Siemens SCALANCE XF-200BA Operating Instructions Manual

SIMATIC NET

Industrial Ethernet switches SCALANCE XF-200BA

Operating Instructions

09/2018

C79000-G8976-C470-03

Introduction

Safety notices

Recommendations on network security

Description of the device

Installation

Connecting up

Upkeep and maintenance

Technical specifications

Dimension drawings

Approvals

Legal information Warning notice system

This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.

DANGER

indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING

indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION

indicates that minor personal injury can result if proper precautions are not taken.

NOTICE indicates that property damage can result if proper precautions are not taken.

If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.

Qualified Personnel

The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.

Proper use of Siemens products

Note the following:

WARNING

Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed.

Trademarks

All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of Liability

We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.

Siemens AG Division Process Industries and Drives Postfach 48 48 90026 NÜRNBERG GERMANY

C79000-G8976-C470-03 Ⓟ 11/2018 Subject to change

Introduction

Purpose of the Operating Instructions

These operating instructions support you when installing and connecting up devices of the SCALANCE XF-200BA product group.

The configuration and the integration of the devices in a network are not described in these operating instructions.

Validity of the Operating Instructions

These operating instructions apply to the following devices:

● SCALANCE XF204-2BA

● SCALANCE XF204-2BA DNA

Unless mentioned otherwise, the descriptions in these operating instructions refer to all devices of the SCALANCE XF-200BA product group named in the section on validity.

Designations used

Classification Description Terms used Product line The product line includes all devices and variants of all product groups.

If information applies to all product groups within the product line, the term SCALANCE X-200 is used.

SCALANCE X-200

Product group If information applies to all devices and variants of a product group, the

term SCALANCE XF-200BA is used.

SCALANCE XF-200BA

Device If information relates to a specific device, the device name is used. e.g. SCALANCE XF204-2BA

Additional documentation

In addition, note the Operating Instructions of the SIMATIC BusAdapter.

You will find the supplementary documentation here:

● On the data medium that is supplied with some products:

– Product CD/product DVD

– SIMATIC NET Manual Collection

● On the Internet pages of Siemens Industry Online Support:

– SCALANCE BusAdapter (https://support.industry.siemens.com/cs/ww/en/ps/25085/

man)

– SIMATIC BusAdapter (https://support.industry.siemens.com/cs/ww/en/ps/14072/man)

SCALANCE XF-200BA Operating Instructions, 09/2018, C79000-G8976-C470-03 3

Documentation on configuration

You will find detailed information on configuring the devices in the following configuration manuals:

● SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

● SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Command Line Interface

You will find the configuration manuals here:

● on the data medium that ships with some products:

– Product CD / product DVD

– SIMATIC NET Manual Collection

● On the Internet pages of Siemens Industry Online Support (

https://

support.industry.siemens.com/cs/ww/en/ps/15291/man).

Further documentation

System manuals for SIMATIC NET products In the system manuals "Industrial Ethernet / PROFINET Industrial Ethernet" and "Industrial

Ethernet / PROFINET passive network components", you will find information on other SIMATIC NET products that you can operate along with the devices of this product line in an Industrial Ethernet network.

There, you will find among other things optical performance data of the communications partners that you require for the installation.

You will find the system manuals here:

● On the data medium that ships with some products:

– Product CD / product DVD

– SIMATIC NET Manual Collection

● On the Internet pages of Siemens Industry Online Support under the following entry IDs:

– Industrial Ethernet / PROFINET Industrial Ethernet System Manual (https://

support.industry.siemens.com/cs/ww/en/view/27069465)

– Industrial Ethernet / PROFINET Passive Network Components System Manual (https://

support.industry.siemens.com/cs/ww/en/view/84922825)

Manual Collection "Distributed I/O System ET 200SP" In the reference manual for the scalable IO system ET 200SP you will find more information

on the bus adapters.

You will find the reference manual on the Internet pages of Siemens Industry Online Support:

● SIMATIC ET 200SP Manual Collection (https://support.industry.siemens.com/cs/ww/en/

view/84133942)

Introduction

SCALANCE XF-200BA

4 Operating Instructions, 09/2018, C79000-G8976-C470-03

SIMATIC NET manuals

You will find the SIMATIC NET manuals here:

● On the data medium that ships with some products:

– Product CD / product DVD

– SIMATIC NET Manual Collection

● On the Internet pages of Siemens Industry Online Support (

https://

support.industry.siemens.com/cs/ww/en/ps/15247).

SIMATIC NET glossary

Explanations of many of the specialist terms used in this documentation can be found in the SIMATIC NET glossary.

You will find the SIMATIC NET glossary here:

● SIMATIC NET Manual Collection or product DVD

The DVD ships with certain SIMATIC NET products.

● On the Internet under the following address:

50305045 (https://support.industry.siemens.com/cs/ww/en/view/50305045)

Security information

Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks.

In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions constitute one element of such a concept.

Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks. Such systems, machines and components should only be connected to an enterprise network or the internet if and to the extent such a connection is necessary and only when appropriate security measures (e.g. firewalls and/or network segmentation) are in place.

For additional information on industrial security measures that may be implemented, please visit http://www.siemens.com/industrialsecurity (https://www.siemens.com/industrialsecurity)

Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customers’ exposure to cyber threats.

To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under http://www.siemens.com/industrialsecurity (https://www.siemens.com/industrialsecurity)

Introduction

SCALANCE XF-200BA Operating Instructions, 09/2018, C79000-G8976-C470-03 5

Catalogs

You will find the article numbers for the Siemens products of relevance here in the following catalogs:

● SIMATIC NET Industrial Communication / Industrial Identification, catalog IK PI

● SIMATIC Products for Totally Integrated Automation and Micro Automation, catalog ST 70

● Industry Mall - catalog and ordering system for automation and drive technology, Online catalog (

https://mall.industry.siemens.com/goos/WelcomePage.aspx?regionUrl=/

de&language=en)

You can request the catalogs and additional information from your Siemens representative.

Device defective

If a fault develops, please send the device to your SIEMENS service center for repair. Repairs on-site are not possible.

Recycling and disposal

The products are low in pollutants, can be recycled and meet the requirements of the WEEE directive 2012/19/EU for the disposal of electrical and electronic equipment.

Do not dispose of the products at public disposal sites.

For environmentally friendly recycling and the disposal of your old device contact a certified disposal company for electronic scrap or your Siemens contact (Product return (https://

support.industry.siemens.com/cs/ww/en/view/109479891)).

Note the different national regulations.

Trademarks

The following and possibly other names not identified by the registered trademark sign ® are registered trademarks of Siemens AG:

SIMATIC NET, SCALANCE, C-PLUG, OLM

Introduction

SCALANCE XF-200BA

6 Operating Instructions, 09/2018, C79000-G8976-C470-03

Table of contents

Introduction...................................................................................................................................................3

1 Safety notices...............................................................................................................................................9

2 Recommendations on network security......................................................................................................11

3 Description of the device............................................................................................................................17

3.1 Properties and functions........................................................................................................17

3.2 Product overview....................................................................................................................19

3.2.1 Spare parts.............................................................................................................................23

3.3 Device views..........................................................................................................................23

3.4 SET button.............................................................................................................................24

3.5 LED display............................................................................................................................25

3.5.1 LED "L"...................................................................................................................................25

3.5.2 "F" LED..................................................................................................................................25

3.5.3 "RM" LED...............................................................................................................................26

3.6 C-PLUG..................................................................................................................................26

3.6.1 Function of the C-PLUG.........................................................................................................26

3.6.2 Replacing the C-PLUG...........................................................................................................28

4 Installation..................................................................................................................................................31

4.1 Safety notices for installation.................................................................................................31

4.2 Mounting on DIN rails.............................................................................................................34

4.3 Mounting bus adapters...........................................................................................................35

4.4 Mounting tensile strain relief..................................................................................................37

5 Connecting up............................................................................................................................................39

5.1 Safety when connecting up....................................................................................................39

5.2 Industrial Ethernet..................................................................................................................40

5.2.1 Electrical.................................................................................................................................41

5.2.2 Optical....................................................................................................................................42

5.3 Wiring rules............................................................................................................................43

5.4 Power supply..........................................................................................................................43

5.5 Signaling contact....................................................................................................................45

5.6 Grounding..............................................................................................................................46

6 Upkeep and maintenance...........................................................................................................................47

6.1 Downloading new firmware using TFTP without WBM and CLI.............................................47

6.2 Restoring the factory settings.................................................................................................48

SCALANCE XF-200BA Operating Instructions, 09/2018, C79000-G8976-C470-03 7

7 Technical specifications..............................................................................................................................49

7.1 SCALANCE XF-200BA technical specifications....................................................................49

7.2 Cable lengths.........................................................................................................................51

7.3 Switching properties...............................................................................................................51

7.4 Mechanical stability (in operation)..........................................................................................52

8 Dimension drawings...................................................................................................................................53

A Approvals....................................................................................................................................................55

Index...........................................................................................................................................................63

Table of contents

SCALANCE XF-200BA

8 Operating Instructions, 09/2018, C79000-G8976-C470-03

Safety notices

Read the safety notices

Note the following safety notices. These relate to the entire working life of the device.

You should also read the safety notices relating to handling in the individual sections, particularly in the sections "Installation" and "Connecting up".

CAUTION

To prevent injury, read the manual before use.

Safety notices on use in hazardous areas

General safety notices relating to protection against explosion

WARNING

EXPLOSION HAZARD

Do not open the device when the supply voltage is turned on.

Safety notices when using the device according to Hazardous Locations (HazLoc) If you use the device under HazLoc conditions you must also keep to the following safety

notices in addition to the general safety notices for protection against explosion:

This equipment is suitable for use in Class I, Division 2, Groups A, B, C and D or non-hazardous locations only.

This equipment is suitable for use in Class I, Zone 2, Group IIC or non-hazardous locations only.

SCALANCE XF-200BA Operating Instructions, 09/2018, C79000-G8976-C470-03 9

Safety notices

SCALANCE XF-200BA

10 Operating Instructions, 09/2018, C79000-G8976-C470-03

Recommendations on network security

NOTICE

Information security

Connect to the device and change the standard password for the user set in the factory "admin" and "" before you operate the device.

To prevent unauthorized access, note the following security recommendations.

General

● You should make regular checks to make sure that the device meets these

recommendations and/or other security guidelines.

● Evaluate your plant as a whole in terms of security. Use a cell protection concept with

suitable products (https://www.industry.siemens.com/topics/global/en/industrial-security/

pages/default.aspx).

● When the internal and external network are disconnected, an attacker cannot access

internal data from the outside. Therefore operate the device only within a protected network area.

● For communication via non-secure networks use additional devices with VPN functionality

to encrypt and authenticate the communication.

● Terminate management connections correctly (WBM. Telnet, SSH etc.).

Physical access

● Restrict physical access to the device to qualified personnel because the plug-in data

medium can contain sensitive data.

● Lock unused physical interfaces on the device. Unused interfaces can be used to gain

access to the plant without permission.

Software (security functions)

● Keep the firmware up to date. Check regularly for security updates for the device. You can

find information on this at the Industrial Security (https://www.siemens.com/

industrialsecurity) website.

● Inform yourself regularly about security recommendations published by Siemens

ProductCERT (https://www.siemens.com/cert/en/cert-security-advisories.htm).

● Only activate protocols that you require to use the device.

● Restrict access to the management of the device with rules in an access control list (ACL).

SCALANCE XF-200BA Operating Instructions, 09/2018, C79000-G8976-C470-03 11

● The option of VLAN structuring provides protection against DoS attacks and unauthorized access. Check whether this is practical or useful in your environment.

● Use a central logging server to log changes and accesses. Operate your logging server within the protected network area and check the logging information regularly.

Passwords

● Define rules for the assignment of passwords.

● Regularly change your passwords to increase security.

● Use passwords with a high password strength.

● Make sure that all passwords are protected and inaccessible to unauthorized persons.

● Do not use the same password for different users and systems.

Certificates and keys

● On the device there is a preset SSL certificate with key. Replace this certificate with a selfmade certificate with key. We recommend that you use a certificate signed either by a reliable external or by an internal certification authority.

● Use a certification authority including key revocation and management to sign certificates.

● Make sure that user-defined private keys are protected and inaccessible to unauthorized persons.

● It is recommended that you use password-protected certificates in the PKCS #12 format

● Verify certificates and fingerprints on the server and client to prevent "man in the middle" attacks.

● It is recommended that you use certificates with a key length of at least 2048 bits.

● Change certificates and keys immediately, if there is a suspicion of compromise.

Recommendations on network security

SCALANCE XF-200BA

12 Operating Instructions, 09/2018, C79000-G8976-C470-03

Secure/non-secure protocols and services

● Avoid or disable non-secure protocols and services, for example HTTP, Telnet and TFTP.

For historical reasons, these protocols are available, however not intended for secure applications. Use non-secure protocols on the device with caution.

● Check whether use of the following protocols and services is necessary:

– Non authenticated and unencrypted ports

– MRP, HRP

– IGMP snooping

– LLDP

– Syslog

– RADIUS

– DHCP Options 66/67

– TFTP

– GMRP and GVRP

● The following protocols provide secure alternatives:

– HTTP → HTTPS

– Telnet → SSH

– SNMPv1/v2c → SNMPv3

Check whether use of SNMPv1/v2c. is necessary. SNMPv1/v2c is classified as nonsecure. Use the option of preventing write access. The device provides you with suitable setting options. If SNMP is enabled, change the community names. If no unrestricted access is necessary, restrict access with SNMP. Use the authentication and encryption mechanisms of SNMPv3.

● Use secure protocols when access to the device is not prevented by physical protection

measures.

● If you require non-secure protocols and services, operate the device only within a protected

network area.

● Restrict the services and protocols available to the outside to a minimum.

● For the DCP function, enable the "Read Only" mode after commissioning.

● If you use RADIUS for management access to the device, activate secure protocols and

services.

Interfaces security

● Disable unused interfaces.

● Use IEEE 802.1X for interface authentication.

● Use the function "Locked Ports" to block interfaces for unknown nodes.

Recommendations on network security

SCALANCE XF-200BA Operating Instructions, 09/2018, C79000-G8976-C470-03 13

● Use the configuration options of the interfaces, e.g. the "Edge Type".

● Configure the receive ports so that they discard all untagged frames ("Tagged Frames Only").

Available protocols

The following list provides you with an overview of the open protocol ports.

The table includes the following columns:

● Protocol

● Port

● Default port status

– Open

The factory setting of the port is "Open".

– Closed

The factory setting of the port is "Closed".

● Configurable port

– ✓

The port status can be changed.

– --

The port status cannot be changed.

● Authentication Specifies whether the communication partner is authenticated.

● Encryption Specifies whether or not the transfer is encrypted.

List of available protocols (local access via a local network)

The following is a list of all available protocols and their ports through which the device can be accessed.

Protocol Protocol/

Port number

Default port sta‐ tus

Configurable port

Authentication Encryption

TELNET TCP/23 Open Yes No SSH TCP/22 Open -- Yes Yes HTTP TCP/80 Open -- Yes No HTTPS TCP/443 Open ✓ Yes Yes SNMP UDP/161 Open ✓ Yes Yes (when con‐

figured)

PROFINET UDP/34964

UDP/49154 - 49157

Open No No

Recommendations on network security

SCALANCE XF-200BA

14 Operating Instructions, 09/2018, C79000-G8976-C470-03

Protocol Protocol/

Port number

Default port sta‐ tus

Configurable port

Authentication Encryption

EtherNet/IP TCP/44818

UDP/2222 UDP/44818

Closed (Open with EtherNetIP var‐ iants)

✓ No No

DHCP UDP/67

UDP/68

Closed ✓ No No

Port number can be configured via the WBM.

Recommendations on network security

SCALANCE XF-200BA Operating Instructions, 09/2018, C79000-G8976-C470-03 15

Recommendations on network security

SCALANCE XF-200BA

16 Operating Instructions, 09/2018, C79000-G8976-C470-03

Description of the device

3.1 Properties and functions

Y functionality

With the IE switch SCALANCE XF204-2BA DNA you can connect a redundant PROFINET ring consisting of S2 devices (field area) to a fault-tolerant PROFINET system (R1 system). DNA stands for Dual Network Access or also Y switch functionality. Devices with Y functionality do not support VLANs.

The SCALANCE XF204-2BA DNA is connected via both ring ports to a PROFINET ring. Via the two Y ports it is connected to a fault-tolerant PROFINET system. With this link the S2 devices are connected to an H system. Due to this, communication failures of the field devices to the CPU are further reduced and the availability of the entire network significantly increased.

Via the SCALANCE XF204-2BA the Y switch is connected to the H-CPU. The SCALANCE XF204-2BA does not have Y functionality, it supports VLANs.

SCALANCE XF-200BA Operating Instructions, 09/2018, C79000-G8976-C470-03 17

PN/PN coupler

PROFINET / Industrial Ethernet (redundant automation system)

SIMATIC S7-410-5H

SCALANCE XF204-2BA

SIMATIC ET 200M

SIMATIC ET 200SP

SCALANCE XF204-2BA

SCALANCE XF204-2BA DNA (Y-Switch)

SCALANCE XC-200

SCALANCE XP-200

PROFINET/ Industrial Ethernet

PROFIBUS PA

SIMOTICS M

SIMOCODE pro V

SINAMICS S120

SIMATIC CFU

SIMATIC ET 200SP HA

HART (4...20 mA)

Figure 3-1 Linking S2 devices into a fault-tolerant H system with SCALANCE XF-200BA

Protection of the Y functionality

Between the two Y ports of the SCALANCE XF204-2BA DNA there is no device-internal communication.

if you change the ring ports in the configuration, the two remaining ports automatically become Y ports. This means that Y functionality is always present.

You cannot configure functions required for the Y functionality. Essentially this applies to the configuration of VLANs. You can configure all other functions.

Description of the device

3.1 Properties and functions

SCALANCE XF-200BA

18 Operating Instructions, 09/2018, C79000-G8976-C470-03

3.2 Product overview

Article numbers

Basic devices The following table shows the available basic devices that are delivered without BusAdapters:

Device Description Article number SCALANCE XF204-2BA Up to 4 x 10/100 Mbps ports via 2 bus adapter slots, PRO‐

FINET device, extended temperature range, coated printed circuit boards (conformal coating)

6GK5 204-2AA00-2GF2

SCALANCE XF204-2BA DNA Up to 4 x 10/100 Mbps ports via 2 bus adapter slots, PRO‐

FINET device, extended temperature range, coated printed circuit boards (conformal coating), preconfigured and protec‐ ted Y functionality (Dual Network Access): 2 ports are ring ports, 2 ports are Y ports

6GK5 204-2AA00-2YF2

Premounted variants The following table shows premounted variants. In this delivery form, a basic device is

equipped with two BusAdapters:

Variant Article number of the variant Component Article number of component SCALANCE XF204 6GK5 204-0BA00-2GF2 1 basic device SCALANCE

XF204-2BA

6GK5 204-2AA00-2GF2

2 BusAdapter BA 2xRJ45 HA 6DL1 193-6AR00-0AA0

SCALANCE XF204 DNA 6GK5 204-0BA00-2YF2 1 basic device SCALANCE

XF204-2BA DNA

6GK5 204-2AA00-2YF2

2 BusAdapter BA 2xRJ45 HA 6DL1 193-6AR00-0AA0

Factory settings

● Industrial Ethernet protocol: PROFINET

● Base bridge mode: 802.1D transparent bridge

● Redundancy mechanism: Ring redundancy

Device Factory setting ring ports Factory setting Y ports SCALANCE XF204-2BA P1.1 and P2.1 SCALANCE XF204-2BA DNA P1.1 and P2.1 P1.2 and P2.2

● Trust mode: Trust CoS

● IGMP Snooping/IGMP Querier: Off

● IPv4 Address Collision Detection: Never give up

Description of the device

3.2 Product overview

SCALANCE XF-200BA Operating Instructions, 09/2018, C79000-G8976-C470-03 19

Type designation

The type designation of a SCALANCE XF-200BA is made up of several parts that have the following meaning:

Standard version

Number of usable ports

Number of bus adapters

XF2 BA-

DNA

[ ]

Dual Network Access

Unpacking and checking

WARNING

Do not use any parts that show evidence of damage

If you use damaged parts, there is no guarantee that the device will function according to the specification.

If you use damaged parts, this can lead to the following problems:

● Injury to persons

● Loss of the approvals

● Violation of the EMC regulations

● Damage to the device and other components

Use only undamaged parts.

1. Make sure that the package is complete.

2. Check all the parts for transport damage.

Components of the product

The following components are supplied with a SCALANCE XF-200BA:

● One device

● 2 covers for the bus adapter slots

● One 2-pin plug-in terminal block (signaling contact)

● Two 2-pin plug-in terminal blocks (power supply)

● One product DVD with documentation and software

● In addition with premounted variants:

– 2 BusAdapter BA 2xRJ45 HA

Description of the device

3.2 Product overview

SCALANCE XF-200BA

20 Operating Instructions, 09/2018, C79000-G8976-C470-03

+ 44 hidden pages

Siemens SCALANCE XF-200BA Operating Instructions Manual

Specifications and Main Features

Frequently Asked Questions

User Manual