Configuring the IP Address
with the Primary Setup Tool
Configuration Using the
Wizards of
Web Based Management
Configuration Using Web
Based Management and the
Command Line Interface
Technical Specifications
3
4
5
6
7
C79000-G8976-C184-07
Release 10/2006
Approvals, Appendix, Glossary,
Index
Classification of Safety-Related Notices
This document contains notices which you should observe to ensure your own
personal safety, as well as to protect the product and connected equipment. These
notices are highlighted in the manual by a warning triangle and are marked as follows
according to the level of danger:
!
Danger
indicates that death or severe personal injury will result if proper precautions are not
taken.
!
Warning
indicates that death or severe personal injury can result if proper precautions are not
taken.
!
Caution
with warning triangle indicates that minor personal injury can result if proper
precautions are not taken.
Caution
without warning triangle indicates that damage to property can result if proper
precautions are not taken.
Notice
indicates that an undesirable result or status can occur if the relevant notice is
ignored.
Note
highlights important information on the product, using the product, or part of the
documentation that is of particular importance and that will be of benefit to the user.
The reproduction, transmission or use of this document or its contents is
not permitted without express written authority. Offenders will be liable fo
damages. All rights, including rights created by patent grant or registration
of a utility model or design, are reserved.
Siemens AG
Automation and Drives
Industrial Communication
Postfach 4848, D-90327 Nürnberg
Siemens Aktiengesellschaft Printed in the Federal Republic of Germany
Disclaimer
We have checked the contents of this manual for agreement with the
hardware and software described. Since deviations cannot be preclude
r
entirely, we cannot guarantee full agreement. However, the data in this
manual are reviewed regularly and any necessary corrections included in
subsequent editions. Suggestions for improvement are welcome.
C79000-G8976-C184-07
Technical data subject to change.
d
Trademarks
SIMATIC®, SIMATIC NET®, SINEC®, SIMATIC NET Networking for Industry® and
SCALANCE® are registered trademarks of Siemens AG.
Third parties using for their own purposes any other names in this document which
refer to trademarks might infringe upon the rights of the trademark owners.
Safety Instructions Regarding your Product
Before you use the product described here, read the safety instructions below
thoroughly.
Personnel Qualification Requirements
Only qualified personnel should be allowed to install and work on this equipment.
Qualified personnel as referred to in this manual or in the warning notes are defined
as persons who are familiar with the installation, assembly, startup and operation of
this product and who possess the relevant qualifications for their work, e.g.:
● Training in or authorization for connecting up, grounding or labeling circuits and
devices or systems in accordance with current standards in safety technology
● Training in or authorization for the maintenance and use of suitable safety
equipment in accordance with current standards in safety technology
● First aid qualification
Correct Usage of Hardware Products
Please note the following regarding the correct usage of hardware products:
Caution
This device may only be used for the applications described in the catalog or the
technical description, and only in connection with devices or components from other
manufacturers which have been approved or recommended by Siemens.
This product can only function correctly and safely if it is transported, stored, set up,
and installed correctly, and operated and maintained as recommended.
Before you use the supplied sample programs or programs you have written yourself,
make certain that no injury to persons nor damage to equipment can result in your
plant or process.
Before putting the product into operation, note the following warning:
Caution
Prior to startup you must observe the instructions in the relevant documentation. For
ordering data of the documentation please refer to the catalogs or contact your local
SIEMENS representative.
These Operating Instructions cover the following products:
● SCALANCE W788-1PRO
● SCALANCE W788-2PRO
● SCALANCE W788-1RR
● SCALANCE W788-2RR
Where the description applies to all products, the name SCALANCE W78x is used.
Where the description applies to a specific product, the full name of the product is
used.
These operating instructions apply to the following software versions:
● SCALANCE W78x firmware as of Version 3.1
● Primary Setup Tool as of Version 3.1
Purpose of the Operating Instructions
These operating instructions are intended to provide you with the information you
require to install, commission and operate the SCALANCE W78x correctly. It
explains how to configure the SCALANCE W78x and how to integrate the
SCALANCE W78x in a WLAN network.
Apart from the operating instructions you are currently reading, the following
documentation is also available from SIMATIC NET on the topic of Industrial
Wireless LANs:
●Operating Instructions (compact) SCALANCE W7xx
This document is supplied with the device on paper and contains a concise
summary of the most important information required to use the following
products:
The document contains all the information for the setup, commissioning and
operation of these devices. The SCALANCE W74x is connected to a PC / PLC
by an Ethernet cable and allows the attachment of these devices to a wireless
network; in other words, it is a gateway from a wired to a wireless network.
●System Manual Wireless LAN Basics
This includes not only the description of the physical basics and an outline of
the most important IEEE standards but also information on data security and a
description of industrial uses of wireless LAN.
You should read this manual if you want to set up WLAN networks with a more
complex structure (not only connections between two devices).
● System Manual RCoax
This system manual contains both an explanation of the technical basis of
leaky feeder cables as well as a description of the SIMATIC NET RCoax
components and their functionality. The installation / commissioning and
connection of RCoax components is explained.
●Manual IWLAN/PB Link PNIO Gateway for Industrial Ethernet
The user documentation for the IWLAN/PB Link. This device is a gateway
between IWLAN and PROFIBUS.
●Operating Instructions CP 7515
The comprehensive user documentation for the CP 7515 communications
processor with all the information required to operate this device.
The CP 7515 is inserted in a CardBus / PC-card (32-bit) slot and allows
attachment of the PC/PG to a wireless network.
●Operating Instructions (compact) CP 7515
This document is supplied with the device on paper and contains a concise
summary of the most important information required to use the CP 7515.
●Manual CP 1515
The comprehensive user documentation for the CP 1515 communications
processor with all the information required to operate this device.
The CP 1515 is inserted in a PC-card slot (Type II) and allows attachment of
the PC/PG to a wireless network.
With regard to the question of whether electromagnetic fields (for example in
association with industrial wireless LANs) can put human health at risk, we refer to
a publication of BITKOM (German Association for information Technology,
Telecommunication and New Media e. V.), dated December 2003:
"The same regulations for the protection of health for all other radio
applications also apply to WLAN devices. These regulations are based on
the protection concept of ICNIRP2 or the corresponding recommendation of
the European Council.
The independent German radiation protection commission (SSK) was
commissioned by the federal German ministry of the environment to
investigate the possible dangers - thermal and non-thermal - resulting from
electromagnetic fields and came to the following conclusions3:
"The SSK comes to the conclusion that even after evaluation of the latest
scientific literature, there is no new scientific evidence regarding proven
adverse effects on health that causes any doubt regarding the scientific
evaluation on which the protection concept of the ICNIRP or the European
Council recommendation."
Preface
The SSK also concludes that below the current limit values, these is also no
scientific suspicion of health risks.
This assessment agrees with those of other national and international
scientific commissions and of the WHO (
www.who.int/emf).
Accordingly and in view of the fact that WLAN devices are significantly below
the scientifically established limit values, there are no health risks from the
electromagnetic fields of WLAN products.
2
International Council on Non-Ionizing Radiation Protection
3
'Limit Values and Precautionary Measures to Protect the General Public from Electromagnetic
Fields' Recommendation of the Radiation Protection Commission (SSK) with scientific
justification, Issue 29, 2001.
"
You will find further information on this topic under the following URL:
This configuration does not require a server and the SCALANCE W78x does not
have a connection to a wired Ethernet. Within its transmission range, the
SCALANCE W78x forwards data from one WLAN node to another.
The wireless network has a unique name. All the devices exchanging data within
this network must be configured with this name.
1
Figure 1-1 Standalone Configuration of a SCALANCE W78x. The gray area indicates
the wireless transmission range of the SCALANCE W78x.
13
d Hoc Networks
A
In the ad hoc mode, nodes communicate directly (connections 1 through 3 in
Figure 1-2) without involving a SCALANCE W78x with each other (connection 4).
The nodes access common resources (files or even devices, for example a printer)
of the server. This is, of course, only possible when the nodes are within the
wireless range of the server or within each other's range.
If one (or more) SCALANCE W78x access points have access to wired Ethernet,
the following applications are possible:
● A single SCALANCE W78x as gateway:
A wireless
network can be connected with a wired network over a SCALANCE
W78x.
● Span of wireless coverage for the wireless network with several
SCALANCE W78x access points:
The SCALANCE W78x acc
SSID (network name). All nodes that want to communicate over this network
must also be configured with this SSID.
If a mobile station moves from the coverage r
SCALANCE W78x to the coverage range (cell) of another SCALANCE W78x,
the wireless connection is maintained (this is called roaming).
thernet Network
ess points are all configured with the same unique
ange (cell) of one
Figure 1-3 Wireless Connection of a Mobile Station over two Cells (Roaming)
If neighboring SCALANCE W78x access points use the same frequency cha
the response times are longer due to the collisions that occur. If the configuration
shown in Figure 1-4 is implemented as a single-channel system, computers A a
B cannot communicate at the same time with the SCALANCE W78x access po
in their ce
If neighboring SCALANCE W78x access points are set up for different frequencies,
this leads to a considerable improvement in
cells each have their own medium and the delays resulting from time-offset
transmission no longer occur.
Channel spacing should be as large as possible; a practical value would be 25
MHz. Even in a multichannel configuration, all SCALANCE W78x access points
can be configured with the same network name.
lls.
performance. As a result, neighboring
nnel,
nd
ints
1
A
7
1
B
7
Figure 1-4 Multichannel Configuration on Channels 1 and 7 with four
WDS allows direct connections between SCALANCE W78x devices and or
between SCALANCE W78x and other WDS-compliant devices. These are use
create a wireless backbone or to connect an individual SCALANCE W78x to a
network that cannot be connected directly to the cable infrastructure
location.
Two alternative configurations are possible
both using its name and its MAC address.
1
A
B
)
d to
due to its
. The WDS partner can be configured
1
1
1
Figure 1-5 Implementation of WDS with four SCALANCE W78x Access Points
RWlan allows a redundant, wireless connection between two SCALANCE W7882xx devices (W788-2PRO or W788
wireless backbone that cannot be
location but nevertheless has high demands in terms of availability.
Basic Information on Wireless LAN Communication
-2RR). This is used to set up a redundant
implemented as a wired network due to its
Two alternative configurations are possible. The RWl
both using its name and its MAC address.
an partner can be configured
B
A
Figux.
re 1-6 Implementation of RWlan with two SCALANCE W788-2x
As an alternative, data transfer is possible over one of the two wireless
adapters.
Frames in the direction from the client to the access point always have th
address of the WLAN interface as the source MAC address. As a result, the
learning table at the access point end always has only the MAC address of the
WLAN interface of the client.
If the MAC address of a device conn
both the MAC-based and the IP-based frames find their destination in precisely thi
device.
Other node
checks whether the destination MAC matches the MAC addresses of the
connected clients. Since a client can only adopt one MAC address, the acc
point does not find a match and discards the packets to other nodes.
Maximum possible number of MA
s located downstream from the client cannot be reached. The AP
ected to the client over Ethernet is adopted,
C nodes downstream from the client: 1
e MAC
s
ess
Notes on setting Auto Find Adopt MAC:
● As long as there is no link on the Ethernet interface, t
address of the Ethernet interface so that it can be reached in this status. In this
status, the device can be found using the Primary Setup Tool.
● As soon as there is a link on the Ethernet interface, the device adopts the
source MAC address o
Note
From the moment that the device adopts another MAC address (whether manually
or automatically), the device no longer responds to queries of the Primary Setup
Tool when the query is received over the WLAN interface. Queries of the PST over
the Ethernet interface continue to be replied to.
f the first received frame.
he device uses the MAC
Adopt Own MAC (only W746/W747 and W788 in client mode)
If IP-based frames need to be sent to a device connected downstream from the
client, the default setting Adopt Own Mac can be retained. The client registers with
the MAC address of its Ethernet adapter. The IP packets are broken down
according to an internal table and forwarded to the connected devices (IP
mapping).
Communication at the MAC address level (ISO/OSI layer 2) is then only possible
with a component downstream from the client if its MAC address was adopted by
the client.
Maximum possible number of MAC nodes downstream from the
Layer 2 Tunneling (only W746/W747 and W788 in client mode)
With layer 2 tunneling, the client provides information about the devices
downstream from it when it registers with an access point. This makes it possible to
enter the MAC addresses of these devices in the learning table of the access point.
The access point can forward MAC-based frames for the devices downstream from
the client to the appro
In much the same way as with WDS, a separate port is created for th
over which the Ethernet frames are sent without changing the destination MAC
address.
Maximum possible num
priate client.
ber of MAC nodes downstream from the client: 8
1.2.2 IP-based Communication
IP Mapping
(only W746/747 and W788 in client mode)
If there is more than one device connected downstream from the client and these
o
sh uld only be addressed with IP frames, you can implement WLAN access for
sev With IP mapping, the client maintains a table with
eral devices with one client.
the assignment of MAC address and IP address to forward incoming IP frame
the correct MAC address.
client: 0
e L2T client
s to
Maximum possible number of IP nodes downstream from the client: 8
● 2 (or 4 with SCALANCE W788-2PRO or SCALANCE W788-2RR) protective
caps for the R-SMA sockets
● 1 SIMATIC NET Industrial Wireless LAN CD with these Operating Instructions
for the SCALANCE W78x
Please check that the consignment you have received is complete. If it is not
complete, please contact your supplier or your local Siemens office.
A PG/PC with a network attachment must be available to configure the
SCALANCE W78x. If no DHCP server is available, a PC on which the Primary
Setup Tool (PST) is installed is necessary for the initial assignment of an IP
address to the SCALANCE W78x. For the other configuration settings, a computer
with Telnet or an Internet browser is necessary.
The SCALANCE W78x is equipped with an Ethernet interface and a wireless LAN
inte88-2RR: two WLAN
rface (SCALANCE W788-2PRO and SCALANCE W7
interfaces). This makes the device suitable for the following applications:
● The SCALANCE W78x forwards data within its transmission range from
node to another without a connection to wired Ethernet being necessary.
●
The SCALANCE W78x can be used as a gateway from a wired to a wireless
network.
The SCALANCE W78x can be used as a wireless bridge between two
●
tworks.
ne
● The SCALANCE W78x can be used as a bridge between two different
frequencies.
Over and above this, due to the second interface of the SCALANCE W788-2PR
and the SCALANCE W788-2RR, a redundant w
implemented between two SCALANCE W788-2xx modules.
● The Ethernet interface supports 10 Mbps and 100 Mbps, both in full and half
duplex as well as autocrossing and autonegotiation.
Operating the wireless interface in the frequency bands 2.4 GHz and 5 GHz.
●
● Th
e wireless interface is compatible with the standards IEEE 802.11a ,
IEEE 802.11b and IEEE 802.11g. In the 802.11a- and 802.11g mode, the
gross transmission rate is up to 54 Mbps. In turbo mode, the Transmission rate
is up to 108 Mbps (not permitted in all countries and modes).
N
ote
If NCEate (Arbo), remember
the SCALA
that the channelso the set transmission channel are also used for
communicrbn therefoon these channels when there
ation. Distu ances care occur
W78x is oper
adjacent t
are neighboring wireless systems. The dahput can also be reduced if
there is com etition for use these hannel
p of cs.
d in turbo mode, G or H tu
ta throug
● As an expansion of the 802.11a mode, it is also possible to opg
erated accordin
to the IEEE 802.11h standard. In 802.11h mode, the procedures Transmit
Powend uenn) are used in
r Control (TPC) aDynamic Freqcy Selectio (DFS the
range 5.25 - 5.35 and 5.47 - 5.75 GHz. This means that in somthe
frequency sub-band 5.47 - 5.725 GHz can also be used outdoer
e countries,
ors with high
transmit power.
TP
C is a method of coling the transmit power tharedu
c
urrently required level. With dynamic freency selecn (DF
point searches for primary users (for example radar) on a randcted
channel before starting communication. If signals are found on
this ch
annel is disabledand the availability check is repeated on
a
r c
nothehannel.
The gross transmission rate is up to 54 Mbps in 802.11h mod
● Support of the authentication standards WPA, WPA-PSK, WP
ntrolt is
qu
tio
for 30 minutes
ced to the
S), the access
omly sele
the channel,
e.
A2, WPA2-PSK
and IEEE 802.1x and the encryption methods WEP, AES and TKIP.
● Suitable for
inclusion of a RADIUS server for authentication.
● Device-related and application-related monitoring of the wireless connection.
● The interoperability of SCALANCE W78x dev
ices with Wi-Fi devices of other
vendors was tested thoroughly.
● Only for W78x-1RR/2RR: The iPCF mode provides an optimized data
throughput and minimum handover times.
On the front of the housingg
status of the SCALANCE W
ANCE Ws the following ports:
hybrid conne
45 jack anwes the use of
d 4-pin po
r on the front panel of the housing cons
r socket. The RJ-45 connector support
switches capable of power-over-Ethernet according to 802.3af. The 4-pin
power socket allows power of 18 - 32 V DC.
An M12 connector anal power supply (18 - 3
2 V DC).
r R-SMA plugs on the SCALANCE W788-2
SCALANCE W788-2Rchment of antennas on the sides of the
R) for the atta
device.
, several LEDs provide information on the operatin
Yellow Data transfer over the Ethernet interface (traffic).
Green There is a connection over the Ethernet interface. (Link)
Yellow flashing PRESET-PLUG detected.
Yellow/green PRESET function completed successfully.
Green flashing "Flashing“ enabled over PST.
Power supply over the hybrid connector X1 (PoE or
energy contacts).
Yellow Data transfer over the first WLAN interface.
Green Access Point Mode:
The WLAN interface is initialized and ready for operation.
Client Mode:
There is a connection over the first WLAN interface.
Green flashing Access Point Mode:
The channels are scanned.
Client Mode:
The client is searching for a connection to an access point or
ad hoc network.
Green flashing
quickly
Yellow flashing PRESET-PLUG detected.
Access Point
With 802.11h
primary users before the channel can be used for data traffic
Client Mode:
The client waits for the adopt MAC addr
<Aut
nce:
Mode:
the channel is scanned for one minute for
o Find Adopt MAC> and is connected to no access point.
.
ess due to the setting
Green
3x fast,
1x long
flashing
Yellow/green PRESET function completed successfully.
Clie
nt Mode:
The client waits for the adopt
<Auto Find Adopt MAC> a
nd is connected to an access point.
MAC address due to the setting
LED Color Meaning
R2
Yellow Access Point Mode:
Data transfer over the second WLAN interface.
Client Mode:
The LED is always off because the 2nd interface is not
available in client mode.
Green Access Point Mode:
The WLAN interface is initialized and ready for operation.
Client Mode:
The LED is al
available in client mode.
Green flashing Access Point Mode:
The channels are scanned.
Client Mode:
The LED is always off because the 2nd interface is not
C-PLUG is used to transfer the configuration of the old device to the new
devrts up with the C-
ice when a device is replaced. When the new device sta
PLUG, it then continues automatically with exactly the same configuration as the
old device. One exception to this can be the IP configuration if it is set over DHCP
and the DHCP server has not been reconfigured accordingly.
Reconfiguration is necessary if you use WDS or redundancy and use the MAC
addresses and not the sysNames. These functions are then based on the MAC
address that inevitably changes if a device is replaced.
Note
As soon as the device is started with a C-PLUG inserted, the SCALANCE W starts
up with the configuration data on the C-PLUG.
Replacing the C-PLUG
Follow the steps below to replace a C-PLUG in a SCALANCE W78x:
1 Turn off the power to the device.
2 Remove the old SCALANCE W78x from its mounting and open the sealing
screw on the rear with a coin or broad screwdriver.
3 Remove the C-PLUG.
4 Open the sealing screw of the new device in the same way and insert the C-
PLUG of the old device.
5 Replace the sealing screws of both devices.
If a new C-PLUG is inserted in a SCALANCE W78x, the configuration stored locally
on the SCALANCE W78x is saved to the C-PLUG. If an incorrect C-PLUG (for
example from another device or a damaged plug) is inserted, the
SCALANCE W78x signals an error with the red LED. The user then has the choice
of either removing the C-PLUG again or selecting the option to reformat the CPLUG and use it.
Note
It is necessary that the configuration on the C-PLUG was generated with a
firmware version ≤ the firmware version on the destination device.
Example: A C-PLUG with version V3.0 cannot be used for a SCALANCE W78x
with firmware version V2.4.
The reset button is on the rear of the device directly beside the C-PLUG receptacle
and has several functions:
●Restarting the dev
To restart the device
ice.
, press the Reset button.
●Loading new firmware
(Only if the normal procedure for loading firmware with Load & Save (see
Section. 6.2.10) does not work). This can, for example, occur if there was a
power down during the normal firmware update.
Follow the steps below to load new firmware:
1. Turn off the powe
r to the device.
2. Now press the Reset button and reconnect the power to the device while
hold
ing down the button.
3. Hold down the button until the red fault LED (F) starts to flash after
approximately 2 seconds.
4. Now release the button. The bootloader waits in this state for a new
file that you can download by FTP.
5. Assign an IP address with the Primary Setup Tool.
6. Connect a PC to the SCALANCE W78x over the Ethernet interface.
7. Then enter the co
FTP client. The new firmware should be located in the same fol
mmand "ftp <ip address>“ in a DOS box or use a different
der as the
DOS box.
firmware
8. For the login and password, enter "siemens“. You can now transfer the new
firm
ware with the "put <firmware>“ command.
9. Once the firmware has been transferred completely to the device, the device
is restarted automatically.
● Restoring the default parameters (factory default)
Caution:
All previously made settings are lost!
First, turn off the power to the device. Now press the Reset button and
reconnect the power to the device while holding down the button. Hold down
the
button until the red fault LED (F) stops flashing after approximately 10
seconds and is permanently lit. Now release the button and wait until the
fault LED (F) goes off again. The device then starts automatically with the
default parameters.
Antennas installed outdoors must be within the area covered by a lightning
protection system. Make sure that all conducting systems entering from outdoors
can be protected by a lightning protection potential equalization system.
When implementing your lightning protection concept, make sure you adhere to the
r IEC 62305 standard. VDE 0182 o
A suitable lightning conductor is available in the range of accessories of SI
NET Industrial WLAN:
Lightning Protector LP798-1
3
MATIC
PRO (order no. 6GK5798-1LP00-0AA6)
!
Warning
Installing this lightning protector between an antenna and a SCALANCE W788 is
not adequate protection against a lightning strike. The LP798-1PRO lightening
protector only works within the framework of a comprehensive lightning protection
concept. If you have questions, ask a qualified specialist company.
Note
The requirements of EN61000-4-5, surge test on power supply lines are met only
when a Blitzductor VT AD 24V type no. 918 402 is used
Manufacture
2306 Neumarkt, Germany
9
r: DEHN+SÖHNE GmbH+Co.KG Hans Dehn Str.1 Postfach 1640 D-
The SCALANCE W78x devices are designed for operation with safety extra-low
voltage (SELV). Therefore only safety extra-low voltage (SELV) with limited power
source (LPS) complying with IEC950/EN60950/VDE0805 may be connected to the
power supply terminals.
The power supply unit to supply the SCALANCE W78x must comply with NEC
Class 2 (voltage range 18 - 32 V, current requirement 1 A)
The device may only be supplied by a power supply unit that meets the
requirements of class 2 power sources of the "National Electrical Code, table 11
)". If the power supply is designed redundantly (two separate power supplies),
(b
both m
Exceptions:
• Power supply with PE
• Power supply by a SELV power source (according to IEC 60950) or PELV
ust meet these requirements.
LV (according to VDE 0100-410) is also possible if the
generated rated voltage does not exceed the voltage limits 25 V AC or 60 V DC.
power source (according to VDE 0100-410) without limited power is also
permitted if suitable fire protection measures are taken by:
- Installation in a cabinet or suitable enclosure
- Installation is a suitably equipped, closed room
Caution
There must be no potential difference between the following parts otherwise there
is a risk that the device will be destroyed:
• Ground potential of the power supply and ground potential of the antenna
ground.
• Ground potential of the power supply and a grounded housing.
• Ground potential of the power supply and the ground potential of the device
connected to Industrial Ethernet (for example PC, AS-300, AS-400 etc.)
Connect both grounds to the same foundation earth or use an equipotential
bonding cable.
Power over Ethernet
Connecting several SCALANCE W7xx devices with PoE supply from a common
PoE switch (acting as power supply) is not possible.
e the holes in the housing to screw the device to the wall or on a horizontal
● Us
surface.
● Install the SCALANCE W78x on a 90 mm long, vertically mounted piece of
standard rail (S7-300). In this ca
between the wall and SCALANCE W78x. If you want to in
W78x along with a PS791-1PRO, a 150 mm long standard rail is necessary.
Make sure that there is suitable strain relief for the conne
●cting cable.
se, the standard rail serves as an adapter
stall the SCALANCE
t
No e
We recomme
ade. This avoids unwanted heating of the device and prevents premature ageing
sh
the device and ca
of bling. When operating the SCALANCE W outdoors, make sure
that it is installed so that it is protected from UV and that the device is not
to ain (installed under a roof).
r
Note
The minimum distance to fluorescent lamps should be 0.5 m. For cabinet
installation, we recommend that you do not install relays on the same or on directly
neighboring mounting rails.
nd that you protect the device from direct sunlight with a suitable
Connectors for the Power Supply and for Ethernet
The SCALANCE W78x is attached to Ethernet via a hybrid socket on the front of
the housing (position A in Figure 3.1). This port also has contacts for the operating
voltage.
Note
If you do not use the hybrid socket, this must be covered with a protective cap,
otherwise IP 65 protection is lost. A suitable protective cap is available as an
accessory (order no. 6ES7194-1JB10-0XA0). If you do not use the M12 connector,
the supplied protective cap must also be fitted to retain the IP65 degree of
protection.
As an alternative or in addition to this,uer
supply (position B in Figure 3.1).
You can fit additional antennas to the
SCALANCE W788-2RR with an antenC in Figure 3.1). If you
install the SCALANCE W78x in a cab
must be unscrewed due to the restric
connection is over detached antenna
panel, there is also an identifier for th
on the right-hand side and B connect
SIMATIC NET offers the IWLAN FRNC antenna extension cable for the connection
between the SCALANCE W78x and detached antenna. To avoid violating the
approvals, only antennas released for this product can be used.
Note
T a pair of antennas for the first and se
he distance between
m
ust be at least 0.5 m.
ANCE W78x
yo can also use the M12 plug for the pow
sides of the SCALANCE W788-2PRO and
na cable (position
inet, the antenna (position D in Figure 3.1)
ted communication. In this case, the
s in store outside the cabinet. On the front
e antenna connectors. The A connectors are
ors B on the left-hand side.
The following cable variants are available to connect a SCALANCE W78x to the
power supply and to Ethernet:
● IE hybrid cable 2 x 2 + 4 x 0.34 (o
The two data wire pairs are separa
suitable for assembly with the IE IP 67 hybrid co
● IE FC TP standard cable 4 x 2 GP
IE FC TP flexible cable 4 x 2 GP (-2H)
In these cable types, two wires are twisted. All four pairs of wires are inside a
common shield.
● 2 x 2 IE cable, the optional power supply (18 - 32 V DC) is over M12
connectors.
nd Ethernet
rder no. 6XV1870-2J)
tely shielded. This cable is particularly
nnector.
(order no. 6XV1870-2E)
order no. 6XV1870
Cable Selection and Interference Exposure
A decisive factor in the selection of a e
to which the current lines between thedular
outlet are subjected. Due to the separ
interference has less effect on the dat
standard cable or TP flexible cable.
ABC
Figure 3-2 Cabling a SCALANCE W Interference between
the Power Supply and M
A Power supply
B FC RJ-45 modular outlet with power insert
C SCALANCE W78x
3.3.3 Assembling an IE FC TP Standard Cable 4 x 2 GP or IE FC TP
Flexible Cable 4 x 2 GP with an IE IP 67 Hybrid Connector
Remove the two inner shells of the
universal sealing ring to adapt it to
the diameter of the hybrid cable.
Push the bushing, washer, adapted
universal sealing ring and the
housing over the cable jacket.
Remove the following lengths of
cable jacket and shield braid:
• 25 mm for the power leads.
• 30 mm for the data leads.
To achieve good shielding, the shield
braid must be alt least 30 mm long.
Arrange the data leads according to
the color codes on the splice
element. The following table shows
the assignment of the data leads.
Wind the shield braid around the data
leads. As a result, the shielding of the
cable has contact to the shield plate
of the splice element that will be fitted
later.
Contact and color assignment of the
splice element.
With the PRESET PLUG, it is simple to assign a configuration
such as access points, EC
configuration to any numbe
procedure is particularly useful when commissioning a lot of WLAN clients with the
same parameter settings because you do not need to set parameters for each
client manually.
Note
To avoid duplicating IP addresses, the IP parameters are not changed but are
retained when you use the PRESET PLUG.
If the PRESET PLUG is inserted, the W
WLAN operation with a PRESET PLUG
Note
With a version V3.0 AP or older, it is not possible to create a PRESET-PLUG for
the IWLAN/PB-Link versio
update the IWLAN/PB Link to firmware V1.2, the configuration is available aga
a PRESET PLUG (created with V3.1).
Ms or IWLAN/PB links. You transfer an existing
r of other devices using the PRESET PLUG. This
LAN interface of the device is deactivated.
insert it is not possible.
n V1.1. Please use a version V2.4 AP or older. If you
to WLAN devic
es
in on
Configuration with a new PRESET-PLUG
Follow the steps below to save a configuration on a PRESET PLUG:
1. Insert the PRESET PLUG in the C-PLUG slot of a powered-down device with
the required configuration and then turn on the device.
2. Start Web Based M
3. In the Modify C-PLUG list box, select the Create PRESET-PLUG entry.
Description of the SCALANCE W78x Description of the SCALANCE W78x
4. In the PRESET PLUG for box, specify the device for which you want to create
the PRESET PLUG.
Note
A PRESET PLUG for configuring a SCALANCE W78x in Access Point mode
must be created with a SCALANCE W78x because a SCALANCE W74x does
not have all the configuration settings required for the W78x.
5. Click on the Modify button to transfer the configuration of the device to the
PRESET PLUG.
6. Turn the device off and remove the PRESET PLUG.
The ool is on the CD that ships with the SCALANCE W78x.
Primary Setup T
The Primary Setup Tool is also available from Siemens Aut
Service & Support on the Internet under entry ID 19440762. You will find this entry
under the following URL:
On the CD and on the Internet, you will find the latest version of the Primary Setup
Tool (at the time of release of this document, Version 3.1). Make sure that you use
the version V3.1 or higher for the SCALANCE W78x.
4
ion
omation and Drives
Operating Systems Supported
The Primary Setup Tool can be installed and used with the following operating
systems:
Configuring the IP Address with the Primary Setup Tool
4.5 Working with the Prim
Selecting t
Selecting the Network Adapter
Browsing the Network
he Language
Afteraelect the
st rting the Primary Setup Tool, a dialog opens in which you s
langu >
age for the program. You can also set the language in the Settings
uage menu.
Lang
If there is more than one network adapter in your computer, you can open the
Settings > Network Adapter menu and specify which adapter is used by the
Primary Setup Tool. This menu displays a maximum of four network adapters.
Before you assign IP addresses with the PST, you must first locate the
configurable devices in the network. Start this search with the steps outlined belo
● Select the Network > Browse menu command.
ary Setup Tool
w:
● Press th
● Click on the magnifier icon in the toolbar below the menu bar.
While the Primary Setup Tool browses the network, the Browse Network dialog is
displayed with a progress bar. On completion of the search, the Primary Setup Tool
displays a list with all the devices it has found in the left-hand pa
Configuring the IP Address with the Primary Setup Tool
4. Make the following entries if you have decided to assign the IP address
manually:
● Enter the IP address for the device in the IP Address box. In each pa
and 255; the program does not accept any other num
● Enter the subnet mask in the
Subnet Mask box.
● If necessary, select the Use router check box and enter the IP address of
the router in the text box. Router information is necessary if the computer
on which you are creating the configuration is not in the same subnet as
the device to be configured.
Downloading Configuration Data to the Module
Follow the steps below to transfe
1. Select the module you want to configure in the left pane of the program
window. As long as an interface is selected and the input dialog for the
configuration data is displayed, no download of the configuration
possible.
2. Start the download by following the steps outlined below:
● Select the Module > Download menu command.
r the configuration data to the device:
a number betwe
bers.
data is
rt of
en 0 the address separated by the periods, you can enter
INCs (Industrial Network Components) such as a SCALANCE W7xx include Web
Based Management. Select the device you want to configure with Web Based
Management and follow the step
● Select the menu command Module -> Start INC Browser.
● Click on the third icon from the left in the toolbar (module with four blue
wires).
Configuring the IP Address with the Primary Setup Tool
s below to start Web Based Management:
If the Module > Start INC Browser and the module icon are disabled, there is no
Web Based Management for the selected module.
Removing a Module
You can remove a module from the list in the left-hand pane of the program
window by selecting the Module > Remove Module menu command. Using this
menu command has no effect on the existence of a module in the network; if you
browse the network again, all modules are displayed again.
The SCALANCE W78x has an integrated HTTP server for Web Based
Management. If the SCALANCE W78x is accessed by an Internet browser, it
returns HTML pages to the client computer depending on user input.
Users enter the configuration data in the HTML pages sent by the
SCALANCE W78x. The SCALANCE W78x evaluates this information and
generates response pages dynamically.
The great advantage of this method is that apart from a Web browser, no special
software is required on the client.
5
b Based Management
Requirements for Web Based Management
Once you have assigned an IP address with the Primary Setup Tool, you can
continue to configure the device with Web Based Management.
To use Web Based Management, you should ideally have a wired network
connection between the SCALANCE W78x and the client computer. In principle, it
is possible to use Web Based Management over a wireless network, however the
SCALANCE W78x can be set so that access over a wireless network is disabled.
We recommend that you use the Microsoft Internet Explorer Version 5.5 or higher
or Mozilla Firefox Version 1.5 or higher.
All the pages of Web Based Management require JavaScript. Make sure that your
browser settings allow this.
Since Web Based Management is HTTP-based on, you must allow access to Port
80 or Port 443 for HTTPS if you have a firewall installed.
Configuration Using the Wizards of Web Based Management
Note
The screenshots in this section were created using the Microsoft Internet Explor
version 6.0. If you use a different browser (for example Mozilla), the appearan
Configuration Using the Wizards of Web Based Management
5.2 Starting Web Bas
Procedure
1. In the address box of the Web browser, enter the IP address or the URL of the
SCALANCE W78x. If there is a problem-free connection to the
SCALANCE W78x, the Logon dialog of Web Based Management is displayed:
ed Management and Logging On
2. In the "User Name" list box, select the "Admin" entry if you want to change
settings of the SCALANCE W78x (read and write access). If you select the
"User" entry, you only have read access to the configuration data of the
SCALANCE W78x.
3. Enter your password. If you have not yet set a password, the default passwords
as shipped apply: Enter admin if you selected "admin" as the user name or user
if you selected "user".
4. Click on the "Log On" button to start the logon.
Configuration Using the Wizards of Web Based Management
5.2.1 Co
Descriptio
nnection over HTTPS
n
Web Based Management also allows you to connect to the device over the secure
connection of the HTTPS protocol.
Enter https:// in the address field of the Internet browser and the IP address o
SCALANC
and asks you whether you want to continue the action. Confirm with YES. The
Login dialog of Web Based Management opens.
E W7xx and confirm with Enter. The warning Security Alert is displayed
Configuration Using the Wizards of Web Based Management
5.3 Selecting the W
Basic Wizard
Wizard Status
, Security Wizard and iPCF-Wizard
Web Based Management provides several wizards that allow straightforward
commissioning w
consists of a series of dialogs in which you enter the basic configuration data.
There is a wizard for general settings to ensure the basic functionality of the
SCALANCE W78x. The wizard for the security settings supports you when setting
security-related parameters. A further wizard is available in client mode to
configure the iPCF mechanism (industrial Point Coordination Function).
After selecting the "Wizards" menu on the left-hand side of the dialog, the status of
the wizards is displayed. If you have worked through a wizard completely, Done is
displayed as the status. If you have worked through all wizards, the Wizards entry
moves to the bottom end of the menu.
ithout detailed knowledge of wireless technology. A wizard
Configuration Using the Wizards of Web Based Management
5.4.1 IP
Descriptio
Settings
n
One of the basic steps in configuration of an Ethernet device is setting the IP
address. The IP address identifies a device in the network uniquely. On this page,
you enter the information for IP configuration of the SCALANCE W78x.
There are two methods of assigning IP addresses to
be set as a fixed permanent address or can be obtained dynamically from a DHCP
server. Select "
Specified IP Address" if you do not use a DHCP server.
input box
The IP address of the SCALANCE W78x. Here, you enter an address that is
unique within the network.
devices: The IP address can
63
Subnet Mask input box
The subnet mask specifies the range of addresses within which communication
ca
n take place.
The four numbers of an IP address separated by periods are interpreted as a bit
pattern. If a one is set at a bit position within the subnet mask, this means that onl
devices with an IP address the matches the IP address
Management Agent at this bit position can communicate with the
SCALANCE W78x.
Example
Let us assume that the IP address of the SCALANCE W78x is set to
192.168.147.189 and the subnet mask is set to 255.255.255.0. The bit pattern for
255 is 1111 1111. This means that the bit pattern of the first number of the IP
address of a comm
W78x exactly at this point. The same applies to the second and third parts of the IP
address. The IP address of a communication partner must therefore start with
192.168.147. The bit pattern of 0 is 0000 0000. This means that the bit pattern of
the last part of the IP address of the partner device does not need to match the
address of the SCALANCE W78x at any point; in other words, it can be any
number.
Configuration Using the Wizards of Web Based Management
y
of the SCALANCE W78x
unication partner must match the bit pattern of the SCALANCE
The device name also identifies a network node but means more to the user than
the IP address.
Configuration Using the Wizards of Web Based Management
System Nam
In this box, you enter the device name for your SCALANCE W78x. This parameter
corresponds to the sysName SNMP parameter. The device name can be up to
maximum of 255 characters long. If you also want to use this parameter for WDS
or redundancy, the maximum length is 32 characters.
Configuration Using the Wizards of Web Based Management
5.4.3 Country Co
Descriptio
Note
The correct country setting
approvals. Selecting a co
prosec
ution!
n
Some divisions for WLAN communication.
countries have different frequency band
The regulations for maximum output power also differ from country to country.
When you configure the SCALANCE W78x, you must s
regula
tions are relevant for your location. You do this with the Country code
param
eter.
de
is mandatory for operation complying with the
untry different from the country of use can lead to legal
pecify which local
Country code list box
In this list box, you select the country in which the SCALANCE W78x will be
operated. You do not need to know the data for the specific country, the channel
division and output power are set by the SCALANCE W78x according to the
country you select.
Configuration Using the Wizards of Web Based Management
5.4.4 Wireless Settings in Access Point Mode
Description
On this page, you specify the configuration of the wireless network. This includes
the network name and the transmission mode. If you are configuring the
SCALANCE W788-2PRO and SCALANCE W788-2RR models, this page ap
a second time t
make different settings for "WLAN1" and "WLAN2".
o allow you to configure the second wireless adapter. You can
pears
SSID text box
Enter the name of your network in this box. The SCALANCE W78x allows all
characters except the percent character for the SSID. To ensure compatibility with
partner devices, you should, however, not use any characters that are peculiar to a
particular language (for example special German characters ä, ö etc.). The string
for SSID can be a maximum of 32 characters long.
Wireless Mode list box
Select a wireless mode that is supported by all partner devices. On the
SCALANCE W788-2PRO and SCALANCE W788-2RR, it may be a practical to set
a different transmission mode for each wireless adapter to allow optimum support
of different clients. The effect of the 802.11.b + g setting is that all the settings in
the Advanced G menu are taken into account as far as possible but that
compatibility with devices conforming to IEEE 802.11 b guaranteed.
Configuration Using the Wizards of Web Based Management
5.4.5 Wireless Settings in Client Mode
Description
In the Client mode, there is also the check box Connect to ANY SSID. The ot
settings correspond to those of the access point mode.
her
Connect to ANY SSID Check Box
When this check box is selected, the client connects to the access point that allows
the best possible data transfer and to which a connection is permitted based on the
security settings.
Configuration Using the Wizards of Web Based Management
5.4.6 Adopt MAC Ad
Assigning
the MAC Address
A MAC address must be specified for the device connected to the Eth
the SCALANCE W78x client before it can be reached. This MAC address is used
by the
client for wireless communication with the access point.
● If there is precisely one MAC address to be served downstream from the clie
there are two ways of doing this:
– Automatically, the client adopts the source MAC address of the first frame
that it receives over the Ethernet interface.
– Manual entry by the user.
These settings have no effect on communication with standard Wi-Fi device
● If up to eight M
the following setting is available for SCALANCE W746-1PRO and SCALANCE
W747-1RR:
– Layer 2 Tunneling
This setting meets the requirements of industrial applications in which MAC
address-based communication with several devices downstream from the client
is required. Clients with this setting cannot connect to standard Wi-Fi devices
and SCALANCE W access points with firmware V3.0 or older.
dress Settings (Client Mode only)
ernet port of
nt,
s.
AC addresses need to be served downstream from the client,
Note
The layer 2 tunneling setting is available only with the following model variants:
• SCALANCE W78x in client mode
• SCALANCE W746-1PRO
• SCALANCE W747-1RR
The SCALANCE W746-1PRO and SCALANCE W747-1RR devices can also
provide access to a wireless network for several Ethernet devices (IP mapping).
For an access point with MAC filtering, only one MAC address is visible to the
SCALANCE W78x client, there can be no filtering according to the MAC addresses
of the Ethernet devices.
Configuration Using the Wizards of Web Based Management
Adopt MAC text box
If the Set 'Adopt MAC'manually check box is selected, you will need to enter the
MAC address of the device connected to the SCALANCE W78x client over
Ethernet here.
If you do not want layer 2 communication to be handled over the SCALANCE
W78x client, but only send higher IP-based frames to one or more connected
devices, you can also leave the default setting Adopt Own Mac. In this mode, the
client registers with the MAC address of its Ethernet adapter. The IP packets are
broken down according to an internal table and forwarded to the connected
devices.
The Adopt MAC box is hidden in the "Auto find 'Adopt MAC' " and "Layer 2
Tunneling" modes.
Configuration Using the Wizards of Web Based Management
5.4.7 Channel Settings (on
Description
The SCALANCE W78x uses a specific channel within the frequency band for
communication. You can either set this channel specifically or configure the
SCALANCE W78x so that the channel is selected automatically. A sp
must be set, for example, in the following situations:
● Communication suffers from interference from another device (for example
microwaves) o
● Use of the redundancy function. In this case, two well spaced channels or two
different frequency bands must be selected.
● Use of WDS. In this case, select a problem-free channel that is also used by
the WDS partner.
r another wireless network.
ly in access point mode)
ecific channel
Auto Channel Select Check Box
Select this check box if you do not have any particular requirements regarding
channel selection.
Here, you select a channel suitable for your application. You can only select from
this list if the Auto Ch
box depend on the pr
mode (IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11h).
Configuration Using the Wizards of Web Based Management
annel Select check box is not selected. The entries in the list evious selection made in the Country code box and on the
Note
If your SCALANCE W78x has a second wireless adapter (SCALANCE W7882PRO, SCALANCE W788-2RR), this adapter is deactivated when the devic
shipped. You can use the second wireless adapter after you have selected the
channels.
Notice
When operating a second wireless adapter, make sure that there is adequate
channel spacing.
This page displays the parameters you have selected when you have completed all
the entries for the basic configuration. The setting Adopt MAC Address and the
note on the iPCF Wizard is displayed only in client mode.
Configuration Using the Wizards of Web Based Management
If you use a SCALANCE W788-1RR or SCALANCE W788-2RR in client mo
want to operate it in a iPCF network, you can enter the nec
essary settings using
the iPCF Wizard link.
de and
Finish button
Click this button to close the Basic Wizard and to log on again with the modified IP
address. Alternatively, click on the Security Wizard link to change to the security
74
Configuration Using the Wizards of Web Based Management
5.5 Security Wizard
Introduction
With the Security Wizard, you can specify security-related parameters without
detailed knowledge of security technology in wireless networks.
Note
The SCALANCE W78x can be
parameters. Depending on the
an increased risk of unauthorized access. You should therefore work through all
the pages of the Security Wizard, so that you have at least basic security functions.
operated even if you do not set the security
properties of your network, there is then, however,
Configuration Using the Wizards of Web Based Management
First, set a new admin password. Enter the string twice in the text boxes of th
page. The password can be up to a maximum of 31 characters long.
Until you set a password, the defaults set in the factory apply: The default
password for the admin user is admin. You can use the wizards only if you log on
as administrator.
Configuration Using the Wizards of Web Based Management
5.5.3 Security Settings for SNMP Protocol
Access Permissions using the SNMP Protocol
When using the SNMP protocol, you specify access permissions by means of the
community string. A community string effectively combines the function of user
name and password in one string; different community strings are defined for read
and write permissions. More complex and more secure authentications are
possible only in some SNMPv2 variants and in SNMPv3.
To preserve security, you should not use the default values public or private.
Write Community String text box
Here, you enter the write community string (maximum of 63 characters) for the
SNMP protocol.
SNMP Read Only Check Box
If you select this check box, only read access is possible with the SNMP protocol
V1 or V2c.
Configuration Using the Wizards of Web Based Management
5.5.4 Security Settings for WLAN (Page 1, only in access point mode)
Description
On this page, yo make the securisettings, incl, for example, the
authentication and encryption. If you are configuring theE W78
or SCALAs appear a send time to allow you
to configuseadacan make different settings
WLAN1 and WLAN2.
NCE W788
re the
Network-Specific Security
On t e firse oty settinelect setply regss
ht pagf the securi
of protocol-specificc measures for securing a network against
unauthorized acce
allowing onertain clients (th that have enter the network n
Configuration Using the Wizards of Web Based Management
SSID text box
Enter the name of your network in this box (maximum of 255 characters, 32
characters if you use the red
sett
ings for a specific locale on the computer, the name should not include any
spe
cial German characters (ö, ä etc.).
undancy function). To avoid any possible conflicts with
Suppress SSID broadcasting check box
An entry in this check box means that the SSID is not visible for other device. As a
result, only stations for which the same network name was configured as for the
SCALANCE W78x can connect to the SCALANCE W78x.
Configuration Using the Wizards of Web Based Management
ote
N
Since no encryption is used for the SSID transfer, this function can only provide
basic protection against unauthorized access. The use of an authentication method
(for example WPA (RADIUS) or WPA-PSK if this is not possible) provides higher
security. You must also expect that certain end devices may have problems with
access to a hidden SSID.
Inter SSID Com
Selecting this check box allows communication between WLAN clients registered
at different SSIDs of an access point.
E
Example 2: A SCALANCE W788-1xx is used with multiple SSIDs.
Note
On a SCALANC
enabled on both
the clients with different SSIDs.
Note
If VLANs are configured for the SSIDs, this setting can prevent communication
between the SSIDs accord
munication check box
xample 1:
A SCALANCE W788-2xx was defined with differ
each of the wireless cards.
E W788-2xx, the Inter SSID communication function must be
WLAN interfaces or on all VAPs to allow communication between
ing to the VLAN rules.
ent SSIDs for
Intracell Communication list box
●Intracell blocking
This setting prevents WLAN client communication within an SSID.
●Ethernet blocking
This setting prevents WLAN client communication over the Ethernet interface
of the access point.
●Disabled
This setting enables both WLAN client communication within an SSID as well
as WLAN client communication over the Ethernet interface.
To illustrate the situation, there is an overview of the effects of the Inter SSID
Communication and Intracell Communication settings below.
Configuration Using the Wizards of Web Based Management
5.5.5 Security Settings for WLAN (Page 2)
Predefined Security Levels
Authentication and encryption are tried and tested methods for increasing security
in networks. Web Based Management provides five predefined security levels that
specify suitable methods.
Configuration Using the Wizards of Web Based Management
The following table indicates what the various security levels involve.
Visible in
Wizard
Level Authentication Encryption
x None Open System disabled without
None Open System enabled as option WEP / AES local
x Low Shared Key enabled WEP / AES local
x Medium IEEE 802.1x enabled WEP Server
High
Highest WPA (Radius) enabled TKIP / AES Server
x High
x Highest WPA2 (Radius) enabled TKIP / AES Server
High
Highest
WPA-PSK
(preshared
WPA2-PSK
(preshared Key)
WPA-Auto-PSK
(preshared Key)
WPA-Auto
(Radius)
Key)
enabled TKIP / AES local
enabled TKIP / AES local
enabled TKIP / AES local
enabled TKIP / AES Server
Type of
Encryption
Encryptio
n key
source
not
applic
e
abl
Authentication
Authentication basically means that some form of identification is required.
Authentication therefore protects the network from unwanted access. In the
Security Level box, you can choose between the following types of authentication:
● None (Open System)
● Low (Shared Key)
There is no authentication. Encryption with a fixed (unchanging) key can be
selected as an option. Based are the key length, you can choose between
WEP and AES. To do this, define a key in the Keys menu. 5 or 13 ASCII or 10
or 26 hexadecimal characters specify a weak WEP key (40/104 bits). 16 ASCII
or 32 hexadecimal characters, on the other hand, define a strong AES key (128
bits). Then select Encryption in the Basic WLAN menu.
In Shared Key authentication, a fixed key is stored on the client and access
point. This is then used for authentication and encryption. In this case, you will
have to store a WEP or AES key after selecting Low (Shared Key).
Configuration Using the Wizards of Web Based Management
● Medium (IEEE 802.1x)
Port-related access check over an external RADIUS server (IEEE 802.1x). With
this method, the client logs on at a RAD
IUS server based on a certificate (EAPTLS) or a combination of user name and password (EAP-PEAP or EAP-TTLS /
internal authentication method MSCHAPv2). As an option, the RADIUS server
the
n identifies itself to the client using a certificate. Following successful
authentication, the client and RADIUS server generate key material that is
used for data encryption. WEP is used as a weak encryption method.
● High (WPA2-PSK)
WPA2-PSK is based on the WPA2 standard, WPA authentication, however,
operates without a RADIUS server. Instead of this,
a key (pass phrase) is
stored on every client and access point and this is used for authentication and
further encryption. AES or TKIP is used as the encryption method, AES
represents the standard method.
● Highest (WPA2)
WPA2 (Wi-Fi Protected Access 2) is a further development of WPA and
implements the functions of the IEEE 802.11i security standard. WPA2 uses
the additional encryption protocol CCMP that allows fast roaming in mobile ad
hoc networks with its preauthentication. A client can log on in advance and
several access points so that the normal authentication can be omitted.
A RADIUS server is used to authenticate the client with an access point. The
client logs on at a RADIUS server based on a certificate (EAP-TLS) or a
combination of user name and password (EAP-PEAP or EAP-TTLS / internal
authentication method MSCHAPv2). As an option, the RADIUS server then
identifies itself to the client using a certificate. Following successful
authentication, the client and RADIUS server generate key material that is
used for data encryption. AES or TKIP is used as the encryption method, AES
represents the standard method.
● High (WPA-Auto-PSK)
Setting with which an access point can process both the WPA-PSK as well as
WPA2-PSK type of authentication. This is necessary when the access point
communicates with different clients, some using WPA-PSK and others WPA2-PSK. The same encryption method must be set on the clients.
● Highest (WPA-Auto)
Setting with which an access point can process both the WPA and WPA2 type
of authentication. This is necessary when the access point communicates with
different clients, some using WPA and others WPA2. The same encryption
method must be set on the clients.
Configuration Using the Wizards of Web Based Management
Encryption protects the transferred data from eavesdropping and corruption
can only disable encryption in the Encryption check box if you have selected Open System for authentication in the Basic WLAN menu. All other security methods
include both authentication and encryption. Various schemes are used for
encryption:
● WEP (Wired Equivalent Privacy)
A weak, symmetrical stre
keys based on the RC4 a
● TKIP (Temporal Key Integrity Protocol)
A symmetrical stream encryption method with the RC4 algorithm (Ron’s Code
4). In contrast to the weak WEP encryption, TKIP uses changing keys derived
from a main key. TKIP can also r
●
AES (Advanced Encryption Standard)
Strong symmetrical block encryption method based on the Rijndael algorithm
that further improves the functions of TKIP.
Encryption key source
The encryption key source indicates whether the key is configured locally and fixed
(local) or whether it is negotiated by a higher protocol and an authentication server
(server).
. You
am encryption method with only 40- or 104-bit long
lgorithm (Ron’s Code 4).
ecognize corrupted packets.
Security Level for WLAN list box
Select a security level that is supported by all clients. The content of the next page
depends on the selected security level. If you select the security level None, there
is no following page since neither encryption nor authentication will be used.
Configuration Using the Wizards of Web Based Management
for the Security Level Low 5.5.6 Settings
Default Key list box
Select the WEP key or AES key you want to define.
Key text box
Enter the character string for the key here. The key can be entered as ASCII
characters or alternatively as hexadecimal digits (0 – F). If the key was entered in
ASCII format, this is later displayed in quotes.
Length list box
Select the key length you want to use here. If the length of the string in the Key text
box is longer or shorter than the selected key length, an error message is
Configuration Using the Wizards of Web Based Management
With the Auto setting
.5.7 Settings for the Security Level Medium in Access Point Mode
5
, the maximum key length is also 128 bits.
Authorization Lifetime text box
Enter the period of validity of the a
minute (enter 60), the maximum tim
hour (3,600 seconds).
RADIUS Se
rver Table
You can enter the data for two RADIUS servers; the information in the Backup
column is used if the server defined in the Primary column is not available.
In addition to the IP address and the port, you must also specify a password
(maximum 128 characters) and confirm it in a second box. In the Maximum Retransmissions text box, you enter the maximum number of transmission
attempts. The maximum possible value is 5, the default is 2.
Configuration Using the Wizards of Web Based Management
Medium in Client Mode 5.5.8 Settings for Security Level
Dot1x user name text box
enter the user name with which you want to register over the RADIUS server.
Here,
Dot1x user password text box
Here, enter the password for the above user name. The client logs on with the
RADIUS server using this combination when a logon with a certificate was not
possible.
Configuration Using the Wizards of Web Based Management
el High 5.5.9 Settings for the Security Lev
Pass phrase text box
Here, you enter a WPA2 key. The key can be 8 to 63 ASCII characters or exactly
64 hexadecimal characters long. This initialization key must be known on both the
client and the SCALANCE W78x and is entered by the user at both ends.
Pass phrase confirmation text box
Here, you confirm the entered WPA2 key.
Note
The key can be 8 to 63 ASCII characters
longplex for example consisting of random
. It should be selected so that is com
numbers, letters (upper
Do not use known names, words or terms that could be guessed. If a device is los
or if
the key becomes known, the key should be changed on all devices to maintain
sec
urity.
-/lowercase), have few repetitions and special characters).
The last page of the wizard indicates other security measures that you can take. If
you still want to make final modifications, you can open the relevant pages by
clicking on the texts highlighted in blue:
● IP Filter
opens the Security > Access page.
● Access Control List for WLAN 1 (WLAN 2)
opens the Security > ACL page for wireless adapter 1 or 2.
This link is available only in access point mode.
● To apply changes perform restart
opens the System > Restart page.
Configuration Using the Wizards of Web Based Management
Finish button
Click the Finish button to exit the Wizard. Your settings only take effect after you
have restarted (System > Restart menu).
Select this check box to restrict the number of channels on which the client
searches for an access point. This results in a reduction of handover times.
Restricting the channels on which a client searches f
factor in the reduction of handover times. To use this function, activate the
Background scan
operating in iPCF m
box.
ch. select list box and enter the channels on which access points
ode can actually be reached in the Background scan channels
Background scan channels text box
t
or an access point is a major
Here, enter the channels on which access points operating in iPCF mode can be
reached by the client. If you enter more than one channel, each channel must be
separated by a blank.
Transmit power list box
When using antennas, it may be necessary to reduce the transmit power to avoid
exceeding the legal maximum transmit power or to restrict the visibility of the radio
link. If necessary, select the required reduction in transmit power here.
A reduction of transmit power may also necessary to avoid interfering with other
cells because a reduced transmit power means a reduction in the span of the cell.
Antenna Mode list box
This list box specifies the use of the antennas.
If Diversity is set, the SCALANCE W78x uses the only antenna that allows the best
possible data transmission. For each WLAN interface, both antennas must be
connected. Both antennas should also be of the same type and they should also
illuminate approximately the same space. If an access point is operated with the
diversity setting and the two antennas span different cells, this can have negative
effects.
Otherwise, you must select the connected antenna. For the IWLAN-PB LINK,
select Antenna A (see 6.3.3 section Antennas).
Configuration Using the Wizards of Web Based Management
5.6.2 Security Settings for WLAN
Security Settings with iPCF
On this page, you specify the security level for the client. iPCF is a proprietary
standard
current security mechanisms 802.1x and WPA, keys are negotiated using relatively
time-consuming mechanisms, and they are therefore not available with iPCF.
optimized for fast roaming and deterministic data transfer. With the
Select the security level you require for your wireless network in this box. The
following are possible:
●None (no encryption)
An open system without encryption.
●Med (encryption)
Static keys are used. This is the recommended setting and you should use a
128-bit AES key.
96
Configuration Using the Wizards of Web Based Management
5.6.3 Public Security Key for WLAN
Specifying
the Key
If you have selected the security level Med, you must specify the key on this p
age.
Default Key list box
Select the WEP key or AES k
Key text box
Enter the character string for the key here. The key can be en
characters or alternatively as hexadecimal digits (0 – F). If the key was entered in
ASCII format, this is lat
Length list box
Select the key length you want to use here. If the length of the string in the Key text
box is longer than the selected key length, an error message is displayed. The
following key lengths are possible:
● 40 bits (5 ASCII characters or 10 hexadecimal numbers)
Click the Finish button to exit the iPCF Wizard. Your settings only take effect after
you have restarted (System > Restart menu).
98
Con
Management and the Command Line
figuration Using Web Based
6
Interface
6.1 General Information on Web Based Management and the
Co
mmand Line Interface
6.1.1 In
ontents o Chapter
Cf This
troduction
This chapter explains the possible settings for th
Web Based Management provides you with configuration options way beyond
those described in the previous chapter. You will also find a detailed description of
the individual elements of a page in the online help.
e SCALANCE W78x.
As an alternative, you can also configure the device using the Command Line
Interface (CLI). This allows remote configuration over Telnet.
This chapter describes both configuration methods together because the menu
structure of Web Based Management is the same as the structure of the CLI
commands.
Note on Login User
Note
You should only use the command line interface if you are an experienced user.
Even commands that bring about fundamental changes to the configuration are
normally executed without a prompt for confirmation.
If you log on as user, you will only have restricted use of WEB and Telnet. Since
you only have read access, some commands do not exist in Telnet and some
areas cannot be selected.