Siemens Simatic Net Scalance M812, Simatic Net Scalance M816, Simatic Net Scalance M800 Series Operating Instructions Manual

___________________

___________________

___________________

___________________

___________________

___________________

___________________

___________________

SIMATIC NET

Industrial Remote Communication
Remote Networks
SCALANCE M812, M816

Operating Instructions

08/2016

C79000

Preface

Security recommendations

1

Description of the device

2

Installation

3

Connecting up

4

Dimension drawings

5

Technical specifications

6

Approvals

A

-G8976-C343-04

Siemens AG
Division Process Industries and Drives
Postfach 48 48
90026 NÜRNBERG
GERMANY

Document order number: C79000-G8976-C343

Ⓟ

Copyright © Siemens AG 2014 - 2016.
All rights reserved

Legal information

Warning notice system

DANGER

indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING

indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION

indicates that minor personal injury can result if proper precautions are not taken.

NOTICE

indicates that property damage can result if proper precautions are not taken.

Qualified Personnel

personnel qualified

Proper use of Siemens products

WARNING

Siemens products may only be used for the applications described in the catalog and in the relevant technical

maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.

Trademarks

Disclaimer of Liability

This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.

If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.

The product/system described in this documentation may be operated only by
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.

Note the following:

documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and

All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.

for the specific

10/2016 Subject to change

Preface

Purpose of the Operating Instructions

Validity of the manual

Naming of the devices

Classification

Description

Terms used

term M81x is used.

M816

Further documentation

These compact operating instructions contain information with which you will be able to
install and connect up a device of the SCALANCE M -800 product line. The configuration
and the integration of the device in a network are not described in these instructions.

These operating instructions apply to the following devices:

● SCALANCE M812-1

● SCALANCE M816-1

Product line For all devices and variants in the product line, the term M-

Device family For all devices and variants in the device family line, the

Device If information relates to a specific device, the device name

● System manual "Industrial Ethernet"

The system manual contains information on other SIMATIC NET products that you can
operate along with the devices of this product line in an Industrial Ethernet network.

There, you will find among other things optical performance data of the communications
partner that you require for the installation.

The "SIMATIC NET Industrial Ethernet" system manual can be found on the Internet
pages of Siemens Industry Online Support under the following entry ID:27069465
(http://support.automation.siemens.com/WW/view/wn/27069465)

● "Passive network components" system manual

This system manual contains installation instructions for several of the most common
components and guidelines for setting up networked automation plants in buildings.

The "Passive Network Components" system manual can be found on the Internet pages
of Siemens Industry Online Support under the following entry ID:84922825
(http://support.automation.siemens.com/WW/view/en/84922825)

M-800

800 is used.

M81x

M812

is used.

SCALANCE M812, M816
Operating Instructions, 08/2016, C79000-G8976-C343-04

3

Preface

SIMATIC NET manuals

You will find SIMATIC NET manuals on the Internet pages of Siemens Industry Online
Support:

● using the search function:

Link to Siemens Industry Online Support (http://support.automation.siemens.com/)

Enter the entry ID of the relevant manual as the search item.

● In the navigation panel on the left hand side in the area "Industrial Communication":

Link to the area "Industrial Communication"
(http://support.automation.siemens.com/WW/view/en/10805878/133400)

Go to the required product group and make the following settings:
tab "Entry list", Entry type "Manuals"

You will find the documentation for the SIMATIC NET products relevant here on the data
medium that ships with some products:

● Product CD / product DVD

● SIMATIC NET Manual Collection

You will find the article numbers for the Siemens products of relevance here in the following
catalogs:

● SIMATIC NET Industrial Communication / Industrial Identification, catalog IK PI

● SIMATIC Products for Totally Integrated Automation and Micro Automation, catalog

ST 70

● Industry Mall - catalog and ordering system for automation and drive technology, Online
catalog (http://eb.automation.siemens.com/)

You can request the catalogs and additional information from your Siemens representative.

SCALANCE M812, M816

4 Operating Instructions, 08/2016, C79000-G8976-C343-04

Preface

Security information

Trademarks

License conditions

Note
Open source software

Read the license conditions for open source software carefully before using the product.

SIMATIC NET glossary

Siemens provides products and solutions with industrial security functions that support the
secure operation of plants, systems, machines and networks.

In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial
security concept. Siemens’ products and solutions only form one element of such a concept.

Customer is responsible to prevent unauthorized access to its plants, systems, machines
and networks. Systems, machines and components should only be connected to the
enterprise network or the internet if and to the extent necessary and with appropriate security
measures (e.g. use of firewalls and network segmentation) in place.

Additionally, Siemens’ guidance on appropriate security measures should be taken into
account. For more information about industrial security, please visit
Link: (http://www.siemens.com/industrialsecurity)

Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends to apply product updates as soon as available and to
always use the latest product versions. Use of product versions that are no longer supported,
and failure to apply latest updates may increase customer’s exposure to cyber threats.

To stay informed about product updates, subscribe to the Siemens Industrial Security RSS
Feed under
Link: (http://www.siemens.com/industrialsecurity).

The following and possibly other names not identified by the registered trademark sign ® are
registered trademarks of Siemens AG:

SCALANCE, SINEMA, KEY-PLUG, C-PLUG

You will find license conditions in the following documents on the supplied data medium:

● OSS_ScalanceM-800_S615_86.htm

Explanations of many of the specialist terms used in this documentation can be found in the
SIMATIC NET glossary.

You will find the SIMATIC NET glossary on the Internet at the following address:

50305045 (http://support.automation.siemens.com/WW/view/en/50305045)

SCALANCE M812, M816
Operating Instructions, 08/2016, C79000-G8976-C343-04

5

Preface

SCALANCE M812, M816

6 Operating Instructions, 08/2016, C79000-G8976-C343-04

Table of contents

Preface ................................................................................................................................................... 3

1 Security recommendations ...................................................................................................................... 9

2 Description of the device ....................................................................................................................... 15

3 Installation ............................................................................................................................................ 29

4 Connecting up ....................................................................................................................................... 39

5 Dimension drawings .............................................................................................................................. 51

6 Technical specifications ........................................................................................................................ 55

A Approvals .............................................................................................................................................. 59

2.1 Product characteristics............................................................................................................ 15

2.2 Accessories ............................................................................................................................. 17

2.3 LED display ............................................................................................................................. 18

2.3.1 SCALANCE M812-1 ............................................................................................................... 18

2.3.2 SCALANCE M816-1 ............................................................................................................... 21

2.4 Terminals ................................................................................................................................ 23

2.5 SET button .............................................................................................................................. 25

2.6 C-PLUG and KEY-PLUG ........................................................................................................ 27

3.1 Securing the housing .............................................................................................................. 30

3.2 Wall mounting ......................................................................................................................... 31

3.3 Installing on the DIN rail .......................................................................................................... 33

3.4 Installing on the S7-300 standard rail ..................................................................................... 34

3.5 Installing on the S7-1500 standard rail ................................................................................... 35

3.6 Mounting on a pedestal........................................................................................................... 36

4.1 Safety when connecting up ..................................................................................................... 40

4.2 Power supply .......................................................................................................................... 42

4.3 Grounding ............................................................................................................................... 44

4.4 Digital input/output .................................................................................................................. 45

4.5 DSL interface .......................................................................................................................... 47

4.6 Ethernet port ........................................................................................................................... 48

4.7 Replacing the PLUG ............................................................................................................... 49

5.1 SCALANCE M812-1 ............................................................................................................... 51

5.2 SCALANCE M816-1 ............................................................................................................... 53

6.1 SCALANCE M812 \ M816 ...................................................................................................... 55

SCALANCE M812, M816
Operating Instructions, 08/2016, C79000-G8976-C343-04

7

Table of contents

Index .................................................................................................................................................... 71

A.1 EU declaration of conformity .................................................................................................. 61

A.1.1 ATEX ...................................................................................................................................... 62

A.1.2 RoHS ...................................................................................................................................... 62

A.1.3 R&TTE / RED ......................................................................................................................... 62

A.2 RCM / C-TICK ........................................................................................................................ 63

A.3 ATEX ...................................................................................................................................... 64

A.4 IECEx ..................................................................................................................................... 65

A.5 FM certification ....................................................................................................................... 66

A.6 UL certification (product safety) ............................................................................................. 67

A.7 UL HAZ. LOC certification (explosion protection) .................................................................. 68

A.8 EAC ........................................................................................................................................ 69

SCALANCE M812, M816

8 Operating Instructions, 08/2016, C79000-G8976-C343-04

1

General

Physical access

To prevent unauthorized access, note the following security recommendations.

● You should make regular checks to make sure that the device meets these

recommendations and/or other security guidelines.

● Evaluate your plant as a whole in terms of security. Use a cell protection concept with

suitable products:

Link: (http://www.industry.siemens.com/topics/global/en/industrial-security/network-

security/Pages/Default.aspx)

● When the internal and external network are disconnected, an attacker cannot access

internal data from the outside. Therefore operate the device only within a protected
network area.

● Operate the device only within a protected network area.

● Use VPN to encrypt and authenticate communication from and to the devices.

● For data transmission via a non-secure network use an encrypted VPN tunnel (IPsec,

Open VPN).

● Separate connections correctly (WBM. Telnet, SSH etc.).

● Limit physical access to the device to qualified personnel.

The memory card or the PLUG (C-PLUG, KEY-PLUG) contains sensitive data such as
certificates, keys etc. that can be read out and modified.

● Lock unused physical ports on the device. Unused ports can be used to gain forbidden

access to the plant.

SCALANCE M812, M816
Operating Instructions, 08/2016, C79000-G8976-C343-04

9

Security recommendations

Software (security functions)

Passwords

Keys and certificates

● Keep the software up to date. Check regularly for security updates of the product.
You will find information on this on the Internet pages "Industrial Security
(http://www.siemens.com/industrialsecurity)".

● Inform yourself regularly about security advisories and bulletins published by Siemens
ProductCERT (http://www.siemens.com/cert/en/cert-security-advisories.htm).

● Only activate protocols that you really require to use the device.

● The option of VLAN structuring provides good protection against DoS attacks and

unauthorized access. Check whether this is practical or useful in your environment.

● Restrict access to the device by firewall, VPN (IPsec, OSINEMA RC) and NAT.

● Use a central logging server to log changes and accesses. Operate your logging server

within the protected network area and check the logging information regularly.

● Define rules for the use of devices and assignment of passwords.

● Regularly update passwords and keys to increase security.

● Change all default passwords for users before you operate the device.

● Only use passwords with a high password strength. Avoid weak passwords for example

● Make sure that all passwords are protected and inaccessible to unauthorized personnel.

● Do not use the same password for different users and systems or after it has expired.

This section deals with the security keys and certificates you require to set up SSL, VPN
(IPsec, OpenVPN) and SINEMA RC.

● The device contains a pre-installed SSL certificate with key. Replace this certificate with a

● Use the certification authority including key revocation and management to sign the

● Make sure that user-defined private keys are protected and inaccessible to unauthorized

● Verify certificates and fingerprints on the server and client to prevent "man in the middle"

password1, 123456789, abcdefgh.

self-made certificate with key. We recommend that you use a certificate signed by a
reliable external or internal certification authority.

certificates.

persons.

attacks.

● It is recommended that you use password-protected certificates in the PKCS #12 format

● It is recommended that you use certificates with a key length of at least 2048 bits.

● Change keys and certificates immediately, if there is a suspicion of compromise.

SCALANCE M812, M816

10 Operating Instructions, 08/2016, C79000-G8976-C343-04

Security recommendations

Secure/non-secure protocols

Available protocols per port

● Avoid or disable non-secure protocols, for example Telnet and TFTP. For historical

reasons, these protocols are still available, however not intended for secure applications.
Use non-secure protocols on the device with caution.

● Avoid or disable non-secure protocols. Check whether use of the following protocols is

necessary:

– Broadcast pings

– Non authenticated and unencrypted interfaces

– ICMP (redirect)

– LLDP

– Syslog

– DHCP Options 66/67

– TFTP

● The following protocols provide secure alternatives:

– SNMPv1/v2 → SNMPv3

Check whether use of SNMPv1 is necessary. SNMPv1 is classified as non-secure.
Use the option of preventing write access. The product provides you with suitable
setting options.

If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.

– HTTP → HTTPS

– Telnet → SSH

● Use secure protocols when access to the device is not prevented by physical protection

measures.

● To prevent unauthorized access to the device or network, take suitable protective

measures against non-secure protocols.

● If you require non-secure protocols and services, activate these at interfaces that are

located within a protected network area.

● Using a firewall, restrict the services and protocols available to the outside to a minimum.

● For the DCP function, enable the "DCP read-only" mode after commissioning.

The following list provides you with an overview of the open ports on this device. Keep this in
mind when configuring a firewall.

SCALANCE M812, M816
Operating Instructions, 08/2016, C79000-G8976-C343-04

11

Security recommendations

Protocol

Port number

Port status

Factory setting

Authentication

Protocol

Port number

Port status

Factory setting

Authentication
Internal

interface

External
interface

SSH

TCP/22

Open (when configured)

Open

Closed

Yes

HTTP

TCP/80

Open (when configured)

Open

Closed

Yes

HTTPS

SNTP

UDP/123

Open (only outgoing)

Closed

Closed

No

SNMP

DNS
TCP/53

Open (when configured)

Open

Closed

No

UDP/53

Open (when configured)

Open

Closed

No

Syslog

UDP/514

Open (only outgoing)

Closed

Closed

No

IPsec
UDP/4500

DHCP
UDP/68

NTP

UDP/123

Open (only outgoing)

Closed

Closed

Yes

Siemens Remote Service
(cRSP/SRS)

PROFINET

UDP/34964

Open (when configured)

Closed

Closed

No

The table includes the following columns:

●

All protocols that the device supports

●

Port number assigned to the protocol

●

– Open

The port is always open and cannot be closed.

– Open (when configured)

The port is open if it has been configured.

●

– Open

The factory setting of the port is "Open".

– Closed

The factory setting of the port is "Closed".

●

Specifies whether or not the protocol is authenticated during access.

With some protocols the port can be open but access is prevented by a predefined IP
package filter rule. You will find further information on the predefined IP package rules in
"Security > Firewall > Predefined IPv4"

TCP/443 Open Open Closed Yes

UDP/161 Open (when configured) Open Closed Yes

UDP/500

Open (when configured) Closed Open Yes

UDP/67

SCALANCE M812, M816

12 Operating Instructions, 08/2016, C79000-G8976-C343-04

Open (when configured) Open Closed No

TCP/443 Open (only outgoing) Closed Closed Yes

Security recommendations

Protocol

Port number

Port status

Factory setting

Authentication
Internal

interface

External
interface

OpenVPN to SINEMA RC

TCP, any

Open (only outgoing)

Closed

Closed

Yes

TFTP

UDP/69

Open (only outgoing)

Closed

Closed

No

DynDNS

Telnet

TCP/23

Open (when configured)

Open

Closed

Yes

Ping

ICMP

Open

Open

Closed

No

TCP/80 Open (only outgoing) Closed Closed No

SCALANCE M812, M816
Operating Instructions, 08/2016, C79000-G8976-C343-04

13

Security recommendations

SCALANCE M812, M816

14 Operating Instructions, 08/2016, C79000-G8976-C343-04

2

2.1

Product characteristics

Interfaces

Functionality

M812-1

M816-1

DSL interface

1x RJ45

1x RJ45

Ethernet interface

1x RJ-45 10 / 100 Mbps

4 x RJ-45 10 / 100 Mbps

PLUG slot

-

✓

Scope of delivery

Note
Not included with the product

The following components do not ship with the product:

•

You will find more detailed information in "C-PLUG and KEY-PLUG (Page 27)".

Article numbers

Type

Description

Article number

Analog phone connection (Annex A)

6GK5812-1AA00-2AA2

ISDN connection (Annex B)

6GK5812-1BA00-2AA2

Analog phone connection (Annex A)

6GK5816-1AA00-2AA2

ISDN connection (Annex B)

6GK5816-1BA00-2AA2

Digital input/output 1/1 1/1

The following components ship with the product:

● One device

● A 5-pin terminal block for the power supply

● A 2-pin terminal block for the digital output

● A 2-pin terminal block for the digital input

● Documentation CD

KEY-PLUG / C-PLUG

SCALANCE M812-1 ADSL2+ router

SCALANCE M816-1 ADSL2+ router

SCALANCE M812, M816
Operating Instructions, 08/2016, C79000-G8976-C343-04

15

Description of the device

Unpacking and checking

WARNING

Do not use any parts that show evidence of damage

2.1 Product characteristics

If you use damaged parts, there is no guarantee that the device will function according to
the specification.

If you use damaged parts, this can lead to the following problems:

• Injury to persons

• Loss of the approvals

• Violation of the EMC regulations

Use only undamaged parts.

1. Make sure that the package is complete.

2. Check all the parts for transport damage.

SCALANCE M812, M816

16 Operating Instructions, 08/2016, C79000-G8976-C343-04

Description of the device

2.2

Accessories

Type

Properties

Article number

configuration data

data.

X / M876-X / S615

2.2 Accessories

You will find further information on the accessories program for the M812 and M816 in the
Industry Mall
(https://eb.automation.siemens.com/goos/WelcomePage.aspx?regionUrl=/de&language=en)
.

C-PLUG Exchangeable storage medium (32 MB) for the

Exchangeable storage medium (256 MB) for
the configuration data

KEY-PLUG SINEMA RC Exchangeable storage medium (256 MB) to

enable the connection functionality to SINEMA
Remote Connect and for storing configuration

Desktop pedestal SCALANCE M-800 desktop pedestal for table

mounting for SCALANCE M812 / M816 / M874-

6GK1900-0AB00

6GK1900-0AB10

6GK5908-0PB00

6GK5898-8MD00

SCALANCE M812, M816
Operating Instructions, 08/2016, C79000-G8976-C343-04

17

Description of the device

2.3

LED display

2.3.1

SCALANCE M812-1

LED

Status

Meaning

2.3 LED display

F

SCALANCE M812, M816

18 Operating Instructions, 08/2016, C79000-G8976-C343-04

OFF

ON

Flashing

No fault/error.

The device is starting up or an error has occurred.

The bootloader waits in this state for a new firmware file that you can
download using TFTP.

Description of the device

LED

Status

Meaning

DSL interface is enabled and the DSL line training is running: The device

2.3 LED display

L

CR

DSL OFF

OFF

ON

OFF

Flashing

ON

ON

ON

Device turned off, no power supply.

Device turned on, power supply present.

Device is not dialed in.

DSL line training is completed, the DSL connection is established and
PPPoE passthrough is enabled.

The dial-in with the access data was successful and the device was
assigned an external IP address by the DSL provider.

The dial-in has failed.

DSL interface is off.

synchronizes itself with the DSLAM in the central office.

Flashing

ON

P1 OFF

DI OFF

OFF

ON

ON

ON

DSL line training has failed or the DSL cable connection is down.

DSL line training is completed and the DSL connection is established.

VPN not established

VPN established

Ethernet connection to local computer or LAN not established

Ethernet connection to local computer or LAN established

Device receiving / sending data

Digital input inactive

SCALANCE M812, M816
Operating Instructions, 08/2016, C79000-G8976-C343-04

19

Description of the device

LED

Status

Meaning

2.3 LED display

ON

DO OFF

ON

Digital input active.

Digital output inactive

Digital output active.

SCALANCE M812, M816

20 Operating Instructions, 08/2016, C79000-G8976-C343-04

Description of the device

2.3.2

SCALANCE M816-1

LED

Status

Meaning

2.3 LED display

F

L

SCALANCE M812, M816
Operating Instructions, 08/2016, C79000-G8976-C343-04

OFF

ON

Flashing The bootloader waits in this state for a new firmware file that you can

OFF

ON

No fault/error.

The device is starting up or an error has occurred.

download using TFTP.

Device turned off, no power supply.

Device turned on, power supply present.

21

Description of the device

LED

Status

Meaning

DSL interface is enabled and the DSL line training is running: The device

2.3 LED display

CR

DSL OFF

OFF

Flashing DSL line training is completed, the DSL connection is established and

On

ON

ON

Flashing

ON

OFF

ON

The device has not dialed in and / or the "Enable PPPoE Passthrough"
function is enabled.

PPPoE passthrough is enabled.

The dial-in with the access data was successful and the device was
assigned an external IP address by the DSL provider.

The dial-in has failed.

The DSL interface is off or the DSL line training has not yet begun.

synchronizes itself with the DSLAM in the central office.

DSL line training has failed or the DSL cable connection is down.

DSL line training is completed and the DSL connection is established.

VPN not established

VPN established

P1
P2
P3
P4

DI OFF

DO OFF

OFF

ON

ON

ON

ON

Ethernet connection to local computer or LAN not established

Ethernet connection to local computer or LAN established

Device receiving / sending data

Digital input inactive

Digital input active.

Digital output inactive

Digital output active.

SCALANCE M812, M816

22 Operating Instructions, 08/2016, C79000-G8976-C343-04