SCALANCE W700 according to IEEE 802.11ax Web Based Management
File info: application/pdf · 324 pages · 4.42MB
SCALANCE W700 according to IEEE 802.11ax Web Based Management
C79000-G8976-C618-01; 04/2021
"C79000-G8976-C618-01;, 04/2021"
IEEE 802.11ax Web Based Management Configuration Manual 04/2021 C79000-G8976-C618-01 Introduction 1 Description 2 Security recommendations 3 Technical basics 4 IP addresses 5 Configuring with Web Based Management 6 Upke…
SCALANCE W700 according to IEEE 802.11ax Web Based ...
2021-04-06 — Operating Instructions SCALANCE WxM766-1. This document contains information ... iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).siemen s(4329).
Full PDF Document
If the inline viewer fails, it will open the original document in compatibility mode automatically. You can also open the file directly.
Extracted Text
SIMATIC NET
Industrial Wireless LAN SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual
Introduction
1
Description
2
Security recommendations
3
Technical basics
4
IP addresses
5
Configuring with Web Based Management
6
Upkeep and maintenance
7
TOproubleshooting/FAQ
8
A Appendix A "Supported MIB
Modules"
Appendix B "Private MIBs"
B
Appendix C "Underlying Standards"
C
D Appendix D "Log Messages"
Appendix E "Syslog Messages"
E
Appendix F (Supported Security Mechanisms)
F
04/2021
C79000-G8976-C618-01
Legal information
Warning notice system This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.
DANGER indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION indicates that minor personal injury can result if proper precautions are not taken.
NOTICE indicates that property damage can result if proper precautions are not taken. If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.
Qualified Personnel The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.
Proper use of Siemens products Note the following:
WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks All names identified by � are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.
Siemens AG Digital Industries Postfach 48 48 90026 N�RNBERG GERMANY
C79000-G8976-C618-01 04/2021 Subject to change
Copyright � Siemens AG 2021. All rights reserved
Table of contents
1 Introduction ........................................................................................................................................... 9
2 Description .......................................................................................................................................... 15
2.1
Network structures ............................................................................................................ 16
2.2
Possible applications .......................................................................................................... 19
2.3
Product characteristics ....................................................................................................... 20
2.4
Requirements for installation and operation ....................................................................... 22
2.5
Configuration License PLUG (CLP) ...................................................................................... 23
2.6
PRESET PLUG...................................................................................................................... 25
2.7
Power over Ethernet (PoE) ................................................................................................. 26
2.8
Digital input / output.......................................................................................................... 27
3 Security recommendations.................................................................................................................. 29
4 Technical basics ................................................................................................................................... 35
4.1
Configuration limits ........................................................................................................... 35
4.2
Interfaces and system functions ......................................................................................... 36
4.3
PROFINET........................................................................................................................... 38
4.4
VLAN ................................................................................................................................. 39
4.5
SNMP ................................................................................................................................ 40
4.6 4.6.1
Spanning Tree ................................................................................................................... 43 RSTP, MSTP, CIST................................................................................................................ 44
4.7
User management ............................................................................................................. 45
4.8 4.8.1
iFeatures ........................................................................................................................... 47 iPRP ................................................................................................................................... 47
5 IP addresses ......................................................................................................................................... 51
5.1
IPv4 / IPv6 .......................................................................................................................... 51
5.2 5.2.1 5.2.2 5.2.3 5.2.4 5.2.5
IPv4 address ...................................................................................................................... 53 Structure of an IPv4 address ............................................................................................... 53 Initial assignment of an IPv4 address .................................................................................. 55 Address assignment via DHCPv4......................................................................................... 55 Address assignment with SINEC PNI ................................................................................... 56 Address assignment with STEP 7 ........................................................................................ 57
5.3 5.3.1 5.3.2
IPv6 address ...................................................................................................................... 58 IPv6 terms ......................................................................................................................... 58 Structure of an IPv6 address ............................................................................................... 59
6 Configuring with Web Based Management ........................................................................................ 61
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
3
Table of contents
6.1
6.2
6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.4.1 6.3.4.2 6.3.5 6.3.5.1 6.3.5.2 6.3.6 6.3.7 6.3.8 6.3.8.1 6.3.8.2 6.3.8.3 6.3.8.4 6.3.9 6.3.10 6.3.11 6.3.12 6.3.13 6.3.14 6.3.14.1 6.3.14.2 6.3.14.3 6.3.14.4 6.3.15 6.3.15.1 6.3.15.2 6.3.15.3 6.3.15.4 6.3.15.5 6.3.15.6 6.3.16 6.3.16.1
6.4 6.4.1 6.4.2 6.4.2.1 6.4.2.2 6.4.3 6.4.4 6.4.4.1 6.4.4.2 6.4.5 6.4.6 6.4.7 6.4.7.1
Web Based Management ................................................................................................... 61
Login................................................................................................................................. 63
"Information" menu .......................................................................................................... 67 Start page ......................................................................................................................... 67 Versions ............................................................................................................................ 73 I&M .................................................................................................................................. 75 ARP / neighbors.................................................................................................................. 76 ARP-Tabelle........................................................................................................................ 76 IPv6 Neighbor Table........................................................................................................... 77 Log Tables ......................................................................................................................... 78 Event Log .......................................................................................................................... 78 WLAN authentication log ................................................................................................... 80 Faults ................................................................................................................................ 82 Redundancy....................................................................................................................... 83 Ethernet Statistics .............................................................................................................. 87 Interface Statistics ............................................................................................................. 87 Packet Size......................................................................................................................... 88 Packet Type ....................................................................................................................... 89 Packet Error ....................................................................................................................... 90 Learning Table................................................................................................................... 91 LLDP .................................................................................................................................. 92 IPv4 Routing ...................................................................................................................... 94 IPv6-Routing ...................................................................................................................... 95 SNMP ................................................................................................................................ 96 Security ............................................................................................................................. 97 Overview........................................................................................................................... 97 Supported Function Rights ................................................................................................. 99 Roles ............................................................................................................................... 100 Groups ............................................................................................................................ 101 WLAN ............................................................................................................................. 102 Overview AP .................................................................................................................... 102 Overview Client .............................................................................................................. 104 Available APs ................................................................................................................... 106 IP Mapping Table ............................................................................................................. 108 Overlap AP....................................................................................................................... 110 Client List ........................................................................................................................ 112 WLAN iFeatures .............................................................................................................. 114 iPRP ................................................................................................................................ 114
"System" menu ................................................................................................................ 116 Configuration .................................................................................................................. 116 General ........................................................................................................................... 122 Device ............................................................................................................................. 122 Coordinates ..................................................................................................................... 123 Agent IPv4 / IPv6.............................................................................................................. 124 DNS................................................................................................................................. 125 DNS Client ....................................................................................................................... 125 DNS Domain .................................................................................................................... 127 Restart............................................................................................................................. 128 Commit Control ............................................................................................................... 130 Load & Save..................................................................................................................... 131 File list............................................................................................................................. 131
SCALANCE W700 according to IEEE 802.11ax Web Based Management
4
Configuration Manual, 04/2021, C79000-G8976-C618-01
Table of contents
6.4.7.2 6.4.7.3 6.4.7.4 6.4.7.5 6.4.8 6.4.8.1 6.4.8.2 6.4.9 6.4.9.1 6.4.9.2 6.4.10 6.4.10.1 6.4.11 6.4.11.1 6.4.11.2 6.4.11.3 6.4.11.4 6.4.11.5 6.4.11.6 6.4.12 6.4.12.1 6.4.12.2 6.4.12.3 6.4.12.4 6.4.12.5 6.4.12.6 6.4.13 6.4.14 6.4.15 6.4.15.1 6.4.15.2 6.4.16 6.4.17 6.4.17.1 6.4.17.2 6.4.18 6.4.19
6.5 6.5.1 6.5.1.1 6.5.1.2 6.5.2 6.5.2.1 6.5.2.2 6.5.2.3 6.5.2.4 6.5.2.5 6.5.2.6
6.6 6.6.1 6.6.1.1
HTTP................................................................................................................................ 134 TFTP ................................................................................................................................ 137 SFTP ................................................................................................................................ 140 Passwords........................................................................................................................ 144 Events ............................................................................................................................. 145 Configuration .................................................................................................................. 145 Severity Filters ................................................................................................................. 148 SMTP client...................................................................................................................... 150 General............................................................................................................................ 150 Recipient ......................................................................................................................... 152 DHCPv4 ........................................................................................................................... 154 DHCP Client ..................................................................................................................... 154 SNMP .............................................................................................................................. 156 General............................................................................................................................ 156 SNMPv3 Users.................................................................................................................. 158 SNMPv3 User to Group mapping ...................................................................................... 160 SNMPv3 Access................................................................................................................ 161 SNMPv3 Views ................................................................................................................. 163 Notifications .................................................................................................................... 165 System Time .................................................................................................................... 168 Manual Setting ................................................................................................................ 168 DST Overview .................................................................................................................. 170 DST Configuration............................................................................................................ 172 SNTP Client ...................................................................................................................... 176 NTP Client........................................................................................................................ 179 SIMATIC Time Client......................................................................................................... 181 Auto Logout .................................................................................................................... 183 Syslog Client .................................................................................................................... 184 Fault Monitoring .............................................................................................................. 186 Power Supply................................................................................................................... 186 Link Change..................................................................................................................... 187 PROFINET......................................................................................................................... 189 PLUG ............................................................................................................................... 190 Configuration .................................................................................................................. 190 License ............................................................................................................................ 193 Ping................................................................................................................................. 195 DCP Discovery.................................................................................................................. 196
"Interfaces" menu ............................................................................................................ 199 Ethernet ......................................................................................................................... 199 Overview ........................................................................................................................ 199 Configuration .................................................................................................................. 200 WLAN ............................................................................................................................. 203 Basic ............................................................................................................................... 203 Antennas&Power ............................................................................................................ 207 Advanced ........................................................................................................................ 211 Allowed Channels ........................................................................................................... 213 AP ................................................................................................................................... 215 Client .............................................................................................................................. 218
"Layer 2" menu ................................................................................................................ 221 VLAN ............................................................................................................................... 221 General............................................................................................................................ 221
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
5
Table of contents
6.6.1.2 6.6.2 6.6.3 6.6.3.1 6.6.3.2 6.6.3.3 6.6.3.4 6.6.3.5 6.6.4 6.6.5
Port Based VLAN .............................................................................................................. 225 Dynamic MAC Aging ........................................................................................................ 228 Spanning Tree ................................................................................................................ 229 General ........................................................................................................................... 229 CIST General ................................................................................................................... 230 CIST Port ......................................................................................................................... 232 MST General .................................................................................................................... 236 MST Port ......................................................................................................................... 238 DCP Forwarding ............................................................................................................... 240 LLDP ................................................................................................................................ 241
6.7 6.7.1 6.7.1.1 6.7.1.2 6.7.2
Menu "Layer 3 (IPv4)"....................................................................................................... 243 Subnets ........................................................................................................................... 243 Overview......................................................................................................................... 243 Configuration .................................................................................................................. 245 Static Routes.................................................................................................................... 247
6.8 6.8.1 6.8.2
Menu "Layer 3 (IPv6)"....................................................................................................... 249 Subnets ........................................................................................................................... 249 Static Routes.................................................................................................................... 252
6.9 6.9.1 6.9.1.1 6.9.1.2 6.9.1.3 6.9.2 6.9.3 6.9.3.1 6.9.3.2 6.9.4 6.9.4.1 6.9.4.2 6.9.4.3 6.9.4.4
"Security" menu ............................................................................................................... 254 Users ............................................................................................................................... 254 Local Users ...................................................................................................................... 254 Roles ............................................................................................................................... 257 Groups ............................................................................................................................ 259 Passwords ....................................................................................................................... 261 AAA................................................................................................................................. 263 General ........................................................................................................................... 263 RADIUS-Client .................................................................................................................. 264 WLAN ............................................................................................................................. 268 Basic (Access Point) ......................................................................................................... 268 Basic (Client) ................................................................................................................... 271 AP RADIUS Authenticator ................................................................................................ 274 Client RADIUS Supplicant ................................................................................................. 277
6.10 6.10.1
"iFeatures" menu ............................................................................................................. 279 iPRP ................................................................................................................................. 279
7 Upkeep and maintenance ................................................................................................................. 283
7.1
Firmware update - via WBM ............................................................................................. 283
7.2
Embedding firmware in ConfigPack.................................................................................. 285
7.3
Device configuration with PRESET-PLUG ........................................................................... 287
7.4
Restoring the factory settings........................................................................................... 289
8 Troubleshooting/FAQ......................................................................................................................... 291
8.1
Firmware update via WBM or CLI not possible................................................................... 291
8.2
Disrupted data transmission due to the received
power being too high ...................................................................................................... 293
8.3
Instructions for secure network design ............................................................................. 294
A Appendix A "Supported MIB Modules" .............................................................................................. 295
SCALANCE W700 according to IEEE 802.11ax Web Based Management
6
Configuration Manual, 04/2021, C79000-G8976-C618-01
Table of contents
A.1
Supported MIB files .......................................................................................................... 295
B Appendix B "Private MIBs".................................................................................................................. 297
B.1
Private MIB variables ........................................................................................................ 297
C Appendix C "Underlying Standards" .................................................................................................. 299
C.1
Underlying standards ....................................................................................................... 299
D Appendix D "Log Messages"............................................................................................................... 301
D.1
Messages in the event log ................................................................................................ 301
D.2
Messages in the WLAN Authentication Log ....................................................................... 306
E Appendix E "Syslog Messages" .......................................................................................................... 307
E.1
Format of the syslog messages......................................................................................... 307
E.2
Parameters in Syslog messages ........................................................................................ 308
E.3
Syslog messages .............................................................................................................. 310
F Appendix F (Supported Security Mechanisms) ................................................................................. 317
F.1
WLAN security mechanisms.............................................................................................. 317
F.2
Security mechanisms supported for RADIUS authentication. ............................................. 318
Index .................................................................................................................................................. 321
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
7
Table of contents
SCALANCE W700 according to IEEE 802.11ax Web Based Management
8
Configuration Manual, 04/2021, C79000-G8976-C618-01
1
Introduction
1
Validity of the configuration manual These operating instructions cover the following products:
Access points SCALANCE WAM 766-1 M12 SCALANCE WAM 766-1 M12 EEC Client SCALANCE WUM 766-1 M12
Article number
6GK5766-1GE00-7DA0 6GK5766-1GE00-7TA0
6GK5766-1GE00-3DA0
These operating instructions apply to the following software version:
� SCALANCE WxM 700 with firmware version 1.0
Purpose of the Configuration Manual
This Configuration Manual is intended to provide you with the information you require to install, commission and operate devices correctly. It explains how to configure the devices and how to integrate them in a WLAN network.
How you install and connect up the device correctly is described in the operating instructions of the device.
Orientation in the documentation
Apart from the Configuration Manual you are currently reading, the following documentation is also available from SIMATIC NET on the topic of Industrial Wireless LANs:
� Configuration Manual: SCALANCE W700 ax Web Based Management
This document is intended to provide you with the information you require to commission and configure SCALANCE W700 devices using Web Based Management. It explains how to configure the SCALANCE W700 devices and how to integrate SCALANCE W700 devices into a WLAN network.
� Performance data 802.11ax
This document contains information about the frequency, modulation, transmit power and receiver sensitivity of the wireless card.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
9
Introduction
� Operating Instructions SCALANCE WAM 766-1
This document contains information on installing, connecting, maintaining and servicing the following products:
� SCALANCE WAM 766-1 M12
� SCALANCE WAM 766-1 M12 EEC
� SCALANCE WUM 766-1 M12
� System Manual Structure of an Industrial Wireless LAN
Apart from the description of the physical basics and a presentation of the main IEEE standards, this also contains information on data security and a description of the industrial applications of wireless LAN. You should read this manual if you want to set up WLAN networks with a more complex structure (not simply a connection between two devices).
� System manual RCoax
This system manual contains both an explanation of the fundamental technical aspects as well as a description of the individual RCoax components and their functionality. Installation/commissioning and connection of RCoax components and their operating principle are explained. The possible applications of the various SIMATIC NET components are described.
� System manual - Passive Network Components IWLAN
This system manual explains the entire IWLAN cabling that you require for your IWLAN application. For a flexible combination and installation of the individual IWLAN components both indoors and outdoors, a wide ranging selection of compatible coaxial accessories are available. The system manual also covers connecting cables as well as a variety of plug-in connectors, lightning protectors, a power splitter and an attenuator.
Terms used
The designation . . . IPv4 address IPv6 address IP address IPv4 interface IPv6 interface
IP interface
stands for . . .
IPv4 address IPv6 address
IPv4/IPv6 address Interface that supports IPv4.
Interface that supports IPv6. The interface can have more than one IPv6 address The IPv6 addresses have different ranges (scope), e.g. link local Interface that supports both IPv4 and IPv6. As default the IPv4 support is already activated. The IPv6 support needs to be activated extra.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
10
Configuration Manual, 04/2021, C79000-G8976-C618-01
Introduction
SIMATIC NET manuals You will find SIMATIC NET manuals on the Internet pages of Siemens Industry Online Support: � Using the search function: Siemens Industry Online Support (https://support.industry.siemens.com/cs/ww/en/) Enter the entry ID of the relevant manual as the search item. � In the navigation panel on the left-hand side in the area "Industrial Communication": Industrial communication (https://support.industry.siemens.com/cs/ww/en/ps/15247/man) Go to the required product group and make the following settings: tab "Entry list", Entry type "Manuals"
Further documentation The "SIMATIC NET Industrial Ethernet Network Manual" contains information on other SIMATIC NET products that you can operate along with the devices of this product line in an Industrial Ethernet network. There, you will find among other things optical performance data of the communications partners that you require for the installation. The "SIMATIC NET Industrial Ethernet Network Manual" can be found on the Internet pages of Siemens Industry Online Support under the following entry ID: 27069465 (https://support.industry.siemens.com/cs/ww/en/view/27069465)
Security information Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks. In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement � and continuously maintain � a holistic, state-of-the-art industrial security concept. Siemens' products and solutions constitute one element of such a concept. Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks. Such systems, machines and components should only be connected to an enterprise network or the internet if and to the extent such a connection is necessary and only when appropriate security measures (e.g. firewalls and/or network segmentation) are in place. For additional information on industrial security measures that may be implemented, please visit https://www.siemens.com/industrialsecurity (https://www.siemens.com/industrialsecurity). Siemens' products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer's exposure to cyber threats. To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under https://www.siemens.com/industrialsecurity (https://www.siemens.com/industrialsecurity).
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
11
Introduction
Decommissioning Shut down the device properly to prevent unauthorized persons from accessing confidential data in the device memory. To do this, restore the factory settings on the device. Also restore the factory settings on the storage medium.
Recycling and disposal
The products are low in pollutants, can be recycled and meet the requirements of the WEEE directive 2012/19/EU for the disposal of electrical and electronic equipment.
Do not dispose of the products at public disposal sites.
For environmentally friendly recycling and the disposal of your old device contact a certified disposal company for electronic scrap or your Siemens contact (Product return (https://support.industry.siemens.com/cs/ww/en/view/109479891)).
Note the different national regulations.
Device defective
If a fault develops, send the device to your SIEMENS representative for repair. Repairs on-site are not possible.
Trademarks
The following and possibly other names not identified by the registered trademark sign � are registered trademarks of Siemens AG:
SIMATIC NET, SCALANCE, RCoax
Firmware
The firmware is signed and encrypted. This ensures that only firmware created by Siemens can be downloaded to the device.
The firmware is available on the Internet pages of the Siemens Industry Online Support (https://support.industry.siemens.com/cs/ww/en/ps/28575/dl):
SCALANCE W700 according to IEEE 802.11ax Web Based Management
12
Configuration Manual, 04/2021, C79000-G8976-C618-01
Introduction
SIMATIC NET glossary Explanations of many of the specialist terms used in this documentation can be found in the SIMATIC NET glossary. You will find the SIMATIC NET glossary here: � SIMATIC NET Manual Collection or product DVD The DVD ships with certain SIMATIC NET products. � On the Internet under the following address: 50305045 (https://support.industry.siemens.com/cs/ww/en/view/50305045)
License conditions
Note Open source software Read the license conditions for open source software carefully before using the product.
You will find license conditions in the following documents on the supplied data medium: � OSS_Scalance-W700ax_86.pdf
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
13
2
Description
2
Note Interruption of the WLAN communication
The WLAN communication can be influenced by high frequency interference signals and can be totally interrupted.
Remember this and take suitable action.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
15
Description 2.1 Network structures
2.1
Network structures
The following article deals with the setup of various network structures using access points.
Standalone configuration with access point
This configuration does not require a server and the access point does not have a connection to a wired Ethernet. Within its transmission range, the access point forwards data from one WLAN node to another.
The wireless network has a unique name. All SCALANCE W devices exchanging data within this network must be configured with this name.
The gray area in the graphic symbolizes the wireless range of the access point.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
16
Configuration Manual, 04/2021, C79000-G8976-C618-01
Description 2.1 Network structures
Wireless access to a wired Ethernet network If one (or more) access points have access to wired Ethernet, the following applications are possible: � A single device as gateway: A wireless network can be connected to a wired network via an access point. � Span of wireless coverage for the wireless network with several access points: The access points are all configured with the same unique SSID (network name). All nodes that want to communicate over this network must also be configured with this SSID. If a mobile station moves from the area covered by one access point to the area covered by another access point, the wireless link is maintained (roaming). The following graphic shows the wireless connection of a mobile station over two wireless cells (roaming).
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
17
Description 2.1 Network structures
Multichannel configuration
If neighboring access points use the same frequency channel, this can lead to longer response times due to any collisions that may occur. If the configuration shown in the figure is implemented as a single-channel system, computers A and B cannot communicate at the same time with the access points in their wireless cells.
If neighboring access points are set up for different frequencies, this leads to a considerable improvement in performance. As a result, neighboring wireless cells each have their own medium available and the delays resulting from time-offset transmission no longer occur.
The channel spacing should be as large as possible; a practical value is 25 MHz. Even in a multichannel configuration, all access points can be configured with the same network name.
The following graphic shows a multichannel configuration on channels 1 and 2 with four access points.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
18
Configuration Manual, 04/2021, C79000-G8976-C618-01
Description 2.2 Possible applications
2.2
Possible applications
Note The SIMATIC NET WLAN products use OpenSSL. This is open source code with license conditions (BSD). Please refer to the current license conditions. Since the driver includes encryption software, you should also adhere to the appropriate regulations for your specific country.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
19
Description 2.3 Product characteristics
2.3
Product characteristics
Properties of the SCALANCE W700 devices
� The Ethernet interface supports the following:
� 10 Mbps and 100 Mbps both in full and half duplex
� 1000 Mbps full duplex
� Autocrossing
� Autopolarity
� Operating the WLAN interface in the frequency bands 2.4 GHz and 5 GHz.
� IEEE 802.11ax The WLAN standard IEEE 802.11ax (Wi-Fi 6) for efficient use of the frequencies with a gross transmission speed of 1201 Mbps per radio interface.
� The WLAN interface is compatible with the standards IEEE 802.11n.
� IEEE 802.11h - Supplement to IEEE 802.11a In the 802.11h mode, the methods "Transmit Power Control (TPC)" as well as "Dynamic Frequency Selection (DFS)" are used in the range 5.25 - 5.35 and 5.47 - 5.75 GHz. In some countries, this allows the frequency subband of 5.47 - 5.725 GHz to be used outdoors even with a higher transmit power. TPC is a technique for adapting the transmit power. With the DFS function, it is possible to also use the higher 5 Ghz channels. Before the access point transmits over one of these channels, it checks for competing radar signals for 60 seconds according to the CAC (Channel Availability Check). The access point also does not send any beacons for the duration of the search. With weather radar channels (5.6 - 5.65 GHz), the duration of the search is 10 minutes.
If no radar signals are detected after the search period has elapsed, the access point transmits on the channel. Otherwise, the access point changes channel and repeats the check.
The access point also searches for radar signals continuously during operation. If the access point discovers a radar signal on the current channel, it notifies the clients of the channel change. It then automatically switches to an alternative DFS channel and the current channel is blocked for 30 minutes.
� Support of the authentication standards WPA (RADIUS), WPA-PSK, WPA2 (RADIUS), WPA2PSK and IEEE 802.1X as well as the encryption methods AES and TKIP.
Note
With devices operated in WLAN mode IEEE 802.11n/ac/ax, only WPA2 (WPA2-PSK and WPA2 Radius) encryption is possible.
� Suitable for inclusion of a RADIUS server for authentication.
� Device-related and application-related monitoring of the wireless connection.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
20
Configuration Manual, 04/2021, C79000-G8976-C618-01
Description 2.3 Product characteristics
� The interoperability of the devices with Wi-Fi devices of other vendors was tested thoroughly.
� Before commissioning the SCALANCE W700, check the wireless conditions on site. If you intend to use Industrial Wireless LAN systems and WirelessHART systems in the 2.4 GHz band, you will need to plan the use of the channels. At all costs, avoid parallel use of overlapping frequency ranges. The following overlaps exist with Industrial Wireless LAN and WirelessHART:
IWLAN channel IEEE 802.11 b/g/n/ac/ax 1 6 7 11 13
WHART channel IEEE 802.15.4 11 - 16 15 - 20 16 - 21 20 - 25 21 - 25
Features of the SCALANCE W700
Device Number of WLAN ports Connections for external antennas Ethernet interface Power supply (direct) Digital input/output Degree of protection
Access point 2
2 N-Connect
Client 1
M12 Ethernet interface P1 LAN PoE, X-coded, 8-pin M12 interface, direct infeed, L-coded, 4-pin M12 interface, A-coded, 5-pin IP65
Access point SCALANCE WAM 766-1 M12 SCALANCE WAM 766-1 M12 EEC Client SCALANCE WUM 766-1 M12
Article number
6GK5766-1GE00-7DA0 6GK5766-1GE00-7TA0
6GK5766-1GE00-3DA0
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
21
Description 2.4 Requirements for installation and operation
2.4
Requirements for installation and operation
A PG/PC with network connection must be available in order to configure the SCALANCE W devices. If no DHCP server is available, a PC on which the SINEC PNI is installed is necessary for the initial assignment of an IP address to the SCALANCE W devices. For the other configuration settings, a computer with Telnet or a Web browser is necessary.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
22
Configuration Manual, 04/2021, C79000-G8976-C618-01
Description 2.5 Configuration License PLUG (CLP)
2.5
Configuration License PLUG (CLP)
The PLUG is available in the following variants:
� PLUG Configuration: The exchangeable storage medium only saves the configuration data of the device.
� PLUG License: In addition to the configuration data, the exchangeable storage medium contains a license with which special functions are enabled, e.g. iFeatures.
How it works
NOTICE
Do not remove or insert the PLUG during operation.
A PLUG may only be removed or inserted when the device is turned off.
The device checks whether a PLUG is inserted at one second intervals. If it is detected that the PLUG has been removed, the device restarts.
If a valid PLUG license was inserted in the device, the device changes to a defined error state following the restart. With SCALANCE W, the available wireless interfaces are deactivated in this case.
If the device was configured at some time with a PLUG license, the device can no longer be used without this PLUG. To be able to use the device again, reset the device to the factory settings.
Devices with CLP slot support the following operating modes:
� Without PLUG
The device saves the configuration data in the internal memory. This mode is active when no PLUG is inserted.
� With PLUG
If an empty PLUG (as supplied) is inserted in the device, the device automatically backs up the configuration data on the PLUG during startup. If the PLUG contains a license, additional functions are also enabled. Changes to the configuration are stored directly on the PLUG and in the internal memory.
The configuration stored on the PLUG is displayed over the user interfaces.
When a device starts up, it automatically adopts the configuration data of the inserted, written PLUG. The prerequisite for this is that the configuration data was written by a compatible device type.
One exception to this can be the IP configuration if it is set using DHCP and the DHCP server has not been reconfigured accordingly. Reconfiguration is necessary if you use functions based on MAC addresses.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
23
Description 2.5 Configuration License PLUG (CLP)
PLUG
Component
CLP Configuration License PLUG
Description
Article number
Exchangeable storage medium for saving configuration data
SCALANCE CLP 2GB
6GK1900-0UB00-0AA0
SCALANCE CLP EEC 2GB
6GK1900-0UQ00-0AA0
CLP iFeatures
Exchangeable storage medium for saving configuration data and enabling iFeatures
SCALANCE CLP 2GB W700 AP iFeatures
6GK5907-8UA00-0AA0
SCALANCE CLP 2GB W700 Client iFeatures
6GK5907-4UA00-0AA0
SCALANCE W700 according to IEEE 802.11ax Web Based Management
24
Configuration Manual, 04/2021, C79000-G8976-C618-01
Description 2.6 PRESET PLUG
2.6
PRESET PLUG
CLP with preset function (PRESET-PLUG) With PRESET-PLUG it is possible to install the same configuration and the firmware belonging to it on several devices.
Note Using configurations with DHCP Create a PRESET-PLUG only from device configurations that use DHCP. Otherwise disruptions will occur in network operation due to multiple identical IP addresses. You assign fixed IP addresses extra following the basic installation.
In a CLP that was configured as a PRESET-PLUG, the device configuration, user accounts, certificates and the firmware are stored.
Note Restore factory defaults and restart with a PRESET PLUG inserted If you reset a device to the factory defaults, when the device restarts an inserted PRESET PLUG is formatted and the PRESET PLUG functionality is lost. You then need to create a new PRESET PLUG. We recommend that you remove the PRESET PLUG before you reset the device to the factory settings.
For more detailed information on creating and using a PRESET PLUG refer to the section Device configuration with PRESET-PLUG (Page 287).
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
25
Description 2.7 Power over Ethernet (PoE)
2.7
Power over Ethernet (PoE)
General
"Power over Ethernet" (PoE) is a power supply strategy for network components according to IEEE with 802.3af.
With PoE, power and data transmission takes place over the used Ethernet cables that connect the individual network components. This makes an additional power cable unnecessary and reduces investment and maintenance costs. PoE can be used with all network components that require little power (max. 12.96 W).
Which Ethernet connectors of a device are capable of PoE can be found in the operating instructions of the device.
LEDs for PoE on the SCALANCE W device When the SCALANCE W device is supplied by PoE, the green "PoE" LED is lit on the device.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
26
Configuration Manual, 04/2021, C79000-G8976-C618-01
Description 2.8 Digital input / output
2.8
Digital input / output
Introduction
The devices have a digital input and output (M12, A-coded). You will find information about the pin assignment in the operating instructions of the devices.
Application example
� Digital input to signal one item of information, for example "door open", "door closed".
� Digital output, for example for "go to sleep" for devices on an automated guided transport system.
Control of the digital output Using the private MIB variable snMspsDigitalOutputLevel, you can control the digital output (DO+ /DO-).
Note You cannot configure the digital output with Web Based Management (WBM). If the digital input changes the status, an entry is made in the event protocol table.
� OID of the private MIB variable snMspsDigitalOutputLevel: iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).siemens (4329).industrialComProducts(20).iComPlatforms(1).simaticNet(1).sn Msps(1).snMspsCommon(1).snMspsDigitalIO(39).snMspsDigitalIOObjects (1).snMspsDigitalOutputTable(3).snMspsDigitalOutputEntry(1).snMsps DigitalOutputLevel(6)
� values of the MIB variable � 1: Digital output is open (DO+ /DO- are interrupted). � 2: Digital output is closed (DO+ /DO- are jumpered).
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
27
Description 2.8 Digital input / output
Digital input
Using the private MIB variable snMspsDigitalInputLevel, you can read out the status of the digital input.
Note If the digital output changes status, an entry is made in the event protocol table.
� OID of the private MIB variable snMspsDigitalInputLevel:
iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).siemens (4329).industrialComProducts(20).iComPlatforms(1).simaticNet(1).sn Msps(1).snMspsCommon(1).snMspsDigitalIO(39).snMspsDigitalIOObjects (1).snMspsDigitalInputTable(2).snMspsDigitalInputEntry(1).snMspsDi gitalInputLevel(6)
� values of the MIB variable
� 1: Signal 0 at the digital input (DI+)
� 2: Signal 1 at the digital input (DI+)
MIB file
The MIB variables can be found in the file "SN-MSPS-DIGITAL-IO-MIB" that is part of the private MIB file "snMspsWlan.mib". You will find more detailed information in "Private MIB variables of the SCALANCE W device".
SCALANCE W700 according to IEEE 802.11ax Web Based Management
28
Configuration Manual, 04/2021, C79000-G8976-C618-01
3
Security recommendations
3
To prevent unauthorized access, note the following security recommendations.
General
� You should make regular checks to make sure that the device meets these recommendations and/or other security guidelines.
� Evaluate your plant as a whole in terms of security. Use a cell protection concept with suitable products (https://www.industry.siemens.com/topics/global/en/industrialsecurity/pages/default.aspx).
� When the internal and external network are disconnected, an attacker cannot access internal data from the outside. Therefore operate the device only within a protected network area.
� For communication via non-secure networks use additional devices with VPN functionality to encrypt and authenticate the communication.
� No product liability will be accepted for operation in a non-secure infrastructure.
� Terminate management connections correctly (WBM. Telnet, SSH etc.).
WLAN
� We recommend that you ensure redundant coverage for WLAN clients.
� More information on data security and data encryption for SCALANCE W is available in SCALANCE W: Setup of a Wireless LAN in the Industrial Environment (https://support.industry.siemens.com/cs/ww/en/view/22681042)
Physical access
� Restrict physical access to the device to qualified personnel. The memory card or the PLUG (CLP) contains sensitive data such as certificates, keys etc. that can be read out and modified.
� Lock unused physical ports on the device. Unused ports can be used to access the system without authorization.
Software (security functions)
� Keep the firmware up to date. Check regularly for security updates of the product. You will find information on this on the Internet pages "Industrial Security (https://www.siemens.com/industrialsecurity)".
� Inform yourself regularly about security advisories and bulletins published by Siemens ProductCERT (https://www.siemens.com/cert/en/cert-security-advisories.htm).
� Only activate protocols that you really require to use the device.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
29
Security recommendations
� Use the security functions such as address translation with NAT (Network Address Translation) or NAPT (Network Address Port Translation) to protect receiving ports from access by third parties.
� Restrict access to the device with a firewall or rules in an access control list (ACL - Access Control List).
� If RADIUS authentication is via remote access, make sure that the communication is within the secured network area or is via a secure channel.
� The option of VLAN structuring provides good protection against DoS attacks and unauthorized access. Check whether this is practical or useful in your environment.
� Use a central logging server to log changes and access operations. Operate your logging server within the protected network area and check the logging information regularly.
� Use WPA2/ WPA2-PSK with AES to protect the WLAN. You can find additional information on this in the section ""Security" menu".
Passwords
� Define rules for the use of devices and assignment of passwords. � Regularly update passwords and keys to increase security. � Change all default passwords for users before you operate the device. � Only use passwords with a high password strength. � Make sure that all passwords are protected and inaccessible to unauthorized personnel. � A password must be changed if it is known or suspected to be known by unauthorized
persons. � Do not use the same password for different users and systems or after it has expired.
Certificates and keys
� The device contains a pre-installed certificate with key. Replace this certificate with a selfmade certificate with key. We recommend that you use a certificate signed either by a reliable external or by an internal certification authority. You can install the certificate via the WBM (System > Load and Save).
� Use the certification authority including key revocation and management to sign the certificates.
� Make sure that user-defined private keys are protected and inaccessible to unauthorized persons.
� Verify certificates and fingerprints on the server and client to prevent "man in the middle" attacks.
� It is recommended that you use password-protected certificates in the PKCS#12 format.
� It is recommended that you use certificates with a key length of at least 2048 bits.
� Change keys and certificates immediately if there is a suspicion of compromise.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
30
Configuration Manual, 04/2021, C79000-G8976-C618-01
Security recommendations
Secure/non-secure protocols and services � Avoid and disable non-secure protocols, for example Telnet and TFTP. For historical reasons, these protocols are still available, however not intended for secure applications. Use non-secure protocols on the device with caution. � Check whether use of the following protocols and services is necessary: � Non-authenticated and unencrypted ports � LLDP � Syslog � DHCP options 66/67 � TFTP � The following protocols provide secure alternatives: � SNMPv1/v2c SNMPv3 Check whether use of SNMPv1/v2c is necessary. SNMPv1/v2c is classified as nonsecure. Use the option of preventing write access. The product provides you with suitable setting options. If SNMP is enabled, change the community names. If no unrestricted access is necessary, restrict access with SNMP. Use SNMPv3 in conjunction with passwords. � HTTP HTTPS � Telnet SSH � TFTP SFTP � Use secure protocols when access to the device is not prevented by physical protection measures. � To prevent unauthorized access to the device or network, take suitable protective measures against non-secure protocols. � If you require non-secure protocols and services, operate the device only within a protected network area. � Restrict the services and protocols available to the outside to a minimum. � For the DCP function, enable the "Read Only" mode after commissioning.
List of available services The following is a list of all available services and their ports through which the device can be accessed. The table includes the following columns: � Service The services that the device supports � Protocol/port number Port number assigned to the protocol
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
31
Security recommendations
� Default port status � Configurable port/service
Indicates whether the port number or the service can be configured via WBM / CLI. � Authentication
Specifies whether the communication partner is authenticated. If optional, the authentication can be configured as required. � Encryption Specifies whether the transfer is encrypted. If optional, the encryption can be configured as required.
Service
DHCP Client IPv4 DHCP Client IPv6 DNS client
HTTP HTTPS NTP Client PROFINET
RADIUS SFTP server SMTP client SMTP (secure) SNMPv1/V2c SNMPv3 SNMP traps SNTP Client SSH Syslog Client Syslog Client TLS Telnet TFTP server
Protocol/port number
Default port status
UDP/68
Outgoing only
UDP/546 Outgoing only
TCP/53 UDP/53
Outgoing only
TCP/80
Open
TCP/443 Open
UDP/123 Outgoing only
UDP/34964 Open UDP/49154 UDP/49155
UDP/1812 Outgoing only
TCP/22
Closed
TCP/25
Closed
TCP/465 Closed
UDP/161 Open
UDP/161 Open
UDP/162 Outgoing only
UDP/123 Outgoing only
TCP/22
Open
UDP/514 Closed
TCP/6514 Closed
TCP/23
Closed
UDP/69
Closed
Configurable
Authentication Encryp-
Port
Service
tion
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
Optional
--
--
Optional
Optional
--
--
--
--
--
--
--
--
--
--
--
Layer 2
DCP LLDP RSTP iPRP
32
Default
Status Open Open Closed Closed
Configurable
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Layer 2
MSTP SIMATIC NET TIME
Security recommendations
Default Status Closed Closed
Configurable
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
33
Security recommendations
SCALANCE W700 according to IEEE 802.11ax Web Based Management
34
Configuration Manual, 04/2021, C79000-G8976-C618-01
4
Technical basics
4
4.1
Configuration limits
The following table lists the configuration limits for Web Based Management and the Command Line Interface of the device.
Depending on your device, some functions are not available.
System Interfaces
Configurable function
Syslog server
DNS server
manual (IPv4)
learned (IPv4)
in total
SMTP server
SNMPv1/v2c and v3 Trap receiver
SNMP queries
SNTP server
NTP server
Connected clients per VAP interface
Layer 2 Layer 3
Security
Virtual LANs (port-based, including VLAN 1) Multiple Spanning Tree instances IP interface
DHCP client IP addresses from RADIUS servers
User roles
User groups Users
Maximum number 3 3 2 7 3 10 50 2 1
� 255 with security "Open System"
� 128 with Security "WPA / WPA2"
24 16 2 1 subnet per IP interface 1
� AAA: 5 � WLAN: 2
32 (incl. the predefined roles) 32 30 (incl. the predefined users)
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
35
Technical basics 4.2 Interfaces and system functions
4.2
Interfaces and system functions
Availability of the interfaces
The following table shows the availability of the physical and logical interfaces. Note that in this table all interfaces are listed. Depending on the system function, some interfaces are not available. On the WBM pages you can only select the available interfaces.
We reserve the right to make technical changes.
Client WUM 766-1 M12
Wireless interface (WLAN) WLAN 1
LAN interface VAP interface
P1 LAN PoE -
VLAN
24
Access point
WAM 766-1 M12
WAM 766-1 M12 EEC WLAN 1 WLAN 2 P1 LAN PoE VAP X.Y X = 1 ... 2 Y = 1 24
Availability of the system functions The following table shows the availability of the system functions on the devices. We reserve the right to make technical changes.
Information WLAN
System Interfaces
iFeature
DHCP WLAN
Layer 3 (IPv4/IPv6)
Overview AP Client List Overlap AP Overview Client Available AP IP Mapping iPRP PROFINET DHCP Client Basic Advanced Antennas&Power Allowed Channels AP Client Subnets Static route
Access point mode
Client devices
Access points in client mode
SCALANCE W700 according to IEEE 802.11ax Web Based Management
36
Configuration Manual, 04/2021, C79000-G8976-C618-01
Security iFeature
WLAN
Basic AP RADIUS Authenticator Client RADIUS Supplicant iPRP
1) CLP 2GB W700 AP iFeatures 6GK5907-8UA00-0AA0 CLP 2GB W700 Client iFeatures 6GK5907-4UA00-0AA0
Technical basics 4.2 Interfaces and system functions
Access point mode
1)
Client devices
Access points in client mode 1)
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
37
Technical basics 4.3 PROFINET
4.3
PROFINET
PROFINET
PROFINET is an open standard (IEC 61158/61784) for industrial automation based on Industrial Ethernet. PROFINET uses existing IT standards and allows end-to-end communication from the field level to the management level as well as plant-wide engineering. PROFINET also has the following features:
� Use of TCP/IP
� Automation of applications with real-time requirements
� Real-Time (RT) communication
� Isochronous Real-Time (IRT) communication
� Seamless integration of fieldbus systems
You configure PROFINET in "System > PROFINET".
PROFINET IO
Within the framework of PROFINET, PROFINET IO is a communications concept for implementing modular, distributed applications. PROFINET IO is implemented by the PROFINET standard for programmable controllers (IEC 61158-x-10).
SCALANCE W700 according to IEEE 802.11ax Web Based Management
38
Configuration Manual, 04/2021, C79000-G8976-C618-01
Technical basics 4.4 VLAN
4.4
VLAN
Network definition regardless of the spatial location of the nodes VLAN (Virtual Local Area Network) divides a physical network into several logical networks that are shielded from each other. Here, devices are grouped together to form logical groups. Only nodes of the same VLAN can address each other. Since multicast and broadcast frames are only forwarded within the particular VLAN, they are also known as broadcast domains. The particular advantage of VLANs is the reduced network load for the nodes and network segments of other VLANs. For the identifier which frame is assigned to which VLAN, the frame is expanded by 4 bytes (VLAN tagging). Apart from the VLAN-ID this expansion also includes priority information.
Options for the VLAN assignment There are various options for the assignment to VLANs: � Port-based VLAN Each port of a device is assigned a VLAN ID. You configure port-based VLAN in "Layer 2 > VLAN (Page 221)". � Protocol-based VLAN Each port of a device is assigned a protocol group. � Subnet-based VLAN The IP address of the device is assigned a VLAN ID.
Doubly tagged frame (Q-in-Q) There are devices e.g. SCALANCE XR500 that support the Q-in-Q function. With the Q-in-Q function the incoming data traffic is treated as if it were untagged. With frames that are already tagged , this means they are expanded by a second VLAN tag, the outer VLAN tag .
When a SCALANCE W device receives a doubly tagged frame, it uses the VLAN ID from the outer VLAN tag and the priority information from the inner VLAN tag . The frame is then forwarded to the relevant VLAN.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
39
Technical basics 4.5 SNMP
4.5
SNMP
Introduction
With the aid of the Simple Network Management Protocol (SNMP), you monitor and control network components from a central station, for example routers or switches. SNMP controls the communication between the monitored devices and the monitoring station.
Tasks of SNMP:
� Monitoring of network components
� Remote control and remote parameter assignment of network components
� Error detection and error notification
In versions v1 and v2c, SNMP has no security mechanisms. Each user in the network can access data and also change parameter assignments using suitable software.
For the simple control of access rights without security aspects, community strings are used.
The community string is transferred along with the query. If the community string is correct, the SNMP agent responds and sends the requested data. If the community string is not correct, the SNMP agent discards the query. Define different community strings for read and write permissions. The community strings are transferred in plain text.
Standard values of the community strings:
� public has only read permissions
� private has read and write permissions
Note
Because the SNMP community strings are used for access protection, do not use the standard values "public" or "private". Change these values following the initial commissioning.
Further simple protection mechanisms at the device level:
� Allowed Host The IP addresses of the monitoring systems are known to the monitored system.
� Read Only If you assign "Read Only" to a monitored device, monitoring stations can only read out data but cannot modify it.
SNMP data packets are not encrypted and can easily be read by others.
The central station is also known as the management station. An SNMP agent is installed on the devices to be monitored with which the management station exchanges data.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
40
Configuration Manual, 04/2021, C79000-G8976-C618-01
SNMPv3
Technical basics 4.5 SNMP
The management station sends data packets of the following type: � GET
Request for a data record from the SNMP agent � GETNEXT
Calls up the next data record. � GETBULK (available as of SNMPv2c)
Requests multiple data records at one time, for example several rows of a table. � SET
Contains parameter assignment data for the relevant device. The SNMP agent sends data packets of the following type: � RESPONSE
The SNMP agent returns the data requested by the manager. � TRAP
If a certain event occurs, the SNMP agent itself sends traps. SNMPv1/v2c/v3 use UDP (User Datagram Protocol) and use the UDP ports 161 and 162. The data is described in a Management Information Base (MIB).
Compared with the previous versions SNMPv1 and SNMPv2c, SNMPv3 introduces an extensive security concept. SNMPv3 supports: � Fully encrypted user authentication � Encryption of the entire data traffic � Access control of the MIB objects at the user/group level With the introduction of SNMPv3, you can no longer transfer user configurations to other devices without taking special action, e.g. by loading a configuration file. According to the standard, the SNMPv3 protocol uses a unique SNMP engine ID as an internal identifier for an SNMP agent. This ID must be unique in the network. It is used to authenticate access data of SNMPv3 users and to encrypt it. Depending on whether you have enabled or disabled the "SNMPv3 User Migration" function, the SNMP engine ID is generated differently. Restriction when using the function Use the "SNMPv3 User Migration" function only to transfer configured SNMPv3 users to a substitute device when replacing a device. Do not use the function to transfer configured SNMPv3 users to multiple devices. If you load a configuration with created SNMPv3 users on several devices, these devices use the same SNMP engine ID. If you use these devices in the same network, your configuration contradicts the SNMP standard. Compatibility with predecessor products
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
41
Technical basics 4.5 SNMP
You can only transfer SNMPv3 users to a different device if you have created the users as migratable users. To create a migratable user the "SNMPv3 User Migration" function must be activated when you create the user.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
42
Configuration Manual, 04/2021, C79000-G8976-C618-01
Technical basics 4.6 Spanning Tree
4.6
Spanning Tree
Avoiding loops
The Spanning Tree algorithm detects redundant physical network structures and prevents the formation of loops by disabling redundant paths. It evaluates the distance and performance of a connection or bases the decisions on settings made by the user. Data is then exchanged only over the remaining connection paths.
If the preferred data path fails, the Spanning Tree algorithm then searches for the most efficient path possible with the remaining nodes.
Root bridge and bridge priority
The identification of the most efficient connection is always related to the root bridge, a network component that can be considered as a root element of a tree-like network structure. With the "Bridge Priority" parameter, you can influence the selection of the root bridge. The computer with the lowest value set for this parameter automatically becomes the root bridge. If two computers have the same priority value, the computer with the lower MAC address becomes the root bridge.
Response to changes in the network topology
If nodes are added to a network or drop out of the network, this may affect the optimum path selection for data packets. To be able to respond to such changes, the root bridge sends configuration messages (BPDUs) at regular intervals. You can set the interval between two configuration messages with the "Hello Time" parameter.
Keeping configuration information up to date
With the "Max Age" parameter, you set the maximum age of configuration information. If a bridge has information that is older than the time set in Max Age, it discards the message and initiates recalculation of the paths.
New configuration data is not used immediately by a bridge but only after the period specified in the "Forward Delay" parameter. This ensures that operation is started with the new topology only after all the bridges have the required information.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
43
Technical basics 4.6 Spanning Tree
4.6.1
RSTP, MSTP, CIST
Rapid Spanning Tree Protocol (RSTP)
One disadvantage of STP is that if there is a disruption or a device fails, the network needs to reconfigure itself: The devices start to negotiate new paths only when the interruption occurs. This can take up to 30 seconds. Fur this reason, STP was expanded to create the "Rapid Spanning Tree Protocol" (RSTP, IEEE 802.1w). This differs from STP essentially in that the devices are already collecting information about alternative routes during normal operation and do not need to gather this information after a disruption has occurred. This means that the reconfiguration time for an RSTP controlled network can be reduced to a few seconds. This is achieved by using the following functions:
� Edge ports (end node port) Edge ports are ports connected to an end device. A port that is defined as an edge port is activated immediately after connection establishment. If a spanning tree BPDU is received at an edge port, the port loses its role as edge port and it takes part in (R)STP again. If no further BPDU is received after a certain time has elapsed (3 x hello time), the port returns to the edge port status.
� Point-to-point (direct communication between two neighboring devices) By directly linking the devices, a status change (reconfiguration of the ports) can be made without any delays.
� Alternate port (substitute for the root port) A substitute for the root port is configured. If the connection to the root bridge is lost, the device can establish a connection over the alternate port without any delay due to reconfiguration.
� Reaction to events Rapid spanning tree reacts to events, for example an aborted connection, without delay. There is no waiting for timers as in spanning tree.
� Counter for the maximum bridge hops The number of bridge hops a package is allowed to make before it automatically becomes invalid.
In principle, therefore with rapid spanning tree, alternatives for many parameters are preconfigured and certain properties of the network structure taken into account to reduce the reconfiguration time.
Multiple Spanning Tree Protocol (MSTP)
The Multiple Spanning Tree Protocol (MSTP) is a further development of the Rapid Spanning Tree Protocol. Among other things, it provides the option of operating several RSTP instances within different VLANs or VLAN groups and, for example, making paths available within the individual VLANs that the single Rapid Spanning Tree Protocol would globally block.
Common and Internal Spanning Tree (CIST)
CIST identifies the internal instance used by the switch that is comparable in principle with an internal RSTP instance.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
44
Configuration Manual, 04/2021, C79000-G8976-C618-01
Technical basics 4.7 User management
4.7
User management
Overview of user management
Access to the device is managed by configurable user settings. Set up users with a password for authentication. Assign a role with suitable rights to the users.
The authentication of users can either be performed locally by the device or by an external RADIUS server. You configure how the authentication is handled on the "Security > AAA > General" page.
Local logon
The local logging on of users by the device runs as follows: 1. The user logs on with user name and password on the device. 2. The device checks whether an entry exists for the user.
If an entry exists, the user is logged in with the rights of the associated role. If no corresponding entry exists, the user is denied access.
Login via an external RADIUS server RADIUS (Remote Authentication Dial-In User Service) is a protocol for authenticating and authorizing users by servers on which user data can be stored centrally. Depending on the RADIUS authorization mode you have selected on the "Security > AAA > RADIUS Client" page, the device evaluates different information of the RADIUS server.
RADIUS authorization mode "Standard" If you have set the authorization mode "conventional", the authentication of users via a RADIUS server runs as follows: 1. The user logs on with user name and password on the device. 2. The device sends an authentication request with the login data to the RADIUS server. 3. The RADIUS server runs a check and signals the result back to the device.
� The RADIUS server reports a successful authentication and returns the value "Administrative User" to the device for the attribute "Service Type". The user is logged in with administrator rights.
� The RADIUS server reports a successful authentication and returns a different or even no value to the device for the attribute "Service Type". The user is logged in with read rights.
� The RADIUS server reports a failed authentication to the device: The user is denied access.
RADIUS authorization mode "SiemensVSA" Requirement
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
45
Technical basics 4.7 User management
For the RADIUS authorization mode "Siemens VSA" the following needs to be set on the RADIUS server: � Manufacturer code: 4196 � Attribute number: 1 � Attribute format: Character string (group name) Procedure If you have set the authorization mode "SiemensVSA", the authentication of users via a RADIUS server runs as follows: 1. The user logs on with user name and password on the device. 2. The device sends an authentication request with the login data to the RADIUS server. 3. The RADIUS server runs a check and signals the result back to the device.
Case A: The RADIUS server reports a successful authentication and returns the group assigned to the user to the device. � The group is known on the device and the user is not entered in the table "External
User Accounts" The user is logged in with the rights of the assigned group. � The group is known on the device and the user is entered in the table "External User Accounts" The user is assigned the role with the higher rights and logged in with these rights. � The group is not known on the device and the user is entered in the table "External User Accounts" The user is logged in with the rights of the role linked to the user account. � The group is not known on the device and the user is not entered in the table "External User Accounts" The user is logged in with the rights of the role "Default". Case B: The RADIUS server reports a successful authentication but does not return a group to the device. � The user is entered in the table "External User Accounts": The user is logged in with the rights of the linked role "". � The user is not entered in the table "External User Accounts": The user is logged in with the rights of the role "Default". Case C: The RADIUS server reports a failed authentication to the device: � The user is denied access.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
46
Configuration Manual, 04/2021, C79000-G8976-C618-01
4.8
iFeatures
Technical basics 4.8 iFeatures
4.8.1
iPRP
The "Parallel Redundancy Protocol" (PRP) is a redundancy protocol for cabled networks. It is defined in Part 3 of the IEC 62439 standard.
With the "industrial Parallel Redundancy Protocol" (iPRP) the PRP technology can be used in wireless networks. This improves the availability of wireless communication.
How it works
A PRP network consists of two completely independent networks. If one network is disrupted, the frames are sent without interruption/reconfiguration via the parallel redundant network. To achieve this the Ethernet frames are sent to the recipient in duplicate via both networks. Devices capable of PRP have at least two separate Ethernet interfaces that are connected to independent networks.
With devices not capable of PRP a redundancy box (RedBox) is connected upstream. This allows access for so-called Single Attached Nodes (SAN) to PRP networks. The RedBox duplicates every Ethernet frame to be sent and adds a PRP trailer to the frame that among other things contains a sequence number. The RedBox simultaneously sends a copy of the frame to the PRP A and PRP B network. At the receiving end the duplicate frame is discarded by the RedBox. For this the RedBox requires certain transfer times designed for Ethernet networks. For this reason using PRP in WLAN networks results in duplicate and delayed frames.
With iPRP, this problem is solved and the use of PRP in WLAN with SCALANCE W devices becomes possible
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
47
Technical basics 4.8 iFeatures
The access points (AP 1, AP 2 and AP 3) and the RedBox at the AP end are connected to each other via a switch. PRP network A und B are separated from each other via VLANs.
If SAN1 sends a frame to SAN2, the frame is duplicated by the RedBox at the AP end and the two redundant frames are transferred via the switch to the access points. Via the two different wireless paths the redundant PRP frames are transferred to the RedBox at the client end. The clients are also connected to their RedBox via a switch. This forwards the first PRP frame to arrive to SAN2 and discards the second one.
With transfer paths that are not the same, iPRP reduces the number of duplicated and out-oforder packets. The application/protocol used must be able to handle the remaining duplicates and out-of-order packets.
Note
On the interfaces of the switches to the SCALANCE W devices, only the VLANs that are also set on the VAP or WLAN interfaces of the SCALANCE W devices may be configured.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
48
Configuration Manual, 04/2021, C79000-G8976-C618-01
Technical basics 4.8 iFeatures
With iPRP the redundant partners (here: AP1 and AP3 or client A and client B) communicate with each other via a switch to prevent the two redundant PRP frames from arriving at the RedBox with too great a time difference. If for example the communication between AP1 and client A is very slow, the slower frame is discarded at the receiving end. You configure iPRP in "iFeatures > iPRP". Requirement � iPRP can only be used with the CLP iFeatures. � The base bridge mode "802.1Q VLAN Bridge" is set. � The VLANs have been created. � Access point mode: The VAP interface is enabled. � Client mode: In MAC mode "Layer 2 Tunnel" is set. � Depending on the configuration the clients can communicate with every access point.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
49
Technical basics 4.8 iFeatures
SCALANCE W700 according to IEEE 802.11ax Web Based Management
50
Configuration Manual, 04/2021, C79000-G8976-C618-01
5
IP addresses
5
5.1
IPv4 / IPv6
What are the essential differences?
IP configuration
Available IP addresses Address format Loopback IP addresses of the interface
Header
Fragmentation Quality of service Types of frame
IPv4
IPv6
� DHCP server � Manual
� Stateless Address Autoconfiguration (SLAAC): Stateless autoconfiguration using NDP (Neighbor Discovery Protocol)
� Creates a link local address for every interface that does not require a router on the link.
� Checks the uniqueness of the address on the link that requires no router on the link.
� Specifies whether the global addresses are obtained via a stateless mechanism, a stateful mechanism or via both mechanisms. (Requires a router on the link.)
� Manual
� DHCPv6 (stateful)
32-bit: 4, 29 * 109 addresses Decimal: 192.168.1.1 with port: 192.168.1.1:20 127.0.0.1
4 IP addresses
128-bit: 3, 4 * 1038 addresses
Hexadecimal: 2a00:ad80::0123 with port: [2a00:ad80::0123]:20 ::1 Multiple IP addresses
� LLA: A link local address (formed automatically) fe80::/128 per interface
� ULA: Several unique local unicast addresses per interface
� GUA: Several global unicast addresses per interface
� Checksum
� Variable length
� Fragmentation in the header
� No security
Host and router Type of Service (ToS) for prioritization Broadcast, multicast, unicast
� Checking at a higher layer � Fixed size � Fragmentation in the extension header
Only endpoint of the communication The prioritization is specified in the header field "Traffic Class". Multicast, unicast, anycast
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
51
IP addresses 5.1 IPv4 / IPv6
Identification of DHCP clients/server DHCP
Resolution of IP addresses in hardware addresses
IPv4 Client ID: � MAC address � DHCP client ID � System name � PROFINET station
name � IAID and DUID via UDP with broadcast
ARP (Address Resolution Protocol)
IPv6
DUID + IAID(s) = exactly one interface of the host DUID = DHCP unique identifier Unique identifier of server and clients IAID = Identity Association Identifier At least one per interface is generated by the client and remains unchanged when the DHCP client restarts Three methods of obtaining the DUID
� DUID-LLT
� DUID-EN
� DUID-LL
via UDP with unicast RFC 3315, RFC 3363 Stateful DHCPv6 Stateful configuration in which the IPv6 address and the configuration settings are transferred. Four DHVPv6 messages are exchanged between client and server:
1. SOLICIT:
Sent by the DHCPv6 client to localize DHCPv6 servers.
2. ADVERTISE
The available DHCPv6 servers reply to this.
3. REQUEST
The DHCPv6 client requests an IPv6 address and the configuration settings from the DHCPv6 server.
4. REPLY
The DHCPv6 server sends the IPv6 address and the configuration settings. If the client and server support the function "Rapid commit" the procedure is shortened to two DHCPv6 messages SOLICIT and REPLY . Stateless DHCPv6 In stateless DHCPv6, only the configuration settings are transferred. Prefix delegation The DHCPv6 server delegates the distribution of IPv6 prefixes to the DHCPv6 client. The DHCPv6 client is also known as PD router. NDP (Neighbor Discovery Protocol)
SCALANCE W700 according to IEEE 802.11ax Web Based Management
52
Configuration Manual, 04/2021, C79000-G8976-C618-01
5.2
IPv4 address
IP addresses 5.2 IPv4 address
5.2.1
Structure of an IPv4 address
The IPv4 address consists of 4 decimal numbers separated by a dot. Each decimal number can have a value from 0 to 255. Example: 192.168.16.2 The IPv4 address is composed of: � Address of the (sub)network � The address of the node (generally also called end node, host or network node)
Subnet mask
The subnet mask consists of four decimal numbers with the range from 0 to 255, each number separated by a period; example: 255.255.0.0
The binary representation of the 4 subnet mask decimal numbers must contain a series of consecutive 1s from the left and a series of consecutive 0s from the right.
The "1" values determine the network address within the IPv4 address. The "0" values determine the device address within the IPv4 address.
Example:
Correct values
255.255.0.0 D = 1111 1111.1111 1111.0000 0000.0000 0000 B
255.255.128.0 D = 1111 1111.1111 1111.1000 0000.0000 0000 B
255.254.0.0 D = 1111 1111.1111 1110.0000 0000.0000.0000 B
Incorrect value:
255.255.1.0 D = 1111 1111.1111 1111.0000 0001.0000 0000 B
In the example for the IP address mentioned above, the subnet mask shown here has the following meaning:
The first 2 bytes of the IP address determine the subnet - i.e. 192.168. The last two bytes address the device, i.e. 16.2.
The following applies in general:
� The network address results from the AND combination of IPv4 address and subnet mask.
� The device address results from the AND-NOT combination of IPv4 address and subnet mask.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
53
IP addresses 5.2 IPv4 address
Classless Inter-Domain Routing (CIDR)
CIDR is a method that groups several IPv4 addresses into an address range by representing an IPv4 address combined with its subnet mask. To do this, a suffix is appended to the IPv4 address that specifies the number of bits of the network mask set to 1. Using the CIDR notation, routing tables can be reduced in size and the available address ranges put to better use.
Example:
IPv4 address 192.168.0.0 with subnet mask 255.255.255.0
The network part of the address covers 3 x 8 bits in binary representation; in other words 24 bits.
This results in the CIDR notation 192.168.0.0/24. The host part covers 1 x 8 bits in binary notation. This results in an address range of 2 to the power 8, in other words 256 possible addresses.
Masking additional subnets
Using the subnet mask, you can further structure a subnet assigned to one of the address classes A, B or C and form "private" subnets by setting further lower-level digits of the subnet mask to "1". For each bit set to "1", the number of "private" networks doubles and the number of nodes contained in them is halved. Externally, the network still looks like a single network.
Example:
You change the default subnet mask for a subnet of address class B (e.g. IP address 129.80.xxx.xxx) as follows:
Masks Default subnet mask
Subnet mask
Decimal 255.255.0.0
255.255.128.0
Binary
11111111.11111111.00000000 .00000000
11111111.11111111.10000000 .00000000
Result:
All devices with addresses from 129.80.1.xxx to 129.80.127.xxx are on one IP subnet, all devices with addresses from 129.80.128.xxx to 129.80.255.xxx are on another IP subnet.
Network gateway (router)
The task of the network gateways (routers) is to connect the IP subnets. If an IP datagram is to be sent to another network, it must first be sent to a router. For make this possible, you need to enter the router address for each member of the IP subnet.
The IP address of a device in the subnet and the IP address of the network gateway (router) may only be different at the points where the subnet mask is set to "0".
SCALANCE W700 according to IEEE 802.11ax Web Based Management
54
Configuration Manual, 04/2021, C79000-G8976-C618-01
IP addresses 5.2 IPv4 address
5.2.2
Initial assignment of an IPv4 address
Configuration options
An initial IP address for a SCALANCE W device cannot be assigned using Web Based Management (WBM) or the Command Line Interface (CLI) over Telnet because these configuration tools require that an IP address already exists.
The following options are available to assign an IP address to an unconfigured device currently without an IP address:
� DHCP (default)
� SINEC PNI
� STEP 7
� SINEC NMS
Note
When the product ships and following "Restore Memory Defaults and Restart", DHCP is enabled.
If a DHCP server is available in the local area network, and this responds to the DHCP request of a SCALANCE W device, the IP address, subnet mask and gateway are assigned automatically when the device first starts up. "Restore Factory Defaults and Restart" does not delete an IP address assigned either by DHCP or by the user.
5.2.3
Address assignment via DHCPv4
Properties of DHCP
DHCP (Dynamic Host Configuration Protocol) is a method for automatic assignment of IP addresses. It has the following characteristics:
� DHCP can be used both when starting up a device and during ongoing operation.
� The assigned IP address remains valid only for a limited time known as the lease time. When half the period of validity has elapsed. the DHCP client can extend the period of the assigned IPv4 address. When the entire time has elapsed, the DHCP client needs to request a new IPv4 address.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
55
IP addresses 5.2 IPv4 address
� There is normally no fixed address assignment; in other words, when a client requests an IP address again, it normally receives a different address from the previous address. It is possible to configure the DHCP server so that the DHCP client always receives the same fixed address in response to its request. The parameter with which the DHCP client is identified for the fixed address assignment is set on the DHCP client. The address can be assigned via the MAC address, the DHCP client ID, PROFINET device name or the device name. You configure the parameter in "System > DHCP Client".
� The following DHCP options are supported:
� DHCP option 3: Assignment of a router address
� DHCP option 6: Assignment of a DNS server address
� DHCP option 66: Assignment of a dynamic TFTP server name
� DHCP option 67: Assignment of a dynamic boot file name
Note
DHCP uses a mechanism with which the IP address is assigned for only a short time (lease time). If the device does not reach the DHCP server with a new request on expiry of the lease time, the assigned IP address, the subnet mask and the gateway continue to be used.
The device therefore remains accessible under the last assigned IP address even without a DHCP server. This is not the standard behavior of office devices but is necessary for problem-free operation of the plant.
5.2.4
Address assignment with SINEC PNI
Introduction
The SINEC PNI is capable of assigning such an address to unconfigured devices that do not yet have an IP address.
SINEC PNI
� To be able to assign an IP address to the device with SINEC PNI, it must be possible to reach the device via Ethernet.
� You can find SINEC PNI on the Internet pages of Siemens Industry Online Support at the following Link: (https://support.industry.siemens.com/cs/ww/en/view/109776941)
� For additional information about assigning the IP address with SINEC PNI, refer to the online help or the "SINEC PNI network management" operating instructions.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
56
Configuration Manual, 04/2021, C79000-G8976-C618-01
IP addresses 5.2 IPv4 address
5.2.5
Address assignment with STEP 7
In STEP 7, you can configure the topology, the device name and the IP address; in other words, an IP address is specified for the MAC address of the device. If you connect the unconfigured device to the controller, the controller assigns the configured device name and the IP address to the device automatically.
STEP 7 V5.x and earlier
For further information on the assignment of the IP address using STEP 7 V5.x and earlier, refer to the documentation "Configuring Hardware and Communication Connections STEP 7", in the section "Steps for Configuring a PROFINET IO System".
STEP 7 as of V13
For additional information on assigning the IP address using STEP 7 as of V13, refer to the online help "Information system", section "Addressing PROFINET devices".
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
57
IP addresses 5.3 IPv6 address
5.3
IPv6 address
5.3.1
IPv6 terms
Network node A network node is a device that is connected to one or more networks via one or more interfaces. Router A network node that forwards IPv6 packets. Host A network node that represents an end point for IPv6 communication relations. Link A link is, according to IPv6 terminology, a direct layer 3 connection within an IPv6 network. Neighbor Two network nodes are called neighbors when they are located on the same link. IPv6 interface Physical or logical interface on which IPv6 is activated. Path MTU Maximum permitted packet size on a path from a sender to a recipient. Path MTU discovery Mechanism for determining the maximum permitted packet size along the entire path from a sender to a recipient. LLA Link local address FE80::/10 As soon as IPv6 is activated on the interface, a link local address is formed automatically. Can only be reached by nodes located on the same link. ULA Unique Local Address Defined in RFC 4193. The IPv6 interface can be reached via this address in the LAN. GUA Global unicast address The IPv6 interface can be reached through this address, for example, via the Internet. Interface ID The interface ID is formed with the EUI-64 method or manually. EUI-64
SCALANCE W700 according to IEEE 802.11ax Web Based Management
58
Configuration Manual, 04/2021, C79000-G8976-C618-01
IP addresses 5.3 IPv6 address
Extended Unique Identifier (RFC 4291); process for forming the interface ID. In Ethernet, the interface ID is formed from the MAC address of the interface. Divides the MAC address into the manufacturer-specific part (OUI) and the network-specific part (NIC) and inserts FFFE between the two parts. Example: MAC address = AA:BB:CC:DD:EE:FF OUI = AA:BB:CC NIC = DD:EE:FF EUI-64 = OUI + FFFE + NIC = AA:BB:CC:FF:FE:DD:EE:FF Scope Defines the range of the IPv6 address.
5.3.2
Structure of an IPv6 address
IPv6 address format - notation IPv6 addresses consist of 8 fields each with four-character hexadecimal numbers (128 bits in total). The fields are separated by a colon. Example: fd00:0000:0000:ffff:02d1:7d01:0000:8f21 Rules / simplifications: � If one or more fields have the value 0, a shortened notation is possible. The address fd00:0000:0000:ffff:02d1:7d01:0000:8f21 can also be shortened and written as follows: fd00::ffff:02d1:7d01:0000:8f21 To ensure uniqueness, this shortened form can only be used once within the entire address. � Leading zeros within a field can be omitted. The address fd00:0000:0000:ffff:02d1:7d01:0000:8f21 can also be shortened and written as follows: fd00::ffff:2d1:7d01:0000:8f21 � Decimal notation with periods The last 2 fields or 4 bytes can be written in the normal decimal notation with periods. Example: The IPv6 address fd00::ffff.125.1.0.1 is equivalent to fd00::ffff:7d01:1
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
59
IP addresses 5.3 IPv6 address
Structure of the IPv6 address
The IPv6 protocol distinguishes between three types of address: Unicast, Anycast and Multicast. The following section describes the structure of the global unicast addresses.
IPv6 prefix
Global prefix: n bits
Assigned address range
Subnet ID
m bits
Description of the location, also subnet prefix or subnet
Suffix Interface ID 128 - n - m bits Unique assignment of the host in the network. The ID is generated from the MAC address.
The prefix for the link local address is always fe80:0000:0000:0000. The prefix is shortened and noted as follows: fe80::
IPv6 prefix
Specified in: RFC 4291 The IPv6 prefix represents the subnet identifier. Prefixes and IPv6 addresses are specified in the same way as with the CIDR notation (Classless Inter-Domain Routing) for IPv4. Design IPv6 address / prefix length Example IPv6 address: 2001:0db8:1234::1111/48 Prefix: 2001:0db8:1234::/48 Interface ID: ::1111
Entry and appearance
The entry of IPv6 addresses is possible in the notations described above. IPv6 addresses are always shown in the hexadecimal notation.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
60
Configuration Manual, 04/2021, C79000-G8976-C618-01
6
Configuring with Web Based Management
6
6.1
Web Based Management
How it works
The device has an integrated HTTP server for Web Based Management (WBM). If a device is addressed with a Web browser, it returns HTML pages to the client PC depending on the user input.
The user enters the configuration data in the HTML pages sent by the device. The device evaluates this information and generates reply pages dynamically.
The advantage of this method is that only a Web browser is required on the client.
Note Secure connection
WBM also allows you to establish a secure connection via HTTPS.
Use HTTPS for protected data transmission. If you wish to access WBM only via a secure connection, activate only the HTTPS server under "System > Configuration".
Requirements
WBM display � The device has an IP address � There is a connection between the device and the client device. With the Windows ping
command, you can check whether or not a connection exists. � Access via HTTPS is enabled. � JavaScript is activated in the Web browser.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
61
Configuring with Web Based Management 6.1 Web Based Management
� The Web browser must not be set so that it reloads the page from the server each time the page is accessed. The updating of the dynamic content of the page is ensured by other mechanisms. In the Internet Explorer, you can make the appropriate setting in the "Options > Internet Options > General" menu in the section "Browsing history" with the "Settings" button. Under "Check for newer versions of stored pages:", select "Automatically".
� If a firewall is used, the relevant ports must be opened.
� For access using HTTP: Standard port 80 or configured port
� For access using HTTPS: Standard port 443 or configured port
The display of the WBM was tested with the following desktop Web browsers:
� Microsoft Internet Explorer 11
Note Compatibility view In Microsoft Internet Explorer, disable the compatibility view to ensure correct display and to allow problem-free configuration using WBM.
� Mozilla Firefox 78 ESR � Google. Chrome V83 � Microsoft Edge V83 Display of the WBM on mobile devices For mobile devices, the following minimum requirements must be met:
Resolution 960 x 640 pixels
Operating system Android as of version 4.2.1 iOS as of version 6.0.2
Internet browser Chrome as of version 18 on Android Safari as of version 6 on iOS
� Tested with the following Internet browsers for mobile devices:
� Safari as of version 8 on iOS as of V8.1.3 (iPad Mini Model A1432)
� Chrome as of version 46 on Android as of version 5.0.2 (Nexus 7C Asus)
� Firefox as of version 35 on Android as of version 5.0.2
Note Display of the WBM and working with it on mobile devices
The display and operation of the WBM pages on mobile devices may differ compared with the same pages on desktop devices. Some pages also have an optimized display for mobile devices.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
62
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.2 Login
6.2
Login
Establishing a connection to a device
Follow the steps below to establish a connection to a device using an Internet browser:
1. There is a connection between the device and the PC. With the ping command, you can check whether or not a device can be reached.
2. In the address box of the Internet browser, enter the IP address or the URL of the device.
Access via HTTPS is enabled as default. If you access the device via HTTP, the address is automatically diverted to HTTPS.
Note Information on the security certificate
Because the device can only be administered using encrypted access, it is delivered with a self-signed certificate. If certificates with signatures that the operating system does not know are used, a security message is displayed. You can display the certificate.
A message relating to the security certificate appears. Acknowledge this message and continue loading the page.
If you use a port other than the standard port, enter a colon ":" as separator between the IP address and the port number.
Example: https://192.168.16.178:49152
You change the port in "System > Configuration".
3. If there is a connection to the device, the login page of Web Based Management (WBM) is displayed.
If you wish to access the WBM via an HTTP connection, configure "HTTP & HTTPS" for "HTTP Services" in "System > Configuration".
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
63
Configuring with Web Based Management 6.2 Login
Changing language 1. From the drop-down list at the top right, select the language version of the WBM pages. 2. Click the "Go" button to change to the selected language.
Note Available languages English and German are available as languages. Other languages will follow in a later version.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
64
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.2 Login
Logging in to WBM 1. "Name" input box: � When you log in for the first time or following a "Restore Factory Defaults and Restart", enter the user preset in the factory "admin". With this user account, you can change the settings of the device (read and write access to the configuration data). � Enter the user name of the created user account. You configure local user accounts and roles in "Security > Users". 2. "Password" input box: � When you log in for the first time or following a "Restore Factory Defaults and Restart", enter the password of the default user preset in the factory "admin": "admin".
Note The password for the "admin" user has been changed for devices with the US version. Specialist personnel for professional WLAN installations can obtain the password from Siemens support.
� Enter the password of the relevant user account. 3. Click the "Login" button or confirm your input with "Enter".
Note When you log in for the first time or following a "Restore Factory Defaults and Restart", you can rename the "admin" user preset in the factory once. Afterwards, renaming "admin" is no longer possible. Enter the new name in the corresponding text box.
When you log in for the first time or following a "Restore Factory Defaults and Restart", you are prompted to change the password. The new password must meet the password policy "High": � Password length: At least 8 characters, maximum 128 characters � At least 1 uppercase letter � At least 1 special character � At least 1 number � It must not contain the following characters: ; : ' ? � � " � � � | � � � � � � � � The characters for Space and Delete also cannot be contained. 4. You need to repeat the password as confirmation. The password entries must match. 5. Click the "Set Values" button to complete the action. The changes take immediate effect. Once you have logged in successfully, the start page appears.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
65
Configuring with Web Based Management 6.2 Login
Protection from brute force attacks To protect against brute force attacks, login to the device is denied for a user or for the IP address of a user after 11 failed login attempts.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
66
Configuration Manual, 04/2021, C79000-G8976-C618-01
6.3
"Information" menu
Configuring with Web Based Management 6.3 "Information" menu
6.3.1
Start page
View of the Start page
When you enter the IP address of the device, the start page is displayed after a successful login. You cannot configure anything on this page.
General layout of the WBM pages The following areas are generally available on every WBM page: � Selection area (1): Top area � Display area (2): Top area
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
67
Configuring with Web Based Management 6.3 "Information" menu
� Navigation area (3): Left-hand area � Content area (4): Middle area
SCALANCE W700 according to IEEE 802.11ax Web Based Management
68
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
Selection area (1)
The following is available in the selection area:
� Logo of Siemens AG
� Display of: "System Location/System Name".
� "System Location" contains the location of the device. With the settings when the device ships, the IP address of the Ethernet interface is displayed.
� "System Name" is the device name. With the settings when the device ships, the device type is displayed.
You can change the content of this display with "System > General > Device".
� Drop-down list for language selection
� System time and date
You can change the content of this display with "System > System Time".
If the system time is not set, the status is . If the system time is configured, but the system time cannot be synchronized, a yellow warning triangle can be seen. Check whether the time server can be reached. If necessary adapt your configuration. If the system time is set and/or can be synchronized, the status is .
Display area (2)
In the upper part of the display area, you can see name of the currently logged in user and the full title of the currently selected menu item.
In the lower part of the display area, you will find:
� Logout You can log out from any WBM page by clicking the "Logout" link.
� Device name Shows the name of the device.
� Mode Shows the mode: Access point.
� LED simulation Each device has one or more LEDs that provide information on the operating state of the device. Depending on its location, direct access to the device may not always be possible. Web Based Management therefore displays simulated LEDs. Unused connectors are displayed as gray LEDs. The meaning of the LED displays is described in the operating instructions.
If you click this button, you open the window for the LED simulation. You can show this window during a change of menu and move it as necessary. To close the LED simulation, click the close button in the LED simulation window.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
69
Configuring with Web Based Management 6.3 "Information" menu
� Help When you click this button, the help page of the currently selected menu item is opened in a new browser window.
On every help page, there is an input box for the search function at the top edge. In this input box, enter a term for which you need additional information and start the search by pressing Enter. A dialog box displays a list of WBM pages that contain the term searched for. The corresponding WBM page is opened in a new tab of the browser after a list element is clicked
� Printer If you click this button, a popup window opens. The popup window contains a view of the page content optimized for printers.
Note Printing larger tables
If you want to print large tables, please use the "Print preview" function of your Internet browser.
� Favorites
When the product ships, the button is disabled on all pages .
If you click this button, the symbol changes and the currently open page or currently open tab is marked as favorite. Once you have enabled the button once, the navigation area is divided into two tabs. The first tab "Menu" contains all the available menus as previously. The second tab "Favorites" contains all the pages/tabs that you selected as favorites. On the "Favorites" tab the pages/tabs are arranged according to the structure in the "Menu" tab.
If you disable all the favorites you have created, the "Favorites" tab is removed again. To do this, click the button on the relevant pages/tabs.
You can save, upload and delete the favorites configuration of a device on the "System > Load&Save" page using HTTP or TFTP.
� Update on
/ Update off
WBM pages with overview lists can also have the additional "Update" button.
With this button, you can enable or disable updating of the content area. If updating is turned on, the display is updated every 2 seconds. To disable the update, click "On". Instead of "On", "Off" is displayed. As default, updating is always disabled on the WBM page.
Navigation area (3)
In the navigation area, you have various menus available. Click the individual menus to display the submenus. The submenus contain pages on which information is available or with which you can create configurations. These pages are always displayed in the content area.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
70
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
Content area (4)
The content area shows a graphic of the device. The graphic always shows the device whose WBM you have called up.
The following is displayed below the picture of the device:
� PROFINET Name of Station Shows the PROFINET device name.
� System Name Shows the name of the device.
� Device Type Shows the type designation of the device.
� PROFINET AR Status Shows the PROFINET application relation status.
� Online There is a connection to a PROFINET controller. The PROFINET controller has downloaded its configuration data to the device. The device can send status data to the PROFINET controller. In this status, the parameters set by the PROFINET controller cannot be configured on the device.
� Offline There is no connection to a PROFINET controller.
� Power Line 1 / Power Line 2 / Power over Ethernet
Status of the power supplies 1 and 2 or power over Ethernet. The power line 2 and Power over Ethernet are only displayed if they are supported by the hardware. You will find further information on this in the operating instructions.
� PLUG Configuration
Shows the status of the configuration data on the PLUG, refer to the section "System > PLUG > PLUG Configuration".
� PLUG License
Shows the status of the license on the PLUG, refer to the section "System > PLUG > PLUG License".
� Fault Status Shows the fault status of the device.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
71
Configuring with Web Based Management 6.3 "Information" menu
Buttons you require often
The pages of the WBM contain the following standard buttons:
� Refresh the display with "Refresh" Web Based Management pages that display current parameters have a "Refresh" button at the bottom edge of the page. Click this button to request up-to-date information from the device for the current page.
Note
If you click the "Refresh" button, before you have transferred your configuration changes to the device using the "Set Values" button, your changes will be deleted and the previous configuration will be loaded from the device and displayed here.
� Save entries with "Set Values" Pages in which you can make configuration settings have a "Set Values" button at the lower edge. The button only becomes active if you change at least one value on the page. Click this button to save the configuration data you have entered on the device. Once you have saved, the button becomes inactive again.
Note
Changing configuration data is possible only with the "admin" login.
� Create entries with "Create" Pages in which you can make new entries have a "Create" button at the lower edge. Click this button to create a new entry.
� Delete entries with "Delete" Pages in which you can delete entries have a "Delete" button at the lower edge. Click this button to delete the previously selected entries from the device memory. Deleting also results in an update of the page in the WBM.
� Page down with "Next" The number of data records that can be displayed on a page is limited. Click the "Next" button to page down through the data records.
� Page back with "Prev" The number of data records that can be displayed on a page is limited. Click the "Prev" button to page back through the data records.
� Delete the display with "Clear" In pages with sequence logs, you can delete all table entries at the same time regardless of whether filters are selected. The display is cleared in this process. The restart counter is only reset after you have restored the device to the factory settings and restarted the device. Click the "Clear" button to completely delete the data set.
� Button "Show all" You can show all entries in pages with a large number of data sets. Click "Show all" to display all entries on the page. Note that displaying all messages can take some time.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
72
Configuration Manual, 04/2021, C79000-G8976-C618-01
Messages
Configuring with Web Based Management 6.3 "Information" menu
� Drop-down list for page change In pages with a large number of data records, you can navigate to the desired page. From the drop-down list, select the affected page to display it.
� "Reset Counters" button Click "Reset Counters" to reset all counters. The counters are reset by a restart.
If you have enabled the "Automatic Save" mode and you change a parameter the following message appears in the display area "Changes will be saved automatically in x seconds. Press 'Write Startup Config' to save the changes immediately."
Note Interrupting the save Saving starts only after the timer in the message has elapsed. How long saving takes depends on the device. During the save, the message "Saving configuration data in progress. Please do not switch off the device" is displayed. � Do not switch off the device immediately after the timer has elapsed.
6.3.2
Versions
Versions of hardware and software
This page shows the versions of the hardware and software of the device. You cannot configure anything on this page.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
73
Configuring with Web Based Management 6.3 "Information" menu
Description
Table 1 has the following columns:
� Hardware
� Basic Device Shows the basic device
� Name Shows the name of the device or module.
� Revision
Shows the hardware version of the device. For the wireless card, only one version is then displayed if the WLAN interface is enabled.
� Article number Shows the article number of the device or described module.
Table 2 has the following columns:
� Software
� Firmware Shows the current firmware version. If a new firmware file was downloaded and the device has not yet restarted, the firmware version of the downloaded firmware file is displayed here. After the next restart, the downloaded firmware is activated and used.
� Bootloader Shows the version of the boot software stored on the device.
� Firmware_Running Shows the firmware version currently being used on the device.
� Description Shows the short description of the software.
� Version Shows the version number of the software version.
� Date Shows the date on which the software version was created.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
74
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
6.3.3
I&M
Identification and maintenance data
This page contains information about device-specific vendor and maintenance data such as the article number, serial number, version numbers etc. You cannot configure anything on this page.
Description
The table has the following rows:
� Manufacturer ID Shows the manufacturer ID.
� Article number Shows the article number.
� Basic MAC Address Shows the MAC address of the IPv4 interface.
� Serial Number Shows the serial number.
� Hardware Revision Shows the hardware version.
� Software Revision Shows the software version.
� Revision Counter Regardless of a version change, this box always displays the value "0".
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
75
Configuring with Web Based Management 6.3 "Information" menu
� Revision Date Shows the date and time of the last revision.
� Function tag Shows the function tag (plant designation) of the device. The plant designation (HID) is created during configuration of the device with HW Config of STEP 7.
� Location tag Shows the location tag of the device. The location identifier (LID) is created during configuration of the device with HW Config of STEP 7.
� Date Shows the date created by STEP 7 during configuration of the device with HW Config.
� Descriptor Shows the description created during configuration of the device with HW Config of STEP 7.
6.3.4
ARP / neighbors
6.3.4.1
ARP-Tabelle
Assignment of MAC address and IPv4 address
With the Address Resolution Protocol (ARP), there is a unique assignment of MAC address to IPv4 address. This assignment is kept by each network node in its own separate ARP table. The WBM page shows the ARP table of the device.
Description of the displayed values
The table has the following columns:
� Interface Shows the interface via which the row entry was learnt.
� MAC Address Shows the MAC address of the destination or source device.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
76
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
� IP Address Shows the IP address of the destination device.
� Media Type Shows the type of connection.
� Dynamic The device recognized the address data automatically.
� Static
The addresses were entered as static addresses.
6.3.4.2
IPv6 Neighbor Table
Assignment of MAC address and IPv6 address
Via the IPv6 neighbor table, there is a unique assignment of MAC address to IPv6 address. This assignment is kept by each network node in its own separate neighbor table.
Description of the displayed values The table has the following columns: � Interface Displays the interface via which the row entry was learnt. � MAC Address Shows the MAC address of the destination or source device.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
77
Configuring with Web Based Management 6.3 "Information" menu
� IP Address Shows the IPv6 address of the destination device.
� Media Type Shows the type of connection. � Dynamic The device recognized the address data automatically. � Static The addresses were entered as static addresses.
6.3.5
Log Tables
6.3.5.1
Event Log
Logging events
The device allows you to log occurring events, some of which you can specify on the page of the System > Events menu. This, for example, allows you to record when an authentication attempt failed or when the connection status of a port has changed.
The content of the events log table is retained even when the device is turned off.
You cannot configure anything on this page.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
78
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
Description
� Severity Filters You can filter the entries in the table according to severity. To display all the entries, enable or disable all parameters.
Note A maximum of 2000 entries in the table are possible for each severity. If the maximum number of entries is reached for a severity, the oldest entries of this severity are overwritten in the table. The table remains permanently in the memory.
� Info Information When this parameter is enabled, all entries of the category "Info" are displayed.
� Warning Warnings When this parameter is enabled, all entries of the category "Warning" are displayed.
� Critical Critical When this parameter is enabled, all entries of the category "Critical" are displayed.
The table has the following columns: � Restart
Counts the number of restarts since you last reset to factory settings and shows the device restart after which the corresponding event occurred. � System Up Time Shows the time the device has been running since the last restart when the described event occurred. � System Time Shows the date and time when the described event occurred. � Severity Shows the severity of the message. � Log Message Displays a brief description of the event that has occurred. You will find the list of possible messages in Appendix D (Page 301) of the configuration manual. If the system time is set, the time is also displayed at which the event occurred.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
79
Configuring with Web Based Management 6.3 "Information" menu
6.3.5.2
WLAN authentication log
Logging authentication attempts This page shows a table with information on successful or failed authentication attempts.
You cannot configure anything on this page.
Description
� Severity Filters You can filter the entries in the table according to severity. To display all the entries, enable or disable all parameters.
Note A maximum of 2000 entries in the table are possible for each severity. If the maximum number of entries is reached for a severity, the oldest entries of this severity are overwritten in the table. The table remains permanently in the memory.
� Info Information When this parameter is enabled, all entries of the category "Info" are displayed.
� Warning Warnings When this parameter is enabled, all entries of the category "Warning" are displayed.
� Critical Critical When this parameter is enabled, all entries of the category "Critical" are displayed.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
80
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
The table has the following columns: � Restart
Counts the number of restarts since you last reset to factory settings and shows the device restart after which the corresponding event occurred. � System Up Time Shows the time the device has been running since the last restart when the described event occurred. � System Time Shows the date and time when the described event occurred. � Severity Shows the severity of the message. � Log Message Displays a brief description of the event that has occurred. You will find the list of possible messages in Appendix D (Page 301) of the configuration manual. If the system time is set, the time is also displayed at which the event occurred.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
81
Configuring with Web Based Management 6.3 "Information" menu
6.3.6
Faults
Error status
If a fault occurs, it is shown on this page. On the device, faults are indicated by the red fault LED lighting up.
Internal faults of the device and faults that you configure on the following pages are indicated:
� "System > Events"
� "System > Fault Monitoring"
The calculation of the time of a fault always begins after the last system start. If there are no faults present, the fault LED switches off.
Description
The page contains the following boxes: � No. of Signaled Faults
Indicates how often the fault LED lit up and not how many faults occurred. � "Reset Counters" button
The number is reset with this button. The counter is reset when there is a restart. The table contains the following columns: � Fault Time
Shows the time the device has been running since the last restart when the described fault occurred. � Fault Description Displays a brief description of the error/fault that has occurred. � Clear Fault State Some faults can be acknowledged and thus removed from the fault list, e.g. a fault of the event "Cold/Warm Start". You can acknowledge these faults or remove them from the fault list with the "Clear Fault State" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
82
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
6.3.7
Redundancy
Introduction
The page shows the current information about the Spanning Tree and the settings of the root bridge.
If Spanning Tree is turned off, only the basic information about this device is displayed.
If Spanning Tree is turned on, the information about the status of the instance selected in the "Instance ID" drop-down list is displayed and the information about the configured ports is shown in the table. The information shown depends on the Spanning Tree mode.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
83
Configuring with Web Based Management 6.3 "Information" menu
Description
The page contains the following boxes:
� Spanning Tree Mode
Shows the set mode. You specify the mode in "Layer 2 > Configuration" and in "Layer 2 > MSTP > General". The following values are possible:
� '-'
� STP
� RSTP
� MSTP
� Instance ID
Shows the number of the instance. The parameter depends on the configured mode.
� Bridge Priority / Root Priority
Which device becomes the root bridge is decided based on the bridge priority. The bridge with the highest priority (in other words, with the lowest value for this parameter) becomes the root bridge. If several devices in a network have the same priority, the device whose MAC address has the lowest numeric value will become the root bridge. Both parameters, bridge priority and MAC address together form the bridge identifier. Since the root bridge manages all path changes, it should be located as centrally as possible due to the delay of the frames. The value for the bridge priority is a whole multiple of 4096 with a range of values from 0 to 32768.
� Bridge Address / Root Address
The bridge address shows the MAC address of the device and the root address shows the MAC address of the root bridge.
� Root Cost
The path costs from this device to the root bridge.
� Bridge Status
Shows the status of the bridge, e.g. whether or not the device is the root bridge.
� Regional root priority (available only with MSTP)
For a description, see Bridge priority / Root priority
� Regional root address (available only with MSTP)
Shows the MAC address of the regional root bridge.
� Regional Root Cost (available only with MSTP)
Shows the path costs from this device to the regional root bridge.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
84
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
The table contains the following boxes:
� Port
Shows the port via which the device communicates.
� Role
Shows the status of the port. The following values are possible:
� Disabled The port was removed manually from the spanning tree and will no longer be taken into account by the spanning tree.
� Designated The ports leading away from the root bridge.
� Alternate The port with an alternative route to a network segment
� Backup If a switch has several ports to the same network segment, the "poorer" Port becomes the backup port.
� Root The port that provides the best route to the root bridge.
� Master This port points to a root bridge located outside the MST region.
� State
Displays the current state of the port. The values are only displayed. The parameter depends on the configured protocol. The following statuses are possible:
� Discarding The port receives BPDU frames. Other incoming or outgoing frames are discarded.
� Listening The port receives and sends BPDU frames. The port is involved in the spanning tree algorithm. Other outgoing and incoming frames are discarded.
� Learning The port actively learns the topology; in other words, the node addresses. Other outgoing and incoming frames are discarded.
� Forwarding Following the reconfiguration time, the port is active in the network. The port receives and sends data frames.
� Oper. Version
Describes the type of spanning tree in which the port operates
� Priority
If the path calculated by the spanning tree is possible over several ports of a device, the port with the highest priority (in other words the lowest value for this parameter) is selected. A value between 0 and 240 can be entered for the priority in steps of 16. If you enter a value that cannot be divided by 16, the value is automatically adapted. The default is 128.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
85
Configuring with Web Based Management 6.3 "Information" menu
� Path Cost This parameter is used to calculate the path that will be selected. The path with the lowest value is selected as the route. If several ports of a device have the same value, the port with the lowest port number will be selected. If the value "Cost Calc." box is "0", the automatically calculated value is shown. Otherwise, the value of the "Cost Calc." box is displayed. The calculation of the path costs is largely based on the transmission speed. The higher the achievable transmission speed is, the lower the value of the path costs. Typical values for path costs with rapid spanning tree: � 10,000 Mbps = 2,000 � 1000 Mbps = 20,000 � 100 Mbps = 200,000 � 10 Mbps = 2,000,000.
� Edge Type Shows the type of the connection. The following values are possible: � Edge Port An edge port is connected to this port. � No Edge Port There is a spanning tree or rapid spanning tree device at this port.
� P.t.P. Type Shows the type of the point-to-point link. The following values are possible: � P.t.P. With half duplex, a point-to-point link is assumed. � Shared Media With a full duplex connection, a point-to-point link is not assumed.
Note Point-to-point link means a direct connection between two devices. A shared media connection is, for example, a connection to a hub.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
86
Configuration Manual, 04/2021, C79000-G8976-C618-01
6.3.8 6.3.8.1
Configuring with Web Based Management 6.3 "Information" menu
Ethernet Statistics
Interface Statistics The page shows the statistics from the interface table of the Management Information Base (MIB).
Description
� In Octet Shows the number of received bytes.
� Out Octet Shows the number of sent bytes.
� In Unicast Shows the number of received unicast frames.
� In Non Unicast Shows the number of received frames that are not of the type unicast.
� Out Unicast Shows the number of sent unicast frames.
� Out Non Unicast Shows the number of sent frames that are not of the type unicast.
� In Errors Shows the number of all possible RX errors, refer to the "Packet Error" tab.
� "Reset Counters" button Click "Reset Counters" to reset all counters. The counters are reset by a restart.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
87
Configuring with Web Based Management 6.3 "Information" menu
6.3.8.2
Packet Size
Frames sorted by length
This page displays how many frames of which size were received at each port. You cannot configure anything on this page.
Description
� Port Shows the available ports.
� Frame lengths The other columns after the port number contain the absolute numbers of incoming frames according to their frame length. The following frame lengths are distinguished:
� 64 bytes
� 65 - 127 bytes
� 128 - 255 bytes
� 256 - 511 bytes
� 512 - 1023 bytes
� 1024 - Max.
� "Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are reset by a restart.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
88
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
6.3.8.3
Packet Type
Received frames sorted by type
This page displays how many frames of the type "Unicast", "Multicast", and "Broadcast" were received at each port. You cannot configure anything on this page.
Description
� Port Shows the available ports.
� Unicast/Multicast /Broadcast The other columns after the port number contain the absolute numbers of the incoming frames according to their frame type "Unicast", "Multicast" and "Broadcast"
� "Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are reset by a restart.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
89
Configuring with Web Based Management 6.3 "Information" menu
6.3.8.4
Packet Error
Received bad frames
This page shows how many bad frames were received per port. You cannot configure anything on this page.
Description
� Port Shows the available ports.
� Error types The other columns after the port number contain the absolute numbers of the incoming frames according to their error.
In the columns of the table, a distinction is made according to the following errors:
� CRC (Cyclic Redundancy Code) The packet length is between 64 and 2048 bytes. The CRC of the packet is invalid.
� Undersize The packet length is less than 64 bytes. The CRC of the packet is valid.
� Oversize The packet size is more than 2048 bytes. The CRC of the packet is valid.
� Fragments The packet length is less than 64 bytes. The CRC of the packet is invalid.
� Jabbers The frame length is more than 2048 bytes. The CRC of the packet is invalid.
� Collisions Frames in which a collision event was detected.
� "Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are reset by a restart.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
90
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
6.3.9
Learning Table
Address filtering
This WBM page shows the current content of the learning table. This table lists the source addresses of unicast address frames.
Description
The table contains the following columns: � VLAN ID
Shows the VLAN ID of the node.
Note This column appears in the table only if a VLAN is configured.
� MAC Address Shows the MAC address of the node.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
91
Configuring with Web Based Management 6.3 "Information" menu
� State Shows the status of each address entry:
� Learnt The specified address was learned by receiving a frame from this node and will be deleted when the aging time expires if no further packets are received from this node.
� Invalid These values are not evaluated.
� Port Shows the port via which the node with the specified address can be reached. Frames received by the device whose destination address matches this address will be forwarded to this port.
6.3.10
LLDP
Status of the neighborhood table
This page shows the current content of the neighborhood table. This table stores the information that the LLDP agent has received from connected devices.
You set the interfaces via which the LLDP agent receives or sends information in the following section: "Layer 2 > LLDP".
Description
The table contains the following columns: � System Name
System name of the connected device. � Device ID
Device ID of the connected device. The device ID corresponds to the device name assigned via PST (STEP 7). If no device name is assigned, the MAC address of the device is displayed. � Local Interface Port at which the device received the information
SCALANCE W700 according to IEEE 802.11ax Web Based Management
92
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
� Hold Time An entry remains stored on the device for the time specified here. If the IE switch does not receive any new information from the connected device during this time, the entry is deleted.
� Capability Shows the properties of the connected device: � Router � Bridge � Telephone � DOCSIS Cable Device � WLAN Access Point � Repeater � Station � Other
� Port ID Device port that is connected to the device.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
93
Configuring with Web Based Management 6.3 "Information" menu
6.3.11
IPv4 Routing
Introduction
This page shows the routes currently being used.
Description
The table has the following columns:
� Destination Network Shows the destination address of this route.
� Subnet Mask Shows the subnet mask of this route.
� Gateway Shows the gateway for this route.
� Interface Shows the interface for this route.
� Metric Shows the metric of the route. The higher value, the longer packets require to their destination.
� Routing Protocol Shows the routing protocol from which the entry in the routing table originates. The following entries are possible:
� Connected: Connected routes
� Static: Static routes
� DHCP: Routes via DHCP
SCALANCE W700 according to IEEE 802.11ax Web Based Management
94
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
6.3.12
IPv6-Routing
Introduction
This page shows the IPv6 routes currently being used.
Description
The table has the following columns: � Destination Network
Shows the destination address of this route. � Prefix Length
Shows the prefix length of this route. � Gateway
Shows the gateway for this route. � Interface
Shows the interface for this route. � Metric
Shows the metric of the route. The higher value, the longer packets require to their destination. � Routing Protocol Shows the routing protocol from which the entry in the routing table originates. The following entries are possible: � Connected: Connected routes � Static: Static routes � RIPng: Routes via RIPng � OSPFv3: Routes via OSPFv3 � Other: Other routes
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
95
Configuring with Web Based Management 6.3 "Information" menu
6.3.13
SNMP
This page displays the created SNMPv3 groups. You configure the SNMPv3 groups in "System > SNMP".
Description
The table has the following columns: � Group Name
Shows the group name. � User Name
Shows the user that is assigned to the group.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
96
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
6.3.14
Security
6.3.14.1
Overview This page shows the security settings and the local user accounts.
Description
The "Services" list shows the security settings. � Telnet Server
You configure the setting in "System > Configuration". � enabled: Unencrypted access to the CLI. � disabled: No unencrypted access to the CLI. � SSH Server You configure the setting in "System > Configuration". � enabled: Encrypted access to the CLI. � disabled: No encrypted access to the CLI.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
97
Configuring with Web Based Management 6.3 "Information" menu
� Web Server You configure the setting in "System > Configuration". � HTTP/HTTPS: Access to the WBM is possible with HTTP and HTTPS. � HTTPS: Access to the WBM is now only possible with HTTPS.
� SNMP You can configure the setting in "System > SNMP > General". � "-" (SNMP disabled) Access to device parameters via SNMP is not possible. � SNMPv1/v2c/v3 Access to device parameters is possible with SNMP versions 1, 2c or 3. � SNMPv3 Access to device parameters is possible only with SNMP version 3.
� Login Authentication You configure the setting in "Security > AAA > General". � Local Login with local user name and password. � RADIUS Login using a RADIUS server. � Local and RADIUS The login is possible both with the users that exist in the firmware (user name and password) and via a RADIUS server. The local users have priority.
Note The user is first searched for in the local database. If the user does not exist there or the password does not match, a RADIUS query is sent.
� Password Policy Shows which password policy is currently being used.
The "Local User Accounts" table has the following columns: � User Accounts
Shows the name for the user. � Role
Shows the role of the user. � admin
The user can create, edit or delete entries. � user
The user only has read rights. You configure local user accounts in "Security > Users".
SCALANCE W700 according to IEEE 802.11ax Web Based Management
98
Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
6.3.14.2
Supported Function Rights
Note The values displayed depend on the role of the logged-on user. The page shows the function rights available locally on the device.
Description of the displayed values � Function Right Shows the number of the function right. Different rights relating to the device parameters are assigned to the numbers. � Description Shows the description of the function right.
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
99
Configuring with Web Based Management 6.3 "Information" menu
6.3.14.3
Roles
Note The values displayed depend on the role of the logged-on user. The page shows the roles valid locally on the device.
Description
The table contains the following columns: � Role
Shows the name of the role. � Function Right
Shows the function right of the role: � 1
Users with this role can read device parameters but cannot change them. � 15
Users with this role can both read and change device parameters. � 0
This is a role that the device assigns internally when a user could not be authenticated. The user is denied access to the device. � Description Shows a description of the role.
100
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
6.3.14.4
Groups
Note The values displayed depend on the role of the logged-on user.
This page shows which group is linked to which role. The group is defined on a RADIUS server. The roll is defined locally on the device.
Description of the displayed values The table has the following columns: � Group Shows the name of the group. The name matches the group on the RADIUS server. � Role Shows the name of the role. Users who are authenticated with the linked group on the RADIUS server receive the rights of this role locally on the device. � Description Shows a description for the link.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
101
Configuring with Web Based Management 6.3 "Information" menu
6.3.15
WLAN
6.3.15.1
Overview AP
Note This WBM page is only available in access point mode.
Overview of the configuration This page shows the settings/properties of the access point.
Description
Table 1 has the following columns:
� Radio
Shows the available WLAN interfaces.
� WLAN Mode
Shows the transmission standard. If DFS is activated, the transmission standard "802.11h" is not shown additionally but only the configured transmission standard with the suffix "DFS".
� Configured Channel
Shows the configured channel. If "Auto" is displayed, the access point searches for a free channel itself.
� Alternative DFS Channel
If the DFS function is enabled, the configured alternative channel of the access point is displayed. If "Auto" is displayed, the access point searches for an alternative channel itself. If the DFS function is activated and the access point searches for competing radar signals for 60 seconds before starting communication with the selected channel, the text "scanning ..." is displayed instead of the channel.
102
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
� Operational channel Shows the channel including the frequency via which the access point communicates. At 80 MHz the channel range is displayed additionally.
� Channel Width [MHz] Shows the set channel bandwidth. � 20 MHz � 40 MHz (only with IEEE 802.11n/ac/ax) � 80 MHz (only with IEEE 802.11ac/ax)
� iFeatures Shows which iFeatures are used. � - iFeatures are not used. � iPRP
� State Shows the status of the WLAN interface. � enabled The WLAN interface is enabled. � disabled The WLAN interface is disabled.
Table 2 has the following columns: � Radio
Shows the available WLAN interfaces in this column. � Port
Shows the port of the virtual access point (VAP). � MAC Address
Shows the MAC address of the virtual access point. � SSID
Shows the SSID. � Security
Shows which authentication method is used. � State
Shows the status of the WLAN interface. � enabled
The WLAN interface is enabled. � disabled
The WLAN interface is disabled.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
103
Configuring with Web Based Management 6.3 "Information" menu
6.3.15.2
Overview Client
Overview of the configuration Note This page is only available for clients or access points in client mode.
The page shows an overview of the existing clients and their configuration.
Description
� Radio
Shows the available WLAN interfaces.
� WLAN Mode
Shows the transmission standard.
� MAC Mode Shows how the MAC address is assigned to the interface.
� Own
The client uses the MAC address of the Ethernet interface for the WLAN interface.
� Layer 2 Tunnel
The client uses the MAC address of the Ethernet interface for the WLAN interface. The network is also informed of the MAC addresses connected to the Ethernet interface of the client. Up to eight MAC addresses can be used.
104
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
� MAC Address Shows the MAC address of the WLAN interface.
� Operational channel Shows the channel including frequency of the access point to which the client is connected.
� Channel Width [MHz] Shows the set channel bandwidth. � 20 MHz � 40 MHz (only with IEEE 802.11n/ac/ax) � 80 MHz (only with IEEE 802.11ac/ax)
� Connected BSSID Shows the MAC address of the access point to which the client is connected.
� Connected SSID Shows the SSID of the access point to which the client is connected.
� Security Shows which authentication method is used.
� Context Shows which security context is used.
� iFeatures Shows which iFeatures are used. � iFeatures are not used. � iPRP
� Max. Data Rate [Mbps] Shows the maximum data transmission speed in megabits per second.
� State Shows the status of the WLAN interface. � enabled The WLAN interface is enabled. � disabled The WLAN interface is disabled.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
105
Configuring with Web Based Management 6.3 "Information" menu
6.3.15.3
Available APs
Available access points
Note This page is only available for clients or access points in client mode.
This page shows all the access points visible to the client. The list also includes the access points to which the client cannot connect due to its configuration.
Description
The table has the following columns: � Radio
Shows the WLAN interface visible to the access point. � Frequency Band
Shows the frequency band. � 2.4 GHz � 5 GHz � SSID Shows the SSID of the access point. � BSSID Shows the MAC address of the access point. � System Name Shows the system name of the access point. The entry depends on the access point. Not all access points support this parameter. � Channel Shows the channel on which the access point transmits or communicates. � Signal Strength [dBm] Shows the signal strength of the access point in bBm.
106
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
� Signal strength [%] Shows the signal strength of the access point as a percentage.
� Type Shows the mode of the WLAN interface.
� Security Shows which authentication method is used.
� WLAN Mode Shows the transmission standard. If DFS is activated, the transmission standard "802.11h" is not shown additionally but only the configured transmission standard, for example "802.11n".
� State Shows the status of the access point, for example whether or not the access point is available.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
107
Configuring with Web Based Management 6.3 "Information" menu
6.3.15.4
IP Mapping Table
WLAN access for several SCALANCE W devices via one client
Note This WBM page is only available for clients or access points in client mode.
You can make WLAN access available for several SCALANCE W devices with one client if you use IP mapping. This means that you do not need to equip every SCALANCE W device with its own WLAN client. The prerequisite for this is that the connected SCALANCE W devices are addressed only with IP frames. Communication at MAC address level (ISO/OSI layer 2) can � be established with one component whose MAC address is configured on the client, � be established with a maximum of eight components if the "Layer 2 Tunnel" function is
selected. The "Layer 2 Tunnel" setting meets the requirements of industrial applications in which MAC address-based communication takes place with several SCALANCE W devices downstream from the client. Clients with this setting cannot connect on standard Wifi access points. The client maintains a table with the assignment of MAC address and IP address to send incoming IP frames to the correct MAC address. This WBM page shows this table.
Note IP mapping table If "Layer 2 Tunnel" is configured for a client, the IP mapping table is not displayed.
108
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
Description
The table has the following columns
� MAC Address
The MAC address of a device located downstream from the WLAN client from the perspective of the access point.
� IP Address
The IP address managed for this device by the WLAN client.
� Type There are two options for the type:
� system The information relates to the WLAN client itself.
� learned The information relates to a device downstream from the WLAN client.
MAC mode
Frames sent by the client to the access point always have the MAC address of the WLAN client as the source MAC address. In the "learning table" of the access point there is therefore only the MAC address of the WLAN client.
If there is only IP communication between the access point and the client, the default setting "Own" can be retained. If MAC address-based frames are also to be sent by SCALANCE W700 devices downstream from the client, you need to select the "Layer 2 Tunnel" setting.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
109
Configuring with Web Based Management 6.3 "Information" menu
6.3.15.5
Overlap AP
Note This WBM page is only available in access point mode.
Overlapping channels
For optimum data throughput, it is important that the set wireless channel is not used by other access points. In the 2.4 GHz band (802.11b or 802.11g), there is overlapping of the channels so that an access point occupies not only the set channel but also the two or three adjacent channels. You should therefore make sure that there is adequate channel spacing to neighboring access points.
This WBM page shows all access points that are visible on the set or adjacent channels (at 2.4 GHz). If entries exist here, the maximum data throughput of the access point and the availability of the communication link to the access point is potentially impaired.
Description
Table 1 has the following columns: � Radio
Shows the available WLAN interfaces. � Aging Time [min]
Specify the life time of the entries in the list. If an access point is inactive for longer than the set time, it is removed from the list.
Note Changing the aging time The aging time is a WLAN setting. For this reason, if a change is made, the WLAN connection is briefly interrupted to accept the new value.
110
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
The table has the following columns: � Radio
Shows the available WLAN interfaces in this column. � Frequency Band
Shows the frequency band. � 2.4 GHz � 5 GHz � Type Shows the mode of the WLAN interface. � SSID Shows the SSID of the access point. � BSSID Shows the MAC address of the access point. � System Name Shows the system name of the SCALANCE W device. The entry depends on the access point. Not all access points support this parameter. � Channel Shows the channel over which the client communicates with the access point. � Signal Strength [dBm] Shows the signal strength of the client in bBm. � Signal strength [%] Shows the signal strength of the client as a percentage. � Age [s] Shows the time that has elapsed since the last access point activity. � Security Shows which authentication method is used. � WLAN Mode Shows the transmission standard. If DFS is activated, the transmission standard "802.11h" is not shown additionally but only the configured transmission standard with the suffix "DFS".
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
111
Configuring with Web Based Management 6.3 "Information" menu
6.3.15.6
Client List
Note This WBM page is only available in access point mode.
Associated stations
The WBM page shows the clients logged on to the access point as well as additional information, for example status, signal strength, MAC address.
Description
� Associated stations Shows the number of clients logged on to the access point.
The table has the following columns: � AID (Associated ID)
Shows the connection ID of the client. If the client connects to the access point via the VAP interface, the client is assigned a connection ID. The connection ID is unique within a VAP interface. If two clients log on at different VAP interfaces, both clients can receive the same ID. � Radio Shows the available WLAN interfaces. � Port Shows the VAP interface. � Frequency Band Shows the frequency band. � 2.4 GHz � 5 GHz � Type Shows the client type, for example "Sta" stands for IEEE 802.11 standard client.
112
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
� MAC Address Shows the MAC address of the client.
� System Name Shows the system name of the client if the client communicates this to the access point. Not all clients support this parameter.
� Channel Shows the channel over which the client communicates with the access point.
� Signal Strength [dBm] Shows the signal strength of the connected client in decibel milliwatts.
� Signal strength [%] Shows the signal strength of the connected client as a percentage.
� Age [s] Shows the time that has elapsed since the last client activity.
� Security Shows which authentication method is used.
� WLAN Mode Shows the transmission standard. If DFS is activated, the transmission standard "802.11h" is not shown additionally but only the configured transmission standard "802.11a".
� Max. Data Rate (Mbps) Shows the maximum data transmission speed in megabits per second.
� State Shows the current status of the connection, for example "connected" means that the client is connected to the access point and is ready to communicate with the AP.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
113
Configuring with Web Based Management 6.3 "Information" menu
6.3.16
WLAN iFeatures
6.3.16.1
iPRP
On this WBM page you can check whether the settings for iPRP are correct. You can, for example, see which device is the partner client.
Description
The table has the following columns: � Radio
Shows the WLAN interfaces via which the client is connected to the access point � Port (only in access point mode)
Shows the VAP interface on which the iPRP clients are logged on. � iPRP Client
Shows the MAC address of the iPRP client. � Activity status
Shows whether or not iPRP is enabled. � Partner Client
Shows the MAC address of the partner client. � Partner BSS
Shows the MAC address of the access point to which the partner client is connected. � Delete Frames Sent
Shows the number of sent iPRP delete frames that the device has sent to its partner device.
114
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.3 "Information" menu
� Delete Frames Received Shows the number of iPRP delete frames that the device has received from its partner device.
� Frames Deleted Shows the number of frames not yet sent that were deleted from the queue due to the iPRP delete frame.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
115
Configuring with Web Based Management 6.4 "System" menu
6.4
"System" menu
6.4.1
Configuration
System configuration The WBM page contains the configuration overview of the access options of the device. Specify the services that access the device. With some services, there are further configuration pages on which more detailed settings can be made. The standard port can also be changed for your own services.
Note Change standard port Some programs can only access the service over the standard port, e.g. TIA Portal accesses HTTPS over standard port 443. Before you change the port, check which port the program uses. When you change the standard port, you must access the service using the changed port.
116
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Description
The page contains the following boxes: � Telnet Server
Enable or disable the "Telnet Server" service for unencrypted access to the CLI. � Telnet port
Specify the port for Telnet access to the CLI. � SSH Server
Enable or disable the "SSH Server" service for encrypted access to the CLI. � SSH port
Specify the port for SSH access to the CLI.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
117
Configuring with Web Based Management 6.4 "System" menu
� SSH key exchange algorithm level Configure the level of SSH key exchange algorithm for SSH access to the CLI. High (default) � Curve25519-sha256 � Curve25519-sha256@libssh.org � Ecdh-sha2-nistp256 � Ecdh-sha2-nistp384 � Ecdh-sha2-nistp521 � Diffie-hellman-group16-sha512 � Diffie-hellman-group18-sha512 Low � Curve25519-sha256 � Curve25519-sha256@libssh.org � Ecdh-sha2-nistp256 � Ecdh-sha2-nistp384 � Ecdh-sha2-nistp521 � Diffie-hellman-group16-sha512 � Diffie-hellman-group18-sha512 � Diffie-hellman-group14-sha256 � Diffie-hellman-group14-sha1
� HTTP server Enable or disable HTTP access to the WBM.
� HTTP port Specify the port for HTTP access to the WBM.
� HTTPS server Enable or disable HTTPS access to the WBM.
� HTTPS port Enable or disable access using HTTPS.
118
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
� HTTP Services Specify how the WBM is accessed: � HTTPS Access to the WBM is only possible with HTTPS. � HTTP/HTTPS Access to the WBM is possible with HTTP and HTTPS. � Redirect HTTP to HTTPS Access via HTTP is automatically diverted to HTTPS.
� Minimum TLS Version Specify the minimum TLS version to be used.
� DNS Client Enable or disable the DNS client. You can configure other settings in "System > DNS".
� SMTP Client Enable or disable the SMTP client. You can configure other settings in "System > SMTP Client".
� Syslog Client Enable or disable the Syslog client. You can configure other settings in "System > Syslog Client".
� DCP Server Specify whether or not the device can be accessed with DCP (Discovery and Configuration Protocol): � "-" (disabled) DCP is disabled. Device parameters can neither be read nor modified. � Read/Write With DCP, device parameters can be both read and modified. � Read Only With DCP, device parameters can be read but cannot be modified.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
119
Configuring with Web Based Management 6.4 "System" menu
� Time
Select the setting from the drop-down list. The following settings are possible:
� Manual The system time is set manually. You can configure other settings in "System > System Time > Manual Setting".
� SIMATIC Time The system time is set using a SIMATIC time transmitter. You can configure other settings in "System > System Time > SIMATIC Time Client".
� SNTP Client The system time is set via an SNTP server. You can configure other settings in "System > System Time > SNTP Client".
� NTP Client The system time is set via an NTP server. You can configure other settings in "System > System Time > NTP Client".
� SNMP
Select the protocol from the drop-down list. The following settings are possible:
� "-" (SNMP disabled) Access to device parameters via SNMP is not possible.
� SNMPv1/v2c/v3 Access to device parameters is possible with SNMP versions 1, 2c or 3. You can configure other settings in "System > SNMP > General".
� SNMPv3 Access to device parameters is possible only with SNMP version 3. You can configure other settings in "System > SNMP > General".
� SNMPv1/v2 Read-Only
Enable or disable write access to SNMP variables with SNMPv1/v2c.
� SNMPv1 Traps
Enable or disable the sending of traps (alarm frames). You can configure other settings in "System > SNMP > Traps".
120
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.4 "System" menu
� SINEMA Configuration Interface If the SINEMA configuration interface is enabled, you can download configurations to the device via the TIA Portal.
� Configuration Mode Select the mode from the drop-down list. The following modes are possible: � Automatic Save Automatic backup mode. Approximately 1 minute after the last parameter change or when you restart the device, the configuration is automatically saved. In addition to this, the following message appears in the display area "Changes will be saved automatically in x seconds. Press 'Write Startup Config' to save immediately."
Note Interrupting the save Saving starts only after the timer in the message has elapsed. How long saving takes depends on the device. During saving, the following message is displayed: "Saving configuration data in progress. Please do not switch off the device". � Do not switch off the device immediately after the timer has elapsed.
� Trial Trial mode. In Trial mode, although changes are adopted, they are not saved in the configuration file (startup configuration). To save changes in the configuration file, use the "Write startup config" button. The "Write startup config" button is displayed when you set trial mode. In addition to this, after every parameter change, the following message is displayed in the display area as soon as there are unsaved changes: "Trial Mode Active - Press 'Write Startup Config' button to make your settings persistent". This message can be seen on every WBM page until the changes made have either been saved or the device has been restarted.
1. To use the required function, select the respective check box. 2. Select the options you require from the drop-down lists. 3. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
121
Configuring with Web Based Management 6.4 "System" menu
6.4.2
General
6.4.2.1
Device
General device information This page contains the general device information.
The boxes "Current System Time", "System Up Time" and "Device Type" cannot be changed.
Description
The page contains the following boxes:
� Current System Time Shows the current system time. The system time is either set by the user or by a time-ofday frame: either SINEC H1 time-of-day frame, NTP or SNTP. (readonly)
� System Up Time Shows the operating time of the device since the last restart. (readonly)
� Device Type Shows the type designation of the device. (readonly)
� System Name You can enter the name of the device. The entered name is displayed in the selection area. A maximum of 255 characters are possible. The system name is also displayed in the CLI input prompt. The number of characters in the CLI input prompt is limited. The system name is truncated after 16 characters.
� System Contact You can enter the name of a contact person responsible for managing the device. A maximum of 255 characters are possible.
122
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
� System Location You can enter the location where the device is installed. The entered installation location is displayed in the selection area. A maximum of 255 characters are possible.
Note The ASCII code 0x20 to 0x7e is used in the input boxes.
Procedure
1. Enter the contact person responsible for the device in the "System Contact" input box. 2. Enter the identifier for the location at which the device is installed in the "System Location"
input box. 3. Enter the name of the device in the "System Name" input box. 4. Click the "Set Values" button.
6.4.2.2
Coordinates
Information on geographic coordinates
In the "Geographic Coordinates" window, you can enter information on the geographic coordinates. The parameters of the geographic coordinates (latitude, longitude and the height above the ellipsoid according to WGS84) are entered directly in the input boxes of the "Geographic Coordinates" window.
Getting the coordinates
Use suitable maps for obtaining the geographic coordinates of the device.
The geographic coordinates can also be obtained using a GPS receiver. The geographic coordinates of these devices are normally displayed directly and only need to be entered in the input boxes of this page.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
123
Configuring with Web Based Management 6.4 "System" menu
Description
The page contains the following input boxes with a maximum length of 32 characters.
� "Latitude" input box Geographical latitude: Here, enter the value for the northerly or southerly latitude of the location of the device.
For example, the value +49� 1�31.67" means that the device is located at 49 degrees, 1 arc minute and 31.67 arc seconds northerly latitude. A southerly latitude is shown by a preceding minus character. You can also append the letters N (northerly latitude) or S (southerly latitude) to the numeric information (49� 1�31.67" N).
� "Longitude" input box Geographic longitude: Here, you enter the value of the eastern or western longitude of the location of the device. The value +8� 20�58.73" means that the device is located at 8 degrees, 20 minutes and 58.73 seconds east. A western longitude is indicated by a preceding minus sign. You can also add the letter E (easterly longitude) or W (westerly longitude) to the numeric information (8� 20�58.73" E).
� Input box: "Height" Height Here, you enter the value of the geographic height above sea level in meters. For example, 158 m means that the device is located at a height of 158 m above sea level. Heights below sea level (for example the Dead Sea) are indicated by a preceding minus sign.
Procedure
1. Enter the calculated latitude in the "Latitude" input box. 2. Enter the calculated longitude in the "Longitude" input box. 3. Enter the height above sea level in the "Height" input box. 4. Click the "Set Values" button.
6.4.3
Agent IPv4 / IPv6
The calls refer to the following menu items: � Agent IPv4: Layer 3 (IPv4) > Subnets � Agent IPv6: Layer 3 (IPv6) > Subnets
124
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.4.4 6.4.4.1
Configuring with Web Based Management 6.4 "System" menu
DNS
DNS Client You can manually configure up to 3 DNS servers with IPv4 addresses on this page. Manually configured DNS servers are each assigned an index from 1 to 3. Using DHCP, the device can learn 2 DNS servers with IPv4 addresses. Learned DNS servers are automatically assigned an index from 4 to 7. If there is more than one DNS server, the order in the table specifies the order in which the servers are queried. The top server is queried first. A total of 7 DNS servers can be configured on the device. Manually configured DNS servers are given preference. The DNS () server (Domain Name System) assigns a domain name to an IP address so that a device can be uniquely identified. If this function is enabled, the device can communicate with a DNS server as a DNS client. You have the option of entering names in IP address boxes.
Note The DNS client function can only be used if there is a DNS server in the network.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
125
Configuring with Web Based Management 6.4 "System" menu
Description
The page contains the following boxes: � DNS Client
Select or clear the check box indicating that the device operates as a DNS client. � Used DNS Servers
Here you specify which DNS server the device uses: � learned only
The device uses only the DNS servers assigned by DHCP. � manual only
The device uses only the manually configured DNS servers. The DNS servers must be connected to the Internet. A maximum of three DNS servers can be configured. � all The device uses all available DNS servers. � DNS Server Address Enter the IP address of the DNS server. The table contains the following columns: � Select Select the check box in the row to be deleted. � DNS Server Address Shows the IP address of the DNS server. � Origin This shows whether the DNS server was configured manually or was assigned by DHCP.
Procedure
Activating DNS 1. Enable the "DNS-Client" check box. 2. Click the "Set Values" button. Creating a DNS server 1. In the "DNS Server Address" box, enter the IP address of the DNS server. 2. Click the "Create" button. Filtering DNS servers 1. In the "Used DNS Servers" drop-down list, select which DNS servers are to be used. 2. Click the "Set Values" button.
126
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.4.4.2
Configuring with Web Based Management 6.4 "System" menu
DNS Domain On this page, you can define up to 4 domain names. The primary domain name is used first to resolve a host name. Domain names 2 to 4 can be learned or configured manually on this page. If there is more than one DNS server, the order in the table specifies the order in which the domain names are used. If domain names are stored, you have the option of entering the host name for some of the IP address fields.
Description
The page contains the following boxes: � Primary Domain
Enter the name of the primary domain. This entry is used first to resolve a host name. � Domain Name
Enter the name of the other domain. The table contains the following columns: � Select
Select the check box in the row to be deleted. � Domain Name
Shows the name of the other domain. � Origin
Shows whether the domain name was configured manually or was assigned by DHCP.
Procedure
Specify primary domain 1. In the "Primary Domain" field, enter the name of the primary domain. 2. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
127
Configuring with Web Based Management 6.4 "System" menu
Specify additional domain 1. In the "Domain Name" field, enter the name of the other domain. 2. Click the "Create" button.
6.4.5
Restart
Resetting to the defaults
Using the WBM page, you can restart the device manually. In addition, there are various options for resetting to the device defaults.
Note
Note the following points about restarting a device:
� You can only restart the device with administrator privileges.
� A device should only be restarted with the buttons of this menu or with the appropriate CLI commands and not by a power cycle on the device.
� Any modifications you have made only become active on the device after clicking the "Set values" button on the relevant WBM page. If the device is in "Trial" mode, configuration modifications must be saved manually before a restart. In "Automatic Save" mode, the last changes are saved automatically before a restart.
128
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Description
To restart the device manually, the buttons on this page provide you with the following options:
� Restart Click this button to restart the system. You must confirm the restart in a dialog box. During a restart, the device is reinitialized, the internal firmware is reloaded, and the device runs a self-test. The learned entries in the address table are deleted. You can leave the browser window open while the device restarts. You then need to log in again.
� Restore Memory Defaults and Restart Click this button to restore the factory configuration settings with the exception of the following parameters and to restart:
� IP addresses
� Subnet mask
� IP address of the default gateway.
� DHCP client ID
� DHCP
� System name
� System location
� System contact
� User names and passwords
� Mode of the device
� DHCPv6 Rapid Commit
� Restore Factory Defaults and Restart Click this button to restore the factory defaults for the configuration. The protected defaults are also reset. An automatic restart is triggered.
Note
By resetting all the defaults to the factory configuration settings, the IP address is also lost. The device can then only be addressed via SINEC PNI or via DHCP.
With the appropriate connection, a previously correctly configured device can cause circulating frames and therefore the failure of the data traffic.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
129
Configuring with Web Based Management 6.4 "System" menu
6.4.6
Commit Control
Change management
On this page, you specify when the WLAN settings become effective on the SCALANCE W device. If you change a WLAN setting and confirm the change with "Set Values", this change is adopted and takes effect immediately. To do this, the WLAN connection is briefly interrupted. This means that you can lose the WLAN connection to your SCALANCE W device before it is fully configured.
With the "Manual Commit" setting, you have the opportunity of first fully configuring the SCALANCE W device. The changes are accepted, but are not active immediately. The changes only take effect when you confirm the changes with the "Commit Changes" button.
Note
If you configure the SCALANCE W device via the WLAN interface, we recommend that you use the "Manual Commit" setting. Check the parameters again before you confirm the changes with the "Commit Changes" button.
Description
The page contains the following boxes:
� Commit Mode
Select the required setting from the drop-down list.
� Automatic Commit
Each change in the WLAN settings is adopted and is immediately effective when you click the "Set Values" button. In the default setting, the SCALANCE W device is set to "Automatic Commit".
130
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
� Manual Commit
The changes are accepted, but are not effective immediately. The changes only take effect when you click the "Commit Changes" button. The "Commit Changes" button is displayed when you set "Manual Commit".
The following message is also displayed in the display area when there are WLAN changes: "Manual Commit Mode active - Press 'Commit Changes' button to provide current configuration to driver". This message can be seen on every WBM page until either the changes made have taken effect or the SCALANCE W device has been restarted.
Note
When the changes take effect, the WLAN connections to all WLAN interfaces will be interrupted for a short time. The WLAN driver is started with the new settings.
6.4.7
Load & Save
6.4.7.1
File list
Overview of the file types
Table 6- 1 HTTP
Type Config
ConfigPack
CountryList Debug Firmware
Description
This file contains the start configuration.
Among other things, this file contains the definitions of the users, roles, groups and function rights. The passwords are stored in the file "Users".
The file can be supplied with a password before download. To load the file into the device successfully, use the specified password. You enter the password on the WBM page "Passwords".
If the file is password-protected, you cannot load the file via DHCP with options 66 and 67.
Detailed configuration information. for example, start configuration, users, certificates, favorites, firmware of the device (if saved as well).
The file can be supplied with a password before download. To load the file into the device successfully, use the specified password. You enter the password on the WBM page "Passwords".
For more detailed information on creating and using the ConfigPack incl. firmware, refer to the section "Maintenance".
If the file is password-protected, you cannot load the file via DHCP with options 66 and 67.
The zip file contains the country list as a csv and as a pdf file.
This file contains information for Siemens Support.
It is encrypted and can be sent by e-mail to Siemens Support without any security risk.
The firmware is signed and encrypted. This ensures that only firmware created by Siemens can be downloaded to the device.
Download X
X
--X
Save X
X
X X X
Delete --
--
-X --
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
131
Configuring with Web Based Management 6.4 "System" menu
Type GSDML HTTPS Cert LogFile MIB RunningCLI
RunningSINEMAConfig
Script StartupInfo
Users WBMFav
WLANAuthlog WLANCert (only in client mode)
Description
Download
Information on the device properties (PROFINET)
--
HTTPS certificate
X
Maximum file size: 8192 bits
File with entries from the event log table
--
Private MSPS MIB file "Scalance_w_msps.mib"
--
Text file with CLI commands
--
This file contains an overview of the current configuration in the form of CLI commands. Passwords are masked in this file as follows: [PASSWORD]
You can download the text file. The file is not intended to be uploaded again unchanged.
You save the current device configuration in this file type for transfer
--
to STEP 7 Basic/Professional. The file can be imported in STEP 7
Basic/Professional and installed on a device with the same article
number and firmware version.
Before you can save a file, you must assign a password for the "RunningSINEMAConfig" in the WBM under "System > Load&Save > Passwords". You also need this password to import the file into STEP 7 Basic/Professional.
See also "SINEMAConfig"
Text file with CLI commands
X
Startup log file
--
This file contains the messages that were entered in the log file during the last startup.
File with user names and passwords
X
WBM favorites
X
This file contains the favorites that you created in the WBM. You can download this file and upload it to other devices.
File with entries from the WLAN Authentication Log (information on
--
successful or failed authentication attempts)
User certificate. You can specify a password for the user certificate on
X
the WBM page "Load&Save > Password".
Maximum file size: 8192 bits
Save X X X X X
X
-X X X X X
Delete -X ----
--
---X -X
132
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Table 6- 2 TFTP/SFTP
Type Config
ConfigPack
CountryList Debug Firmware GSDML HTTPS Cert
LogFile MIB RunningCLI
RunningSINEMAConfig
Description
Save
This file contains the start configuration.
X
Among other things, this file contains the definitions of the users, roles, groups and function rights. The passwords are stored in the file "Users".
The file can be supplied with a password before download. To load the file into the device successfully, use the specified password. You enter the password on the WBM page "Passwords".
If the file is password-protected, you cannot load the file via DHCP with options 66 and 67.
Detailed configuration information. for example, start configuration, users,
X
certificates, favorites, firmware of the device (if saved as well).
The file can be supplied with a password before download. To load the file into the device successfully, use the specified password. You enter the password on the WBM page "Passwords".
If the file is password-protected, you cannot load the file via DHCP with options 66 and 67.
For more detailed information on creating and using the ConfigPack incl. firmware, refer to the section "Maintenance".
The zip file contains the country list as a csv and as a pdf file.
X
This file contains information for Siemens Support. It is encrypted and can
X
be sent by email to Siemens Support without any security risk.
The firmware is signed and encrypted. This ensures that only firmware
X
created by Siemens can be downloaded to the device.
Information on the device properties (PROFINET)
X
Default HTTPS certificates including key
X
The preset and automatically created HTTPS certificates are self-signed.
We strongly recommend that you create your own HTTPS certificates and make them available. We recommend that you use HTTPS certificates signed either by a reliable external or by an internal certification authority. The HTTPS certificate checks the identity of the device and controls the encrypted data exchange.
There are files to which access is password-protected. To successfully load the file into the device, enter the password specified for the file on the WBM page "Passwords".
Maximum file size: 8192 bits
File with entries from the event log table
X
Private MSPS MIB file "Scalance_w_msps.mib"
X
Text file with CLI commands
X
This file contains an overview of the current configuration in the form of CLI commands. Passwords are masked in this file as follows: [PASSWORD]
You can download the text file. The file is not intended to be uploaded again unchanged.
You save the current device configuration in this file type for transfer to
X
STEP 7 Basic/Professional. The file can be imported in STEP 7
Basic/Professional and installed on a device with the same article number
and firmware version.
Before you can save a file, you must assign a password for the "RunningSINEMAConfig" in the WBM under "System > Load&Save > Passwords". You also need this password to import the file into STEP 7 Basic/Professional.
See also "SINEMAConfig"
Download X
X
--X -X
----
--
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
133
Configuring with Web Based Management 6.4 "System" menu
Type Script
StartupInfo
Users WBMFav
WLANAuthlog WLANCert (only in client mode) WLANServerCert (only in client mode)
Description
Text file with CLI commands You can upload a script file in a device. The CLI commands it contains are executed accordingly. CLI commands for saving and loading files cannot be executed with the CLI script file.
Startup log file This file contains the messages that were entered in the log file during the last startup.
File with user names and passwords
WBM favorites This file contains the favorites that you created in the WBM. You can download this file and upload it to other devices.
File with entries from the WLAN Authentication Log (information on successful or failed authentication attempts)
User certificate. You can specify a password for the user certificate on the WBM page "Load&Save > Password". Maximum file size: 8192 bits
Server certificate Maximum file size: 8192 bits
Save --
X X X X X X
Download X
-X X -X X
6.4.7.2
HTTP
134
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Loading and saving data via HTTP The WBM allows you to store device data in an external file on your client PC or to load such data from an external file from the PC to the devices. This means, for example, that you can also load new firmware from a file located on your client PC.
Note This WBM page is available both for connections using HTTP and for connections using HTTPS.
Firmware The firmware is signed and encrypted. This ensures that only firmware created by Siemens can be downloaded to the device. Configuration files
Note Configuration files and trial mode/Automatic Save mode In Automatic Save mode, the data is saved automatically before the configuration files (ConfigPack and Config) are transferred. In Trial mode, although the changes are adopted, they are not saved in the configuration files (ConfigPack and Config). Use the "Write Startup Config" button on the "System > Configuration" WBM page to save changes in the configuration files.
CLI script file You can download existing CLI configurations (RunningCLI) and upload your own CLI scripts (Script).
Note The downloadable CLI script is not intended to be uploaded again unchanged. CLI commands for saving and loading files cannot be executed with the CLI script file (Script).
Description
The table has the following columns: � Type
Shows the name of the file.
Note Size of certificate files With certificate files only certificates with a maximum of 8192 bits are supported.
� Description Shows the short description of the file type.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
135
Configuring with Web Based Management 6.4 "System" menu
� Load With this button, you can load files on the device. The button can be enabled, if this function is supported by the file type.
� Save With this button, you can save files from the device. The button can only be enabled if this function is supported by the file type and the file exists on the device.
� Delete With this button, you can delete files from the device. The button can only be enabled if this function is supported by the file type and the file exists on the device.
Note Following a firmware update, delete the cache of the Web browser.
Procedure
Loading files using HTTP
1. Start the load function by clicking the one of the "Load" buttons.
The dialog for loading a file opens.
2. Go to the file you want to load.
3. Click the "Open" button in the dialog.
The file is now loaded.
Whether or not a restart is necessary, depends on the loaded file. If a restart is necessary, a message to this effect will be output. Other files are executed immediately, for example the CLI script file and new settings are applied without a restart.
Saving files using HTTP
1. Start the save function by clicking the one of the "Save" buttons. Depending on the size of the file this may take some time.
2. Depending on your browser configuration you will be prompted to select a storage location and a name for the file. Or you accept the proposed file name. To make the selection, use the dialog in your browser. After making your selection, click the "Save" button.
Deleting files using HTTP
1. Start the delete function by clicking the one of the "Delete" buttons.
The file will be deleted.
Reusing configuration data
If several devices are to receive the same configuration and the IP addresses are assigned using DHCP, the effort for configuration can be reduced by saving and reading in the configuration data.
136
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Follow the steps below to reuse configuration data: 1. Save the configuration data of a configured device on your PC. 2. Download this configuration file to all other devices you want to configure. 3. If individual settings are necessary for specific devices, these must be made online on the
relevant device.
Note Configuration data has a checksum. If you edit the files, you can no longer upload them to the device. Password-protected config file If the file is password-protected, you cannot load the file via DHCP with options 66 and 67.
6.4.7.3
TFTP
Loading and saving data via a TFTP server
On this page, you can configure the TFTP server and the file names. The WBM also allows you to store device data in an external file on your client PC or to load such data from an external file from the PC to the devices. This means, for example, that you can also load new firmware from a file located on your client PC.
Firmware
The firmware is signed and encrypted. This ensures that only firmware created by Siemens can be downloaded to the device.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
137
Configuring with Web Based Management 6.4 "System" menu
Configuration files
Note Configuration files and trial mode/Automatic Save mode In Automatic Save mode, the data is saved automatically before the configuration files (ConfigPack and Config) are transferred. In Trial mode, although the changes are adopted, they are not saved in the configuration files (ConfigPack and Config). Use the "Write Startup Config" button on the "System > Configuration" WBM page to save changes in the configuration files.
CLI script file You can download existing CLI configurations (RunningCLI) and upload your own CLI scripts (Script).
Note The downloadable CLI script is not intended to be uploaded again unchanged. CLI commands for saving and loading files cannot be executed with the CLI script file (Script).
Description
The page contains the following boxes: � TFTP Server Address
Here, enter the IP address or the FQDN (Fully Qualified Domain Name) of the TFTP server with which you exchange data. � TFTP Server Port Here, enter the port of the TFTP server via which data exchange will be handled. If necessary, you can change the default value 69 to your own requirements. The table has the following columns: � Type Shows the name of the file.
Note Size of certificate files With certificate files only certificates with a maximum of 8192 bits are supported.
� Description Shows the short description of the file type.
138
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.4 "System" menu
� Filename Enter a file name.
� Actions Select the action from the drop-down list. The selection depends on the selected file type, for example the log file can only be saved. The following actions are possible: � Save file With this selection, you save a file on the TFTP server. � Load file With this selection, you load a file from the TFTP server.
Loading or saving data using TFTP 1. Enter the IP address or the FQDN of the TFTP server in the "TFTP Server Address" input box. 2. Enter the server port to be used in the in the "TFTP server port" input box. 3. Enter the name of a file in which you want to save the data or take the data from in the "File
name" input box. 4. Select the action you want to execute from the "Actions" drop-down list. 5. Click the "Set Values" button to start the selected actions. Depending on the size of the file
this may take some time. 6. After loading the configuration and the SSL certificate, restart the device. The changes only
take effect a restart. Reusing configuration data If several devices are to receive the same configuration and the IP addresses are assigned using DHCP, the effort for configuration can be reduced by saving and reading in the configuration data. Follow the steps below to reuse configuration data: 1. Save the configuration data of a configured device on your PC. 2. Download this configuration file to all other devices you want to configure. 3. If individual settings are necessary for specific devices, these must be made online on the
relevant device.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
139
Configuring with Web Based Management 6.4 "System" menu
Note that the configuration data is coded when it is saved. This means that you cannot edit the files with a text editor.
Note Configuration data has a checksum. If you edit the files, you can no longer upload them to the device. Password-protected config file If the file is password-protected, you cannot load the file via DHCP with options 66 and 67.
6.4.7.4
SFTP
Loading and saving data via an SFTP server
SFTP (SSH File Transfer Protocol) transfers the files encrypted. On this page, you configure the access data for the SFTP server.
The WBM also allows you to store device data in an external file on your client PC or to load such data from an external file from the PC to the devices. This means, for example, that you can also load new firmware from a file located on your Admin PC.
On this page, the certificates required to establish a secure VPN connection can also be loaded.
Firmware
140
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
The firmware is signed and encrypted. This ensures that only firmware created by Siemens can be downloaded to the device. Configuration files
Note Configuration files and Trial mode/Automatic Save In "Automatic Save" mode, the data is saved automatically before the configuration files (ConfigPack and Config) are transferred. In "Trial" mode, although the changes are adopted, they are not saved in the configuration files (ConfigPack and Config). Use the "Write Startup Config" button on the "System > Configuration" WBM page to save changes in the configuration files.
CLI script file You can download existing CLI configurations (RunningCLI) and upload your own CLI scripts (Script).
Note The downloadable CLI script is not intended to be uploaded again unchanged. CLI commands for saving and loading files cannot be executed with the CLI script file (Script).
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
141
Configuring with Web Based Management 6.4 "System" menu
Description
The page contains the following boxes:
� SFTP Server Address Enter the IP address or the FQDN of the SFTP server with which you exchange data.
� SFTP Server Port Enter the port of the SFTP server via which data exchange will be handled. If necessary, you can change the default value 22 to your own requirements.
� SFTP User Enter the user for access to the SFTP server. This assumes that a user with the corresponding rights has been created on the SFTP server.
The name must meet the following conditions:
� It must be unique.
� It must be between 1 and 250 characters long.
� The following characters must not be included: � ? " ; :
The characters for Space and Delete also cannot be included.
� SFTP Password
Enter the password for the user
� SFTP Password Confirmation Confirm the password.
The table has the following columns:
� Type Shows the file type.
� Description Shows the short description of the file type.
� Filename A file name is preset here for every file type.
Note Changing the file name
You can change the file name preset in this column. After clicking the "Set Values" button, the changed name is saved on the device and can also be used with the Command Line Interface.
� Actions Select the action from the drop-down list. The selection depends on the selected file type, for example you can only save the log file. The following actions are possible:
� Save file With this selection, you save a file on the SFTP server.
� Load file With this selection, you load a file from the SFTP server.
142
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.4 "System" menu
Loading or saving data using SFTP 1. Enter the address of the SFTP server in "SFTP Server Address". 2. Enter the port of the SFTP server to be used in "SFTP Server Port". 3. Enter the user data (user name and password) required for access to the SFTP server. 4. If applicable, enter the name of a file in which you want to save the data or take the data
from in "Filename".
Note Files whose access is password protected To be able to load these files on the device successfully, you need to enter the password specified for the file in "System" > "Load&Save" > "Passwords".
5. Select the action you want to execute from the "Actions" drop-down list. 6. Click "Set Values" to start the selected action. 7. If a restart is necessary, a message to this effect will be output. Click the "OK" button to run
the restart. If you click the "Abort" button, there is no device restart. The changes only take effect after a restart. Reusing configuration data If several identical devices are to receive the same configuration and the IP addresses are assigned using DHCP, the effort for reconfiguration can be reduced by saving and reading in the configuration data. Follow the steps below to reuse configuration data: 1. Save the configuration data of a configured device on your PC. 2. Load these configuration files on all other devices you want to configure in this way. 3. If individual settings are necessary for specific devices, these must be made online on the relevant device.
Note Configuration data has a checksum. If you edit the files, you can no longer upload them to the device. Password-protected config file If the file is password-protected, you cannot load the file via DHCP with options 66 and 67.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
143
Configuring with Web Based Management 6.4 "System" menu
6.4.7.5
Passwords
There are files to which access is password-protected. For example to be able to use the HTTPS certificate, you need to specify the corresponding password on this WBM page.
Description
The table has the following columns:
� Type Shows the file type.
� Description Shows the short description of the file type.
� Enabled When selected, the file is used. Can only be enabled if the password is configured.
� Password Enter the password for the file.
� Password Confirmation Confirm the password.
� Status Shows whether the password corresponds to the file on the device.
� Valid The "Enabled" check box is selected and the password matches the file.
� Invalid The "Enabled" check box is selected but the password does not match the file or no file has been loaded yet.
� '-' The password cannot be evaluated or is not yet being used. The "Enabled" check box is not selected.
� Required
A password is required for loading or saving.
144
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.4 "System" menu
1. Enter the password in "Password". 2. To confirm the password, enter the password again in "Password Confirmation". 3. Select the "Enabled" option. 4. Click the "Set Values" button.
6.4.8
Events
6.4.8.1
Configuration
Selecting system events
On this page, you specify how a device reacts to system events. To enable or disable the options, click the relevant check boxes of the columns.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
145
Configuring with Web Based Management 6.4 "System" menu
Description
With Table 1, you can enable or disable all check boxes of a column of Table 2 at once. Table 1 has the following columns: � All Events
Shows that the settings are valid for all events of table 2. � E-mail / Trap / Log Table / Syslog / Faults
Enable or disable the required type of notification for all events. If "No Change" is selected, the entries of the corresponding column in table 2 remain unchanged. � Copy to Table If you click the button, the setting is adopted for all events of table 2.
146
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Table 2 has the following columns:
� Event
The column contains the following values:
� Cold/warm restart The device was turned on or restarted by the user.
� Link Change This event occurs only when the port status is monitored and has changed, see "System > Fault Monitoring > Link Change".
� Authentication Failure This event occurs when attempting access with a bad password.
� Power Change This event occurs only when power supply lines 1 and 2 are monitored. It indicates that there was a change to line 1 or line 2. The event occurs when the PoE power supply has failed, see "System > Fault Monitoring > Power Supply".
� Spanning Tree Change The STP or RSTP or MSTP topology has changed.
� Fault State Change The fault status has changed. The fault status can relate to the activated port monitoring, the response of the signaling contact or the power supply monitoring.
� Overlap AP Detection (only in access point mode) This event is triggered when there is an entry in the "Overlap AP" list.
� DFS (Only in access point mode) This event occurs if a radar signal was received or the DFS scan was started or stopped.
� WLAN Authentication Log Forwarding of the entries from the WLAN authentication log to the system protocol server.
� WLAN De/Authentication (Only in client mode) With successful or failed WLAN authentication attempts.
� WLAN General (Only in access point mode) This event occurs if the channel bandwidth has changed.
� Configuration Change This event occurs when the configuration of the device has changed.
� Service Information Some system events that occurred are entered in the event log table without configuration. For these events, you can configure additional types of notification.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
147
Configuring with Web Based Management 6.4 "System" menu
� Type of notification
� E-mail The device sends an e-mail. This is only possible if the SMTP server is set up and the "SMTP Client" function is enabled.
� Trap The device sends an SNMP trap. This is only possible if "SNMPv1 Traps" is enabled in "System > Configuration".
� Log Table The device writes an entry to the event log table. The content of the event log table is displayed in "Information > Log Tables > Event Log".
� Syslog The device writes an entry to the system log server. This is only possible if the system log server is set up and the "Syslog Client" function is enabled.
� Error The device triggers an error. The error LED lights up and the currently pending error is displayed under "Information > Faults".
Procedure
Follow the steps below to change entries: 1. Select the check box in the row of the required event. Select the event in the column under
the following actions: � E-mail � Trap � Log table � Syslog � Error 2. Click the "Set Values" button.
6.4.8.2
Severity Filters On this page, you configure the severity for the sending of system event notifications.
148
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Description
The table has the following columns: � Client Type
Select the client type for which you want to make settings: � E-mail
Sending system event messages by e-mail � Log Table
Entry of system events in the log table � Syslog
Entry of system events in the Syslog file � WLAN Authentication Log
Entry of system events in the WLAN authentication log � Severity
Select the required level. The following settings are possible: � Critical
System events are processed as of the severity level "Critical". � Warning
System events are processed as of the severity level "Warning". � Info
System events are processed as of the severity level "Info".
Procedure
Follow the steps below to configure the required level:
1. Select the required values from the drop-down lists of the second table column after the client types.
2. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
149
Configuring with Web Based Management 6.4 "System" menu
6.4.9
SMTP client
6.4.9.1
General
Network monitoring with e-mails
If events occur, the device can automatically send an e-mail, e.g. to the service technician. The e-mail contains the identification of the sending device, a description of the cause in plain text, and a time stamp. This allows centralized network monitoring to be set up for networks with few nodes based on an e-mail system.
Requirements for sending e-mails � "E-mail" is activated for the relevant event in "System > Events > Configuration". � The desired severity is configured under "System > Events > Severity level". � At least one entry exists under "System > SMTP Client > Receiver" and the setting "Send" is activated.
Description
The page contains the following boxes: � SMTP Client
Enable or disable the SMTP client. � SMTP Server Address
Enter the IP address of the SMTP server. The table contains the following columns: � Select
Select the check box in a row to be deleted. � Status
Specify whether this SMTP server will be used. � SMTP Server Address
Shows the SMTP server IP address.
150
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.4 "System" menu
� Sender Email Address Enter the e-mail address of the sender that is specified in the e-mail.
� User Name If necessary, enter the user name used for authentication on the SMTP server.
� Password If necessary, enter the password used for authentication on the SMTP server.
� Password Confirmation Repeat the password.
� Port Enter the port via which your SMTP server can be reached. Factory settings: � 25 (None) � 465 (SSL/TLS and StartTLS)
� Security Specify whether transfer of the e-mail from the device to the SMTP server is encrypted. This is only possible when the SMTP server supports the selected setting. Note 2-factor authentication (2FA) 2-factor authentication is not supported.
� SSL/TLS � StartTLS � None: The e-mail is transferred unencrypted. � Test Sends a test email to the configured receivers. � Test Result Shows whether the e-mail was sent successfully or not. If sending was not successful, the message contains possible causes.
Configuring the SMTP server 1. Enable the "SMTP Client" function. 2. Enter the IP address of the SMTP server in "SMTP Server Address". 3. Click the "Create" button. A new entry is generated in the table. 4. Enter the name of the sender that will be included in the e-mail for "Sender Email Address". 5. Enter the user name and password if the SMTP server prompts you to log in.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
151
Configuring with Web Based Management 6.4 "System" menu
6. Under "Security", specify whether transfer to the SMTP server is encrypted. 7. Enable the SMTP server entry. 8. Click the "Set Values" button.
Note Depending on the properties and configuration of the SMTP server, it may be necessary to adapt the "Sender E-Mail Address" input for the e-mails. Check with the administrator of the SMTP server.
Testing the configuration of the SMTP server 1. Configure receivers
� Click the "Receiver" tab. � Select the desired SMTP server under "SMTP server". � Enter the desired address under "Email address of the SMTP receiver". � Click the "Create" button. A new entry is generated in the table. The setting "Send" is
activated by default. 2. Sending a test e-mail
� Click the "General" tab. � Click the "Test" button next to the SMTP server entry. The device sends a test email to
every configured receiver. � Check the test result. If sending was not successful, the message contains possible
causes.
6.4.9.2
Recipient On this page, you specify who receives an e-mail when an event occurs.
152
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Description
The page contains the following boxes: � SMTP Server
Specify the SMTP server via which the e-mail is sent. � Email address of the SMTP receiver
Enter the e-mail address to which the device sends an e-mail. The table contains the following columns: � Select
Select the check box in a row to be deleted. � SMTP Server
Shows the IP address of the SMTP server to which the entry relates. � Send
When enabled, the device sends an email to this receiver. � Email address of the SMTP receiver
Shows the e-mail address to which the device sends an e-mail if a fault occurs.
Procedure
Configuring an SMTP receiver 1. Select the required "SMTP Server". 2. Enter the email address of the SMTP receiver. 3. Click the "Create" button. A new entry is generated in the table. 4. Activate the "Send" option for the entry. 5. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
153
Configuring with Web Based Management 6.4 "System" menu
6.4.10
DHCPv4
6.4.10.1
DHCP Client
Setting of the DHCP mode
If the device is configured as a DHCP client, it starts a DHCP query. As the reply to the query the device receives an IPv4 address from the DHCP server. The server manages an address range from which it assigns IPv4 addresses. It is also possible to configure the server so that the client always receives the same IPv4 address in response to its request.
Description
The page contains the following boxes:
� DHCP client configuration file request (opt. 66, 67) Select this option if you want the DHCP client to use options 66 and 67 to download and then enable a configuration file.
� DHCP Mode Select the DHCP mode from the drop-down list. The following modes are possible:
� via MAC Address Identification is based on the MAC address.
� via DHCP Client ID Identification is based on a freely defined DHCP client ID.
� via System Name Identification is based on the system name. If the system name is 255 characters long, the last character is not used for identification.
� via PROFINET Name of Station The identification is made using the PROFINET device name.
154
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.4 "System" menu
The table has the following columns: � Interface
Interface to which the setting relates. � DHCP
Enable or disable the DHCP client for the relevant interface.
1. Select the required mode from the "DHCP Mode" drop-down list. If you select the DHCP mode "via DHCP Client ID" an input box appears. � In the enabled input box "DHCP client ID" enter a string to identify the device. This is then evaluated by the DHCP server.
2. Select the "DHCP Client Configuration Request (Opt. 66, 67)", if you want the DHCP client to use options 66 and 67 to download and then enable a configuration file.
3. Enable the "DHCP" option in the table. 4. Click the "Set Values" button.
Note If a configuration file is downloaded, this can trigger a system restart. If the currently running configuration and the configuration in the downloaded configuration file differ, the system is restarted. Make sure that the option "DHCP Client Configuration Request (Opt. 66, 67)" is no longer set.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
155
Configuring with Web Based Management 6.4 "System" menu
6.4.11
SNMP
6.4.11.1
General
Configuration of SNMP
On this page, you make the basic settings for SNMP. Enable the check boxes according to the function you want to use.
Description
The page contains the following boxes: � SNMP
Select the SNMP protocol from the drop-down list. The following settings are possible: � "-" (Disabled)
SNMP is disabled. � SNMPv1/v2c/v3
SNMPv1/v2c/v3 is supported.
Note Note that SNMP in versions 1 and 2c does not have any security mechanisms.
� SNMPv3 Only SNMPv3 is supported.
156
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
� SNMPv1/v2c Read-Only If you enable this option, SNMPv1/v2c can only read the SNMP variables.
Note Community String For security reasons, do not use the standard values "public" or "private". Change the community strings following the initial installation. The recommended minimum length for community strings is 6 characters. For security reasons, only limited access to objects of the SNMPCommunityMIB is possible with the SNMPv1/v2c Read Community String. With the SNMPv1/v2c Read/Write Community String, you have full access to the SNMPCommunityMIB.
� SNMPv1/v2c Read Community String Enter the community string for read access of the SNMP protocol.
� SNMPv1/v2c Read/Write Community String Enter the community string for read and write access of the SNMP protocol.
� SNMPv3 User Migration � Enabled If the function is enabled, an SNMP engine ID is generated that can be migrated. You can transfer configured SNMPv3 users to a different device. If you enable this function and load the configuration of the device on another device, configured SNMPv3 users are retained. � Disabled If the function is disabled, a device-specific SNMP engine ID is generated. To generate the ID, the agent MAC address of the device is used. You cannot transfer this SNMP user configuration to other devices. If you load the configuration of the device on another device, all configured SNMPv3 users are deleted.
� SNMP Engine ID Shows the SNMP engine ID.
� SNMP Agent Listen Port Specify the port at which the SNMP agent waits for the SNMP queries. Standard port 161 is the default. You can optionally enter the standard port 162 or a port number in the range 1024 ... 49151 or 49500 ... 65535.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
157
Configuring with Web Based Management 6.4 "System" menu
Procedure
1. Select the required option from the "SNMP" drop-down list: � "-" (disabled) � SNMPv1/v2c/v3 � SNMPv3
2. Enable the "SNMPv1/v2c Read Only" check box if you only want read access to SNMP variables with SNMPv1/v2c.
3. Enter the required character string in the "SNMPv1/v2c Read Community String" input box. 4. Enter the required character string in the "SNMPv1/v2c Read/Write Community String" input
box. 5. If necessary, enable the SNMPv3 User Migration. 6. Click the "Set Values" button.
6.4.11.2
SNMPv3 Users
User-specific security settings
On the WBM page, you can create new SNMPv3 users and modify or delete existing users. The user-based security model works with the concept of the user name; in other words, a user ID is added to every frame. This user name and the applicable security settings are checked by both the sender and recipient.
Description
The page contains the following boxes:
� User Name Enter a freely selectable user name. After you have entered the data, you can no longer modify the name.
The table has the following columns:
� Select Select the row you want to delete.
� User Name Shows the created users.
158
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
� Authentication Protocol Specify the authentication protocol for which a password will be stored. The following settings are available: � None � MD5 � SHA
� Privacy Protocol Specify the encryption protocol for which a password will be stored. This drop-down list is only enabled when an authentication protocol has been selected. The following settings are available: � None � DES � AES
� Authentication Password Enter the authentication password in the first input box. This password must have at least 1 character, the maximum length is 32 characters.
Note Length of the password As an important measure to maximize security, we recommend that the password has a minimum length of 6 characters and that it contains special characters, uppercase/lowercase letters, numbers.
� Authentication Password Confirmation Confirm the password by repeating the entry.
� Privacy Password Enter your encryption password. This password must have at least 1 character, the maximum length is 32 characters.
Note Length of the password As an important measure to maximize security, we recommend that the password has a minimum length of 6 characters and that it contains special characters, uppercase/lowercase letters, numbers.
� Privacy Password Confirmation Confirm the encryption password by repeating the entry.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
159
Configuring with Web Based Management 6.4 "System" menu
Procedure
Create a new user
1. Enter the name of the new user in the "User Name" input box.
2. Click the "Create" button. A new entry is generated in the table.
3. Select the authentication algorithm for "Authentication Protocol". In the relevant input boxes, enter the authentication password and the confirmation.
4. Select the algorithm in "Privacy Protocol". In the relevant input boxes, enter the encryption password and the confirmation.
5. Click the "Set Values" button.
Delete user
1. Enable "Select" in the row to be deleted. Repeat this for all users you want to delete.
2. Click the "Delete" button. The entry is deleted.
6.4.11.3
SNMPv3 User to Group mapping
Configuration of group members
You assign users to SNMPv3 groups on this WBM page. Each user can only be a member of one group.
160
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Description
The page contains the following boxes:
� Group Name Enter the group that will be assigned to the user.
� User Name Select the user to be a member of the specified group. The drop-down list only contains users that are not yet assigned to a group.
The table has the following columns:
� Select Select the row you want to delete.
� Group Name Displays the SNMPv3 group. A group name can only be changed later if no access rights have been defined for the group yet.
� User Name Shows the user that is a member of this group.
6.4.11.4
SNMPv3 Access
Security settings and assigning permissions
SNMP version 3 allows permissions to be assigned, authentication, and encryption at protocol level. The security level and read/write permissions are assigned according to groups. The settings automatically apply to every member of a group.
Note
Different access permissions for different security levels can be assigned to a group. If no access permission is defined for a security level, no access to the device is possible for members of the group using this security level.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
161
Configuring with Web Based Management 6.4 "System" menu
Description
The page contains the following boxes:
� Group Name Select the name of the group.
� Security Level Select the security level (authentication, encryption) for which you want to define the access permissions of the group:
� No Auth/no Priv No authentication enabled/no encryption enabled.
� Auth/no Priv Authentication enabled/no encryption enabled.
� Auth/Priv Authentication enabled/encryption enabled.
The table has the following columns:
� Select Select the row you want to delete.
� Group Name Shows the name of the SNMPv3 group.
� Security Level Shows the security level to which this access permission applies.
� Read View Name Enter an SNMPv3 view to be used for read SNMP access by members of the group with the defined security level.
� Write View Name Enter an SNMPv3 view to be used for write SNMP access by members of the group with the defined security level.
Note
For write access to work, you also need to enable read access.
� Notification View Name Enter an SNMPv3 view for which SNMP notification to members of the group with the defined security level should be used.
Procedure
Creating a new group 1. Select the name of the group for which you are configuring SNMP access. 2. Select the required security level from the "Security Level" drop-down list. 3. Click the "Create" button to create a new entry. 4. In the "Read View Name" field, enter the SNMPv3 view for read access. 5. In the "Write View Name" field, enter the SNMPv3 view for write access.
162
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
6. In the "Notification View Name" field, enter the SNMPv3 view for notifications.
7. Click the "Set Values" button.
Modifying a group
Once a group name and the security level have been specified, they can no longer be modified after the group is created. If you want to change the group name or the security level, you will need to delete the group and create it and configure it with the new name.
Deleting a group
1. Enable "Select" in the row to be deleted. Repeat this for all groups you want to delete.
2. Click the "Delete" button. The entries are deleted.
6.4.11.5
SNMPv3 Views
Configuration of SNMPv3 views You configure the parameters of SNMP views on this WBM page.
Note Controlling the SNMPv1 and SNMPv2c access
The preconfigured SIMATICNETRD and SIMATICNETWR views are used internally to control the SNMPv1 and SNMPv2c access. If you delete or change these views, this directly affects the SNMPv1 and SNMPv2c access.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
163
Configuring with Web Based Management 6.4 "System" menu
Description
The page contains the following boxes: � View Name
Select the name of the view that you want to configure. An SNMPv3 view always needs to be assigned to an SNMPv3 access. For this reason, you need to enter a new SNMPv3 view in the table in the "SNMPv3 access" tab. � MIB Tree Select the Object Identifier (OID) of the MIB area that is to be used for the SNMPv3 view. The following options are possible: � iso
� std
� member-body
� org
� mgmt
� private
� snmpV2 The drop-down list only contains the OIDs that are usually used. If the configuration of a specific OID that is not listed is necessary, you can configure this via the CLI with the snmp view command. This OID is then also displayed in the WBM in the overview table. The table has the following columns: � Select Select the row you want to delete. � View Name The name of the SNMPv3 view. � MIB Tree The OID of the MIB area for the SNMPv3 view.
� View Type The available options are as follows: � Included The MIB OID and its lower-level nodes are part of the SNMPv3 view. Access to the corresponding MIB objects is possible.
� Excluded The MIB OID and its lower-level nodes are not part of the SNMPv3 view. Access to the corresponding MIB objects is not possible.
164
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
6.4.11.6
Notifications
SNMP traps and SNMPv3 notifications
If an alarm event occurs, a device can send SNMP notifications (traps and inform notifications) to up to ten different management stations at the same time. Notifications are only sent if the events specified in the "Events" menu item occur.
Description
The page contains the following boxes: � SNMPv1 Traps
Enable or disable sending of SNMPv1 traps. This setting affects all receivers of SNMPv1 traps and has no effects on receivers of SNMPv2c or SNMPv3 notifications. � SNMPv1/v2c Trap Community String Enter the community string for sending SNMPv1/v2c notifications. � SNMPv3 Notify User Select the user to which SNMPv3 notifications are to be sent. � SNMPv3 Notify Security Level Select the security level (authentication, encryption) to be used for SNMPv3 notification. A user and the access must be configured for this. The following options are possible: � no Auth/no Priv
No authentication enabled / no encryption enabled. � Auth/no Priv
Authentication enabled / no encryption enabled. � Auth/Priv
Authentication enabled / encryption enabled.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
165
Configuring with Web Based Management 6.4 "System" menu
� Notification Receiver Type The receiver type defines the SNMP version and the type of notification. SNMP inform notifications have to be acknowledged by the receiver, SNMP traps do not. The following options are possible: � SNMPv1 Trap
� SNMPv2c Trap
� SNMPv2c Inform
� SNMPv3 Trap
� SNMPv3 Inform
� Notification Receiver Address Enter the IP address of the receiver station to which the device sends SNMP notifications. You can specify up to ten different receivers servers.
The table has the following columns: � Select
Select the row you want to delete. � Notification Receiver Address
If necessary, change the IP address of the stations. � Notification Receiver Type
Shows the defined receiver type. � SNMP Engine ID
The ID of the SNMP engine to which SNMPv3 inform notifications are sent. You can only configure this parameter for the "SNMPv3-Inform" receiver type. � Notification Enable or disable sending of SNMP notifications. Stations that are entered but not selected do not receive SNMP notifications. Note If a table is grayed out, the corresponding notification was configured via the CLI and can only be deleted via the CLI.
166
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.4 "System" menu
Configuring a notification 1. Select the receiver for SNMPv3 notifications in the "SNMPv3 Notify User" drop-down list. 2. Select the security level for SNMPv3 notifications in the "SNMPv3 Notify Security Level" drop-
down list. 3. Select the receiver type in the "Notification Receiver Type" drop-down list. 4. In "Notification Receiver Address", enter the IP address of the station to which the device
should send traps or notifications. 5. Click the "Create" button to create a new trap entry. 6. Activate "Notification" in the required row. 7. Click the "Set Values" button. Deleting a trap entry 1. Enable "Select" in the row to be deleted. 2. Click the "Delete" button. The entry is deleted.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
167
Configuring with Web Based Management 6.4 "System" menu
6.4.12
System Time
There are different methods that can be used to set the system time of the device. Only one method can be active at any one time.
If one method is activated, the previously activated method is automatically deactivated.
6.4.12.1
Manual Setting
Manual setting of the system time
On this page, you set the date and time of the system yourself. For this setting to be used, enable "Time Manually".
Description
The page contains the following boxes:
� Time Manually Enable the manual time setting. If you enable the option, the "System Time" input box can be edited.
� System Time Enter the date and time in the format "MM/DD/YYYY HH:MM:SS".
After a restart, the time of day begins at 01/01/2000 00:00:00.
� Use PC Time Click the button to use the time setting of the PC.
� Last Synchronization Time Shows when the last time-of-day synchronization took place. If no time-of-day synchronization was possible, the box displays "Date/time not set".
168
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.4 "System" menu
� Last Synchronization Mechanism Shows how the last time synchronization was performed. � Not set The time was not set. � Manual Manual time setting � SNTP Automatic time-of-day synchronization with SNTP � NTP Automatic time-of-day synchronization with NTP � SIMATIC Automatic time-of-day synchronization using the SIMATIC time frame
� Daylight Saving Time (DST) Shows whether the daylight saving time changeover is active. � active (offset +1 h) The system time was changed to daylight saving time; in other words an hour was added. You can see the current system time at the top right in the selection area of the WBM. The current time including daylight saving time is displayed in the "System Time" box. � inactive (offset +0 h) The current system time is not changed.
1. Enable the "Time Manually" option. 2. In the "System Time" input box, enter the date and time in the format "MM/DD/YYYY
HH:MM:SS". 3. Click the "Set Values" button.
The date and time are adopted and "Manual" is entered in "Last Synchronization Mechanism" box.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
169
Configuring with Web Based Management 6.4 "System" menu
6.4.12.2
DST Overview On this page, you can create new entries for the daylight saving time changeover. The table provides an overview of the existing entries.
Settings
� Select Select the row you want to delete.
� DST No. Shows the number of the entry. If you create a new entry, a new line with a unique number is created.
� Name Shows the name of the entry.
� Year Shows the year for which the entry was created.
� Start Date Shows the month, day and time for the start of daylight saving time.
� End Date Shows the month, day and time for the end of daylight saving time.
� Recurring Date With an entry of the type "Rule", the period in which daylight saving time is active is displayed consisting of week, day, month and time of day. With an entry of the type "Date" a "-" is displayed.
170
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.4 "System" menu
� State Shows the status of the entry: � Enabled The entry was created correctly. � Invalid The entry was created new and the start and end date are identical.
� Type Shows how the daylight saving time changeover is made: � Date A fixed date is entered for the daylight saving time changeover. � Rule A rule was defined for the daylight saving time changeover.
Creating an entry 1. Click the "Create" button.
A new entry is created in the table. 2. Click on the required entry in the "DST No." column.
You change to the "DST Configuration" page. 3. Select the required type in the "Type" drop-down list.
Depending on the selected type, various settings are available. 4. Enter a name in the "Name" box. 5. If you have selected the type "Date", fill in the following boxes.
� Year � Day (for start and end date) � Hour (for start and end date) � Month (for start and end date) 6. If you have selected the type "Rule", fill in the following boxes. � Hour (for start and end date) � Month (for start and end date) � Week (for start and end date) � Day (for start and end date) 7. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
171
Configuring with Web Based Management 6.4 "System" menu
Deleting an entry 1. Enable "Select" in the row to be deleted. 2. Click the "Delete" button. The entry is deleted.
6.4.12.3
DST Configuration
On this page, you can configure the entries for the daylight saving time changeover. As result of the changeover to daylight saving or standard time, the system time for the local time zone is correctly set.
You can define a rule for the daylight saving time changeover or specify a fixed date.
Settings
Note The content of this page depends on the selection in the "Type" box. The boxes "DST No.", "Type" and "Name" are always shown.
� DST No. Select the type of the entry.
� Type Select how the daylight saving time changeover is made: � Date You can set a fixed date for the daylight saving time changeover. This setting is suitable for regions in which the daylight saving time changeover is not governed by rules. � Rule You can define a rule for the daylight saving time changeover. This setting is suitable for regions in which the daylight saving time always begins or ends on a certain weekday.
� Name Enter a name for the entry. The name can be a maximum of 16 characters long.
Settings with "Date" selected
172
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
You can set a fixed date for the start and end of daylight saving time. � Year
Enter the year for the daylight saving time changeover. � Start Date
Enter the following values for the start of daylight saving time: � Day
Specify the day. � Hour
Specify the hour. � Month
Specify the month. � End Date
Enter the following values for the end of daylight saving time: � Day
Specify the day. � Hour
Specify the hour. � Month
Specify the month. Settings with "Rule" selected
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
173
Configuring with Web Based Management 6.4 "System" menu
174
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
You can create a rule for the daylight saving time changeover. � Start Date
Enter the following values for the start of daylight saving time: � Hour
Specify the hour. � Month
Specify the month. � Week
Specify the week. You can select the first to fifth or the last week of the month. � Day Specify the weekday. � End Date Enter the following values for the end of daylight saving time: � Hour Specify the hour. � Month Specify the month. � Week Specify the week. You can select the first to fifth or the last week of the month. � Day Specify the weekday.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
175
Configuring with Web Based Management 6.4 "System" menu
6.4.12.4
SNTP Client
Time-of-day synchronization in the network SNTP (Simple Network Time Protocol) is used for synchronizing the time in the network. The appropriate frames are sent by an SNTP server in the network.
Note To avoid time jumps, make sure that there is only one time server in the network.
Description
The page contains the following boxes:
� SNTP Client Enable or disable automatic time-of-day synchronization using SNTP.
� Current System Time Shows the current date and current normal time received by the device. If you specify a time zone, the time information is adapted accordingly.
� Last Synchronization Time Shows when the last time-of-day synchronization took place.
176
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
� Last Synchronization Mechanism Shows how the last time synchronization was performed. The following methods are possible:
� Not set The time was not set.
� Manual Manual time setting
� SNTP Automatic time-of-day synchronization with SNTP
� NTP Automatic time-of-day synchronization with NTP
� SIMATIC Automatic time-of-day synchronization using the SIMATIC time frame
� Time Zone In this box, enter the time zone you are using in the format "+/- HH:MM". The time zone relates to UTC standard world time.
The time in the "Current System Time" box is adapted accordingly.
� Daylight Saving Time (DST) Shows whether the daylight saving time changeover is active.
� active (offset +1 h)
The system time was changed to daylight saving time; in other words an hour was added. You can see the current system time at the top right in the selection area of the WBM.
The current time including daylight saving time is displayed in the "System Time" box.
� inactive (offset +0 h) The current system time is not changed.
� SNTP Mode Select the synchronization mode from the drop-down list. The following types of synchronization are possible:
� Listen With this mode, the device is passive and receives SNTP frames that deliver the time of day. Settings in the input boxes "SNTP Server Address" and "SNTP Server Port" have no effect in this mode.
In this mode, only IPv4 addresses are supported.
� Poll If you select this mode, the input box "Poll Interval[s]" is displayed to allow further configuration. In this mode, the settings in the input boxes "SNTP Server Address" and "SNTP Server Port" are taken into account. With this type of synchronization, the device is active and sends a time query to the SNTP server.
In this mode, IPv4 and IPv6 addresses are supported.
� Poll Interval[s] Here, enter the interval between two time queries. In this box, you enter the query interval in seconds. Possible values are 16 to 16284 seconds.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
177
Configuring with Web Based Management 6.4 "System" menu
� SNTP Server Address Enter the IP address or the FQDN (Fully Qualified Domain Name) of the SNTP server.
� SNTP Server Port Enter the port of the SNTP server. The following ports are possible:
� 123 (standard port)
� 1025 to 36564
� Primary The check mark is set for the SNTP server that you create first. If several SNTP servers have been created, the primary server is queried first.
Procedure
1. Click the "SNTP Client" check box to enable the automatic time setting.
2. In the "Time Zone" input box, enter the local time difference to world time (UTC). The input format is "+/-HH:MM" (for example +02:00 for CEST), because the SNTP server always sends the UTC time. This time is then recalculated and displayed as the local time based on the specified time zone. You configure the daylight saving time switchover on the pages "System > System Time > DST Overview" and "System > System Time > DST Configuration". You also need to take this into account when completing the "Time Zone" input box.
3. Select one of the following options from the "SNTP Mode" drop-down list:
� Poll For this mode, you need to configure the following: - Time zone difference (step 2) - Query interval (step 4) - Time server (step 5) - Port (step 7) - Complete the configuration with step 8.
� Listen For this mode, you need to configure the following: - Time difference to the time sent by the server (step 2) - Complete the configuration with step 8.
4. In the "Poll Interval[s]" input box, enter the time in seconds after which a new time query is sent to the time server.
5. In the "SNTP Server Address" input box, enter the IP address or the FQDN of the SNTP server whose frames will be used to synchronize the time of day.
6. Click the "Create" button.
A new row is inserted in the table for the SNTP server.
7. In the "SNTP Server Port" column, enter the port via which the SNTP server is available. The port can only be modified if the IPv4 address or the FQDN name of the SNTP server is entered.
8. Click the "Set Values" button to transfer your changes to the device.
178
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
6.4.12.5
NTP Client
Automatic time-of-day setting with NTP
If you require time-of-day synchronization using NTP, you can make the relevant settings here.
Description
The page contains the following boxes:
� NTP Client Select this check box to enable automatic time-of-day synchronization with NTP.
� Current System Time Shows the current date and current normal time received by the device. If you specify a time zone, the time information is adapted accordingly.
� Last Synchronization Time Shows when the last time-of-day synchronization took place.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
179
Configuring with Web Based Management 6.4 "System" menu
� Last Synchronization Mechanism Shows how the last time synchronization was performed. The following methods are possible:
� Not set The time was not set.
� Manual Manual time setting
� SNTP Automatic time-of-day synchronization with SNTP
� NTP Automatic time-of-day synchronization with NTP
� SIMATIC Automatic time-of-day synchronization using the SIMATIC time frame
� Time Zone In this box, enter the time zone you are using in the format "+/- HH:MM". The time zone relates to UTC standard world time.
The time in the "Current System Time" box is adapted accordingly.
� Daylight Saving Time (DST) Shows whether the daylight saving time changeover is active.
� active (offset +1 h)
The system time was changed to daylight saving time; in other words an hour was added. You can see the current system time at the top right in the selection area of the WBM.
The current time including daylight saving time is displayed in the "System Time" box.
� inactive (offset +0 h) The current system time is not changed.
� NTP Server Address Enter the IP address or the FQDN (Fully Qualified Domain Name) of the NTP server.
� NTP Server Port Enter the port of the NTP server. The following ports are possible:
� 123 (standard port)
� 1025 to 36564
� Poll Interval[s] In this field, enter the interval between two time queries (query interval) in seconds. Possible values are 64 to 1024 seconds.
180
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Procedure
1. Click the "NTP Client" check box to enable the automatic time setting using NTP. 2. Enter the necessary values in the following boxes:
� Time zone � IP address or FQDN of the NTP server � NTP Server Port � Query interval 3. Click the "Set Values" button.
6.4.12.6
SIMATIC Time Client
Time setting via SIMATIC time client
Note To avoid time jumps, make sure that there is only one time server in the network.
Description
The page contains the following boxes:
� SIMATIC Time Client Select this check box to enable the device as a SIMATIC time client.
� Current System Time Shows the current system time.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
181
Configuring with Web Based Management 6.4 "System" menu
� Last Synchronization Time Shows when the last time-of-day synchronization took place.
� Last Synchronization Mechanism Shows how the last time synchronization was performed. The following methods are possible:
� Not set The time was not set.
� Manual Manual time setting
� SNTP Automatic time-of-day synchronization with SNTP
� NTP Automatic time-of-day synchronization with NTP
� SIMATIC Automatic time-of-day synchronization using the SIMATIC time frame
Procedure
1. Click the "SIMATIC Time Client" check box to enable the SIMATIC Time Client. 2. Click the "Set Values" button.
182
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
6.4.13
Auto Logout
Setting the automatic logout
On this page, set the times after which there is an automatic logout from the WBM or the CLI following user inactivity.
If you have been logged out automatically, you will need to log in again.
Note No automatic logout from the CLI
If the connection is not terminated after the set time, check the "Keep alive" setting on the Telnet client.
If the interval for "Keep alive" is shorter than the configured time, the connection is maintained although no user data is transferred. You have set, for example, 300 seconds for the automatic logoff and the "Keep alive" function is set to 120 seconds. In this case, a packet is sent every 120 seconds that keeps the connection uninterrupted. � Turn off the "Keep alive" (interval time=0)
or � Set the interval high enough so that the underlying connection is terminated when there
is inactivity.
Procedure
1. Enter a value of 60-3600 seconds in the "Web Base Management [s]" input box. If you enter the value 0, the automatic logout is disabled.
2. Enter a value of 60-600 seconds in the "CLI (TELNET, SSH) [s]" input box. If you enter the value 0, the automatic logout is disabled.
3. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
183
Configuring with Web Based Management 6.4 "System" menu
6.4.14
Syslog Client
System event agent
Syslog according to RFC 3164 is used for transferring short, unencrypted text messages over UDP in the IP network. This requires a Syslog server.
Requirements for sending log entries:
� The Syslog function is enabled on the device.
� The Syslog function is enabled for the relevant event.
� There is a Syslog server in your network that receives the log entries. (Since this is a UDP connection, there is no acknowledgment to the sender)
� The IP address or the FQDN (Fully Qualified Domain Name) of the Syslog server is entered in the device.
Description
The page contains the following boxes:
� Syslog Client Enable or disable the Syslog function.
� Syslog Server Address Enter the IP address, the FQDN (Fully Qualified Domain Name) or the host name of the Syslog server.
This table contains the following columns
� Select Select the row you want to delete.
� Syslog Server Address Shows the IP address, the FQDN (Fully Qualified Domain Name) or the host name of the Syslog server.
184
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.4 "System" menu
� Server Port Enter the port of the Syslog server being used.
� TLS When this check box is selected, communication with the Syslog server is encrypted.
Enabling function 1. Select the "Syslog Client" check box. 2. Click the "Set Values" button. Creating a new entry 1. In the "Syslog Server Address" input box, enter the IP address, the FQDN or the host name of
the Syslog server on which the log entries will be saved. 2. Click the "Create" button. A new row is inserted in the table. 3. In the "Server Port" input box, enter the number of the UDP port of the server. 4. Click the "Set Values" button.
Note The default setting of the server port is 514.
Changing the entry 1. Delete the entry. 2. Create a new entry. Deleting an entry 1. Select the check box in the row to be deleted. 2. Click the "Delete" button. All selected entries are deleted and the display is refreshed.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
185
Configuring with Web Based Management 6.4 "System" menu
6.4.15
Fault Monitoring
6.4.15.1
Power Supply
Settings for monitoring the power supply Configure whether or not the power supply should be monitored by the messaging system. Depending on the hardware variant, there are one or two power connectors (Supply 1 / Supply 2) and a PoE power supply. With a redundant power supply, configure the monitoring separately for each individual feed-in line. A fault is then signaled by the message system when there is no power on a monitored connection (Power Line 1, Power Line 2 or PoE) or when the applied voltage is too low.
Note You will find the permitted operating voltage limits in the operating instructions of the device.
If a fault occurs, the error LED lights up on the device. The currently pending fault is displayed under "Information > Faults". In addition, the corresponding error message is entered in the result log table. The content of the event log table is displayed in "Information > Log Tables > Event Log".
Procedure
1. Click the check box in front of the line name you want to monitor to enable or disable the monitoring function.
2. From the "PROFINET Redundancy" drop-down list, select the desired entry for redundant power supply to be monitored by PROFINET.
3. Click the "Set Values" button.
186
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
6.4.15.2
Link Change
Configuration of fault monitoring of status changes on connections
On this page, you configure whether or not an error message is triggered if there is a status change on a network connection.
If connection monitoring is enabled, an error is signaled
� when there should be a link on a port and this is missing.
� or when there should not be a link on a port and a link is detected.
If a fault occurs, the error LED lights up on the device. The currently pending fault is displayed under "Information > Faults".
In addition, the corresponding error message is entered in the result log table. The content of the event log table is displayed in "Information > Log Tables > Event Log".
Description
Table 1 has the following columns: � 1st column
Shows that the settings are valid for all ports. � Setting
Select the setting from the drop-down list. You have the following setting options: � "-" (disabled) � Up � Down � No Change: The setting in table 2 remains unchanged. � Copy to Table If you click the button, the setting is adopted for all ports of table 2.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
187
Configuring with Web Based Management 6.4 "System" menu
Table 2 has the following columns: � Port
Shows the available ports. � Setting
Select the setting from the drop-down list. You have the following options: � Up
Error handling is triggered when the port changes to the active status. (From "Link down" to "Link up") � Down Error handling is triggered when the port changes to the inactive status. (From "Link up" to "Link down") � "-" (disabled) The error handling is not triggered.
Procedure
Configure error monitoring for a port 1. From the relevant drop-down list, select the options of the slots / ports whose connection
status you want to monitor. 2. Click the "Set Values" button. Configure error monitoring for all ports 1. Select the required setting from the drop-down list of the "Setting" column. 2. Click the "Copy to Table" button. The setting is adopted for all ports of table 2. 3. Click the "Set Values" button.
188
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
6.4.16
PROFINET
Settings for PROFINET This page shows the PROFINET AR status and the device name.
Description
The page contains the following boxes:
� PROFINET Device Diagnostics
Shows whether PROFINET is enabled ("On") or disabled ("Off").
� PROFINET runtime mode for next boot
Set whether PROFINET will be enabled ("On") or disabled ("Off") after the next device restart.
Note PROFINET AR Status
If a PROFINET connection is established; in other words the PROFINET AR status is "Online", you cannot disable PROFINET.
� PROFINET AR Status
This box shows the status of the PROFINET connection; in other words whether the device is connected to a PROFINET controller "Online" or "Offline". Here, online means that a connection to a PROFINET IO controller exists, that this has downloaded its configuration data to the device and that the device can send status data to the PROFINET IO controller. In this status known as "in data exchange", the parameters set via the PROFINET controller cannot be configured.
� PROFINET Name of Station
This box displays the PROFINET device name according to the configuration in HW Config of STEP 7.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
189
Configuring with Web Based Management 6.4 "System" menu
6.4.17
PLUG
6.4.17.1
Configuration
NOTICE Do not remove or insert the PLUG during operation. A PLUG may only be removed or inserted when the device is turned off. The device checks whether a PLUG is inserted at one second intervals. If it is detected that the PLUG has been removed, the device restarts. If a valid PLUG license was inserted in the device, the device changes to a defined error state following the restart. With SCALANCE W, the available wireless interfaces are deactivated in this case. If the device was configured at some time with a PLUG license, the device can no longer be used without this PLUG. To be able to use the device again, reset the device to the factory settings.
Information about the PLUG configuration This page provides detailed information about the configuration stored on the PLUG. It is also possible to reset the PLUG to "factory defaults" or to load it with new contents.
Note The action is only executed after you click the "Set Values" button. The action cannot be undone. If you decide against executing the function after making your selection, click the "Refresh" button. As a result the data of this page is read from the device again and the selection is canceled.
190
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Description
The table has the following rows:
� State
Shows the status of the PLUG. The following are possible:
� ACCEPTED There is a PLUG with a valid and suitable configuration in the device.
� NOT ACCEPTED Invalid or incompatible configuration on the inserted PLUG.
� NOT PRESENT No PLUG is inserted in the device.
� FACTORY PLUG is inserted and does not contain a configuration. This status is also displayed when the PLUG was formatted during operation.
� Device Group
Shows the SIMATIC NET product line that used the PLUG previously.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
191
Configuring with Web Based Management 6.4 "System" menu
� Device Type
Shows the device type within the product line that used the PLUG previously.
� Configuration Revision
The version of the configuration structure. This information relates to the configuration options supported by the device and has nothing to do with the concrete hardware configuration. This revision information does not therefore change if you add or remove additional components (modules or extenders), it can, however, change if you update the firmware.
� File System
Displays the type of file system on the PLUG.
� File System Size [Kilobytes]
Displays the maximum storage capacity of the file system on the PLUG.
� File System Usage [Kilobytes]
Displays the memory utilization of the file system of the PLUG.
� Info String
Shows additional information about the device that used the PLUG previously, for example, article number, type designation, and the versions of the hardware and software. The displayed software version corresponds to the version in which the configuration was last changed. With the "NOT ACCEPTED" status, further information on the cause of the problem is displayed.
If a PLUG was configured as a PRESET PLUG this is shown here as additional information in the first row. For more detailed information on creating and using a PRESET PLUG refer to the section "Maintenance (Page 287)".
� Firmware on PLUG
When enabled, the firmware will be stored on the PLUG. This means that automatic firmware updates/downgrades can be made with the PLUG. The "Info String" box shows whether or not the firmware is stored on the PLUG. You can find more information on this in the section "Configuration License PLUG (CLP)".
� Modify PLUG Select the required setting from the drop-down list. You have the following options for changing the configuration on the PLUG:
� Write current configuration to PLUG This option is available only if the status of the PLUG is "NOT ACCEPTED" or "FACTORY". The configuration in the internal flash memory of the device is copied to the PLUG.
� Erase PLUG to factory default Deletes all data from the PLUG and performs low-level formatting.
192
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Procedure
Requirement: � User with administrator rights Modifying the PLUG configuration 1. Select the required option from the "Modify PLUG" drop-down list. 2. Click the "Set Values" button.
6.4.17.2
License
NOTICE
Do not remove or insert the PLUG during operation.
A PLUG may only be removed or inserted when the device is turned off.
The device checks whether a PLUG is inserted at one second intervals. If it is detected that the PLUG has been removed, the device restarts.
If a valid PLUG license was inserted in the device, the device changes to a defined error state following the restart. With SCALANCE W, the available wireless interfaces are deactivated in this case.
If the device was configured at some time with a PLUG license, the device can no longer be used without this PLUG. To be able to use the device again, reset the device to the factory settings.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
193
Configuring with Web Based Management 6.4 "System" menu
Information about the license of the PLUG A PLUG configuration can only store the configuration of a device. In addition to the configuration, a PLUG license also contains a license that enables certain functions.
Description of the displayed boxes
� State
Shows the status of the PLUG license. The following are possible:
� ACCEPTED The PLUG in the device contains a suitable and valid license.
� NOT ACCEPTED The license of the inserted PLUG is not valid
� NOT PRESENT No PLUG is inserted in the device.
� MISSING There is no PLUG inserted. Functions are configured on the device for which a license is required.
� WRONG The inserted PLUG is not suitable for the device.
� UNKNOWN Unknown content of the PLUG license.
� DEFECTIVE The content of the PLUG license contains errors.
� Article number
� Shows the article number of the PLUG. The PLUG is available for various functional enhancements and for various target systems.
194
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
� Serial number Shows the serial number of the PLUG.
� Info String Shows additional information about the device that used the PLUG previously, for example, article number, type designation, and the versions of the hardware and software. The displayed software version corresponds to the version in which the configuration was last changed. With the "NOT ACCEPTED" status, further information on the cause of the problem is displayed.
Note When you save the configuration, the information about whether or not a PLUG was inserted in the device at the time is also saved. This configuration is then only executable, if a PLUG with the same article number / license is plugged in. This applies regardless of whether or not iFeatures are configured.
6.4.18
Ping
Reachability of an address in an IP network
With the ping function, you can check whether a certain IP address is reachable in the network.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
195
Configuring with Web Based Management 6.4 "System" menu
Description
The page contains the following boxes: � Destination Address
Enter the IPV4, IPv6 address or the FQDN (Fully Qualified Domain Name) of the device. � Repeat
Enter the number of ping requests. � DNS Resolution
Select the IP address type in which an entered FQDN will be resolved. � Auto
In this mode, the IP address type is selected automatically. � IPv4
The entered FQDN will be resolved in an IPv4 address. � IPv6
The entered FQDN will be resolved in an IPv6 address. � Out Interface for IPv6
This selection is only required when the destination address is a multicast or a link local address. � "-" (factory setting) � Select the relevant IPv6 interface. � Ping Click this button to start the ping function. � Ping Output This box shows the output of the ping function.
6.4.19
DCP Discovery
On this page, you can select an interface and search for devices that are reachable via the interface and support DCP. DCP Discovery only searches for devices located in the same subnet as the interface. The reachable devices are listed in a table. In the table you can check and adapt the network parameters of the devices. To identify and configure the devices the Discovery Configuration Protocol (DCP) is used.
Note DCP Discovery
The function is only available with the VLAN associated with the TIA interface. You can configure the TIA interface with "Layer 3 > Subnets > Configuration".
196
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.4 "System" menu
Requirement:
To adapt network parameters, DCP requires write access to the device. If access is writeprotected, the network parameters cannot be configured.
On SCALANCE devices, you configure access under "System > Configuration".
Description
The page contains the following boxes: � Timeout
Specify the time for flashing. When the time elapses, flashing stops. � Blink Own LEDs
Makes the LEDs port of your own device flash. � Interface
Select the required interface. � Discover
Starts the search for devices reachable via the selected interface. On completion of the search the reachable devices are listed in the table. The table is limited to 100 entries. The table has the following columns: � Port Shows the port via which the device can be reached. � MAC Address Shows the MAC address of the device. � Device Type Shows the product line or product group to which the device belongs.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
197
Configuring with Web Based Management 6.4 "System" menu
� Device Name Adapt the PROFINET device name if necessary. The device name must be DNS-compliant. If the device name is not used, the box is empty.
� IP Address If necessary, adapt the IPv4 address of the device. The IPv4 address should be unique within your network and should match the network. The IPv4 address 0.0.0.0 means that no IPv4 address has yet been set.
� Subnet mask If necessary, adapt the subnet mask of the device.
� Gateway Address Adapt the IPv4 address of the gateway if necessary.
� Status Device Name � None: The device name is not used. � Discovered: The set device name is used. � Configured: The device was assigned a new device name.
� Status IP address � Discovered/IP: The device uses a static IPv4 address. � Discovered/DHCP: The device has obtained the IPv4 address from a DHCP server. � Configured: The device was assigned a new IPv4 address.
� Timeout Specify the time for flashing. When the time elapses, flashing stops.
� Flash Makes the port LEDs of the selected device flash.
Procedure
1. Select the TIA interface. 2. To show all devices that can be reached via the TIA interface, click the "Browse" button. 3. Adapt the desired properties. 4. Click the "Set Values" button.
The status of the modified properties changes to "Configured". 5. To ensure that the properties were applied correctly, click the "Browse" button again.
The status of the modified properties changes to "Discovered".
198
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.5
"Interfaces" menu
Configuring with Web Based Management 6.5 "Interfaces" menu
6.5.1
Ethernet
6.5.1.1
Overview
Overview of the port configuration
The page shows the configuration for the data transfer for all ports of the device. You cannot configure anything on this page.
Description
The table has the following columns:
� Port
Shows the configurable ports. If you click on the link, the corresponding configuration page is opened.
� Port name
Shows the name of the port.
� State
Shows whether the port is on or off. Data traffic is possible only over an enabled port.
� OperState
Displays the current operational status. The operational status depends on the configured "Status" and the "Link". The available options are as follows:
� up You have configured the status "enabled" for the port and the port has a valid connection to the network.
� down You have configured the status "disabled" or "Link down" for the port or the port has no connection.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
199
Configuring with Web Based Management 6.5 "Interfaces" menu
� Link Shows the connection status to the network. With the connection status, the following is possible: � up The port has a valid link to the network, a link integrity signal is being received. � down The link is down, for example because the connected device is turned off.
� Current Transmission Parameters Shows the transfer parameters of the port.
� Negotiation Shows whether the automatic configuration is enabled or disabled.
� MAC Address Shows the MAC address of the port.
6.5.1.2
Configuration
Configuring ports With this page, you configure the Ethernet ports of the device.
200
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.5 "Interfaces" menu
Description
The table has the following rows: � Port
Select the port to be configured from the drop-down list. � State
Specify whether the port is enabled or disabled. � enabled
The port is enabled. Data traffic is possible only over an enabled port. � disabled
The port is disabled. � Port name
Enter a name for the port. � MAC Address
Shows the MAC address of the port. � Mode Type
The operating mode is set to "Auto negotiation". In this case, the parameters are negotiated automatically with the connected terminal device. This must also be in the "Auto negotiation" mode for this purpose.
Note Before the port and partner port can communicate with each other, the settings must match at both ends.
� Mode Shows the transmission speed and the transmission method of the port.
� Negotiation Shows whether the automatic configuration of the connection to the partner port is enabled or disabled.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
201
Configuring with Web Based Management 6.5 "Interfaces" menu
� OperState
Displays the current operational status. The operational status depends on the configured "Status" and the "Link". The available options are as follows:
� up You have configured the status "enabled" for the port and the port has a valid connection to the network.
� down You have configured the status "disabled" or "Link down" for the port or the port has no connection.
� Link
Shows the connection status to the network. The available options are as follows:
� Up The port has a valid link to the network, a link integrity signal is being received.
� Down The link is down, for example because the connected device is turned off.
Procedure
Note Changing the port configuration With various automatic functions, the device prevents or reduces the effect on other ports and priority classes (Class of Service) if a port is overloaded. This can mean that frames are discarded even when flow control is enabled. Port overload occurs when the device receives more frames than it can send, for example as the result of different transmission speeds.
To change the configuration of a port, follow these steps: 1. Click the appropriate box to change the configuration. 2. Click the "Set Values" button.
202
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.5 "Interfaces" menu
6.5.2
WLAN
6.5.2.1
Basic
Basic settings
On this page, you make several basic settings for the device, for example the country setting and mode.
Note
To configure the WLAN interface, you must always specify the country code first. Some parameters are dependent on the country setting, for example the transmission standard.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
203
Configuring with Web Based Management 6.5 "Interfaces" menu
Description
� Country Code Select the country in which the device will be operated from the drop-down list. You do not need to know the data for the specific country, the channel division and output power are set by the device according to the country you select.
Note Locale setting The correct country setting is mandatory for operation complying with the approvals. Selecting a country different from the country of use can lead to legal prosecution.
� Device Mode Select the mode of the device. This selection is available only for access points. The following modes are possible: � AP - Access point mode � Client - Client mode
Note After the mode is changed, a message is displayed. If you confirm the message with "OK", the device restarts in the changed mode with the factory-set configuration settings. If the device has restarted, you will need to log on again to be able to continue the configuration.
The table has the following columns: � Radio
Shows the available WLAN interfaces. � Frequency Band
Shows the frequency band. � 2.4 GHz � 5 GHz In client mode, select the desired frequency band.
204
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.5 "Interfaces" menu
� Enabled Status of the WLAN interface. To enable the WLAN interface, select the check box.
Note Enabling the WLAN interface The WLAN interfaces are disabled when the device is supplied. The WLAN interfaces are can be enabled once the country and the antenna settings are configured. Access Point mode: Parallel mode 2.4 / 5 GHz Both WLAN interfaces cannot be activated at the same time.
� Radio Mode Shows the mode of the WLAN interface.
� WLAN mode 2.4 GHz/WLAN mode 5 GHz Select the required transmission standard for the configured frequency band. The selection depends on the country setting. � Auto (in client mode only) The transmission standard is determined automatically (2.4 GHz, 5 GHz and 2.4 GHz + 5 GHz). � 802.11g The transmission standard IEEE 802.11g (2.4 GHz) is set. This transmission standard is downwards compatible with IEEE 802.11b. � 802.11n The transmission standard IEEE 802.11n (2.4 GHz and 5 GHz) is set. This transmission standard is downwards compatible with IEEE 802.11a and IEEE 802.11g. � 802.11a The transmission standard IEEE 802.11a (5 GHz) is set. � 802.11ac The transmission standard IEEE 802.11ac (5 GHz) is set. � 802.11ax The IEEE 802.11ax (5 GHz) transmission standard is set.
Note Data rate The data rate is adjusted automatically.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
205
Configuring with Web Based Management 6.5 "Interfaces" menu
� DFS (802.11h) Enables or disables the "Dynamic Frequency Selection (DFS)" function.
� Enabled
With the DFS function, it is possible to also use the higher 5 Ghz channels.
These channels are country-specific and are subject to certain DFS regulations. You can find additional information on this in the country-specific DFS documentation.
Before the access point transmits over one of these channels, it checks for competing radar signals for 60 seconds according to the CAC (Channel Availability Check). The access point also does not send any beacons for the duration of the search. With weather radar channels (5.6 - 5.65 GHz), the duration of the search is 10 minutes.
If no radar signals are detected after the search period has elapsed, the access point transmits on the channel. Otherwise, the access point changes channel and repeats the check.
The access point also searches for radar signals continuously during operation.
If the access point discovers a radar signal on the current channel, it notifies the clients of the channel change. It then automatically switches to an alternative DFS channel and the current channel is blocked for 30 minutes.
� Disabled
The DFS function is not used.
� Outdoor Mode
� Enabled
If you have enabled Outdoor Mode, only the channels that are permitted for outdoor operation are available to you.
� Disabled
If you have disabled Outdoor Mode, only the channels that are permitted for operation in a building are available to you.
Procedure
1. To configure the WLAN interface, you must always specify the country first. Select the country in which the device will be operated from the "Country Code" drop-down list.
2. Select the required frequency band from the "Frequency Band" drop-down list.
3. From the "WLAN Mode" drop down list, select the required transmission standard for the configured frequency band.
4. Click the "Set Values" button.
See also
Wireless approvals (https://www.siemens.com/wireless-approvals)
206
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.5.2.2
Antennas&Power
Overview
Overview of IWLAN antennas:
Configuring with Web Based Management 6.5 "Interfaces" menu
Figure 6-1 Overview of the antennas
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
207
Configuring with Web Based Management 6.5 "Interfaces" menu
Antennas&Power
Configuration of external antennas On this page, you configure the settings for the connected external antennas.
Note 50 terminating resistor Each WLAN interface has two antenna connections. Connectors that are not used must have a 50 terminating resistor fitted. An antenna must always be connected to the R1 A1 antenna connection as soon as the WLAN interface is switched on. If no antenna is connected, the relevant interface must also be disabled for Rx and Tx. Otherwise, there may be transmission disruptions.
Description
Table 1 has the following columns: � Radio
Shows the available WLAN interfaces. � Frequency Band
Shows the frequency band. � 2.4 GHz � 5 GHz
208
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.5 "Interfaces" menu
� Max. Tx Power The value you set here corresponds to the transmit power per antenna connection.
Note The maximum possible transmit power varies depending on the channel and data rate. For more information about the transmit power, refer to the documentation "Characteristics 801.11ax SCALANCE W700".
� Max. conducted power The value is the summed transmit power of all active antenna connections. The calculation is made according to the following scheme: � 1 antenna connection Max. Tx power = Max. conducted power � 2 antenna connections Max. Tx power + 3 dBm = Max. conducted power
� max. EIRP (Effective Isotropic Radiated Power) Shows the current radiant power of the antenna, in relation to a non-directional antenna (isotrop). EIRP value = Max. conducted power + Antenna gain � Attenuation (Antenna connections, Cable length and Additional attenuation)
Table 2 has the following columns: � Connector
Shows the name of the relevant antenna connector. � Frequency Band
Shows the frequency band. � 2.4 GHz � 5 GHz � Antenna Type Select the type of external antenna connected to the device. If the type of your external antenna is not available, select the entry "User defined". If you terminate an antenna connector using a 50 terminating resistor, select the entry "Not used (Connect 50 Ohm Termination)". � Antenna Gain If you select the "User defined" entry for the "Antenna Type", enter the antenna gain manually in the "dBi" unit. � Antenna Gain 2.4 GHz [dBi]
Here, enter the antenna gain the antenna has in the 2.4 GHz frequency band. � Antenna Gain 5 GHz [dBi]
Here, enter the antenna gain the antenna has in the 5 GHz frequency band.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
209
Configuring with Web Based Management 6.5 "Interfaces" menu
� Cable Length [m]
Enter the length of the flexible antenna connecting cable in meters between the device and the external antenna.
� Additional Attenuation [dB]
Here, specify the additional attenuation caused, for example, by an additional splitter.
� Antenna Mode
Specify the use of the antenna. For antenna connection R1 A1, the entry cannot be changed.
� Tx For sending only
� Rx For receiving only
� Rx/Tx For receiving and sending
The following table shows which combinations are possible:
R1 A1 Rx/Tx Rx/Tx Rx/Tx Rx/Tx
R1 A2 Rx/Tx Rx Tx --1)
1) Antenna type "Not used (Connect 50 Ohm Termination)"
Procedure
To configure two antennas, follow the steps below:
1. For the first antenna connector (R1 A1) in the "Antenna Type" drop-down list, select the type of antenna.
2. In the "Cable Length" input box, enter the length of the connecting cable you are using in meters. The "Antenna mode" entry cannot be changed at antenna connection R1A1.
3. For the second antenna connector (R1 A2) in the "Antenna Type" drop-down list, select the entry "Not used (Connect 50 Ohm Termination)".
4. Click the "Set Values" button.
210
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.5 "Interfaces" menu
6.5.2.3
Advanced
Further possible settings
On this page, you can specify details of the transmission characteristics. You only need to adapt the parameters on this page if the SCALANCE W700 device cannot be used as it is intended with the default settings.
Description
The table has the following columns: � Radio
Shows the available WLAN interfaces in this column. � Frequency Band
Shows the frequency band. � 2.4 GHz � 5 GHz � Beacon Interval [ms] (only in access point mode) Shows the interval at which the access point sends beacons. Beacons are packets that are sent cyclically by an access point to inform clients of its existence.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
211
Configuring with Web Based Management 6.5 "Interfaces" menu
� HW Retries (only in access point mode) Specify the number of hardware retries. Hardware retries >30 are not recommended. The hardware retry is performed by the WLAN chip itself when it tries to repeat an unacknowledged packet immediately. If all hardware retries were unsuccessful, the packet is deleted and the WLAN client is removed from the list.
� A-MPDU Aggregated MAC Protocol Data Unit (A-MPDU) � Enabled Multiple MPDU frames with the same destination address are bundled and sent as one large A-MPDU. This allows the total throughput to be increased. � Disabled A-MPDU frames are received but not sent.
Procedure
1. Enter the values to be set in the input boxes as follows. 2. Select the option checkmark of the required functions. 3. Click the "Set Values" button.
212
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.5 "Interfaces" menu
6.5.2.4
Allowed Channels
Channel settings
For communication, a specific channel within a frequency band is used. You can either set this channel specifically or configure so that the channel is selected automatically.
On this page, you specify which channels may be used for communication.
Description
Table 1 contains the following columns:
� Radio
Shows the available WLAN interfaces.
� Frequency Band
Shows the frequency band.
� 2.4 GHz
� 5 GHz
� Use Allowed Channels only
If you enable the option, you restrict the selection of channels via which the connection is established. In the following tables, you define which channels can be used to establish a wireless cell.
The tables are divided up according to frequency bands. If the option is disabled, the channels available based on the settings (country code, antennas, transmit power etc.) are used.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
213
Configuring with Web Based Management 6.5 "Interfaces" menu
Above the tables for the frequency bands, you will find the following check box: � Select / Deselect all
� Enabled If you enable the check box, all channels are selected.
� Disabled If you deselect the check box, the first valid channel of the frequency band remains enabled. Enable the required channel.
The tables of the frequency bands have the following columns: � Radio
Shows the available WLAN interfaces. � Frequency Band
Shows the frequency band. � 2.4 GHz � 5 GHz � Radio Mode Shows the mode. � Channel number To specify the valid channels for the required frequency band, select the appropriate check box for the channel number. The table displays the permitted channels of the country. Only the valid channels can be enabled. Invalid channels are grayed out and cannot be enabled.
Note To specify the channels, the setting "Use Allowed Channels only" must be enabled.
Procedure
1. Select the "Use Allowed Channels only" option for the required WLAN interface. 2. Deselect the check box "Select / Deselect all". 3. Select the relevant check box for the required channel number. 4. Click the "Set Values" button.
214
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.5.2.5
Configuring with Web Based Management 6.5 "Interfaces" menu
AP
Note This WBM page is only available in access point mode.
Configuration On this WBM page, you specify the configuration for the access point.
Description
Table 1 has the following columns:
� Radio
Shows the available WLAN interfaces.
� Frequency Band
Shows the frequency band.
� 2.4 GHz
� 5 GHz
� Channel
Specify the main channel. If you want the access point to search for a free channel itself, use "Auto". The selection of channels used by an access point when establishing a wireless cell can be restricted. To do this, select the "Use Allowed Channels only" check box on the "Allowed Channels" page. .If you want to use a fixed channel, select the required channel from the drop-down list.
� Alternative DFS Channel If you have enabled the "DFS" function, on the "Basic" page, specify the alternative channel here. If you want the access point to search for a free channel itself, use "Auto".
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
215
Configuring with Web Based Management 6.5 "Interfaces" menu
If a competing radar signal was detected both on the main and alternative channel, the access point automatically searches for a free channel. If you want to use a fixed channel, select the required channel from the drop-down list. � Selected Channels � Channel number (frequency) or Auto
When a fixed channel is set for "Channel", this channel is shown including frequency. � At 80 MHz only and with fixed channel: Channel range
Four channels are required for the 80 MHz channel bandwidth in the corresponding channel range. The channel range consists of the channel configured for "Channel" and the three next channels. � Selected Alternative DFS Channels � Channel number (frequency) or Auto When a fixed channel is set for "Alternative DFS Channel", this channel is shown including frequency. � At 80 MHz only and with fixed channel: Channel range Four channels are required for the 80 MHz channel bandwidth in the corresponding channel range. The channel range consists of the channel configured for "Channel" and the three next channels. � Channel Width [MHz] You can only specify the channel bandwidth for the IEEE 802.11n, IEEE 802.11ac and IEEE 802.11 ax transmission standards. The following settings are possible. � 20 MHz � 40 MHz Only with IEEE 802.11ac/ax: � 80 MHz Table 2 has the following columns: � Radio Shows the available WLAN interfaces. � Frequency Band Shows the frequency band. � 2.4 GHz � 5 GHz � Available Channels This box displays the permitted channels. The display depends on the wireless approvals of the currently selected country and the settings on the "Allowed Channels" page.
216
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.5 "Interfaces" menu
Table 3 has the following columns:
� Radio
Shows the WLAN interface.
� Frequency Band
Shows the frequency band.
� 2.4 GHz
� 5 GHz
� Port
Shows the VAP interface.
� Enabled To use the required VAP interface, select this check box.
� SSID Enter the SSID of the WLAN. The length of the character string for SSID it is 1 to 32 characters. The ASCII code 0x20 to 0x7e is used for the SSID.
� Broadcast SSID
� deactived The SSID is no longer sent in the beacon frame of the access point. This means that the SSID is not visible for other devices. Only clients that know the SSID of the access point and that are configured with it can connect to the access point.
� activated The SSID is sent in the Beacon frame of the access point and is visible for other devices.
Note
Since no encryption is used for the SSID transfer, this function can only provide basic protection against unauthorized access. The use of an authentication method (for example WPA2 (RADIUS) or WPA2-PSK if this is not possible) provides higher security. You must also expect that certain terminal devices may have problems with access to a hidden SSID.
Procedure
1. Select the required channel from the "Channel" drop-down list. 2. Enter network name in the "SSID" input box for the corresponding WLAN interface and port. 3. For the relevant WLAN interface and the port, select the "Enabled" check box. 4. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
217
Configuring with Web Based Management 6.5 "Interfaces" menu
6.5.2.6
Client
Connecting to a network On this WBM page, you can specify how the device connects to a network as client.
Note This WBM page is only available for clients or access points in client mode.
Note WLAN interface disabled The WLAN interface is disabled when the SSID is configured.
218
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.5 "Interfaces" menu
Description
Table 1 has the following columns:
� Radio Shows the available WLAN interfaces.
� MAC Mode Specify how the MAC address is assigned to the client. The following are possible: � Own
The client uses the MAC address of the Ethernet interface for the WLAN interface. � Layer 2 Tunnel
The client uses the MAC address of the Ethernet interface for the WLAN interface. The network is also informed of the MAC addresses connected to the Ethernet interface of the client. Up to eight MAC addresses can be used.
Table 2 has the following columns: � Radio
Shows the available WLAN interfaces. � Roaming Threshold
The client switches at a moderately higher field strength to the AP with the stronger signal. � Background Scan Mode While the client is connected to an access point, it scans for other access points in the background with which it can connect when necessary. Specify the mode for the scan. The following options are available:
� Always The client scans continuously for access points.
� Disabled As long as the client is connected, there is no scan for further access points. The client updates its scan list based on the beacons (management frames) that it has received on the current channel.
� Background Scan Interval [ms] Specify the interval at which further access points are scanned.
Table 3 has the following columns: � Radio
Shows the WLAN interface.
� Scan Channels Shows the channels on which the client searches for an access point. The display depends on the wireless approvals of the selected country and the settings for "Allowed Channels".
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
219
Configuring with Web Based Management 6.5 "Interfaces" menu
Table 3 has the following columns:
� Radio
Shows the WLAN interface.
� Enabled
Enables or disables the relevant SSID.
� SSID
Enter the SSID of the access point with which the client will connect. For the SSID, ASCII code 0x20 to 0x7e is used.
� Security Select a security context. You create and configure a security context in "Security > WLAN > Basic".
Default setting: Context 1
Procedure
1. From the "MAC Mode" drop-down list, select the required assignment of the MAC address. 2. In table 3, enter an SSID for "SSID". 3. Select a security context. 4. Enable the required SSID. 5. Click the "Set Values" button.
220
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.6
"Layer 2" menu
6.6.1 6.6.1.1
VLAN General
Configuring with Web Based Management 6.6 "Layer 2" menu
On this page you specify whether or not the device forwards frames with VLAN tags transparently (IEEE 802.1D/VLAN-unaware mode) or takes VLAN information into account (IEEE 802.1Q/VLAN-aware mode). If the device is in the "802.1Q VLAN Bridge" mode, you can define VLANs and specify the use of the ports .
Note Changing the agent VLAN ID
If the configuration PC is connected directly to the device via Ethernet and you change the management VLAN ID, the device is no longer reachable via Ethernet following the change.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
221
Configuring with Web Based Management 6.6 "Layer 2" menu
Description
The page contains the following boxes:
� Base Bridge mode
Select the required mode from the drop-down list. The following modes are possible:
Note Changing Base Bridge mode
Note the section "Changing Base Bridge mode". This section describes how a change affects the existing configuration.
� 802.1Q VLAN Bridge
Sets the mode "VLAN-aware" for the device. In this mode, VLAN information is taken into account.
� 802.1D Transparent Bridge
Sets the mode "VLAN-unaware" for the device. In this mode, VLAN tags are not changed but are forwarded transparently. The VLAN priority is evaluated for CoS. In this mode, you cannot create any VLANs. Only a management VLAN is available: VLAN 1.
� VLAN ID
Enter the VLAN ID in the "VLAN ID" input box. Range of values: 1 ... 4094
The table has the following columns:
� Select
Select the check box in the row to be deleted.
� VLAN ID
Shows the VLAN ID. The VLAN ID (a number between 1 and 4094) can only be assigned once when creating a new data record and can then no longer be changed. To make a change, the entire data record must be deleted and created again. Up to 24 VLANs can be defined.
� Name
Enter a name for the VLAN. The name only provides information and has no effect on the configuration. The length is a maximum of 32 characters.
222
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.6 "Layer 2" menu
� State
Shows the status type of the entry in the internal port filter table. Here, static means that the address was entered as a static address by the user.
� List of ports Specify the use of the port. The following options are available:
� "-" The port is not a member of the specified VLAN. With a new definition, all ports have the identifier "-".
� M The port is a member of the VLAN. Frames sent in this VLAN are forwarded with the corresponding VLAN tag.
� U (uppercase) The port is an untagged member of the VLAN. Frames sent in this VLAN are forwarded without the VLAN tag. Frames without a VLAN tag are sent from this port.
� u (lowercase) The port is an untagged member of the VLAN, but the VLAN is not configured as a port VLAN. Frames sent in this VLAN are forwarded without the VLAN tag.
� F The port is not a member of the specified VLAN. You can configure other settings in "Layer 2 > VLAN > Port-based VLAN".
� T This option is only displayed and cannot be selected in the WBM. This port is a trunk port, making it a member in all VLANs. You configure this function in the CLI (Command Line Interface) using the "switchport mode trunk" command.
Changing Base Bridge mode
VLAN-unaware (802.1D transparent bridge) VLAN-aware (802.1Q VLAN bridge)
If you change the Base Bridge mode from VLAN-unaware to VLAN aware, this has the following effects
� All static and dynamic unicast entries are deleted.
VLAN-aware (802.1Q VLAN bridge) VLAN-unaware (802.1D transparent bridge)
If you change the Base Bridge mode from VLAN-aware to VLAN-unaware, this has the following effects:
� All VLAN configurations are deleted.
� A management VLAN is created: VLAN 1.
� All static and dynamic unicast entries are deleted.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
223
Configuring with Web Based Management 6.6 "Layer 2" menu
802.1Q VLAN Bridge: Important rules for VLANs
Make sure you keep to the following rules when configuring and operating your VLANs:
� Frames with the VLAN ID "0" are handled as untagged frames but retain their priority value.
� As default, all ports on the device send frames without a VLAN tag to ensure that the end node can receive these frames.
� With SCALANCE W devices, the VLAN ID "1" is the default on all ports.
� If an end node is connected to a port, outgoing frames should be sent without a tag (static access port). If, however, there is a further switch at this port, the frame should have a tag added (trunk port).
� With a trunk port, the VLAN assignment is dynamic. Static configurations can only be created if, in addition to the trunk port property, the port is also entered statically as a member in the VLANs involved. An example of a static configuration is the assignment of multicast groups in certain VLANs.
Procedure
Requirement: In Base Bridge mode "802.1Q VLAN Bridge" is set. Creating a new VLAN 1. Enter an ID in the "VLAN ID" input box. 2. Click the "Create" button. A new entry is generated in the table. As default, the boxes have "-
" entered. 3. Enter a name for the VLAN under Name. 4. Specify the use of the port in the VLAN. If, for example you select M, the port is a member of
the VLAN. The frame sent in this VLAN is forwarded with the corresponding VLAN tag. 5. Specify the mode of the device. 6. Click the "Set Values" button.
224
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.6.1.2
Port Based VLAN
Configuring with Web Based Management 6.6 "Layer 2" menu
Processing received frames On this page, you specify the configuration of the port properties for receiving frames. Requirement: � On the "General" page, "802.1Q VLAN Bridge" is set for "Base Bridge Mode".
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
225
Configuring with Web Based Management 6.6 "Layer 2" menu
Description
Table 1 has the following columns:
Note Table 1 is only available if at least one VLAN is configured.
� Port Shows that the settings are valid for all ports of table 2.
� Priority / Port VID / Acceptable Frames / Ingress Filtering In the drop-down list, select the setting for all ports. If "No Change" is selected, the entries of the corresponding column in Table 2 remain unchanged.
� Copy to Table If you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns: � Port
Shows the available ports and interfaces. � Priority
From the drop-down list, select the priority given to untagged frames. The CoS priority (Class of Service) used in the VLAN tag. If a frame is received without a tag, it will be assigned this priority. This priority specifies how the frame is further processed compared with other frames. There are a total of eight priorities with values 0 to 7, where 7 represents the highest priority (IEEE 802.1p Port Priority). � Port VID Select the VLAN ID from the drop-down list. Only VLAN IDs defined on the "VLAN > General" page can be selected. If a received frame does not have a VLAN tag, it has a tag with the VLAN ID specified here added to it and is sent according to the rules at the port.
226
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.6 "Layer 2" menu
� Acceptable Frames Specify which types of frames will be accepted. The following alternatives are possible: � Tagged Frames Only The device discards all untagged frames. Otherwise, the forwarding rules apply according to the configuration. � All The device forwards all frames. � No Change If "No Change" is selected, the entries of the corresponding column in table 2 remain unchanged.
� Ingress Filtering Specify whether the VID of received frames is evaluated. You have the following options: � Enabled The VLAN ID of received frames decides whether they are forwarded: To forward a VLAN tagged frame, the receiving port must be a member in the same VLAN. Frames from unknown VLANs are discarded at the receiving port. � Disabled All frames are forwarded. � No Change If "No Change" is selected, the entries of the corresponding column in table 2 remain unchanged.
1. In the row of the port to be configured, click on the relevant cell in the table to configure it. 2. Enter the values to be set in the input boxes as follows. 3. Select the values to be set from the drop-down lists. 4. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
227
Configuring with Web Based Management 6.6 "Layer 2" menu
6.6.2
Dynamic MAC Aging
Protocol settings and switch functionality
The device automatically learns the source addresses of the connected nodes. This information is used to forward data frames to the nodes specifically involved. This reduces the network load for the other nodes. If a device does not receive a frame whose source address matches a learnt address within a certain time, it deletes the learnt address. This mechanism is known as "Aging". Aging prevents frames being forwarded incorrectly, for example when an end device is connected to a different port. If the check box is not enabled, a device does not delete learned addresses automatically.
Description of the displayed boxes The page contains the following boxes: � Dynamic MAC Aging Enable or disable the function for automatic aging of learned MAC addresses. � Aging Time[s] Enter the time in seconds in steps of 15. After this time, a learned address is deleted if the device does not receive any further frames from this sender address. Range of values: 15 - 630 (seconds)
Note Rounding of the values, deviation from desired value When you input the Aging Time, note that it is rounded to correct values. If you enter a value that cannot be divided by 15, the value is automatically rounded down.
Steps in configuration 1. Select the "Dynamic MAC Aging" check box. 2. Enter the time in seconds in the "Aging Time[s]" input box. 3. Click the "Set Values" button.
228
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.6 "Layer 2" menu
6.6.3
Spanning Tree
6.6.3.1
General
General settings of spanning tree
This is the basic page for spanning tree. Select the compatibility mode from the drop-down list. As default, Multiple Spanning Tree is enabled.
On the configuration pages of these functions, you can make detailed settings.
Depending on the compatibility mode, you can configure the corresponding function on the relevant configuration page.
Description
The page contains the following boxes: � Spanning Tree
Enable or disable Spanning Tree. � Protocol Compatibility
Select the compatibility mode of Spanning Tree. For example if you select RSTP, Spanning Tree behaves like RSTP. The following settings are available: � STP � RSTP � MSTP
Procedure
1. Select the "Spanning Tree" check box. 2. Select the compatibility mode from the "Protocol Compatibility" drop-down list. 3. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
229
Configuring with Web Based Management 6.6 "Layer 2" menu
6.6.3.2
CIST General
MSTP-CIST configuration
The page consists of the following parts.
� The left-hand side of the page shows the configuration of the device.
� The central part shows the configuration of the root bridge that can be derived from the spanning tree frames received by an device.
� The right-hand side shows the configuration of the regional root bridge that can be derived from the MSTP frames received by an device. The displayed data is only visible if you have enabled "Spanning Tree" on the "General" page and when "Protocol Compatibility" is set to "MSTP". This also applies to the "Bridge Max Hop Count" parameter. If the device is a root bridge, the information on the left and right matches.
Description
The page contains the following boxes:
� Bridge Priority / Root Priority
Which device becomes the root bridge is decided based on the bridge priority . The bridge with the highest priority becomes the root bridge. The lower the value, the higher the priority. If several devices in a network have the same priority, the device whose MAC address has the lowest numeric value will become the root bridge. Both parameters, bridge priority and MAC address, together form the bridge identifier. Since the root bridge manages all path changes, it should be located as centrally as possible due to the delay of the frames. The value for the bridge priority is a whole multiple of 4096 with a range of values from 0 to 61440.
� Bridge Address / Root Address
The bridge address shows the MAC address of the device and the root address shows the MAC address of the root bridge.
230
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.6 "Layer 2" menu
� Root port Shows the port over which the device communicates with the root bridge.
� Root Cost The path costs from this device to the root bridge.
� Topology Changes / Last Topology Change The entry for the device shows the number of reconfiguration actions due to the spanning tree mechanism since the last startup. For the root bridge, the time since the last reconfiguration is displayed as follows: � Seconds: "sec" unit after the number � Minutes: "min" unit after the number � Hour: "hr" unit after the number
� Topology Changes / Last Topology Change Each bridge regularly sends configuration frames (BPDUs). The interval between two such frames is the Hello time. The default for this parameter is 2 seconds.
� Bridge Forward Delay[s] / Root Forward Delay[s] New configuration data is not used immediately by a bridge but only after the period specified in the forward delay parameter. This ensures that operation is started with the new topology only after all the bridges have the required information. The default for this parameter is 15 seconds.
� Bridge Max Age / Root Max Age Bridge Max Age defines the maximum "age" of a received BPDU for it to be accepted as valid by the switch. The default for this parameter is 20 seconds.
� Bridge Max Hop Count This parameter specifies how many MSTP nodes a BPDU may pass through. If an MSTP BPDU is received and has a hop count that exceeds the value configured here, it is discarded. The default for this parameter is 20.
� Regional root priority For a description of the displayed values, see Bridge priority / Root priority
� Regional root address Shows the MAC address of the regional root bridge.
� Regional Root Cost Shows the path costs from this device to the regional root bridge.
� Region Name Enter the name of the MSTP region to which this device belongs. As default, the MAC address of the device is entered here. This value must be the same on all devices that belong to the same MSTP region.
� Region Version Enter the version number of the MSTP region in which the device is located. This value must be the same on all devices that belong to the same MSTP region.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
231
Configuring with Web Based Management 6.6 "Layer 2" menu
� Reset Counters
Click this button to reset the counters on this page.
� Layer-2 Tunnel Admin Edge Port
Select this check box if there can be an end device on a layer 2 tunnel port. Otherwise, a reconfiguration of the network will be triggered whenever a link to this port is modified.
� Layer-2 Tunnel Auto Edge Port
Select this check box if you want to detect automatically whether an end device is connected at all layer 2 tunnel ports.
Procedure
1. Enter the data required for the configuration in the input boxes. 2. Click the "Set Values" button.
6.6.3.3
CIST Port
MSTP-CIST port configuration
When the page is called, the table displays the current status of the configuration of the port parameters.
To configure them, click the relevant cells in the port table.
232
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.6 "Layer 2" menu
Description
Table 1 has the following columns: � Column 1
Shows that the settings are valid for all ports of table 2. � Spanning Tree Status
In the drop-down list, select the setting for all ports. If "No Change" is selected, the entries of the corresponding column in table 2 remain unchanged. � Copy to Table If you click the button, the settings are adopted for all ports of table 2. Table 2 has the following columns: � Port Shows the available ports and interfaces. � Spanning Tree Status Specify whether the port is integrated in the spanning tree or not.
Note If you disable the "Spanning Tree Status" option for a port, this may cause the formation of loops. The topology must be kept in mind.
� Priority Enter the priority of the port. The priority is only evaluated when the path costs are the same. The value must be divisible by 16. If the value that cannot be divided by 16, the value is automatically adapted. Range of values: 0 - 240. The default is 128.
� Cost Calc Enter the path cost calculation. If you enter the value "0" here, the automatically calculated value is displayed in the "Path Cost" box.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
233
Configuring with Web Based Management 6.6 "Layer 2" menu
� Path Cost
The path costs from this port to the root bridge. The path with the lowest value is selected as the path. If several ports of a device have the same value, the port with the lowest port number will be selected. If the "Cost Calc." box has the value "0", the automatically calculated value is shown. Otherwise, the value of the "Cost Calc." box is displayed. The calculation of the path costs is largely based on the transmission speed. The higher the achievable transmission speed is, the lower the value of the path costs.
Typical values for path costs with rapid spanning tree:
� 1000 Mbps = 20,000
� 100 Mbps = 200,000
� 10 Mbps = 2,000,000
The values can, however, also be set individually.
� State
Displays the current state of the port. The values are only displayed and cannot be configured. The "State" parameter depends on the configured protocol. The following is possible for status:
� Disabled The port only receives and is not involved in STP, MSTP and RSTP.
� Discarding In the "Discarding" mode, BPDU frames are received. Other incoming or outgoing frames are discarded.
� Listening In this status, BPDUs are both received and sent. The port is involved in the spanning tree algorithm.
� Learning Stage prior to the forwarding status, the port is actively learning the topology (in other words, the node addresses).
� Forwarding Following the reconfiguration time, the port is active in the network; it receives and forwards data frames.
� Fwd. Trans
Specifies the number of changes from the "Discarding" status to the "Forwarding" status.
� Edge Type
Specify the type of edge port. You have the following options:
� "-" Edge port is disabled. The port is treated as a "no EdgePort".
� Admin Select this option when there is always an end device on this port. Otherwise a reconfiguration of the network will be triggered each time a connection is changed.
� Auto Select this option if you want a connected end device to be detected automatically at
234
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.6 "Layer 2" menu
this port. When the connection is established the first time, the port is treated as a "no Edge Port".
� Admin/Auto Select these options if you operate a combination of both on this port. When the connection is established the first time, the port is treated as an Edge Port.
� Edge
Shows the status of the port.
� Enabled An end device is connected to this port.
� Disabled There is a spanning tree or rapid spanning tree device at this port.
With an end device, a switch can switch the port faster without taking into account spanning tree frames. If a spanning tree frame is received despite this setting, the port automatically changes to the "Disabled" setting for switches.
� P.t.P. type
Select the required option from the drop-down list. The selection depends on the port that is set.
� P.t.P. Even with half duplex, a point-to-point link is assumed.
� Shared Media Even with a full duplex connection, a point-to-point link is not assumed.
Note
Point-to-point link means a direct connection between two devices. A shared media connection is, for example, a connection to a hub.
� "-" Point-to-point is detected automatically. If the port is set to half duplex, a point-topoint link is not assumed.
� P.t.P.
� Enabled Shows that a point-to-point link exists.
� Disabled Shows that no point-to-point link exists.
� Hello Time
Enter the interval after which the bridge sends configuration BPDUs. As default, 2 seconds is set. Range of values: 1-2 seconds
Note
The port-specific setting of the Hello time is only possible in MSTP compatible mode.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
235
Configuring with Web Based Management 6.6 "Layer 2" menu
Procedure
1. In the input cells of the table row, enter the values of the port you are configuring.
2. From the drop-down lists of the cells of the table row, select the values of the port you are configuring.
3. Click the "Set Values" button.
6.6.3.4
MST General
Multiple Spanning Tree configuration
With MSTP, in addition to RSTP, several VLANs can be managed in a LAN with separate RSTP trees.
Description
The page contains the following box: � MSTP Instance ID
Enter the number of the MSTP instance. Permitted values: 1 - 64 You can define up to 16 MSTP instances. The table has the following columns: � Select Select the row you want to delete. � MSTP Instance ID Shows the number of the MSTP instance. � Root Address Shows the MAC address of the root bridge � Root Priority Shows the priority of the root bridge.
236
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.6 "Layer 2" menu
� Bridge Priority Enter the bridge priority in this box. The value for the bridge priority is a whole multiple of 4096 with a range of values from 0 to 61440.
� VLAN ID Enter the VLAN ID. Here, you can also specify ranges with Start ID, "-", End ID. Several ranges or IDs are separated by ",". Permitted values: 1- 4094
Creating a new entry 1. Enter the number of the MSTP instance in the "MSTP Instance ID" box. 2. Click the "Create" button. 3. Enter the identifier of the virtual LAN in the "VLAN ID" input box. 4. Enter the priority of the bridge in the "Bridge Priority" box. 5. Click the "Set Values" button. Deleting entries 1. Use the check box at the beginning of the relevant row to select the entries to be deleted. 2. Click the "Delete" button to delete the selected entries from memory. The entries are deleted
from the memory of the device and the display on this page is updated.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
237
Configuring with Web Based Management 6.6 "Layer 2" menu
6.6.3.5
MST Port
Configuration of the Multiple Spanning Tree port parameters
On this page, you set the parameters for the ports of the configured multiple spanning tree instances.
Description
The page contains the following box: � MSTP Instance ID
In the drop-down list, select the ID of the MSTP instance. Table 1 has the following columns: � Column 1
Shows that the settings are valid for all ports of table 2. � MSTP Status
In the drop-down list, select the setting for all ports. If "No Change" is selected, the entries of the corresponding column in table 2 remain unchanged. � Copy to Table If you click the button, the setting is adopted for all ports of table 2. Table 2 has the following columns: � Port Shows all available ports and interfaces. � MSTP instance ID Shows the ID of the MSTP instance.
238
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.6 "Layer 2" menu
� MSTP Status
Click the check box to enable or disable this option.
� Priority
Enter the priority of the port. The priority is only evaluated when the path costs are the same. The value must be divisible by 16. If the value that cannot be divided by 16, the value is automatically adapted. Range of values: 0 - 240. The default is 128.
� Cost Calc
Enter the path cost calculation in the input box. If you enter the value "0" here, the automatically calculated value is displayed in the next box "Path Costs".
� Path Cost
The path costs from this port to the root bridge. The path with the lowest value is selected as the path. If several ports of a device have the same value, the port with the lowest port number will be selected. If the "Cost Calc." box has the value "0", the automatically calculated value is shown. Otherwise, the value of the "Cost Calc." box is displayed. The calculation of the path costs is largely based on the transmission speed. The higher the achievable transmission rate, the lower the value for the path costs will be. Typical values for rapid spanning tree are as follows:
� 1000 Mbps = 20,000
� 100 Mbps = 200,000
� 10 Mbps = 2,000,000
The values can, however, also be set individually.
� Status Displays the current status of the port. The values are only displayed and cannot be configured. The following is possible for status:
� Discarding The port exchanges MSTP information but is not involved in the data traffic.
� Blocked In the blocking mode, BPDU frames are received.
� Forwarding The port receives and sends data frames.
� Fwd. Trans. Specifies the number of status changes Discarding - Forwarding or Forwarding Discarding.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
239
Configuring with Web Based Management 6.6 "Layer 2" menu
Procedure
1. In the input cells of the table row, enter the values of the port you are configuring.
2. From the drop-down lists of the cells of the table row, select the values of the port you are configuring.
3. Click the "Set Values" button.
6.6.4
DCP Forwarding
Applications
The DCP protocol is used by STEP 7 and SINEC PNI for configuration and diagnostics. In the delivery state, DCP is enabled on all Ethernet ports; in other words, received DCP frames are forwarded on all ports. With this option, you can disable the sending of frames for individual ports, for example to prevent individual parts of the network from being configured with SINEC PNI or to divide the full network into smaller parts for configuration and diagnostics.
All the ports of the device are displayed on this WBM page.
Description
The table has the following columns:
� Port Shows the available Ethernet ports.
� Setting Specify whether the port should block or forward outgoing DCP frames. You have the following options available:
� Forward DCP frames are forwarded at this port.
� Block No outgoing DCP frames are forwarded at this port. It is nevertheless still possible to receive via this port.
240
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.6 "Layer 2" menu
1. Specify whether the port blocks or forwards the DCP frames. 2. Click the "Set Values" button.
6.6.5
LLDP
Identifying the network topology
LLDP (Link Layer Discovery Protocol) is defined in the IEEE 802.AB standard.
LLDP is a method used to discover the network topology. Network components exchange information with their neighbor devices using LLDP.
Network components that support LLDP have an LLDP agent. The LLDP agent sends information about itself and receives information from connected devices at periodic intervals. The received information is stored in the MIB.
Applications
PROFINET uses LLDP for topology diagnostics. In the default setting, LLDP is enabled for all ports; in other words, LLDP frames are sent and received on all ports. With this function, you have the option of enabling or disabling sending and/or receiving per port.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
241
Configuring with Web Based Management 6.6 "Layer 2" menu
Description
The table has the following columns:
� Port Shows the port.
� Setting
Specify the LLDP functionality. The following options are available:
� Tx This port can only send LLDP frames.
� Rx This port can only receive LLDP frames.
� Rx & Tx This port can receive and send LLDP frames.
� "-" (Disabled) This port can neither receive nor send LLDP frames.
Procedure
1. Select the required LLDP functionality from the drop-down list. 2. Click the "Set Values" button.
242
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.7
Menu "Layer 3 (IPv4)"
Configuring with Web Based Management 6.7 Menu "Layer 3 (IPv4)"
6.7.1 6.7.1.1
Subnets
Overview The page shows the subnets for the selected VLAN interface. This VLAN interface is also called an IPv4 interface. A subnet always relates to an IPv4 interface. The IPv4 address is assigned in the "Configuration" tab.
Description
The page contains the following boxes:
� Interface
Select the interface on which you want to configure the subnet.
The table has the following columns:
� Select Select the row you want to delete.
� Interface Shows the interface.
� TIA Interface Shows the selected TIA interface.
� Interface Name Shows the name of the interface.
� MAC Address Shows the MAC address.
� IP Address Shows the IPv4 address of the subnet.
� Subnet Mask Shows the subnet mask.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
243
Configuring with Web Based Management 6.7 Menu "Layer 3 (IPv4)"
� Address Type Displays the address type. The following values are possible:
� Primary The first IPv4 address that was configured on an IPv4 interface.
� Secondary All other IPv4 addresses that were configured on an IPv4 interface.
� IP Assign Method Shows how the IPv4 address is assigned. The following values are possible:
� Static The IPv4 address is static. You enter the settings in "IP Address" and "Subnet Mask".
� Dynamic (DHCP) The device obtains a dynamic IPv4 address from a DHCPv4 server.
� Address Collision Detection Status
If new IPv4 addresses become active in the network, the "Address Collision Detection" function checks whether this can result in address collisions. The allows IPv4 addresses that would be assigned twice to be detected.
Note
The function does not run a cyclic check.
This column shows the current status of the function. The following values are possible:
� Idle
The interface is not enabled and does not have an IPv4 address.
� Starting
This status indicates the start-up phase. In this phase, the device initially sends a query as to whether the planned IPv4 address already exists. If the address is not yet been assigned, the device sends the message that it is using this IP address as of now.
� Conflict
The interface is not enabled. The interface is attempting to use an IPv4 address that has already been assigned.
� Defending
The interface uses a unique IPv4 address. Another interface is attempting to use the same IPv4 address.
� Active
The interface uses a unique IPv4 address. There are no collisions.
� Not supported
The function for detection of address collisions is not supported.
� Disabled
The function for detection of address collisions is disabled.
� MTU Shows the packet size.
244
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.7 Menu "Layer 3 (IPv4)"
Procedure
1. Select the VLAN interface from the "Interface" drop-down list. 2. Click the "Create" button. A new row is inserted in the table. 3. Click the "Set Values" button. Configure the subnet on the "Configuration" tab.
6.7.1.2
Configuration On this page, you configure the IPv4 interface.
Description
The page contains the following boxes:
� Interface (Name) Select the interface from the drop-down list.
� Interface Name Enter the name of the interface.
� MAC Address
Displays the MAC address of the selected interface.
� DHCP
Enable or disable the DHCP client for this IPv4 interface.
� IP Address Enter the IPv4 address of the interface. The IPv4 addresses must not be used more than once.
� Subnet Mask Enter the subnet mask of the subnet you are creating. Subnets on different interfaces must not overlap.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
245
Configuring with Web Based Management 6.7 Menu "Layer 3 (IPv4)"
� Address Type Shows the address type.
� Primary The first subnet of the interface.
� TIA Interface Select whether this interface should become the TIA interface. The TIA interface defines on which VLAN the PROFINET functionalities are available. This mainly affects the device search with or via DCP.
� MTU MTU (Maximum Transmission Unit) specifies the maximum size of the packet. If packets are longer than the set MTU, they are fragmented. The MTU covers the IP headers and the headers of the higher layers.
Range of values:
� With IPv4: 90 ... 1514
� With IPv6: 1280 ... 1514
Procedure
1. Select the interface from the "Interface (Name)" drop-down list. 2. Enter a name for the Interface in "Interface Name". 3. Enter the IPv4 address of the subnet in the "IP Address" column. 4. Enter the subnet mask belonging to the IPv4 address in the "Subnet Mask" column 5. Click the "Set Values" button.
246
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.7.2
Configuring with Web Based Management 6.7 Menu "Layer 3 (IPv4)"
Static Routes
On this page, you specify the routes via which data exchange can take place between the various subnets. Dynamic routing protocols are not supported, for example RIP, OSPF.
Description
The page contains the following boxes:
� Destination Network Enter the network address of the destination that can be reached via this route.
� Subnet Mask Enter the corresponding subnet mask.
� Interface Specify whether the network address can be reached via a certain interface or via the gateway (auto).
� Gateway Enter the IPv4 address of the gateway via which this network address is reachable.
� Administrative Distance Enter the metric for the route. The metric corresponds to the quality of a connection, for example speed, costs. If there are several equal routes, the route with the lowest metric value is used.
If you do not enter anything, "not used" is entered automatically. The metric can be changed later.
Range of values: 1 - 255 or -1 for "not used".
Here, 1 is the value for the best possible route. The higher value, the longer packets require to their destination.
The table has the following columns:
� Select Select the row you want to delete.
� Destination Network Shows the network address of the destination.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
247
Configuring with Web Based Management 6.7 Menu "Layer 3 (IPv4)"
� Subnet Mask Shows the corresponding subnet mask.
� Gateway Shows the IPv4 address of the next gateway.
� Interface Shows the interface of the route.
� Administrative Distance
Enter the metric for the route. When creating the route, "not used" is entered automatically. The metric corresponds to the quality of a connection, based for example on speed or costs. If there are several equal routes, the route with the lowest metric value is used. Range of values: 1 - 255
Here, 1 is the value for the best possible route. The higher value, the longer the packets require to their destination.
� Status Shows whether or not the route is active.
Procedure
1. Enter the network address of the destination in the "Destination Network" input box. 2. Enter the corresponding subnet mask in the "Subnet Mask" input box. 3. For "Interface", select the entry "auto". 4. Enter the gateway in the "Gateway" input box. 5. Enter the weighting of the route in "Administrative Distance". 6. Click the "Create" button. A new entry is generated in the table. 7. Click the "Set Values" button.
248
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.8
Menu "Layer 3 (IPv6)"
Configuring with Web Based Management 6.8 Menu "Layer 3 (IPv6)"
6.8.1
Subnets
Configuration of the IP addresses
On this page, you enable IPv6 at the VLAN interface. This VLAN interface is also called an IPv6 interface. An IPv6 interface can have several IPv6 addresses.
Description
The page contains the following: � Interface
Shows the VLAN interface on which IPv6 will be enabled. � IPv6 Enable
Enable or disable IPv6 on the interface. When you enable the setting and accept it, the link-local address is created automatically. � IPv6 Address Enter the IPv6 address. The input depends on the selected address type. � Prefix Length Enter the number of left-hand bits belonging to the prefix
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
249
Configuring with Web Based Management 6.8 Menu "Layer 3 (IPv6)"
� IPv6 Address Type Select the address type: � Unicast � Link Local: IPv6 address is only valid on the link.
� Address Configuration Specify the mechanism for the address configuration: � Automatic (default) The IPv6 address is created using a stateless mechanism or a stateful mechanism. � DHCPv6 Status dependent: Obtains the IPv6 address and the configuration file from the DHCPv6 server. � SLAAC (Stateless Address Auto Configuration) Stateless autoconfiguration using NDP (Neighbor Discovery Protocol) � Static Enter a static IPv6 address.
� DHCPv6 Rapid Commit When enabled the procedure for the IPv6 address assignment is shortened. Instead of 4 DHCPv6 messages (SOLICIT, ADVERTISE , REQUEST, REPLY) only 2 DHCPv6 messages (SOLICIT, REPLY) are used. You will find further information on the messages in RFC 3315.
The table has the following columns: � Select
Select the check box in the row to be deleted. � Interface Name
Shows the name of the VLAN interface. � IPv6 Address
Shows the IPv6 address. � Prefix Length
Shows the prefix length.
250
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.8 Menu "Layer 3 (IPv6)"
� IPv6 Address Type Displays the address type. The following values are possible: � Unicast � Link Local
� Address Collision Detection Status In Address Autoconfiguration (SLAAC), the "Address Collision Detection Status" function prevents IPv6 addresses from being assigned twice. The device can only use free IPv6 addresses during autoconfiguration. When the function is activated, the check via NDP takes place automatically.
Note The function does not run a cyclic check.
This column shows the current status of the function. The following values are possible: � Tentative
This status indicates that the selected IPv6 address is being checked. The device sends a neighbor solicitation message to the selected IPv6 address. � Conflict This status indicates that the IPv6 address is already being used. In this case, a neighbor advertisement message with the selected IPv6 address is returned to the device. The device forms a new IPv6 address and checks this again. � Complete This status indicates that the selected IPv6 address can be used. In this case, the device did not receive feedback within a period of time and assumes that the IPv6 address is not yet assigned. � Down This status indicates that the interface is not active. No check is carried out.
Automatically form link-local address 1. Enable IPv6. 2. Click the "Create" button. In the table an entry with the interface is created and the
automatically formed link-local IPv6 address is displayed. Assign link-local address 1. Enable IPv6. 2. In "IPv6 Address", enter the link-local address, e.g. FE80::21B:1BFF:FE40:9155 3. Enter "128" in "Prefix Length". 4. For "IPv6 Address Type" select the entry "Link Local".
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
251
Configuring with Web Based Management 6.8 Menu "Layer 3 (IPv6)"
5. For "Address Configuration" select the entry "Static". 6. Click the "Create" button. In the table an entry with the interface is created and the IPv6
address is displayed. The automatically created link-local address is overwritten.
6.8.2
Static Routes
On this page, you configure the IPv6 default route. The IPv6 default route is an IPv6 route, that applies to all IPv6 addresses. The device only needs to know the default gateway and sends all IPv6 packets to it.
The default gateway either knows all routes itself or has a default route to another default gateway.
Description
The page contains the following: � Destination Network
Destination Network (:: or 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0) applies to all IPv6 addresses. � Prefix Length
Enter the number of left-hand bits belonging to the prefix � Gateway
Enter the IPv6 address of the gateway to which the IPv6 packets will be sent. � Administrative Distance
Enter the metric for the route. The metric corresponds to the quality of a connection, based for example on speed or costs. If there are several equal routes, the route with the
252
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.8 Menu "Layer 3 (IPv6)"
lowest metric value is used. Range of values: 1 - 254 � Interface Specify the interface via which the network address of the destination is reached. This table contains the following columns: � Select Select the check box in the row to be deleted. � Destination Network Shows the network address of the destination. � Prefix Length Shows the prefix length. � Gateway Shows the IPv6 address of the next gateway. � Interface Shows the Interface of the route. � Administrative Distance Enter the metric for the route. When creating the route, "not used" is entered automatically. The metric corresponds to the quality of a connection, based for example on speed or costs. If there are several equal routes, the route with the lowest metric value is used. Range of values: 1 - 254 � Status Shows whether or not the route is active.
Steps in configuration 1. Enter the prefix length. 2. Enter the IPv6 address of the gateway. 3. Select the required interface. 4. Enter the metric of the route. 5. Click the "Create" button. A new entry is generated in the table. 6. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
253
Configuring with Web Based Management 6.9 "Security" menu
6.9
"Security" menu
6.9.1
Users
6.9.1.1
Local Users
Local users
On this page, you create local users with the corresponding rights. When you create or delete a local user this change is also made automatically in the table "External User Accounts". If you want to make change explicitly for the internal or external user table, use the CLI commands.
Note The values displayed depend on the rights of the logged-in user.
Description
The page contains the following: � User Account
Enter the name for the user. The name must meet the following conditions: � It must be unique. � It must be between 1 and 250 characters long. � The following characters must not be included: | ? " ; :
The characters for Space and Delete also cannot be contained.
254
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.9 "Security" menu
Note User name cannot be changed After creating a user, the user name can no longer be modified. If a user name needs to be changed, the user must be deleted and a new user created.
Note User names: admin You can configure the device with this user name. When you log in for the first time or log in after a "Restore Factory Defaults and Restart", you will be prompted to change the predefined password "admin". You can also rename the "admin" user preset in the factory once. Afterwards, renaming "admin" is no longer possible.
� Password Policy Shows which password policy is being used. � High Password length: at least 8 characters, maximum 128 characters At least 1 uppercase letter At least 1 special character At least 1 number � Low Password length: at least 6 characters, maximum 128 characters You configure the password policy on the page "Security > Passwords > Options".
� Password Enter the password. The strength of the password depends on its length and complexity. � It must not contain the following characters: ; : ' ? � � " � � � | � � � � � � � � The characters for Space and Delete also cannot be contained.
� Password Confirmation Enter the password again to confirm it.
� Role Select a role. You can choose between system-defined and self-defined roles, refer to the page "Security > Users > Roles.".
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
255
Configuring with Web Based Management 6.9 "Security" menu
The table contains the following columns: � Select
Select the check box in the row to be deleted.
Note The preset users as well as logged in users cannot be deleted or changed.
� User Account Shows the user name.
� Role Shows the role of the user.
� Description Displays a description of the user account. The description text can be up to 100 characters long.
Procedure
Note Changes in "Trial" mode Even if the device is in "Trial" mode, changes that you carry out on this page are saved immediately.
Creating users 1. Enter the name for the user. 2. Enter the password for the user. 3. Enter the password again to confirm it. 4. Select the role of the user. 5. Click the "Create" button. 6. Enter a description of the user. 7. Click the "Set Values" button. Deleting users 1. Select the check box in the row to be deleted. 2. Click the "Delete" button. The entries are deleted and the page is updated.
256
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.9.1.2 Roles
Roles
Configuring with Web Based Management 6.9 "Security" menu
On this page, you create roles that are valid locally on the device.
Note The values displayed depend on the rights of the logged-in user.
Description
The page contains the following: � Role Name
Enter the name for the role. The name must meet the following conditions: � It must be unique. � It must be between 1 and 64 characters long.
Note Role name cannot be changed After creating a role, the name of the role can no longer be changed. If a name of a role needs to be changed, the role must be deleted and a new role created.
The table contains the following columns: � Select
Select the check box in the row to be deleted. Note Predefined roles and assigned roles cannot be deleted or modified.
� Role Shows the name of the role.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
257
Configuring with Web Based Management 6.9 "Security" menu
� Function Right Select the function rights of the role. � 1 Users with this role can read device parameters but cannot change them. Users with this role can change their own password. � 15 Users with this role can both read and change device parameters.
Note Function right cannot be changed If you have assigned a role, you can no longer change the function right of the role. If you want to change the function right of a role, follow the steps outlined below: 1. Delete all assigned users. 2. Change the function right of the role: 3. Assign the role again.
� Description Enter a description for the role. With predefined roles a description is displayed. The description text can be up to 100 characters long.
Procedure
Creating a role 1. Enter the name for the role. 2. Click the "Create" button. 3. Select the function rights of the role. 4. Enter a description of the role. 5. Click the "Set Values" button. Deleting a role 1. Select the check box in the row to be deleted. 2. Click the "Delete" button. The entries are deleted and the page is updated.
258
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.9 "Security" menu
6.9.1.3
Groups
User groups
On this page you link a group with a role. In this example the group "Administrators" is linked to the "admin" role: The group is defined on a RADIUS server. The role is defined locally on the device. When a RADIUS server authenticates a user and assigns the user to the "Administrators" group, this user is given rights of the "admin" role.
Note The values displayed depend on the rights of the logged-in user.
Description
The page contains the following: � Group Name
Enter the name of the group. The name must match the group on the RADIUS server. The name must meet the following conditions: � It must be unique. � It must be between 1 and 64 characters long. � The following are not permitted: � ? " ; : The table contains the following columns: � Select Select the check box in the row to be deleted. � Group Shows the name of the group.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
259
Configuring with Web Based Management 6.9 "Security" menu
� Role
Select a role. Users who are authenticated with the linked group on the RADIUS server receive the rights of this role locally on the device.
You can choose between system-defined and self-defined roles, refer to the page "Security > Users > Roles.".
� Description
Enter a description for the link of the group.to a role. The description text can be up to 100 characters long.
Procedure
Linking a group to a role. 1. Enter the name of a group. 2. Click the "Create" button. 3. Select a role. 4. Enter a description for the link of a group.to a role. 5. Click the "Set Values" button. Deleting the link between a group and a role 1. Select the check box in the row to be deleted. 2. Click the "Delete" button. The entries are deleted and the page is updated.
260
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.9 "Security" menu
6.9.2
Passwords
Configuration of the passwords
Note If you are logged in via a RADIUS server, you cannot change any passwords.
On this page, you can change passwords. If you are logged in with the right to change device parameters, you can change the passwords for all user accounts. If you are logged on as user, you can only change your own password.
Description of the displayed boxes � Current User Shows the user that is currently logged in. � Current User Password Enter the password for the currently logged in user. � User Account Select the user whose password you want to change.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
261
Configuring with Web Based Management 6.9 "Security" menu
� Password Policy Shows which password policy is being used when assigning new passwords.
Note Checking the password policy of existing users The set password policy is used when assigning new passwords. Existing passwords are not checked. If you change the password policy from "Low" to "High", the previously used passwords remain valid. As an important measure for increasing security, change the passwords used up to now.
� High Password length: at least 8 characters, maximum 128 characters At least 1 uppercase letter At least 1 special character At least 1 number
� Low Password length: at least 6 characters, maximum 128 characters
� New Password Enter the new password for the selected user. � It must not contain the following characters: ; : ' ? � � " � � � | � � � � � � � � The characters for Space and Delete also cannot be contained.
� Password Confirmation Enter the new password again to confirm it.
Procedure
1. Enter the valid password for the currently logged in user in the "Current User Password" input box.
2. From the "User Account" drop-down list, select the user whose password you want to change.
3. Enter the new password for the selected user in the "New Password" input box.
262
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.9 "Security" menu
4. Repeat the new password in the "Password Confirmation" input box. 5. Click the "Set Values" button.
Note The factory settings for the passwords when the devices ship are as follows: � admin: admin When you log in for the first time or following a "Restore Factory Defaults and Restart", with the preset user "aadmin" you will be prompted to change the password.
Note Changing the password in Trial mode Even if you change the password in Trial mode, this change is saved immediately.
6.9.3
AAA
6.9.3.1
General
Login of network nodes
The designation "AAA" stands for "Authentication, Authorization, Accounting". This feature is used to identify and allow network nodes, to make the corresponding services available to them and to specify the range of use.
On this page, you configure the login.
Description
The page contains the following boxes:
Note To be able to use the login authentication "RADIUS", "Local and RADIUS" or "RADIUS and fallback Local" a RADIUS server must be stored and configured for user authentication.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
263
Configuring with Web Based Management 6.9 "Security" menu
� Login Authentication Specify how the login is made:
� Local
The authentication must be made locally on the device.
� RADIUS
The authentication must be handled via a RADIUS server.
� Local and RADIUS
The authentication is possible both with the users that exist on the device (user name and password) and via a RADIUS server.
The user is first searched for in the local database. If the user does not exist there, a RADIUS request is sent.
� RADIUS and fallback Local
The authentication must be handled via a RADIUS server.
A local authentication is performed only when the RADIUS server cannot be reached in the network.
6.9.3.2
RADIUS-Client
Authentication over an external server
The concept of RADIUS is based on an external authentication server.
Each row of the table contains access data for one server. In the search order, the primary server is queried first. If the primary server cannot be reached, secondary servers are queried in the order in which they are entered.
If no server responds, there is no authentication.
264
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.9 "Security" menu
Description
The page contains the following boxes:
� RADIUS Authorization Mode
For the login authentication, the RADIUS authorization mode specifies how the rights are assigned to the user with a successful authentication.
� Standard
In this mode the user is logged in with administrator rights if the server returns the value "Administrative User" to the device for the attribute "Service Type". In all other cases the user is logged in with read rights.
� Vendor Specific
In this mode the assignment of rights depends on whether and which group the server returns for the user and whether or not there is an entry for the user in the table "External User Accounts".
The table has the following columns:
� Select Select the row you want to delete.
� RADIUS Server Address Enter the IP address or the FQDN (Fully Qualified Domain Name) of the RADIUS server.
� Server Port Here, enter the input port on the RADIUS server. As default, input port 1812 is set. The range of values is 1 to 65535.
� Shared Secret Enter your access ID here. The range of values is 1...128 characters
� Shared Secret Conf. Enter your access ID again as confirmation.
� Max. Retrans.
Enter the maximum number of retries for an attempted query.
The initial connection attempt is repeated the number of times specified here before another configured RADIUS server is queried or the login counts as having failed. As default 3 retries are set, this means 4 connection attempts. The range of values is 1 to 5.
� Timeout[s]
Specify how long the RADIUS client waits for a response from the RADIUS server before attempting login again.
� Primary Server Using the options in the drop-down list, specify whether or not this server is the primary server. You can select one of the options "yes" or "no".
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
265
Configuring with Web Based Management 6.9 "Security" menu
� Test With this button, you can test whether or not the specified RADIUS server is available. The test is performed once and not repeated cyclically.
� Test Result Shows whether or not the RADIUS server is available: � Not reachable The IP address is not reachable. The IP address is reachable, the RADIUS server is, however, not running. � Reachable, key not accepted The IP address is reachable, the RADIUS server does not, however accept the shared secret. � Reachable, key accepted The IP address is reachable, the RADIUS server accepts the specified shared secret.
Steps in configuration Entering a new server 1. Click the "Create" button. A new entry is generated in the table. The following default values are entered in the table: � RADIUS Server Address: 0.0.0.0 � Server Port: 1812 � Max. Retrans.: 3 � Primary server: No 2. In the relevant row, enter the following data in the input boxes: � RADIUS Server Address � Server Port � Shared Secret � Shared Secret Conf � Max. Retrans.: 3 � Primary server: No 3. If necessary check the reachability of the RADIUS server. 4. Click the "Set Values" button. Repeat this procedure for every server you want to enter.
266
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.9 "Security" menu
Modifying servers 1. In the relevant row, enter the following data in the input boxes:
� RADIUS Server Address � Server Port � Shared Secret � Shared Secret Conf � Max. Retrans. � Primary Server 2. If necessary check the reachability of the RADIUS server. 3. Click the "Set Values" button. Repeat this procedure for every server whose entry you want to modify Deleting servers 1. Click the check box in the first column before the row you want to delete to select the entry for deletion. Repeat this for all entries you want to delete. 2. Click the "Delete" button. The data is deleted from the memory of the device and the page is updated.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
267
Configuring with Web Based Management 6.9 "Security" menu
6.9.4
WLAN
6.9.4.1
Basic (Access Point)
Safety levels
To make the network secure, authentication and encryption are used. On this page, you specify the security settings.
Description
The table has the following columns:
� Port
Shows the available ports.
� Authentication Type
Select the type of authentication. The selection depends on the operating mode and the transmission standard.
Note WLAN mode IEEE 802.11 n/ac/ax
In WLAN mode IEEE 802.11n/ac/ax, only WPA2 (WPA2-PSK and WPA2 RADIUS) encryption is possible.
� Open System There is no authentication.
� WPA (RADIUS) Wi-Fi Protected Access (WPA) is a method specified by the Wi-Fi Alliance to close security gaps in WEP. Authentication using a server (802.1x) is mandatory. The dynamic exchange of keys at each data frame introduces further security.
� WPA-PSK WPA Pre Shared Key (WPA-PSK) is a weakened form of WPA. In this method, authentication is not carried out by a server but is based on a password. This password is configured manually on the client and server.
268
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.9 "Security" menu
� WPA2 (RADIUS) WPA2 (Wi-Fi Protected Access 2) is a further development of WPA and implements the functions of the IEEE 802.11i security standard. However, WPA authentication works with the RADIUS server.
� WPA2-PSK WPA2-PSK is based on the 802.11i standard. However, WPA authentication works without a RADIUS server. Instead of this, a WPA(2) key (WPA(2) pass phrase) is stored on each client and access point. The WPA(2) pass phrase is used for authentication and further encryption.
� Encryption
Encryption protects the transferred data from eavesdropping and corruption. You can only disable encryption if you have selected "Open System" for authentication. All other security methods include both authentication and encryption.
� Cipher
Select the encryption method. The selection depends on the transmission standard.
� AUTO Either AES or TKIP is automatically selected, depending on the capability of the other station.
� TKIP (Temporal Key Integrity Protocol) A symmetrical stream encryption method with the RC4 (Ron's Code 4) algorithm. In contrast to the weak WEP encryption, TKIP uses changing keys derived from a main key. TKIP can also recognize corrupted data frames.
� AES (Advanced Encryption Standard) Strong symmetrical block encryption method based on the Rijndael algorithm that further improves the functions of TKIP.
Note
To provide better protection of your data against attacks, use WPA2/ WPA2-PSK with AES.
� WPA(2) Pass Phrase
Enter a WPA(2) key here. This WPA(2) key must be known on both the client and the access point and is entered by the user at both ends.
� For a key with 8 to 63 characters, you can only use the following readable ASCII characters: 0x20 - 0x7e.
� For a key with precisely 64 characters, you can use the following ASCII characters: 0 9, a - f and A - F.
� WPA(2) Pass Phrase Confirmation
Confirm the entered WPA(2) pass phrase.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
269
Configuring with Web Based Management 6.9 "Security" menu
Procedure
1. Select the required security settings. The settings that are possible depend on the set "Authentication Type".
Authentication Type Open System WPA (RADIUS) WPA-PSK WPA2 (RADIUS) WPA2-PSK
Encryption disabled Enabled Enabled Enabled Enabled
2. Click the "Set Values" button.
Cipher -Auto/TKIP/AES Auto/TKIP/AES Auto/TKIP/AES Auto/TKIP/AES
Encryption key source -RADIUS Server WPA(2) pass phrase RADIUS Server WPA(2) pass phrase
270
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.9 "Security" menu
6.9.4.2
Basic (Client)
Safety levels
To make the network secure, authentication and encryption are used. On this page, you specify the security settings.
Note This page is only available for clients or access points in client mode.
Description
The table has the following columns:
� Select Select the row you want to delete. Select a check box in this column and click the "Delete" button to delete an entry in the list.
� Security Context
Shows the security context.
� Authentication Type
Select the type of authentication. The selection depends on the operating mode and the transmission standard.
Note WLAN mode IEEE 802.11 n/ac/ax
In WLAN mode IEEE 802.11n/ac/ax, only WPA2 (WPA2-PSK and WPA2 RADIUS) encryption is possible.
Authentication Type
Select the type of authentication. The selection depends on the operating mode and the transmission standard.
� Open System There is no authentication.
� WPA (RADIUS) Wi-Fi Protected Access (WPA) is a method specified by the Wi-Fi Alliance to close
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
271
Configuring with Web Based Management 6.9 "Security" menu
security gaps in WEP. Authentication using a server (802.1x) is mandatory. The dynamic exchange of keys at each data frame introduces further security.
Note
Make the relevant RADIUS settings initially on the page "Security > WLAN > Client Radius Supplicant".
� WPA-PSK WPA Pre Shared Key (WPA-PSK) is a weakened form of WPA. In this method, authentication is not carried out by a server but is based on a password. This password is configured manually on the client and server.
� WPA2 (RADIUS) WPA2 (Wi-Fi Protected Access 2) is a further development of WPA and implements the functions of the IEEE 802.11i security standard. However, WPA authentication works with the RADIUS server.
Note
Make the relevant RADIUS settings initially on the page "Security > WLAN > Client Radius Supplicant".
� WPA2-PSK WPA2-PSK is based on the 802.11i standard. However, WPA authentication works without a RADIUS server. Instead of this, a WPA(2) key (WPA(2) pass phrase) is stored on each client and access point. The WPA(2) pass phrase is used for authentication and
� Encryption
Encryption protects the transferred data from eavesdropping and corruption. You can only disable encryption if you have selected "Open System" for authentication. All other security methods include both authentication and encryption.
� Cipher
Select the encryption method. The selection depends on the transmission standard.
� AUTO Either AES or TKIP is automatically selected, depending on the capability of the other station.
� TKIP (Temporal Key Integrity Protocol) A symmetrical stream encryption method with the RC4 (Ron's Code 4) algorithm. In contrast to the weak WEP encryption, TKIP uses changing keys derived from a main key. TKIP can also recognize corrupted data frames.
� AES (Advanced Encryption Standard) Strong symmetrical block encryption method based on the Rijndael algorithm that further improves the functions of TKIP.
Note
To provide better protection of your data against attacks, use WPA2/ WPA2-PSK with AES.
272
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.9 "Security" menu
� WPA(2) Pass Phrase Enter a WPA(2) key here. This WPA(2) key must be known on both the client and the access point and is entered by the user at both ends. For a key with 8 to 63 characters, you can only use the following readable ASCII characters: 0x20 - 0x7e. For a key with precisely 64 characters, you can use the following ASCII characters: 0 - 9, a f and A - F.
� WPA(2) Pass Phrase Confirmation Confirm the entered WPA(2) pass phrase.
1. To create a new security context, click the "Create" button. 2. Select the required security settings. The settings that are possible depend on the set
"Authentication Type". 3. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
273
Configuring with Web Based Management 6.9 "Security" menu
6.9.4.3
AP RADIUS Authenticator
Note This WBM page is only available in access point mode.
Configuration of the RADIUS server
On this WBM page, you define the RADIUS servers and the RADIUS authentication of the access point. You can enter data for two RADIUS servers.
Description
The page contains the following boxes:
� Reauthentication Mode
Specify who sets the time after which the clients are forced to reauthenticate.
� - (disabled) Reauthentication mode is disabled.
� Server Enables time management on the server.
� Local Enables local time management. In "Reauthentication Interval", specify the time of validity.
� Reauthentication Interval [s]
If time management is local, enter the period of validity of the authentication in seconds. The minimum time is 1 minute (enter 60), the maximum time is 12 hours (enter 43200). The default is one hour (3,600 seconds).
274
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.9 "Security" menu
The table has the following columns: � Server IP Address
Enter the IP address or the FQDN (Fully Qualified Domain Name) of the RADIUS server. � Server Port
Here, enter the input port on the RADIUS server. � Shared Secret
Enter the password of the RADIUS server. For the password, ASCII code 0x20 to 0x7e is used. � Shared Secret Conf Confirm the password. � Max. Retransmissions Enter the maximum number of connection attempts. � Primary Server Specify whether or not this server is the primary server. � Yes: Primary server � No: Backup server. � State With this check box, you can enable or disable the RADIUS server
Entering a new server To display a new server, follow the steps below: 1. In the relevant row, enter the following data in the input boxes:
� IP address or FQDN of the RADIUS server � Port number of the input port � Password � Confirmation of the password � Maximum number of transmission retries � Primary server 2. Click the "Set Values" button.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
275
Configuring with Web Based Management 6.9 "Security" menu
Modifying servers 1. In the relevant row, enter the following data in the input boxes:
� IP address or FQDN of the RADIUS server � Port number of the input port � Password � Confirmation of the password � Maximum number of transmission retries � Primary server 2. Click the "Set Values" button. Repeat this procedure for every server whose entry you want to modify.
276
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Configuring with Web Based Management 6.9 "Security" menu
6.9.4.4
Client RADIUS Supplicant
Client Supplicant On this WBM page, you configure the settings for the RADIUS authorization of the client.
Note This page is only available for clients or access points in client mode.
Description
� Minimum. TLS version Specify the minimum TLS version to be used for WLAN RADIUS authentication.
Note RADIUS Server This is only possible when the RADIUS Server supports the TLS version.
The table has the following columns: � Security Context
Shows the security context. � Dot1x User Name
Enter the user name with which you want to log on to the RADIUS server. � Dot1x User Password
Enter the password for the user name selected above. The client logs on with the RADIUS server using this combination. For password assignment, ASCII code 0x20 to 0x7e is used. � Dot1x User Password Confirmation Confirm the password.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
277
Configuring with Web Based Management 6.9 "Security" menu
Procedure
Note Dot1X user name and Dot1X user password With WPA (RADIUS), WPA2 (RADIUS), EAP-TLS, EAP-TTLS and PEAP the Dot1X user name and the Dot1X user password must be configured. With the setting "Auto" either the certificate must be loaded or the Dot1X user name and the Dot1X user passport must be configured.
� Dot1X Server Certificate Specify whether or not the RADIUS server identifies itself to the client using a certificate.
Note Using certificates Renew the certificate before it expires. If you do not renew the certificate in time, it will not be possible to establish a connection after expiry.
� Dot1x EAP Types Specify the authentication methods. The following methods exist: � Auto Client offers RADIUS server all methods. � EAP-TLS Extensible Authentication Protocol - Transport Layer Security Uses certificates for authentication. � EAP-TTLS Extensible Authentication Protocol - Tunnel Transport Layer Security After setting up the TLS tunnel, MS-CHAPv2 is used for internal authentication. � PEAP Protected Extensible Authentication Protocol Alternative draft protocol of IETF for EAP-TTLS
1. Enter the necessary values in the input boxes. 2. Select the required entry in the "Dot1x EAP Types" drop-down list. 3. Click the "Set Values" button.
278
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
6.10
"iFeatures" menu
Configuring with Web Based Management 6.10 "iFeatures" menu
6.10.1
iPRP
Requirements for using iPRP � iPRP can only be used with the CLP iFeatures. For more detailed information, refer to the
section "Configuration License PLUG (CLP) (Page 23)". � The Base Bridge mode "802.1Q VLAN Bridge" is set. � The VLANs are created � Access point mode: The VAP interface is enabled. � Client mode:
� For "MAC Mode", "Layer 2 Tunnel" is set. � Either "Always" or "Disabled" is set for "Background Scan Mode".
When should iPRP be used?
Note iPRP with oversize frames (jumbo frames)
To be able to use oversize frames, oversize frames (jumbo frames) must be configured on all devices in the network.
Agent VLAN (management VLAN) with iPRP
The iPRP VLAN can be used as the agent VLAN. This depends where the device is located. � If the device is located in the PRP network A or PRP network B, use the VLAN that PRP A or
PRP B is assigned to as the agent VLAN. � If the access points are located in both PRP networks, you can use one of the two VLANs as
the agent VLAN. As an alternative you can also use other VLANs as agent VLANs. The division into PRP networks A and B must remain. A single management VLAN for all devices in network A and B is not possible without further measures.
With the "industrial Parallel Redundancy Protocol" (iPRP), the PRP technology can be used in a wireless network. With IPRP the PRP frames are transferred parallel via two wireless links. The parallel transfer allows disruptions of the transfer on one wireless link to be compensated on the other.
With transfer paths that are not the same, iPRP reduces the number of duplicated and out-oforder packets. The application/protocol used must be able to handle the remaining duplicates and out-of-order packets.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
279
Configuring with Web Based Management 6.10 "iFeatures" menu
Description
The page contains the following: � PRP A
Select the VLAN assignment for PRP A. � PRP B
Select the VLAN assignment for PRP B.
280
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Procedure
Configuring with Web Based Management 6.10 "iFeatures" menu
The table contains the following columns: � Port
Shows the available ports. � Frequency Band (only in access point mode)
Shows the frequency band. � 2.4 GHz � 5 GHz � Enable iPRP Enable or disable iPRP for the required port. � PRP Network Specify the PRP network in which the port is a member.
1. For "PRP A", select the VLAN assignment for PRP A. 2. For "PRP B", select the VLAN assignment for PRP B. 3. Specify the PRP network in which the port is a member. 4. Select the "Enable iPRP" setting. Click the "Set Values" button.
The appropriate VLAN settings are made automatically.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
281
7
Upkeep and maintenance
7
7.1
Firmware update - via WBM
Requirement
� The device has an IP address. � The user is logged in with administrator rights.
Note
The device must have at least firmware version 5.1. A firmware update is not possible if the firmware on the device is older than version 5.1.
Firmware update via HTTP 1. Click "System > Load&Save" in the navigation area. Click the "HTTP" tab. 2. Click the "Load" button in the "Firmware" table row. 3. Go to the storage location of the firmware file. 4. Click the "Open" button in the dialog. The file is uploaded.
Firmware update - via TFTP 1. Click "System > Load&Save" in the navigation area. Click the "TFTP" tab. 2. Enter the IP address of the TFTP server in the "TFTP Server Address" input box. 3. Enter the port of the TFTP server in the "TFTP Server Port" input box. 4. Click the "Load file" button in the "Firmware" table row. 5. Go to the storage location of the firmware file. 6. Click the "Open" button in the dialog. The file is uploaded.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
283
Upkeep and maintenance 7.1 Firmware update - via WBM
Firmware update via SFTP 1. Click "System > Load&Save" in the navigation area. Click the "SFTP" tab. 2. Enter the IP address of the SFTP server in the "SFTP Server Address" input box. 3. Enter the port of the SFTP server in the "SFTP Server Port" input box. 4. Click the "Load file" button in the "Firmware" table row. 5. Go to the storage location of the firmware file. 6. Click the "Open" button in the dialog. The file is uploaded.
Result
The firmware has been transferred completely to the device.
On the "Information > Versions" there are the entries "Firmware" and "Firmware Running". Firmware Runningshows the version of the current firmware. "Firmware" shows the firmware version stored after loading the firmware. To activate this firmware, restart the device with "System > Restart".
284
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Upkeep and maintenance 7.2 Embedding firmware in ConfigPack.
7.2
Embedding firmware in ConfigPack.
Please not the additional information and security notes in the operating instructions of your device.
With the the ConfigPack with embedded firmware file you can install a device configuration including the firmware belonging to it on one or more devices.
Creating ConfigPack with embedded firmware To embed the firmware in a ConfigPack, you need to make a setting in the Command Line Interface (CLI). To do this, follow the steps outlined below:
Note Using configurations with DHCP If you want to use the ConfigPack with embedded firmware to commission multiple devices with the same configuration and firmware, create a ConfigPack only from device configurations that use DHCP. Otherwise, disruptions will occur in network operation due to multiple identical IP addresses. You assign fixed IP addresses extra following the basic installation.
1. Start the remote configuration using Telnet (CLI) and log on with a user with the "admin" role.
2. Change to the global configuration mode with the command "configure terminal". 3. You change to the loadsave configuration mode with the "loadsave" command. 4. Enter the "firmware-in-configpack" command without parameters.
The firmware currently on this device is now included as a separate file in the ConfigPack when you save it.
Note Embedding firmware in ConfigPack. When the device is restarted this functionality is lost again and must be reactivated.
If you save a ConfigPack in the WBM or CLI, the firmware is embedded. The file can be supplied with a password before download. To load the file into the device successfully, use the specified password. Refer to the information in the section Load & Save (Page 131).
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
285
Upkeep and maintenance 7.2 Embedding firmware in ConfigPack.
Installing ConfigPack with embedded firmware
Note Installing ConfigPack with DHCP options 66, 67 You can also install the ConfigPack using DHCP with options 66 and 67 activated. You activate the options in the menu "System > DHCP > DHCP Client". Password-protected ConfigPack and DHCP options 66.67 If the file is password-protected, you cannot install the file via DHCP with options 66 and 67.
If you install a ConfigPack using WBM or CLI, firmware stored there is also installed.
Procedure in the WBM 1. Connect to the WBM of the device on which you want to install the ConfigPack as
administrator. 2. Go to the menu "System > Load&Save". 3. In the row "ConfigPack", click the "Load" button 4. Select the ConfigPack you want to install. 5. Restart the device with "System > Restart".
If there is a different firmware version on the device to be installed compared with that in the ConfigPack, an upgrade/downgrade of the firmware is performed. You can recognize this by the red F-LED flashing (flashing interval; 2 sec on/0.2 sec off). Afterwards the device is restarted and the device configuration incl. users and certificates stored in the ConfigPack is transferred to the device. 6. Wait until the device has fully started up. (the red F-LED is off) 7. You can log on the device again or exit the WBM.
286
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Upkeep and maintenance 7.3 Device configuration with PRESET-PLUG
7.3
Device configuration with PRESET-PLUG
Please not the additional information and security notes in the operating instructions of your device.
NOTICE Do not remove or insert a PLUG during operation A PLUG may only be removed or inserted when the device is turned off.
Note Support as of V1.1 The PRESET-PLUG functionality is supported as of firmware version V1.1.
With the PRESET-PLUG, you can install the same device configuration (start configuration, user accounts, certificates) including the corresponding firmware on multiple devices.
The PRESET PLUG is write-protected.
You configure the PRESET PLUG using the Command Line Interface (CLI).
Creating a PRESET-PLUG You create the PRESET PLUG using the Command Line Interface (CLI). You can create a PRESET-PLUG from any PLUG. To do this, follow the steps outlined below:
Note Using configurations with DHCP Create a PRESET-PLUG only from device configurations that use DHCP. Otherwise disruptions will occur in network operation due to multiple identical IP addresses. You assign fixed IP addresses extra following the basic installation.
Requirement
� A CLP on which you want to configure the PRESET-PLUG functionality is inserted in the device.
Procedure
1. Start the remote configuration using Telnet (CLI) and log on with a user with the "admin" role.
2. Switch to the global configuration mode with the command "configure terminal".
3. You change to the PLUG configuration mode with the "plug" command.
4. Create the PRESET-PLUG with the "presetplug" command. The firmware version of the device and the current device configuration incl. user accounts and certificates are stored on the PLUG and the PLUG is then write protected.
5. Turn off the power to the device.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
287
Upkeep and maintenance 7.3 Device configuration with PRESET-PLUG
6. Remove the PRESET-PLUG. 7. Start the device either with a new CLP inserted or with the internal configuration.
Procedure for installation with the aid of the PRESET-PLUG 1. Turn off the power to the device. 2. If it is inserted, remove the CLP from the slot. You will find further information on this in the operating instructions of your device. 3. Insert the PRESET-PLUG correctly oriented into the slot. The PRESET-PLUG is correctly inserted when it is completely inside the device and does not jut out of the slot. 4. Turn on the power to the device again. If there is a different firmware version on the device to be installed compared with that on the PRESET-PLUG, an upgrade/downgrade of the firmware is performed. You can recognize this by the red F-LED flashing (flashing interval: 2 sec on/0.2 sec off). Afterwards the device is restarted and the device configuration incl. users and certificates on the PRESET-PLUG is transferred to the device. 5. Wait until the device has fully started up. (the red F-LED is off) 6. Turn off the power to the device after the installation. 7. Remove the PRESET-PLUG. 8. Start the device either with a new CLP inserted or with the internal configuration.
Note Restore factory defaults and restart with a PRESET PLUG inserted If you reset the device to the factory defaults, when the device restarts an inserted PRESET PLUG is formatted and the PRESET PLUG functionality is lost. You then need to create a new PRESET PLUG. The keys stored on the KEY-PLUG for releasing functions are retained. We recommend that you remove the PRESET PLUG before you reset the device to the factory settings.
Formatting a PRESET-PLUG (resetting the preset function)
You format the PRESET PLUG using the Command Line Interface (CLI) to reset the preset function. To do this, follow the steps outlined below:
1. Start the remote configuration using Telnet (CLI) and log on with a user with the "admin" role.
2. Switch to the global configuration mode with the command "configure terminal".
3. You change to the PLUG configuration mode with the "plug" command.
4. Enter the command "factoryclean". The PRESET-PLUG is formatted and the preset function is reset.
5. Write the current configuration of the device with the "write" command.
288
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Upkeep and maintenance 7.4 Restoring the factory settings
7.4
Restoring the factory settings
NOTICE Previous settings If you reset, all the settings you have made will be overwritten by factory defaults.
NOTICE Inadvertent reset An inadvertent reset can cause disturbances and failures in a configured network with further consequences.
With the reset button When pressing the button, make sure you observe the information in the "Reset button" section in the operating instructions. Follow the steps below to reset the device parameters to the factory settings: 1. Turn off the power to the device. 2. Loosen the screws of the cover. 3. Remove the cover. 4. Now press the Reset button and reconnect the power to the device while holding down the button. 5. Hold down the button until the red fault LED (F) stops flashing after approximately 10 seconds and is permanently lit. 6. Now release the button and wait until the fault LED (F) goes off again. 7. The device then starts automatically with the factory settings.
With SINEC PNI Follow the steps below to reset the device parameters to the factory settings with the SINEC PNI: 1. Select the device whose parameters you want to reset. 2. Click the "Reset device" button. 3. Select the "Reset to factory settings" option in the following dialog.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
289
Upkeep and maintenance 7.4 Restoring the factory settings
Via the configuration You will find detailed information on resetting the device parameters using the WBM and CLI in the configuration manuals: � Web Based Management, section "Restart" � Command Line Interface, section "Reset and Defaults"
290
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
8
Troubleshooting/FAQ
8
8.1
Firmware update via WBM or CLI not possible
Cause
If there is a power failure during the firmware update, it is possible that the device is no longer accessible using Web Based Management or the CLI.
When pressing the button, make sure you adhere to the instructions in the section "Reset button".
Solution
You can then also assign firmware to a SCALANCE W using TFTP. Follow the steps below to load new firmware using TFTP:
1. Turn off the power to the device.
2. Now press the Reset button and reconnect the power to the device while holding down the button.
3. Hold down the button until the red fault LED (F) starts to flash after approximately 2 seconds.
4. Now release the button. The bootloader waits in this state for a new firmware file that you can download by TFTP.
5. Connect a PC to the SCALANCE W over the Ethernet interface.
6. Assign an IP address to the SCALANCE W with the SINEC PNI.
7. Open a DOS box and change to the directory where the file with the new firmware is located and then execute the command "tftp -i <ip address> PUT <firmware>". As an alternative, you can use a different TFTP client.
8. Close the cover to ensure that the device is closed and water and dust proof.
Note Use of CLI and TFTP in Windows 10
If you want to access the CLI or TFTP in Windows 10, make sure that the relevant functions are enabled in Windows 10.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
291
Troubleshooting/FAQ 8.1 Firmware update via WBM or CLI not possible
Result
The firmware is transferred to the device.
Note Please note that the transfer of the firmware can take several minutes. During the transmission, the red error LED (F) flashes.
Once the firmware has been transferred completely to the device, the device is restarted automatically.
292
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
power being too high
Troubleshooting/FAQ 8.2 Disrupted data transmission due to the received
8.2
Disrupted data transmission due to the received
power being too high
Causes and effects of excessive received power
If the received power at the input of a SCALANCE W device is too high, this overdrives the amplifier circuit. Overdrive can occur on clients and access points. If the received power on the SCALANCE W device is greater than -35 dBm, this can result in disrupted communication. Information about the signal strength [in dBm] is displayed in WBM in the following tabs:
Access point mode:
� Information > WLAN > Client List
Client mode:
� Information > WLAN > Available AP
The power of the input signal on the SCALANCE W device is influenced by the following factors:
� Distance between the WLAN partners
� Reflections of the electromagnetic waves by parts of the building
� Setting of the "max. Tx Power" and antenna settings (Interfaces > WLAN > Antennas&Power).
Solution
If communication is disrupted by an excessive signal strength (greater than -35 dBm), you can eliminate the problem in the following ways:
� Increase the distance between the transmitter and receiver.
� Reduce the transmit power of the IWLAN partner with suitable settings in WBM or CLI.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
293
Troubleshooting/FAQ 8.3 Instructions for secure network design
8.3
Instructions for secure network design
Note the information below to protect your network against attacks:
� Use a secure connection with HTTPS
In contrast to HTTP, HTTPS allows you secure access for configuring the WLAN clients and the access points using Web Based Management. For more detailed information, refer to the section "Load & Save (Page 131)".
� Use WPA2/ WPA2-PSK with AES
Use only WPA2/AES to prevent password misuse. WPA2/ WPA2-PSK with AES provides the greatest security. For more detailed information, refer to the section ""Security" menu (Page 254)".
� Protect your network from man-in-the-middle attacks
To protect your network from man-in-the-middle attacks, a network setup is recommended that makes it more difficult for the attacker to access the communications path between two end devices.
� You can, for example, protect devices by arranging so that the Agent IP is only accessible via a single management VLAN. For more detailed information, refer to the section "Menu "Layer 3 (IPv4)" (Page 243)".
� A further option is to install a separate HTTPS certificate on the WLAN client / access point. The HTTPS certificate checks the identity of the device and controls the encrypted data exchange. You can install the HTTPS certificate via HTTP. For more detailed information, refer to the section "Load & Save (Page 131)".
� Use SNMPv3
SNMPv3 provides you with highest possible security when accessing the devices via SNMP.
NOTICE
Changing the default password after configuring with STEP 7
If a device in the default status is configured only with STEP 7, it is not possible to change the default password. This change must be made directly on the device using WBM or CLI. Otherwise the default password is retained and any user could log in using the default password.
294
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
A Appendix A "Supported MIB Modules"
A
A.1
Supported MIB files
MIB files available for the SCALANCE W device The following table shows the MIB files available for a SCALANCE W device:
MIB AUTOMATION-SYSTEM-MIB (Siemens) 1) AUTOMATION-SN-SYSTEM-MIB (Siemens) 1) 2) AUTOMATION-SN-AUTH-MIB (Siemens) 1) 2) AUTOMATION-SNTP (Siemens) 1) 2) AUTOMATION-SMTP (Siemens) 1) 2) AUTOMATION-TELNET (Siemens) 1) 2) AUTOMATION-TIME-MIB (Siemens) 1) 2) AUTOMATION-PS-MIB (Siemens) 1) 2) IF-MIB EtherLike-MIB MAU-MIB ENTITY-MIB Q-BRIDGE-MIB P-BRIDGE-MIB BRIDGE-MIB SNMPv2-MIB SNMP-COMMUNITY-MIB SNMP-USER-BASED-SM-MIB SNMP-VIEW-BASED-ACM-MIB SNMP-NOTIFICATION-MIB SNMP-TARGET-MIB SNMP-MPD-MIB RADIUS-ACC-CLIENT-MIB RADIUS-AUTH-CLIENT-MIB RMON-MIB IP-MIB TCP-MIB UDP-MIB DNS-RESOLVER-MIB IEEE802dot11-MIB IEEE 802.1AB 2005 LLDP-MIB (Siemens) 1) 2) LLDP-EXT-DOT1-MIB (Siemens) 1) 2) LLDP-EXT-DOT3-MIB (Siemens) 1) 2) LLDP-EXT-PNO-MIB (Siemens) 1) 2)
Root OID .1.3.6.1.4.1.4329.6.3.2 .1.3.6.1.4.1.4329.6.1.2.100.2 .1.3.6.1.4.1.4329.6.1.2.100.3 .1.3.6.1.4.1.4329.6.3.11 .1.3.6.1.4.1.4329.6.3.9 .1.3.6.1.4.1.4329.6.3.8 .1.3.6.1.4.1.4329.6.3.3 .1.3.6.1.4.1.4329.6.3.5 .1.3.6.1.2.1.2 .1.3.6.1.2.1.10.7.2 .1.3.6.1.2.1.26 .1.3.6.1.2.1.47 .1.3.6.1.2.1.17.7 .1.3.6.1.2.1.17.6 .1.3.6.1.2.1.17 .1.3.6.1.2.1.1 .1.3.6.1.6.3.18 .1.3.6.1.6.3.15 .1.3.6.1.6.3.16 .1.3.6.1.6.3.13 .1.3.6.1.6.3.12 .1.3.6.1.6.3.10.2.1 .1.3.6.1.2.1.67.2.2 .1.3.6.1.2.1.67.1.2 .1.3.6.1.2.1.16 .1.3.6.1.2.1.4 .1.3.6.1.2.1.6 .1.3.6.1.2.1.7 .1.3.6.1.2.1.32.2 .1.2.840.10036 .1.0.8802.1.1.2 .1.0.8802.1.1.2.1.5.32962 .1.0.8802.1.1.2.1.5.4623 .1.0.8802.1.1.2.1.5.3791
Reference Vendor specific Vendor specific Vendor specific Vendor specific Vendor specific Vendor specific Vendor specific Vendor specific RFC 2863 RFC 3635 RFC 4836 RFC 4133 RFC 2674q RFC 2674p RFC 4188 RFC 3418 RFC 3584 RFC 3414 RFC 3415 RFC 3413 RFC 3413 RFC 3412 RFC 2620 RFC 2618 RFC 2819 RFC 4292 RFC 4022 RFC 4113 RFC 1612 IEEE 802.11 Vendor specific Vendor specific Vendor specific Vendor specific
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
295
Appendix A "Supported MIB Modules" A.1 Supported MIB files
MIB SN-MSPS-SNMP-MIB (Siemens) 2) SN-MSPS-SCW-MIB (Siemens) 1) 2)
Root OID
Reference
.1.3.6.1.4.1.4329.20.1.1.1
Vendor specific
.1.3.6.1.4.1.4329.20.1.1.1.1.27.1.10. Vendor specific 19.3
1) Part of the AUTOMATION.MIB
You can download the AUTOMATION.MIB for SCALANCE W from Siemens Industry Automation and Drives Service & Support under the entry ID 67637278 (https://support.industry.siemens.com/cs/ww/en/view/67637278)
2) Part of the private MIB file "Scalance_w_msps.mib". The file can be downloaded in WBM using "System > Load&Save > HTTP > MIB" and the "Save" button.
296
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
B Appendix B "Private MIBs"
B
B.1
Private MIB variables
Downloading the MIB of the SCALANCE W via WBM
You can download the MIB of the SCALANCE W in WBM under "System > Load&Save > HTTP > MIB" using the "Save" button.
OID
The private MIB variables of the SCALANCE W have the following object identifier: iso(1).org(3).dod(6).internet(1).private(4). enterprises(1) siemens(4329) industrialComProducts(20) iComPlatforms(1) simaticNet(1) snMsps(1) snMspsCommon(1)
WLAN-specific MIB variables
The WLAN-specific MIB variables can be found in "snMspsWlan". You will find further information about the settings and values in the MIB file.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
297
Appendix B "Private MIBs" B.1 Private MIB variables
298
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
C Appendix C "Underlying Standards"
C
C.1
Underlying standards
Standards met by SCALANCE W devices completely or partly The following table lists some of the standards for SCALANCE W devices.
Name of the standard IEEE 802.1AB IEEE 802.1D-1998 IEEE 802.1Q IEEE 802.1W-2004 IEEE 802.1X IEEE 802.3-2002 IEEE 802.3af IEEE 802.11 IEEE 802.11a IEEE 802.11b/g IEEE 802.11e IEEE 802.11 h
IEEE 802.11i IEEE 802.11n IEEE 802.11ax IEEE 802.11ac IEEE 802.11w
Topic Link Layer Discovery Protocol (LLDP) Media Access Control (MAC), bridges Virtual Bridged LANs (VLAN Tagging, Port Based VLANs) Rapid Spanning Tree Protocol (RSTP) Port Based Network Access Control Ethernet Power over Ethernet (PoE) Wireless Local Area Network Wireless standard for use of the 5 GHz frequency band Wireless standard for use of the 2.4 GHz frequency band Quality of Service (QoS) Expansion of the spectrum and transmit power for use of the 5 GHz frequency range in Europe. Encryption of WLANS Standard for high transmission rates Wi-Fi6 Standard for very high transmission rates in the 5 GHz frequency band Standard for encryption of the transmitted management information for setup and operation of data connections
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
299
Appendix C "Underlying Standards" C.1 Underlying standards
300
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
D Appendix D "Log Messages"
D
D.1
Messages in the event log
Messages during system startup (general)
Alarm Warm start performed, Ver: V02.00.00 event/status summary after startup Power supply: � L1 is connected � L2 is not connected No line is monitored
MSTP disabled MSTP enabled No Fault states pending after startup
Description Type of startup and the loaded firmware version. Status of the power supplies line 1 and line 2.
Information about monitoring the power supply from the signaling system. Information on the status of the Spanning Tree protocol.
Fault state following system start.
Status of the power supply You enable or disable the "Power Change" event in "System > Events".
Alarm Power up on line 1 / 2 / PoE. Power down on line 1 / 2 / PoE.
Description Power supply exists on line 1, line 2 or PoE.. Power supply interrupted on line 1, line 2 or PoE.
Status of the Ethernet interface You enable or disable the "Link Change" event in "System > Events".
Alarm
Description
Link up on P1.
A connection exists on the Ethernet interface.
Link down on P1.
No connection exists on the Ethernet interface.
Link up on P1: <speed>
The speed that is currently present is >= 100 Mbps and full duplex (FD)
New fault state: "Result of autonegotiation on P1: The speed is < 100 Mbps or half duplex (HD) <speed>
Result of autonegotiation on P1: <speed>
Link up on P1: <speed>
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
301
Appendix D "Log Messages" D.1 Messages in the event log
Status of the WLAN interface (in access point mode only)
Messages
Link down up VAP X.Y.
Link down on VAP X.Y.
Overlap-AP found on WLAN X: AP <System Name> <MAC> found on channel <channel number.> <RSSI value>
Overlap-AP aged out on WLAN X: AP <System Name> <MAC> on channel <channel number.> <RSSI value>
DFS: Radar interference detected on WLANX at <channel frequency> MHz
DFS: start DFS scan on WLANX at new channel <channel frequency> MHz
DFS: finished DFS scan on WLANX at <channel frequency> MHz
DFS: <channel frequency> MHz aged out from NOL at WLANX and can be used again
DFS: Radar interference detected on WLANX at <channel frequency> MHz
DFS: No Channels are available al WLAN X.
The VAP interface Y on the WLAN interface X is enabled. The VAP interface Y on the WLAN interface X is disabled. A further access point was detected on the channel set for the WLAN interface X or on a neighboring channel.
The overlapping access point could not be detected during the configured aging time and was removed from the "Overlap AP" list.
If the access point discovers a radar signal on the current channel, it notifies the clients of the channel change. It then automatically switches to an alternative DFS channel and the current channel is blocked for 30 minutes.
No radar signal detected on the channel any longer. The channel was removed from the list of blocked channels and can be used again There is no free channel available, the WLAN interface X will be deactivated until one of the channels becomes available.
Status of the WLAN interface (in client mode only)
Messages Link up on WLAN X. Link down on WLAN X.
Description The WLAN interface X is enabled. The WLAN interface X is disabled.
Messages on configuration
Messages WBM: User {user name} failed to log in from {ip address}. Telnet: Authentication failure.
Restart requested Device configuration changed.
Description
When logging in with Web Based Management (WBM), the wrong password was entered. The event can be enabled or disabled in "System -> Events" (Authentication Failure).
When logging in via Telnet, the wrong password was entered. The event can be enabled or disabled in "System -> Events" (Authentication Failure).
Restart due to a user request. The event can be enabled or disabled in "System -> Events" (Cold/Warm Start).
The configuration was changed.
302
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Appendix D "Log Messages" D.1 Messages in the event log
Messages about file upload or download
Messages
File upload via HTTP(S): load of FileType <file type> OK restart required
File upload via HTTP(S): load of FileType<file type> OK
File upload via HTTP(S): validation of FileType <file type> IDENTICAL
File upload via HTTP(S): validation of FileType <file type> FAILED
File upload via TFTP: load of FileType <file type> OK restart required
File upload via TFTP: load of FileType <file type> OK
File upload via TFTP: validation of FileType <file type> IDENTICAL
File upload via TFTP: validation of FileType <file type> FAILED
File upload via TFTP: file transfer of FileType <file type> FAILED
File upload via TFTP: file transfer of FileType <file type> failed. Cannot connect to given IP address
File download via TFTP: file transfer of FileType <file type> failed. Cannot connect to given IP address
Description Loading the file via HTTP(S) was successful. A restart is required.
Loading the file via HTTP(S) was successful.
Loading the file via HTTP(S) was successful. The file is identical to the existing file. Loading the file via HTTP(S) failed. The file contains errors or is invalid.
Loading the file using TFTP was successful. A restart is required.
Loading the file using TFTP was successful.
Loading the file using TFTP was successful. The file is identical to the existing file. Loading the file using TFTP failed. The file contains errors or is invalid.
Loading the file using TFTP failed. The file name is incorrect or the file does not exist on the server. Loading the file using TFTP failed. The TFTP server cannot be reached or the settings are incorrect. Saving the file using TFTP failed. The TFTP server cannot be reached or the settings are incorrect.
Messages error status
Messages
New Fault state:<fault description> <fault description>:"Warm start performed." "Cold start performed." "Link down on P1." "Link up on P1." "Power down on line L1 (L2)" "DFS: No channels are available at WLAN2" Fault state gone: <fault description> <fault description>:"Warm start performed." "Cold start performed." "Link down on P1." "Link up on P1." "Power down on line L1 (L2)" "DFS: No channels are available at WLAN2" "PLUG not accepted. See System PLUG mask for details." New Fault state (reconfiguration): <fault description> <fault description>:"Link down on P1." "Link up on P1." "Power down on line L1 (L2)"
Description You configure the events in "System > Events". You configure the monitoring of the power supply and the link on the Ethernet port in "System > Fault Monitoring". Incoming fault. Not all events automatically lead to a fault. On the "Events" WBM page, you specify which events will be logged, for example device restart, changed link on the Ethernet port.
Outgoing fault
Incoming fault. The event was triggered due to a change in the configuration.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
303
Appendix D "Log Messages" D.1 Messages in the event log
Messages
Fault state gone (reconfiguration): <fault description>
<fault description>:"Link down on P1." "Link up on P1." "Power down on line L1 (L2)"
Fault state: <fault description> cleared.
<fault description>:"Warm start performed" "Cold start performed".
Description Outgoing fault. The event was triggered due to a change in the configuration.
Fault was acknowledged by the user.
Messages about MSTP
Messages
Spanning Tree: topology change detected.
Spanning Tree: new root bridge xx:xx:xx:xx:xx:xx detected.
Description
You enable or disable the "Spanning Tree" event in "System > Events"
The topology of the network has changed; the network will be reorganized.
The topology of the network has changed; there is a new root bridge with MAC address xx:xx:xx:xx:xx:xx in the network.
Messages about security
Messages RADIUS: Access accepted / rejected for client <MAC>.
Description The authentication of the client was successful or not successful.
Messages about message system
Messages Syslog-Server not reachable! Unable to send messages to syslog server. Please check syslog socket configuration. Unable to send e-mail(s) because of IP connection failure. Unable to send e-mail(s) because of SMTP authentication failure. Unable to send e-mail(s) because SMTP message transfer failed.
SNMP: Authentification failure.
IP communication is possible. Remote logging activated. IP communication is not possible. Remote logging deactivated. Please check IP configuration and network connectivity.
Description The configured Syslog server is not accessible. The syslog server configuration is incomplete.
Sending of e-mail(s) failed. SMTP server cannot be reached (e.g. network connection interrupted). Sending of e-mail(s) failed. Authentication of the client on the SMTP server incorrect. Sending of e-mail(s) failed. SMTP server can be reached, configuration incomplete or contains errors (e.g. receiver e-mail address wrong / does not exist). Authentication of an SNMP client failed; access not possible (e.g. SNMPv1/v2 read-only configured or Read Community String incorrectly configured). IP communication is possible. Remote logging is activated.
IP communication is not possible. Remote logging is deactivated. Check whether or not the device has an IP address.
304
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Appendix D "Log Messages" D.1 Messages in the event log
Messages during system startup (PLUG)
Alarm
Startup configuration: Internal storage PLUG: Not present
Startup configuration: Internal storage PLUG: Missing PLUG: License missing
Startup configuration: Internal storage PLUG: Configuration not accepted PLUG: License missing
Startup configuration: Internal storage PLUG: Factory clean filled with internal configuration PLUG: Configuration accepted PLUG: License accepted
Startup configuration: Internal storage
PLUG: Factory clean filled with internal configuration
PLUG: Configuration accepted
Startup configuration: PLUG storage PLUG: Configuration accepted PLUG: License accepted
Startup configuration: PLUG storage PLUG: Configuration accepted
Description
There is no PLUG inserted. There is no PLUG inserted. Functions are configured on the device for which a PLUG License (CLP) is required. Invalid or incompatible configuration on the inserted PLUG. Functions are configured on the device for which a PLUG License (CLP) is required. The internal configuration was written successfully to an empty PLUG License (CLP).
The internal configuration was written successfully to an empty PLUG Configuration (CLP).
The configuration was loaded successfully from the PLUG License (CLP).
The configuration was loaded successfully from the PLUG Configuration (CLP).
Messages about PLUG
Messages An empty PLUG was found. PLUG: Filled PLUG was found. PLUG: Configuration Accepted PLUG: Removed at runtime.
PLUG accepted.
Description There is an empty or formatted PLUG in the device. There is a valid PLUG with a valid configuration in the device.
The PLUG License (CLP) or the PLUG Configuration (CLP) was removed during operation. PLUG was accepted.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
305
Appendix D "Log Messages" D.2 Messages in the WLAN Authentication Log
D.2
Messages in the WLAN Authentication Log
Messages in access point mode
Alarm
Client <MAC address> <system name> associated successfully. Client <MAC address> <system name> disassociated with reason <reason description> VAP<Num>: Client <MAC> failed to associated; status (<text>) VAP<Num>: Client <MAC> disassociated with reason (<text>) VAP<Num>: Client <MAC>deauthenticated with reason (<text>) VAP<number> Client <MAC> failed to authenticate; status (<text>) VAP<Num>: Client <MAC> failed to disassociated; status (<text>) VAP<Num>: Client <MAC> associated successfully
RADIUS: Access rejected for client <MAC> RADIUS: Access accepted for client <MAC>
Description The client has logged in successfully on the access point.
The client was logged off from the access point.
The connection of the client to the VAP has failed. The reason is displayed as text. The client was successfully disconnected from the VAP. The reason is displayed as text. The client was logged off from the AP. The reason is displayed as text. The authentication of the client failed. The reason is displayed as text. The connection of the client could not be terminated. The reason is displayed as text. The client has connected successfully to the VAP or the client has logged on successfully to the VAP. The RADIUS server denies the client access. The RADIUS server allows the client access.
Messages in client mode
Alarm Associated successfully to AP <MAC address> <system name> at channel <channel number> (frequency <frequency> MHz) Disassociated from AP <MAC address> <'system name'> with reason (Disassociated because sending STA is leaving (or has left) BSS) Failed to authenticate to AP <MAC>; status (<text>)
Failed to disassociate from AP <MAC>; status (<text>)
Failed to associate to AP <MAC>; status (<text>)
Description The client has logged in successfully on the access point.
The client was logged off from the access point.
The authentication of the client with the access point failed. The reason is displayed as text. The connection of the client to the access point could not be terminated. The reason is displayed as text. The connection of the client to the access point has failed. The reason is displayed as text.
306
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
E
Appendix E "Syslog Messages"
E
E.1
Format of the syslog messages
The devices generate Syslog messages (UDP default port 514) according to RFC 5424 that contain the following boxes.
HEADER
� TIMESTAMP according to RFC 3339
� Host name
� APPNAME, PROCID and MSGID: If no information is known, the "-" character is output.
PRIORITY
PRIORITY contains the coded priority of the Syslog message broken down into a Severity and Facility box.
� Facility
� Severity
VERSION
� Set to 1.
HOSTNAME_CONTENT:
� IPv4 address according to RFC1035: Each byte is represented in decimal, with a dot separating it from the previous one. XXX.XXX.XXX.XXX
� IPv6 address according to RFC4291 Section 2.2
STRUCTURED DATA
� timeQuality block
MESSAGE:
� ASCII string in English
Note Additional information about the meaning of the boxes is available in RFC 5424.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
307
Appendix E "Syslog Messages" E.2 Parameters in Syslog messages
E.2
Parameters in Syslog messages
The Syslog messages can contain the following parameters:
Parameter ip address
src port dest port client mac dest mac src mac protocol
group user name
action user name
role time minute timeout time second failed login count max sessions vap
status reason
wlan interface ssid
channel
Description
IPv4 or IPv6 address
Port that is shown as decimal number. Format: %d MAC address Format: %02x:%02x:%02x;%02x:%02x:%02x
Possible values or example IP address according to RFC1035 or RFC4291 Section 2.2 0 ... 65535
00:0C:29:2F:09:B3
Name of the service that has generated this event or of the Layer 4 protocol used. Format: %s
String that identifies the group based on its name Format: %s String that identifies the authenticated user based on his/her name without spaces Format: %s Identifies the user based on his/her name This is not the authenticated user. Format: %s Symbolic name for the group role Format: %s Number of minutes Format: %d Number of seconds Format: %d Number of failed logins Format: %d Number of sessions Format: %d Symbolic name of the virtual access point interface Format: (%s) or (%s %s) Additional status information as legible string. It can contain multiple words. The string must start with " and end with " so that it can be analyzed. Symbolic name of the WLAN interface Format: %s SSID in ASCII representation any number of spaces Format: %s Name of the channel Format: %s
Possible entries of: UDP | TCP | WBM | Telnet | SSH | Console | TFTP | SFTP it-service maier
Peter.Maier
Administrator 44 44 10 10 VAP1.1
(Invalid group cipher) (Unknown peer) WLAN1 MyWLAN
12
308
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Appendix E "Syslog Messages" E.2 Parameters in Syslog messages
Parameter
Description
signal strength version
length network interface
Signal strength Format: %d Name of the version without spaces Format: %s Length of the network packet (in bytes) Format: %d Symbolic name of a network interface Format: %s
Possible values or example 12 V1.0.3SP1
52 vlan 1
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
309
Appendix E "Syslog Messages" E.3 Syslog messages
E.3
Syslog messages
This section describes selected Syslog messages. The selection is based on IEC 62443-3-3. This means you can integrate these events into a central monitoring system (SIEM).
Identification and authentication of human users
Log text Standard Description Example Severity Facility
{protocol}: User {user name} logged in from {ip address}. IEC 62443-3-3 Reference: SR1.1 Valid login information that is specified during remote login. WBM: User admin logged in from 192.168.0.1. Info local0
Log text Standard Description Example Severity Facility
{protocol}: Default user {user name} logged in from {ip address}. IEC 62443-3-3 Reference: n/a (NERC-CIP 007-R5) User logged in with default user name and password. SSH: Default user admin logged in from 192.168.0.1. Info local0
Log text Standard Description Example Severity Facility
{protocol}: User {user name} logged out from {ip address}. IEC 62443-3-3 Reference: SR1.1 User session completed - logged out. SSH: User admin logged out from 192.168.0.1. Info local0
Log text Standard Description
Example Severity Facility
{protocol}: User {user name} failed to log in from {ip address}. IEC 62443-3-3 Reference: SR1.1 Incorrect user name or incorrect password (login information) specified during remote login. SSH: User testuser failed to log in from 192.168.0.1. Warning local0
User account management
Log text Standard Description Example Severity Facility
{protocol}: User {user name} changed own password. IEC 62443-3-3 Reference: SR1.3 User has changed own password. WBM: User admin changed own password. Info local0
310
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Appendix E "Syslog Messages" E.3 Syslog messages
Log text Standard Description Example Severity Facility
{protocol}: User {user name} changed password of user {action user name}. IEC 62443-3-3 Reference: SR1.3 User has changed other password. WBM: User admin changed password of user test. Info local0
Log text Standard Description Example Severity Facility
{protocol}: User {user name} created user-account {action user name}. IEC 62443-3-3 Reference: SR1.3 The administrator created a new account. WBM: User admin created user-account joachim. Info local0
Log text Standard Description Example Severity Facility
{protocol}: User {user name} deleted user-account {action user name}. IEC 62443-3-3 Reference: SR1.3 The administrator deleted an existing account. WBM: User admin deleted user-account joachim. Info local0
Management of the identifiers
Log text Standard Description Example Severity Facility
{protocol}: User {user name} created group {group} and assigned to role {role}. IEC 62443-3-3 Reference: SR1.4 The administrator has created a group and assigned it to a role. WBM: User admin created group it-service and assigned to role service. Info local0
Log text Standard Description Example Severity Facility
User {user name} deleted group {group} and the role {role} assignment. IEC 62443-3-3 Reference: SR1.4 The administrator has deleted an existing group and the role assignment. WBM: User admin deleted group it-service and the role service assignment. Info local0
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
311
Appendix E "Syslog Messages" E.3 Syslog messages
Failed login attempts
Log text
Standard Description
Example
Severity Facility
User {user name} account is locked for {time} minutes after {failed login count} unsuccessful login attempts.
IEC 62443-3-3 Reference: SR1.11
If there are too many failed logins, the corresponding user account was locked for a specific period of time.
User admin account is locked for 10 minutes after 30 unsuccessful login attempts.
Warning
local0
Usage control of wireless connections (connection over WLAN)
Log text Standard Description Example Severity Facility
{vap}: Client {client mac} associated successfully. IEC 62443-3-3 Reference: SR 2.2 WLAN client connected to AP. VAP1.1: Client 18:65:90:ab:78:f4 associated successfully. Info local0
Log text
Standard Description Example
Severity Facility
Overlap-AP found on {wlan interface}: AP {ssid} {ap mac} found on channel {chan- nel} rssi {signal strength}. IEC 62443-3-3 Reference: SR 2.2
Radio frequency is already in use. Overlap-AP found on WLAN 1: AP scalance 20:a8:b9:80:44:80 found on channel 11 rssi 12. Info
local0
Log text Standard Description Example
Severity Facility
{vap}: Client {client mac} disassociated with reason {reason}. IEC 62443-3-3 Reference: SR 2.2 WLAN client disconnected from AP. VAP1.1: Client 18:65:90:ab:78:f4 disassociated with reason (Disassociated because sending STA is leaving or has left BSS). Info local0
Log text Standard Description Example
{vap}: Client {client mac} failed to associate, status {status}.
IEC 62443-3-3 Reference: SR 2.2 WLAN client connection to AP denied.
VAP1.1: Client 18:65:90:ab:78:f4 failed to associate, status (Invalid group cipher).
312
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Appendix E "Syslog Messages" E.3 Syslog messages
Severity Facility
Warning local0
Log text Standard Description Example
Severity Facility
{vap}: Client {client mac} failed to authenticate, status {status}. IEC 62443-3-3 Reference: SR 2.2 The WLAN client was not able to authenticate itself. VAP1.1: Client 18:65:90:ab:78:f4 failed to authenticate, status (Invalid group cipher). Warning local0
Log text Standard Description Example Severity Facility
RADIUS: {ip address} - No response from the RADIUS server. IEC 62443-3-3 Reference: SR 2.2 RADIUS server not found. RADIUS: 192.168.0.10 - No response from the RADIUS server. Warning local0
Session lock
Log text Standard Description Example Severity Facility
The session of user {user name} was closed after {time} seconds of inactivity. IEC 62443-3-3 Reference: SR2.5 The current session was locked due to inactivity. The session of user admin was closed after 60 seconds of inactivity. Warning local0
Limiting the number of simultaneous sessions
Log text
Standard Description Example Severity Facility
{protocol}: The maximum number of {max sessions} concurrent login session exceeded. IEC 62443-3-3 Reference: SR2.7 The maximum number of parallel connections is exceeded. WBM: The maximum number of 8 concurrent login session exceeded. Warning local0
Non-deniability (change configuration)
Log text Standard Description Example
Device configuration changed. IEC 62443-3-3 Reference: SR2.12 The device configuration has been changed permanently. Device configuration changed.
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
313
Appendix E "Syslog Messages" E.3 Syslog messages
Severity Facility
Info local0
Data backup in automation system (backup)
Log text Standard Description Example Severity Facility
{protocol}: User {user name} saved file type ConfigPack IEC 62443-3-3 Reference: SR7.3 Backup completed WBM: User admin saved file type ConfigPack.. Info local0
Log text Standard Description Example Severity Facility
{protocol}: Saved file type ConfigPack. IEC 62443-3-3 Reference: SR7.3 Backup completed TFTP: Saved file type ConfigPack Info local0
Log text Standard Description Example Severity Facility
{protocol}: User {user name} failed to save file type ConfigPack. IEC 62443-3-3 Reference: SR7.3 Backup failed WBM: User admin failed to save file type ConfigPack. Warning local0
Log text Standard Description Example Severity Facility
{protocol}: Failed to save file type ConfigPack. IEC 62443-3-3 Reference: SR7.3 Backup failed TFTP: Failed to save file type ConfigPack. Warning local0
Restoration of the automation system
Log text Standard Description Example Severity Facility
{protocol}: Loaded file type Firmware {version} (restart required). IEC 62443-3-3 Reference: SR7.4 Firmware update was successfully uploaded. TFTP: Loaded file type Firmware V02.00.00 (restart required). Info local0
314
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Appendix E "Syslog Messages" E.3 Syslog messages
Log text
Standard Description Example Severity Facility
{protocol}: User {user name} loaded file type Firmware {version} (restart required). IEC 62443-3-3 Reference: SR7.4 Firmware update was successfully uploaded. WBM: User admin loaded file type Firmware V02.00.00 (restart required). Info local0
Log text Standard Description Example Severity Facility
{protocol}: Failed to load file type Firmware. IEC 62443-3-3 Reference: SR7.4 Error loading the firmware update. WBM: Failed to load file type Firmware. Warning local0
Log text Standard Description Example Severity Facility
{protocol}: Loaded file type Config (restart required). IEC 62443-3-3 Reference: SR7.4 The configuration is applied. TFTP: Loaded file type Config (restart required). Info local0
Log text Standard Description Example Severity Facility
{protocol}: Loaded file type ConfigPack (restart required). IEC 62443-3-3 Reference: SR7.4 The configuration is applied. TFTP: Loaded file type ConfigPack (restart required). Info local0
Log text Standard Description Example Severity Facility
{protocol}: User {user name} loaded file type Config (restart required). IEC 62443-3-3 Reference: SR7.4 The configuration is applied. WBM: User admin loaded file type Config (restart required). Info local0
Log text Standard Description Example Severity Facility
{protocol}: User {user name} loaded file type ConfigPack (restart required). IEC 62443-3-3 Reference: SR7.4 The configuration is applied. WBM: User admin loaded file type ConfigPack (restart required). Info local0
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
315
Appendix E "Syslog Messages" E.3 Syslog messages
316
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
F
Appendix F (Supported Security Mechanisms)
F
F.1
WLAN security mechanisms
The following table shows the encryption methods and authentication that the SCALANCE W devices support.
Encryption method
None
WPA-TKIP
WPA-AES
Authentication
Password / PSK
IEEE 802.1X EAP PEAP
IEEE 802.1X EAP TLS
IEEE 802.1X EAP TTLS
IEEE 802.1X EAP others
-
EAP protocol: MS-CHAPv2
EAP protocol: TLS
EAP protocol: GTC
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
317
Appendix F (Supported Security Mechanisms) F.2 Security mechanisms supported for RADIUS authentication.
F.2
Security mechanisms supported for RADIUS authentication.
The following table shows cipher suites and signature algorithms that SCALANCE W devices support for RADIUS authentication.
Default setting TLS 1.2
Table F- 1 WPA/WPA2 RADIUS authentication
Cipher suite TLS 1.0/1.1 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256 TLS 1.2 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305
Signature algorithm
ECDSA with SHA256 ECDSA with SHA384 ECDSA with SHA512 ECDSA with SHA224 ECDSA with SHA1 SHA224 with RSA SHA1 with RSA DSA with SHA224 DSA with SHA1 ECDSA with SHA256 ECDSA with SHA384 ECDSA with SHA512 EdDSA ed25519 EdDSA ed448 RSASSA-PSS with SHA256 RSASSA-PSS (rsaEncryption) with SHA384 RSASSA-PSS (rsaEncryption) with SHA512 SHA256 with RSA SHA384 with RSA SHA512 with RSA DSA with SHA256 DSA with SHA384 DSA with SHA512
EdDSA ed25519 EdDSA ed448 RSASSA-PSS with SHA256 RSASSA-PSS with SHA384 RSASSA-PSS with SHA512 RSASSA-PSS (rsaEncryption) with SHA256
318
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Appendix F (Supported Security Mechanisms) F.2 Security mechanisms supported for RADIUS authentication.
Cipher suite ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256
Signature algorithm RSASSA-PSS (rsaEncryption) with SHA384 RSASSA-PSS (rsaEncryption) with SHA512 SHA256 with RSA SHA384 with RSA SHA512 with RSA DSA with SHA256 DSA with SHA384 DSA with SHA512
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
319
Appendix F (Supported Security Mechanisms) F.2 Security mechanisms supported for RADIUS authentication.
320
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Index
A
Access point Overlapping channels, 110 Overview, 102 Overview of associated stations, 112
Aging Dynamic MAC Aging, 228
Article number, 75 Authentication, 159 Available system functions, 36
B
Basic MAC address, 75 Bridge priority, 43
C
Client Available access points, 106 Overview, 104
Client Supplicant, 277 CLP
Formatting, 192 Saving the configuration, 192 Collisions, 90 Configuration manuals, 290 Configuration mode, 121 Configuring the network via Ethernet Connecting to network, 54 CRC, 90
D
DCP Discovery, 196 DCP server, 119, 240 Default routes
IPv6 routes, 252 DHCP
Client, 154 DNS Client, 126 DNS domain, 127 DST
Daylight saving time, 170, 172
E
Error status, 82 Ethernet statistics
Interface statistics, 87 Event
Log table, 78 Event log table, 78
F
Factory defaults, 289 Factory setting, 289 Fault monitoring
Connection status change, 187 Forward Delay, 231 Fragments, 90
G
Geographic coordinates, 123 Glossary, 13 Groups, 259
H
Hardware version, 75 HTTP
Server, 118 HTTPS
Server, 118
I
Information ARP table, 76 Groups, 101 IPv6 Neighbor Table, 77 LLDP, 92 Log tables, 78 Role, 100 Security, 97, 99 SNMP, 96, 96 Spanning Tree, 83
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
321
Index
Start page, 67 Versions, 73 IP address Assignment with STEP 7, 57 IP mapping, 108 iPRP Configuration, 279 Information, 114 IPv4 routing Routing table, 94 IPv6 Notation, 59 IPv6 routing Default routes, 252 Routing table, 95
J
Jabbers, 90
L
LLDP, 92, 241 Local users, 254 Location, 123 Log tables
WLAN authentication log, 80 Logging in
via HTTP, 63 via HTTPS, 63 Logout Automatic, 183
M
Maintenance data, 75 MSTP, 236
Port, 232 Port parameters, 238 MSTP instance, 238, 238 Multichannel configuration, 18 Multiple Spanning Tree, 232, 236
N
Negotiation, 200 NTP
Client, 179
322
O
Oversize, 90 Overview
Access point, 102 Associated stations, 112 Available access points, 106 Clients, 104 Overlap APs, 110 Overlapping channels, 110
P
Packet error statistics, 90 Password, 261 Ping, 195 PLUG, 190
PLUG License, 194 PLUG License
iFeatures, 194 point-to-point, 44 Port
Port configuration, 199, 202 Port configuration, 202 Power supply
Monitoring, 186 PROFINET, 38, 189 PROFINET IO, 38
R
RADIUS, 264 Reboot, 128 Redundant networks, 230 Reset, 128 Reset device, 289 Restore Factory Defaults, 289 Roles, 257 Root bridge, 43 Routing, 247
IPv4 routing table, 94 IPv6 routing table, 95 Static routes, 247
S
Security settings, 161 Serial number, 75 SFTP
Load/save, 140 SHA algorithm, 162
SCALANCE W700 according to IEEE 802.11ax Web Based Management
Configuration Manual, 04/2021, C79000-G8976-C618-01
SIMATIC NET glossary, 13 SINEC PNI, 240 SMTP
Client, 119 SNMP, 40, 120, 156, 161
Groups, 160 Overview, 96 SNMPv1, 40 SNMPv2c, 40 SNMPv3, 40 Trap, 165 SNMPv3 Access, 161 Groups, 160 Notifications, 165 Users, 158 Views, 163 Software revision, 75 Spanning Tree Information, 83 Rapid Spanning Tree, 44 SSH Server, 117 Standalone configuration, 16 Start page, 67 STEP 7, 240 Subnets Configuration (IPv4), 245 Syslog, 184 Client, 119 System Configuration, 116 General information, 122 System event log Agent, 184 System events Configuration, 145 Severity filter, 148
Time-of-day synchronization, 176 UTC time, 178
U
Undersize, 90 User groups, 259
V
Vendor, 75 Vendor ID, 75 VLAN, 39
Port VID, 226 Priority, 226 Tag, 226
W
Web Based Management, 61 Requirement, 61
Wireless access, 17
T
Telnet Server, 117, 117
TFTP Load/save, 137
Time, 120, 120 Time of day
Manual setting, 168 SIMATIC Time Client, 181 SNTP (Simple Network Time Protocol), 176 System time, 168 Time zone, 178
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01
Index 323
Index
324
SCALANCE W700 according to IEEE 802.11ax Web Based Management Configuration Manual, 04/2021, C79000-G8976-C618-01