manualshive.com logo in svg

Siemens SCALANCE W786-xPRO, Operating Instructions Manual

The Siemens SCALANCE W786-xPRO brings reliable and high-speed connectivity to industrial networks. To unleash its full potential, make sure to download the Operating Instructions Manual for a seamless setup and configuration process. This comprehensive manual is available for free download at manualshive.com, empowering you to maximize the capabilities of this exceptional product.

Share
Download
background image

 

Configuration / project engineering 

 

5.6 Configuration with Web Based Management 

SCALANCE W786-xPRO 
Operating Instructions, Release 08/2007, C79000-G8976-C221-02 

129

 

uses this private key. For this function, the client must support private keys. 

 

 

 

 

Note 
The private key set in the ACL must also be available in the key list on the client. The 

client must also use this private key for communication in Security->Basic->WLAN (the 

key must be set),if an open system with encryption or shared key is used. 
The private key is used on this connection for the transferred unicast packets intended for 

the wireless client. 
All multicast and broadcast packets are transferred with the public key set on the access 

point. The wireless client entered in the ACL list must therefore also enter this public key 

at the same location in its key list as the access point. 

Example 

In its cell, an access point uses the shared key setting with a 128-bit public key (default key 

1) for encryption of the data traffic. 
All wireless clients that register at this access point, require this public key at position 1 in 

their key list for communication. 
If access for certain wireless clients is now restricted by the ACL list of the access point on 

the basis of a private key, the private key must first be stored in the key list of the access 

point and the appropriate wireless clients. 
The next step is to enter the MAC addresses of these wireless clients in the ACL list of the 

access point and to assign the private key. If it is intended that these wireless clients should 

continue communication, the private key must be set on the wireless client directly under 

Security->Basic->WLAN and used for the encryption. Otherwise the clients could receive 

broadband or multicast packets, but no longer be addressed directly with unicast packets. 

See also 

CLI

\

SECURITY

\

ACL

\

WLAN1 (or 

\

WLAN2 or 

\

WLAN3) menu command (Page 201) 

5.6.5.5

 

RADIUS Server menu command 

 

 

Note 
The "RADIUS" menu command is available only in access point mode. 

 

Authentication over an external server 

The concept of RADIUS is based on an external authentication server. A client can only 

access the network after the access point has verified the logon data of the client with the 

authentication server. Both the client and the authentication server must support the EAP 

protocol (Extensive Authentication Protocol). The SCALANCE W-700 supports the external 

authentication mechanisms EAP-TLS, EAP-TTLS and PEAP. 

Summary of Contents for SCALANCE W786-xPRO

Page 1: ...tion 2 Assembly 3 Connecting up 4 Configuration project engineering 5 Upkeep and maintenance 6 Technical specifications 7 Appendix A SIMATIC NET SCALANCE W786 xPRO Operating Instructions Release 08 2007 C79000 G8976 C221 02 ...

Page 2: ...issioning and operation of a device system may only be performed by qualified personnel Within the context of the safety notes in this documentation qualified persons are defined as persons who are authorized to commission ground and label devices systems and circuits in accordance with established safety practices and standards Prescribed Usage Note the following WARNING This device may only be u...

Page 3: ...te to a wall 37 3 4 2 Screwing the cover plate for the cable feedthrough to the mounting plate 38 3 4 3 Fitting the mounting plate to an S7 300 standard rail 40 3 4 4 Fitting the mounting plate to a DIN rail 41 3 4 5 Fitting the mounting plate to a mast 42 3 4 6 Fitting removing the SCALANCE W786 to from a mounting plate 43 4 Connecting up 45 4 1 Lightning protection power supply and grounding 45 ...

Page 4: ...Wizard 82 5 5 1 Introduction 82 5 5 2 Security settings 82 5 5 3 Security settings for the management interfaces 83 5 5 4 Security settings for the SNMP protocol 84 5 5 5 Security settings for WLAN page 1 only in access point mode 85 5 5 6 Security settings for WLAN page 2 88 5 5 7 Settings for the Low security level 91 5 5 8 Settings for the Medium security level 92 5 5 9 Settings for the High se...

Page 5: ...le menu command 150 5 6 7 The Filters menu 151 5 6 7 1 Filters menu command 151 5 6 7 2 MAC Filters menu command 152 5 6 7 3 MAC Dir Filter menu command 152 5 6 7 4 Protocol Filter menu command 152 5 6 8 The I Features menu 153 5 6 8 1 I Features menu command 153 5 6 8 2 iQoS menu command in access point mode only 153 5 6 8 3 Forced Roaming on IP Down menu command in access point mode only 154 5 6...

Page 6: ...1 7 or WLAN2 VAP1 7 or WLAN3 VAP1 7 menu command 197 5 7 4 The CLI SECURITY menu 197 5 7 4 1 CLI SECURITY menu command 197 5 7 4 2 CLI SECURITY BASIC WLAN1 or WLAN2 or WLAN3 menu command 198 5 7 4 3 CLI SECURITY BASIC WLAN1 VAP1 7 or WLAN2 VAP1 7 or WLAN3 VAP1 7 menu command 200 5 7 4 4 CLI SECURITY KEYS WLAN1 or WLAN2 or WLAN3 menu command 200 5 7 4 5 CLI SECURITY ACL WLAN1 or WLAN2 or WLAN3 menu...

Page 7: ... 222 5 8 1 How the PRESET PLUG works 222 5 8 2 Creating a Configuration with a new PRESET PLUG 222 5 8 3 Changing a PRESET PLUG that already contains configuration data 223 5 8 4 Putting a device into operation with a PRESET PLUG 224 6 Upkeep and maintenance 225 6 1 Loading new firmware over FTP 225 6 2 Restoring the default parameter settings 226 7 Technical specifications 227 7 1 SCALANCE W786 t...

Page 8: ......

Page 9: ...rmation you require to install commission and operate the SCALANCE W786 xPRO correctly They explain how to configure the SCALANCE W786 xPRO and how to integrate the SCALANCE W786 xPRO in a WLAN network Orientation in the documentation Apart from the operating instructions you are currently reading the following documentation is also available from SIMATIC NET on the topic of Industrial Wireless LA...

Page 10: ...operation of these devices System manual Wireless LAN Basics Apart from the description of the physical basics and a presentation of the main IEEE standards this also contains information on data security and a description of the industrial applications of wireless LAN You should read this manual if you want to set up WLAN networks with a more complex structure not simply a connection between two ...

Page 11: ...nt modules IP30 cabinet installation W74x 1 W744 1 W746 1 W747 1 Ethernet client modules IP65 installed outside a cabinet W74x 1PRO RR W744 1PRO W746 1PRO W747 1RR All Ethernet client modules SCALANCE W W74x W744 1 W746 1 W747 1 W744 1PRO W746 1PRO W747 1RR Access points IP30 cabinet installation W784 1xx W784 1 W784 1RR Access points IP65 installed outside a cabinet extreme climatic requirements ...

Page 12: ... Instructions Release 08 2007 C79000 G8976 C221 02 Product group The designation stands for Product name All SCALANCE W devices W 700 W788 1PRO W788 2PRO W788 1RR W788 2RR W744 1PRO W746 1PRO W747 1RR W786 1PRO W786 2PRO W786 3PRO W784 1 W784 1RR W744 1 W746 1 W747 1 ...

Page 13: ...d the SCALANCE W78x does not have a connection to a wired Ethernet Within its transmission range the SCALANCE W78x forwards data from one WLAN node to another The wireless network has a unique name All the devices exchanging data within this network must be configured with this name Figure 2 1 Standalone configuration of a SCALANCE W78x The gray area indicates the wireless transmission range of th...

Page 14: ...th each other directly connection 4 without involving a SCALANCE W78x The nodes access common resources files or even devices for example printers of the server connections 1 to 3 in the figure This is of course only possible when the nodes are within the wireless range of the server or within each other s range 1 2 3 4 Figure 2 2 Ad hoc network without SCALANCE W78x ...

Page 15: ...work over a SCALANCE W78x Span of wireless coverage for the wireless network with several SCALANCE W78x access points The SCALANCE W78x access points are all configured with the same unique SSID network name All nodes that want to communicate over this network must also be configured with this SSID If a mobile station moves from the coverage range cell of one SCALANCE W78x to the coverage range ce...

Page 16: ...ALANCE W78x access points in their cells If neighboring SCALANCE W78x access points are set up for different frequencies this leads to a considerable improvement in performance As a result neighboring cells each have their own medium available and the delays resulting from time offset transmission no longer occur Channel spacing should be as large as possible a practical value would be 25 MHz five...

Page 17: ...CALANCE W78x and other WDS compliant devices These are used to create a wireless backbone or to connect an individual SCALANCE W78x to a network that cannot be connected directly to the cable infrastructure due to its location Two alternative configurations are possible The WDS partner can be configured both using its name and its MAC address 1 1 1 1 A B Figure 2 5 Implementation of WDS with four ...

Page 18: ...sed to set up a redundant wireless backbone that cannot be implemented as a wired network due to its location but nevertheless has high demands in terms of availability Two alternative configurations are possible The RWLAN partner can be configured both using its name and its MAC address A B Figure 2 6 Implementing RWLAN with two SCALANCE W78x devices with at least two WLAN interfaces As an altern...

Page 19: ...ealing the housing Depending on the version up to 8 strain relief clamps 1 connector for the 48 V DC power supply 2 adhesive sealing foils for oval fiber optic cables not for devices with RJ 45 port 1 SIMATIC NET Industrial Wireless LAN CD with these Operating Instructions for the SCALANCE W78x 1 Operating Instructions compact SCALANCE W786 Please check that the consignment you have received is co...

Page 20: ...1g In the 802 11a 802 11h and 802 11g mode the gross transmission rate is up to 54 Mbps In turbo mode the transmission rate is up to 108 Mbps not permitted in all countries and modes As an expansion of the 802 11a mode it is also possible to operated according to the IEEE 802 11h standard In 802 11h mode the procedures Transmit Power Control TPC and Dynamic Frequency Selection DFS are used in the ...

Page 21: ...786 1BA60 2AA0 6GK5786 1BA60 2AB0 1 W786 1PRO 1 1 RJ 45 2 6GK5786 1AA60 2AA0 6GK5786 1AA60 2AB0 1 W786 1PRO 1 1 ST duplex multimode FO cable 1 diversity 2 6GK5786 1BB60 2AA0 6GK5786 1BB60 2AB0 1 W786 1PRO 1 1 ST duplex multimode FO cable 2 6GK5786 1AB60 2AA0 6GK5786 1AB60 2AB0 1 W786 2PRO 2 1 RJ 45 2 diversity 2 6GK5786 2BA60 2AA0 6GK5786 2BA60 2AB0 1 W786 2PRO 2 1 RJ 45 4 6GK5786 2AA60 2AA0 6GK57...

Page 22: ...6 3AB60 2AA0 6GK5786 3AB60 2AB0 1 1 US variant 2 There are two internal antennas per WLAN port The antenna used is always the one that provides the best possible data transmission diversity Requirements for installation and operation A PG PC with a network attachment must be available to configure the SCALANCE W786 If no DHCP server is available a PC on which the Primary Setup Tool PST is installe...

Page 23: ... LED display of the SCALANCE W786 Note The PoE LED does not exist on devices with a port for FO cable LED Color Description L1 Green Power supply over a power supply adapter or the 48 V DC energy contacts of devices with a port for FO cable PoE Green Power over Ethernet or power over the 48 V DC energy contacts of devices with an RJ 45 port Yellow Data transfer over the Ethernet interface traffic ...

Page 24: ...access point Flashing yellow PRESET PLUG detected Yellow green PRESET function completed successfully Yellow Access Point Mode Data transfer over the second WLAN port Client Mode The LED is always off because the 2nd port is not available in client mode Green Access Point Mode The WLAN interface is initialized and ready for operation Client Mode The LED is always off because the 2nd port is not av...

Page 25: ...he LED is always off because the 3rd port is not available in client mode Flashing yellow PRESET PLUG detected Yellow green PRESET function completed successfully Red An error occurred during operation with the SCALANCE W786 F Flashing red Ready to load firmware The device was either stopped with the reset button or there is incorrect firmware on the device Note If the LED for the WLAN port is not...

Page 26: ...ices with more than one WLAN interface and use the MAC addresses and not the sysNames These functions are then based on the MAC address that inevitably changes if a device is replaced Note In terms of the C PLUG the SCALANCE W 700 devices work in two modes Without C PLUG The device stores the configuration in internal memory This mode is active when no C PLUG is inserted With C PLUG The configurat...

Page 27: ...the housing cover removed The reset button has the following functions Restart of the device To restart the device press the reset button Loading new firmware If the normal procedure with the Load Save menu of Web Based Management was completed successfully the reset button can be used to load new firmware This situation can occur if there was a power outage during the normal firmware update Resto...

Page 28: ...lusions2 The German Commission on Radiological Protection concludes that according to the latest scientific literature no new scientific research is available with respect to proven health hazards which would throw doubt upon the scientific evaluation which serves as the basis for the ICNIRP safety concepts and the recommendations of the EU commission The SSK also concludes that below the current ...

Page 29: ...86 to a wall or onto the optional mounting plate You want to connect cables to the SCALANCE W786 for the power supply for Ethernet or for external antennas You want to insert a C PLUG in the device or replace an existing C PLUG You want to use the reset button Removing the housing cover WARNING Danger from line voltage After removing the housing cover there is a risk of touching live parts Remove ...

Page 30: ...e housing cover position A in the figure above 2 Loosen the screws in the cover position B in the figure above Note These screws remain in the cover after they have been loosened prevents them being lost Never attempt to remove these screws from the housing cover using force otherwise the housing cover will be damaged 3 Remove the housing cover with the captive screws position C in the figure abov...

Page 31: ...s follows A B C Figure 3 2 Side view of a SCALANCE W786 with cables entering from different directions The cables are inserted from above position A in the previous schematic The housing of the SCALANCE W786 has an opening at the top for this purpose The cables are inserted from below position B in the previous schematic There is also an opening at the bottom for this purpose Cables inserted throu...

Page 32: ... FO cable use the second opening from the left in the seal Cable routing is illustrated in the figure above For individual cores immediately following the connector the minimum bending radius is 25 mm Refer to the specification of the cable you are using for the minimum permitted bending radius of the cable within the jacket Make sure that the FO cable is not sharply kinked after passing through t...

Page 33: ...d The chassis ground connector is located on the rear of the device M4 thread Connect the ground cable before you mount the SCALANCE W786 on a wall or on the optional mounting plate Once the SCALANCE W786 is mounted the connector is no longer accessible Place the supplied toothed washer directly on the rear of the device before screwing on the ground cable Only then can you be sure that there is i...

Page 34: ...ctions Release 08 2007 C79000 G8976 C221 02 3 3 Mounting without an adapter wall mounting only Drilling template The location of the holes for mounting the SCALANCE W786 on a wall is shown in the following figure 34 184 46 187 19 34 Figure 3 5 Drilling template for wall mounting of the SCALANCE W786 ...

Page 35: ...the housing of the SCALANCE W786 position A in the figure above Note the information in the section Connecting up cables 2 Secure the SCALANCE W786 to the wall with three screws position B in the figure above The screws are not supplied with the device The type and length of the screws depend on the type of wall Type of screw for wooden walls wood screw 4 x 30 mm for concrete walls 4 x 50 mm with ...

Page 36: ...remely thin it is often not possible to use wall plugs for the screws To allow wall mounting even in this situation there are four M4 threaded holes on the rear of the SCALANCE W786 The drilling template is a square with sides 100 mm long The device can therefore be mounted on a wall with bolts through the wall Calculate the length of the required M4 screws as follows Screw length wall thickness 7...

Page 37: ...late to a wall is shown in the following figure 160 46 46 81 109 62 Figure 3 7 Drilling template for fitting the mounting plate to a wall Procedure Secure the mounting plate to the wall with four screws The screws are not supplied with the device The type and length of the screws depend on the type of wall Type of screw for wooden walls wood screw 4 x 30 mm for concrete walls 4 x 50 mm with 5 mm c...

Page 38: ...seal is effective only when it is not subjected to water jets If the device is mounted on a wall this is the case and no further measures are necessary When mounted in any other way except for mounting on an S7 300 standard rail an additional cover plate must be screwed to the mounting plate WARNING Danger from line voltage If the cable feedthrough is subjected to strong water jets water can penet...

Page 39: ...late for the cable feedthrough To screw the cover plate for the cable feedthrough to the mounting plate follow the steps below 1 Fit the cover plate on the mounting plate from below until the two lugs position A in the figure above engage the lower edge of the mounting plate 2 Secure the cover plate to the mounting plate with two M4 screws The screws are supplied with the assembly kit ...

Page 40: ...g plate on an S7 300 standard rail Follow the steps below to fit the mounting plate to an S7 300 standard rail 1 Place the mounting plate with the two protruding catches on the top edge of the S7 300 standard rail position A in the figure above 2 At the bottom the mounting plate has two lugs with holes Screw the lugs to the S7 300 standard rail position B in the figure above The required screws ar...

Page 41: ...igure 3 11 Mounting plate with fittings for DIN rail mounting Follow the steps below to fit the mounting plate to a DIN rail 1 Place the mounting plate with the two catches position A in the figure above on the upper edge of the DIN rail 2 Pull down the DIN rail sliding catch position B in the figure above and press the mounting plate against the DIN rail until the sliding catch engages ...

Page 42: ...a mast 1 Feed the fastening straps through the openings in the mounting plate position A in the figure above 2 Place the fastening straps around the mast at the required position 3 Feed the free end of the strap through the quick release fastener You can twist the tensioning screw position B in the figure above to the side to adapt a fastening strap to the diameter of the mast 4 Press the tensioni...

Page 43: ... Follow the steps below to fit a SCALANCE W786 to a mounting plate 1 Lead the cables into the housing of the SCALANCE W786 position A in the figure above Note the information in the section Connecting up cables 2 Fit the SCALANCE W786 so that the upper edge of the rear of the housing is below the two catches of the mounting plate position B in the figure above 3 Push in the SCALANCE W786 until it ...

Page 44: ...edure for removing the device Follow the steps below to remove a SCALANCE W786 from a mounting plate 1 Loosen the screws between the SCALANCE W786 and mounting plate 2 Using a screwdriver or similar tool press down the two lugs on the lower edge of the mounting plate position C in the first figure in this section and release the SCALANCE W786 from the recesses 3 Pull out the lower edge of the SCAL...

Page 45: ...r is available in the range of accessories of SIMATIC NET Industrial WLAN Lightning protector LP798 1N order no 6GK5798 2LP00 2AA6 WARNING Danger due to lightning strikes Installing this lightning protector between an antenna and a SCALANCE W 700 is not adequate protection against a lightning strike The LP798 1N lightening protector only works within the framework of a comprehensive lightning prot...

Page 46: ... these requirements Exceptions Power supply with PELV according to VDE 0100 410 or IEC 60364 4 41 is also possible if the generated rated voltage does not exceed the voltage limits 25 V AC or 60 V DC Earthing CAUTION Damage to the device due to potential differences To avoid the influence of electromagnetic interference the device should be grounded There must be no potential difference between th...

Page 47: ... section with 6 to 8 mm diameter Three core cable with 0 5 1 5 mm2 cross section of the individual cores Permitted tensile load at least 100 N Ethernet IE FC TP Standard Cable GP 2 x 2 type A Order no 6XV1 840 2AH10 IE TP Torsion Cable 2 x 2 type C Order no 6XV1 870 2F IE FC TP Trailing Cable 2 x 2 type C Order no 6XV1 840 3AH10 UL listing Type PLTC or ITC the three named types have this approval ...

Page 48: ...vices located in a control cabinet You will find detailed information in the catalog IK PI Antennas The following antennas have been approved for use with a SCALANCE W786 xPRO Type Properties Order no ANT795 6MN Omni antenna 2 4 5 GHz ceiling mounted 6GK5795 6MN00 0AA6 ANT792 6MN Omni antenna 2 4 GHz wall mounted 6GK5792 6MN00 0AA6 ANT793 6MN Omni antenna 5 GHz wall mounted 6GK5793 6MN00 0AA6 ANT7...

Page 49: ...of the SCALANCE W786 is only assured when the cable has a suitable diameter and adequate tensile strength Only use cables that meet the specifications in the section Cables for the SCALANCE W786 When connecting up a FO cable make sure that you use the adhesive sealing foil supplied with the SCALANCE W786 Never wrap insulating tape adhesive tape or other materials around thinner cables to achieve t...

Page 50: ...tion on this topic in the sections Connection for Industrial Ethernet and Connections for external antennas 48 V DC power supply Use the connector supplied with the SCALANCE W786 For details of the terminal assignment refer to the section Connectors for the power supply 12 24 V DC or 110 230 V AC power supply With these power supplies you require a power supply adapter do not ship with the SCALANC...

Page 51: ...ng seal Figure 4 2 Securing a sealing plug with a strain relief clamp Note Keep unused sealing plugs and strain relief clamps for later use Points to note when connecting an oval FO cable The oval FO cable specified for use with the SCALANCE W786 does not have a circular cross section As a result remember the following points when connecting up such cables Gasket Fit the supplied adhesive sealing ...

Page 52: ...9000 G8976 C221 02 Strain relief clamp When you fit the strain relief clamp make sure that the FO cable is in the correct position The shorter sides of the cable must make contact with the toothing of the strain relief clamp Figure 4 3 View from above with an FO cable inserted in the strain relief clamp ...

Page 53: ...e data lines phantom power If a Fast Connect Ethernet connector is used to allow cable assembly in the field and due to its greater mechanical strength you can only use four wire cables In this case only phantom power is possible This does not represent a restriction for the user because PoE compatible power equipment always provides both options Procedure for connecting the supplied connector for...

Page 54: ...ase 08 2007 C79000 G8976 C221 02 Figure 4 5 Position of the connector when inserted in the socket of the housing 2 Press the connector into the socket in the housing until it engages 3 Secure the power cable with a strain relief clamp For more detailed information on this topic refer to the section Connecting the cables ...

Page 55: ... alternating voltage Note Applies only to SCALANCE W786 3xx If a SCALANCE W786 3xx is operated with diversity for three antenna pairs the power for 12 24 V DC cannot be supplied redundantly In this case there is no further opening in the housing for a second power cable How to fit the power supply adapter WARNING Danger from line voltage Power supply cables may only be connected when the power is ...

Page 56: ...re above The connector on the rear of the power supply adapter must engage fully in the socket of the housing The entire rear surface of the power supply adapter must make contact with the inner surface of the SCALANCE W786 CAUTION Only use the loop position B in the figure above to remove the power supply adapter from the SCALANCE W786 This prevents the connector skewing on the back of the power ...

Page 57: ... cables How to remove the power supply adapter Follow the steps below to remove a power supply adapter from a SCALANCE W786 WARNING Danger from line voltage Disconnect power supply cables only when the power to the power supply adapter is turned off 1 Disconnect the power supply cable from the power supply adapter 2 Loosen the securing screw of the power supply adapter position A in the figure abo...

Page 58: ...n Ethernet cable RX TX ST Duplex Figure 4 7 Position of the Ethernet port with the housing cover removed Perform the following steps to connect an Ethernet cable to a SCALANCE W786 1 Insert the connector of the Ethernet cable in the corresponding socket of the SCALANCE W786 If you use FO cables make sure that the transmit and receive lines are correctly connected The location of the socket for RX ...

Page 59: ...et pair labeled 1 exists with a SCALANCE W786 2PRO the sockets labeled 1 and 2 exist Perform the following steps to connect a cable for an external antenna to a SCALANCE W786 1 Insert the connector on the antenna cable into the R SMA socket and tighten the sleeve nut on the socket key size SW8 tightening torque 0 6 Nm If you want to use a port for two antennas connect the line for antenna B first ...

Page 60: ...h the housing cover removed The housing of the C PLUG has a protruding ridge on the long side The C PLUG can only be inserted when this ridge is at the top right The slot in the SCALANCE W786 has a corresponding groove at this position Make sure that the C PLUG is inserted completely into the slot Removing the C PLUG Insert a screwdriver between the right hand front edge of the C PLUG and the slot...

Page 61: ... selection of the root bridge The computer with the lowest value set for this parameter automatically becomes the root bridge If two computers have the same priority value the computer with the lower MAC address becomes the root bridge Response to changes in the network topology If nodes are added to a network or drop out of the network this may affect the optimum path selection for data packets T...

Page 62: ...d station The mechanism makes it possible for example to monitor a connection between wireless clients and a server If the server can no longer be reached over the access point the clients are deauthenticated and the WLAN interface of the access point is disabled The clients roam and then connect to a different access point from which the server can be reached As soon as the first access point can...

Page 63: ...eriod As with Link Check you can also enter up to ten connections here 5 1 7 MAC based communication Auto Find Adopt MAC Adopt MAC manually Frames in the direction from the client to the access point always have the MAC address of the WLAN interface as the source MAC address As a result the learning table at the access point end always has only the MAC address of the WLAN interface of the client I...

Page 64: ...es downstream from the client 1 Layer 2 tunneling only for W746 1 and W747 1 or W746 1PRO and W747 1RR and W78x in client mode With layer 2 tunneling the client provides information about the devices downstream from it when it registers with an access point This makes it possible to enter the MAC addresses of these devices in the learning table of the access point The access point can forward MAC ...

Page 65: ...leading bits represent the address of the subnet and the remaining bits the address of the host in the subnet A subnet is defined by the subnet mask The structure of the subnet mask corresponds to that of an IP address If a 1 is used at a bit position in the subnet mask the bit belongs to the corresponding position in the IP address of the subnet address otherwise to the address of the computer Ex...

Page 66: ...CP request of a SCALANCE W 700 the IP address subnet mask and gateway are assigned automatically when the device first starts up Reset to Memory Defaults does not delete an IP address assigned either by DHCP or by the user 5 2 3 Address assignment with DHCP Properties of DHCP DHCP Dynamic Host Configuration Protocol is a method for automatic assignment of IP addresses It has the following characte...

Page 67: ... that inconsistencies can occur within the network Remedy After disabling DHCP you should therefore change the IP address of the device to an address not assigned by DHCP or remove the IP address assigned to the device from the address pool of the DHCP server Working with a mixture of dynamic address assignment and statically assigned addresses is not advisable 5 2 4 Address assignment with the Pr...

Page 68: ...deally have a wired network connection between the SCALANCE W 700 and the client computer In principle it is also possible to use Web Based Management over a wireless network however the SCALANCE W 700 can be set so that access over a wireless network is disabled We recommend that you use the Microsoft Internet Explorer Version 5 5 or higher or Mozilla Firefox Version 1 5 or higher All the pages o...

Page 69: ...user if you selected User 4 Click the Log On button to start the logon Note For the US variant of the SCALANCE W 700 the password for the admin user has been changed it can however be obtained from Siemens Support by specialists for professional WLAN installation Connection over HTTPS Web Based Management also allows you to connect to the device over the secure connection of the HTTPS protocol Use...

Page 70: ...wireless technology A wizard consists of a series of screens in which you enter the basic configuration data The following wizards are available Basic Wizard For general settings to ensure the basic functionality of the device Security Wizard The wizard for the security settings supports you when setting security related parameters iPCF Wizard This wizard is available for configuring iPCF industri...

Page 71: ...dialog the status of the wizards is displayed When you have worked through a wizard completely Done is displayed as the status When you have worked through all the wizards the Wizards entry also moves to the bottom end of the menu Note Some pages of the wizards have a different content in access point mode and Client mode In this case there is a separate description for the alternatives You can sp...

Page 72: ...nformation for the IP configuration of the SCALANCE W 700 Specified IP address DHCP server check boxes There are two methods of assigning IP addresses to devices The IP address can be set as a fixed permanent address or can be obtained dynamically from a DHCP server Select Specified IP Address if you do not use a DHCP server IP address input box The IP address of the SCALANCE W 700 Here you enter ...

Page 73: ...ss of a communication partner must match the bit pattern of the SCALANCE W 700 exactly at this point The same applies to the second and third parts of the IP address The IP address of a communication partner must therefore start with 192 168 147 The bit pattern of 0 is 0000 0000 This means that the bit pattern of the last part of the IP address of the partner device does not need to match the addr...

Page 74: ...ent frequency band divisions for WLAN communication The regulations for maximum output power also differ from country to country When you configure the SCALANCE W 700 you specify which local regulations are relevant for your location You do this with the Country Code parameter Country Code drop down list box In this list box you select the country in which the SCALANCE W 700 will be operated You d...

Page 75: ...aracter for the SSID To ensure compatibility with partner devices you should however not use any characters that are peculiar to a particular language for example special German characters ä ö etc or special characters in general The string for SSID can be a maximum of 32 characters long Wireless Mode drop down list box Select a wireless mode that is supported by all partner devices if you are usi...

Page 76: ...ss point that allows the best possible data transfer and to which a connection is permitted based on the security settings 5 4 6 Adopt MAC Address settings only for clients or access points in client mode Assigning the MAC address A MAC address must be specified for the device connected to the Ethernet port of the SCALANCE W 700 client before it can be reached This MAC address is used by the clien...

Page 77: ... configured for a client the IP mapping table is not displayed The SCALANCE W746 1PRO or W746 1 and SCALANCE W747 1RR or W747 1 devices as well as SCALANCE W78x devices operating in client mode can provide access to a wireless network for several Ethernet devices IP mapping For an access point with MAC filtering only one MAC address is visible to the SCALANCE W700 client there can be no filtering ...

Page 78: ...he Ethernet interface for the WLAN interface Layer 2 Tunneling not for SCALANCE W744 1PRO W744 1 As a client the SCALANCE W700 uses the MAC address of the Ethernet interface for the WLAN interface The network is also informed of the MAC addresses connected to the Ethernet interface of the SCALANCE W700 client Adopt MAC input box If you have selected the Set Adopt MAC manually check box here you wi...

Page 79: ... mode only Description The SCALANCE W78x uses a specific channel within the frequency band for communication You can either set this channel specifically or configure the SCALANCE W78x so that the channel is selected automatically A specific channel must be set for example in the following situations Communication suffers from interference from another device for example microwaves or another wire...

Page 80: ...IEEE 802 11a IEEE 802 11b IEEE 802 11g IEEE 802 11h Antenna Type drop down list box only for devices with external antennas Select the type of external antenna connected to the device Antenna gain in dBi input box only for devices with external antennas If you selected the User defined entry in the Antenna Type drop down list box you can enter the antenna gain manually in the unit dBi Antenna cabl...

Page 81: ... 8 Closing the Basic Wizard Description This page displays the parameters you have selected when you have completed all the entries for the basic configuration Adopt MAC Address is displayed only for an access point in client mode Finish button Click this button to close the Basic Wizard and to log on again with the modified IP address ...

Page 82: ...ou have at least basic security functions 5 5 2 Security settings Password First set a new admin password Enter the string twice in the text boxes of this page The password can be up to a maximum of 31 characters long When assigning the password ASCII code 0x20 to 0x7e is used The following characters are supported Numbers 0 9 Letters abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ Special c...

Page 83: ...hould only select protocols that you actually use The protocol settings only take effect after exiting the Security Wizard and restarting Even after selecting the Web Based Management entry you still have the option of returning to earlier pages or exiting the wizard Specifying the network type for configuration It is easier to restrict access to a wired network than to a wireless network Web Base...

Page 84: ...hen using the SNMP protocol you specify access permissions by means of the community string A community string effectively combines the function of user name and password in one string different community strings are defined for read and write permissions More complex and more secure authentications are possible only in some SNMPv2 variants and in SNMPv3 To preserve security you should not use the...

Page 85: ...security settings including for example the authentication and encryption If you configure a model with several wireless adapters this page appears for each adapter You can make different settings for each wireless adapter Network specific security settings On the first page of the security settings you select settings that apply regardless of protocol specific restrictions The basic measures for ...

Page 86: ...s if you use the redundancy function To avoid any possible conflicts with settings for a specific locale on the computer the name should not include any special German characters ö ä etc Enable Suppress SSID broadcasting feature for WLAN 1 Selecting this option means that the SSID is not visible for other devices As a result only stations for which the same network name was configured as for the S...

Page 87: ... A SCALANCE W788 1PRO is used with multiple SSIDs Note On a SCALANCE W78x 2 3xx the Inter SSID Communication function must be enabled on all WLAN interfaces or on all VAPs to allow communication between the clients with different SSIDs Note If VLANs are configured for the SSIDs this setting can prevent communication between the SSIDs according to the VLAN rules Enable Intracell communication list ...

Page 88: ... SSID to the Ethernet network Enabled Allowed x x x Enabled Intracell blocking x x Enabled Ethernet blocking x x Disabled Allowed x x Disabled Intracell blocking x Disabled Ethernet blocking x 5 5 6 Security settings for WLAN page 2 Predefined security levels Authentication and encryption are tried and tested methods for increasing security in networks Web Based Management provides four predefined...

Page 89: ...P AES AUTO local x High WPA2 RADIUS enabled TKIP AES AUTO Server Medium WPA Auto PSK preshared Key enabled TKIP AES AUTO local High WPA Auto RADIUS enabled TKIP AES AUTO Server Authentication Authentication basically means that some form of identification is required Authentication therefore protects the network from unwanted access In the Security Level box you can choose between the following ty...

Page 90: ...f to the client using a certificate Following successful authentication the client and RADIUS server generate key material that is used for data encryption AES or TKIP is used as the encryption method AES represents the standard method Medium with WPA compatibility WPA Auto PSK Select the Medium security level and check the WPA compatibility box so that an access point can process both WPA PSK aut...

Page 91: ...source The encryption key source indicates whether the key is configured locally and fixed local or whether it is negotiated by a higher protocol and an authentication server server Security Level for WLAN drop down list box Select a security level that is supported by all clients The content of the next page depends on the selected security level If you select the security level None there is no ...

Page 92: ...the Key input box is longer or shorter than the selected key length an error message is displayed The following key lengths are possible 40 bits 5 ASCII characters or 10 hexadecimal numbers 104 bits 13 ASCII characters or 26 hexadecimal numbers 128 bits 16 ASCII characters or 32 hexadecimal numbers With the AUTO setting the maximum key length is also 128 bits 5 5 8 Settings for the Medium security...

Page 93: ... Do not use known names words or terms that could be guessed If a device is lost or if the key becomes known the key should be changed on all devices to maintain security 5 5 9 Settings for the High security level in access point mode Reauthentication input box Here you decide whether the access point initiates a reauthentication for the clients You can also select who sets the time after which th...

Page 94: ...gs for the High security level in Client mode Note The following information applies only to SCALANCE W74x clients or SCALANCE W78x access points operating in client mode Dot1x user name input box Here enter the user name with which you want to register over the RADIUS server Dot1x user password input box Here enter the password for the above user name The client logs on with the RADIUS server usi...

Page 95: ...cted security settings for an access point Settings after working through the Security Wizard This page contains an overview of the selected security settings If you want to change a setting you can click the Back button to return to a previous page where you can enter a different value or make a different selection This page shows less information in client mode ...

Page 96: ...7 C79000 G8976 C221 02 5 5 12 Exiting the Security Wizard Further security settings The last page of the wizard indicates other security measures that you can take Finish button Click the Finish button to apply the data and exit the wizard Your settings only take effect after you have restarted System Restart menu ...

Page 97: ...in a separate browser window Updating the Display with Refresh Web Based Management pages that display current parameters have a Refresh button at the lower edge of the page Click this button to request up to date information from the device for the current page Saving entries with Set Values Pages in which you can make configuration settings have a Set Value button at the lower edge Click this bu...

Page 98: ...tion on the operating state of the device Depending on its location direct access to the SCALANCE W 700 may not always be possible Web Based Management therefore displays simulated LEDs Activating the simulation There is an HTML based simulation of the LED status Click on the green icon below the Console link to activate the simulation Figure 5 1 Example LED display of a SCALANCE W788 2PRO Other d...

Page 99: ... box informs you about the time that has elapsed since the last restart Reading out the country list In the address field of the Internet browser enter https IP address of the SCALANCE W 700 countrylist log and confirm with Enter After logging in you then obtain the country list with the following headers COUNTRY MODE CH MHz PWR EIRP USAGE The table lists the permitted wireless modes and channels ...

Page 100: ...MP Enabled check box is not selected neither write nor read access is possible using the SNMP protocol v1 v2c v3 If the SNMP protocol is not permitted it is not possible to send SNMP traps To improve security you should only enable the services that you actually use NOTICE Over SNMP it is possible to disable all services and to allow read access only over SNMP Following this no further configurati...

Page 101: ...he address table are deleted You can leave the browser window open while the device restarts Restore Memory Defaults button Click this button to reset the configuration The following parameters protected defaults are not reset IP address Subnet mask Gateway address SSID IP address of the default router DHCP flag System name System location System contact Device mode Country code There is no automa...

Page 102: ...hange in the power supply of the device evaluating this event only makes sense when there is a redundant power supply Change in the error status error LED Additional system events for access points If you use a SCALANCE W78x in access point mode you can configure additional system events Events associated with a client logging on and off IP Alive state change application specific connection monito...

Page 103: ...vents You can also enter a sender This allows you to recognize which device is involved and sent the E mail If you do not make an entry in the From box the device uses the following sender SCALANCE_W IP address See also CLI SYSTEM EMAIL menu command Page 181 5 6 3 7 SNMP Config menu command Configuration Select the check boxes of the entries according to the SNMP functionality you want to use SNMP...

Page 104: ...ryption Auth No Priv Authentication with the MD5 or SHA algorithm no encryption To display the members of the group you must enter the authentication password maximum of 63 characters Auth Priv Authentication with the MD5 or SHA algorithm encryption with the DES3 algorithm To display the members of the group you must enter the authentication password maximum of 63 characters Users submenu This pag...

Page 105: ...rver input box The server address decides the IP address to which the Syslog messages are sent If no IP address is entered in this box no Syslog messages are sent If the Syslog server is not in the same network as the SCALANCE W an automatic attempt is made to establish a connection over the default gateway log table check box This check box decides whether all entries made in the log table are al...

Page 106: ...n seconds after which the SCALANCE W 700 calls up the time information from the SNTP server With the Refresh SNTP button you can synchronize with the SNTP server regardless of the selected update time See also CLI SYSTEM SNTP menu command Page 185 5 6 3 10 Fault State menu command Information on errors faults This page displays information on faults errors that have occurred You can delete this in...

Page 107: ... if the downloaded configuration data contains a new IP address Note For SCALANCE W788 xPRO RR and W74x 1PRO RR only As of firmware version V3 0 the file with the configuration data of the AP also includes the following information Version of the configuration file Firmware version with which this configuration file was created Order number MLFB of the device with which the configuration file was ...

Page 108: ...en or where the data will be saved in the relevant input box for the configuration data or firmware 5 Start the save function by clicking the Save button Start the load from file function by clicking the Load button Configuration package If security certificates for the client and or server are installed on a client when the configuration is saved the client provides the option of saving the confi...

Page 109: ...s work in two modes Without C PLUG The device stores the configuration in internal memory This mode is active when no C PLUG is inserted With C PLUG The configuration stored on the C PLUG is displayed over the user interfaces In this mode the internal memory is neither read nor written If changes are made to the configuration the device stores the configuration directly on the C PLUG This mode is ...

Page 110: ...vision input box The version of the configuration structure This information relates to the configuration options supported by the device and has nothing to do with the concrete hardware configuration This revision information does not therefore change if you add or remove modules or extenders it can however change if you update the firmware File System input box Displays the type of file system o...

Page 111: ...default Configuration to C PLUG and Restart A configuration with all the factory default values is stored on the C PLUG This is followed by a restart in which the device starts up with these default values Clean C PLUG Low Level Format Configuration lost Deletes all data on the C PLUG and starts a low level formatting function There is no automatic restart Create PRESET PLUG Writes configuration d...

Page 112: ...an AP count 0 5 6 4 2 Ethernet menu command TTransmission speed and mode For a wired Ethernet interface with an RJ 45 connector you only specify the transmission speed mode parameters and the crossing over of the Ethernet connection When you select the Auto entry in the Speed Mode drop down list box the device sets a suitable speed and mode depending on the other network nodes and crosses over the...

Page 113: ...ith Set Values the comment DFS is active for this country code appears behind the Enable Interface check box With the automatically enabled Dynamic Frequency Selection function DFS prior to communication the access point checks whether the configured or selected channel see Auto Channel Select is free of signals from a primary user for example radar If signals of a primary user are found on the co...

Page 114: ...ode all access points must use the same channel If a signal from a primary user is detected by an access point the channel is changed automatically and the existing connection is then terminated MAC address of the client only for clients or access points in client mode A MAC address must be specified for the devices connected to the Ethernet port of the client before it can be reached This MAC add...

Page 115: ...settings of VAP0 are made directly in Interfaces WLAN the settings for VAP1 7 can be found in the Interfaces WLAN VAP1 7 submenus By using virtual access points various SSIDs maximum of 8 per WLAN interface can be configured with different security settings You can assign each virtual AP to a particular VLAN Set Values Apply the configuration by clicking Set Values If you have configured virtual a...

Page 116: ...tion before sending the actual data hidden node problem To minimize network load resulting from the additional protocol exchange this method is used only when a packet size that you select with the RTS CTS Threshold is exceeded Fragmentation The Fragmentation Length Threshold parameter specifies the maximum package size transferred on the wireless link Large packets are divided up into small packe...

Page 117: ...elects the permitted channels Under some circumstances there may be fewer permitted channels available for antennas with a higher antenna gain than for antennas with a lower antenna gain Note If you select User defined you have the option of entering dBi values as integers for the antenna gain in the range from 0 through 30 dBi Please remember to take the losses of the antenna connecting cable int...

Page 118: ...elect check box must be set and the channels of the other access points entered in the Background Scan Channels text box Enter the channels separated by blanks If the client finds a better access point it attempts to connect to it Before it changes the new access point must be better than the current access point by a certain value The threshold at which the client changes to the new access point ...

Page 119: ... connects to the network With this menu command you can specify how the device connects to a network as client If the Connect to ANY SSID check box is selected the device in client mode attempts to connect to the network with the best transmission quality and with suitable security settings If the Suppress SSID broadcasting setting is made for an access point the client cannot log on there with th...

Page 120: ... drop down list box you specify the use of RTS CTS None Do not use RTS CTS Always Always use RTS CTS with 802 11g packets Auto Only use RTS CTS when there are 802 11b clients in area You can set the data rate for RTS CTS frames in the 802 11g CTS Rate drop down list box With the 802 11g CTS Type drop down list box you specify whether only a CTS or RTS CTS is sent 802 11g enhancements With the 802 ...

Page 121: ...802 11b g a etc you can select any combination of these data rates The access point will then use only the selected transmission rates for communication with the clients The Basic Rate parameter specifies that a client must be capable of this data rate to be able to connect to the access point See also CLI INTERFACES WLAN1 DATARATES or WLAN2 DATARATES or WLAN3 DATARATES menu command Page 196 5 6 4...

Page 122: ... VLAN in the configuration of the client that you assign to this VLAN Note You can configure separate security settings for each virtual access point see section Basic Wireless menu command The security settings of the VAPs must meet those of the relevant VLANs See also CLI INTERFACES WLAN1 VAP1 7 or WLAN2 VAP1 7 or WLAN3 VAP1 7 menu command Page 197 5 6 5 The Security menu 5 6 5 1 Security menu c...

Page 123: ...on and encryption In this case you will have to store a WEP key after selecting Low Shared Key Note Only in access point mode When using an open system with encryption or shared key in conjunction with ACL lists note the information in Section ACL menu command WPA2 PSK WPA2 PSK is based on the WPA2 standard WPA authentication however operates without a RADIUS server Instead of this a key pass phra...

Page 124: ...om eavesdropping and corruption You can only disable encryption if you have selected Open System for authentication All other security methods include both authentication and encryption Encryption methods If you have selected Open System including encryption or Shared Key for authentication you will need to define a key in the Keys menu see section Keys menu command WEP Wired Equivalent Privacy A ...

Page 125: ...sting only in access point mode With the Suppress SSID broadcasting setting the SCALANCE W78x is only ever accessible to clients that know its SSID This method can be used to protect the SCALANCE W78x from unauthorized access Note Since no encryption is used for the SSID transfer this function can only provide basic protection against unauthorized access The use of an authentication method for exa...

Page 126: ...ion within an SSID as well as WLAN client communication over the Ethernet interface Overview of the communication options in access point mode only To illustrate the situation there is an overview of the effects of the Inter SSID communication and Intracell communication settings below Settings Possible communication Inter SSID communication Intracell communication within an SSID with another SSID...

Page 127: ... weaker key 40 104 bits 16 ASCII or 32 hexadecimal characters on the other hand define a strong key 128 bits You can also create keys for WDS Redundancy and ACL Private these are not supported by all clients for ACL Note For the key you can use characters 0x20 to 0x7e from the ASCII code Below there is a list of all supported characters starting with a space 0123456789 ABCDEFGHIJKLMNOPQRSTUVWXYZ _...

Page 128: ...sabled The access control list is not used Changing an entry in the ACL Click the relevant MAC address to change the entry in the ACL With the Sel check box you decide whether or not an ACL entry is used The Del check box is used to delete an entry from the ACL New entry in the ACL Click the New button to create a new entry in the ACL A page appears on which you can make the necessary settings Ent...

Page 129: ...ion If access for certain wireless clients is now restricted by the ACL list of the access point on the basis of a private key the private key must first be stored in the key list of the access point and the appropriate wireless clients The next step is to enter the MAC addresses of these wireless clients in the ACL list of the access point and to assign the private key If it is intended that thes...

Page 130: ...he SCALANCE W 700 is possible You should also note that the IP address of the client can change if you use DHCP without reservation See also CLI SECURITY ACCESS menu command Page 203 5 6 6 The Bridge menu 5 6 6 1 Bridge menu command Introduction A bridge is a network component that connects two networks A bridge is not dependent on the protocol management of the data packages is based on the physi...

Page 131: ...and communicates with clients There are however situations in which several access points need to communicate with each other for example to extend wireless coverage or to set up a wireless backbone This mode is possible with WDS Wireless Distributed System Note For SCALANCE W788 xPRO RR and W74x 1PRO RR only With the firmware update to V3 0 the SCALANCE W78x xRR devices need to be reconfigured if...

Page 132: ...WPA PSK or WPA2 PSK for a connection all WDS connections must be protected by at least a WEP key If you want to attach a different access point from the SCALANCE W78x over WDS you must configure the MAC address Detection using the sysName parameter does not work in this situation In the IEEE 802 11h transmission mode it is not practical to select the WDS mode In WDS mode all SCALANCE W78x devices ...

Page 133: ...Entries in red indicate members in the table entries in black indicate the configured port VLAN IDs If an interface is member of a VLAN ID that is not the same as the port VID frames arriving from Ethernet with this VLAN ID are accepted Outgoing frames however always have the port VLAN ID Click on VID or Name to open the configuration page for VLAN IDs With New you create a new VLAN ID with Refres...

Page 134: ...Otherwise the VID can no longer be modified Representati on Settings Description 1 Field can be edited If all editable boxes are displayed in this way and if the VID is not configured as port VID the VID is deleted when you exit this page Clicking on the field changes to depiction 2 2 Field can be edited Clicking on the field changes to depiction 1 3 Field cannot be edited Al entries for VLAN memb...

Page 135: ...5 Representati on Settings Description 5 Field cannot be edited Corresponding port is set to all VIDs 6 Field cannot be edited Corresponding port is not configured so no VID can be assigned Ports Port Overview of the ports in the form of a table SSID SSID for WLAN interface no entry for WDS or management and redundancy Priority Configured priority of the port ...

Page 136: ...an then be enabled disabled directly Clicking on a port opens the VLAN Settings configuration page Note If you use a Radius server for authentication this must the accessible over the management VLAN Among other things the management port also handles the functions HTTP HTTPS WBM Telnet SSH Ping DHCP TFTP SNMP SNTP and Syslog Note The IP and MAC based nodes downstream from a client with enabled la...

Page 137: ...t and the client itself are also members VLAN ID 33 with priority 6 VLAN settings VLAN enabled VLAN support can then be enabled disabled directly User Priority Prioritizing the data traffic via the port Untagged frames are given this priority Port VLAN ID Entry of the VLAN ID VLAN Membership All VIDs Automatic setting of the port as member of all configured VIDs Specific VIDs only Member of up to ...

Page 138: ...fic 2 Spare This priority is reserved 3 Excellent Effort EE Data traffic with highest priority 4 Controlled Load CL 5 Voice VI 100 ms latency and jitter Video multimedia 6 Voice VO 10 ms latency and jitter Voice over IP PNIO 7 Network Control NC Internal network control frames Default is 0 Best Effort BE Note Both voice over IP and PNIO have priority 6 Port VLAN ID Here you enter the VLAN ID VID o...

Page 139: ... Table menu command Assignment of MAC address and IP address The ARP protocol Address Resolution Protocol obtains the corresponding MAC address of a known IP address The page of this menu command also indicates the interface over which an address can be reached The last column indicates how the information was obtained for example dynamic if it was obtained during operation or static if it was con...

Page 140: ...his port is an edge port If the user wants to avoid the hello time spanning tree can be disabled at this port Point to Point direct communication between two neighboring stations By directly linking network components a status change reconfiguration of the ports can be made without any delays A point to point connection can for example be a WDS connection between two access points Alternate port s...

Page 141: ...onnection is always related to the root bridge a network component that can be considered as a root element of a tree like network structure With the Bridge Priority parameter you can influence the selection of the root bridge The bridge with the highest priority in other words with the lowest value for this parameter becomes the root bridge If several network components in a network have the same...

Page 142: ...ames is the Hello time The default for this parameter is 2 seconds Forward Delay input box New configuration data is not used immediately by a bridge but only after the period specified in the Forward Delay parameter This ensures that operation is started with the new topology only after all the bridges have the required information The default for this parameter is 15 seconds Spanning Tree Port s...

Page 143: ... mainly on the transmission speed The higher the achievable transmission speed the lower the value for Path Cost should be Typical values for spanning tree and rapid spanning tree are as follows The values can however also be set individually Data rate Path costs STP Path costs RSTP 100 Mbps 19 200 000 54 Mbps 33 370 370 48 Mbps 36 416 667 36 Mbps 43 555 556 24 Mbps 53 833 333 18 Mbps 58 1 111 111...

Page 144: ...ts P t P There is a point to point link when two RSTP compliant network components are connected together over this port There are three possible statuses ForceTrue Even with half duplex a direct link is assumed ForceFalse Despite a full duplex connection a point to point link is not assumed Auto Point to point is detected automatically If the port is set to half duplex shared media connection a d...

Page 145: ...sed depending on the selected version If you enter a zero for the RSTP value the value for the path costs is calculated automatically Admin Edge Port check box Enable this check box if an end device is connected to this port otherwise a reconfiguration of the network will be triggered by every link change Admin Point to Point Status drop down list box There are three possible settings Shared media...

Page 146: ...point and in client mode The function can only be used in client mode if NAT is disabled Limitation of broadcast and multicast frames Storm Threshold is the maximum number of broadcast or multicast frames per second forwarded by the SCALANCE W 700 If this limit is exceeded the SCALANCE W 700 stops processing such frames for 30 seconds See also CLI BRIDGE STORMTHR menu command Page 208 5 6 6 8 NAT ...

Page 147: ...me external source IP address To identify the individual source nodes the port of the source device is also stored in the translation list of the NAT gateway and translated for the external address If several local clients send a query to the same external destination IP address over the NAT gateway the gateway enters its own external source IP address in the header of these forwarded frames Since...

Page 148: ...set as NAT gateways per WLAN client Configuration Set the configuration on the IP Network Address Translation page with the following settings Enable NAT Click the Enable check box if you want to enable NAT Caution The change is adopted only after a restart Local IP Here you enter the local IP address for the Ethernet port of the WLAN client Subnet Mask Enter a subnet mask for the local Ethernet n...

Page 149: ...IDGE NAT STATIC menu command Page 209 5 6 6 9 IP Mapping Table menu command Note This menu command is available only with the following variants SCALANCE W746 1PRO SCALANCE W746 1 SCALANCE W747 1RR SCALANCE W747 1 SCALANCE W78x in client mode Note IP mapping table If layer 2 tunneling is configured for a client the IP mapping table is not displayed WLAN access by several devices over a client With...

Page 150: ...et If there is only IP communication between the access point and the client the default setting AdoptOwnMAC can be retained If frames based on MAC addresses are also sent by devices downstream from the client you will need to make the Adopt MAC settings manually Select Autofind Adopt MAC or layer 2 tunneling MAC address IP address assignment The client maintains a table with the assignment of MAC...

Page 151: ... of the data traffic between MAC addresses It is possible to filter the data traffic intended for wireless clients linked to the access point This filter is used to permit a specified MAC address access only to other specified MAC addresses You can specify several source addresses or entries for one destination address The communication of the destination address is then restricted to these entrie...

Page 152: ...ic bandwidth reservation iQoS Quality of Service is technique with which clients are assigned a certain bandwidth Due to this assignment there is a high probability that data transmission to these clients will be within a defined period This technique can be useful when response times must be guaranteed If non iQoS clients put too much load on the network they can be logged off from the AP to guar...

Page 153: ...5 6 8 3 Forced Roaming on IP Down menu command in access point mode only Note Forced roaming on IP Down cannot be used in conjunction with iPCF or WDS on the same WLAN interface Configuration After selecting the Forced Roaming on IP Down check box you can configure the following parameters Destination IP address The IP address of the device for which a connection will be monitored Interval 100 500...

Page 154: ...ime System event for connection abort You can specify how the SCALANCE W78x reacts to a connection abort or to the reestablishment of a connection in the System Events menu See also CLI IFEATURES LINKCHECK menu command Page 215 5 6 8 5 Redundancy menu command in access point mode only Note The redundancy function described here is available only for SCALANCE W78x devices that have more than one wi...

Page 155: ...ew list entries after clicking the New button You can then enter the MAC address and the monitoring time Monitoring independent of the port With IP Alive you specify a monitoring time for an IP address and a port If you do not want to monitor a particular port but rather only the data traffic from a particular IP address simply enter 0 in Port This resets the monitoring with each frame from this I...

Page 156: ...e the display The Client List menu command also allows you to update automatically To activate this select the Update check box See also CLI INFORM menu command Page 217 5 6 9 2 Log Table menu command Logging system events This page lists system events and the time at which they occurred You can specify which events are included here in the System Events menu If you position the mouse pointer over...

Page 157: ...tructions Release 08 2007 C79000 G8976 C221 02 157 5 6 9 4 Versions menu command Current versions and order numbers 1 Hardware version 2 Order number MLFB 3 Boot software version 4 Firmware version 5 Ethernet MAC address 6 Type of network attachment RJ 45 electric ST optical 7 Antenna mounting internal external ...

Page 158: ...l status etc are displayed here MAC Address the MAC address of the client If This specifies the wireless interface over which the client is connected Signal The signal strength of the client The higher the value the better the signal The user can choose between percentage and dBm Age Displays the time that has elapsed since the last client activity was detected Sec This indicates which encryption ...

Page 159: ...pdated automatically every 3 seconds If you click on the MAC address of a client you will receive additional information on this client See also CLI INFORM WLAN1 or WLAN2 or WLAN3 menu command Page 219 5 6 9 6 Ethernet menu command Information on the Ethernet interfaces This menu command provides information on the current settings of the Ethernet interface The current operating data is also displ...

Page 160: ...ngs of the WLAN interface The current operating data is also displayed here There is a separate menu for each wireless interface when the model has more than one wireless interface Traffic Statistics of the data to be transmitted are displayed here Association Authentication Frames The frames relevant for registration are counted A distinction is made between the registration frames Association an...

Page 161: ... or sent management frames RTS frames Is incremented when a CTS frame is received in response to an RTS frame Rate Displays an average data rate of the most recently received or sent data frames Data frame count Counts all received or sent data packets Data bytes count Displays the sum of all received or sent bytes in a data frame Unicast Sum of all received or sent data unicasts Multicast Sum of ...

Page 162: ...eived or received too late Encryption errors Is incremented if a frame is received in which the WEP bit is set and the device operates without encryption or the reverse situation when a packet is received without a WEP bit and encryption is enabled Duplicate frames Sum of all frames received twice FCS errors Sum of all packets received in which the checksum was incorrect Header CRC error Sum of al...

Page 163: ...e errors relate to the total number of received sent frames Overlap AP Note This menu command is available only in access point mode For optimum data throughput it is important that the set wireless channel is not used by other access points In the 2 4 GHz band 802 11b or 802 11g there is overlapping of the wireless channels so that an access point occupies not only the set channel but also the tw...

Page 164: ...do not have fixed requirements regarding the response time and minimum bandwidth Their communication is not currently restricted by iQoS Non Critical Regulated NCR These clients are also non critical clients whose communication is however currently being restricted by iQoS in favor of critical clients Non Critical Non Responsive NCNR Some clients that require no acknowledgment whatsoever for their...

Page 165: ...ame Plain language name of the port for example Ethernet or WLAN1 WDS1 Enabled Indicates whether the R STP is enabled for this port If the port is not enabled no further frames are forwarded over this port Cost Indicates the path costs for the port Priority Indicates the current priority of the port Edge Shows whether or not the port is an edge port P t P Shows whether or not the AP is connected d...

Page 166: ...played The ROOT state means that the port is connected directly with the root bridge DESIGNATED identifies all ports that are not directly at the root but that are enabled Ports that are blocked are in the BLOCKED state 5 6 9 10 IP TCP IP ICMP SNMP menu command Information on protocols The pages of this menu show information on the IP TCP UDP ICMP and SNMP protocols in the form of tables Note Ther...

Page 167: ... Working with the graphic display can cause a not insignificant network load that can disturb time and throughput critical processes PNIO Recording a series of measurements The lower half of the window includes not only the operator controls for graphic display of the instantaneous value but also the controls for the actual signal recorder You can set the interval between the acquisition of two me...

Page 168: ...l recorder itself does not cause any significant load in the network that could affect other processes Both parts of the signal recorder can be operated independently Below you will find a few tips that will help you to obtain useful measurements with the signal recorder Use a fixed data rate in the configuration Where possible the ipcf mode with as low an update time as possible should be set for...

Page 169: ...anges as a result Bandwidth data rate The bandwidth data rate is not displayed over the entire screen since it could overlap the signal level Noise floor The noise floor represents the lower end of the technically possible transmission of the device This means that when the noise floor is exceeded the useful signal is louder than the noise floor this is where the system dynamics begins For this re...

Page 170: ...ct engineering 5 6 Configuration with Web Based Management SCALANCE W786 xPRO 170 Operating Instructions Release 08 2007 C79000 G8976 C221 02 Figure 5 3 Comparison of the measured value display as a percentage and in dBm ...

Page 171: ...iguration project engineering 5 6 Configuration with Web Based Management SCALANCE W786 xPRO Operating Instructions Release 08 2007 C79000 G8976 C221 02 171 See also CLI INFORM SIGNAL menu command Page 220 ...

Page 172: ...y executed without a prompt for confirmation Configuring an IWLAN PB Link with the CLI The IWLAN PB LINK only uses configuration over CLI The Comment column in the following table shows which command is available for which device Starting the CLI in a Windows console Follow the steps outlined below to start the Command Line Interface in a Windows console 1 Open a Windows console and type in the co...

Page 173: ...es Symbols for representing CLI commands CLI commands generally have one or more parameters that are represented in the syntax description as follows Mandatory parameters are shown in pointed brackets Example IP address Optional parameters are shown in square brackets Example E D If you omit an optional parameter the commands output the currently set value Alternative input values are separated by...

Page 174: ... available for SCALANCE W788 2RR ᅳ ᅳ ᅳ ᅳ This command is not available in the version for USA country xx Specifies properties for specific countries The country codes xx correspond to ISO 3166 You can see which countries you can set after entering the country command A list of countries appears with the corresponding 2 digit code Maximum of 255 characters If you want to use the name in WDS or redu...

Page 175: ...y how the device obtains its IP address CLI SYSTEM IP Comment Command Description IWLAN PB LINK W744 W746 W747 W78x W78x RR dhcp E D Enable disable DHCP server ᅳ Specifies how a device will be identified M MAC address N Device name dhcptype M N C C Client ID ᅳ clientid Specifies a client ID for the device ᅳ When you enter a valid IP address enabled DHCP is automatically disabled ip IP address Spec...

Page 176: ...ion ttimeout time in s Specifies the time after which a Telnet section is closed if there is no further input ssh E D Enables disables configuration of the device over secure Telnet snmp E D Enable disable SNMP ᅳ mail E D Enable disable E mail ᅳ web E D Enable disable configuration of the device over Web Based Management ᅳ httpsonly E D Enable disable access for configuring only over HTTPS ᅳ ping ...

Page 177: ...ings and triggers a restart the protected settings are not deleted defaults Resets to the factory settings the protected settings are also deleted See also Restart menu command Page 101 5 7 2 5 CLI SYSTEM EVENT menu command Syntax of the Command Line Interface For each of the four possible reactions E mail trap log and fault either E Enabled setting is enabled or D Disabled setting is disabled mus...

Page 178: ...ent only if there is a bad SNMP authentication setec AF E D E D E D Reaction to a bad authentication over Web Based Management CLI or SNMP ᅳ setec PM E D E D E D E D Reaction to a change of power supply over the M12 power connection ᅳ setec PE E D E D E D E D Reaction to a change of power supply over Ethernet ᅳ setec FC E D E D E D Reaction to a change in the error status ᅳ Commands available only...

Page 179: ...nge in the iQoS status ᅳ ᅳ ᅳ ᅳ setec RD E D E D E D E D Reaction to a change in the redundancy event status ᅳ ᅳ ᅳ ᅳ setec CA E D E D E D Reaction when a client logs on ᅳ ᅳ ᅳ ᅳ setec CD E D E D E D Reaction when a client logs off ᅳ ᅳ ᅳ ᅳ setec FR E D E D E D Reaction to the forced roaming on IP down function ᅳ ᅳ ᅳ ᅳ setec ST E D E D E D Reaction to a topology change by rapid spanning tree ᅳ ᅳ ᅳ ᅳ s...

Page 180: ...ntered separated by semicolons email E mail address Specifies the address es to which the SCALANCE W 700 sends E mails ᅳ smtp IP address port number Specifies the IP address and the port number of the SMTP server ᅳ from text for sender field Specifies the sender of E mails from SCALANCE W 700 ᅳ See also E mail Config menu command Page 103 5 7 2 7 CLI SYSTEM SNMP menu command Enabling SNMP With the...

Page 181: ...cters ᅳ The default is public trapcomm trap community string Specifies the trap community string maximum length 63 characters ᅳ ᅳ ᅳ Traps are then enabled if SNMP v1 v2c is also enabled traps E D Enables disables SNMPv1 traps ᅳ See also SNMP Config menu command Page 103 5 7 2 8 CLI SYSTEM SNMP GROUP menu command Managing SNMP groups With the commands in this menu you manage SNMP groups creating de...

Page 182: ...WD Disables write access ᅳ Is only possible to delete a group if it is empty delete Index Deletes the SNMPv3 group from the group list at the index position ᅳ clearall Clears all SNMP groups that are empty ᅳ See also SNMP Config menu command Page 103 5 7 2 9 CLI SYSTEM SNMP USER menu command Managing SNMP users With the commands in this menu you manage SNMP users creating deleting etc CLI SYSTEM S...

Page 183: ... TRAP menu command Enabling SNMP traps specifying trap recipients With the commands of this menu you configure SNMP traps CLI SYSTEM SNMP TRAP Comment Command Description IWLAN PB LINK W744 W746 W747 W78x W78x RR Traps are then enabled if SNMP v1 v2c is also enabled traps E D Enables disables SNMP traps settrap entry IP address E D Specifies the IP address of the trap recipient entry entry between...

Page 184: ...re also sent to the Syslog server Can only be changed with Admin rights auths D E Specifies whether the authentication log entries are also sent to the Syslog server See also SSyslog menu command Page 104 5 7 2 12 CLI SYSTEM SNTP menu command Time of day synchronization in the network With the commands in this menu you specify the SNTP server and the time zone CLI SYSTEM SNTP Comment Command Descr...

Page 185: ...d The fault state remains active until all the fault messages have been acknowledged The fault state and the Fault LED are cleared if the only reason was an IP Alive error message The command cannot be executed in client mode ipacknow Index All Displays or acknowledges clears the IP Alive messages requiring acknowledgment ᅳ ᅳ ᅳ ᅳ The fault state remains active until all the fault messages have bee...

Page 186: ...e in which the log table will be saved logsave Saves the log table in a file Available only for clients or access points in client mode cltcert certificate Specifies the name of the certificate for the client Available only for clients or access points in client mode cltpass password Authorizes use of the certificate Available only for clients or access points in client mode cltload Downloads the ...

Page 187: ...te configuration data to a C PLUG CLI SYSTEM CPLUG Comment Command Description IWLAN PB LINK W744 W746 W747 W78x W78x RR All information is deleted initdef Reinitializes the C PLUG and copies the default configuration to the C PLUG All information is deleted initmem Reinitializes the C PLUG and copies the configuration currently stored on the device to the C PLUG If the C PLUG was removed you spec...

Page 188: ...ommand Description IWLAN PB LINK W744 W746 W747 W78x W78x RR ᅳ Specifies the transmission speed and mode of the Ethernet interface O Automatic selection by the device 100F 100 Mbps full duplex 100H 100 Mbps half duplex 10F 10 Mbps full duplex ethspeed A 100F 100H 10F 10H 10H 10 Mbps half duplex This command is available only on devices with an RJ 45 connector ᅳ Specifies whether or not a crossover...

Page 189: ... 11h C 802 11a Turbo U 802 11h Turbo mode A B G H T U X x 802 11g Turbo Depending on the locale setting some settings may not be possible and will then be rejected 802 11a g h Turbo cannot be set in all countries Only available in access point mode autoch E D Enable disable the channel selection by the SCALANCE W78x ᅳ ᅳ ᅳ ᅳ channel 1 167 Specifies the wireless channel ᅳ ᅳ ᅳ ᅳ Possible only in 802 ...

Page 190: ...ANCED Opens the ADVANCED menu DATARATES Opens the DATARATES menu ᅳ ᅳ ᅳ ᅳ Displayed only when vapno 0 VAP1 Opens the VAP1 menu ᅳ ᅳ ᅳ ᅳ Displayed only when vapno 1 VAP2 Opens the VAP2 menu ᅳ ᅳ ᅳ ᅳ Displayed only when vapno 2 VAP3 Opens the VAP3 menu ᅳ ᅳ ᅳ ᅳ Displayed only when vapno 3 VAP4 Opens the VAP4 menu ᅳ ᅳ ᅳ ᅳ Displayed only when vapno 4 VAP5 Opens the VAP5 menu ᅳ ᅳ ᅳ ᅳ Displayed only when va...

Page 191: ... ᅳ Not with iPCF fragthr 256 2346 Specifies the size as of which packets are fragmented ᅳ Specifies the mode in which the client scans for further access points ᅳ D Disabled I Scan if idle bkscan D I A O Scan always Available only in the client mode Not with iPCF Available only in the client mode Not with iPCF bkscanint 200 60000 Interval at which the client scans for further access points ᅳ Avail...

Page 192: ... this function is enabled higher data rates according to IEEE 802 11b are supported higher performance preamb E D Enables disables the short preamble Specifies which antennas are used O Only antenna A B Only antenna B SA Antenna A sending antenna B receiving SB Antenna B sending antenna A receiving antenna A B SA SB D D Use the better of the two antennas antenna diversity With the IWLAN PB Link wi...

Page 193: ... GHz 7 ANT792 4DN RCoax Antenna gain 4 dBi 2 4 GHz 8 ANT793 4MN RCoax Antenna gain 6 dBi 5 GHz 9 RCoax leaky wave cable gain 0 dBi 2 4 GHz 0 dBi 5 GHz 10 ANT795 4MR gain 3 dBi 2 4 GHz 5 dBi 5 GHz 11 ANT795 4MS gain 4 dBi 2 4 GHz 5 dBi 5 GHz antcable 0 30 Entry of the length of the antenna cable in meters 5 7 3 4 CLI INTERFACES WLAN1 SSID or WLAN2 SSID or WLAN3 SSID menu command Connection to a net...

Page 194: ...s all network names SSID from the SSID list ᅳ ᅳ See also SSID List menu command Page 120 5 7 3 5 CLI INTERFACES WLAN1 802 11G or WLAN2 802 11G or WLAN3 802 11G menu command Special options of the 802 11g standard With the commands in this menu you can configure specific properties of the 802 11g standard You can for example specify how management and control data is sent in 802 11g mode CLI INTERF...

Page 195: ... transmission rates With the commands of this menu you can configure the transmission rate CLI INTERFACES WLAN1 DATARATES or WLAN2 DATARATES or WLAN3 DATARATES Comment Command Description IWLAN PB LINK W744 W746 W747 W78x W78x RR info The following overview shows you the available transmission rates and their current configuration ᅳ ᅳ ᅳ ᅳ default Enables the default setting for the current WLAN mo...

Page 196: ...menu you make settings for virtual access points CLI INTERFACES WLAN1 VAP1 7 or WLAN2 VAP1 7 or WLAN3 VAP1 7 Comment Command Description IWLAN PB LINK W744 W746 W747 W78x W78x RR Only available in access point mode vap E D Enable disable virtual access point ᅳ ᅳ ᅳ ᅳ Only available in access point mode ssid network name Assigns a network name SSID ᅳ ᅳ ᅳ ᅳ See also VAP menu command Page 122 5 7 4 Th...

Page 197: ...ANCE W 700 With the commands in this menu you specify the security settings of the SCALANCE W 700 CLI SECURITY BASIC WLAN1 or WLAN2 or WLAN3 Comment Command Description IWLAN PB LINK W744 W746 W747 W78 x W78x RR Specifies the authentication type For the parameter n enter a number between 0 and 4 for the authentication type 0 Open System 1 Shared Key 2 WPA RADIUS 3 WPA PSK 4 802 1x RADIUS 5 WPA2 6 ...

Page 198: ... D Enable disable Close Wireless System functionality ᅳ ᅳ ᅳ ᅳ Allowed Intracell or Ethernet blocking Allowed no restriction of data traffic Intracell blocking of data traffic between the clients in the cell intracom A I E Ethernet blocking of data traffic to Ethernet ᅳ ᅳ ᅳ ᅳ Enable Disable communication to other SSIDs Enable data traffic with other SSIDs permitted ssidcom E D Disable data traffic ...

Page 199: ... PSK 4 802 1x RADIUS 5 WPA2 6 WPA2 PSK 7 WPA Auto authent 0 1 2 3 4 5 6 7 8 8 WPA Auto PSK With the authentication types 7 WPA Auto and 8 WPA Auto PSK the encryption method of WPA and WPA2 or of WPA PSK WPA2 PSK must be the same encrypt E D Encryption enabled disabled ᅳ ᅳ ᅳ ᅳ cipher OFF AUTO WEP AES TKIP Specifies the encryption scheme ᅳ ᅳ ᅳ ᅳ defkey 1 2 3 4 Select the default WEP key ᅳ ᅳ ᅳ ᅳ The ...

Page 200: ...ll keys See also Keys menu command Page 128 5 7 4 5 CLI SECURITY ACL WLAN1 or WLAN2 or WLAN3 menu command Editing the access control list ACL With the commands in this menu you edit the entries in the access control list CLI SECURITY ACL WLAN1 or WLAN2 or WLAN3 Comment Command Description IWLAN PB LINK W744 W746 W747 W78x W78x RR Global release of ACL ᅳ ᅳ ᅳ ᅳ E Enable D Disable aclmode E D S S Str...

Page 201: ...cation over an external server With the commands in this menu you set for example IP addresses ports and password CLI SECURITY RADIUS Comment Command Description IWLAN PB LINK W744 W746 W747 W78x W78x RR server IP address Specifies the IP address of the primary RADIUS server ᅳ ᅳ ᅳ ᅳ server B IP address Specifies the IP address of the backup RADIUS server ᅳ ᅳ ᅳ ᅳ port port Specifies the port of the...

Page 202: ... IP addresses With the commands in this menu you specify the access permissions for IP addresses CLI SECURITY ACCESS Comment Command Description IWLAN PB LINK W744 W746 W747 W78x W78x RR access E D Enable disable access control list ᅳ statmgmt A D It is possible to access or not possible to access the IP addresses of the access control list Accessed Denied ᅳ add IP Adds a new IP address ᅳ edit Ind...

Page 203: ...on of information on the assignment of MAC addresses and ports With the Aging time parameter you can change the time ᅳ learn Displays the learning table ᅳ ᅳ ᅳ arp Displays the ARP table ᅳ ipmap Displays the IP mapping table ᅳ ᅳ ᅳ STORMTHR Opens the storm threshold menu ᅳ ᅳ ᅳ NAT Opens the NAT menu ᅳ ᅳ ᅳ See also Bridge menu command Page 131 5 7 5 2 CLI BRIDGE WDS WLAN1 or WLAN2 or WLAN3 menu comma...

Page 204: ...4 W746 W747 W78x W78x RR info Shows the currently configured VLANs and their relationship to the ports ᅳ ᅳ ᅳ ᅳ add VLAN ID u ports Inserts a new VLAN Ports Specifies the port that will be configured for the VLAN u The port is a member of the VLAN frames are sent without a VLAN tag Examples add 100 u 2 4 Creates an entry with the VLAN ID 100 Ports 2 and 4 are members of this VLAN ᅳ ᅳ ᅳ ᅳ edit VLAN ...

Page 205: ...les disables VLAN for the specified port ᅳ ᅳ ᅳ ᅳ portvid Port VLAN ID Frames received at the specified port without a VLAN tag are given a VLAN tag with the VLAN ID ᅳ ᅳ ᅳ ᅳ portprio Port Priority The priority assigned to untagged frames according to 802 1d ᅳ ᅳ ᅳ ᅳ member Port all specific The specified port is a member of all VLANs or only the VLAN configured in VLAN ID specific see above ᅳ ᅳ ᅳ ᅳ ...

Page 206: ... seconds ᅳ ᅳ ᅳ ᅳ Default value 20 s maxage 6 40 Maximum age for configuration information specified in seconds ᅳ ᅳ ᅳ ᅳ See also Spanning Tree menu command Page 140 5 7 5 6 CLI BRIDGE SPANNING PORTS menu command Spanning tree port With the commands in this menu you set the Spanning Tree port properties CLI BRIDGE SPANNING PORTS Comment Command Description IWLAN PB LINK W744 W746 W747 W78x W78x RR i...

Page 207: ...connection is full duplex it is assumed to be PtP if it is half duplex no PtP connection is assumed shared medium C Specifies a PtP link even though half duplex is being used ptpport port A T F F Specifies that there is no PtP link over the relevant port even with full duplex See also Spanning Tree menu command Page 140 5 7 5 7 CLI BRIDGE STORMTHR menu command Storm threshold With the commands in ...

Page 208: ...e multi_1 limit value multi_2 limit value Specifies the maximum number of multicast packets per second for the first or second wireless interface See also Storm Threshold menu command Page 147 5 7 5 8 CLI BRIDGE NAT menu command NAT Network Address Translation With the commands in this menu you set the NAT properties CLI BRIDGE nat Comment Command Description IWLAN PB LINK W744 W746 W747 W78x W78x...

Page 209: ...Port Local Port Edit a static NAT entry Index Index in table Type TCP or UDP G Port Global Port L IP Local IP edit Index E D type G Port L IP L Port L Port Local Port delete Index Deletes a static NAT entry clearall Deletes all static NAT entries CLI BRIDGE NAT STATIC info Index Enabled Type Global Port Local IP Local Port 1 x TCP 21 172 27 138 2 1026 Example of static information See also NAT men...

Page 210: ...eck_wds E D Enables disables checking including the WDS ports With the E setting the WDS ports are also monitored ᅳ ᅳ ᅳ ᅳ delete Number MAC Deletes the entry from the list ᅳ ᅳ ᅳ ᅳ clearall Deletes all entries from the list ᅳ ᅳ ᅳ ᅳ See also MAC Filters menu command Page 152 5 7 6 2 CLI FILTERS MAC2FLT menu command MAC dependent communication paths With the commands in this menu you specify which de...

Page 211: ...ᅳ statprot F B The selected protocols are forwarded not forwarded ᅳ ᅳ ᅳ ᅳ fltprot E D Enables disables the protocol filter ᅳ ᅳ ᅳ ᅳ add Pattern description Adds a new entry A hexadecimal value is expected for the Pattern value The user can enter a short note for this protocol as the description ᅳ ᅳ ᅳ ᅳ edit Index E D Pattern description Changes of enables disables the filter entry ᅳ ᅳ ᅳ ᅳ delete In...

Page 212: ...ransmission rate ᅳ ᅳ ᅳ ᅳ 15 1000 ms default 50 ms response response time Specifies the response time for a client with bandwidth reservation ᅳ ᅳ ᅳ ᅳ add MAC Max_BW E D Creating a critical client ᅳ ᅳ ᅳ ᅳ edit Index Max_BW E D Changes the setting of a client ᅳ ᅳ ᅳ ᅳ delete Index Deletes a critical client ᅳ ᅳ ᅳ ᅳ clearall Deletes all critical clients ᅳ ᅳ ᅳ ᅳ info Displays information on iQos ᅳ ᅳ ᅳ ᅳ ...

Page 213: ...current classification and the volume of sent and received data The shaper interval SI is also is displayed for each client The shaper interval is the minimum spacing between two packets of a client set by iQoS For NCS clients the SI is selected so that their bandwidth is twice the size of the current bandwidth See also iQoS menu command in access point mode only Page 153 iQoS menu command Page 16...

Page 214: ...d Device related connection monitoring With the commands in this menu you set the properties of device related connection monitoring CLI IFEATURES LINKCHECK Comment Command Description IWLAN PB LINK W744 W746 W747 W78x W78x RR linkchk E D Enable disable device related connection monitoring ᅳ ᅳ ᅳ ᅳ add MAC timeout Adds a new MAC address for connection monitoring and specifies the monitoring time No...

Page 215: ... redundancy function ᅳ ᅳ ᅳ ᅳ wep E D Enables disables encryption ᅳ ᅳ ᅳ ᅳ mac1 MAC address Specifies the device that will be operated redundantly along with the first wireless adapter ᅳ ᅳ ᅳ ᅳ mac2 MAC address Specifies the device that will be operated redundantly along with the second wireless adapter ᅳ ᅳ ᅳ ᅳ name system name Instead of the MAC addresses you can also specify the sysName of the devi...

Page 216: ...r this IP address ᅳ ᅳ ᅳ ᅳ edit Index IP addr port E D timeout Modifies enables or disables the entry specified by the index or IP address ᅳ ᅳ ᅳ ᅳ delete Index IP addr Deletes the node to be monitored ᅳ ᅳ ᅳ ᅳ clearall Deletes all entries for connection monitoring ᅳ ᅳ ᅳ ᅳ The fault state remains active until all the fault messages have been acknowledged The fault state and the Fault LED are cleared ...

Page 217: ... ᅳ ᅳ SIGNAL Open the signal recorder menu ᅳ ᅳ spanning Displays information on spanning tree ᅳ ᅳ ᅳ ᅳ See also Information menu command Page 157 5 7 8 2 CLI INFORM LOG menu command System events and information on the protocols The pages of this menu display tables contain information on system events and on the behavior of the protocols IP TCP UDP and ICMP SNMP CLI INFORM LOG Comment Command Descr...

Page 218: ...47 W78x W78x RR Displays the authentication entries By specifying a parameter the display can be limited to specific information 0 All 1 Good 2 All Errors 3 802 11 Errors 4 ACL Errors 5 RADIUS Errors request denied password rejected etc 6 802 1x Errors timeout no response from RADIUS or WPA server 7 Deauthenticated Errors show 0 8 8 Deassociated errors clear Deletes all entries See also Auth Log m...

Page 219: ... according to MAC addresses or signal strength ᅳ ᅳ scanww Displays all access points regardless of the country code ᅳ vap Displays all configured SSIDs VAPs ᅳ ᅳ ᅳ ᅳ overlap Shows the access points on the set or adjacent channels ᅳ ᅳ ᅳ ᅳ over_age 1 7200 Changes the aging interval in minutes for the list of neighboring access points If an AP is inactive for longer than the time set here it is remove...

Page 220: ...in the client mode recstop Stops signal recording prematurely This command is only available in the client mode dispstart interval Displays the current signal strength cyclically on the CLI The interval can be between 100 and 10000 milliseconds This command is only available in the client mode dispstop Stars cyclic output of the signal strength This command is only available in client mode exit Cl...

Page 221: ...s with the same parameter settings because you do not need to set parameters for each client manually Note To avoid duplicating IP addresses the IP parameters are not changed but are retained when you use the PRESET PLUG If the PRESET PLUG is inserted the WLAN interface of the device is deactivated WLAN operation with a PRESET PLUG insert it is not possible 5 8 2 Creating a Configuration with a ne...

Page 222: ...above shows an example of the possible selections for a SCALANCE W786 5 Click on the Modify button to transfer the configuration of the device to the PRESET PLUG 6 Turn the device off and remove the PRESET PLUG 5 8 3 Changing a PRESET PLUG that already contains configuration data Procedure Follow the steps below to change the configuration data on a PRESET PLUG 1 Insert the PRESET PLUG in the C PL...

Page 223: ...dure Note To work correctly the PRESET PLUG must have a content that matches the target device Follow the steps below to put a device into operation with the configuration data on a PRESET PLUG 1 Insert the PRESET PLUG in the C PLUG slot of the device to which you want to assign a configuration 2 Turn on the power to the device The LEDs P1 and R1 and Rx on a SCALANCE W 700 with more than one wirel...

Page 224: ......

Page 225: ...n 3 Hold down the button until the red fault LED F starts to flash after approximately 2 seconds 4 Now release the button The bootloader waits in this state for a new firmware file that you can download by FTP 5 Connect a PC to the SCALANCE W 700 over the Ethernet interface 6 Assign an IP address to the SCALANCE W 700 with the Primary Setup Tool 7 Open a DOS box and change to the directory where t...

Page 226: ...ttings NOTICE When you reset the device parameters all previously changed settings are lost 1 Turn off the power to the device 2 Now press the Reset button and reconnect the power to the device while holding down the button 3 Hold down the button until the red fault LED F stops flashing after approximately 10 seconds and is permanently lit 4 Now release the button and wait until the fault LED F go...

Page 227: ...ector SCALANCE W786 3PRO with three wireless interfaces and in the variants with six external antenna connectors and with RJ 45 or with FO connector Data transfer Ethernet transfer rate 10 100 Mbps Wireless transmission rate 1 54 Mbps 108 Mbps Wireless standards supported 802 11a 802 11b 802 11g 802 11h Power supply standards supported 802 3af Power over Ethernet Interfaces Power 48 V DC supply vi...

Page 228: ...9 W 12 24 V DC adapter 15 W Power consumption depending on power supply 110 230 V AC adapter 15 W Construction Dimensions W x H x D 251 mm x 251 mm x 72 mm Without power supply adapter 2241 g With power supply adapter 12 24 V DC 2428 g Weight version with three IWLAN ports With power supply adapter 110 230 V AC 2433 g Permitted ambient conditions Operating temperature 40 C to 70 C Transport storag...

Page 229: ...1 1 RJ 45 2 6GK5786 1AA60 2AA0 6GK5786 1AA60 2AB0 1 W786 1PRO 1 1 ST duplex multimode FO cable 1 diversity 2 6GK5786 1BB60 2AA0 6GK5786 1BB60 2AB0 1 W786 1PRO 1 1 ST duplex multimode FO cable 2 6GK5786 1AB60 2AA0 6GK5786 1AB60 2AB0 1 W786 2PRO 2 1 RJ 45 2 diversity 2 6GK5786 2BA60 2AA0 6GK5786 2BA60 2AB0 1 W786 2PRO 2 1 RJ 45 4 6GK5786 2AA60 2AA0 6GK5786 2AA60 2AB0 1 W786 2PRO 2 1 ST duplex multim...

Page 230: ...WLAN ports Number and type of Ethernet ports Number of internal antennas Number of R SMA sockets for external antennas Order No W786 3PRO 3 1 ST duplex multimode FO cable 6 6GK5786 3AB60 2AA0 6GK5786 3AB60 2AB0 1 1 US variant 2 There are two internal antennas per WLAN port The antenna used is always the one that provides the best possible data transmission diversity ...

Page 231: ...ccess points and clients Name OID Description Number of objects snDownload 1 3 6 1 4 1 4196 1 1 4 100 1 5 Download information and control variables for image configuration file events table 17 snNvLog 1 3 6 1 4 1 4196 1 1 4 100 1 6 Log for events 8 snTrapInfo 1 3 6 1 4 1 4196 1 1 4 100 1 7 Information on traps 6 snGen 1 3 6 1 4 1 4196 1 1 4 100 1 8 General information not conforming with MIB 2 23...

Page 232: ...dPowerLine The power line where the last power down occurred 1 M12 2 Ethernet Power This is generated if there is a power down on M12 or the Ethernet power connector snScalanceWPowerLineU p 32 snScalanceWChangedPowerLine The power line where the last power up occurred 1 M12 2 Ethernet Power This is generated if there is a power up on M12 or the Ethernet power connector snScalanceWFault 41 snScalan...

Page 233: ... for example when the connection of wireless interface A aborts Traps available only for access points Name Specific index Variables Description snScalanceWOverlapAP 101 snScalanceWOverlapAPValue Description of the last OverlapAP trap Is generated when an access point is detected on the device s own or an overlapping wireless channel snScalanceWiPCFPNIO maxSTAs 111 snScalanceWPNIOValue Description...

Page 234: ... dB 2 3 dB 4 6 dB As can be seen in the example halving a value reduces the decibel value by 3 dB This remains true regardless of the selected reference variable because only the ratio counts Which reference variable is used can be recognized by the additional letters or numbers following the dimension dB In acoustics for example the threshold of audibility is the reference variable for a value in...

Page 235: ... power in dBm The information in the following tables applies to the following SIMATIC NET products Access Point SCALANCE W786 1PRO Access Point SCALANCE W786 2PRO Access Point SCALANCE W786 3PRO Table A 1 Transmit power in IEEE 802 11b mode 2 4 GHz Data rate Mbps P0 dBm 1 20 2 20 5 5 20 11 20 Table A 2 Transmit power in IEEE 802 11g mode 2 4 GHz Data rate Mbps P0 dBm 6 20 9 20 12 20 18 20 24 20 3...

Page 236: ...owing formula arc αrc l arcLongitudinal attenuation of the cable in dB αrcAttenuation coefficient in dB m as specified in the technical specifications of the cable RCoax Cable 0 17 dB m at 2 4 GHz connecting cable 0 55 dB m at 2 4 GHz l Total length of the cable in m Losses due to coupling loss Coupling loss cd includes the losses at the transition from the cable to the surrounding space The coupl...

Page 237: ... 0 125 m d Distance between cable and antenna in m For a frequency of 2 4 GHz you can also calculate with the following equation in which you must specify the distance d in meters cd 2 4 GHz c95 46 dB 20 log 100 d For a SIEMENS SIMATIC NET IWLAN RCoax Cable PE 1 2 2 4 GHz c95 69 dB at 2 4 GHz for example this results in the following coupling losses Distance Coupling loss 1 m 63 dB 2 m 69 dB 5 m 7...

Page 238: ...LANCE W786 3PRO Table A 4 Receiver sensitivity in IEEE 802 11b mode 2 4 GHz Data rate Mbps Pe dBm 1 97 2 93 5 5 92 11 88 Table A 5 Receiver sensitivity in IEEE 802 11g mode 2 4 GHz Data rate Mbps Pe dBm 6 91 9 90 12 89 18 87 24 84 36 80 48 76 54 74 Table A 6 Receiver sensitivity in IEEE 802 11a h mode 5 GHz Data rate Mbps Pe dBm 6 91 9 90 12 90 18 88 24 85 36 82 48 76 54 72 72 76 96 71 108 68 Turb...

Page 239: ...wer fed to a receiver This power must be higher than the receiver sensitivity The calculation can be made with the following formula Pe P0 arc cd aps GANT Δrc Δfr Pe min PeReceiver input power in dBm P0Transmit power in dBm arcLongitudinal attenuation of the RCoax cable and the feeder in dB cdCoupling loss for the distance between RCoax cable and communication partner apsPower splitter losses in d...

Page 240: ......

Page 241: ...ndividual devices point to point AES Advanced Encryption Standard Encryption according to the Rijndael algorithm ARP Address Resolution Protocol The ARP protocol is used for address resolution Its task is to find the corresponding network hardware address MAC address for a given protocol address An ARP protocol implementation is often found on hosts on which the Internet protocol family is used IP...

Page 242: ... on the channel is stopped and the device changes to a free channel This is intended to avoid influence by WLAN systems operating according to 802 11a in the 5 GHz band DHCP Dynamic Host Configuration Protocol ESS Extended Service Set ESS is a link between two or more cells of a WLAN BSS Basic Service Set and a larger mobile wireless network Firewall One or more devices that allow or prevent data ...

Page 243: ...transmission rates of up to 54 Mbps IEEE 802 11h The IEEE 802 11a standard expanded by TPC and DFS IEEE 802 11i Among other things the standard describes the WPA2 method the TKIP procedure and the AES encryption algorithm IEEE 802 11i removes a series of weak points in the WEP security mechanism IEEE 802 1x The heart of the standard is the use of a Radius server as the authentication server In add...

Page 244: ...in each case 0 255 Byte 4 Possible value 1 254 0 must not be assigned 255 is the broadcast address D Byte 1 possible value 224 239 multicast addresses Byte 2 to byte 4 Possible value in each case 0 255 0 0 0 must not be assigned There are several multicast addresses with a special meaning for example 224 0 0 1 All systems of the subnet 224 0 0 2 All routers of the subnet iPCF The industrial Point ...

Page 245: ...vices at the request of a client Services Services provided by a communication protocol SINEMA E The planning simulation and configuration software SINEMA E is used to plan and configure IWLAN applications It can be used to visualize IWLAN networks for example according to coverage data transfer rate signal noise ratio and overlapping taking into account environmental and device characteristics SN...

Page 246: ...the communicating stations or between access point and station WBM Web Based Management HTTP based configuration method in which an HTTP server is used in the relevant device WDS Wireless Distribution System Radio links for connecting the access points for an extended service set ESS WEP Wired Eqivalence Privacy is an optional part of the IEEE 802 11 standard WEP specifies methods of authenticatio...

Page 247: ...P Temporal Key Integrity Protocol and AES Advanced Encryption Standard Although WPA was never officially part of the IEEE 802 11 standards family it has become very widespread in a very short time This however applies only to the WPA procedure described above using TKIP The optional possible implementation of WPA on the basis of AES on the other hand did not become established and is therefore irr...

Page 248: ......

Page 249: ...ation 173 CostCost 143 C PLUG 26 108 D DHCP server 100 E Earthing 46 E mail 103 Encryption 124 F FAULT 185 Fault State 106 Forward Delay 142 H Hello time 142 Help function 97 HTTPS 69 I IEEE 802 11 20 IEEE 802 11a 20 IEEE 802 11b 20 IEEE 802 11g 20 120 IP address 72 IP TCP IP ICMP SNMP 166 iPCF Wizard 70 L Learning Table 139 LED simulation 98 Lightning protection 45 Link Check 154 Load Save 106 Lo...

Page 250: ...sh 97 Reset Statistics 97 RFC RFC 1518 65 RFC 1519 65 Root bridge 61 RTS CTS 116 118 S Safety extra low voltage 46 Save Device data 106 Security settings 85 Security Wizard 70 Set Values 97 SNTP 106 184 Spanning Tree 140 Spanning tree port parameters 142 SSID 86 Standalone configuration 13 Storm threshold 146 Subnet mask 65 T Transmit power 115 TTL 100 W WDS 131 Web Based Management 68 Wireless ac...

Reviews:

No comments

Related manuals for SCALANCE W786-xPRO

Ubiquiti PBE-5AC-400-ISO-EU Quick Start Manual preview
PBE-5AC-400-ISO-EU
Brand: Ubiquiti Pages: 24
PROception PROAPW300 Instructions Manual preview
PROAPW300
Brand: PROception Pages: 13
Ubiquiti PBE-M5-300-US Quick Start Manual preview
PBE-M5-300-US
Brand: Ubiquiti Pages: 13
Buffalo Tech Nfiniti AirStation WZR-AGL300NH Quick Setup Manual preview
Nfiniti AirStation WZR-AGL300NH
Brand: Buffalo Tech Pages: 24
Buffalo Nfiniti WHR-HP-GN User Manual preview
Nfiniti WHR-HP-GN
Brand: Buffalo Pages: 43
ICP DAS USA WF-2015 User Manual preview
WF-2015
Brand: ICP DAS USA Pages: 61
3onedata IAP3600S-225-2GT-PDP12 48 Quick Installation Manual preview
IAP3600S-225-2GT-PDP12 48
Brand: 3onedata Pages: 4
Hisense MW604 User Manual preview
MW604
Brand: Hisense Pages: 5
LG ARND20BDAR2 Installation And Operation Manual preview
ARND20BDAR2
Brand: LG Pages: 56
LG LCB-003 Manual preview
LCB-003
Brand: LG Pages: 10
LG PWFMDD201 User Manual preview
PWFMDD201
Brand: LG Pages: 20
LG LCWB-001 User Manual preview
LCWB-001
Brand: LG Pages: 14
LG GoldStream LR3001 System Manual preview
GoldStream LR3001
Brand: LG Pages: 89
LG CR820 User Manual preview
CR820
Brand: LG Pages: 104
LG FM300 Service Manual preview
FM300
Brand: LG Pages: 128
LG WN8122E1 Manual preview
WN8122E1
Brand: LG Pages: 11
LG LG-D686 Quick Reference Manual preview
LG-D686
Brand: LG Pages: 365
Askey EAI2001S Quick Installation Manual preview
EAI2001S
Brand: Askey Pages: 17

Brands by name

Popular brands

Load more brands