manualshive.com logo in svg

Siemens SCALANCE W788-1PRO, Operating Instructions Manual

The Siemens SCALANCE W788-1PRO is a cutting-edge networking device that enhances connectivity and communication in industrial environments. Ensure a seamless setup and optimal performance by referring to the comprehensive Operating Instructions Manual. Download this manual for free at manualshive.com, providing step-by-step guidance and troubleshooting assistance.

Share
Download
background image

Configuration Using Web Based Management and the Command Line Interface 

C79000-G8976-C184-07 

167

 

RADIUS A

tion type" selection list to specify a method for external 

ication. As default, the "Auto" value is selected so that the client provides a 

. Any other selection restricts the 

is step may be necessary because 

DIUS servers do not evaluate the response of the client completely or 

re available: 

LS 

E

xtensible 

A

uthentication 

P

rotocol - 

T

unnel 

T

ransport 

L

ayer 

fter setting up the TLS tunnel,  MS-CHAPv2 is used for internal 

dditional

s for WPA-PSK and WPA2-PSK 

 

up 

Suppress 

rotect the 

SCALANCE W78x from unauthorized access. 

 

 

Note 

Since no encryption is used for the SSID transfer, this function can only provide 
basic protection against unauthorized access. The use of an authentication method 
(for example WPA (RADIUS) or WPA-PSK if this is not possible) provides higher 
security. 
You must also expect that certain end devices may have problems with access to a 
hidden SSID. 

uthentication Method  (only for W788 in client mode) 

If a client is authenticated over an external RADIUS server, you can use the 
"RADIUS authentica
authent
RADIUS server with all supported methods
support by the client to this one method. Th
some RA
correctly.  

The following options a

 EAP 

TLS 

E

xtensible 

A

uthentication 

P

rotocol - 

T

ransport 

L

ayer 

S

ecurity

Uses certificates for authentication 

 EAP 

TT

S

ecurity. A

authentication. 

 PEAP  

P

rotected 

E

xtensible 

A

uthentication 

P

rotocol. Alternative draft 

protocol of IETF for EAP-TTLS 

A

 Entrie

To use the WPA-PSK scheme, you must enter a string in the 

Pass Phrase

 box tha

is used by the SCALANCE W78x to initialize dynamic key generation. In the 

Gro

Key Update Interval

 box, you specify the time after which a new key is generated. 

SSID broadcasting 

With the Suppress SSID broadcasting setting, the SCALANCE W78x is only ever 
accessible to clients that know its SSID. This method can be used to p

Operating Instructions SCALANCE W78x 

Summary of Contents for SCALANCE W788-1PRO

Page 1: ...ntents Basic Information on Wireless LAN Communication 1 Description of the SCALANCE W78x 2 Commissioning 3 Configuring the IP Address with the Primary Setup Tool 4 Configuration Using the Wizards of Web Based Management 5 Configuration Using Web Based Management and the Command Line Interface 6 Technical Specifications 7 Approvals Appendix Glossary Index C79000 G8976 C184 07 Release 10 2006 ...

Page 2: ...ut warning triangle indicates that damage to property can result if proper precautions are not taken Notice indicates that an undesirable result or status can occur if the relevant notice is ignored Note highlights important information on the product using the product or part of the documentation that is of particular importance and that will be of benefit to the user r damages All rights includi...

Page 3: ...their work e g Training in or authorization for connecting up grounding or labeling circuits and devices or systems in accordance with current standards in safety technology Training in or authorization for the maintenance and use of suitable safety equipment in accordance with current standards in safety technology First aid qualification Correct Usage of Hardware Products Please note the followi...

Page 4: ...wing warning Caution Prior to startup you must observe the instructions in the relevant documentation For ordering data of the documentation please refer to the catalogs or contact your local SIEMENS representative Operating Instructions SCALANCE W78x 4 C79000 G8976 C184 07 ...

Page 5: ...of the product is used These operating instructions apply to the following software versions SCALANCE W78x firmware as of Version 3 1 Primary Setup Tool as of Version 3 1 Purpose of the Operating Instructions These operating instructions are intended to provide you with the information you require to install commission and operate the SCALANCE W78x correctly It explains how to configure the SCALAN...

Page 6: ...o a wireless network System Manual Wireless LAN Basics This includes not only the description of the physical basics and an outline of the most important IEEE standards but also information on data security and a description of industrial uses of wireless LAN You should read this manual if you want to set up WLAN networks with a more complex structure not only connections between two devices Syste...

Page 7: ...formation required to use the CP 7515 Manual CP 1515 The comprehensive user documentation for the CP 1515 communications processor with all the information required to operate this device The CP 1515 is inserted in a PC card slot Type II and allows attachment of the PC PG to a wireless network Operating Instructions SCALANCE W78x 7 C79000 G8976 C184 07 ...

Page 8: ...t scientific literature there is no new scientific evidence regarding proven adverse effects on health that causes any doubt regarding the scientific evaluation on which the protection concept of the ICNIRP or the European Council recommendation The SSK also concludes that below the current limit values these is also no scientific suspicion of health risks This assessment agrees with those of othe...

Page 9: ...g with the PRESET PLUG 44 4 Configuring the IP Address with the Primary Setup Tool 47 4 1 Introduction 47 4 2 Installation of the DLC Protocol in Windows XP Professional 49 4 3 Installation of the DLC Protocol in Windows 2000 Professional SP2 50 4 4 Installing the Primary Setup Tool 51 4 5 Working with the Primary Setup Tool 52 4 5 1 Primary Setup Tool via the Command Line 56 5 Configuration Using...

Page 10: ... Coordination Function Settings 93 5 6 2 Security Settings for WLAN 96 5 6 3 Public Security Key for WLAN 97 5 6 4 Finish 98 6 Configuration Using Web Based Management and the Command Line Interface 99 6 1 General Information on Web Based Management and the Command Line Interface 99 6 1 1 Introduction 99 6 1 2 The LED Simulation of Web Based Management 100 6 1 3 Working with Web Based Management 1...

Page 11: ...old Menu Command 202 6 5 7 NAT Menu Command 203 6 5 8 IP Mapping Table Menu Command 208 6 6 The Filters Menu 210 6 6 1 MAC Filter Menu Command 210 6 6 2 MAC Dir Filter Menu Command 211 6 6 3 Protocol Filter Menu Command 212 6 7 The I Features Menu 213 6 7 1 iQoS Menu Command 213 6 7 2 iPCF Menu Command 215 6 7 3 Forced Roaming on IP Down 219 6 7 4 Link Check Menu Command 220 6 7 5 Redundancy Menu ...

Page 12: ...les of the SCALANCE W78x 257 Designing and Calculating Wireless Systems Based on the Example of RCoax 261 Calculating in Decibels 261 Power Specifications 262 Losses Based on the Example of a 2 4 GHz RCoax Cable 264 Receiver Sensitivity 266 System Calculation Based on the Example of RCoax 267 Glossary 269 Index 273 ...

Page 13: ...red Ethernet Within its transmission range the SCALANCE W78x forwards data from one WLAN node to another The wireless network has a unique name All the devices exchanging data within this network must be configured with this name Figure 1 1 Standalone Configuration of a SCALANCE W78x The gray area indicates the wireless transmission range of the SCALANCE W78x Operating Instructions SCALANCE W78x 1...

Page 14: ...h 3 in Figure 1 2 without involving a SCALANCE W78x with each other connection 4 The nodes access common resources files or even devices for example a printer of the server This is of course only possible when the nodes are within the wireless range of the server or within each other s range A 1 2 3 4 Figure 1 2 Ad Hoc Network without SCALANCE W78x C79000 G8976 C184 07 ...

Page 15: ...CALANCE W78x the wireless connection is maintained this is called roaming Wireless Access to a Wired E If one or more SCALANCE W78x access points have access to wired Ethernet the following applications are possible A single SCALANCE W78x as gateway A wireless W78x Span of wireless coverage for the wireless network with several SCALANCE W78x access points The SCALANCE W78x acc must also be configu...

Page 16: ...th the same network name Multichannel Configuration If neighboring SCALANCE W78x access points use the same frequency cha the response times are longer due to the collisions that occur If the configuration shown in Figure 1 4 is implemented as a single channel system computers A a B cannot communicate at the same time with the SCALANCE W78x access po in their ce If neighboring SCALANCE W78x access...

Page 17: ...S allows direct connections between SCALANCE W78x devices and or between SCALANCE W78x and other WDS compliant devices These are use create a wireless backbone or to connect an individual SCALANCE W78x to a network that cannot be connected directly to the cable infrastructure Two alternative configurations are possible 1 1 1 1 A B Figure 1 5 Implementation of WDS with four SCALANCE W78x Access Poi...

Page 18: ... to its location but nevertheless has high demands in terms of availability an partner can be configured both using its name and its MAC address 2xx devices W788 2PRO or W788 wireless backbone that cannot be Two alternative configurations are possible The RWl A B Figu x re 1 6 Implementation of RWlan with two SCALANCE W788 2x As an alternative data transfer is possible over one of the two wireless...

Page 19: ...access point end always has only the MAC address of the WLAN interface of the client If the MAC address of a device conn both the MAC based and the IP based frames find their destination in precisely thi device Other node checks whether the destination MAC matches the MAC addresses of the connected clients Since a client can only adopt one MAC address the acc Maximum possible number of MA As long ...

Page 20: ...t e L2T client ber of MAC nodes downstream from the client 8 1 2 2 IP based Communication IP Mapping o sev With IP mapping the client maintains a table with s to Maximum possible number of IP nodes downstream from the client 8 Maximum possible number of MAC nodes downstream from the the client to the appro In much the same way as with WDS a separate port is created for th over which the Ethernet f...

Page 21: ...ignment you have received is complete If it is not complete please contact your supplier or your local Siemens office Requirements for Installation and Operation A PG PC with a network attachment must be available to configure the SCALANCE W78x If no DHCP server is available a PC on which the Primary Setup Tool PST is installed is necessary for the initial assignment of an IP address to the SCALAN...

Page 22: ...net interface and a wireless LAN rface SCALANCE W788 2PRO and SCALANCE W7 interfaces This makes the device suitable for the following applications The SCALANCE W78x forwards data within its transmission range from node to another without a connection to wired Ethernet being necessary The SCALANCE W78x can be used as a gateway from a wired to a wireless network ne The SCALANCE W78x can be used as a...

Page 23: ... 11h standard In 802 11h mode the procedures Transmit r Control TPC a Dynamic Freq cy Selectio DFS the range 5 25 5 35 and 5 47 5 75 GHz This means that in som the frequency sub band 5 47 5 725 GHz can also be used outdo er transmit power C is a method of co ling the transmit power tha redu urrently required level With dynamic fre ency selec n DF point searches for primary users for example radar ...

Page 24: ...e SCALANCE W78x Type No of WLAN interfaces No of supported IP nodes 3 No of supported MAC nodes 3 iPCF mode 1 Order no 1 2 1 several 1 several W788 1PRO 6GK5788 1ST00 2AA6 6GK5788 1ST00 2AB6 2 W788 2PRO 6GK5788 2ST00 2AA6 6GK5788 2ST00 2AB6 2 W788 1RR 88 6GK5788 1SR00 2AB6 2 6GK57 1SR00 2AA6 W788 2RR 6GK5788 2SR00 2AA6 2SR00 2AB6 2 6GK5788 1 The iPCF rovides an ut and minimum handover times 2 US v...

Page 25: ...the sides of the device LED Display On the front of the housing g status of the SCALANCE W ANCE W s the following ports hybrid conne d 4 pin po r on the front panel of the housing cons r socket The RJ 45 connector support An M12 connector a nal power supply 18 3 r R SMA plugs on the SCALANCE W788 2 2 V DC R for the atta several LEDs provide information on the operatin 78x P 1 R 1 L 1 L 2 R 2 F P 1...

Page 26: ...g quickly Access Point With 802 11h Mode the channel is scanned for one minute for ess due to the setting o Find Adopt MAC and is connected to no access point primary users before the channel can be used for data traffic Client Mode The client waits for the adopt MAC addr Aut Yellow flashing PRESET PLUG detected Green Clie 3x fast flashing nt Mode MAC address due to the setting nd is connected to ...

Page 27: ...nction completed successfully L1 Green Power supply over the M12 connector X2 F ation with the SCALANCE W78x Red An error occurred during oper Not If th it is ac t ready for operation interface not initialized Th SCAL iting time of up to 15 minutes can occur when the ambient temperature is below zero The device is ready for operation at the spe green e e LED for the WLAN interface is not green whe...

Page 28: ...ice sta Replacing the C PLUG Follow the steps below to replace a C PLUG in a SCALANCE W78x 1 Turn off the power to the device 2 Remove the old SCALANCE W78x from its mounting and open the sealing screw on the rear with a coin or broad screwdriver 3 Remove the C PLUG 4 Open the sealing screw of the new device in the same way and insert the C PLUG of the old device 5 Replace the sealing screws of bo...

Page 29: ...he device power down during the normal firmware update 1 Turn off the powe hold 3 Hold down the button until the red fault LED F starts to flash after approximately 2 seconds 4 Now release the button The bootloader waits in this state for a new firmware file that you can download by FTP 6 Connect a PC to the SCALANCE W78x over the Ethernet interface 7 Then enter the co FTP client The new firmware ...

Page 30: ...rating Instructions SCALANCE W78x 30 Adopting the configuration data from the PRESET PLUG evice restarts with a valid PRESET PLUG by pressing the button C79000 G8976 C184 07 If the d briefly the configuration data is adopted by the device ...

Page 31: ...VDE 0182 o A suitable lightning conductor is available in the range of accessories of SI NET Industrial WLAN Lightning Protector LP798 1 MATIC PRO order no 6GK5798 1LP00 0AA6 Warning Installing this lightning protector between an antenna and a SCALANCE W788 is not adequate protection against a lightning strike The LP798 1PRO lightening protector only works within the framework of a comprehensive l...

Page 32: ...ge limits 25 V AC or 60 V DC Power supply by a SELV power source according to IEC 60950 or PELV power source according to VDE 0100 410 without limited power is also permitted if suitable fire protection measures are taken by Installation in a cabinet or suitable enclosure Installation is a suitably equipped closed room b both m Exceptions Power supply with PE Grounding Caution There must be no pot...

Page 33: ...ect sunlight with a suitable ade This avoids unwanted heating of the device and prevents premature ageing the device and ca that it is installed so that it is protected from UV and that the device is not to ain installed under a roof The minimum distance to fluorescent lamps should be 0 5 m For cabinet Note installation we recommend that you do not install relays on the same or on directly neighbo...

Page 34: ...th on the right hand side and B connect SIMATIC NET offers the IWLAN FRNC antenna extension cable for the connection between the SCALANCE W78x and detached antenna To avoid violating the approvals only antennas released for this product can be used Note T a pair of antennas for the first and se m ANCE W78x yo can also use the M12 plug for the pow sides of the SCALANCE W788 2PRO and na cable positi...

Page 35: ...18 32 V DC is over M12 connectors Cable Selection and Interference Exposure A decisive factor in the selection of a e to which the current lines between the dular outlet are subjected Due to the separ interference has less effect on the dat standard cable or TP flexible cable nd Ethernet rder no 6XV1870 2J tely shielded This cable is particularly nnector order no 6XV1870 2E order no 6XV1870 cable ...

Page 36: ...asher adapted universal sealing ring and the housing over the cable jacket Remove the following lengths of ble jacket and shield braid ds s m ca 25 mm for the power lea 30 mm jacket for the data lead shorten the braid by 11 m Cut off the filler at the height of the cable jacket Arrange the data leads according to the color codes on the splice hows element The following table s the assignment of th...

Page 37: ...socket reference 3 6 1 2 Insert the all the data leads at the same time into the splice element is far as they will go Cl se the splice element o and RJ 45 data module until they lock together Insert the data module and the splice element into the supplied IDC assembly tool Press the data module and the IDC assembly tool together to establish the installation piercing connection C79000 G8976 C184 ...

Page 38: ...lower shield plate and press it and the upper shield plate together until they lock together with an audible click Arrange the power leads and insert them as far as they will go into the hinge elements of the isolation body The following table shows the assignment of the power leads Wire color code standard Brown Brown Black Black 24 V 24 V Ground Ground Power supply insert module 1 2 3 4 C79000 G...

Page 39: ...h the integrated IDC contact Recommendation Use a small slotted screwdriver max 3 5 mm as a lever Push the housing over the assembled data module and the ulator body until they lock together there should be an audible click ins Tighten the cable gland We recommend an open ring key with a size of 21 mm C79000 G8976 C184 07 ...

Page 40: ...over the cable jacket Remove the following lengths of cable jacket and shield braid 25 mm for the power leads 30 mm for the data leads To achieve good shielding the shield braid must be alt least 30 mm long Arrange the data leads according to the color codes on the splice element The following table shows the assignment of the data leads Wind the shield braid around the data leads As a result the ...

Page 41: ...ens IE FC RJ 45 socket reference 3 6 1 2 White wire of the particular pair Insert the all the data leads at the same time into the splice element is far as they will go Close the splice element and RJ 45 data module until they lock together Insert the data module and the splice element into the supplied IDC assembly tool Press the data module and the IDC assembly tool together to establish the ins...

Page 42: ... press it and the upper shield plate together until they lock together with an audible click Arrange the power leads and insert them as far as they will go into the hinge elements of the isolation body The following table shows the assignment of the power leads Wire color code standard White Blue Blue White brown Brown 24 V 24 V Ground Ground Power supply insert module 1 2 3 4 White wire of the pa...

Page 43: ... contact Reco slotted screwdriver max 3 5 mm as a lever Push the housing over the led data module and the insulator body until they lock together there should be an audible click assemb Tighten the cable gland We ith a recommend an open ring key w size of 21 mm 3 4 Pinout of the M12 Connector 3 X2 Socket PIN 1 24 V DC PIN 2 PIN 3 Ground PIN 4 C79000 G8976 C184 07 ...

Page 44: ...guration such as access points EC configuration to any numbe es Note If the PRESET PLUG is inserted the W WLAN operation with a PRESET PLUG n V1 1 Please use a version V2 4 AP or older If you in on Note With a version V3 0 AP or older it is not possible to create a PRESET PLUG for the IWLAN PB Link versio update the IWLAN PB Link to firmware V1 2 the configuration is available aga a PRESET PLUG cr...

Page 45: ...or box specify the device for which you want to create the PRESET PLUG Note A PRESET PLUG for configuring a SCALANCE W78x in Access Point mode must be created with a SCALANCE W78x because a SCALANCE W74x does not have all the configuration settings required for the W78x 5 Click on the Modify button to transfer the configuration of the device to the PRESET PLUG 6 Turn the device off and remove the ...

Page 46: ...G list box s RESET PLUG entry In the PRESET PLUG for box specify the device for which you the PRESET PLUG Click on the Modify button to transfer the configuration o 6 PRESET PLUG to commission a de Note device 1 Insert the PRESET PLUG in the C PLUG slot of the device to which you wan to assign a configuration t CE W7xx with two wireless interfaces flash yellow to signal that the PRESET PLUG was de...

Page 47: ...ool 4 ion tup Tool on CD and the Internet Primary Setup T The Primary Setup Tool is also available from Siemens Aut Note On the CD and on the Internet you will find the latest version of the Primary Setup Tool at the time of release of this document Version 3 1 Make sure that you use the version V3 1 or higher for the SCALANCE W78x Operating Systems Supported The Primary Setup Tool can be installe...

Page 48: ...following steps before you can use the DLC protocol Note vers C79000 G8976 C184 07 DLC Protocol module throug Windows XP Professional The DLC protocol is not supplied with Windows XP and must be installed and activated separately Windows 2000 Professional SP2 The DLC protocol is supplied with Windows 2000 but must be added to the active protocols The sections on installing the DLC protocol are rel...

Page 49: ...t to use 3 Click on the Next button in the first dialog 4 In the next dialog select the folder in which you want to install the program C79000 G8976 C184 07 4 2 Installation of the DLC Protocol in Win The files for installing the DLC protocol are in the self extracting ZIP archive pst_install exe Fo the program using t 2 In the dialog box of the extraction program select the folder into which you ...

Page 50: ...0 G8976 C184 07 Follow the steps below to install the DLC protocol on your computer 1 Select the menu command Start S Dial Up Connections 2 Select the connection to your Ethernet communications module Right click to open the context menu and select Prop 4 Click on the Install button in the General tab In the Select Network Component Type dialog select the entry Protocol an click the Add button In ...

Page 51: ...etup Tool steps below to install the Primary Setup Tool on your compute Double click on the file name setup exe in the Windo program using the Windows menu command Start Run e Choose Setup Language dialog box select the language in which you t to run the installation 4 The dialog box for selecting the installat button if you want to accept the default C Program Files Siemens P Setup Tool If you wa...

Page 52: ... PST you must first locate the w Select the Network Browse menu command e F5 key ne C79000 G8976 C184 07 4 5 Working with the Prim he Language st rting the Primary Setup Tool a dialog opens in which you s age for the program You can also set the language in the Settings uage menu configurable devices in the network Start this search with the steps outlined belo Press th Click on the magnifier icon...

Page 53: ...plays information on the selected device in the right hand pane Follow the steps below to configure a device 1 Click on the plus symbol in front of the device symbol or doub device symbol to display all interfaces of the device 2 Click on the interface you want to configu progra check boxe on the select text boxes ys disabled be disabled The MAC address bo ss is a property of the device tha i D an...

Page 54: ...bnet as the device to be configured Downloading Configuration Data to the Module r the configuration data to the device data is from the left in the toolbar rt of en 0 the address separated by the periods you can enter and 255 the program does not accept any other num Enter the subnet mask in the Follow the steps below to transfe 1 Select the module you want to configure in the left pane of the pr...

Page 55: ... include Web Based Management Select the device you want to configure with Web Based Management and follow the step If the Module Start INC Browser and the module icon are disabled there is no Web Based Management for the selected module Removing a Module You can remove a module from the list in the left hand pane of the program window by selecting the Module Remove Module menu command Using this ...

Page 56: ...he MAC address of the module to be configured DHCP Specifies that the IP address is obtained from a DHCP server client ID nique identifier for the device If this parameter is not specified the AC address as the ID Optional A u Primary Setup Tool uses the M RESET Sets the IP address to 0 0 0 0 IP add ss The ne be con re w IP address of the module to figured subnet mask The new subnet mask of the mo...

Page 57: ...NCE W78x and the client computer In principle it is possible to use Web Based Management over a wireless network however the SCALANCE W78x can be set so that access over a wireless network is disabled We recommend that you use the Microsoft Internet Explorer Version 5 5 or higher or Mozilla Firefox Version 1 5 or higher All the pages of Web Based Management require JavaScript Make sure that your b...

Page 58: ...nt Operating Instructions SCALANCE W78x 58 er ce of C79000 G8976 C184 07 Note The screenshots in this section were created using the Microsoft Internet Explor version 6 0 If you use a different browser for example Mozilla the appearan the menus may differ ...

Page 59: ...t is displayed 5 2 Starting Web Bas Procedure 2 In the User Name list box select the Admin entry if you want to change settings of the SCALANCE W78x read and write access If you select the User entry you only have read access to the configuration data of the SCALANCE W78x 3 Enter your password If you have not yet set a password the default passwords as shipped apply Enter admin if you selected adm...

Page 60: ...Alert is displayed and asks you whether you want to continue the action Confirm with YES The Login dialog of Web Based Management opens C79000 G8976 C184 07 nnection over HTTPS n Web Based Management also allows you to connect to the device over the secure connection of the HTTPS protocol Enter https in the address field of the Internet browser and the IP address o SCALANC ...

Page 61: ...supports you when setting security related parameters A further wizard is available in client mode to configure the iPCF mechanism industrial Point Coordination Function Wizard Status After selecting the Wizards menu on the left hand side of the dialog the status of the wizards is displayed If you have worked through a wizard completely Done is displayed as the status If you have worked through al...

Page 62: ...rating Instructions SCALANCE W78x 62 Some pages of the Wizards have a different content in access point mode and case there is a separate description for the alternatives C79000 G8976 C184 07 Note client mode In this You can specify the mode in the System menu ...

Page 63: ...information for IP configuration of the SCALANCE W78x 5 4 Basic Wizard Settings n Specified I devices The IP address can be set as a fixed permanent address or can be obtained dynamically from a DHCP Specified IP Address if you do not use a DHCP server IP Address P Address DHCP Server Option buttons There are two methods of assigning IP addresses to server Select input box The IP address of the SC...

Page 64: ...a communication partner must therefore start with 192 168 147 The bit pattern of 0 is 0000 0000 This means that the bit pattern of the last part of the IP address of the partner device does not need to match the address of the SCALANCE W78x at any point in other words it can be any number C79000 G8976 C184 07 Subnet Mask input box ca The four numbers of an IP address separated by periods are inter...

Page 65: ...ode but means more to the user than the IP address System Nam In this box you enter the device name for your SCALANCE W78x This parameter a e text box corresponds to the sysName SNMP parameter The device name can be up to maximum of 255 characters long If you also want to use this parameter for WDS or redundancy the maximum length is 32 characters C79000 G8976 C184 07 ...

Page 66: ...tions for maximum output power also differ from country to country pecify which local regula param n countries have different frequency band When you configure the SCALANCE W78x you must s tions are relevant for your location You do this with the Country code eter Country code list box In this list box you select the country in which the SCALANCE W78x will be operated You do not need to know the d...

Page 67: ...l characters except the percent character for the SSID To ensure compatibility with partner devices you should however not use any characters that are peculiar to a particular language for example special German characters ä ö etc The string for SSID can be a maximum of 32 characters long Wireless Mode list box Select a wireless mode that is supported by all partner devices On the SCALANCE W788 2P...

Page 68: ... Client mode there is also the check box Connect to ANY SSID The ot settings correspond to those of the access point mode Connect to ANY SSID Check Box When this check box is selected the client connects to the access point that allows the best possible data transfer and to which a connection is permitted based on the security settings C79000 G8976 C184 07 ...

Page 69: ...t is required Clients with this setting cannot connect to standard Wi Fi devices and SCALANCE W access points with firmware V3 0 or older Note The layer 2 tunneling setting is available only with the following model variants SCALANCE W78x in client mode SCALANCE W746 1PRO SCALANCE W747 1RR C79000 G8976 C184 07 5 4 6 Adopt MAC Ad the MAC Address A MAC address must be specified for the device connec...

Page 70: ...r SCALANCE W744 1PRO The SCALANCE W74x uses the MAC address of the Ethernet interface for the WLAN interface AN interface The network is also informed of the MAC addresses connected downstream from the SCALANCE W746 1PRO or SCALANCE W747 RR MAC mode list box He fo Auto find Adopt MAC The SCALANCE W78x client automatically adopts t Set Adopt MAC manually You enter the M Layer 2 Tunneling not for SC...

Page 71: ... do not want layer 2 communication to be handled over the SCALANCE W78x client but only send higher IP based frames to one or more connected devices you can also leave the default setting Adopt Own Mac In this mode the client registers with the MAC address of its Ethernet adapter The IP packets are broken down according to an internal table and forwarded to the connected devices The Adopt MAC box ...

Page 72: ...aced channels or two different frequency bands must be selected Use of WDS In this case select a problem free channel that is also used by the WDS partner 5 4 7 Channel Settings on communication You can either set this channel specifically or configure the SCALANCE W78x so that the channel is selected automatically A sp Communication suffers from interference from another device for example microw...

Page 73: ...ox and on the If your SCALANCE W78x has a second wireless adapter SCALANCE W788 e is C79000 G8976 C184 07 Radio Channel list box this list if the Auto Ch box depend on the pr mode IEEE 802 11a IEEE 802 11b IEEE 802 11g IEEE 802 11h Note 2PRO SCALANCE W788 2RR this adapter is deactivated when the devic shipped You can use the second wireless adapter after you have selected the channels Notice When ...

Page 74: ...ies for the basic configuration The setting Adopt MAC Address and the note on the iPCF Wizard is displayed only in client mode If you use a SCALANCE W788 1RR or SCALANCE W788 2RR in client mo want to operate it in a iPCF network you can enter the nec Finish button Click this button to close the Basic Wizard and to log on again with the modified IP address Alternatively click on the Security Wizard...

Page 75: ...owever C79000 G8976 C184 07 5 5 Security Wizard With the Security Wizard you can specify security related parameters without detailed knowledge of security technology in wireless networks The SCALANCE W78x can be parameters Depending on the an increased risk of unauthorized access You should therefore work through all the pages of the Security Wizard so that you have at least basic security functi...

Page 76: ...r the admin user is admin You can use the wizards only if you log on as administrator 5 Password First set a new admin password Enter the string twice in the text boxes of th page The password can be up to a maximum of 31 characters long Until you set a password the defaults set in the factory apply The default C79000 G8976 C184 07 ...

Page 77: ... 2 Security Settings for Ma Configuration In this page you specify the protocols with which you can access the configuration e SCALANCE W78x All protocols with a selected check box can be used for figuration You shoul The protocol settings only take effect after exiting the Security Wizard and arting Even after selecting the Web Based Management entry you still have option of returning to earlier ...

Page 78: ...ommunity strings are defined for read and write permissions More complex and more secure authentications are possible only in some SNMPv2 variants and in SNMPv3 To preserve security you should not use the default values public or private 5 5 3 Security Settings for SNMP Protocol Write Community String text box Here you enter the write community string maximum of 63 characters for the SNMP protocol...

Page 79: ...ettin elect set ply reg ss of protocol specific c measures for securing a network against unauthorized acce ly c ose ame SSID of AP e CE W78 clud lien ca ireless c rom the wired part of the netw C79000 G8976 C184 07 On this page yo make the securi settings incl for example the SCALANC 8 2PRO NCE W788 re the 2RR models the cond wireless se page pter You co for Settings h t pag f the securi restrict...

Page 80: ...nflicts with sett spe Suppress SSID broadcasting check box An entry in this check box means that the SSID is not visible for other device As a result only stations for which the same network name was configured as for the SCALANCE W78x can connect to the SCALANCE W78x characters if you use the red ings for a specific locale on the computer the name should not include any cial German characters ö ä...

Page 81: ...ed with differ Example 2 A SCALANCE W788 1xx is used with multiple SSIDs Note E W788 2xx the Inter SSID communication function must be WLAN interfaces or on all VAPs to allow communication between On a SCALANC enabled on both the clients with different SSIDs Note If VLANs are configured for the SSIDs this setting can prevent communication ing to the VLAN rules between the SSIDs accord Intracell Co...

Page 82: ...unication C79000 G8976 C184 07 Settings Inter SSID mmunication Intracell Communication within an SSID with another SSID to the Ethernet network co Enabled Disabled x x x Enabled Intracell blocking x x Enabled Ethernet x x blocking Disabled Disabled x x Disabled Intracell blocking x Disabled Ethernet blocking x ...

Page 83: ...NCE W78x 83 5 5 5 Security Settings for WLAN Page 2 Predefined Security Levels Authentication and encryption are tried and tested methods for increasing security in networks Web Based Management provides five predefined security levels that specify suitable methods C79000 G8976 C184 07 ...

Page 84: ...enabled TKIP AES Server Authentication Authentication basically means that some form of identification is required Authentication therefore protects the network from unwanted access In the Security Level box you can choose between the following types of authentication None Open System There is no authentication Encryption with a fixed unchanging key can be selected as an option Based are the key l...

Page 85: ...ses the additional encryption protocol CCMP that allows fast roaming in mobile ad hoc networks with its preauthentication A client can log on in advance and several access points so that the normal authentication can be omitted A RADIUS server is used to authenticate the client with an access point The client logs on at a RADIUS server based on a certificate EAP TLS or a combination of user name a...

Page 86: ...he encryption key source indicates whether the key is configured locally and fixed local or whether it is negotiated by a higher protocol and an authentication server server Security Level for WLAN list box Select a security level that is supported by all clients The content of the next page depends on the selected security level If you select the security level None there is no following page sin...

Page 87: ...ly as hexadecimal digits 0 F If the key was entered in ASCII format this is later displayed in quotes Length list box Select the key length you want to use here If the length of the string in the Key text box is longer or shorter than the selected key length an error message is layed The following key lengths are possible 40 bits WEP 5 ASCII characters or 10 hexadecimal numbers 128 bits AES 16 ASC...

Page 88: ...US Se In addition to the IP address and the port you must also specify a password maximum 128 characters and confirm it in a second box In the Maximum Retransmissions text box you enter the maximum number of transmission attempts The maximum possible value is 5 the default is 2 Enter the period of validity of the a minute enter 60 the maximum tim hour 3 600 seconds rver Table You can enter the dat...

Page 89: ... name text box enter the user name with which you want to register over the RADIUS server Dot1x user password text box Here enter the password for the above user name The client logs on with the RADIUS server using this combination when a logon with a certificate was not possible Password confirmation text box Confirm the password here Here C79000 G8976 C184 07 ...

Page 90: ...78x and is entered by the user at both ends Pass phrase confirmation text box Here you confirm the entered WPA2 key or exactly 64 hexadecimal characters long plex for example consisting of random lowercase have few repetitions and special characters t or if sec Note The key can be 8 to 63 ASCII characters It should be selected so that is com numbers letters upper Do not use known names words or te...

Page 91: ...s Were Made cted Settings ettings If you want to change a setting you can click on the Back button to return to a previous page re you can enter a different value or make a different selection In client mode page contains less information 5 5 10 Settings for the Security Level The option Overview of the Sele This page contains an overview of the selected security s whe this C79000 G8976 C184 07 ...

Page 92: ...en the relevant pages by clicking on the texts highlighted in blue IP Filter opens the Security Access page Access Control List for WLAN 1 WLAN 2 opens the Security ACL page for wireless adapter 1 or 2 This link is available only in access point mode To apply changes perform restart opens the System Restart page Finish button Click the Finish button to exit the Wizard Your settings only take effec...

Page 93: ...pages for specifying security settings If you use iPCF you do not therefore need to work through the Security Wizard 5 6 1 i Point Coordination Function Settings Channel Selection and Transmit Power make the setting is necessary for iPCF The main advantage of is that you can improve roaming times and reduce the interference affecting other systems or segments On this page you suitable settings Ope...

Page 94: ...he visibility of the radio link If necessary select the required reduction in transmit power here A reduction of transmit power may also necessary to avoid interfering with other cells because a reduced transmit power means a reduction in the span of the cell Antenna Mode list box This list box specifies the use of the antennas If Diversity is set the SCALANCE W78x uses the only antenna that allow...

Page 95: ...f Web Based Management C79000 G8976 C184 07 95 Note If only one antenna is connected the connected antenna must be set permanently cond antenna socket must also have a 50 Ω terminator fitted The se Operating Instructions SCALANCE W78x ...

Page 96: ...CF On this page you specify the security level for the client iPCF is a proprietary standard time consuming mechanisms and they are therefore not available with iPCF Security le None no encryption An open system without encryption Med encryption Static keys are used This is the recommended setting and you should use a 128 bit AES key vel list box Select the security level you require for your wire...

Page 97: ...g for the key here The key can be en characters or alternatively as hexadecimal digits 0 F If the key was entered in ASCII format this is lat Length list box Select the key length you want to use here If the length of the string in the Key text box is longer than the selected key length an error message is displayed The following key lengths are possible 40 bits 5 ASCII characters or 10 hexadecima...

Page 98: ...setting the maximum key length is also 128 bits 5 6 4 Fi Exiting the 104 bits 13 ASCII ch nish Wizard The last page of the iPCF Wizard shows you all the settings you have made so that you can make a final check Finish butt Click the Finish button to exit the iPCF Wizard Your settings only take effect after you have restarted System Restart menu on Operating Instructions SCALANCE W78x ...

Page 99: ...his chapter describes both configuration methods together because the menu structure of Web Based Management is the same as the structure of the CLI commands Note You should only use the command line interface if you are an experienced user Even commands that bring about fundamental changes to the configuration are normally executed without a prompt for confirmation figuration Using Web Based mman...

Page 100: ...ng To be able to use the info thorough knowledge of n e LED Simulation of Web Based Management he Operating State he SCALANCE W78x has one or more LEDs that provide information on the rating state of the device see Chapter 2 Depending on its location direct ess to the SCALANCE W78x may not always be possible Web the Simulation There is an HTML based simulation of the LED status Click on the green ...

Page 101: ...b Based Management in a separate browser window Updating the Display with Refresh h butt request up to date Saving Entries Pages in which you can make configuration settings have a Set Value button at the the Creating E Pag this Resetting a Co Wit levant counters 6 Web Based Management pages that display current parameters have a Refres on at the lower edge of the page Click this button to informa...

Page 102: ...e table on a gray ackground The table lists only the commands themselves m and Line Interface CLI LI in a Windows Console ow the steps outlined below to start the Command Line Interface in a Windo sole Open a Windows console and type in the command telne address of the SCALANCE W78x 2 Enter your login and password As an alternat a e CLI in Web Based Management Click on the Console entry in the u s...

Page 103: ...LI commands generally have one or more parameters that a syntax description as follows Mandatory parame Example IP address Optional parameters are shown in square brackets Example E D If you omit an optional parameter the commands output the currently set value ernative input va y the pipe character In this arameter mandatory par en 0 and 255 CLI Command Description Comment Moves you one menu leve...

Page 104: ...ly in acce IP address of the default router DHCP flag System name System location System contact Device mode Country code User and Admin IDs Changing to the HiPath Access Point mode is described in section below The Current system time output box informs you about the system time The System up time output box informs you about the time that has elapsed since the last restart 6 Locale Setting On th...

Page 105: ...COUNTRY MO PWR EIRP USAGE The table lists the p odes and channels along with the corresponding chan e country setting The PWR EIRP rubric c limit values for the transmit power measured at the ant transmit power of the access point and the antenn ed Note In the version for USA Canada you cannot select a country The frequency bands for these countries are already preset DE CH MHz ermitted wireless m...

Page 106: ... the follow W788 2 situation ens WLAN The SCALA commu system o the HiPath Access Point mode the S is no lon the HiPa h the WBM or the Comma less Controller of the communication ce but by stem Notice ss Point mode the access point is returned to its configuration is lost If your access point was already configured and you want to use the configuration save it before you change over as described in ...

Page 107: ...guration computer with the access point in the Web browser and open Web Based Management WBM to the System Information page with W788 2RR System see Sections 5 1 and Fehler Verweisquelle konnte nicht gefunden werden 4 In the Device Mode list select HiPath Access Point and confirm this with Set Values During configuration make sure that the SCALANCE W78x is assigned an IP address suitable for the H...

Page 108: ...page Interfaces WLAN must not be set to Adopt own MAC see Section 6 3 2 WLAN lient module can only be reached over Note Operating SCALANCE W client mo HiPath access point or SCALANCE W access point in HiPath Access Point mode involves the following The IP configuration of the WLAN client module WBM page System IP Settings must not be set on to DHCP server It may be necessary to reserve a range of ...

Page 109: ...o LED Color LED meaning Color Yellow green P1 Ethernet port ernet Green L2 power supply Eth 5 GHz Green Green R1 2 4 GHz Green Green R2 Middle Yellow Yellow R1 R2 Green L1 power supply M12 Middle Red Red F fault For the arrangement of the LEDs on the device refer to Figure 2 1 The LEDs of the SCALANCE W78x For information on the other steps in configuration refer to the manual HiPath Wireless Cont...

Page 110: ... a W is operated outdoors make sure that the device is not exposed to rain i under a roof and is not exposed to direct sunlight installed with UV protecti You will find more detailed information on HiPath Wireless at http www siemens com hipath Syntax of the Command Line Interface CLI SYSTE Comma scription Comment M nd De apmode E This specifies the mode for the SCALANCE W78x E Access Point D Clie...

Page 111: ...r IE IN IS Iceland IT Italy JP Japan J3 KR KW LI LU NL NO Norway PO Poland PT Portugal RU Russia SE Sweden SG Singapore TR Turkey US United States of America ZA South Africa This command is not available in the version for USA Canada AR AT AU BE BR BG CA The country codes com however the SCALANC R HK HU IE J3 KR KW O PO PT RU only the codes listed in the left hand column AR Argentina AT Austria BG...

Page 112: ...CMP frames Telnet only IP For connection test to partner c count and s stop to password a password dmin user Specifies a password for access to the SCALANCE W78x Maximum of 31 characters 6 2 2 IP Configuration Here you decide whether you will use a DHCP server or whether you want to You can also set the IP address of a router and the default TTL The TTL time to live parameter specifies passed thro...

Page 113: ...ess C Client ID identified N Device name clientid Specifies a client ID for the device ip IP addre P is automatically disabled ss Specifies the IP address for the SCALANCE W78x When you enter a valid IP address enabled DHC subnet subnet mask Specifies the subnet mask gateway IP address Specifies the IP address of the router ttl TTL value Sets the TTL Time To Live parameter Default value 64 Operati...

Page 114: ... W78x is poss If you only want to enable secure access over HTTPS whe ce select the HTTPS only check box If you want to enable the response of the device to Ping sig enabled check box tegrated SSH t to Telnet the entire comm ing user authentica ncrypted Notes on WEB Enabled in the WEB Interface he check box for the W selected and b Based Mana ger p ess with H If you want to deactivate the option o...

Page 115: ...ed if there is no further input e in s snmp E D Enable disable SNMP mail E D Enable disable E mail web E D Enable disable configuration of th SCALANCE W78x over Web Base e d Management https E D ring only over HTTPS Enable disable access for configu ping E D Enable disable response of the device to Ping psu E D Enable disable access to the SCALANCE W78x with the Primary Setup Tool If this access o...

Page 116: ...ring a restart the SCALANCE W78x is reinitialized the internal firmware is reloaded and the SCALANCE W78x runs a self test The entries that have been learned in the address table of the SCALANCE W78x are deleted You c window open while the SCALANCE W78x restarts R emory Defau Click this button to reset the configuration The following parameters protected Gateway address IP DHCP flag System name Sy...

Page 117: ...at he protected o reset The C PLUG is triggered he SCALANCE W78x can the Primary Setup Tool un ess the IP address is If you are logged on as user the Restore Factory Defaults button is not visible Syntax of the Command Line Interface CLI SYSTE Description Comment M RESTARTS Command restart Restarts the SCALANCE W78x The restart command can however not using the shortcut commands be called from all...

Page 118: ...n or an overlapping wireless channel Topology changes in Rapid Spanning Tree For the SCALANCE W788 1RR and SCALANCE W788 2RR models events in conjunction with iPCF Events in conjunction with the Forced Roaming on IP down function Change in the WDS connection status Link up Link down With the SCALANCE W788 2PRO and SCALANCE W788 2RR models there is also the status of a redundant connection redundan...

Page 119: ...d he SCALANCE W78x resta r CW and an entry is made in the erated the following comman log table but neither a t be entered CLI SYSTEM EVENT Command Description Comment setec CW E D E D E D E D Reactions when the SCALANCE W78x restarts setec LU E D E D E D E D Reaction to the Link Down event on the Ethernet interface If the error status was triggered only due to a link down event the error states i...

Page 120: ...hanges an event is triggered If the connection no longer exists the error state is triggered and the error ED is lit his command is not available in the client mode Reaction to a change in the connection status on a client for which the IP alive monitoring is activated If c L T setec LI E D E D E D E D connection monitored with the Link Check function his command is not available in the client mod...

Page 121: ...re you specify who the SCALANCE W which device is involved and sent the E mail If you do not make an entry in the From box the SC CLI SYSTE Command Description Comment M EMAIL mail E D Enable disable the E mail service email E ma es d il address Specifies the address es to which the SCALANCE W78x sense E mails Several E mail address can be entered separate by semicolons smtp IP ad port nu dress mb...

Page 122: ...3 you sho se Trap Submenu Here you enter the IP addresses of up to 10 trap receivers The SCALANCE W78x sends a trap to all the addresses you enter if their Enable trap check boxes are selected Note During a warm or cold restart with a wireless connection AP client WDS or WRED there is no guarantee that the recipient can be reached at the time when the trap is sent This leads to a loss of the messa...

Page 123: ...n with the DES3 algorithm the group you must enter the authentication password maximum of 63 characters Auth Priv Authentication with the MD5 or SHA algorithm To display the members of Users Submenu This page displays the SNMPv3 u create a new use the ton and specify oup to which the user will belong If necessary yo nter the passwords for the authentication and the encryption You can delete a user...

Page 124: ...l features SNMPv3 undertake effect after you disable SNMPv1 Enabling SNMPv3 does not automatically disable SNMPv1 snmpro E D Enables disables SNMPv1 v2c read only getcomm Read community string 3 characters Specifies the Read community string maximum length 6 The default is public setcomm Write community string Specifies the Write community string maximum length 63 characters The default is private...

Page 125: ...edit Index NOAUTH AUTH PRIV RE RD y level of the hts ws write access es write access You cannot edit the authentication and encryption settings unless the group is empty Preventing read access also prevents write access Permitting write access also permits read access Changes the securit group and sets the access rig WE WD You can view of the index of the group with the info command RE allows read...

Page 126: ...yption is necessary for the group the encryption password edit index group n NONE M authentica Encryption ID ame D5 SHA tion ID Changes the group assignment the authentication algorithm and the encryption password of the SNMPv3 user delete Index Deletes an SNMPv3 user from the list at the point identified by the index clearall Deletes all SNMPv3 users CLI SYSTEM SNMP TRAP Command Description Comme...

Page 127: ...ansferring short unencrypted text messages in the IP network This requires a standard Syslog server Syslog Configuration w sed for the Syslog protocol are displayed and set in the System slog Menu Command slog according to RFC 3164 is u ith the SCALANCE W The parameters u Syslog menu Operating Instructions SCALANCE W78x ...

Page 128: ...og table check box This check box decides de in the log table are also sent as ssages uth log ch also The meaning s follows yslog Server text ides the IP address to which the Sy entered in this g messages are the same network as the SCALAN ault gateway an automatic sh a connection over the def whether all entries ma Syslog me a eck box This check box decides whether all entries made in the authent...

Page 129: ...server IP th Admin rights address Specifies the IP address of the Syslog server Can only be changed wi logs D E Specifies whether the log entries are Can only be changed with also sent to the Syslog server Admin rights auths D log entries are also sent to the Syslog server ged with Admin rights E Specifies whether the authentication Can only be chan Operating Instructions SCALANCE W78x C79000 G897...

Page 130: ...r conve Syntax of the Command Line Interface nchronization in the Network is the acronym for Simple Network Time Protoc o provide a uniform time throughout the en ronize themselves wi ss of an SNTP server h SCALANCE W78x the SCALANC server The SCALANCE W78x adopt rsion regarding daylight saving or standard time CLI SYSTEM SNT escription Comment P Command D server IP address Specifies the IP addres...

Page 131: ...ult status the command should ipacknow Index All s messages have been acknowledged The fault he Fault LED error message The command is not visible in the client mode Displays or acknowledges clears the IP Alive messages requiring acknowledgment The fault state remain active until all the fault state and t are cleared if the only reason was an IP Alive linkack Index All ges requiring active until a...

Page 132: ...irmware of the SCALANCE W78x the client certificate only in client mode the server certificat For information on cert m Manual Basics of Industrial Wireless LAN Note When you download th LANCE W78x a restart is performed so that the n he restart takes place automatically during the loa The device can no longer be reached using the old I configuration data contains a new IP address ad Save Menu Com...

Page 133: ...me configuration and when IP addresses are obtained figuration data on a PC after you have configured a load this file to all other SCALANCE W78x devices you How to Lo r HTTP HTTPS data lternative you can also use a file selection dialog that opens after you click the Browse button clicking the Save button Start the load from file ction by clicking the Load button How to Load or Save Data over TFT...

Page 134: ...ient and or server are i the cl nt provides the optio with the ce pac configuration package With t replicated simply in other word red to the clients in one step Ju by a restart No sp CLI SYSTEM LOADSAVE Command Description Comment fwname file name Specifies the name of a file from which the firmware will be loaded or in which the firmware will be saved This name can be a maximum of 32 characters ...

Page 135: ...ave Saves the server certificate in a file In client mode only cltdel Deletes the client certificate In client mode only srvdel Deletes the server certificate In client mode only pkgsave Saves the Configuration Package in a file over a TFTP server In client mode only The functionality can be controlled over SNMP with the OID Note 1 3 6 1 4 1 4196 1 1 4 100 1 5 1 19 snDownloadEcmCfgPackageControl W...

Page 136: ...UG You also format the C PLUG or provide it with new content As soon as the device arted with a C PLUG inserted the SCALANCE W s configuration data on the C PLUG C G and displayed over the Web and CLI data in the memory of the device only becomes accessible when the device arts without a C PLUG using the Restart without C PL C PLUG State text box This displays the status of the C PLUG The followin...

Page 137: ...ed NOT No C PLUG is inserted in the device C PLUG Device Group text box Indicates the SIMATIC net product line that used the C PLUG in previous operation C PLUG Device Type text box previous operation Configuration Revision text box The version of the configuration structure This information relates to the configuration options supported by the device and has nothing to do with th concrete hardwar...

Page 138: ...e C PLUG with the original device configuration Load default Configuration to C PLUG and Restart A configuration with all the factory default values is stored on the C PLUG This is followed by a restart in which the SCALANCE W78x starts up with these default values Clean C PLUG Low Level Format Configuration lost Deletes all data on the C PLUG and starts a low level formatting function There is no...

Page 139: ... a message is ased Management C PLUG errors can have two causes or a different device type C PLUG in the SCALANCE ugh a C PL sent the last shutdown of th C PLUG Error Message If the SCALANCE W displayed by Web B The C PLUG contains bad data or data f There is no prior to W78x altho e device UG was pre Operating Instructions SCALANCE W78x ...

Page 140: ...ently MEMORY The restart is performed automatically G was n must be read from internal memory If a C PLUG is inserted the system or as attempts to read the configuration from it The bootfrom MEMORY command then has no effect which the configuration being read C PLUG or If the C PLU removed you must specify that the configuratio preplug dev Writes configuration data to a PRESET PLUG The index param...

Page 141: ...les Note VAPs are visible only after an AP count 0 6 3 1 Ethernet Menu Command Transmission Speed and Mode thernet connection When you select the entry Auto in the Speed Mode list box the SCALANCE W78x sets a suitable n the other network nodes and crosses over the ings on the partner device For a wired Ethernet interface you only to specify the transmission speed mode parameters and the crossing o...

Page 142: ... ethspeed A 10F 1 ic selection by the SCALANCE W788 100F 100 Mbps full duplex 100H 100 Mbps half duplex 10F 10 Mbps full duplex 100F 100H 0H Specifies the transmission speed and mode of the Ethernet interface A automat 10H 10 Mbps half duplex ethcross E D Manual selection of Ethernet interface crossover Possible only when ethspeed is not set to auto Operating Instructions SCALANCE W78x ...

Page 143: ...r this country code appears behind the Enable rior f signals from a primary user for example dar LAN Menu Command he Interface Enabling interface by selecting Enable Interface ame on E used t ure Ad Hoc only in client mode ion Mode cify the transmission mode in the Wireless Mode list box If you have used the ic Wizard a value is already entered here e IEEE 802 11h transmission only in Access Point...

Page 144: ...de it is not practical to select the WDS mode at the same time In WDS mode all SCALANCE W78x devices must use the same channel If a signal from a primary user is detected by an AP the channel is changed automatically and the existing connection is then terminated The SCALANCE W78x can be operated either in the i In indoor AP mode all the country dependen power settings are available for operation ...

Page 145: ...ted the client deregisters from the access the MAC address from the Ethernet fr Ethernet port the client deregisters from the access point and registers again wit its own MAC address If several You also have the option of specifying the MAC address of the connected devic manually To use this option select Set Adopt MAC manually an address of the device connected to the client in the Adopt MAC text...

Page 146: ...C184 07 146 Set Values configured virtual acce rtual AP count 0 point will be reque CALA CE W icking Set Values Set values Apply the configuration by clicking If you have ode you ss points Vi in access 78x after m cl sted to run a restart on the S N Operating Instructions SCALANCE W78x ...

Page 147: ...nters the channel numb alternative DFS cha Possible only in 802 transmission adopt MAC address e vailable only in the client ode MAC address of the devic connected to the client over Ethernet A m autoadopt E D OWN L2T MAC nnected to rnet The OWN parameter means that the client registers with the access point with its own Ethernet MAC address With this setting however only IP data traffic is possib...

Page 148: ...d only when vapno 1 VAP3 Open the VAP3 menu Displayed only when vapno 2 VAP4 vapno 3 Open the VAP4 menu Displayed only when VAP5 Open the VAP5 menu Displayed only when vapno 4 VAP6 Open the VAP6 menu Displayed only when vapno 5 VAP7 Open the VAP7 menu Displayed only when vapno 6 Operating Instructions SCALANCE W78x C79000 G8976 C184 07 ...

Page 149: ...or avoiding collisions based on the exchange of status information before sending the actual data Hidden node problem To minimize network load resulting from the additional protocol exchange this method is used only when a packet size that you select with the RTS CTS Threshold is exceeded g Transmission Characteristics On this page pecify details of the transmission meters on this pa haracteristic...

Page 150: ...l if the transmission quality is poor because larger packets are mo packets means a poorer th s There are two situations in which packets are repeated The hardware repetition performed by the WLAN chip itself when it tries to repeat an unacknowledged packe withdrawn a specified with the SW Retry number parameter Using Use SW Retry the software repetition mechanism can be e disabled Preamble with 8...

Page 151: ... in the ing the typ name ed you have the option the range from 0 throug the lo na connecting cable into account Antennas e Antenna Mode list s The Diversity settin the two antennas for the data transmission For e nas must be connected Both antennas sho th should also illuminate approximately the same space If an access point is operated with the diversity setting and the two this c effects With th...

Page 152: ...ode list box If you set Disable there is no scan for access points while the client is connected If you set Scan if Idle there is a scan for access points when no data transfer takes place for a certain time If you set Scan Always access points are scanned continuously The Background scan interval parameter specifies the interval at which further access points are scanned To optimize the scanning ...

Page 153: ...e this feature by selecting t face check box o nable WMM only in acc oint mode ia multimedia frames complying w d at a higher priority see Section option if you want frame ith the IEEE 8 3 2 WLAN User ed according to their zed over the WLAN interface tandard prioritized frames are cl Description WMM voice priority ls with low 7 6 Highest priority Allows multiple concurrent VoIP cal latency and tol...

Page 154: ...t mode points D Disabled I Scan if idle A Scan always bkscanint 200 60000 Interval at which the client scans for further access points Available only in the client mode bkchannel channels Selection of channels on which the for further access The channels are entered separated anks Available only in the client mode client scans points by bl bkchsel E D Enables disables sca further access points nni...

Page 155: ... which antennas are used A Only antenna A B Only antenna B SA Antenna A transmits Anten SB Antenna B transmits With the IWLAN PB Link with one antenna socket the default Antenna A must not be changed na B receives Antenna A receives D The best of both antennas diversity noise A L M H ter A Automatic L Low M Medium A strong noise filter allows a more stable connection but also a shorter transmissio...

Page 156: ...rk as client If the Connect to ANY SSID check box is selected the SCALANCE W78x in client mode attempts to connect to the network with the best transmission quality and with suitable security settings If the Suppress SSID broadcasting setting is made for an access point the SCALANCE W78x cannot log on there with the SSID If this check box is not selected the SCALANCE W78x attempts to connect to th...

Page 157: ...rties of The ban ifies data rates up to 11 Mbps 802 11g up to 54 Mbps The 802 11g standard also uses the OFDM pac Special Options for 802 11g Settings The man mod com nced G Submenu the 802 11g Standard IEEE 802 11g is upwards compatible with IEEE 802 11b both use the 2 4 GHz d In contrast to 802 11b that spec provides for data rates modulation scheme This technology divides a data packet into sev...

Page 158: ...OFDM modulation method is used This prevents 802 11b devices from registering If 802 11g Only mode is disabled both 802 11b devices and 802 11 g devices can register with the access point The access environment point can use the RTS CTS method With the 802 11g CTS Mode list box you specify the use of RTS CTS only in the access point mode 0 do not use RTS CTS 1 always use RTS CTS with 802 11g packe...

Page 159: ... 3 rate for 802 11g CTS frames 3 11 Mbps Specifies the data 0 1 Mbps 1 2 Mbps 2 5 5 Mbps ctstype 0 1 y 1 RTS CTS Specifies the method for avoiding 802 11g packet collisions 0 CTS onl sslot E D Enables disables short between data packets slot times only11g E D When this is enabled only the OFDM modulation technique is supported Available only in the access point mode overlap E D search for on overl...

Page 160: ...ameter specifies that a client must be capable of this data rate ble to connect to the access point 6 3 6 Data Rates Submenu Comm etting of the Transmission Rates F om the table 02 11b g a owing all available data rates for the current WLAN mode you can select any combination of these data rates The hen use only the selected tra ith the clients T to be a Figure 6 2 edit Screenshot Operating Instru...

Page 161: ... curre default s the default setting for the LAN mode Enable current W edit Rate E D E D e settings for the ata rate in Mbps The ameters indicate whether the uld be used or is defined as Rate Overview abled Basic Rate 1 X X 2 X X X 9 X 11 X Example edit 5 5 d d sables the data rate 5 5 Mbps The screenshot shows the default setting for the 802 11g mode Changes th specified d two par rate sho Basic ...

Page 162: ... N VAP1 7 The security settings of the VAPs must meet those of the relevant VLANs P Submenu Com escription You can only the pages of the virtual acce ts have ssign a separate SSID to th t operates in multiple SSID mode SID LAN here Make s client th o store the SSID of this VLAN this VLAN configuration of th Note You can rate securi Sec nu Security Basic WLAN WLA 1 2 x of the Command Line Interface...

Page 163: ...mand Line Interface CLI SECURITY Command Description Comment mgmteth E D It is only possible to configure the SCALANCE W78x over the wired Ethernet interface E or over all interfaces D 6 4 1 Basic Wireless Menu Command Authentication Authentication protects the network from unwanted access In the Authentication Type box you can choose between the following types of authentication Open System There...

Page 164: ...od US server based on nd password EAP SCHAPv2 As an WPA authe Pre Share works without a RADIUS serve s stored on every client and access oint and is used for uthentication and further encryption AES or TKIP can be used as a secure ethod Note The key can be 8 to 63 ASCII characters or exactly 64 aracters ng It should be se amp dom numbers letters up few repetition characters Do not rms at could be ...

Page 165: ...ropping and corruption You can only disable encryp selected Open Sys for authentication All other security methods include both authentication and encryption and access point and this is used for authentication and further encryption AES or TKIP is used as the encryption method AES represents the standard method WPA2 WPA2 Wi Fi Protected Access 2 is a further development of WPA and implements the ...

Page 166: ...ted Open System including encryption or Shared Key as the authentication you will need to define a key in the Keys menu see Section 6 4 2 keys based on the RC4 alg If you have selected WPA PSK or WPA RADIUS as the authentication the following alternatives are available in the Cipher box TKIP Temporal Key Integrity Protocol A symmetrical stream encryption method with the RC4 algorithm Ron s Code 4 ...

Page 167: ...ecurity You must also expect that certain end devices may have problems with access to a hidden SSID uthentication Method only for W788 in client mode If a client is authenticated over an external RADIUS server you can use the RADIUS authentica authent RADIUS server with all supported methods support by the client to this one method Th some RA correctly The following options a EAP TLS Extensible A...

Page 168: ...ommunication between the clients with different SSIDs be Note If VLANs are configured for the SSIDs this setting can prevent communication between the SSIDs according to the VLAN rules Intracell Communication list box Intracell blocking This setting prevents WLAN client communication within an SSID Ethernet blocking This setting prevents WLAN client communication over the Ethernet interface of the...

Page 169: ...uto PSK With the authentication types 7 WPA Auto and 8 WPA Auto PSK the encryption method of WPA and WPA2 or SK e the same Specifies the authen For the parameter n enter between 0 and 4 for the typ authentication 0 Open System 1 Shared Key 2 WPA RADIUS 3 WPA PSK 4 802 1x RADIUS 5 WPA2 WPA PSK WPA2 P must b encrypt E D Encryption enabled disabled cipher OFF AUTO WEP AES TKIP Specifies the encryptio...

Page 170: ...t bloc Ethernet Inter SSID ssidcom E SSIDs blocked communication D Enable Disable communication to other SSIDs Enable data traffic with other SSIDs permitted Enable data traffic with other username name Specifies the user name for the r In client mode only RADIUS serve password password Specifies the password for the RADIUS server In client mode only chkserver E D Enables disables authentication o...

Page 171: ...ion method Select the default WEP key Enter the WPA PSK password C79000 G8976 C184 07 171 Specify the Group Key Update Interval in WPA PSK here they apply all other security parameters are adopted from the Security WLAN1 or WLAN2 page Enable Suppress SSID broadcasting W Basic Operating Instructions SCALANCE W78x ...

Page 172: ... number between 0 and 4 for the type authentication 0 Open System types 7 WPA Auto WPA Auto PSK the encryption method of WPA and WPA2 or 3 4 5 WPA2 6 WPA2 PSK 7 WPA Auto 8 WPA Auto PSK encrypt E D Encryption enabled disabled cipher OFF WEP AES TKI AUTO P Specifies the encryption scheme defkey 1 2 3 4 Selects the default WEP key wpaphrase WPA password Enter the WPA PSK password The password can be ...

Page 173: ... 16 ASCII or 32 hexadecimal characters on the other key 128 bits You can also create keys for WDS Redundancy and ACL Private these are not supported by all clients for ACL Note When operating the CP 7515 note the followin S The A only allows a uniform key length If the Windows specific program Zero Config is used even the keys must be the same Syntax of the Command Line Interface CLI SECURITY KEYS...

Page 174: ... Note Since no encryption is used for MAC address transfer th higher security Enabling the ACL In Web Based Management there is a list box for the use of ACL e to either Enabled or ents entered in th g to the ACL entry Clients not entered in the ACL hav This setting can be used to deny access by certain Strict ts entered in th to the CL entry Clients not in the ACL hav Th setting can be used to cc...

Page 175: ... access to the access point Deny The client does not have access to the access point Default Key The client only has access to the access point when it uses the default key for encryption of the data To allow this you must specify a valid default key f SCALANCE W78x for exam the client Private Key With this setting you can use different keys create the private keys with the Keys menu command You c...

Page 176: ...ients is now restricted by the ACL list of the access point on the basis of a private key the private key must first be stored in the key list of the access point and the client to be restricted The next activity is to enter the MAC addresses of these wireless clients in the ACL list of the access point and to give it the private key If these wireless clients are intended to continue communication...

Page 177: ... P key Create a new MAC MAC A Allow Y Den K Defa P Priva Key Key nt mode entry in the ACL Only in access poi address of the client y ult Key te Key index for private key edit index E D A Y K P Key Change an e index Num E Enable D Disable A Allow Y Deny K Default Key P Private Key Key Key index for private key Only in access point xisting ACL entry ber of the ACL entry mode delete Index Delete an e...

Page 178: ...uthentication server Both the client and the a server must support the EAP protocol Extensive Authentication Protocol The S CLI SECUR Description Comment ITY RADIUS Command server IP a Specifies the IP address of the ddress primary RADIUS server server B IP backup RADIUS server address Specifies the IP address of the port port Specifies the port of the primary RADIUS server port B port Specifies t...

Page 179: ...t the IP address of the client can change if you use DHCP without reservation 6 4 5 Access rmissions for IP Addresses In this menu you s whether management access SNMP addresses Management access is possible only with the defined addresses Or M Syntax of the Command Line Interface CLI SECURITY ACCESS Command Description Comment access E D Enable disable access control list statmgmt A D It is possi...

Page 180: ... addresses are deleted if ging Time parameter on the start page of the Bridge en Syntax of the Command Line Interface 6 5 The Bridge Menu A bridge is a network component that connects two ne physical address of the network nodes MAC address The SCALANCE W78x provides bridge functionality because it handles data th ged Bridge Information reached over which port au matically when there i s You can d...

Page 181: ...This mode is possible h S Wireless Distributed System t Wit be reco sysName hese functions are then based on the MAC address that changed with the tion of VAPs with V3 0 In normal operation the SCALANCE W78x is used as an interface to a network SCALANCE W78x devices need to communicate with each wit WD No e h the firmware update to V3 0 the SCALANCE W78x xRR devices need to nfigured if you use WDS...

Page 182: ...situation smission mod n WDS mode all SCALANCE W78x devices must a signal from a primary us th terminated utomatically and the existing connection is the To enable the entry you mus check box Syntax of the Command Line Interfa t select the Sel ce CLI BRIDGE WDS WLAN1 or for the second wireless adapter if it exists CLI BRIDGE WDS WLAN2 nt Command Description Comme a Adds a either a sysNam param dis...

Page 183: ...Name is used to identify an entry within the current table Member Lis U for untagged member of a VLANs or if a port is not member of a V If an interface is member of a VLAN ID th frames arriving from Ethernet with this VLAN ID are accepted Outgoing frames however always have the port VLAN ID Click on VID or Name to open the configuration page for VLAN IDs With New yo create a new VLAN ID with Refr...

Page 184: ...Configuration Using Web Based Management and the Command Line Interface Operating Instructions SCALANCE W78x 184 C79000 G8976 C184 07 ...

Page 185: ...eleted when you exit this page Clicking on the field changes to depiction 2 Field can be edited If all editable boxes are displayed in this way and if the VID is not configured as port VID the VID is 2 dited Clicking on the field changes to depiction 1 Field can be e 3 Al entries for VLAN membership are being used Field cannot be edited 4 corresponds to the port VID Field cannot be edited VID 5 Co...

Page 186: ... priority of the Port VID irectly ass Mem membership assigned to the port Enabled rt can then be enabled disabled dire ens the VLAN S ctly Note If you use a Radius server for authentication this must the accessible over the management VLAN Among other things the management port also handles the functions HTTP HTTPS WBM Telnet SSH Ping DHCP TFTP SNMP SNTP and Syslog Note The IP and MAC based nodes ...

Page 187: ...access point over the WLAN1 VAP3 interface WLAN1 VAP3 is a member of the VLAN ID 33 that is assigned priority 6 ices connected downstream from the L2T client and the client itself are also members VLAN ID 33 with priority 6 Example An L2T clie For the L2T port this means that the dev Operating Instructions SCALANCE W78x ...

Page 188: ...AN All VID ing of the port as member of all configured VIDs Specif VIDs per port ngs enabled VLAN support can then be enabled disabled directly riority Prioritization of the data traffic over the port Untagged frames are this priority Membership s Automatic sett ic VIDs only Member of up to eight freely assignable configured Operating Instructions SCALANCE W78x ...

Page 189: ...oint mode of a W788xRR SCALANCE X400 of the network The priority rises with the ascending numbers Note The priority generally increases with t priority 0 that has a higher priority than priority classes 1 and 2 and has the sam priority as class 3 0 Best Effort BE 1 tical data traffic 2 Spare 3 lent Effort EE 4 Cont 5 Voice VI 100 ms latency and jitter video multimedia 6 Voice VO 10 ms latency and ...

Page 190: ...f the VLANs entered below VLAN ID VID of up to 8 VLANs in which the VAP will be a m nly in access point mode of a W788xRR you enter the VLAN ID VID of the VLAN on which the virtual access point mmunicate The individ ANCE X400 The VID of a VLAN is in the range from 1 to 4094 VLAN membership only in access point mode of a Here you specify the VLANs for which the virtual access point will be a member...

Page 191: ...correspond to those of the add command Examples edit 100 2 the V Changes the membership Port 2 no loner belongs to LAN with ID 100 delete VLAN ID Deletes the VLAN with the specified VLAN ID from the E configuration of the SCALANC W78x C ORTS Command Description LI BRIDGE VLAN P info Displays an overview of the po VLAN settings r and corresponding ts vlan Port E D e specified port Enables disables ...

Page 192: ...ed Ethernet interface or over the connected downstream from it operating in P Table Menu Command Assignment of MAC Address and IP Ad The ARP protocol address of a known IP add the interfac s can be rea mn indicat how operation o s obtained for example dyn as configured 5 5 Spanning T Command Note nu command is available only when you u SCALANCE System men e access point mode You can s cify the mod...

Page 193: ...therefore with rapid spanning tree alternatives for many parameters are preconfigured and certain properties of the network structure taken into account to reduce the reconfiguration time Definition of the Network Topolo Netwo Protocol Data Unit with each other to calculate the topology The root bridg selected and the network topology created using these frames Th the bridge that controls the span...

Page 194: ...use the rapid spanning tree algorithm If the check mark is not set all ports are automatically in the Forwarding status Version list box The version decides whether the Rapid Spanning Tree protocol RSTP is used or whether the device is operated in compatibility mode of the Spanning Tree protocol STP Bridge Priority text box The identification of the most efficient connection is always related to t...

Page 195: ...e propagation time of the frames The value for the bridge priority is a whole m Max Age is the time that a bridge waits for a configuration frame BPDU When this time has elapsed the bridge attempts to reconfig The default for this parameter is 20 seconds text box Each bridge regularly sends configuration frames B Forwar New configuration data is not used immediately by a bridge but only a period s...

Page 196: ...ng information Port Specifies the ports to which the information relates Wireless 1_2 for example relates to the virtual access point VAP2 on the first WLAN interface Priority With this parameter you specify the priority of the ports of a bridge If the path calculated by spanning tree is possible over several ports of a station the port with the highest priority in other words the lowest value for...

Page 197: ...th co The achievable transmission rate t r sts for Spanning Tree and R 100 Mbps 19 200 000 54 Mbps 33 370 370 48 Mbps 6 667 36 41 36 Mbps 43 555 556 24 Mbps 53 833 333 18 Mbps 58 1 111 111 12 Mbps 83 1 666 667 11 Mbps 90 1 818 182 10 Mbps 2 000 00 100 0 9 Mbps 2 222 222 111 6 Mbps 3 333 333 166 5 5 Mbps 181 3 636 364 2 Mbps 10 000 000 500 1 Mbps 20 000 000 1000 The values can ent individually The ...

Page 198: ...cause layer 2 tunneling clients onnected together over this port There are three possible statuses ForceFalse d Wireless 1_3 interface The settings for WL costs for STP of 100 path costs for RSTP of in other words there is an end device on this port These settings are adopted for the L2T port with one exception The Edge Port enabled setting is no and the ports downstream from the client can never ...

Page 199: ...rect connection is assumed With Auto a direct connection is not assumed Enabled Shows whether spanning tree is enabled or disabled for the port ion of a Port for Rap STP enabled check box Enable this check box if you want the port to use the rapid spanning tree protocol Priority text box Here enter a value between 0 and 255 for the port priority Admin Path Cost text box Here you can enter a value ...

Page 200: ...n of the network will be triggered by every link change Admin Point to Point Status check boxes Shared media Connectio This corresponds to the ent Point to Point Connection is selected This corresponds to the entry ForceTrue in the port table Point to Point Connection and Shared Media Connection are not selected This Note a WDS connection between two a Syntax of the Command Line Interface C PANNIN...

Page 201: ...hed to this port if a rapid spanning tree protocol is received the value F is displayed automatically ptpport po direct link between two stations In this case you have the following ort recognizes a PtP port based on the duplexity In full duplex a PtP link is assumed in half duplex no PtP link is assum dium T F en rt A T F The point to point link establishes a options A The p ed shared me Specifie...

Page 202: ...mthr E D bles the storm Enables disa threshold function broadcast limit value ber of Specifies the maximum num broadcast packets per second from the same address multicast limit value Specifies the maximum number multicast packets per second from the same address broad_eth limit value maximum number of Specifies the broadcast packets per second for the Ethernet interface multi_eth limit value Spec...

Page 203: ...ains a What is NA is n list of the NAT gateway and translated for the external s its own external source IP address in the header of these forwarded frames Since the forwarded frames have the same lobal source IP address the NAT gateway assigns the frames to the clients using nt port number With Network Address Tra re and an extern interna gateway translation list PT In Network Address Port Transl...

Page 204: ...e NAT NAPT is possible only on layer 3 of the ISO OSI reference model To use the NAT function the networks must use the IP protocol When using the ISO protocol that operates at layer 2 it is not possible to use NAT Operating Instructions SCALANCE W78x 204 C79000 G8976 C184 07 ...

Page 205: ...must be set a 32 entries can be set as NAT gateways per WLAN client ion Set the configuration following settings Enable NAT Click the check box Enable if you want to enable NAT Caution The change is adopted only after a restart N client local Ethernet network here if applicable Del his Sel Select the Select check box if you want to enable the current entries CP and UDP frames must have their param...

Page 206: ... Local Port Here you enter the number of the local port of the Ethernet device Note The following instructions apply only to the IP parameter assignment using the PS tool When the module is accessed with PST by a configuration computer the address assignment differs depending on the interface PST over the wireless interface The global address is changed The local address i Operating Instructions S...

Page 207: ... 255 2 mask value of the local subnet mask 55 255 0 CLI BRIDG Command Description Comment E NAT STATIC add type L IP type TCP or UDP G port global port G port L port Add the static NAT entry L IP local IP L port local port edit Index E D type G port L IP L port Edit the static NAT entry index index in table type TCP or UDP G port global port L IP local IP L port local port delete Index Deletes a s...

Page 208: ...ing cannot connect to standard Wi Fi devices and access points with firmware V3 0 or older For further information refer to Section 5 4 6 MAC Mode IP frames in the direction from the client to the access point always have the MAC address of the WLAN interface as the source MAC address As a result the ARP tables at the access point end always contain only the MAC address of the WLAN interface of th...

Page 209: ...ping mand display this table In principle any number of device is can ht be able to send Table menu com be reached downstream from a client using IP The client can manage up to eig devices When a new device is added the oldest entry is deleted from the table to make space is for the new entry Since the data throughput of a wireless connection cannot be increased indefinitely a maximum of the devic...

Page 210: ...mapping of a SCALANCE W78x in client mode only the MAC address assigned to this device is relevant the MAC addresses of the devices downstream from it on the Ethernet side are irrelevant for filtering Syntax of the Command Line Interfac CLI BRIDG Command Description Comment E MAC1FLT fltmac1 E D Enables disables the filter statmac1 F B If the value is set to F forwarding only packets with a source...

Page 211: ...tended for wirel ess point This filter is address ac other specified MAC addresses You can specify seve tries for one destination address hen restricted to these entries it is not subjected to any restr yntax of the Comm nterface CLI FILTERS MAC2FLT nd Comma Description Comment fltmac2 E D s the MAC filter Enables disable add SourceMAC DestMAC Adds a new entry with source and destination address t...

Page 212: ...eful to prevent communicatio protocols necessary you can add your own entries to this list You can specify he Command Line Interface CLI FILTER Description Comment S PROTO Command clearall Deletes all entries for the protocol filter statprot F B The selected protocols are forwarded not forwarded fltprot E D Enables disables the protocol filter add patter descript xadecimal is expected for the Patt...

Page 213: ...hey can be logged off from the AP to guarantee data traffic for iQoS clients Note To ensure problem free functioning of the iQoS mode the number of clients with bandwidth reservation is restricted to four ation e is technique with which clien assignment there is a high p Note If the user reserves data for critical clients this data rate also includes the frame header in other words 802 11 MAC IP T...

Page 214: ...mment iqos E D Enables disables iQOS functionality static E D e Enables disables the calculation of the minimum transmission rat response response time Specifies the response time for a client with bandwidth reservation 15 1000 ms default 50 ms add MAC Max_BW E D Creating a critical client edit index Max_BW Changes the setting of a client E D delete Index Deletes a critical client clearall Deletes...

Page 215: ...f under 100 milliseconds To meet these requirements the iPCF expansion industrial Point Coordination Function was developed iPCF is available with the following products SCALANCE W788 1RR and SCALANCE W788 2RR SCALANCE W747 1RR IWLAN PB Link iPCF ensures that the entire data traffic of a cell is ordered controlled by the access point By avoiding collisions the throughput can be optimized even with...

Page 216: ...ult from using iPCF The iPCF mechanism is a development of Siemens AG and the functions only with nodes on which iPCF is implemented With an access point with two WLAN interfaces it is however possible to set both iPCF and standard WLAN at the same time iPCF was optimized for the use of RCoax cable and the access point and achieves optimum performance only with this configuration reply the node se...

Page 217: ... system o fferent cha In this case update tim ms are supported Case c Your system operates with several cells and with more than 2 channels and the clients roam between cells In this case the PN IO update time should be set higher than 16 ms Notice We strongly advise that you check the local wireless characteristics prior to commissioning With the SCALAN PNIO if you select the PNIO support enabled...

Page 218: ...ts CLI IFEATU Command Description Comment RES IPCF WLAN2 ipcf E D Enables or disables iPCF mode pnio E D Enables or disables optimized PNIO support Only on SCALANCE W788 xRR models access point update tim Specifies th time for Only on 788 xRR models ccess point e e PNIO update cyclic PNIO data exchange This value must match the configured PNIO cycle time SCALANCE W a Operating Instructions SCALANC...

Page 219: ...ents roam and then connect to a different access point from which the server can be reached As soon as the first access point can reach the server again it re enables its WLAN interfaces Syntax of the Command Line Interface 6 7 3 Forced Roaming on IP Dow Functional Description Forced Roaming on IP the IP connection aborts in then disabled The IP connection con station T p CLI IFEATURES FORCED_ROAM...

Page 220: ...SCALANCE W78x attempts to send a test packet to the node The Link Check function provides device related connection monitoring for a maximum of ten wireless nodes logged on at the SCALANCE W7 whether the nod from the node or sent successfu Note With the Link Check function you can only monitor connections to WLAN clients use along with redundancy or WDS is not possible System Ev x reacts to a conn...

Page 221: ...ring and specifies the monitoring time No time is specified the default is 500 ms edit Index MAC E D timeout Modifies enables or disables an entry delete Index MAC Deletes the specified entry from the list clearall Deletes all entries for connection monitoring acknow Index all Displays or acknowledges clears the Link Check messages requiring acknowledgment The fault state remains active until all ...

Page 222: ...NCE W788 2x With the firmware update to These functions are then base introduction of VAPs with V3 0 Two SCALANCE W78x devices each with two wireless interfaces can be configured so that there is a redundant wireless connection The redundancy function causes an automatic failover to the second wireless interface is no data transfer is possible on the first wireless interface The user is informed o...

Page 223: ...undantly along with the first wireless adapter mac2 MAC address Specifies the device that will be operated redundantly along with the second wireless adapter name system name Instead of the MAC addresses you can also specify the sysName of the device wepkey1 key index Specifies the WEP key of the device that will be operated redundantly along with the first wireless adapter wepkey2 key index Speci...

Page 224: ...here System Event tus in t Not The IP Alive function is not available in iPCF mode 6 7 6 IP Alive Related Connection Monitoring wireless link useful to use IP Alive on IP connections when it is known that they are used d data cyclically W and a port If you do no traffic from a particular IP address simply enter 0 in Port This resets the nitoring with each frame from this IP address ontrast to the ...

Page 225: ... address edit index IP addr port E D timeout Modifies enables or disables the entry specified by the index or IP address delete Index IP addr Deletes the node to be monitored clearall Deletes all entries for connection monitoring acknow Index all Displays or acknowledges clears the IP Alive messages requiring acknowledgment The fault state remains active until all the fault messages have been ackn...

Page 226: ...he Protocols on the behavior of the protocols IP TCP UDP and ICMP SNMP he Display Most pages have the Refresh button at the bottom edge with which you can up the display The Client List menu command also allows you to update automatically To activate this select the Update check box he Command Line Interface CLI n Comment Command Descriptio info Displays information on the current This can be call...

Page 227: ...date are displayed Syntax of the Command Line I 6 8 1 Log Table Menu Command Logging System Events This page lists which even the System se pointer over a time value the s te nterface CLI INFORM LOG Command Description Comment events show clear Displays or deletes the log table addevent Text Adds an event to the log table eventmax Max count f log entries The default is 400 Sets the maximum number ...

Page 228: ... Command Line Interface CLI INFORM LOG Command Description Comment show 0 8 entication entries By specifying a parameter the an be limited to specific ors request denied password 7 Deauthenticated errors 8 Deassociated errors Displays the auth display c information 0 All 1 Good 2 All err 3 802 11 errors 4 ACL errors 5 RADIUS errors denied etc 6 802 1x errors timeout no response from RADIUS or WPA ...

Page 229: ...mmand Line Interface C79000 G8976 C184 07 229 6 8 3 Ve Current Ve 1 Hardware version 2 Order number MLFB 3 Boot software version 4 Firmware version 5 Ethernet MAC address rsions Menu Command rsions and Order Numbers Operating Instructions SCALANCE W78x ...

Page 230: ... higher the value the better the signal The user can choose between percentage and dBm Age Displays the time that has elapsed since the last client activity was detected Sec This indicates which encryption is active Channel The current channel over which the client communicates with the SCALANCE W78x State The current state of the clients Associated means that the client is logged on Clients All t...

Page 231: ...ax of the Command Line Interface CLI INFORM WLAN1 CLI INFORM WLAN2 Description Comment Command Station tions Displays information on the connected sta resetStats Resets the statistics that are displayed with the Station command Apinfo Displays information on the access point only in access point mode Scan Displays all the access points in the area Noise Shows disturbances on the individual channel...

Page 232: ...ion on the current settings of the WLAN E nds Traffic itted are displayed here Information on the Etherne This menu command provides information on the current settings of the Ethernet interface The current operating There are no CLI commands for this menu com 6 8 6 interface The current operating data is also displayed here With the SCALANC W788 2PRO and SCALANCE W788 2RR models there are two men...

Page 233: ...or sent frames Management frames Counts all received or sent management frames RTS frames Is incremented when a CTS frame is received in response to an RTS frame Rate Displays an average data rate of the most recently received or sent data frames Association Authentication Frames The frames relevant for registration are counted A distincti frames Disassociation and Deauthentication The signal stre...

Page 234: ...ived or sent data multicasts ed or sent data broadcasts Errors This page displays statistics of the transmission errors that have occurred A high ndica Data frame count Counts all receiv Data bytes count Unicast Multicast Broadcast Sum of all receiv error rate i tes a bad connection Receive Errors ACL discarded frames Displays all client registration attempts that were blocked by the Access Contro...

Page 235: ...RC error Sum of all packets received in which the checksum of the encrypted data buffer was incorrect Transmit Errors Transmission errors Is incremented when a frame cannot be sent successfully despite hardware retries Dropped frames Number of packages that were dropped either when the packet was not sent despite all retries or packets that had not been sent when a node deregistered Acknowledged e...

Page 236: ...s Signal hows the signal strength with which the other wireless devices are received at the AP The stronger the signal the greater the probability that they interfere with each other There is also the possibility that they interfere with each other even at low signal strengths Age Shows when the last activity was detected by the wireless device SSID Shows the SSID of the other wireless device ghpu...

Page 237: ...d from the list VLAN T tion on the configured virtual LANs with the following information on each virtual access po Port Name The configured port name Here y u points VAP the WDS connectio a ndancy VLAN if applicable VLAN The status of the relevant VLAN VLAN ID The configured VLAN ID ID The SSID of the relevant VLAN ual access point VAP as member of other VLANs er of all VLANs s member of only cer...

Page 238: ...ritical Regulated NCR These clients are also non critical clients whose communication is however currently being restricted by iQoS in favor of critical clients Non Critical Non Responsive NCNR Some clients that require no acknowledgment whatsoever for their communication for example UDP traffic cannot be regulated by iQoS These are classified as NCNR Syntax of the Command Line Interface idth Rese...

Page 239: ...of sent and receive data The shaper interval SI is a each client The shape al is the minimum spacing b s of a client set by iQo CS clients the SI is selected so t s twice the size of the andwidth he Traffic st y clients ar ow many packets of a particu re sent he Associated Clie lassification and th lso is displayed for etween two packet r interv S For N hat their bandwidth i current b Operating In...

Page 240: ...tID is the ID of the bridge that is currently the root bridge The BridgeID shows the ID of the local device Below this you can see values for the Topology Change event The first value is a counter indicating how often the tree structure has changed since restarting The value beside this shows the time since the last switchover event 6 8 8 Spanning T S Below this you will see the following port rel...

Page 241: ...her or not the AP is connected directly to ano Port State With STP a port can adopt three states Discarding No frames are forwarded from or to this port The port has been disable by the user or the protocol for example when a redunda Learning The port receives packets in the same way as in list forward them T Forwarding The port is fully e Disabled The port is not currently in use State of the por...

Page 242: ...e URL http IP address Signal log you can download the generated Signal file If you are not yet logged in this opens the login window in which you must log in with the Admin login Displaying the Instantaneous Value The upper half of the window contains an instrument for displaying the graphic representation of the currently calculated dBm value in real time Depending on your browser and the network...

Page 243: ...nd images check box must be enabled under Printing The signal recorder itself does not cause any significant load in the network that could affect other processes Both parts of the signal recorder can be operated independently Recording a Series of Measurements The lower half of display of the instantaneous value but also the control recorder You can set the interval between the acq as well as the...

Page 244: ...ther losses of signal strength always occur at the e position certain time Below yo the signal Use a fixed data rate in the configuration Where possible the ipcf mode with as low an up be set for the measurements Make sure that there is enough data communication during the measurement because the statistics functions evaluate incoming frames para sam Selective measurements at a fixed position shou...

Page 245: ... level Noise floor The noise floor represents the lower end of the technically possible transmission of the device This means that when the noise floor is exceeded the useful signal is mics begins For this nection to an AP indicated in the figure above by the MAC address 00 00 00 00 00 00 BW bandwidth in Mbps Bandw The ban overlap louder than the noise floor this is where the system dyna reason th...

Page 246: ...guration Using Web Based Management and the Command Line Interface Figure 6 4 Comparison of the Measured Value Display as a Percentage and in dBm Operating Instructions SCALANCE W78x 246 C79000 G8976 C184 07 ...

Page 247: ...e for the number of rec points ing recstop aturel y nt y This command is onl available in the clie mode Stops signal recording prem dispstart interval rrent signal stren be between 100 nds Displays the cu gth This command is only available in the client mode cyclically on the CLI The interval can and 10000 milliseco dispstop signal This command is only available in the client mode Stars cyclic out...

Page 248: ...DC 24V power supplies 18 to 32 V DC safety extra low voltage SELV Power supply voltage connected over high resistance with housing not electrically isolated M12 con 18 to 32 Power contacts in the hybri 18 to 32 V Data IE IP 67 hybrid plug in connection R SMA antenna sockets 2 x or 4 x with the 7882pro Electrical Data Power consumption 10 W Construction Dimensions without antennas W x H x L 125 mm ...

Page 249: ...tions Approvals MTBF Information mean time between failure C79000 G8976 C184 07 249 Device type MTBF SCALANCE W78x 67 years Drilling diagram for wall mounting 1 2 5 5 1 1 5 8 0 9 0 5 4 Operating Instructions SCALANCE W78x ...

Page 250: ...ALANCE W78x or SCALANCE W74x Cover material Polycarbonate Silicone free Electrical P 2 4 2 4835 GHz 5 15 5 35 GHz 5 725 5 85 GHz roperties Frequency range ce 50 Ohms Impedan o 2 0 Voltage standing wave rati 10 dB Return loss Gain at 2 45 GHz 3 dBi Gain at 5 25 GHz 5 dBi Polarization Vertical Operating temperature 20 C 60 C Operating Instructions SCALANCE W78x ...

Page 251: ...Technical Specifications Approvals C79000 G8976 C184 07 251 Dimension Drawing 1 3 6 2 1 2 3 4 6 1 4 8 Operating Instructions SCALANCE W78x ...

Page 252: ...standards EN 60950 Safety of Information Technology Equipment EN 301 489 1 Electromagnetic Compatibility for Radio Equipment and Services EN 301 489 17 Specific Conditions for Wideband Transmission Systems and High Performance Radio Local Area Network HIPERLAN Equipment EN 300 328 Electromagnetic Compatibility and Radio Spectrum Matters EN 301 893 Broadband Radio Access Networks BRAN 5 GHz high pe...

Page 253: ... the responsible authorities according to the above mentioned EU directive at the following address Siemens Aktiengesellschaft Automation and Drives Industrielle Kommunikation Postfach 4848 D 90327 Nürnberg This declaration certifies compliance with the directives named above but does not guarantee any specific properties ...

Page 254: ...Approvals Operating Instructions SCALANCE W78x 254 C79000 G8976 C184 07 ...

Page 255: ... Incendive Class I Zone 2 Group IIC T T For conc rmation on the temperature class refer to the type plate ts rete info Warning When used under hazardous conditions Zone 2 the SCALANCE W78x product 021 this enclosure must th EN 60529 DO NOT CONNECT OR DISCONNECT EQUIPMENT UNLESS AREA IS KNOWN must be installed in an enclosure To comply with EN 50 meet the requirements of at least IP 54 in complianc...

Page 256: ...he instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following meas...

Page 257: ... login window if yo SCALANCE W is availa should be enabled OID The private identifiers iso 1 or enterpri iScalan u are not yet logged on After logging on the private MIB file of the ble When you save on your PC the source text view MIB variables of the SCALANCE W78x have the following object g 3 dod 6 internet 1 private 4 ses 1 ad 4196 adProductMibs 1 simaticNet 1 ceW 4 Operating Instructions SCAL...

Page 258: ...ter 1 3 6 1 4 1 4196 1 1 4 100 2 4 Protocol filters and storm threshold settings 18 snScalanceWStats 1 3 6 1 4 1 4196 1 1 4 100 2 5 Information on WLAN 1 and WLAN 2 interfaces 62 snScalanceWDevices 1 3 6 1 4 1 4196 1 1 4 100 2 6 AP mode List and information on all clients currently associated or currently connected 49 connected Client mode List of devices with which the client is snScalanceWScan 1...

Page 259: ...kOff snScalanceWLinkCheckOff Trap a client monitored with Link Check 81 snScalanceWLinkCheckValue Description of the last This is generated if a timeout occurs with snScalanceWLinkInte grityOn snScalanceWLinkCheckOn trap ed with Link Check logs on again at the AP following a timeout 82 snScalanceWLinkCheckValue Description of the last This is generated if a client monitor snScalanceWClientAu thent...

Page 260: ...alue Description of the last snScalanceWiPCFPNIOmaxST As or snScalanceWiPCFPNIOCycleTi me trap Is generated when the specified update time in iPCF mode with PNIO support cannot be kept to snScalanceWForcedR oamingVapStateChan ged ceWVirtualApIndex Index of the VAP snScalanceWVirtualApState 5 Generated when the status of the VAP changes 121 snScalan Current State of the VAP unknown 0 authenticated ...

Page 261: ...uation Decibel value 10 log ratio Using sample calculations the following decibel values are obtained Ratio Decibel Value 0 001 30 dB 0 1 10 dB 0 2 7 dB 0 4 4 dB 0 5 3 dB 1 0 dB 2 3 dB 4 6 dB As can be seen in the example halving a value reduces the decibel value by 3 dB This remains true regardless of the selected reference variable because only the ratio counts Which reference variable is used c...

Page 262: ...m 1 mW 0 dBm 2 mW 3 dBm 4 mW 6 dBm 10 mW 10 dBm 100 mW 20 dBm 200 mW 23 dBm 1 W 30 dBm Using power specifications it is simple to calculate gain and attenuation To calculate an entire system the individual values for gain and attenuation must simply be added Transmit Power dBm The information in the following tables applies to the following SIMATIC NET products Access point SCALANCE W788 1PRO W788...

Page 263: ...n dBi the reference variable is the transmit power of an isotropic antenna or unipole Such a hypothetical antenna radiates energy from a central point uniformly in all directions From the directional radiation of a real antenna a dBi value is obtained known as the antenna gain This term is misleading in as far as no energy is gained by an antenna in the physical sense The higher radiation of a pas...

Page 264: ... Losses due to Coupling Loss Coupling loss cd includes the losses at the transition from the cable to the surrounding space The coupling loss depends on the construction of the cable and its physical properties Values for coupling loss are therefore specified for the particular cable in the technical specifications Losses Due to Spatial Attenuation Spatial attenuation afr specifies the attenuation...

Page 265: ...specified in the data sheet of the cable λ Wavelength of the electromagnetic oscillation in m at a frequency of 2 4 GHz the wavelength is 0 125 m d Distance between cable and antenna in m For a frequency of 2 4 GHz you can also calculate with the following equation in which you must specify the distance d in meters cd 2 4 GHz c95 46 dB 20 log 100 d For a SIEMENS SIMATIC NET IWLAN RCoax Cable PE 1 ...

Page 266: ...e transmission technique and data rate The information in the following tables applies to the following SIMATIC NET products Access point SCALANCE W788 1PRO W788 2PRO W788 1RR W788 2RR Client module SCALANCE W744 1PRO W746 1PRO W747 1RR CP 7515 CP 1515 IWLAN PB Link Receiver Sensitivity in IEEE 802 11b Mode 2 4 GHz Data rate Mb s Pe dBm 1 90 2 90 5 5 90 11 84 Receiver Sensitivity in IEEE 802 11g M...

Page 267: ...n power splitters etc are deducted from the transmit power An antenna gain is added The result is the power fed to a receiver This power must be higher than the receiver sensitivity The calculation can be made with the following formula Pe P0 arc cd aps GANT rc fr Pe min Pe Receiver input power in dBm P0 Transmit power in dBm arc Longitudinal attenuation of the RCoax cable and the feeder in dB cd ...

Page 268: ...rating Instructions SCALANCE W78x C79000 G8976 C184 07 268 fr Correction value for the spatial attenuation in dB Depending on the concrete operating conditions between 0 and 20 dB Pe min Receiver sensitivity in dBm ...

Page 269: ...a channel during operation This includes for example radar systems that also use the 5 GHz frequency band Before a channel is used it is checked to make sure that no other system is already using the channel or frequency range If another user is discovered data transmission on the channel is stopped and there is a change to a different channel This avoids influence resulting from WLAN systems oper...

Page 270: ... the AES encryption algorithm IEEE 802 11i removes a series of weak points in the WEP security mechanism IEEE 802 1x The heart of the standard is the use of a Radius server as the authentication server In addition to this in IEEE 802 1x the entire communication is encrypted iPCF industrial Point Coordination Function This function ensures that the entire data traffic of a cell is ordered controlle...

Page 271: ...m of 8 per WLAN interface can be configured with different security settings You can assign each virtual AP to a particular VLAN WBM Web Based Management HTTP based configuration method in which an HTTP server is used in the SCALANCE W78x WDS Wireless Distribution System Radio links for connecting the access points for an extended service set ESS WEP WEP Wired Equivalence Privacy is an optional pa...

Page 272: ...c exchange of keys at each frame introduces further security As the encryption method you can choose between TKIP Temporal Key Integrity Protocol and AES Advanced Encryption Standard Although WPA never became an official component of the IEEE 802 11 family of standards it has become very widespread in a short time This however applies only to the WPA procedure described above using TKIP The option...

Page 273: ...ryption 86 165 F Forward delay 195 H Hello Time 195 Help function 101 HiPath 106 HTTPS 60 Hybrid cable 35 I IEEE 802 11a 23 IEEE 802 11b 23 IEEE 802 11g 23 157 IEEE 802 11h 23 IP address 63 IP TCP IP ICMP SNMP 242 IP Alive 224 iPCF 93 215 iPCF Wizard 61 93 iQoS 238 iQoS 213 L Learning Table 192 LED simulation 100 Lightning Protection 31 Link Check 220 Locale setting 104 Log table 227 Losses 264 M ...

Page 274: ...e data 132 Security settings 79 Security Wizard 61 75 Set values 101 SNMP 122 SNTP 130 Spanning Tree 192 240 Spanning tree port parameters 196 SSID 80 Standalone configuration 13 Storm threshold 202 Suppress SSID broadcasting 167 T Transmit power 149 TTL 112 V Versions 229 W WDS 181 Web Based Management 57 WEP 87 Wireless access 15 Wizards 57 WPA 167 WPA2 90 ...

Reviews:

No comments

Related manuals for SCALANCE W788-1PRO

EAW MX8000 Technical Specifications preview
MX8000
Brand: EAW Pages: 2
8e6 Technologies Enterprise Filter Authentication R3000 Quick Start Manual preview
Enterprise Filter Authentication R3000
Brand: 8e6 Technologies Pages: 66
XIA Pixie-4 Express Software Manual preview
Pixie-4 Express
Brand: XIA Pages: 17
Automationdirect.com CLICK PLUS C2-02CPU Quick Start Manual preview
CLICK PLUS C2-02CPU
Brand: Automationdirect.com Pages: 10
TRENDnet TW-200 Specifications preview
TW-200
Brand: TRENDnet Pages: 2
Zoom B9.1ut Operation Manual preview
B9.1ut
Brand: Zoom Pages: 88
Ericsson Marconi OMS 1200 Product Description preview
Marconi OMS 1200
Brand: Ericsson Pages: 136
NETGEAR RP614 v2 Installation Manual preview
RP614 v2
Brand: NETGEAR Pages: 2
ZyXEL Communications XS1920 Series User Manual preview
XS1920 Series
Brand: ZyXEL Communications Pages: 422
HELVAR Imagine 920 Installation Manual preview
Imagine 920
Brand: HELVAR Pages: 2
Morrell SW-UNM-24FE2GC-24POE User Manual preview
SW-UNM-24FE2GC-24POE
Brand: Morrell Pages: 8
i-MO OptiBond 210 C Series Hardware Installation Manual preview
OptiBond 210 C Series
Brand: i-MO Pages: 16
3Com FEM656C Quick Start Manual preview
FEM656C
Brand: 3Com Pages: 53
iNetVu Tachyon CI1300 Quick Start Manual preview
Tachyon CI1300
Brand: iNetVu Pages: 20
ADDON ARM8100 Quick Installation Manual preview
ARM8100
Brand: ADDON Pages: 4
ADLINK Technology cPCIS-1100 Series User Manual preview
cPCIS-1100 Series
Brand: ADLINK Technology Pages: 48
Aaeon GENE-EHL7 User Manual preview
GENE-EHL7
Brand: Aaeon Pages: 119
Atlantis WebShare 141 WN Quick Start Manual preview
WebShare 141 WN
Brand: Atlantis Pages: 78

Brands by name

Popular brands

Load more brands