the check box in a row to be deleted Status Specify whether this SMTP serv...

Page 171: ...pted Test Sends a test e mail to the configured recipients Test Result Shows whether the e mail was sent successfully or not If sending was not successful the message contains possible causes Procedure Configuring the SMTP server 1 Enable the SMTP Client function 2 Enter the IP address or the FQDN of the SMTP server for SMTP Server Address 3 Click the Create button A new entry is generated in the ...

Page 172: ... mail address of the SMTP recipient Click the Create button A new entry is generated in the table The setting Send is activated by default 2 Send test e mail Click the General tab Click the Test button next to the SMTP server entry The device sends to every configured recipient Check the test result If sending was not successful the message contains possible causes 6 5 9 2 Recipient On this page y...

Page 173: ...lates Send When enabled the device sends an e mail to this recipient Email address of the SMTP recipient Shows the e mail address to which the device sends an e mail if a fault occurs Procedure Configuring an SMTP recipient 1 Select the required SMTP Server 2 Enter the e mail address of the SMTP recipient 3 Click the Create button A new entry is generated in the table 4 Activate the Send option fo...

Page 174: ...u want the DHCP client to use options 66 and 67 to download and then enable a configuration file DHCP Mode Select the DHCP mode from the drop down list The following modes are possible via MAC Address Identification is based on the MAC address via DHCP Client ID Identification is based on a freely defined DHCP client ID via System Name Identification is based on the system name If the system name ...

Page 175: ...arted Make sure that the option DHCP Client Configuration Request Opt 66 67 is no longer set 6 5 10 2 DHCP Server Note This page is available only in access point mode You can operate the device as a DHCP server This allows IPv4 addresses to be assigned automatically to the connected devices The IPv4 addresses are either distributed dynamically from an address band you have specified or a specific...

Page 176: ...ver function is only possible on the VLAN assigned to the management agent VLAN ID Probe address with ICMP echo before offer When selected the DHCP server checks whether or not the IP address has already been assigned To do this the DHCP server sends ICMP echo messages ping to the IPv4 address If no reply is received the DHCP server can assign the IPv4 address Note If there are devices in your net...

Page 177: ...CIDR notation Lower IP address Enter the IPv4 address that specifies the start of the dynamic IPv4 address band The IPv4 address must be within the network address range you configured for Subnet Upper IP address Enter the IPv4 address that specifies the end of the dynamic IPv4 address band The IPv4 address must be within the network address range you configured for Subnet Lease Time sec Specify f...

Page 178: ... the options can be deleted With the DHCP option 3 the internal IPv4 address of the device is automatically set as a DHCP parameter Note DHCP options not supported The DHCP options 50 60 and 255 are not supported The table has the following columns Select Select the check box in the row to be deleted Pool ID Shows the number of the IPv4 address band Option Code Shows the number of the DHCP option ...

Page 179: ...mas DHCP option 12 host name Enter the host name in the string format DHCP option 66 TFTP Server Enter the TFTP server as an IPv4 address e g 192 168 100 2 or the FQDN name All other DHCP options Enter the DHCP parameter in hexadecimal e g the IPv4 address 192 168 100 2 corresponds to C0A86402 6 5 10 4 Static Leases Note This page is available only in access point mode On this page you specify tha...

Page 180: ... the entry Note A maximum of 20 entries are possible The table has the following columns Select Select the check box in the row to be deleted Pool ID Shows the number of the IPv4 address band Note Only Pool ID 1 is supported Identification Method Shows whether the client is identified by its MAC address or the client ID Value Shows the MAC address to which the IPv4 address is assigned IP Address S...

Page 181: ...ke the basic settings for SNMP Enable the check boxes according to the function you want to use Configuring with Web Based Management 6 5 System menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C485 03 181 ...

Page 182: ...easons only limited access to objects of the SNMPCommunityMIB is possible with the SNMPv1 v2c Read Community String With the SNMPv1 v2c Read Write Community String you have full access to the SNMPCommunityMIB SNMPv1 v2c Read Community String Enter the community string for read access of the SNMP protocol SNMPv1 v2c Read Write Community String Enter the community string for read and write access of...

Page 183: ...ed SNMP Engine ID Shows the SNMP engine ID SNMP Agent Listen Port Specify the port at which the SNMP agent waits for the SNMP queries Procedure 1 Select the required option from the SNMP drop down list disabled SNMPv1 v2c v3 SNMPv3 2 Enable the SNMPv1 v2c Read Only check box if you only want read access to SNMP variables with SNMPv1 v2c 3 Enter the required character string in the SNMPv1 v2c Read ...

Page 184: ...y up to ten different recipients servers The table has the following columns Select Select the row you want to delete Trap Receiver Address If necessary change the IP address or the FQDN Fully Qualified Domain Name of the stations Trap Enable or disable the sending of traps Stations that are entered but not selected do not receive SNMP traps Procedure Creating a trap entry 1 In Trap Receiver Addre...

Page 185: ...ically apply to every member of a group Description The page contains the following boxes Group Name Enter the name of the group The maximum length is 32 characters Security Level Select the security level authentication encryption valid for the selected group The available options are as follows No Auth no Priv No authentication enabled no encryption enabled Auth no Priv Authentication enabled no...

Page 186: ...ired group name in Group Name 2 Select the required security level from the Security Level drop down list 3 Click the Create button to create a new entry 4 Specify the required read rights for the group in Read 5 Specify the required write rights for the group in Write 6 Click the Set Values button Modifying a group 1 Specify the required read rights for the group in Read 2 Specify the required wr...

Page 187: ...sting users The user based security model works with the concept of the user name in other words a user ID is added to every frame This user name and the applicable security settings are checked by both the sender and recipient 6103Y 8VHUV VHFRQG SDUW RI WKH WDEOH 6103Y 8VHUV ILUVW SDUW RI WKH WDEOH Configuring with Web Based Management 6 5 System menu SCALANCE W1780 W1740 according to IEEE 802 11...

Page 188: ... the first input box This password must have at least 1 character the maximum length is 32 characters Note Length of the password As an important measure to maximize security we recommend that the password has a minimum length of 6 characters and that it contains special characters uppercase lowercase letters numbers Authentication Password Confirmation Confirm the password by repeating the entry ...

Page 189: ...ion is necessary for the selected group select the authentication algorithm in Authentication Protocol In the relevant input boxes enter the authentication password and its confirmation 5 If encryption was specified for the group select the algorithm in Privacy Protocol In the relevant input boxes enter the encryption password and the confirmation 6 Click the Set Values button Delete user 1 Enable...

Page 190: ...em Time Enter the date and time in the format MM DD YYYY HH MM SS After a restart the time of day begins at 01 01 2000 00 00 00 Use PC Time Click the button to use the time setting of the PC Last Synchronization Time Shows when the last time of day synchronization took place If no time of day synchronization was possible the box displays Date time not set Configuring with Web Based Management 6 5 ...

Page 191: ... in the selection area of the WBM The current time including daylight saving time is displayed in the System Time box inactive offset 0 h The current system time is not changed Procedure 1 Enable the Time Manually option 2 In the System Time input box enter the date and time in the format MM DD YYYY HH MM SS 3 Click the Set Values button The date and time are adopted and Manual is entered in Last ...

Page 192: ...ch daylight saving time is active is displayed consisting of week day month and time of day With an entry of the type Date a is displayed State Shows the status of the entry Enabled The entry was created correctly Invalid The entry was created new and the start and end date are identical Type Shows how the daylight saving time changeover is made Date A fixed date is entered for the daylight saving...

Page 193: ...Week for start and end date Day for start and end date 7 Click the Set Values button Deleting an entry 1 Enable Select in the row to be deleted 2 Click the Delete button The entry is deleted 6 5 12 3 DST Configuration On this page you can configure the entries for the daylight saving time changeover As result of the changeover to daylight saving or standard time the system time for the local time ...

Page 194: ...ules Rule You can define a rule for the daylight saving time changeover This setting is suitable for regions in which the daylight saving time always begins or ends on a certain weekday Name Enter a name for the entry The name can be a maximum of 16 characters long Settings with Date selected Configuring with Web Based Management 6 5 System menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web ...

Page 195: ...Day Specify the day Hour Specify the hour Month Specify the month End Date Enter the following values for the end of daylight saving time Day Specify the day Hour Specify the hour Month Specify the month Settings with Rule selected Configuring with Web Based Management 6 5 System menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C48...

Page 196: ...cify the month Week Specify the week You can select the first to fifth or the last week of the month Day Specify the weekday 6 5 12 4 SNTP Client Time of day synchronization in the network SNTP Simple Network Time Protocol is used for synchronizing the time in the network The appropriate frames are sent by an SNTP server in the network Note To avoid time jumps make sure that there is only one time...

Page 197: ...was performed The following methods are possible Not set The time was not set Manual Manual time setting SNTP Automatic time of day synchronization with SNTP NTP Automatic time of day synchronization with NTP SIMATIC Automatic time of day synchronization using the SIMATIC time frame Time Zone In this box enter the time zone you are using in the format HH MM The time zone relates to UTC standard wo...

Page 198: ...and IPv6 addresses are supported Poll Interval s Here enter the interval between two time queries In this box you enter the query interval in seconds Possible values are 16 to 16284 seconds SNTP Server Address Enter the IP address or the FQDN Fully Qualified Domain Name of the SNTP server SNTP Server Port Enter the port of the SNTP server The following ports are possible 123 standard port 1025 to ...

Page 199: ...e IP address or the FQDN of the SNTP server whose frames will be used to synchronize the time of day 6 Click the Create button A new row is inserted in the table for the SNTP server 7 In the SNTP Server Port column enter the port via which the SNTP server is available The port can only be modified if the IPv4 address or the FQDN name of the SNTP server is entered 8 Click the Set Values button to t...

Page 200: ...on using the SIMATIC time frame Time Zone In this box enter the time zone you are using in the format HH MM The time zone relates to UTC standard world time The time in the Current System Time box is adapted accordingly Daylight Saving Time DST Shows whether the daylight saving time changeover is active active offset 1 h The system time was changed to daylight saving time in other words an hour wa...

Page 201: ...matic time setting using NTP 2 Enter the necessary values in the following boxes Time zone IP address or FQDN of the NTP server NTP Server Port Query interval 3 Click the Set Values button 6 5 12 6 SIMATIC Time Client Time setting via SIMATIC time client Note To avoid time jumps make sure that there is only one time server in the network Configuring with Web Based Management 6 5 System menu SCALAN...

Page 202: ...etting SNTP Automatic time of day synchronization with SNTP NTP Automatic time of day synchronization with NTP SIMATIC Automatic time of day synchronization using the SIMATIC time frame Procedure 1 Click the SIMATIC Time Client check box to enable the SIMATIC Time Client 2 Click the Set Values button 6 5 13 Auto Logout Setting the automatic logout On this page set the times after which there is an...

Page 203: ...terval time 0 or Set the interval high enough so that the underlying connection is terminated when there is inactivity Procedure 1 Enter a value of 60 3600 seconds in the Web Base Management s input box If you enter the value 0 the automatic logout is disabled 2 Enter a value of 60 600 seconds in the CLI TELNET SSH s input box If you enter the value 0 the automatic logout is disabled 3 Click the S...

Page 204: ... Syslog function Syslog Server Address Enter the IP address the FQDN Fully Qualified Domain Name or the host name of the Syslog server This table contains the following columns Select Select the row you want to delete Syslog Server Address Shows the IP address the FQDN Fully Qualified Domain Name or the host name of the Syslog server Server Port Enter the port of the Syslog server being used Proce...

Page 205: ...messaging system Depending on the hardware variant there are one or two power connectors Supply 1 Supply 2 and a PoE power supply With a redundant power supply configure the monitoring separately for each individual feed in line A fault is then signaled by the message system when there is no power on a monitored connection Power Line 1 Power Line 2 or PoE or when the applied voltage is too low Not...

Page 206: ...on a network connection If connection monitoring is enabled an error is signaled when there should be a link on a port and this is missing or when there should not be a link on a port and a link is detected If a fault occurs the error LED lights up on the device The currently pending fault is displayed under Information Faults In addition the corresponding error message is entered in the result lo...

Page 207: ... the following columns Port Shows the available ports Setting Select the setting from the drop down list You have the following options Up Error handling is triggered when the port changes to the active status From Link down to Link up Down Error handling is triggered when the port changes to the inactive status From Link up to Link down disabled The error handling is not triggered Configuring wit...

Page 208: ...e required setting from the drop down list of the Setting column 2 Click the Copy to Table button The setting is adopted for all ports of table 2 3 Click the Set Values button 6 5 16 PROFINET Settings for PROFINET This page shows the PROFINET AR status and the device name Configuring with Web Based Management 6 5 System menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 208 ...

Page 209: ...onnection in other words whether the device is connected to a PROFINET controller Online or Offline Here online means that a connection to a PROFINET IO controller exists that this has downloaded its configuration data to the device and that the device can send status data to the PROFINET IO controller In this status known as in data exchange the parameters set via the PROFINET controller cannot b...

Page 210: ...TICE Do not remove or insert the PLUG during operation A PLUG may only be removed or inserted when the device is turned off The device checks whether a PLUG is inserted at one second intervals If it is detected that the PLUG was removed there is a restart If a valid PLUG was inserted in the device the device changes to a defined error state following the restart With SCALANCE W the available wirel...

Page 211: ...ecuted after you click the Set Values button The action cannot be undone If you decide against executing the function after making your selection click the Refresh button As a result the data of this page is read from the device again and the selection is canceled Configuring with Web Based Management 6 5 System menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuratio...

Page 212: ...itional components modules or extenders it can however change if you update the firmware File System Displays the type of file system on the PLUG File System Size Kilobytes Displays the maximum storage capacity of the file system on the PLUG File System Usage Kilobytes Displays the memory utilization of the file system of the PLUG Info String Shows additional information about the device that used...

Page 213: ...configuration 1 Select the required option from the Modify PLUG drop down list 2 Click the Set Values button 6 5 18 2 License NOTICE Do not remove or insert the PLUG during operation A PLUG may only be removed or inserted when the device is turned off The device checks whether a PLUG is inserted at one second intervals If it is detected that the PLUG was removed there is a restart If a valid PLUG ...

Page 214: ... not valid NOT PRESENT No PLUG is inserted in the device MISSING There is no PLUG inserted Functions are configured on the device for which a license is required WRONG The inserted PLUG is not suitable for the device UNKNOWN Unknown content of the PLUG license DEFECTIVE The content of the PLUG license contains errors Article number Shows the article number of the PLUG The PLUG is available for var...

Page 215: ... When you save the configuration the information about whether or not a PLUG was inserted in the device at the time is also saved This configuration is then only executable if a PLUG with the same article number license is plugged in This applies regardless of whether or not iFeatures are configured 6 5 19 Ping Reachability of an address in an IP network With the ping function you can check whethe...

Page 216: ...e relevant IPv6 interface Ping Click this button to start the ping function Ping Output This box shows the output of the ping function 6 5 20 DCP Discovery On this page you can select an interface and search for devices that are reachable via the interface The reachable devices are listed in a table In the table you can check and adapt the network parameters of the devices To identify and configur...

Page 217: ...able has the following columns Port Shows the port via which the device can be reached MAC Address Shows the MAC address of the device Device Type Shows the product line or product group to which the device belongs Device Name If the device supports this function you can assign a new PROFINET device name to the device IP Address If necessary adapt the IPv4 address of the device The IPv4 address sh...

Page 218: ...r flashing When the time elapses flashing stops Flash Makes the port LEDs of the selected device flash Procedure 1 Select the TIA interface 2 To show all devices that can be reached via the TIA interface click the Browse button 3 Adapt the desired properties 4 Click the Set Values button The status of the modified properties changes to Configured 5 To ensure that the properties were applied correc...

Page 219: ...ther the port is on or off Data traffic is possible only over an enabled port OperState Displays the current operational status The operational status depends on the configured Status and the Link The available options are as follows up You have configured the status enabled for the port and the port has a valid connection to the network down You have configured the status disabled or Link down fo...

Page 220: ...t Transmission Parameters Shows the transfer parameters of the port Negotiation Shows whether the automatic configuration is enabled or disabled MAC Address Shows the MAC address of the port 6 6 1 2 Configuration Configuring ports With this page you configure the Ethernet ports of the device Configuring with Web Based Management 6 6 Interfaces menu SCALANCE W1780 W1740 according to IEEE 802 11ac W...

Page 221: ...ly negotiated with the connected end device This must also be in the Auto negotiation mode for this purpose Note Before the port and partner port can communicate with each other the settings must match at both ends Note If 10 Mbps is configured as the transmission speed or half duplex HD as the transmission mode this can lead to restrictions in PROFINET communication Always select at least 100 Mbp...

Page 222: ...ecause the connected device is turned off Procedure Note Changing the port configuration With various automatic functions the device prevents or reduces the effect on other ports and priority classes Class of Service if a port is overloaded This can mean that frames are discarded even when flow control is enabled Port overload occurs when the device receives more frames than it can send for exampl...

Page 223: ...o configure the WLAN interface you must always specify the country code first Some parameters are dependent on the country setting for example the transmission standard Configuring with Web Based Management 6 6 Interfaces menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C485 03 223 ...

Page 224: ...is changed a message is displayed If you confirm the message with OK the device restarts in the changed mode with the factory set configuration settings If the device has restarted you will need to log on again to be able to continue the configuration The table has the following columns Radio Shows the available WLAN interfaces Enabled Status of the WLAN interface To enable the WLAN interface sele...

Page 225: ...h IEEE 802 11b 802 11n The transmission standard IEEE 802 11n 2 4 GHz and 5 GHz is set This transmission standard is downwards compatible with IEEE 802 11a and IEEE 802 11g 802 11a The transmission standard IEEE 802 11a 5 GHz is set 802 11ac The transmission standard IEEE 802 11ac 5 GHz is set Note Data rate The data rate is adjusted automatically Configuring with Web Based Management 6 6 Interfac...

Page 226: ...or operation at 160 MHz only if DFS is activated Disabled The DFS function is not used Outdoor Mode Enabled If you have enabled Outdoor Mode only the channels that are permitted for outdoor operation are available to you Disabled If you have disabled Outdoor Mode only the channels that are permitted for operation in a building are available to you max Tx Power Specify the maximum possible transmit...

Page 227: ...hecked The channels can be used with the current settings Channel numbers Indicates the channels on which the current transmit power exceeds the maximum permitted transmit power Procedure 1 To configure the WLAN interface you must always specify the country first Select the country in which the device will be operated from the Country Code drop down list 2 Select the required frequency band from t...

Page 228: ...AP interfaces use an interval greater than or equal to 100 ms DTIM only in access point mode The DTIM interval 1 15 specifies the number of beacons to be sent before the access point sends the collected packets broadcast unicast multicast to the client If you enter a 1 in this box the access point transmits broadcast unicast and multicast packets directly after each beacon recommended setting for ...

Page 229: ...d channel of a WLAN interface was blocked due to radar detection and is released again after 30 minutes the access point changes automatically to the configured channel Before the access point starts the communication on the configured channel it searches 60 seconds for primary users on the channel During this time the access point does not send beacons If signals are found on the channel the acce...

Page 230: ...1 17 01 17 0 17 0 17 0 17 0 17 0 17 01 17 07 17 03 17 01 17 17 17 7 17 01 17 1 17 17 17 17 3 17 1 6 1 6 1 6 1 6 1 6 1 6 1 6 1 17 00 The antenna name provides information about the properties of the antennas listed in the IWLAN antenna overview Configuring with Web Based Management 6 6 Interfaces menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 230 Configuration Manual 11 2...

Page 231: ... connectors Connectors that are not used must have a 50 Ω terminating resistor fitted An antenna must always be connected to the antenna connectors R1 A1 and R2 A1 as soon as the WLAN interface is switched on If no antenna is connected the relevant interface must also be disabled for Rx and Tx Otherwise there may be transmission disruptions Configuring with Web Based Management 6 6 Interfaces menu...

Page 232: ...Configuring with Web Based Management 6 6 Interfaces menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 232 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 233: ...e type of your external antenna is not available select the entry User defined If you terminate an antenna connection using a 50 Ω terminating resistor select the entry Not used Connect 50 Ohm Termination Antenna Gain If you select the User defined entry for the Antenna Type enter the antenna gain manually in the dBi unit Antenna Gain 2 4 GHz dBi Here enter the antenna gain the antenna has in the ...

Page 234: ... 1 1 1 1 Antenna type Not used Connect 50 Ohm Termination Antenna Configuration for Channel Width 160 MHz not with SCALANCE W1788 2IA M12 Access point mode not configurable If the channel bandwidth of WLAN 1 or WLAN 2 is set to 160 MHz the setting is displayed The channel bandwidth is configured under Interfaces WLAN AP Client mode configurable If this is activated the channel bandwidth on the WLA...

Page 235: ...n the Antenna Type drop down list select the entry Not used Connect 50 Ohm Termination 4 Click the Set Values button 6 6 2 4 Allowed Channels Channel settings For communication a specific channel within a frequency band is used You can either set this channel specifically or configure so that the channel is selected automatically On this page you specify which channels may be used for communicatio...

Page 236: ... the frequency band remains enabled Enable the required channel The tables of the frequency bands have the following columns Radio Shows the available WLAN interfaces Radio Mode Shows the mode Channel number To specify the valid channels for the required frequency band select the appropriate check box for the channel number The table displays the permitted channels of the country Only the valid ch...

Page 237: ...as one large A MPDU This allows the total throughput to be increased Disabled A MPDU frames are received but not sent A MPDU Limit Frames Specify the number of individual frames grouped together in one A MPDU frame Range of values 2 64 frames A MSDU Aggregated MAC Service Data Unit A MSDU Enabled Multiple MSDU frames with the same destination address are bundled into one A MSDU and sent together T...

Page 238: ... 800 ns Procedure 1 Enable the A MPDU option 2 Enter the required value in the A MPDU Limit Frames input box 3 Enable the A MSDU option 4 Enter the required value in the A MSDU Packet Size input box 5 Select the required value from the Guard Interval ns drop down list 6 Click the Set Values button 6 6 2 6 Client Connecting to a network On this WBM page you can specify how the device connects to a ...

Page 239: ...erface will be disabled unless at least one SSID is configured Configuring with Web Based Management 6 6 Interfaces menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C485 03 239 ...

Page 240: ...ess point the IPv4 address is not checked min AP signal strength The client has a signal strength set The client must receive the signal coming from the access point with at least the specified signal strength to be able to connect to this access point The signal strength can fluctuate briefly e g due to the client moving or other disruptive factors To filter out fluctuations of the signal a hyste...

Page 241: ...N interface Scan Channels Shows the channels on which the client searches for an access point The display depends on the wireless approvals of the selected country and the settings for Allowed Channels Table 3 has the following columns Radio Shows the WLAN interface Enabled Enables or disables the relevant SSID SSID Enter the SSID of the access point with which the client will connect For the SSID...

Page 242: ...signal recorder can be particularly useful when the client moves along a fixed path Note This WBM page is only available for clients or access points in client mode The WLAN interface of the device must be enabled otherwise no recording is possible Configuring with Web Based Management 6 6 Interfaces menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 242 Configuration Manual...

Page 243: ...oo strong and is received overmodulated As of approximately 60 dBm yellow the WLAN signal is weaker x axis The x axis shows the course of the measurement in random samples and seconds Measurement data Client The measurement data shows the value of the effective user signal according to the color scheme shown The gray line shows the background noise If the client changes access points during a meas...

Page 244: ...hanges access points during a measurement roaming or reconnects this is displayed by a vertical black line If the access point does not support the setting Bidirectional Recording no data is displayed Beside the graphics the following values are displayed Status Shows whether or not the signal recorder is recording values Current Sample The number of the current measurement CL RX Signal dBm AP RX ...

Page 245: ... signal recorder runs until it is stopped manually or the device is reconfigured You can only select this option starting at a time interval 100 milliseconds If the recording contains more than 10000 measurements the last 10000 measurements are listed in the csv file and the PDF file Bidirectional Recording If you enable the setting the values of the access point as of a time interval of 10 millis...

Page 246: ...er of measurements 3 In Displayed Samples select how many measurements will be shown in the graphic 4 Click the Start button The status to the right of the graphic indicates whether the signal recorder is running The first measured value is displayed only after the set time interval has elapsed 5 To stop the recording click the Stop button 6 Change to one of the following menu items to call up the...

Page 247: ...ent is currently connected This requires that the setting Bidirectional Recording is enabled The setting is supported by access points with the following versions SCALANCE W700 11n V6 1 and SCALANCE W1700 11ac V1 0 The access point sends its data to a maximum of 3 clients on which signal recorders are running The access point data is not displayed on other clients If the client has an iPCF MC conn...

Page 248: ...s in the first row and the data belonging to the access point in the second Page 2 shows a legend of the abbreviations in the table The data starts on a new page when the client changes access points Note Note the description of the individual columns in the CSV file These also apply to the columns of the PDF file CSV file Configuring with Web Based Management 6 6 Interfaces menu SCALANCE W1780 W1...

Page 249: ...Max RX Rate The maximum data rate of the received data packets Rx Antenna x type The setting of the external antennas The second area is a table The table contains the following for each measured value Sample The current number of the measurement on the client CL on the access point AP Timestamp The time stamp BSSID The BSSID Basic Service Set Identification of the access point CL AP RX Signal The...

Page 250: ...l bandwidth 40 MHz Scan CH The channel on which the client is currently scanning TX Rate The average data rate of the sent data packets RX Rate The average data rate of the received data packets M Ch The management channel M Sig The effective user data signal of the management channel M NF The background noise of the management channel AP System Name The system name of the access point DPSOH RI D ...

Page 251: ...ode Configuration On this WBM page you specify the configuration for the access point Configuring with Web Based Management 6 6 Interfaces menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C485 03 251 ...

Page 252: ... the alternative channel here If you want the access point to search for a free channel itself use Auto If a competing radar signal was detected both on the main and alternative channel the access point automatically searches for a free channel If you want to use a fixed channel select the required channel from the drop down list Selected Channels Channel number frequency or Auto When a fixed chan...

Page 253: ...2IA M12 There are only enough channels available for operation at 160 MHz if DFS is activated Table 2 has the following columns Radio Shows the available WLAN interfaces Available Channels This box displays the permitted channels The display depends on the wireless approvals of the currently selected country and the settings on the Allowed Channels page Table 3 has the following columns Radio Show...

Page 254: ...igher security You must also expect that certain end devices may have problems with access to a hidden SSID WDS only If you enable this option the access point only supports communication via WDS In WDS mode all access points must use the same channel WDS ID Enter the WDS ID The WDS ID can be a maximum of 32 characters long To establish a WDS connection enter this WDS ID on the WDS Partner ASCII c...

Page 255: ...ess Distributed System Description The table has the following columns Radio Shows the available WLAN interfaces Port Shows the WDS interfaces Port enabled Enables the WDS interface Connection over Specify the VAP interface via which the WDS connection is established Both the MAC address of the VAP and the security settings e g WPA2 are used Configuring with Web Based Management 6 6 Interfaces men...

Page 256: ...ns apply to all access points involved All access points that will communicate with each other must use the same channel the same transmission procedure and the same data rate You can select either WEP or WPA 2 PSK as the encryption method You configure the security settings in the assigned VAP interface Security WLAN Basic You cannot use authentication with a RADIUS server for a WDS connection In...

Page 257: ... a disassociation frame to the WAN clients connected via this VAP interface The WLAN clients roam and connect to a different VAP interface If the address becomes reachable again the connection can be established again via this VAP interface Description The table IP address not reachable Force Roaming has the following columns Select Select the check box in the row to be deleted Dest IP Enter the I...

Page 258: ...e row to be deleted 2 Click the Delete button The entries are deleted and the page is updated 6 6 3 Remote Capture On this WBM page activate the function Remote Capture on the interface Ethernet WLAN The function is for network diagnostics via a connected PC e g to detect transfer errors You can also enable the function on several interfaces at the same time When the function is enabled the interf...

Page 259: ... traffic could influence the performance of the device Ethernet When Ethernet is selected no distinction is made between the two ports P1 and P2 Recording between port 1 and port 2 is therefore not possible Data traffic that is only forwarded and not received by the WLAN interface is not displayed Configuring with Web Based Management 6 6 Interfaces menu SCALANCE W1780 W1740 according to IEEE 802 ...

Page 260: ...d device must be reachable via IP layer 3 Procedure To analyze the data traffic e g of the WLAN interface 1 in Wireshark follow the steps below 1 Activate the function Remote Capture on the device on the WLAN interface 2 As the receive mode select Own Traffic 3 Click Set Values to enable the function 4 Start Wireshark 5 Click Options in the Capture menu The window Wireshark Capture Interfaces open...

Page 261: ...nsparently IEEE 802 1D VLAN unaware mode or takes VLAN information into account IEEE 802 1Q VLAN aware mode If the device is in the 802 1Q VLAN Bridge mode you can define VLANs and specify the use of the ports Note Changing the agent VLAN ID If the configuration PC is connected directly to the device via Ethernet and you change the management VLAN ID the device is no longer reachable via Ethernet ...

Page 262: ...create any VLANs Only a management VLAN is available VLAN 1 VLAN ID Enter the VLAN ID in the VLAN ID input box Range of values 1 4094 The table has the following columns Select Select the check box in the row to be deleted VLAN ID Shows the VLAN ID The VLAN ID a number between 1 and 4094 can only be assigned once when creating a new data record and can then no longer be changed To make a change th...

Page 263: ... VLAN You can configure other settings in Layer 2 VLAN Port based VLAN T This option is only displayed and cannot be selected in the WBM This port is a trunk port making it a member in all VLANs You configure this function in the CLI Command Line Interface using the switchport mode trunk command Changing Base Bridge mode VLAN unaware 802 1D transparent bridge VLAN aware 802 1Q VLAN bridge If you c...

Page 264: ...ted if in addition to the trunk port property the port is also entered statically as a member in the VLANs involved An example of a static configuration is the assignment of multicast groups in certain VLANs Procedure Requirement In Base Bridge mode 802 1Q VLAN Bridge is set Creating a new VLAN 1 Enter an ID in the VLAN ID input box 2 Click the Create button A new entry is generated in the table A...

Page 265: ... the port properties for receiving frames Requirement On the General page 802 1Q VLAN Bridge is set for Base Bridge Mode Configuring with Web Based Management 6 7 Layer 2 menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C485 03 265 ...

Page 266: ...ble 2 has the following columns Port Shows the available ports and interfaces Priority From the drop down list select the priority given to untagged frames The CoS priority Class of Service used in the VLAN tag If a frame is received without a tag it will be assigned this priority This priority specifies how the frame is further processed compared with other frames There are a total of eight prior...

Page 267: ...hether the VID of received frames is evaluated You have the following options Enabled The VLAN ID of received frames decides whether they are forwarded To forward a VLAN tagged frame the receiving port must be a member in the same VLAN Frames from unknown VLANs are discarded at the receiving port Disabled All frames are forwarded No Change If No Change is selected the entries of the corresponding ...

Page 268: ...ot delete learnt addresses automatically Description The page contains the following boxes Dynamic MAC Aging Enable or disable the function for automatic aging of learned MAC addresses Aging Time s Enter the time in seconds After this time a learned address is deleted if the device does not receive any further frames from this sender address The range of values is from 18 seconds to 630 seconds No...

Page 269: ...guration page Description The page contains the following boxes Spanning Tree Enable or disable MSTP Protocol Compatibility Select the compatibility mode of MSTP For example if you select RSTP MSTP behaves like RSTP The following settings are available STP RSTP MSTP Procedure 1 Select the MSTP check box 2 Select the compatibility mode from the Protocol Compatibility drop down list 3 Click the Set ...

Page 270: ...ridge is decided based on the bridge priority The bridge with the highest priority becomes the root bridge The lower the value the higher the priority If several devices in a network have the same priority the device whose MAC address has the lowest numeric value will become the root bridge Both parameters bridge priority and MAC address together form the bridge identifier Since the root bridge ma...

Page 271: ...ived BPDU for it to be accepted as valid by the switch The default for this parameter is 20 seconds Bridge Max Hop Count This parameter specifies how many MSTP nodes a BPDU may pass through If an MSTP BPDU is received and has a hop count that exceeds the value configured here it is discarded The default for this parameter is 20 Regional root priority For a description of the displayed values see B...

Page 272: ...cted at all layer 2 tunnel ports Procedure 1 Enter the data required for the configuration in the input boxes 2 Click the Set Values button 6 7 3 3 CIST Port MSTP CIST port configuration When the page is called the table displays the current status of the configuration of the port parameters To configure them click the relevant cells in the port table Configuring with Web Based Management 6 7 Laye...

Page 273: ...ed in the spanning tree or not Note If you disable the Spanning Tree Status option for a port this may cause the formation of loops The topology must be kept in mind Priority Enter the priority of the port The priority is only evaluated when the path costs are the same The value must be divisible by 16 If the value that cannot be divided by 16 the value is automatically adapted Range of values 0 2...

Page 274: ...only displayed and cannot be configured The State parameter depends on the configured protocol The following is possible for status Disabled The port only receives and is not involved in STP MSTP and RSTP Discarding In the Discarding mode BPDU frames are received Other incoming or outgoing frames are discarded Listening In this status BPDUs are both received and sent The port is involved in the sp...

Page 275: ...anning tree or rapid spanning tree device at this port With an end device a switch can switch the port faster without taking into account spanning tree frames If a spanning tree frame is received despite this setting the port automatically changes to the Disabled setting for switches P t P type Select the required option from the drop down list The selection depends on the port that is set P t P E...

Page 276: ...the input cells of the table row enter the values of the port you are configuring 2 From the drop down lists of the cells of the table row select the values of the port you are configuring 3 Click the Set Values button 6 7 3 4 MST General Multiple Spanning Tree configuration With MSTP in addition to RSTP several VLANs can be managed in a LAN with separate RSTP trees Configuring with Web Based Mana...

Page 277: ...with Start ID End ID Several ranges or IDs are separated by Permitted values 1 4094 Procedure Creating a new entry 1 Enter the number of the MSTP instance in the MSTP Instance ID box 2 Click the Create button 3 Enter the identifier of the virtual LAN in the VLAN ID input box 4 Enter the priority of the bridge in the Bridge Priority box 5 Click the Set Values button Deleting entries 1 Use the check...

Page 278: ...the following columns Column 1 Shows that the settings are valid for all ports of table 2 MSTP Status In the drop down list select the setting for all ports If No Change is selected the entries of the corresponding column in table 2 remain unchanged Copy to Table If you click the button the setting is adopted for all ports of table 2 Configuring with Web Based Management 6 7 Layer 2 menu SCALANCE ...

Page 279: ...alc box has the value 0 the automatically calculated value is shown Otherwise the value of the Cost Calc box is displayed The calculation of the path costs is largely based on the transmission speed The higher the achievable transmission rate the lower the value for the path costs will be Typical values for rapid spanning tree are as follows 1000 Mbps 20 000 100 Mbps 200 000 10 Mbps 2 000 000 The ...

Page 280: ...vidual ports for example to prevent individual parts of the network from being configured with the PST Tool or to divide the full network into smaller parts for configuration and diagnostics All the ports of the device are displayed on this WBM page Description Table 1 has the following columns Column 1 Shows that the settings are valid for all ports of table 2 Setting Select the setting from the ...

Page 281: ...on 6 7 5 LLDP Identifying the network topology LLDP Link Layer Discovery Protocol is defined in the IEEE 802 1 AB standard LLDP is a method used to discover the network topology Network components exchange information with their neighbor devices using LLDP Network components that support LLDP have an LLDP agent The LLDP agent sends information about itself and receives information from connected d...

Page 282: ...e is selected the entry in table 2 remains unchanged Copy to Table When you click this button the setting is adopted for all ports of table 2 Table 2 has the following columns Port Shows the port Setting Specify the LLDP functionality The following options are available Tx This port can only send LLDP frames Rx This port can only receive LLDP frames Rx Tx This port can receive and send LLDP frames...

Page 283: ...figuration tab Description The page contains the following boxes Interface Select the interface on which you want to configure the subnet The table has the following columns Select Select the row you want to delete Interface Shows the interface TIA Interface Shows the selected TIA interface Interface Name Shows the name of the interface MAC Address Shows the MAC address Configuring with Web Based ...

Page 284: ...ere configured on an IPv4 interface IP Assign Method Shows how the IPv4 address is assigned The following values are possible Static The IPv4 address is static You enter the settings in IP Address and Subnet Mask Dynamic DHCP The device obtains a dynamic IPv4 address from a DHCPv4 server Configuring with Web Based Management 6 8 Menu Layer 3 IPv4 SCALANCE W1780 W1740 according to IEEE 802 11ac Web...

Page 285: ...is IP address as of now Conflict The interface is not enabled The interface is attempting to use an IPv4 address that has already been assigned Defending The interface uses a unique IPv4 address Another interface is attempting to use the same IPv4 address Active The interface uses a unique IPv4 address There are no collisions Not supported The function for detection of address collisions is not su...

Page 286: ...e DHCP client for this IPv4 interface IP Address Enter the IPv4 address of the interface The IPv4 addresses must not be used more than once Subnet Mask Enter the subnet mask of the subnet you are creating Subnets on different interfaces must not overlap Address Type Shows the address type Primary The first subnet of the interface Configuring with Web Based Management 6 8 Menu Layer 3 IPv4 SCALANCE...

Page 287: ...4 Procedure 1 Select the interface from the Interface Name drop down list 2 Enter a name for the Interface in Interface Name 3 Enter the IPv4 address of the subnet in the IP Address column 4 Enter the subnet mask belonging to the IPv4 address in the Subnet Mask column 5 Click the Set Values button 6 8 2 Static Routes On this page you specify the routes via which data exchange can take place betwee...

Page 288: ... higher value the longer packets require to their destination The table has the following columns Select Select the row you want to delete Destination Network Shows the network address of the destination Subnet Mask Shows the corresponding subnet mask Gateway Shows the IPv4 address of the next gateway Interface Shows the interface of the route Administrative Distance Enter the metric for the route...

Page 289: ...nce 6 Click the Create button A new entry is generated in the table 7 Click the Set Values button 6 9 Menu Layer 3 IPv6 6 9 1 Subnets Configuration of the IP addresses On this page you enable IPv6 at the VLAN interface This VLAN interface is also called an IPv6 interface An IPv6 interface can have several IPv6 addresses Configuring with Web Based Management 6 9 Menu Layer 3 IPv6 SCALANCE W1780 W17...

Page 290: ...tus dependent Obtains the IPv6 address and the configuration file from the DHCPv6 server SLAAC Stateless Address Auto Configuration Stateless autoconfiguration using NDP Neighbor Discovery Protocol Static Enter a static IPv6 address DHCPv6 Rapid Commit When enabled the procedure for the IPv6 address assignment is shortened Instead of 4 DHCPv6 messages SOLICIT ADVERTISE REQUEST REPLY only 2 DHCPv6 ...

Page 291: ... and checks this again Complete This status indicates that the selected IPv6 address can be used In this case the device did not receive feedback within a period of time and assumes that the IPv6 address is not yet assigned Down This status indicates that the interface is not active No check is carried out Procedure Automatically form link local address 1 Enable IPv6 2 Click the Create button In t...

Page 292: ... Enter the IPv6 address of the gateway to which the IPv6 packets will be sent Administrative Distance Enter the metric for the route The metric corresponds to the quality of a connection based for example on speed or costs If there are several equal routes the route with the lowest metric value is used Range of values 1 254 Interface Specify the interface via which the network address of the desti...

Page 293: ...e of values 1 254 Status Shows whether or not the route is active Steps in configuration 1 Enter the prefix length 2 Enter the IPv6 address of the gateway 3 Select the required interface 4 Enter the metric of the route 5 Click the Create button A new entry is generated in the table 6 Click the Set Values button 6 10 Security menu 6 10 1 Users 6 10 1 1 Local Users Local users On this page you creat...

Page 294: ...ake change explicitly for the internal or external user table use the CLI commands Note The values displayed depend on the rights of the logged in user Configuring with Web Based Management 6 10 Security menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 294 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 295: ...ast 1 special character At least 1 number Low Password length at least 6 characters maximum 128 characters You configure the password policy on the page Security Passwords Options Password Enter the password The strength of the password depends on the set password policy Password Confirmation Enter the password again to confirm it Role Select a role You can choose between system defined and self d...

Page 296: ...ter a description of the user 7 Click the Set Values button Deleting users 1 Select the check box in the row to be deleted 2 Click the Delete button The entries are deleted and the page is updated 6 10 1 2 Roles Roles On this page you create roles that are valid locally on the device Note The values displayed depend on the rights of the logged in user Configuring with Web Based Management 6 10 Sec...

Page 297: ...e role 1 Users with this role can read device parameters but cannot change them Users with this role can change their own password 15 Users with this role can both read and change device parameters Note Function right cannot be changed If you have assigned a role you can no longer change the function right of the role If you want to change the function right of a role follow the steps outlined bel...

Page 298: ...e you link a group with a role In this example the group Administrators is linked to the admin role The group is defined on a RADIUS server The role is defined locally on the device When a RADIUS server authenticates a user and assigns the user to the Administrators group this user is given rights of the admin role Note The values displayed depend on the rights of the logged in user Configuring wi...

Page 299: ... choose between system defined and self defined roles refer to the page Security Users Roles Description Enter a description for the link of the group to a role The description text can be up to 100 characters long Procedure Linking a group to a role 1 Enter the name of a group 2 Click the Create button 3 Select a role 4 Enter a description for the link of a group to a role 5 Click the Set Values ...

Page 300: ...ts If you are logged on as user you can only change your own password Description of the displayed boxes Current User Shows the user that is currently logged in Current User Password Enter the password for the currently logged in user User Account Select the user whose password you want to change Configuring with Web Based Management 6 10 Security menu SCALANCE W1780 W1740 according to IEEE 802 11...

Page 301: ... confirm it Procedure 1 Enter the valid password for the currently logged in user in the Current User Password input box 2 From the User Account drop down list select the user whose password you want to change 3 Enter the new password for the selected user in the New Password input box 4 Repeat the new password in the Password Confirmation input box 5 Click the Set Values button Note The factory s...

Page 302: ...ial character At least 1 number Low Password length at least 6 characters maximum 128 characters 6 10 3 AAA 6 10 3 1 General Login of network nodes The designation AAA stands for Authentication Authorization Accounting This feature is used to identify and allow network nodes to make the corresponding services available to them and to specify the range of use On this page you configure the login Co...

Page 303: ...es not exist there a RADIUS request is sent RADIUS and fallback Local The authentication must be handled via a RADIUS server A local authentication is performed only when the RADIUS server cannot be reached in the network 6 10 3 2 RADIUS Client Authentication over an external server The concept of RADIUS is based on an external authentication server Each row of the table contains access data for o...

Page 304: ...the FQDN Fully Qualified Domain Name of the RADIUS server Server Port Here enter the input port on the RADIUS server As default input port 1812 is set The range of values is 1 to 65535 Shared Secret Enter your access ID here The range of values is 1 128 characters Shared Secret Conf Enter your access ID again as confirmation Max Retrans Here enter the maximum number of retries for an attempted req...

Page 305: ... secret Steps in configuration Entering a new server 1 Click the Create button A new entry is generated in the table The following default values are entered in the table RADIUS Server Address 0 0 0 0 Server Port 1812 Max Retrans 3 Primary server No 2 In the relevant row enter the following data in the input boxes RADIUS Server Address Server Port Shared Secret Shared Secret Conf Max Retrans 3 Pri...

Page 306: ...very server whose entry you want to modify Deleting servers 1 Click the check box in the first column before the row you want to delete to select the entry for deletion Repeat this for all entries you want to delete 2 Click the Delete button The data is deleted from the memory of the device and the page is updated Configuring with Web Based Management 6 10 Security menu SCALANCE W1780 W1740 accord...

Page 307: ...k secure authentication and encryption are used On this page you specify the security settings Configuring with Web Based Management 6 10 Security menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual 11 2019 C79000 G8976 C485 03 307 ...

Page 308: ...ethod specified by the Wi Fi Alliance to close security gaps in WEP Authentication using a server 802 1x is mandatory The dynamic exchange of keys at each data frame introduces further security WPA PSK WPA Pre Shared Key WPA PSK is a weakened form of WPA In this method authentication is not carried out by a server but is based on a password This password is configured manually on the client and se...

Page 309: ... Privacy A symmetrical stream encryption method with only 40 bit or 104 bit keys based on the RC4 Ron s Code 4 algorithm TKIP Temporal Key Integrity Protocol A symmetrical stream encryption method with the RC4 Ron s Code 4 algorithm In contrast to the weak WEP encryption TKIP uses changing keys derived from a main key TKIP can also recognize corrupted data frames AES Advanced Encryption Standard S...

Page 310: ...tion of the WLAN clients to the access point is only possible when these also support PMF Optional The management frames are encrypted or unencrypted depending on support of the WLAN client Procedure 1 Select the required security settings The settings that are possible depend on the set Authentication Type Authentication Type Encryption Cipher Encryption key source Open System disabled Open Syste...

Page 311: ... row you want to delete Select a check box in this column and click the Delete button to delete an entry in the list Security Context Shows the number of the entry If you create a new entry a new row with a unique number is created You can create up to 8 security contexts The security context 1 cannot be deleted Configuring with Web Based Management 6 10 Security menu SCALANCE W1780 W1740 accordin...

Page 312: ... the Keys page WPA RADIUS Wi Fi Protected Access WPA is a method specified by the Wi Fi Alliance to close security gaps in WEP Authentication using a server 802 1x is mandatory The dynamic exchange of keys at each data frame introduces further security Note Make the relevant RADIUS settings initially on the page Security WLAN Client Radius Supplicant WPA PSK WPA Pre Shared Key WPA PSK is a weakene...

Page 313: ...lection depends on the transmission standard AUTO Either AES or TKIP is automatically selected depending on the capability of the other station WEP WEP Wired Equivalent Privacy A symmetrical stream encryption method with only 40 bit or 104 bit keys based on the RC4 Ron s Code 4 algorithm TKIP Temporal Key Integrity Protocol A symmetrical stream encryption method with the RC4 Ron s Code 4 algorithm...

Page 314: ...ings The settings that are possible depend on the set Authentication Type 3 Click the Set Values button 6 10 4 3 AP Communication Communications options On this WBM page you specify the type of communication allowed by the access point Note This WBM page is only available in access point mode Configuring with Web Based Management 6 10 Security menu SCALANCE W1780 W1740 according to IEEE 802 11ac W...

Page 315: ... No Change is selected the entry in table 2 remains unchanged Copy to Table If you click the button the setting is adopted for all ports of table 2 Table 2 has the following columns Radio Shows the available WLAN interfaces Port Shows the VAP interface Configuring with Web Based Management 6 10 Security menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management Configuration Manual ...

Page 316: ...ithin own VAP or with other VAPs function is disabled the various WLAN clients can no longer see each other This means that Address Collision Detection ACD also no longer works reliably with Ethernet Enabled Clients can communicate via the Ethernet interface of the access point Disabled Option is disabled Client Limiter Enabled The number of WLAN clients that can be logged on simultaneously is lim...

Page 317: ... Local Enables local time management In Reauthentication Interval specify the time of validity Reauthentication Interval s If time management is local enter the period of validity of the authentication in seconds The minimum time is 1 minute enter 60 the maximum time is 12 hours enter 43200 The default is one hour 3 600 seconds The table has the following columns Server IP Address Enter the IP add...

Page 318: ...put boxes IP address or FQDN of the RADIUS server Port number of the input port Password Confirmation of the password Maximum number of transmission retries Primary server 2 Click the Set Values button Modifying servers 1 In the relevant row enter the following data in the input boxes IP address or FQDN of the RADIUS server Port number of the input port Password Confirmation of the password Maximu...

Page 319: ...ed above The client logs on with the RADIUS server using this combination For password assignment ASCII code 0x20 to 0x7e is used Dot1x User Password Confirmation Confirm the password Note Dot1X user name and Dot1X user password With WPA RADIUS WPA2 RADIUS EAP TLS EAP TTLS and PEAP the Dot1X user name and the Dot1X user password must be configured With the setting Auto either the certificate must ...

Page 320: ...sed for internal authentication PEAP Protected Extensible Authentication Protocol Alternative draft protocol of IETF for EAP TTLS Procedure 1 Enter the necessary values in the input boxes 2 Select the required entry in the Dot1x EAP Types drop down list 3 Click the Set Values button 6 10 4 6 802 11r On this WBM page you configure the setting for Fast BSS Transition Note This WBM page is only avail...

Page 321: ... supported Can only be enabled when the mobility domain is entered Mobility Domain ID Enter the ID of the mobility domain The access points with the same ID are members of one mobility domain Based on the ID the WLAN client recognizes whether the access point is a member of the same mobility domain and can therefore log on without delay Configuring with Web Based Management 6 10 Security menu SCAL...

Page 322: ...n the following key lengths 5 or 13 ASCII or 10 or 26 hexadecimal characters 40 104 bits 16 ASCII or 32 hexadecimal characters 128 bits Note The hexadecimal characters are entered without being preceded by 0x One hexadecimal character codes four bits The entries ABCDE ASCII characters and 4142434445 hexadecimal characters are therefore the same because the ASCII character A has hexadecimal code 0x...

Page 323: ...ich the station may be located This ensures that only certain stations within a VLAN have access to the device Note If you enable this function note the following A bad configuration on the Management Access Control List page can result in you being unable to access the device You should therefore configure an access rule that allows access to the management before you enable the function Configur...

Page 324: ...ck box in the row to be deleted Rule Order Shows the number of the rule If you click the Create button a new row with a unique number is created IP Address Shows the IP address Subnet Mask Prefix Length Shows the subnet mask or the prefix length VLANs Allowed Only available if 802 1Q VLAN Bridge is set for Layer 2 VLAN General Enter the number of the VLAN in which the device is located The station...

Page 325: ...figuring Changing the entry 1 Configure the data of the entry you want to modify 2 Click the Set Values button to transfer the changes to the device Creating new entry 1 In the IP Address input box enter the IP address of the device and in the Subnet Mask Prefix Length input box the corresponding subnet mask 2 Click the Create button to create a new row in the table 3 Configure the entries of the ...

Page 326: ... IP addresses are configured in Allowed Addresses on the access point are accessible to the clients Communication with other nodes in the network is therefore prevented Description The page contains the following box Update interval s Enter the update interval for the ARP resolution of the allowed IP addresses The resolved MAC addresses are displayed under Information Security Inter AP Blocking Co...

Page 327: ...gratuitous ARP packets from this VAP interface are not forwarded to Ethernet Block Non IP Frames When enabled there is no exchange of non IP packets for example layer 2 packets between the client and the devices configured on the access point as permitted communications partners 6 10 6 2 Allowed Addresses Note This WBM page is only available in access point mode On this WBM page you specify which ...

Page 328: ...int uses to resolve the allowed IP address The entry is necessary when the management IP address of the access point is located in a different subnet If the IP address 0 0 0 0 is configured for Resolver IP Address the management IP address is used for resolution Procedure Creating an entry 1 Select a port from the Port drop down list 2 In the IP Address box enter the IP address accessible for the ...

Page 329: ... the access points are located in both PRP networks you can use one of the two VLANs as the agent VLAN As an alternative you can also use other VLANs as agent VLANs The division into PRP networks A and B must remain A single management VLAN for all devices in network A and B is not possible without further measures With the industrial Parallel Redundancy Protocol iPRP the PRP technology can be use...

Page 330: ...lect the VLAN assignment for PRP B from the drop down list The table contains the following columns Port Shows the available ports Enable iPRP Enable or disable iPRP for the required port Configuring with Web Based Management 6 11 iFeatures menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 330 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 331: ...se it connects to the same best access point as the partner client Device Prevents the two clients of a client pair from connecting to the same access point no matter which interface is used Procedure 1 Select the VLAN assignment for PRP A from the PRP A drop down list 2 Select the VLAN assignment for PRP B from the PRP B drop down list 3 Specify the PRP network in which the port is a member 4 Mak...

Page 332: ...Configuring with Web Based Management 6 11 iFeatures menu SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 332 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 333: ...ver in the TFTP Server Port input box 4 Click the Load file button in the Firmware table row 5 Go to the storage location of the firmware file 6 Click the Open button in the dialog The file is uploaded Firmware update via SFTP 1 Click System Load Save in the navigation area Click the SFTP tab 2 Enter the IP address of the SFTP server in the SFTP Server Address input box 3 Enter the port of the SFT...

Page 334: ...ration and firmware create a ConfigPack only from device configurations that use DHCP Otherwise disruptions will occur in network operation due to multiple identical IP addresses You assign fixed IP addresses extra following the basic installation 1 Start the remote configuration using Telnet CLI and log on with a user with the admin role 2 Change to the global configuration mode with the command ...

Page 335: ...ing interval 2 sec on 0 2 sec off Afterwards the device is restarted and the device configuration incl users and certificates stored in the ConfigPack is transferred to the device 6 Wait until the device has fully started up the red F LED is off 7 You can log on the device again or exit the WBM 7 3 Device configuration with PRESET PLUG Please not the additional information and security notes in th...

Page 336: ... and certificates are stored on the PLUG and the PLUG is then write protected 5 Turn off the power to the device 6 Remove the PRESET PLUG 7 Start the device either with a new CLP inserted or with the internal configuration Procedure for installation with the aid of the PRESET PLUG 1 Turn off the power to the device 2 If it is inserted remove the CLP from the slot You will find further information ...

Page 337: ...Command Line Interface CLI to reset the preset function To do this follow the steps outlined below 1 Start the remote configuration using Telnet CLI and log on with a user with the admin role 2 Switch to the global configuration mode with the command configure terminal 3 You change to the PLUG configuration mode with the plug command 4 Enter the command factoryclean The PRESET PLUG is formatted an...

Page 338: ... LED F goes off again 7 The device then starts automatically with the factory settings With the Primary Setup Tool Follow the steps below to reset the device parameters to the factory defaults with the Primary Setup Tool 1 Select the device whose parameters you want to reset 2 Click on the menu item Reset in the Module tab 3 Confirm the prompt with OK Via the configuration You will find detailed i...

Page 339: ...ash after approximately 2 seconds 4 Now release the button The bootloader waits in this state for a new firmware file that you can download by TFTP 5 Connect a PC to the SCALANCE W over the Ethernet interface 6 Assign an IP address to the SCALANCE W with the Primary Setup Tool 7 Open a DOS box and change to the directory where the file with the new firmware is located and then execute the command ...

Page 340: ...wing tabs Access point mode Information WLAN Client List Client mode Information WLAN Available AP Interfaces WLAN Signal recorder The power of the input signal on the SCALANCE W device is influenced by the following factors Distance between the WLAN partners Reflections of the electromagnetic waves by parts of the building Setting of the max Tx Power transmit power Interfaces WLAN Basic and the a...

Page 341: ...gle management VLAN For more detailed information refer to the section Menu Layer 3 IPv4 Page 283 A further option is to install a separate HTTPS certificate on the WLAN client access point The HTTPS certificate checks the identity of the device and controls the encrypted data exchange You can install the HTTPS certificate via HTTP For more detailed information refer to the section HTTP Page 155 U...

Page 342: ...Troubleshooting FAQ 8 3 Instructions for secure network design SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 342 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 343: ...863 EtherLike MIB 1 3 6 1 2 1 10 7 2 RFC 3635 MAU MIB 1 3 6 1 2 1 26 RFC 4836 ENTITY MIB 1 3 6 1 2 1 47 RFC 4133 Q BRIDGE MIB 1 3 6 1 2 1 17 7 RFC 2674q P BRIDGE MIB 1 3 6 1 2 1 17 6 RFC 2674p BRIDGE MIB 1 3 6 1 2 1 17 RFC 4188 IPV6 MIB 1 3 6 1 2 1 55 RFC 2465 SNMPv2 MIB 1 3 6 1 2 1 1 RFC 3418 SNMP COMMUNITY MIB 1 3 6 1 6 3 18 RFC 3584 SNMP USER BASED SM MIB 1 3 6 1 6 3 15 RFC 3414 SNMP VIEW BASED...

Page 344: ...ens 2 1 3 6 1 4 1 4329 20 1 1 1 Vendor specific 1 Part of the AUTOMATION MIB You can download the AUTOMATION MIB for SCALANCE W from Siemens Industry Automation and Drives Service Support under the entry ID 67637278 https support industry siemens com cs ww en view 67637278 2 Part of the private MIB file Scalance_w_msps mib The file can be downloaded in WBM using System Load Save HTTP MIB and the S...

Page 345: ...ng object identifier iso 1 org 3 dod 6 internet 1 private 4 enterprises 1 siemens 4329 industrialComProducts 20 iComPlatforms 1 simaticNet 1 snMsps 1 snMspsCommon 1 WLAN specific MIB variables The WLAN specific MIB variables can be found in snMspsWlan You will find further information about the settings and values in the MIB file SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management...

Page 346: ...Appendix B B 1 Private MIB variables SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 346 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 347: ...ss Local Area Network IEEE 802 11a Wireless standard for use of the 5 GHz frequency band IEEE 802 11at PoE IEEE 802 11b g Wireless standard for use of the 2 4 GHz frequency band IEEE 802 11e Quality of Service QoS IEEE 802 11 h Expansion of the spectrum and transmit power for use of the 5 GHz fre quency range in Europe IEEE 802 11i Encryption of WLANS IEEE 802 11n Standard for high transmission ra...

Page 348: ...Appendix C C 1 Underlying standards SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 348 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 349: ...r up on line 1 2 PoE Power supply exists on line 1 line 2 or PoE Power down on line 1 2 PoE Power supply interrupted on line 1 line 2 or PoE Status of the Ethernet interface You enable or disable the Link Change event in System Events Alarm Description Link up on P1 A connection exists on the Ethernet interface Link down on P1 No connection exists on the Ethernet interface Status of the WLAN inter...

Page 350: ...nd on all available channels There is no free channel available the WLAN interface X will be deactivated until one of the channels becomes available Status of the WLAN interface in client mode only Messages Description Link up on WLAN X The WLAN interface X is enabled Link down on WLAN X The WLAN interface X is disabled Messages on configuration Messages Description WBM Authentication failure When...

Page 351: ... You configure the events in System Events You configure the monitoring of the power supply and the link on the Ethernet port in System Fault Monitoring New Fault state fault description fault description Warm start performed Cold start performed Link down on P1 Link up on P1 Power down on line L1 L2 DFS No channels are available at WLAN2 Incoming fault Not all events automatically lead to a fault...

Page 352: ...ication of the client on the SMTP server incorrect Unable to send e mail s because SMTP mes sage transfer failed Sending of e mail s failed SMTP server can be reached configuration incomplete or contains errors e g receiver e mail address wrong does not exist SNMP Authentification failure Authentication of an SNMP client failed access not possible e g SNMPv1 v2 read only configured or Read Communi...

Page 353: ...ty PLUG was found There is an empty or formatted PLUG in the device PLUG Filled PLUG was found PLUG Configuration Accepted There is a valid PLUG with a valid configuration in the device PLUG Removed at runtime The PLUG License CLP or the PLUG Configuration CLP was removed during operation PLUG accepted PLUG was accepted D 2 Messages in the WLAN Authentication Log Messages in access point mode Alar...

Page 354: ...nated Messages in client mode Alarm Description Associated successfully to AP MAC address system name at channel channel number frequency frequen cy MHz The client has logged in successfully on the access point Disassociated from AP MAC address sys name with reason Disassociated because sending STA is leaving or has left BSS The client was logged off from the access point Failed to authenticate to...

Page 355: ...ge broken down into a Severity and Facility box Facility Severity VERSION Set to 1 HOSTNAME_CONTENT IPv4 address according to RFC1035 Each byte is represented in decimal with a dot separating it from the previous one XXX XXX XXX XXX IPv6 address according to RFC4291 Section 2 2 STRUCTURED DATA timeQuality block MESSAGE ASCII string in English Note Additional information about the meaning of the bo...

Page 356: ...ion user name Identifies the user based on his her name This is not the authenticated user Format s Peter Maier role Symbolic name for the group role Format s Administrator time minute timeout Number of minutes Format d 44 time second Number of seconds Format d 44 failed login count Number of failed logins Format d 10 max sessions Number of sessions Format d 10 vap Symbolic name of the virtual acc...

Page 357: ...C 62443 3 3 Reference SR1 1 Description Valid login information that is specified during remote login Example WBM User admin logged in from 192 168 0 1 Severity Info Facility local0 Log text protocol Default user user name logged in from ip address Standard IEC 62443 3 3 Reference n a NERC CIP 007 R5 Description User logged in with default user name and password Example SSH Default user admin logg...

Page 358: ...andard IEC 62443 3 3 Reference SR1 3 Description User has changed other password Example WBM User admin changed password of user test Severity Info Facility local0 Log text protocol User user name created user account action user name Standard IEC 62443 3 3 Reference SR1 3 Description The administrator created a new account Example WBM User admin created user account joachim Severity Info Facility...

Page 359: ... 3 3 Reference SR1 11 Description If there are too many failed logins the corresponding user account was locked for a specific period of time Example User admin account is locked for 10 minutes after 30 unsuccessful login attempts Severity Warning Facility local0 Usage control of wireless connections connection over WLAN Log text vap Client client mac associated successfully Standard IEC 62443 3 3...

Page 360: ...dard IEC 62443 3 3 Reference SR 2 2 Description The WLAN client was not able to authenticate itself Example VAP1 1 Client 18 65 90 ab 78 f4 failed to authenticate status Invalid group ci pher Severity Warning Facility local0 Log text RADIUS ip address No response from the RADIUS server Standard IEC 62443 3 3 Reference SR 2 2 Description RADIUS server not found Example RADIUS 192 168 0 10 No respon...

Page 361: ...ty Info Facility local0 Data backup in automation system backup Log text protocol User user name saved file type ConfigPack Standard IEC 62443 3 3 Reference SR7 3 Description Backup completed Example WBM User admin saved file type ConfigPack Severity Info Facility local0 Log text protocol Saved file type ConfigPack Standard IEC 62443 3 3 Reference SR7 3 Description Backup completed Example TFTP Sa...

Page 362: ...rt required Standard IEC 62443 3 3 Reference SR7 4 Description Firmware update was successfully uploaded Example WBM User admin loaded file type Firmware V02 00 00 restart required Severity Info Facility local0 Log text protocol Failed to load file type Firmware Standard IEC 62443 3 3 Reference SR7 4 Description Error loading the firmware update Example WBM Failed to load file type Firmware Severi...

Page 363: ... Description The configuration is applied Example WBM User admin loaded file type Config restart required Severity Info Facility local0 Log text protocol User user name loaded file type ConfigPack restart required Standard IEC 62443 3 3 Reference SR7 4 Description The configuration is applied Example WBM User admin loaded file type ConfigPack restart required Severity Info Facility local0 Appendix...

Page 364: ...Appendix E E 3 Syslog messages SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 364 Configuration Manual 11 2019 C79000 G8976 C485 03 ...

Page 365: ...141 280 Default routes IPv6 routes 292 DHCP Client 174 DNS Client 147 DNS domain 148 DST Daylight saving time 192 193 E Error status 98 Ethernet statistics Interface statistics 103 EtherNet IP 209 Event Log table 95 Event log table 95 F Factory defaults 337 Factory setting 337 Fault monitoring Connection status change 206 Forward Delay 271 Fragments 106 G Geographic coordinates 144 Glossary 12 Gro...

Page 366: ...ation log 97 Logging in via HTTP 59 via HTTPS 59 Logout Automatic 202 M Maintenance data 91 MSTP 276 Port 272 Port parameters 278 MSTP instance 278 279 Multichannel configuration 16 Multiple Spanning Tree 272 276 N Negotiation 220 NTP Client 199 O Oversize 106 Overview Access point 118 Associated stations 123 Available access points 124 Clients 120 Overlap APs 128 Overlapping channels 128 WDS part...

Page 367: ... 84 STEP 7 280 Subnets Configuration IPv4 286 Syslog 203 Client 141 System Configuration 140 General information 143 System event log Agent 203 System events Configuration 166 Severity filter 169 T Telnet Server 140 TFTP Load save 158 Time 141 Time of day Manual setting 190 SIMATIC Time Client 201 SNTP Simple Network Time Protocol 196 System time 190 Time zone 198 Time of day synchronization 196 U...

Page 368: ...Index SCALANCE W1780 W1740 according to IEEE 802 11ac Web Based Management 368 Configuration Manual 11 2019 C79000 G8976 C485 03 ...