Siemens SIMATIC NET SCALANCE W720 Скачать руководство пользователя

Страница: 14 / 60

Security recommendations

SCALANCE W760 / W720

Operating Instructions, 03/2022, C79000-G8976-C322-13

• Ensure that the latest firmware version is installed, including all security-related

patches.
You can find the latest information on security patches for Siemens products at the

Industrial Security (

https://www.siemens.com/industrialsecurity

) or ProductCERT

Security Advisories (

https://www.siemens.com/cert

)

website.

For updates on Siemens product security advisories, subscribe to the RSS feed on the

ProductCERT Security Advisories website or follow @ProductCert on Twitter.

• Enable only those services that are used on the device, including physical ports. Free

physical ports can potentially be used to gain access to the network behind the

device.

• For optimal security, use SNMPv3 authentication and encryption mechanisms

whenever possible, and use strong passwords.

• Configuration files can be downloaded from the device. Ensure that configuration files

are adequately protected. The options for achieving this include digitally signing and

encrypting the files, storing them in a secure location, or transmitting configuration

files only through secure communication channels.

Configuration files can be password protected during download. You enter passwords

on the WBM page "System > Load & Save > Passwords".

• When using SNMP (Simple Network Management Protocol):

–

Configure SNMP to generate a notification when authentication errors occur.

For

more information, see WBM "System > SNMP > Notifications".

–

Ensure that the default community strings are changed to unique values.

–

Use SNMPv3 whenever possible. SNMPv1 and SNMPv2c are considered non-

secure and should only be used when absolutely necessary.

–

If possible, prevent write access above all.

• Use the security functions such as address translation with NAT (Network Address

Translation) or NAPT (Network Address Port Translation) to protect receiving ports

from access by third parties.

• Use WPA2/ WPA2-PSK with AES to protect the WLAN. You can find additional

information in the configuration manual Web Based Management "Security menu".

Secure/ non-secure protocols

• Use secure protocols if access to the device is not prevented by physical protection

measures.

• Disable or restrict the use of non-secure protocols. While some protocols are secure

(e.g. HTTPS, SSH, 802.1X, etc.), others were not designed for the purpose of securing

applications (e.g. SNMPv1/v2c, RSTP, etc.).
Therefore, take appropriate security measures against non-secure protocols to

prevent unauthorized access to the device/network. Use non-secure protocols on the

device using a secure connection (e.g. SINEMA RC).

Содержание SIMATIC NET SCALANCE W720

Страница 1: ... W760 W720 Operating Instructions 03 2022 C79000 G8976 C322 13 Introduction 1 Safety notices 2 Security recommendations 3 Description of the device 4 Installation and removal 5 Connection 6 Maintenance and cleaning 7 Troubleshooting 8 Technical data 9 Dimension drawings 10 Approvals 11 ...

Страница 2: ... only by personnel qualified for the specific task in accordance with the relevant documentation in particular its warning notices and safety instructions Qualified personnel are those who based on their training and experience are capable of identifying risks and avoiding potential hazards when working with these products systems Proper use of Siemens products Note the following WARNING Siemens p...

Страница 3: ...2 1 Flexible connecting cables 22 4 4 2 2 Lightning protection 23 4 4 2 3 Terminating resistor 23 4 4 2 4 Cabinet feedthrough 23 4 4 2 5 Antennas 24 4 5 LED display 26 4 6 Reset button 29 5 Installation and removal 31 5 1 Safety notices for installation 31 5 2 Installing on a DIN rail removing 34 6 Connection 37 6 1 Safety when connecting up 37 6 2 Power supply 42 6 3 Ethernet 43 6 4 Antenna conne...

Страница 4: ...Table of contents SCALANCE W760 W720 4 Operating Instructions 03 2022 C79000 G8976 C322 13 10 Dimension drawings 55 11 Approvals 57 Index 59 ...

Страница 5: ...f version 6 5 Purpose of the Operating Instructions Using the Operating Instructions you will be able to install and connect the SCALANCE W760 W720 correctly The configuration and the integration of the device in a WLAN are not described in these instructions Documentation on the accompanying DVD You can find detailed information about configuration in the SCALANCE W700 configuration manuals on th...

Страница 6: ...ecurity concept Siemens products and solutions constitute one element of such a concept Customers are responsible for preventing unauthorized access to their plants systems machines and networks Such systems machines and components should only be connected to an enterprise network or the internet if and to the extent such a connection is necessary and only when appropriate security measures e g fi...

Страница 7: ...missioning Shut down the device properly to prevent unauthorized persons from accessing confidential data in the device memory To do this restore the factory settings on the device Also restore the factory settings on the storage medium Recycling and disposal The products are low in pollutants can be recycled and meet the requirements of the WEEE directive 2012 19 EU for the disposal of electrical...

Страница 8: ...Introduction SCALANCE W760 W720 8 Operating Instructions 03 2022 C79000 G8976 C322 13 ...

Страница 9: ...he entire working life of the device You should also read the safety notices relating to handling in the individual sections particularly in the sections Installation and Connecting up WARNING Hot surfaces Electric devices have hot surfaces Do not touch these surfaces They could cause severe burns Allow the device to cool down before starting any work on it WARNING EXPLOSION HAZARD Do not open the...

Страница 10: ...Safety notices SCALANCE W760 W720 10 Operating Instructions 03 2022 C79000 G8976 C322 13 ...

Страница 11: ...r data transmission via a non secure network use an encrypted VPN tunnel IPsec OpenVPN Separate connections correctly WBM SSH etc Check the user documentation of other Siemens products that are used together with the device for additional security recommendations Using remote logging ensure that the system protocols are forwarded to a central logging server Make sure that the server is within the ...

Страница 12: ... their own authentication between endpoints such as ARP or IPv4 An attacker could use vulnerabilities in these protocols to attack hosts switches and routers connected to your layer 2 network for example through manipulation poisoning of the ARP caches of systems in the subnet and subsequent interception of the data traffic Appropriate security measures must be taken for non secure layer 2 protoco...

Страница 13: ...itional devices with VPN functionality to encrypt and authenticate communication When you establish a secure connection to a server for example for an upgrade make sure that strong encryption methods and protocols are configured for the server Terminate the management connections e g HTTP HTTPS SSH properly Make sure that the device has been powered down completely before you decommission it For m...

Страница 14: ... be password protected during download You enter passwords on the WBM page System Load Save Passwords When using SNMP Simple Network Management Protocol Configure SNMP to generate a notification when authentication errors occur For more information see WBM System SNMP Notifications Ensure that the default community strings are changed to unique values Use SNMPv3 whenever possible SNMPv1 and SNMPv2...

Страница 15: ...of preventing write access The product provides you with suitable setting options If SNMP is enabled change the community names If no unrestricted access is necessary restrict access with SNMP Use SNMPv3 in conjunction with passwords HTTP HTTPS Telnet SSH TFTP SFTP Syslog Client Syslog Client TLS Using a firewall restrict the services and protocols available to the outside to a minimum For the DCP...

Страница 16: ...4 UDP 68 Outgoing only DHCP Client IPv6 UDP 546 Outgoing only DHCP Server UDP 67 Closed DNS Client TCP 53 UDP 53 Outgoing only EthernetIP TCP 44818 UDP 2222 UDP 44818 Closed HTTP TCP 80 Open HTTPS TCP 443 Open NTP Client UDP 123 Outgoing only PROFINET UDP 34964 UDP 49154 UDP 49155 Open RADIUS Client UDP 1812 Outgoing only Remote Capture TCP 2002 Closed SFTP Client TCP 22 Closed SMTP Client TCP 25 ...

Страница 17: ... be accessed The table includes the following columns Layer 2 service The Layer 2 services that the device supports Default status The default status of the service open or closed Service configurable Indicates whether the service can be configured via WBM CLI Layer 2 service Default status Service configurable DCP Open LLDP Open RSTP Open iPRP Open MSTP Closed SIMATIC NET TIME Closed ...

Страница 18: ...Security recommendations SCALANCE W760 W720 18 Operating Instructions 03 2022 C79000 G8976 C322 13 ...

Страница 19: ...20 Operating Instructions 03 2022 C79000 G8976 C322 13 19 Description of the device 4 4 1 Structure of the type designation The type designation of the device is made up of several parts that have the following meaning ...

Страница 20: ...Connector for power supply and grounding 4 3 Components of the product The following components are supplied with the product One SCALANCE device One protective cap for the antenna socket A 3 pin terminal block for the power supply One product DVD Please check that the consignment you have received is complete If the consignment is incomplete contact your supplier or your local Siemens office ...

Страница 21: ... the meter 6XV1841 2A IE FC TP ROBUST FLEXIBLE CABLE GP 2X2 PROFINET type B Flexible bus cable TPE outer jacket for connection to FC RJ 45 PLUG and FC OUTLET RJ 45 flexible wires 4 wire shielded CAT 5 Sold by the meter 6XV1841 2B IE FC TP FLEXIBLE CABLE GP 2X2 PROFINET type B Flexible bus cable TP installation cable flexible wires shielded CAT 5 Sold by the meter 6XV1870 2B IE FC TP TRAILING CABLE...

Страница 22: ...ale and an R SMA male connector Length Article number 0 3 m 6XV1875 5CE30 1 m 6XV1875 5CH10 2 m 6XV1875 5CH20 5 m 6XV1875 5CH50 10 m 6XV1875 5CN10 For railway applications the following connecting cable are available Length Article number 1 m 6XV1875 5TH10 2 m 6XV1875 5TH20 5 m 6XV1875 5TH50 Flexible connecting cable N Connect N Connect Flexible connecting cable for connecting an antenna to a SCAL...

Страница 23: ...8 1N Lighting protector with N N female female connector with gas discharge technology 6GK5798 2LP00 2AA6 LP798 2N Lighting protector with N N female female connector with quarter wave technology 6GK5798 2LP10 2AA6 4 4 2 3 Terminating resistor Component Description Article number TI795 1R Electrical connection R SMA male termination impedance 2 4 and 5 GHz IP65 0 6 GHz pack of 3 6GK5795 1TR10 0AA6...

Страница 24: ...find more detailed information in Link http www siemens com wireless approvals The SCALANCE W1788 2IA uses internal omni antennas 3 4 dBi at 2 4 GHz or 5 GHz Type Properties Article number IWLAN RCoax ANT792 4DN RCoax helical antenna with circular polarization for RCoax systems 4 Bi 2 4 GHz IP65 N Connector female 6GK5792 4DN00 0AA6 ANT792 6MN Omnidirectional antenna mast wall mounting 6 dBi 2 4 G...

Страница 25: ...on on the device straight connector 6GK5795 4MC00 0AA3 ANT795 4MD Omnidirectional antenna 3 5 dBi 2 4 GHz and 5 GHz IP65 N Connect male for direct installation on the device 90 connector 6GK5795 4MD00 0AA3 ANT795 4MX Omnidirectional antenna 2 2 5 dBi 2 4 GHz and 5 GHz IP69K N Connector male 6GK5795 4MX00 0AA0 ANT795 6DC Wide angle antenna mast wall mounting 9 dBi 2 4 GHz and 5 GHz N Connect female...

Страница 26: ...for USA Canada Only one antenna per device can be used connected to R1A1 R1A2 or R2A1 R2A2 Note ANT793 8DK The antenna ANT793 8DK may only be used with the flexible connecting cable 6XV1875 5CN10 10 m length Other flexible connecting cables are not permitted Notice for USA Canada Only one antenna per device can be used connected to R1A1 R1A2 or R2A1 R2A2 4 5 LED display Information on operating st...

Страница 27: ...ection over the WLAN interface 1 Flashing green and yellow Data transfer via the WLAN interface 1 Flashing yellow Client mode The client is searching for a connection to an access point Flashing yellow Interval 100 ms on 100 ms off Access point mode With DFS 802 11h the channel is scanned for one minute for competing radar signals before the channel can be used for data traffic Client mode The cli...

Страница 28: ...t LEDs flash for detection of device location The LED flash function is Either with SINEC PNI Or via the WBM page Discovery and Set via DCP Note Primary user radar on all enabled channels only when DFS is enabled If the device detects competing radar signals on all enabled channels of the WLAN interface the F LED is lit and R1 flash No data traffic is then possible for the next 30 minutes After th...

Страница 29: ...Description of the device 4 6 Reset button SCALANCE W760 W720 Operating Instructions 03 2022 C79000 G8976 C322 13 29 4 6 Reset button The Reset button is on the front of the device ...

Страница 30: ...Load Save menu command of Web Based Management is unsuccessful the reset button can be used to load new firmware This situation can occur if there is a power outage during the normal firmware update You will find further information in the configuration manual in Downloading new firmware using TFTP without WBM and CLI Page 50 Resetting the device to the factory defaults The device can be reset to ...

Страница 31: ...a risk of explosion in hazardous areas For proper disassembly observe the following Before starting work ensure that the electricity is switched off Secure remaining connections so that no damage can occur as a result of disassembly if the system is accidentally started up CAUTION Minimum distance to antennas Fit the device so that there is a minimum clearance of 20 cm between antennas and persons...

Страница 32: ...e enclosure WARNING EXPLOSION HAZARD Replacing components may impair suitability for Class 1 Division 2 or Zone 2 WARNING The device may only be operated in an environment of contamination class 1 or 2 see EN IEC 60664 1 GB T 16935 1 Notes for use in hazardous locations according to ATEX IECEx UKEX and CCC Ex If you use the device under ATEX IECEx UKEX or CCC Ex conditions you must also keep to th...

Страница 33: ...n the maximum ambient temperature WARNING Wall mounting is only permitted if the requirements for the housing the installation regulations the clearance and separating regulations for the control cabinets or housings are adhered to The control cabinet cover or housing must be secured so that it can only be opened with a tool An appropriate strain relief assembly for the cable must be used WARNING ...

Страница 34: ...ility and protection against contact the following alternative types of installation are specified Installation in a suitable cabinet Installation in a suitable enclosure Installation in a suitably equipped enclosed control room WARNING If the temperature at the cable or housing socket or at the branching points of the cables exceeds 60 C special precautions must be taken If the equipment is opera...

Страница 35: ...ss the device against the DIN rail until the DIN rail slider catch locks in place 3 Mount the connecting cables and the antenna see section Connecting up Page 37 Procedure when removing Follow the steps below to remove the SCALANCE W760 W720 from a DIN rail 1 Turn off the power to the device 2 Disconnect all connected cables 3 Press the release button on the top of the device to release the DIN ra...

Страница 36: ...Installation and removal 5 2 Installing on a DIN rail removing SCALANCE W760 W720 36 Operating Instructions 03 2022 C79000 G8976 C322 13 ...

Страница 37: ... to lightning strikes Antennas installed outdoors must be within the area covered by a lightning protection system Make sure that all conducting systems entering from outdoors can be protected by a lightning protection potential equalization system When implementing your lightning protection concept make sure you adhere to the VDE 0182 or IEC 62305 standard Suitable lightning protectors are availa...

Страница 38: ... supply The device is designed for operation with a directly connectable safety extra low voltage SELV from a limited power source LPS The power supply therefore needs to meet at least one of the following conditions Only safety extra low voltage SELV with limited power source LPS complying with IEC 62368 1 EN 62368 1 VDE 62368 1 may be connected to the power supply terminals The power supply unit...

Страница 39: ...Ethernet cable Connect both grounds to the same foundation earth or use an equipotential bonding cable Safety notices on use in hazardous areas General safety notices relating to protection against explosion WARNING EXPLOSION HAZARD Do not connect or disconnect cables to or from the device when a flammable or combustible atmosphere is present WARNING EXPLOSION HAZARD Do not press the reset button ...

Страница 40: ... only Lay a potential equalization conductor when grounding at both ends WARNING Insufficient isolation of intrinsically safe and non intrinsically safe circuits Risk of explosion in hazardous areas When connecting intrinsically safe and non intrinsically safe circuits ensure that the galvanic isolation is performed properly in compliance with local regulations e g IEC 60079 14 Observe the device ...

Страница 41: ...neral notes on use in hazardous areas according to UL HazLoc If you use the device under UL HazLoc conditions you must also adhere to the following safety notices in addition to the general safety notices for protection against explosion WARNING WARNING EXPLOSION HAZARD DO NOT DISCONNECT WHILE CIRCUIT IS LIVE UNLESS AREA IS KNOWN TO BE NON HAZARDOUS WARNING Restricted area of application This equi...

Страница 42: ...720 42 Operating Instructions 03 2022 C79000 G8976 C322 13 6 2 Power supply The device is supplied with power via the 3 pin connection socket The 3 pin connection socket has the following pin assignment Pin Assignment L 24 VDC M Ground Grounding ...

Страница 43: ...g Instructions 03 2022 C79000 G8976 C322 13 43 6 3 Ethernet The device has an Ethernet interface located on the underside of the device 6 4 Antenna connector The device has an antenna connector R1 A1 of the type R SMA located on the front of the device ...

Страница 44: ...m NOTICE R SMA antenna connector When securing antennas to the device only the screw cap of the antenna can be rotated Rotating the entire antenna could damage the R SMA connector of the device Figure 6 1 Figure of the ANT795 4MA the arrow points to the screw cap Note Cabinet installation When installing the device in a cabinet you need to use a detached antenna Suitable flexible connecting cables...

Страница 45: ...ed for example by connecting a cable from the three pin socket to the DIN rail refer to the section Device view Page 20 or section Power supply Page 42 Such a cable should be kept as short as possible If cables are installed permanently it is advisable to remove the insulation of the shielded cable and to establish contact on the shield PE conductor bar ...

Страница 46: ...Connection 6 5 Grounding SCALANCE W760 W720 46 Operating Instructions 03 2022 C79000 G8976 C322 13 ...

Страница 47: ...ve all relevant installation and safety instructions described in the manuals for the device or supplied with the accessories or spare parts CAUTION Hot surfaces Risk of burns during maintenance work on parts with a surface temperature above 70 C 158 F Take appropriate protective measures for example wear protective gloves Once maintenance work is complete restore the touch protection measures NOT...

Страница 48: ...Maintenance and cleaning SCALANCE W760 W720 48 Operating Instructions 03 2022 C79000 G8976 C322 13 ...

Страница 49: ... in the section Reset button Page 29 To reset the device to the factory defaults during the startup phase follow the steps below 1 Turn off the power to the device 2 Loosen the screws of the cover 3 Remove the cover 4 Press the reset button and reconnect the device to the power supply while holding down the button 5 Hold down the button until the red error LED F stops flashing after approximately ...

Страница 50: ... Web Based Management or the CLI When pressing the button make sure you adhere to the instructions in the section Reset button Page 29 Solution You can then also assign firmware to a SCALANCE W using TFTP Follow the steps below to load new firmware using TFTP 1 Turn off the power to the device 2 Now press the Reset button and reconnect the power to the device while holding down the button 3 Hold d...

Страница 51: ...ant to access the CLI or TFTP in Windows 10 make sure that the relevant functions are enabled in Windows 10 Result The firmware is transferred to the device Note Please note that the transfer of the firmware can take several minutes During the transmission the red error LED F flashes Once the firmware has been transferred completely to the device the device is restarted automatically ...

Страница 52: ...Troubleshooting 8 2 Firmware update via WBM or CLI not possible SCALANCE W760 W720 52 Operating Instructions 03 2022 C79000 G8976 C322 13 ...

Страница 53: ...er rate 10 100 Mbps Wireless transmission rate 1 150 Mbps Wireless standards supported IEEE 802 11a IEEE 802 11b IEEE 802 11g IEEE 802 11n Attachment to Industrial Ethernet Quantity 1 Design RJ 45 jack Properties Half duplex full duplex autocrossover autonegotiation autosensing floating Permitted cable lengths Ethernet Alternative combinations per length range IE TP torsion cable 0 55 m 0 45 m 10 ...

Страница 54: ...C typical 3 6 W Permitted ambient conditions Ambient temperature During operation with the rack installed horizontally vertically 0 to 55 During storage 40 to 85 During transportation 40 to 85 Relative humidity During operation 95 at 25 C no condensation Operating altitude During operation 2 000 m above sea level at max 55 C ambient temperature Contaminant concentration According to IEC 60721 Degr...

Страница 55: ...SCALANCE W760 W720 Operating Instructions 03 2022 C79000 G8976 C322 13 55 Dimension drawings 10 The dimensions are specified in mm ...

Страница 56: ...Dimension drawings SCALANCE W760 W720 56 Operating Instructions 03 2022 C79000 G8976 C322 13 ...

Страница 57: ...ction at Siemens Industry Online Support https support industry siemens com cs ww en Using the search function at Industrial communication https support industry siemens com cs ww en ps 15859 cert Enter the entry ID of the relevant manual as the search item You will find the documentation for the SIMATIC NET products relevant here on the data storage medium that ships with some products Product CD...

Страница 58: ...Approvals SCALANCE W760 W720 58 Operating Instructions 03 2022 C79000 G8976 C322 13 ...

Страница 59: ... numbers 5 C Configuration manuals 50 Connecting Antenna 43 Ethernet 43 Power supply 42 Connecting up Grounding 45 D Dimension drawing 55 Documentation on the CD 5 Documentation on the Internet 5 E Ethernet 43 F Factory default 30 Factory defaults 49 Factory setting 49 G Grounding 38 45 I Installation DIN rail 34 Interfaces 53 L LED display 26 Lightning protection 37 Loading firmware 30 P Power su...

Страница 60: ...Instructions 03 2022 C79000 G8976 C322 13 Safety notices for installation 31 general 9 Use in hazardous areas 9 31 37 when connecting up 37 Scope of delivery 20 Service Support 6 T Technical specifications 53 Training 6 Type designation 19 ...

Результаты поиска

Содержание SIMATIC NET SCALANCE W720

Отзывы:

Похожие инструкции для SIMATIC NET SCALANCE W720

Бренды по названию

Популярные бренды

Siemens SIMATIC NET SCALANCE W720, Руководство по эксплуатации

Результаты поиска

Содержание SIMATIC NET SCALANCE W720

Отзывы:

Похожие инструкции для SIMATIC NET SCALANCE W720

Бренды по названию

Популярные бренды