Siemens SCALANCE W788-1, SCALANCE W788-2, SCALANCE W748-1 Operating Instructions Manual

SCALANCE W788-x / W748-1

___________________

___________________

___________________

___________________

___________________

___________________

___________________

___________________

___________________

SIMATIC NET

Industrial Wireless LAN
SCALANCE W788-x / W748-1

Operating Instructions

06/2016

A5E03678333

-10

Information on the Internet

1

Introduction

2

Security recommendations

3

Description

4

Mounting

5

Connecting up

6

Technical specifications

7

Dimension drawings

8

Certification

9

Siemens AG
Division Process Industries and Drives
Postfach 48 48
90026 NÜRNBERG
GERMANY

A5E03678333-10

Ⓟ

07/2016 Subject to change

Copyright © Siemens AG 2011 - 2016.
All rights reserved

Legal information

Warning notice system

This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.

DANGER

indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING

indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION

indicates that minor personal injury can result if proper precautions are not taken.

NOTICE

indicates that property damage can result if proper precautions are not taken.

If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.

Qualified Personnel

The product/system described in this documentation may be operated only by

personnel qualified

for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.

Proper use of Siemens products

Note the following:

WARNING

Siemens products may only be used for the applications described in the catalog and in the relevant technical

documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and

maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.

Trademarks

All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of Liability

We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.

SCALANCE W788-x / W748-1
Operating Instructions, 06/2016, A5E03678333-10

3

Contents

1 Information on the Internet ...................................................................................................................... 5

2 Introduction ............................................................................................................................................. 7

2.1 Information on the Operating Instructions ................................................................................ 7

2.2 Structure of the type designations ............................................................................................ 8

3 Security recommendations ...................................................................................................................... 9

4 Description ............................................................................................................................................ 13

4.1 Components of the product .................................................................................................... 13

4.2 Description of the device ........................................................................................................ 14

4.3 LED display ............................................................................................................................. 16

4.4 Reset button ............................................................................................................................ 18

5 Mounting ............................................................................................................................................... 19

5.1 Securing the housing .............................................................................................................. 20

5.2 Wall mounting ......................................................................................................................... 22

5.3 Installing on the S7-300 standard rail ..................................................................................... 23

5.4 Installing on a DIN rail ............................................................................................................. 24

6 Connecting up ....................................................................................................................................... 27

6.1 Lightning protection, power supply and grounding ................................................................. 27

6.2 Power supply and Ethernet ..................................................................................................... 31

6.3 Antenna connectors ................................................................................................................ 33

6.4 Suitable antenna cables and antennas ................................................................................... 36

6.5 Digital input/output .................................................................................................................. 40

6.6 Replacing the PLUG (C-PLUG or KEY-PLUG) ...................................................................... 41

7 Technical specifications ........................................................................................................................ 43

7.1 Technical specifications of the SCALANCE W7x8-1) ............................................................. 43

7.2 Technical specifications of the SCALANCE W7x8-2) ............................................................. 46

8 Dimension drawings .............................................................................................................................. 49

9 Certification ........................................................................................................................................... 51

Index..................................................................................................................................................... 53

Contents

SCALANCE W788-x / W748-1

4 Operating Instructions, 06/2016, A5E03678333-10

SCALANCE W788-x / W748-1
Operating Instructions, 06/2016, A5E03678333-10

5

1

Bitte beachten Sie die Warnhinweise und zusätzlichen Informationen in der
Kompaktbetriebsanleitung in Ihrer Sprache im Internet:
http://support.automation.siemens.com/ww/view/at/10806097
http://support.automation.siemens.com/ww/view/ch/10806097
http://support.automation.siemens.com/ww/view/de/10806097
http://support.automation.siemens.com/ww/view/li/10806097
http://support.automation.siemens.com/ww/view/lu/10806097

Please observe the warnings and additional information in the compact operating
instructions in your language in the Internet:
http://support.automation.siemens.com/ww/view/au/10806097
http://support.automation.siemens.com/ww/view/ca/10806097
http://support.automation.siemens.com/ww/view/gb/10806097
http://support.automation.siemens.com/ww/view/ie/10806097
http://support.automation.siemens.com/ww/view/us/10806097
http://support.automation.siemens.com/ww/view/za/10806097

Veuillez tenir compte des avertissements et informations supplémentaires de la notice de
service dans votre langue sur Internet:
http://support.automation.siemens.com/ww/view/be/10806097
http://support.automation.siemens.com/ww/view/ch/10806097
http://support.automation.siemens.com/ww/view/fr/10806097
http://support.automation.siemens.com/ww/view/lu/10806097

Si prega di tenere conto delle avvertenze e ulteriori informazioni nell’istruzione operativa
compatta nella relativa lingua in Internet:
http://support.automation.siemens.com/ww/view/it/10806097

Se ruega tener en cuenta las advertencias y las informaciones complementarias contenidas
en las instrucciones de servicio (resumen) en español en Internet:
http://support.automation.siemens.com/ww/view/cl/10806097
http://support.automation.siemens.com/ww/view/es/10806097

Dbejte prosím na výstražné pokyny a doplňkové informace v kompaktním návodu k obsluze

ve vašem jazyce na internetu:
http://support.automation.siemens.com/ww/view/cz/10806097

Vær venligst opmærksom på de advarselsanvisninger og ekstra informationer der findes på
dit sprog i kompaktdriftsvejledningen på internettet:
http://support.automation.siemens.com/ww/view/dk/10806097

Noudata lyhyen käyttöoppaan sisältämiä varoituksia ja huomio sen muutkin tiedot. Oman
kielisesi käyttöoppaan löydät internetistä osoitteesta:
http://support.automation.siemens.com/ww/view/fi/10806097

Λάβετε υπόψη τις υποδείξεις προειδοποίησης και τις πρόσθετες πληροφορίες των
συνοπτικών οδηγιών χρήσης που παρέχονται στη γλώσσα σας στο Διαδίκτυο:

http://support.automation.siemens.com/ww/view/gr/10806097

请注意互联网上精编版操作说明相应语言版本中的警告提示和附加信息：
http://support.automation.siemens.com/ww/view/cn/10806097

Information on the Internet

SCALANCE W788-x / W748-1

6 Operating Instructions, 06/2016, A5E03678333-10

http://support.automation.siemens.com/ww/view/hk/10806097
http://support.automation.siemens.com/ww/view/sg/10806097

Kérjük, vegye figyelembe az interneten található, az Ön anyanyelvén íródott kompakt
használati útmutatóban található figyelmeztetéseket és további információkat:

http://support.automation.siemens.com/ww/view/hu/10806097

Skoðið vel viðvaranir og aðrar upplýsingar í notkunarleiðbeiningunum á ykkar tungumáli á

internetinu:
http://support.automation.siemens.com/ww/view/is/10806097

インターネットサイトにある各言語の注意事項および追加情報を参照してください:
http://support.automation.siemens.com/ww/view/jp/10806097

사이트에 있는 귀하의 언어로 된 콤팩트 사용 설명서에 명시된 경고 지침 및 추가 정보를
준수하십시오:

http://support.automation.siemens.com/ww/view/kr/10806097

http://support.automation.siemens.com/ww/view/kw/10806097

Neem goed nota van de waarschuwingen en extra informatie in de compacte
gebruiksaanwijzing in uw taal op internet:
http://support.automation.siemens.com/ww/view/be/10806097
http://support.automation.siemens.com/ww/view/nl/10806097

Vennligst følg advarslene og annen informasjon i den kompakte bruksanvisningen, som du
finner på ditt språk på internett:
http://support.automation.siemens.com/ww/view/no/10806097

Proszę zwrócić uwagę na ostrzeżenia oraz dodatkowe informacje w kompaktowej instrukcji
obsługi, dostępnej w odpowiednim języku w internecie:

http://support.automation.siemens.com/ww/view/po/10806097

Observera varningshänvisningarna och extrainformationerna i kompaktbruksanvisningen
som finns på ditt språk på internet:
http://support.automation.siemens.com/ww/view/se/10806097

İnternette kendi dilinizdeki kompakt işletim kılavuzunda yer alan uyarı notlarına ve ek

bilgilere lütfen dikkat edin:

http://support.automation.siemens.com/ww/view/tr/10806097

SCALANCE W788-x / W748-1
Operating Instructions, 06/2016, A5E03678333-10

7

2

2.1

Information on the Operating Instructions

Validity of the Operating Instructions

These operating instructions cover the following products:

Article no. of the RoW version

Article no. of the US version

Access points

SCALANCE W788-1 RJ-45

6GK5788-1FC00-0AA0

6GK5788-1FC00-0AB0

SCALANCE W788-1 M12 6GK5788-1GD00-0AA0 6GK5788-1GD00-0AB0

Dual access points

SCALANCE W788-2 RJ-45

6GK5788-2FC00-0AA0

6GK5788-2FC00-0AB0

SCALANCE W788-2 M12

6GK5788-2GD00-0AA0

6GK5788-2GD00-0AB0

SCALANCE W788-2 M12 EEC

6GK5788-2GD00-0TA0

6GK5788-2GD00-0TB0

Ethernet client modules

SCALANCE W748-1 RJ-45

6GK5748-1FC00-0AA0

6GK5748-1FC00-0AB0

SCALANCE W748-1 M12

6GK5748-1GD00-0AA0

6GK5748-1GD00-0AB0

If information relates to all the named products, the term SCALANCE W7x8 will be used.

These operating instructions apply to the following software version:

● SCALANCE W7x8 with firmware as of version 6.00

Purpose of the Operating Instructions

Using the Operating Instructions, you will be able to install and connect the SCALANCE
W7x8 correctly. The configuration and the integration of the device in a WLAN are not
described in these instructions.

Documentation on the accompanying CD

You will find detailed information about configuration in the SCALANCE W700 configuration
manuals on the accompanying SIMATIC NET IWLAN CD under the file name:

PH_SCALANCE-W700-WBM_76.pdf and PH_SCALANCE-W700-CLI_76.pdf

Note

Make sure that you read the explanations and instructions in the README.txt file

Introduction

2.2 Structure of the type designations

SCALANCE W788-x / W748-1

8 Operating Instructions, 06/2016, A5E03678333-10

2.2

Structure of the type designations

The type designation of a SCALANCE W7x8 is made up of several parts that have the
following meaning:

Security information

Siemens provides products and solutions with industrial security functions that support the
secure operation of plants, systems, machines and networks.

In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial
security concept. Siemens’ products and solutions only form one element of such a concept.

Customer is responsible to prevent unauthorized access to its plants, systems, machines
and networks. Systems, machines and components should only be connected to the
enterprise network or the internet if and to the extent necessary and with appropriate security
measures (e.g. use of firewalls and network segmentation) in place.

Additionally, Siemens’ guidance on appropriate security measures should be taken into
account. For more information about industrial security, please visit
(http://www.siemens.com/industrialsecurity).

Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends to apply product updates as soon as available and to
always use the latest product versions. Use of product versions that are no longer supported,
and failure to apply latest updates may increase customer’s exposure to cyber threats.

To stay informed about product updates, subscribe to the Siemens Industrial Security RSS
Feed under (http://www.siemens.com/industrialsecurity).

SCALANCE W788-x / W748-1
Operating Instructions, 06/2016, A5E03678333-10

9

3

To prevent unauthorized access, note the following security recommendations.

General

● You should make regular checks to make sure that the device meets these
recommendations and/or other security guidelines.

● Evaluate your plant as a whole in terms of security. Use a cell protection concept with
suitable products.

● When confidential zones are used, the internal and external network are disconnected, an
attacker cannot access the data from the outside.

● Operate the device only within a protected network area.

● Use additional devices with VPN functionality (e.g. SCALANCE S) to encrypt and

authenticate communication from and to the devices.

● For data transfer via a non-secure network, use an encrypted VPN tunnel (IPsec) by
using additional devices with VPN functionality (e.g. SCALANCE S).

● For operation of the device in a non-secure infrastructure no product liability will be
accepted.

● Separate connections correctly (WBM. Telnet, SSH etc.).

Physical access

● Restrict physical access to the device to qualified personnel.

● The memory card or the PLUG (C-PLUG, KEY-PLUG, security PLUG) contains sensitive

data such as certificates, keys etc. that can be read out and modified.

Software (security functions)

● Keep the software up to date. Check regularly for security updates of the product.
You will find information on this on the Internet pages "Industrial Security
(http://www.siemens.com/industrialsecurity) "

● Inform yourself regularly about security advisories and bulletins published by Siemens
ProductCERT.

● Only activate protocols that you really require to use the device.

● Use the security functions such as address translation with NAT (Network Address

Translation) or NAPT (Network Address Port Translation) to protect receiving ports from
access by third parties.

● Restrict access to the device with a firewall or rules in an access control list (ACL -
Access Control List).

Security recommendations

SCALANCE W788-x / W748-1

10 Operating Instructions, 06/2016, A5E03678333-10

● If RADIUS authentication is via remote access, make sure that the communication is
within the secured network area or is via a secure channel.

● The option of VLAN structuring provides good protection against DoS attacks and
unauthorized access. Check whether this is practical or useful in your environment.

● Enable logging functions. Use the central logging function to log changes and access
attempts centrally. Check the logging information regularly.

● Configure a Syslog server to forward all logs to a central location.

● Use WPA2/ WPA2-PSK with AES to protect the WLAN. If iPCF or iPCF-MC is used, use

the AES encryption.

Passwords

● Define rules for the use of devices and assignment of passwords.

● Regularly update passwords and keys to increase security.

● Change all default passwords for users before you operate the device.

● Only use passwords with a high password strength. Avoid weak passwords for example

password1, 123456789, abcdefgh.

● Make sure that all passwords are protected and inaccessible to unauthorized personnel.

● Do not use the same password for different users and systems or after it has expired.

Keys and certificates

This section deals with the security keys and certificates you require to set up HTTPS (
HyperText Transfer Protocol Secured Socket Layer).

● We strongly recommend that you create your own HTTPS certificates and make them
available.

There are preset certificates and keys on the device. The preset and automatically
created HTTPS certificates are self-signed.

We recommend that you use HTTPS certificates signed either by a reliable external or by
an internal certification authority. The HTTPS certificate checks the identity of the device
and controls the encrypted data exchange. You can install the HTTPS certificate via the
WBM (System > Load and Save).

● Handle user-defined private keys with great caution if you use user-defined SSH or SSL
keys.

● Use the certification authority including key revocation and management to sign the
certificates.

● Verify certificates and fingerprints on the server and client to avoid "man in the middle"
attacks.

● We recommend that you use certificates with a key length of 2048 bits.

● Change keys and certificates immediately, if there is a suspicion of compromise.

Security recommendations

SCALANCE W788-x / W748-1
Operating Instructions, 06/2016, A5E03678333-10

11

Secure/non-secure protocols

● For the DCP function, enable the "DCP read-only" mode after commissioning.

● Avoid and disable non-secure protocols, for example Telnet and TFTP. For historical

reasons, these protocols are still available, however not intended for secure applications.
Use non-secure protocols on the device with caution.

● The following protocols provide secure alternatives:

– SNMPv1/v2 → SNMPv3

Check whether use of SNMPv1 is necessary. SNMPv1 is classified as non-secure.
Use the option of preventing write access. The product provides you with suitable
setting options.

If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.

Use SNMPv3 in conjunction with passwords.

– HTTP → HTTPS

– Telnet → SSH

– SNTP → NTP

● Use secure protocols when access to the device is not prevented by physical protection

measures.

● To prevent unauthorized access to the device or network, take suitable protective

measures against non-secure protocols.

● If you require non-secure protocols and services, operate the device only within a

protected network area.

● Restrict the services and protocols available to the outside to a minimum.

Available protocols per port

The following list provides you with an overview of the open ports on this device. Keep this in
mind when configuring a firewall.

The table includes the following columns:

●

Protocol

All protocols that the device supports

●

Port number

Port number assigned to the protocol

Security recommendations

SCALANCE W788-x / W748-1

12 Operating Instructions, 06/2016, A5E03678333-10

●

Port status

– Open

The port is always open and cannot be closed.

– Open (when configured)

The port is open if it has been configured.

Note

With some

protocols the port may be open although the corresponding protocol is

disabled, for example TFTP.

●

Default status of the port

– Open

As default the port is open.

– Closed

As default the port is closed.

●

Authentication

Specifies whether or not the protocol is authenticated during access.

Protocol

Port number

Port status

Default status of
the port

Authentication
SSH

TCP/22

Open (when configured)

Open

Yes

TELNET

TCP/23

Open (when configured)

Open

Yes

HTTP

TCP/80 Open (when configured) Open Yes

HTTPS

TCP/443

Open (when configured)

Open

Yes

SNTP
NTP

UDP/123 Open (when configured) Closed No

SNMP

UDP/161

Open (when configured)

Open

Yes

PROFINET

UDP/34964,

UDP/49154,

49155

Open Open No

Syslog

UDP/514

Open (when configured)

Open

No

EtherNet/IP

TCP/44818,

UDP/2222,44818

Open (when configured) Open No

DHCP

UDP/67,68

Open (when configured)

Closed

No

RADIUS

UDP/1812,1813

Open (when configured)

Closed

No

TFTP

UDP/69

Open (when configured)

Closed

No

SCALANCE W788-x / W748-1
Operating Instructions, 06/2016, A5E03678333-10

13

4

4.1

Components of the product

The following components are supplied with the product:

● SCALANCE W7x8

● Only with device variant M12 / IP65:

– 2 protective caps for the M12 sockets

● Only with device variant RJ-45 / IP30:

– 4-pin terminal block for the supply voltage

– 4-pin terminal block for the digital input/output

● 2 screws for mounting on an S7-300 standard rail

● SIMATIC NET Industrial Wireless LAN CD

Please check that the consignment you have received is complete. If the consignment is
incomplete, contact your supplier or your local Siemens office.

Note

The bracket for installation on a DIN rail does not ship with the product. You obtain a set of 3
under the following order number: 6GK5

798-8ML00-0AB3.

Description

4.2 Description of the device

SCALANCE W788-x / W748-1

14 Operating Instructions, 06/2016, A5E03678333-10

4.2

Description of the device

W7x8x-x RJ-45 - degree of protection IP30

①

LEDs

②

Connecting connectors, R-SMA type female

• Devices with one IWLAN interface: 3 connectors on the top (covered in the figure).

• Devices with two IWLAN interfaces: 3 connectors on the top and 3 on the underside.

③

Connector for power supply

④

Connector for Ethernet, RJ-45 type

⑤

Screw-down cover for the

- reset button and the

- PLUG compartment (not with W788C)

⑥

Connector for the digital input/output (not with W788C)

⑦

PLUG compartment (not with W788C)

⑧

Reset button

⑨

Grounding connector (thread M4) on the back of the device

Figure 4-1 Device description of the RJ-45 variant

Description

4.2 Description of the device

SCALANCE W788-x / W748-1
Operating Instructions, 06/2016, A5E03678333-10

15

W7x8x-x M12 - degree of protection IP65

①

Connecting connectors, N-Connect type female

• Devices with one IWLAN interface: 3 connectors on the top (covered in the figure).

• Devices with two IWLAN interfaces: 3 connectors on the top and 3 on the underside.

②

LEDs

③

Connector for the supply voltage, type M12 (with cover)

④

Connector for Ethernet, M12 type (with cover)

⑤

Screw-down cover for the

- reset button and the

- PLUG compartment (not with W788C)

⑥

PLUG compartment (not with W788C)

⑦

Reset button (covered in the figure)

⑧

Grounding connector (thread M4) on the back of the device

Figure 4-2 Device description of the M12 variant

Description

4.3 LED display

SCALANCE W788-x / W748-1

16 Operating Instructions, 06/2016, A5E03678333-10

4.3

LED display

Information on operating status and data transfer

On the front of the housing, several LEDs provide information on the operating status of the
SCALANCE W7x8:

LEDs with RJ-45 variants

LEDs with M12 variants

Note

The "R2" LED only exists on devices with two IWLAN interfaces.

LED

Color

Meaning

L1 Green Power supply L1.
L2 Green Power supply L2.

NOT WITH M12 VARIANTS.

PoE

Green

Power supply using Power over Ethernet.

P1

Green

There is a connection via the Ethernet interface (Link).

Green and yel­low flashing

alternately

Data transfer via the Ethernet interface.

R1 Green

SCALANCE W7x8 in access point mode:

The WLAN interface is initialized and ready for operation.

SCALANCE W7x8 in client Mode:

There is a connection over the first WLAN interface.

Green and yel­low flashing

alternately

Data transfer over the first WLAN interface.

Description

4.3 LED display

SCALANCE W788-x / W748-1
Operating Instructions, 06/2016, A5E03678333-10

17

LED

Color

Meaning

Flashing fast
yellow

SCALANCE W7x8 in access point mode:

With 802.11h, the channel is scanned for one minute for primary users
before the channel can be used for data traffic.

SCALANCE W7x8 in client mode:

The client waits for the MAC address due to the setting "Automatic" for

the "MAC mode" parameter and is connected to no access point.

Yellow
flashing 3 x

short, 1 x long

SCALANCE W7x8 in client mode:

The client waits for the MAC address due to the setting "Automatic" for

the "MAC mode" parameter and is connected to an access point.

R2 Green

SCALANCE W7x8 in access point mode:

The WLAN interface is initialized and ready for operation.

SCALANCE W7x8 in client mode:

The LED is always off because the 2nd interface is not available in client

mode.

Green and yel­low flashing
alternately

SCALANCE W7x8 in access point mode:

Data transfer over the second WLAN interface.

SCALANCE W7x8 in client mode:

The LED is always off because the 2nd interface is not available in client

mode.

Flashing fast
yellow

SCALANCE W7x8 in access point mode:

With 802.11h, the channel is scanned for one minute for primary users
before the channel can be used for data traffic.

SCALANCE W7x8 in client mode:

The LED is always off because the 2nd interface is not available in client

mode.

F

Red

An error occurred during operation with the SCALANCE W7x8.

Red
R1 or R2 flash­ing yellow simul-

taneously

A primary user was found on all enabled channels.

P1
R1

R2

Flashing yellow "Flashing" enabled using SIMATIC NET Primary Setup Tool (PST).

Note
Primary user (radar) on all enabled channels

If the device detects a primary user (for example radar signals) on all enabled channels of
WLAN interface 1, the LEDs F

and R1/R2 flash. No data traffic is then possible for the next

30 minutes. After this time, the device runs the scan again and checks whether a primary
user still exists. If no primary user is detected, data traffic is possible again.

The wait time of 30 minutes is

necessary due to legal requirements and cannot be shortened

even by restarting the device.