Siemens SCALANCE W1780, SCALANCE W1740 Configuration Manual

Introduction

SIMATIC NET

Industrial Wireless LAN SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

Configuration Manual

Description

Security recommendations

Technical basics

IP addresses

Configuring with Web Based Management

Upkeep and maintenance

Troubleshooting/FAQ

Appendix A

Appendix B

Appendix C

Appendix D

Appendix E

11/2019

C79000-G8976-C485-03

Legal information Warning notice system

This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.

DANGER

indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING

indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION

indicates that minor personal injury can result if proper precautions are not taken.

NOTICE indicates that property damage can result if proper precautions are not taken.

If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.

Qualified Personnel

The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.

Proper use of Siemens products

Note the following:

WARNING

Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed.

Trademarks

All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of Liability

We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.

Siemens AG Digital Industries Postfach 48 48 90026 NÜRNBERG GERMANY

C79000-G8976-C485-03 Ⓟ 12/2019 Subject to change

1 Introduction...................................................................................................................................................9

1.1 Information on the Configuration Manual .................................................................................9

1.2 Type designations ..................................................................................................................13

2 Description..................................................................................................................................................15

2.1 Network structures .................................................................................................................15

2.2 Possible applications..............................................................................................................18

2.3 Product characteristics...........................................................................................................19

2.4 IEEE 802.11n/ac ....................................................................................................................20

2.5 IEEE 802.11r..........................................................................................................................23

2.6 Requirements for installation and operation...........................................................................23

2.7 Configuration License PLUG (CLP) .......................................................................................24

2.8 PRESET PLUG ......................................................................................................................25

2.9 Power over Ethernet (PoE) ....................................................................................................25

3 Security recommendations .........................................................................................................................29

4 Technical basics .........................................................................................................................................33

4.1 Configuration limits.................................................................................................................33

4.2 Interfaces and system functions.............................................................................................34

4.3 EtherNet/IP.............................................................................................................................36

4.4 PROFINET .............................................................................................................................37

4.5 VLAN......................................................................................................................................37

4.6 SNMP.....................................................................................................................................38

4.7 Spanning Tree........................................................................................................................40

4.7.1 RSTP, MSTP, CIST ...............................................................................................................41

4.8 User management..................................................................................................................42

4.9 iFeatures ................................................................................................................................44

4.9.1 iPRP .......................................................................................................................................44

5 IP addresses...............................................................................................................................................47

5.1 IPv4 / IPv6..............................................................................................................................47

5.2 IPv4 address ..........................................................................................................................49

5.2.1 Structure of an IPv4 address..................................................................................................49

5.2.2 Initial assignment of an IPv4 address ....................................................................................51

5.2.3 Address assignment via DHCPv4 ..........................................................................................51

5.2.4 Address assignment with the Primary Setup Tool .................................................................52

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 3

Table of contents

5.2.5 Address assignment with STEP 7..........................................................................................53

5.3 IPv6 address ..........................................................................................................................53

5.3.1 IPv6 terms ..............................................................................................................................53

5.3.2 Structure of an IPv6 address..................................................................................................54

6 Configuring with Web Based Management ................................................................................................57

6.1 Web Based Management.......................................................................................................57

6.2 Login ......................................................................................................................................59

6.3 "Wizard" menu .......................................................................................................................61

6.3.1 Basic Wizard ..........................................................................................................................61

6.3.1.1 System Settings .....................................................................................................................62

6.3.1.2 Country Settings.....................................................................................................................64

6.3.1.3 IP Address Settings................................................................................................................65

6.3.1.4 Management Interfaces .........................................................................................................66

6.3.1.5 Antenna Settings....................................................................................................................67

6.3.1.6 Radio Settings........................................................................................................................69

6.3.1.7 Access Point Settings ............................................................................................................71

6.3.1.8 Client Settings ........................................................................................................................73

6.3.1.9 Client Allowed Channel Settings ............................................................................................75

6.3.1.10 Security settings.....................................................................................................................77

6.3.1.11 Dot1x Supplicant Settings ......................................................................................................80

6.3.1.12 Dot1x RADIUS Server Settings..............................................................................................81

6.3.1.13 Summary of Settings..............................................................................................................82

6.4 "Information" menu.................................................................................................................84

6.4.1 Start page...............................................................................................................................84

6.4.2 Versions .................................................................................................................................90

6.4.3 I&M.........................................................................................................................................91

6.4.4 ARP / neighbors .....................................................................................................................93

6.4.4.1 ARP-Tabelle...........................................................................................................................93

6.4.4.2 IPv6 Neighbor Table ..............................................................................................................94

6.4.5 Log Tables .............................................................................................................................95

6.4.5.1 Event log ................................................................................................................................95

6.4.5.2 WLAN authentication log........................................................................................................97

6.4.6 Faults .....................................................................................................................................98

6.4.7 Redundancy ...........................................................................................................................99

6.4.8 Ethernet Statistics ................................................................................................................103

6.4.8.1 Interface Statistics................................................................................................................103

6.4.8.2 Packet Size ..........................................................................................................................104

6.4.8.3 Packet Type .........................................................................................................................105

6.4.8.4 Packet Error .........................................................................................................................106

6.4.9 Learning Table .....................................................................................................................107

6.4.10 LLDP ....................................................................................................................................108

6.4.11 IPv4 Routing.........................................................................................................................109

6.4.12 IPv6 Routing.........................................................................................................................110

6.4.13 DHCP-Server .......................................................................................................................111

6.4.14 SNMP...................................................................................................................................112

6.4.15 Security ................................................................................................................................113

6.4.15.1 Overview ..............................................................................................................................113

6.4.15.2 Supported Function Rights...................................................................................................115

6.4.15.3 Roles ....................................................................................................................................115

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

4 Configuration Manual, 11/2019, C79000-G8976-C485-03

Table of contents

6.4.15.4 Groups .................................................................................................................................116

6.4.15.5 Inter AP Blocking..................................................................................................................117

6.4.16 WLAN...................................................................................................................................118

6.4.16.1 Overview AP ........................................................................................................................118

6.4.16.2 Overview Client ....................................................................................................................120

6.4.16.3 Client List .............................................................................................................................122

6.4.16.4 Available AP.........................................................................................................................124

6.4.16.5 IP Mapping Table .................................................................................................................125

6.4.16.6 WDS List ..............................................................................................................................126

6.4.16.7 Overlap AP...........................................................................................................................128

6.4.16.8 Force Roaming.....................................................................................................................129

6.4.17 WLAN statistics ....................................................................................................................131

6.4.17.1 Error .....................................................................................................................................131

6.4.17.2 Management Sent................................................................................................................133

6.4.17.3 Management Received ........................................................................................................135

6.4.17.4 Data Sent .............................................................................................................................137

6.4.17.5 Data Received......................................................................................................................138

6.4.18 WLAN iFeatures...................................................................................................................139

6.4.18.1 iPRP .....................................................................................................................................139

6.5 "System" menu.....................................................................................................................140

6.5.1 Configuration........................................................................................................................140

6.5.2 General ................................................................................................................................143

6.5.2.1 Device ..................................................................................................................................143

6.5.2.2 Coordinates..........................................................................................................................144

6.5.3 Agent IPv4 / IPv6 .................................................................................................................145

6.5.4 DNS......................................................................................................................................146

6.5.4.1 DNS Client ...........................................................................................................................146

6.5.4.2 DNS Domain ........................................................................................................................147

6.5.5 Restart..................................................................................................................................149

6.5.6 Commit Control ....................................................................................................................151

6.5.7 Load & Save.........................................................................................................................152

6.5.7.1 File list ..................................................................................................................................152

6.5.7.2 HTTP....................................................................................................................................155

6.5.7.3 TFTP ....................................................................................................................................158

6.5.7.4 SFTP ....................................................................................................................................160

6.5.7.5 Passwords............................................................................................................................164

6.5.8 Events ..................................................................................................................................166

6.5.8.1 Configuration........................................................................................................................166

6.5.8.2 Severity Filters .....................................................................................................................169

6.5.9 SMTP client..........................................................................................................................170

6.5.9.1 General ................................................................................................................................170

6.5.9.2 Recipient ..............................................................................................................................172

6.5.10 DHCPv4 ...............................................................................................................................174

6.5.10.1 DHCP Client.........................................................................................................................174

6.5.10.2 DHCP Server .......................................................................................................................175

6.5.10.3 DHCP Options......................................................................................................................177

6.5.10.4 Static Leases........................................................................................................................179

6.5.11 SNMP...................................................................................................................................181

6.5.11.1 General ................................................................................................................................181

6.5.11.2 Traps ....................................................................................................................................184

6.5.11.3 v3 Groups.............................................................................................................................185

6.5.11.4 v3 users................................................................................................................................187

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 5

Table of contents

6.5.12 System Time ........................................................................................................................189

6.5.12.1 Manual Setting .....................................................................................................................190

6.5.12.2 DST Overview ......................................................................................................................191

6.5.12.3 DST Configuration................................................................................................................193

6.5.12.4 SNTP Client .........................................................................................................................196

6.5.12.5 NTP Client............................................................................................................................199

6.5.12.6 SIMATIC Time Client ...........................................................................................................201

6.5.13 Auto Logout..........................................................................................................................202

6.5.14 Syslog Client ........................................................................................................................203

6.5.15 Fault Monitoring ...................................................................................................................205

6.5.15.1 Power Supply .......................................................................................................................205

6.5.15.2 Link Change .........................................................................................................................206

6.5.16 PROFINET ...........................................................................................................................208

6.5.17 EtherNet/IP...........................................................................................................................209

6.5.18 PLUG ...................................................................................................................................210

6.5.18.1 Configuration........................................................................................................................210

6.5.18.2 License.................................................................................................................................213

6.5.19 Ping ......................................................................................................................................215

6.5.20 DCP Discovery.....................................................................................................................216

6.6 "Interfaces" menu.................................................................................................................219

6.6.1 Ethernet................................................................................................................................219

6.6.1.1 Overview ..............................................................................................................................219

6.6.1.2 Configuration........................................................................................................................220

6.6.2 WLAN...................................................................................................................................223

6.6.2.1 Basic ....................................................................................................................................223

6.6.2.2 Advanced .............................................................................................................................228

6.6.2.3 Antennas ..............................................................................................................................230

6.6.2.4 Allowed Channels ................................................................................................................235

6.6.2.5 802.11n/ac ...........................................................................................................................237

6.6.2.6 Client ....................................................................................................................................238

6.6.2.7 Signal recorder.....................................................................................................................242

6.6.2.8 AP ........................................................................................................................................251

6.6.2.9 AP WDS ...............................................................................................................................254

6.6.2.10 Force Roaming.....................................................................................................................257

6.6.3 Remote Capture ..................................................................................................................258

6.7 "Layer 2" menu.....................................................................................................................261

6.7.1 VLAN....................................................................................................................................261

6.7.1.1 General ................................................................................................................................261

6.7.1.2 Port Based VLAN .................................................................................................................265

6.7.2 Dynamic MAC Aging ............................................................................................................268

6.7.3 Spanning Tree......................................................................................................................269

6.7.3.1 General ................................................................................................................................269

6.7.3.2 CIST General .......................................................................................................................270

6.7.3.3 CIST Port .............................................................................................................................272

6.7.3.4 MST General........................................................................................................................276

6.7.3.5 MST Port ..............................................................................................................................278

6.7.4 DCP Forwarding...................................................................................................................280

6.7.5 LLDP ....................................................................................................................................281

6.8 Menu "Layer 3 (IPv4)" ..........................................................................................................283

6.8.1 Subnets ................................................................................................................................283

6.8.1.1 Overview ..............................................................................................................................283

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

6 Configuration Manual, 11/2019, C79000-G8976-C485-03

Table of contents

6.8.1.2 Configuration........................................................................................................................286

6.8.2 Static Routes........................................................................................................................287

6.9 Menu "Layer 3 (IPv6)" ..........................................................................................................289

6.9.1 Subnets ................................................................................................................................289

6.9.2 Static Routes........................................................................................................................292

6.10 "Security" menu....................................................................................................................293

6.10.1 Users....................................................................................................................................293

6.10.1.1 Local Users ..........................................................................................................................293

6.10.1.2 Roles ....................................................................................................................................296

6.10.1.3 Groups .................................................................................................................................298

6.10.2 Passwords............................................................................................................................300

6.10.2.1 Password Options ................................................................................................................302

6.10.3 AAA ......................................................................................................................................302

6.10.3.1 General ................................................................................................................................302

6.10.3.2 RADIUS-Client .....................................................................................................................303

6.10.4 WLAN...................................................................................................................................307

6.10.4.1 Basic (Access Point) ............................................................................................................307

6.10.4.2 Basic (Client)........................................................................................................................311

6.10.4.3 AP Communication ..............................................................................................................314

6.10.4.4 AP RADIUS Authenticator....................................................................................................317

6.10.4.5 Client RADIUS Supplicant....................................................................................................319

6.10.4.6 802.11r .................................................................................................................................320

6.10.4.7 Keys .....................................................................................................................................322

6.10.5 Management ACL ................................................................................................................323

6.10.6 Inter AP Blocking..................................................................................................................326

6.10.6.1 Basic ....................................................................................................................................326

6.10.6.2 Allowed Addresses...............................................................................................................327

6.11 "iFeatures" menu..................................................................................................................329

6.11.1 iPRP .....................................................................................................................................329

7 Upkeep and maintenance.........................................................................................................................333

7.1 Firmware update - via WBM.................................................................................................333

7.2 Embedding firmware in ConfigPack. ....................................................................................334

7.3 Device configuration with PRESET-PLUG...........................................................................335

7.4 Restoring the factory settings...............................................................................................337

8 Troubleshooting/FAQ ...............................................................................................................................339

8.1 Firmware update via WBM or CLI not possible....................................................................339

8.2 Disrupted data transmission due to the received power being too high...............................340

8.3 Instructions for secure network design.................................................................................341

A Appendix A ...............................................................................................................................................343

A.1 Supported MIB files..............................................................................................................343

B Appendix B ...............................................................................................................................................345

B.1 Private MIB variables ...........................................................................................................345

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 7

Table of contents

C Appendix C ...............................................................................................................................................347

C.1 Underlying standards ...........................................................................................................347

D Appendix D ...............................................................................................................................................349

D.1 Messages in the event log ...................................................................................................349

D.2 Messages in the WLAN Authentication Log.........................................................................353

E Appendix E ...............................................................................................................................................355

E.1 Format of the syslog messages ...........................................................................................355

E.2 Parameters in Syslog messages..........................................................................................356

E.3 Syslog messages .................................................................................................................357

Index.........................................................................................................................................................365

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

8 Configuration Manual, 11/2019, C79000-G8976-C485-03

Introduction

1.1 Information on the Configuration Manual

Validity of the configuration manual

This Configuration Manual covers the following products:

SCALANCE W1788-1 M12

●

● SCALANCE W1788-2 M12

● SCALANCE W1788-2 M12 EEC

● SCALANCE W1788-2IA M12

● SCALANCE W1748-1 M12

This Configuration Manual applies to the following software version:

● SCALANCE W1700 firmware as of version V2.0

Purpose of the Configuration Manual

This Configuration Manual is intended to provide you with the information you require to install, commission and operate devices correctly. It explains how to configure the devices and how to integrate them in a WLAN network.

How you install and connect up the device correctly is described in the operating instructions of the device.

Orientation in the documentation

Apart from the Configuration Manual you are currently reading, the following documentation is also available from SIMATIC NET on the topic of Industrial Wireless LANs:

● Configuration Manual: SCALANCE W1780/W1740 Command Line Interface This document contains the CLI commands that are supported by SCALANCE W1700 devices.

● Performance data 802.11ac This document contains information about the frequency, modulation, transmit power and receiver sensitivity of the wireless card.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 9

Introduction

1.1 Information on the Configuration Manual

● SCALANCE W1788-x/W1748-1 Operating Instructions document contains information on installing, connecting, maintaining and servicing the

This following products:

– SCALANCE W1788-1 M12

– SCALANCE W1788-2 M12

– SCALANCE W1788-2 M12 EEC

– SCALANCE W1788-2IA M12

– SCALANCE W1748-1 M12

● System Manual Structure of an Industrial Wireless LAN

Apart from the description of the physical basics and a presentation of the main IEEE standards, this also contains information on data security and a description of the industrial applications of wireless LAN. You should read this manual if you want to set up WLAN networks with a more complex structure (not simply a connection between two devices).

● System manual RCoax

This system manual contains both an explanation of the fundamental technical aspects as well as a description of the individual RCoax components and their functionality. Installation/ commissioning and connection of RCoax components and their operating principle are explained. The possible applications of the various SIMATIC NET components are described.

Terms used

● System manual - Passive Network Components IWLAN

This system manual explains the entire IWLAN cabling that you require for your IWLAN application. For a flexible combination and installation of the individual IWLAN components both indoors and outdoors, a wide ranging selection of compatible coaxial accessories are available. The system manual also covers connecting cables as well as a variety of plug-in connectors, lightning protectors, a power splitter and an attenuator.

The designation . . . stands for . . . IPv4 address IPv4 address

IPv6 address IPv6 address IP address IPv4/IPv6 address IPv4 interface Interface that supports IPv4. IPv6 interface Interface that supports IPv6. The interface can have more than one IPv6

address

IP interface Interface that supports both IPv4 and IPv6. As default the IPv4 support

is already activated. The IPv6 support needs to be activated extra.

The IPv6 addresses have different ranges (scope), e.g. link local

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

10 Configuration Manual, 11/2019, C79000-G8976-C485-03

SIMATIC NET manuals

will find SIMATIC NET manuals on the Internet pages of Siemens Industry Online Support:

You

● Using the search function: Siemens Industry Online Support ( Enter the entry ID of the relevant manual as the search item.

In the navigation panel on the left-hand side in the area "Industrial Communication":

● Industrial communication ( Go to the required product group and make the following settings: tab "Entry list", Entry type "Manuals"

Further documentation

The "SIMATIC NET Industrial Ethernet Network Manual" contains information on other SIMATIC NET products that you can operate along with the devices of this product line in an Industrial of the communications partners that you require for the installation.

The "SIMATIC NET Industrial Ethernet Network Manual" can be found on the Internet pages of Siemens Industry Online Support under the following entry ID: 27069465 (

Introduction

1.1 Information on the Configuration Manual

https://support.industry.siemens.com/cs/ww/en/)

https://support.industry.siemens.com/cs/ww/en/ps/15247/man)

Ethernet network. There, you will find among other things optical performance data

https://support.industry.siemens.com/cs/ww/en/view/27069465)

Security information

Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks.

In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions constitute one element of such a concept.

Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks. Such systems, machines and components should only be connected to an enterprise network or the internet if and to the extent such a connection is necessary and only when appropriate security measures (e.g. firewalls and/or network segmentation are in place.

For additional information on industrial security measures that may be implemented, please visit https://www.siemens.com/industrialsecurity

Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customers’ exposure to cyber threats.

To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under https://www.siemens.com/industrialsecurity

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 11

Introduction

1.1 Information on the Configuration Manual

Trademarks

The following and possibly other names not identified by the registered trademark sign ® are registered trademarks of Siemens AG:

SIMATIC NET, SCALANCE, RCoax

Firmware

The firmware is signed and encrypted. This ensures that only firmware created by Siemens can be downloaded to the device.

SIMATIC NET glossary

Explanations of many of the specialist terms used in this documentation can be found in the SIMATIC NET glossary.

You will find the SIMATIC NET glossary here:

● SIMATIC NET Manual Collection or product DVD The DVD ships with certain SIMATIC NET products.

License conditions

● On the Internet under the following address: 50305045 (

Note Open source software

Read the license conditions for open source software carefully before using the product.

You will find license conditions in the following documents on the supplied data medium:

● OSS_Scalance-W1700_86.pdf

https://support.industry.siemens.com/cs/ww/en/view/50305045)

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

12 Configuration Manual, 11/2019, C79000-G8976-C485-03

1.2 Type designations

:





06RFNHW

1XPEHURI:/$1LQWHUIDFHV

$FFHVVSRLQW

((&(QKDQFHG(QYLURQPHQWDO&RQGLWLRQ

,(((6WDQGDUG DF

,$,QWHUQDODQWHQQDV

&OLHQW

>@([WHUQDODQWHQQDV

Abbreviations used

The information in the manuals for the SCALANCE W1700 product family often applies to more than one product variant. In such situations, the designations of the products are shortened to avoid having to list all the type designations. The following table shows how the abbreviations relate to the product variants.

Introduction

1.2 Type designations

Product group The designation . . . stands

SCALANCE W1700 ac SCALANCE W1700

Access Points (IP 65) SCALANCE W1780

Client (IP65) SCALANCE W1740

Structure of the type designation

The type designation of the device is made up of several parts that have the following meaning:

Product name

for . . .

● SCALANCE W1788-1 M12

● SCALANCE W1788-2 M12

● SCALANCE W1788-2 M12 EEC

● SCALANCE W1788-2IA M12

● SCALANCE W1748-1 M12

● SCALANCE W1788-1 M12

● SCALANCE W1788-2 M12

● SCALANCE W1788-2 M12 EEC

● SCALANCE W1788-2IA M12

● SCALANCE W1748-1 M12

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 13

Introduction

1.2 Type designations

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

14 Configuration Manual, 11/2019, C79000-G8976-C485-03

Description

Note Interruption of the WLAN communication

The WLAN communication can be influenced by high frequency interference signals and can be totally interrupted.

Remember this and take suitable action.

2.1 Network structures

The following article deals with the setup of various network structures using access points.

Standalone configuration with access point

This configuration does not require a server and the access point does not have a connection to a wired Ethernet. Within its transmission range, the access point forwards data from one WLAN node to another.

The wireless network has a unique name. All SCALANCE W devices exchanging data within this network must be configured with this name.

The gray area in the graphic symbolizes the wireless range of the access point.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 15

Description

2.1 Network structures

Wireless access to a wired Ethernet network

If one (or more) access points have access to wired Ethernet, the following applications are possible:

● A single device as gateway: A wireless network can be connected to a wired network via an access point.

● Span of wireless coverage for the wireless network with several access points: The access points are all configured with the same unique SSID (network name). All nodes that want to communicate over this network must also be configured with this SSID. If a mobile station moves from the area covered by one access point to the area covered by another access point, the wireless link is maintained (roaming). The following graphic shows the wireless connection of a mobile station over two wireless cells (roaming).

Multichannel configuration

If neighboring access points use the same frequency channel, this can lead to longer response times due to any collisions that may occur. If the configuration shown in the figure is implemented as a single-channel system, computers A and B cannot communicate at the same time with the access points in their wireless cells.

If neighboring access points are set up for different frequencies, this leads to a considerable improvement in performance. As a result, neighboring wireless cells each have their own medium available and the delays resulting from time-offset transmission no longer occur.

The channel spacing should be as large as possible; a practical value is 25 MHz. Even in a multichannel configuration, all access points can be configured with the same network name.

The following graphic shows a multichannel configuration on channels 1 and 2 with four access points.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

16 Configuration Manual, 11/2019, C79000-G8976-C485-03

Description

2.1 Network structures

Wireless Distribution System (WDS)

WDS allows direct links between access points and or between access points and other WDScompliant devices. These are used to create a wireless backbone or to connect an individual access point to a network that cannot be connected directly to the cable infrastructure due to its location.

Two alternative configurations are possible. The WDS partner can be configured using the WDS ID or using its MAC address.

The following graphic shows the implementation of WDS with four access points.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 17

Description

2.2 Possible applications

Note

The SIMATIC NET WLAN products use OpenSSL.

This is open source code with license conditions (BSD).

Please refer to the current license conditions.

Since the driver includes encryption software, you should also adhere to the appropriate regulations for your specific country.

Possible applications of the SCALANCE W1788

The SCALANCE W1788 is equipped with up to two Ethernet interfaces and up to two WLAN interfaces. This makes the device suitable for the following applications:

● The SCALANCE W1788 forwards data within its transmission range from one node to another without a connection to wired Ethernet being necessary.

● The SCALANCE W1788 can be used as a gateway from a wired to a wireless network.

● The SCALANCE W1788 can be used as a wireless bridge between two networks.

● The SCALANCE W1788 can be used as a bridge between two cells operating at different frequencies.

● The SCALANCE W1788 comes with an integrated switch and can be networked in a variety of ways over its two managed Ethernet Gigabit ports.

● The SCALANCE W1788 supports degree of protection IP65, which means it is dust-proof and protected completely against contact and water jets (nozzle) from any direction.

● The SCALANCE W1788 M12 EEC is suitable for use in harsh environments.

With a SCALANCE W1788 with more than one WLAN interface, you can also implement a redundant wireless connection to a SCALANCE W1788 with a maximum of two WLAN interfaces.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

18 Configuration Manual, 11/2019, C79000-G8976-C485-03

2.3 Product characteristics

Properties of the SCALANCE W1700 devices

● The Ethernet interface supports the following:

– 10 Mbps and 100 Mbps both in full and half duplex

– 1000 Mbps full duplex

– Autocrossing

– Autopolarity

● Operating the WLAN interface in the frequency bands 2.4 GHz and 5 GHz.

● IEEE 802.11ac

High Speed WLAN standard (wireless LAN) with a gross transmission speed of up to 1733 Mbps.

● IEEE 802.11r

Optimization of roaming (Fast BSS Transition)

● The WLAN interface is compatible with the standards IEEE 802.11n.

Description

2.3 Product characteristics

● IEEE 802.11h - Supplement to IEEE 802.11a

In the 802.11h mode, the methods "Transmit Power Control (TPC)" as well as "Dynamic Frequency Selection (DFS)" are used in the range 5.25 - 5.35 and 5.47 - 5.75 GHz. In some countries, this allows the frequency subband of 5.47 - 5.725 GHz to be used in the outdoor area even with higher transmit powers. TPC is a method of adapting the transmit power. With DFS, the access point searches for primary users for 60 seconds before starting communication on the selected channel. During this time the access point does not send beacons. If signals are found on the channel, the channel is blocked for 30 minutes, the access point changes channel and repeats the check. Primary users are also searched for during operation.

● Support of the authentication standards WPA (RADIUS), WPA-PSK, WPA2 (RADIUS),

WPA2-PSK and IEEE 802.1x and the encryption methods WEP, AES and TKIP.

Note

With devices operated in WLAN mode IEEE 802.11n/ac, only WPA2 (WPA2-PSK and WPA2 Radius) encryption is possible.

● For better transmission via WLAN, the function WMM (wireless multimedia) is enabled. The

frames are evaluated according to their priority and sent prioritized via the WLAN interface.

● Suitable for inclusion of a RADIUS server for authentication.

● Device-related and application-related monitoring of the wireless connection.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 19

Description

2.4 IEEE 802.11n/ac

● The interoperability of the devices with Wi-Fi devices of other vendors was tested

● Before commissioning the SCALANCE W1700, check the wireless conditions on site. If you

thoroughly.

intend to use Industrial Wireless LAN systems and WirelessHART systems in the 2.4 GHz band, you will need to plan the use of the channels. At all costs, avoid parallel use of overlapping frequency ranges. The following overlaps exist with Industrial Wireless LAN and WirelessHART:

IWLAN channel IEEE 802.11 b/g/n

1 11 - 16 6 15 - 20 7 16 - 21 11 20 - 25 13 21 - 25

Features of the SCALANCE W1700

Type Number of

WLAN ports

SCALANCE W1788-1 M12 1 4 x exter‐

SCALANCE W1788-2 M12 2 8 x exter‐

SCALANCE W1788-2 M12 EEC

SCALANCE W1788-2IA M12 2 8 x inter‐

SCALANCE W1748-1 M12 1 4 x exter‐

2 8 x exter‐

Antennas Number and

nal

WHART channel IEEE 802.15.4

type of Ethernet interface 2 x gigabit Ethernet (copper)

1 x PoE 2 x gigabit Ethernet (copper) 1 x PoE 2 x gigabit Ethernet (copper) 1 x PoE 2 x gigabit Ethernet (copper) 1 x PoE 2 x gigabit Ethernet (copper) 1 x PoE

Degree of protection

IP65 6GK5788-1GY01-0AA0

IP65 6GK5788-2GY01-0AA0

IP65 6GK5788-2GY01-0TA0

IP65 6GK5788-2HY01-0AA0

IP65 6GK5748-1GY01-0AA0

Article number

2.4 IEEE 802.11n/ac

Overview

The IEEE 802.11ac standard is a further development of the IEEE 802.11n standard and is downward compatible with the standards IEEE 802.11a, IEEE 802.11h and IEEE 802.11n. The mechanisms of the PHY and MAC layer implemented in the IEEE 802.11n standard have been improved.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

20 Configuration Manual, 11/2019, C79000-G8976-C485-03

The following table contains the most important differences.

Single-User

MIMO

Client

IEEE 802.11n IEEE 802.11ac Frequency band 2.4 GHz and 5 GHz 5 GHz

Channel bandwidth 20 MHz, 40 MHz 20 MHz, 40 MHz, 80 MHz

Spatial streams (data streams) 1 to 4 1 to 8

MIMO Single-User MIMO Multi-User MIMO Modulation scheme OFDM (BPSK, QPSK, 16-QAM,

MIMO antenna technology

MIMO (Multiple Input - Multiple Output) is based on an intelligent multiple antenna system. The transmitter and the receiver have several spatially separate antennas. These separated antennas transmit the data streams (spatial streams) at the same time. Up to four data streams are possible with IEEE 802.11n and up to eight data streams with IEEE 802.11ac.

64-QAM)

Description

2.4 IEEE 802.11n/ac

Optional: 160 MHz

Up to 4 per client

OFDM (BPSK, QPSK, 16-QAM, 64-QAM, 128-QAM, optional 256-QAM)

The data streams are transmitted over spatially separate paths and return over different paths due to diffraction, refraction, fading and reflection (multipath propagation). The multipath propagation means that at the point of reception a complex, space- and time-dependent pattern results as a total signal made up of the individual signals sent. MIMO uses this unique pattern by detecting the spatial position of characteristic signals. Here, each spatial position is different from the neighboring position. The specific characteristics of each sender enable the recipient to separate several signals from each other.

Single-User MIMO

With Single-User MIMO, the same frame is sent over multiple data streams to a single WLAN client. A single-user MIMO can operate up to four devices alternately, but only one device at a time.

Multi-User MIMO

With multi-user MIMO, multiple frames are sent simultaneously to different multi-user MIMO clients over the same frequency range. A multi-user MIMO therefore supplies up to four multiuser MIMO clients with data simultaneously.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 21

Multi-User

MIMO

Client 2

Client 3

Client 1

Client 4

Description

2.4 IEEE 802.11n/ac

Spatial mutliplexing

Accelerated guard interval

Frame aggregation

With spatial multiplexing, different information is sent using the same frequency. The data stream is distributed over n transmitting antennas; in other words, each antenna sends only 1/ n of the data stream. The division of the data stream is restricted by the number of antennas. The signal is reconstructed at the receiver end. Due to the spatial multiplexing, there is a higher signal-to-noise ratio and a higher data throughput.

The guard interval prevents different transmissions being mixed together. In telecommunications, this mixing is also known as intersymbol interference (ISI). When the send time has elapsed, a send pause (guard interval) must be kept to before the next transmission begins.

The guard interval of IEEE 802.11a /b/g is 800 ns. IEEE 802.11n/ac can use the reduced guard interval of 400 ns. You specify the guard interval on the WBM page "AP 802.11n/ac (Page 237)".

With IEEE 802.11n/ac, it is possible to bundle together individual frames to form one larger frame, a process referred to as frame aggregation. There are two types of frame aggregation:

● Aggregated MAC Service Data Unit (A-MSDU) Multiple MSDU frames with the same destination address are bundled and sent as one AMSDU. This reduces the network load. Due to their shorter maximum length, A-MSDUs are mainly suitable for bundling several shorter frames.

● Aggregated MAC Protocol Data Unit (A-MPDU) Multiple MPDU frames with the same destination address are bundled and sent as one large A-MPDU. This allows the total throughput to be increased.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

22 Configuration Manual, 11/2019, C79000-G8976-C485-03

The SCALANCE W devices support both types of frame aggregation. You make the settings on the WBM page "AP 802.11n/ac (Page 237)".

Maximum ratio combining (MRC)

In a multiple antenna system, the wireless signals are received by the individual antennas and combined to form one signal. The MRC method is used to combine the wireless signals. The MRC method weights the wireless signals according to their signal-to-noise ratio and combines the wireless signals to form one signal. The signal-to-noise ratio is improved and the error rate is reduced.

2.5 IEEE 802.11r

During roaming, the WLAN client roams from one access point to the next. A delay time of several 100 ms can come about at the connection transition.

The following steps can be executed during this time:

● Client searches for a new access point (scanning)

Description

2.6 Requirements for installation and operation

● Logon at a new access point (authentication and association)

● Allow a data connection via the new access point

Shorter delay times are required for time-critical applications, for example, Voice over IP. The standard IEEE 802.11r contains amendments which optimize roaming and therefore is also referred to as Fast BSS Transition (FT).

With FT, the WLAN client must not authenticate every time the access point changes. For this purpose, the access points are grouped into a mobility domain. The WLAN client receives the mobility domain ID from the first access point to which it logs on. The log-on information is buffered within the mobility domain. This logon is valid for all members of the mobility domain.

Based on the ID, the WLAN client recognizes whether the access point is a member of the same mobility domain and can therefore log on without delay. Only WLAN clients with IEEE

802.11r support can use the improved roaming or handover functions.

Requirement

● The access points are members of the same mobility domain

● Only possible with WPA2 encryption (WPA2-PSK and WPA2 RADIUS)

2.6 Requirements for installation and operation

A PG/PC with network connection must be available in order to configure the SCALANCE W devices. If no DHCP server is available, a PC on which the Primary Setup Tool (PST) is installed is necessary for the initial assignment of an IP address to the SCALANCE W devices. For the other configuration settings, a computer with Telnet or a Web browser is necessary.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 23

Description

2.7 Configuration License PLUG (CLP)

The PLUG is available in the following variants:

● PLUG Configuration: The exchangeable storage medium only saves the configuration data of the device.

How it works

NOTICE

Do not remove or insert the PLUG during operation.

A PLUG may only be removed or inserted when the device is turned off.

The device checks whether a PLUG is inserted at one second intervals. If it is detected that the PLUG has been removed, the device restarts.

If a valid PLUG was inserted in the device, the device changes to a defined error state following the restart. With SCALANCE W, the available wireless interfaces are deactivated in this case.

If the device was configured at one time with a PLUG, the device can no longer be used without this PLUG. To be able to use the device again, reset the device to the factory settings.

PLUG

Devices with CLP slot support the following operating modes:

● Without PLUG The device saves the configuration data in the internal memory. This mode is active when no PLUG is inserted.

● With PLUG If an empty PLUG (as supplied) is inserted in the device, the device automatically backs up the configuration data on the PLUG during startup. If the PLUG contains a license, additional functions are also enabled. Changes to the configuration are stored directly on the PLUG and in the internal memory. The configuration stored on the PLUG is displayed over the user interfaces. When an unconfigured device starts up, it automatically adopts the configuration data of the inserted, written C-PLUG. The prerequisite for this is that the configuration data was written by a compatible device type. One exception to this can be the IP configuration if it is set using DHCP and the DHCP server has not been reconfigured accordingly. Reconfiguration is necessary if you use functions based on MAC addresses.

Component Description Article number CLP

Configuration License PLUG

Exchangeable storage medium for saving configuration data

SCALANCE CLP 2GB 6GK1900-0UB00-0AA0 SCALANCE CLP EEC 2GB 6GK1900-0UQ00-0AA0

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

24 Configuration Manual, 11/2019, C79000-G8976-C485-03

Component Description Article number CLP iFeatures Exchangeable storage medium for saving configuration

data and enabling iFeatures SCALANCE CLP 2GB W1780 6GK5907-8UA00-0AA0 SCALANCE CLP 2GB W1740 6GK5907-4UA00-0AA0

2.8 PRESET PLUG

CLP with preset function (PRESET-PLUG)

With PRESET-PLUG it is possible to install the same configuration and the firmware belonging to it on several devices.

Note Using configurations with DHCP

Create a PRESET-PLUG only from device configurations that use DHCP. Otherwise disruptions will occur in network operation due to multiple identical IP addresses.

Description

2.9 Power over Ethernet (PoE)

You assign fixed IP addresses extra following the basic installation.

In a CLP that was configured as a PRESET-PLUG, the device configuration, user accounts, certificates and the firmware are stored.

Note Restore factory defaults and restart with a PRESET PLUG inserted

If you reset a device to the factory defaults, when the device restarts an inserted PRESET PLUG is formatted and the PRESET PLUG functionality is lost. You then need to create a new PRESET PLUG.

We recommend that you remove the PRESET PLUG before you reset the device to the factory settings.

For more detailed information on creating and using a PRESET PLUG refer to the section Device configuration with PRESET-PLUG (Page 335).

2.9 Power over Ethernet (PoE)

General

"Power over Ethernet" (PoE) is a power supply strategy for network components according to IEEE with 802.3af or 802.3at.

With PoE, power and data transmission takes place over the used Ethernet cables that connect the individual network components. This makes an additional power cable unnecessary and

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 25

Description

2.9 Power over Ethernet (PoE)

reduces investment and maintenance costs. PoE can be used with all network components that require little power (max. 12.95 W).

Which Ethernet connectors of a device are capable of PoE can be found in the operating instructions of the relevant device.

Cable used for the power supply

● Variant 1 (redundant wires) In Fast Ethernet, the wire pairs 1, 2 and 3, 6 are used to transfer data. Pairs 4, 5 and 7, 8 are then used to supply power. If there are only four wires available, the voltage is modulated onto the wires 1, 2 and 3, 6 (see variant 2). This alternative is suitable for a data transmission rate of 10/100 Mbps. This type of power supply is not suitable for 1 Gbps since with gigabit all 8 wires are used for data transfer.

● Variant 2 (phantom power) With phantom power, the power is supplied over the pairs that are used for data transfer, in other words, the power is modulated onto the data cable. With Gigabit, all eight wires of the Ethernet cable are used for data transmission and power supply according to IEEE 802.3at. With 10/100 Mbps, four wires of the Ethernet cable are used for data transmission and power supply according to IEEE 802.3af.

Endspan

Midspan

With PoE, there are power generators (Power Source Equipment, PSE) and power consumers (Power Devices, PD).

Whether a device (power consumer) supports variant 1 and variant 2 or only variant 2 can be found in the operating instructions of the relevant device.

A power generator (PSE) can supply the power consumer (PD) either over:

● Variant 1 or

● Variant 2 or

● Variant 1 and variant 2.

With endspan, the power is supplied via a switch that can reach a device over an Ethernet cable. The switch must be capable of PoE, for example a SCALANCE X108PoE, SCALANCE X308-2M POE, SCALANCE XR552‑12M.

Midspan is used when the switch is not PoE-compliant. The power is supplied by an additional device between the switch and end device. In this case, only data rates of 10/100 Mbps can be achieved because the power is supplied on redundant wires.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

26 Configuration Manual, 11/2019, C79000-G8976-C485-03

Cable lengths

Description

2.9 Power over Ethernet (PoE)

A Siemens power insert can also be used as the interface for the power input. Since a power insert supports a power supply of 24 VDC, it does not conform with 802.3af or IEEE 802.3at. The following restrictions relating to the use of power inserts should be noted:

WARNING

Operate the power insert only when the following conditions apply:

● with extra low voltages SELV, PELV complying with IEC 60364-4-41

● in USA/CAN with power supplies complying with NEC class 2

● in USA/CAN, the cabling must meet the requirements of NEC/CEC

● Power load maximum 0.5 A.

Table 2-1 Permitted cable lengths (copper cable - gigabit Ethernet)

Cable type Addition Permitted cable length IE FC TP Standard Cable GP 4x2

(AWG 24) IE FC TP Flexible Cable GP 4x2 (AWG24) IE TP Train Cable GP 4x2 (AWG 24)

with IE FC M12 Plug PRO 4x2 (Xcoded)

0 to 90 m

0 ... 70 m

0 ... 100 m

Table 2-2 Fitting connectors

PIN Color of the

wire CAT5

1 Yellow Green/white Data Data/power 2 Orange Green Data Data/power 3 White Orange/white Data Data/power 6 Blue Orange Data Data/power 4 Blue Power unused at 10/100 Mbps 5 Blue/white Power unused at 10/100 Mbps 7 Brown/white Power unused at 10/100 Mbps 8 Brown Power unused at 10/100 Mbps

Color of the wire CAT6a

LEDs for PoE on the SCALANCE W1700 device

When the SCALANCE W1700 device is supplied by PoE, the green "PoE" LED is lit on the SCALANCE W1700 device.

Use Power over un‐

used wires (10/100 Mbps only)

Phantom power

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 27

Description

2.9 Power over Ethernet (PoE)

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

28 Configuration Manual, 11/2019, C79000-G8976-C485-03

Security recommendations

To prevent unauthorized access, note the following security recommendations.

General

● You should make regular checks to make sure that the device meets these

recommendations and/or other security guidelines.

● Evaluate your plant as a whole in terms of security. Use a cell protection concept with

suitable products (https://www.industry.siemens.com/topics/global/en/industrial-security/

pages/default.aspx).

● When the internal and external network are disconnected, an attacker cannot access

internal data from the outside. Therefore operate the device only within a protected network area.

● For communication via non-secure networks use additional devices with VPN functionality

to encrypt and authenticate the communication.

● Terminate management connections correctly (WBM. Telnet, SSH etc.).

Physical access

● Restrict physical access to the device to qualified personnel.

The memory card or the PLUG (CLP) contains sensitive data such as certificates, keys etc. that can be read out and modified.

● Lock unused physical ports on the device. Unused ports can be used to access the system

without authorization.

Software (security functions)

● Keep the firmware up to date. Check regularly for security updates of the product.

You will find information on this on the Internet pages "Industrial Security (https://

www.siemens.com/industrialsecurity)".

● Inform yourself regularly about security advisories and bulletins published by Siemens

ProductCERT (https://www.siemens.com/cert/en/cert-security-advisories.htm).

● Only activate protocols that you really require to use the device.

● Use the security functions such as address translation with NAT (Network Address

Translation) or NAPT (Network Address Port Translation) to protect receiving ports from access by third parties.

● Restrict access to the device with a firewall or rules in an access control list (ACL - Access

Control List).

● If RADIUS authentication is via remote access, make sure that the communication is within

the secured network area or is via a secure channel.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management Configuration Manual, 11/2019, C79000-G8976-C485-03 29

Security recommendations

● The option of VLAN structuring provides good protection against DoS attacks and unauthorized access. Check whether this is practical or useful in your environment.

● Use a central logging server to log changes and access operations. Operate your logging server within the protected network area and check the logging information regularly.

● Use WPA2/ WPA2-PSK with AES to protect the WLAN. You can find additional information on this in the section ""Security" menu".

Passwords

● Define rules for the use of devices and assignment of passwords.

● Regularly update passwords and keys to increase security.

● Change all default passwords for users before you operate the device.

● Only use passwords with a high password strength. Avoid weak passwords for example password1, 123456789, abcdefgh.

● Make sure that all passwords are protected and inaccessible to unauthorized personnel.

● Do not use the same password for different users and systems or after it has expired.

Certificates and keys

● On the device there is a preset SSL certificate with key. Replace this certificate with a self-

● Use a certification authority including key revocation and management to sign certificates.

● Make sure that user-defined private keys are protected and inaccessible to unauthorized

● It is recommended that you use password-protected certificates in the PKCS #12 format

● Verify certificates and fingerprints on the server and client to prevent "man in the middle"

● It is recommended that you use certificates with a key length of at least 2048 bits.

● Change certificates and keys immediately, if there is a suspicion of compromise.

made certificate with key. We recommend that you use a certificate signed either by a reliable external or by an internal certification authority.

persons.

attacks.

SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management

30 Configuration Manual, 11/2019, C79000-G8976-C485-03

+ 338 hidden pages

Siemens SCALANCE W1780, SCALANCE W1740 Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Table of contents

Introduction

1.1 Information on the Configuration Manual

1.2 Type designations

Description

2.1 Network structures

2.2 Possible applications

2.3 Product characteristics

2.4 IEEE 802.11n/ac

2.5 IEEE 802.11r

2.6 Requirements for installation and operation

2.7 Configuration License PLUG (CLP)

2.8 PRESET PLUG

2.9 Power over Ethernet (PoE)

Security recommendations