Application & Tools - Siemens

Applications & Tools

Answers for industry.

Cover

Setup of a controller-based IWLAN with SCALANCE WLC711 and new generation access points

SCALANCE WLC711

Application Description May 2013

2 IWLAN with WLC711

V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Siemens Industry Online Support This entry is taken from Siemens Industry Online Support. The following link takes you directly to the download page of this document: http://support.automation.siemens.com/WW/view/en/72886773 Caution: The functions and solutions described in this entry are mainly limited to the realization of the automation task. In addition, please note that suitable security measures in compliance with the applicable industrial security standards must be taken, if your system is interconnected with other parts of the plant, the company’s network or the internet. For more information, please refer to Entry ID 50203404. http://support.automation.siemens.com/WW/view/en/50203404

http://support.automation.siemens.com/WW/view/en/72886773


IWLAN with WLC711 V10, Entry ID: 72886773 3

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

s

SIMATIC IWLAN with WLC711 Industrial Wireless LAN

Task 1

Solution 2

Product Description WLC711

3 IWLAN Controller as efficient Network Control Center

4 Access Points as Central Wireless Bridge

5

Installation 6

Configuration and Startup 7

Operating the Application 8

Appendix: Important Terms relating to IWLAN

9

Links & Literature 10

History 11

Warranty and Liability

4 IWLAN with WLC711

V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Warranty and Liability

Note The application examples are not binding and do not claim to be complete regarding configuration, equipment and any eventuality. The application examples do not represent customer-specific solutions. You are responsible for ensuring that the described products are used correctly. These application examples do not relieve you of your responsibility to use sound practices in application, installation, operation and maintenance. When using these application examples, you recognize that we will not be liable for any damage/claims beyond the liability clause described. We reserve the right to make changes to these application examples at any time and without prior notice. If there are any deviations between the recommendations provided in this application example and other Siemens publications – e.g. Catalogs – the contents of the other documents have priority.

We do not accept any liability for the information contained in this document. Any claims against us - based on whatever legal reason - resulting from the use of the examples, information, programs, engineering and performance data etc., described in this application example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or breach of a condition which goes to the root of the contract (“wesentliche Vertragspflichten”). The damages for a breach of a substantial contractual obligation are, however, limited to the foreseeable damage, typical for the type of contract, except in the event of intent or gross negligence or injury to life, body or health. The above provisions do not imply a change in the burden of proof to your disadvantage. It is not permissible to transfer or copy these application examples or excerpts thereof without express authorization from Siemens Industry Sector.

Table of Contents


Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Table of Contents Warranty and Liability .............................................................................................. 4 Table of Contents ..................................................................................................... 5 1 Task................................................................................................................. 7 2 Solution........................................................................................................... 9

2.1 Overview of the general solution ........................................................ 9 2.2 Description of the core functionality .................................................. 11 2.2.1 Central diagnostic overview of SCALANCE WLC711 ....................... 11 2.2.2 Virtual subnets ................................................................................. 12 2.2.3 Description of the user scenarios ..................................................... 13 2.3 Hardware and software components ................................................ 14

3 SCALANCE WLC711 Product Description .................................................. 15 3.1 Description and application .............................................................. 15 3.2 Operating the SCALANCE WLC711 ................................................ 18

4 IWLAN Controller as efficient Network Control Center............................... 20

4.1 Setting up a controller-based IWLAN ............................................... 20 4.1.1 Physical setup ................................................................................. 20 4.1.2 Logic network division ...................................................................... 20 4.2 Flexibility and dynamics through VNS .............................................. 21 4.2.1 Virtual Local Area Network (VLAN) .................................................. 21 4.2.2 What is a VNS? ............................................................................... 22 4.2.3 Data flow control in a VNS ............................................................... 22 4.2.4 Components of a VNS ..................................................................... 26

5 Access Points as Central Wireless Bridge .................................................. 34

5.1 Usable access points ....................................................................... 34 5.2 Registration options ......................................................................... 34 5.3 Configuration of the access points ................................................... 37

6 Installation .................................................................................................... 40

6.1 Hardware installation ....................................................................... 40 6.2 Software installation......................................................................... 41

7 Configuration and Startup ........................................................................... 42

7.1 Overview of the steps ...................................................................... 42 7.2 Basic configuration instructions ........................................................ 43 7.3 Setting up the PCs ........................................................................... 44 7.4 Application of the PST for IP address and WBM .............................. 49 7.5 Configuration of the VLAN in SCALANCE X310 ............................... 52 7.6 Basic configuration of the SCALANCE WLC711 .............................. 56 7.7 Registration of the access points ..................................................... 58 7.8 Configuration of the access points ................................................... 61 7.9 Configuration of the VNS ................................................................. 65 7.10 Assigning the VNS ........................................................................... 70 7.11 Configuration of the WLAN clients.................................................... 72 7.11.1 Configuration of the SCALANCE W clients ....................................... 72 7.11.2 Configuration of the PC with WLAN ................................................. 76 7.12 Setting up the policies in VNS 2 ....................................................... 76 7.13 Configuring the FTP scenarios ......................................................... 81

8 Operating the Application ............................................................................ 82 9 Appendix: Important Terms relating to IWLAN ........................................... 85

Table of Contents

6 IWLAN with WLC711

V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

9.1 IEEE 802.11 standard ...................................................................... 85 9.2 SSID................................................................................................ 86 9.3 Encryption ....................................................................................... 87 9.4 Bridging ........................................................................................... 87

10 Links & Literature ......................................................................................... 88 11 History .......................................................................................................... 88

1 Task


Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

1 Task Introduction

In industrial environments, a conventional wireless LAN is operated via coordinated access points. On the one hand, the access points establish the radio network. On the other hand, they work as a central wireless bridge and enable communication between the WLAN nodes. In order to provide this, a previous registration of all WLAN clients at the access points is required.

Problem A mere integration of a WLAN infrastructure does not yet enable a functioning WLAN. The real challenge is managing the wireless network. When managing the WLAN, the focus is generally placed on the individual components. The basic tasks for these devices are the following points, for example: Installation and update of firmware. Configuration and settings. Monitoring and control of various system resources.

Each device requires individual treatment and management. Since large WLAN installations comprise a number of access points at many sites and in many countries, this leads to an enormous configuration and management workload and in addition, also jeopardizes security due to configuration errors.

Task For larger installations with several access points in particular, implementing a central management is of advantage. This ensures the functionality of the WLAN and enables managing each module individually.

1 Task

8 IWLAN with WLC711

V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Overview of the automation task The figure below provides an overview of the automation task.

Figure 1-1

Central Management

Radio network 1

Radio network 1 Radio

network 2Radio network 2

Radio network n

Radio network n

ConfigurationRadio

network 1

ConfigurationRadio

network 2

ConfigurationRadio

network n

Description of the automation task The radio networks shall be managed via a central management: All necessary configurations are created centrally and automatically distributed

to all access points. A firmware update of all - or a group of - access points is triggered centrally. Diagnosis and reporting across the entire WLAN at a central location.

2 Solution


Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

2 Solution 2.1 Overview of the general solution

Schematic layout The following figure displays the most important components of the solution:

Figure 2-1

IWLAN Controller SCALANCE WLC711

PC

SCALANCE X310

Access Point SCALANCE W788C

Access Point SCALANCE W788C

Client SCALANCE W748

ClientSCALANCE W748

ClientPC

PC

FTP Client

TELNET ClientFTP ServerWebbrowser

Setup The application example integrates two different transmission media in the network: on the left side the cable version. on the right side the radio interface.

The transition between the cable-based and the wireless network is handled by the SCALANCE W788C access points.

2 Solution

10 IWLAN with WLC711

V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

The IWLAN clients SCALANCE W748 and the client PC connect with the respective access points via the integrated IWLAN interfaces. The PC with installed FTP client is integrated to the WLAN via the SCALANCE W748. Representatives of the cable-based network are a PC with installed FTP server, TELNET/ Web-client as well as the SCALANCE WLC711, which are connected to each other via the SCALANCE X310.

Note The focus of this application is not so much placed on realizing a large IWLAN installation, but on using the SCALANCE WLC711.

For clarity reasons, only two access points are used in this application example.

Advantages In larger WLAN installations it is viable to use a controller. Here, the WLAN functions are realized by the centrally positioned SCALANCE WLC711 and the task of the access points are reduced to a mere radio transmission. Therefore, access points are often also referred to as fit access points in a controller-based network. Central control and monitoring of the fit access points through the SCALANCE

WLC711. Wireless, non-reactive expansion of an Ethernet network is possible. Any scale of the WLAN network through simple addition of access points. Guest access with restricted usage time can be easily realized. Controlling the channels and transmission power between the access points

with SCALANCE WLC711 reduces the susceptibility of the network in the 2.4 GHz band.

Topics not covered by this application This application does not contain: basic information on Industrial Ethernet information on setting up a cable-based as well as a wireless network detailed information on IWLAN technology

Basic knowledge of these topics is required.

Note Further information is available in the manuals and application examples on the Service & Support page. A selection of references is available in chapter 10 (Links & Literature).

2 Solution


Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

2.2 Description of the core functionality

SCALANCE WLC711 The IWLAN controller SCALANCE WLC711 enables the central management of an industrial wireless LAN. It automatically detects the new access points, establishes the connection with them and manages and coordinates access points and clients.

2.2.1 Central diagnostic overview of SCALANCE WLC711

Apart from the central management and the configuration of the radio network, SCALANCE WLC711 also enables a clear error recording, monitoring of the radio network, and documentation of network statistics. Figure 2-2

2 Solution


V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

2.2.2 Virtual subnets

SCALANCE WLC711 enables dividing the IWLAN radio infrastructure into logic, service-based networks (VNS; Virtual Network Services). Various services, safety requirements and access criteria can be reliably managed and assigned to different user groups, such as administrators, commissioners, or visitors. A VNS is therefore also always connected with a VLAN (see chapter 4.2.1). The following graphic shows the division of the network in this application example: Figure 2-3

VNS 1

VNS 2

2 Solution


Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

2.2.3 Description of the user scenarios

The table below shows the scenarios presented in this application. Dividing the network into two logic networks and respective access criteria makes the scenarios available for selected components only. Table 2-1

No. Application Description Enabled for ...

1.

ICMP The WLAN client (PC) can transmit a ping to SCALANCE W748.

VNS 1

2. FTP The FTP client can regularly exchange data with the FTP server.

VNS 2

3. TELNET A remote configuration of the WLAN clients is possible via the TELNET application.

VNS 2

4. HTTP The PC can connect to the web server of the WLAN client via a web browser.

VNS 2

Figure 2-4

FTP

PC 1

ClientSCALANCE W748

ClientPC

PC 2

FTP Client

HTTPTELNET

TELNET ClientFTP ServerWebbrowser

SCALANCE X310

ClientSCALANCE W748

ICM

P

2 Solution


V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

2.3 Hardware and software components

This application was generated using the following components:

Hardware components Table 2-2

Component Qty. Order number Note SCALANCE WLC711 IWLAN controller

1 6GK5711-0XC00-1AA0 Country approval outside North America, Canada and Japan

Controller access point SCALANCE W788C-2 RJ45

2 6GK5788-2FC00-1AA0 With RJ45 port

WLAN client IEEE 802.11n SCALANCE W748-1 RJ45

2 6GK5748-1FC00-0AA0 For operation outside the USA

Antennae ANT795-4MA 17 6GK5795-4MA00-0AA3 SCALANCE X310 1 6GK5310-0FA00-2AA3 PC 1 With WLAN radio interface PC 3 A PC is used as configuration PC. IE FC TP STANDARD CABLE

6 6XV1840-2AH10 IE connecting cable

RJ45 plug connector 12 6GK1901-1BB10-2AA0 Can be integrally molded

Standard software components Table 2-3

Component Qty. Note

FTP client software 1 FTP server software 1 TELNET client 1 TELNET clients can be called up as a standard on all standard

operating systems under the name telnet. On a Windows 7 PC, the TELNET client must be explicitly activated first.

Web browser 2 A web browser exists on all standard operating systems. Primary Setup Tool 1 The addressing tool can be downloaded via the Service &

Support page (entry ID: 19440762) http://support.automation.siemens.com/WW/view/en/19440762


3 SCALANCE WLC711 Product Description


Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

3 SCALANCE WLC711 Product Description 3.1 Description and application

Application The demands on WLAN in industry, as well as the diversity of possible applications and uses have been continuously increasing within recent years. Today, aspects such as higher performance and data rates, as well as reduced management workload for the network pose new challenges. As a response, a further architecture has established itself in WLAN networks: The controller-based architecture. With this architecture, the access points are no longer operated as standalone units, but controlled by an IWLAN controller. Management data as well as the user data can be transferred to and from the individual access points via the controller. With SCALANCE WLC711, the SIMATIC NET portfolio provides the option of a controller-based IWLAN.

Description The IWLAN controller SCALANCE WLC711 is a network device for the central management of a wireless LAN in industrial environments. It provides support for commissioning, diagnosis, access control and the security settings of the wireless network, as well as for firmware updates for the access points. Figure 3-1

At the SCALANCE WLC711 only controller-based access points can be operated: SCALANCE W access points W78xC other devices (third-party devices) in 3rd party mode



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Basic hardware The basic hardware is a IPC427C (SIMATIC Microbox) without fan with two separate Gigabit Ethernet interfaces: Management port (interface “admin”): the configuration data is transferred at

this port with 10/100/1000 Mbps. Data port (interface “esa0”): the data is transferred at this port with

10/100/1000 Mbps. Additionally, the SCALANCE WLC711 also has the following interfaces: 4 USB 2.0 ports Serial interface RS232 for 9-pole D-Sub connectors (COM1)

Properties SCALANCE WLC711 is distinguished by the following characteristics: Central configuration and firmware upgrading of access points via a user

interface in the controller. “Wireless Assistant Home Screen” for monitoring the network on the screen in

real-time. Assigning properties to groups of users, devices, and services. Role-based security functions (authentication, intrusion detection, rogue AP

detection, firewalls, etc.). Quick Layer2 and Layer3 roaming (e.g. for logistic scanner and VoIP). Expanded QoS functions ensure IP prioritizing end-to-end for voice, video &

data. RF management (automatic setting of channels and transmission power). Reliable meshed WLAN trough redundant paths: in the case of a failed

connection or access point, the network and the package route are automatically reconfigured.

Internal and external captive portal (guest portal): the guest is automatically redirected to a login website where he needs to enter his login data.

Note Further detailed information on SCALANCE WLC711 is available on the Service & Support page (see \4\ in chapter 10 (Links & Literature))



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Services For network control and organization, SCALANCE WLC711 supports a number of functions and mechanisms: Layer 2 switch and layer 3 router functionality VoIP routing Encryption methods

– WEP – WPA

Version 1 with TKIP encryption Version 2 with AES-CCMP encryption

Secure access to the guest portal via SSL protocol HTTP(s), TFTP, TELNET, ICMP and SNMP (v2, V3) Syslog for diagnostic purposes VLAN DHCP server RADIUS authentication Clock synchronization via NTP



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

3.2 Operating the SCALANCE WLC711

Configuration The configuration of SCALANCE WLC711 and the access points is performed web-based via the web-based management (WBM) user interface. The following requirements must be met for this: All components must have been connected and set up correctly. A PC must be connected with the management port of SCALANCE WLC711

via Ethernet cable. The Ethernet interface of the PC and the management port of SCALANCE

WLC711 must have the same subnet configuration. In the delivery state, the management port has the IP address 192.168.10.1. This preset IP address can be changed by the WBM.

The web interface of SCALANCE WLC711 can be accessed via the address https://192.168.10.1:5825.

The access to the WBM user interface requires a login at the controller. In the delivery state, the following login data is stored: – User name: admin – Password: abc123 It is recommended explicitly to change the default administrator password.

Note The access to the web interface of SCALANCE WLC711 is provided via a secure https connection and requires verification via certificates.

In the case of a security query being displayed in the web browser, acknowledge it to continue with downloading the website. The security query is caused by the preinstalled, self-signed certificate. There is the option of installing an own certificate.

Initial configuration of SCALANCE WLC711 After the initial registration at the controller, a wizard automatically appears for the basic configuration of the WLC. Amongst other things, the following points are set here: Time stamp and time zone. Configuration of the Ethernet interfaces (admin and esa0-port). Deactivation/activation of routing, SNMP, Syslog and RADIUS. Changing the login password.

For a modification afterwards, the wizard can be called up at any time via the menu command "Wireless Controller > Installation Wizard".

Creating a backup The configuration files are saved directly on the SCALANCE WLC711. However, there is the option of saving and securing this data as a backup and / or transferring it to other SCALANCE WLC711.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Shutting down and switching off In order to prevent data loss it is advised to shut down and switch off the SCALANCE WLC711 via the web interface. The following options are available: Reboot: the system is shut down and restarted. Shutdown power: the system is shut down safely. All services and applications

are stopped.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed


4.1 Setting up a controller-based IWLAN

4.1.1 Physical setup

A conventional WLAN is generally set up and managed by intelligent access points. All WLAN functions are centralized in the access points. With SCALANCE WLC711, the SIMATIC NET expands the product portfolio of wireless network devices by a solution for a scalable, flexible and future-proof WLAN environment. The access points of a classic WLAN are therefore separated into a central unit (IWLAN controller) and so-called fit access points. With a single SCALANCE WLC711 this setup enables controlling several access points and facilitates administration and management of a large network. Amongst others, the tasks of the controller include: Activating the access points. Handling the data traffic of the access points. Sending or forwarding the data to the network. Authentication of requests and application of access policies.

Additionally, further elements typical for a WLAN can be integrated into the network: RADIUS server (Remote Access Dial-In User Service) or other authentication

servers DHCP server (Dynamic Host Configuration Protocol) SLP (Service Location Protocol)

4.1.2 Logic network division

SCALANCE WLC711 enables dividing the network into logic, service-based networks (VNS). Various services, safety requirements and access criteria can be reliably managed and assigned to different user groups, such as administrators, commissioners or visitors. Furthermore, a network topology can be assigned to each VNS, in order to divide the processing functions between the controller and the access points. Depending on the network topology and the user-specific requirements, the data traffic is directed in an intelligent manner locally or back via the controller. The VNS architecture provides optimal performance and optimal traffic flow separately for each application and ensures the support for applications with high band-width.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

4.2 Flexibility and dynamics through VNS

4.2.1 Virtual Local Area Network (VLAN)

Description VLANs are virtual network segments in a physical network which are assigned to the nodes per configuration. The SCALANCE of the X-300 and X-400 series as well as the SCALANCE W modules support the port-based VLAN. For the configuration of the VLANs a VLAN ID is assigned to the individual ports of a SCALANCE. Multicast and broadcast message frames are only possible within these boundaries, i.e. between ports with identical VLAN ID. This segmentation reduces the network load, since broadcasts are limited to a sensible number of end systems. VLANs also increase the network safety, since nodes can no longer hear the data traffic unless they are a member of this VLAN. For identifying which package is assigned to which VLAN, the Ethernet frame is expanded by 4 bytes (VLAN tagging). Apart from the VLAN ID, this expansion also contains priority information.

Port assignment for VLAN For the assignment of a port to a VLAN it must be determined whether the frame at the port shall be sent with tag (i.e. with the expanded Ethernet package by 4 bytes) or without. If the node behind it is an end station (PC, controller etc.), the frame must be sent without tag (“untagged”; for SCALANCE X: identifier “U”). If the port on the other hand is connected with a different switch, the frame is sent with tag (“tagged” or “Member”; for SCALANCE X: identifier “M”).

VLAN assignment of this application In this application example, two logic service-based networks (VNS) are set up, with a VNS being segmented by a VLAN. The following graphic (reduced to the involved components) shows the interaction of VNS and the port-based VLANs. Figure 4-1

VNS 1 / VLAN 1

VNS 2 / VLAN 10



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

4.2.2 What is a VNS?

Introduction Using the Virtual Network Services enables grouping certain mobile users, devices and applications in order to provide them with their own service levels, access rights, encryption and device authorization. On each access point several VNS segments can work, which enables unique flexibility.

Properties A VNS is characterized by the following properties: A unique name is assigned to each VNS. An SSID is assigned to each VNS which needs not be unique. Each VNS is connected to a VLAN. All nodes of a VNS are in the same

network. A joint policy is used within a VNS. Additionally, specific filter methods can be

employed if the wireless node was authenticated by a RADIUS server. For each VNS the type of the data flow can be explicitly determined.

4.2.3 Data flow control in a VNS

Classic WLAN solutions require the network administrator to choose between a centralized and a distributed architecture.

Centralized architecture A centralized architecture is characterized by the entire data traffic being transmitted back to a central controller. Any processing and roaming functions are taken on by the controller. The decisive advantage is that the performance, especially for real-time applications, is increased, hence, guaranteeing short roaming times and reduced jitter. However, particularly for larger WLANs and additional IEEE 802.11n usage (with data rates up to 450 Mbit/s) this may cause considerable data jams and bottlenecks in the bandwidth.

Distributed architecture For the distributed architecture, there is no retransmission to SCALANCE WLC711, which extends the processing and roaming times of the data packages. Uninterrupted transmission – as demanded for VoIP applications, for example – is not guaranteed.

Implementation in SCALANCE WLC711 A significant advantage of SCALANCE WLC711 is the simultaneous support of these two models: It controls the data flow by demanding the retransmission of data to itself or enabling local forwarding directly to the access point. For local data processing, the data is not transmitted back to the controller; however, the access point is still managed centrally by the controller. For any VNS, the network administrators can select how the data traffic shall be handled so the WLAN infrastructure can be adapted to all applications (complex language, video and data applications) and their requirements.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

The following variants can be connected with a VNS: Routed Bridge Traffic Locally at AP (Bridged@AP) Bridge Traffic Locally at WLC (Bridged@WLC).

Routed For this variant, the entire data traffic of the WLAN clients is forwarded to a router via the controller. Figure 4-2


Access Point SCALANCE W788C Client

SCALANCE W748

PC

Company network

Data traffic

Router



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Bridge Traffic Locally at WLC (Bridged@WLC) This variant reflects the centralized architecture. The data traffic of the clients and from the company network is forwarded to the data port of the SCALANCE WLC711 via a tunnel and processed there. If the data traffic is directed beyond subnet boundaries, the controller forwards the data packages to a router. All policy, VLAN and topology assignments are performed at the controller and not at the access point (see Bridge Traffic Locally at AP (Bridged@AP)) Figure 4-3


SCALANCE X310


SCALANCE W748

PC

Company network

Data traffic



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Bridge Traffic Locally at AP (Bridged@AP) This variant reflects the distributed architecture. The data traffic of the clients is processed directly at the ports of the respective access point and forwarded on demand. Figure 4-4 IWLAN Controller SCALANCE WLC711

SCALANCE X310


SCALANCE W748

PC

Company network

Data traffic



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

4.2.4 Components of a VNS

Structure A VNS can be divided into two main categories: WLAN services Policies

Both categories contain a number of components which enable the following settings: Assignment of the radio interfaces SSID information VLAN settings Radio frequency Security assignment Quality of service Topology Operating mode (infrastructure, meshed etc.) Data flow control

The following graphic shows the structure of the VNS concept: Figure 4-5

VNS

WLAN Service Policies

SSID

Radio attributes

Encryption

QoS Topology Filter rules

CoSOperating mode

The most important actuators of a VNS are: Topology Policy Class of Service WLAN service

These components can be configured separately and then be assigned to a VNS. Alternatively, they can also be configured during the process VNS generation.

Note The components are briefly described below. For more detailed information, please refer to the SCALANCE WLC 711 manual at \3\ in chapter 10 (Links & Literature).



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Topology A topology represents the network in which SCALANCE WLC711 and the respective access points communicate. The most important attributes here are: Definition of the topology name. Assignment of a VLAN ID and tagging options. Establishing an IP address for SCALANCE WLC711 in this VNS (optional). Determining the data flow control in this VNS:

– Physical – Routed – Bridge Traffic Locally at AP (Bridged@AP) – Bridge Traffic Locally at WLC (Bridged@WLC).

Specification of the permitted data traffic to SCALANCE WLC711. Integration of certificates.

Figure 4-6



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Policy A policy is a collection of guidelines for controlling the network access via wireless and cable-based infrastructures. The configuration of the policy is always connected to a topology as well as a class of service. Depending on the selection of data flow control (adjustable in “Topology”) up to three policies can be assigned to a VNS: Non-authenticated default policy for the data traffic of all non-authenticated

clients. Authenticated default policy for the data traffic of all authenticated clients. Third-party access point policy for the data traffic of third-party access points.

By default, the policy corresponds to authenticated users of the policy for non-authenticated users. Figure 4-7



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

The Filter Rules of a policy can ensure that only authorized persons have access to the network or service defined in “Topology”. Figure 4-8

Several attributes can be set for filtering. The meaning is illustrated in the following table: Table 4-1

Attribute Description Rule Identifies the type of filtering:

D - Default rule I - Internal rule T - Rule for the internal interface U - User-defined rule

In Relates to the data-traffic into the cable-based network. The following options are available: Destination (dest) Source (src) None Both

Out Relates to the data-traffic coming from the cable-based network. The following options are available: Destination (dest) Source (src) None Both

IP : Port Identifies the target IP address and port to which this filter relates. Protocol Determination of the respective protocol. ToS / DSCP Determines the classification and prioritization of the IP data package. Access Determines whether the data package is allowed (Allow) or denied (Deny). CoS Determination of the Class of Service



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Class of Service Class of Service defines a set of attributes for the classification of data packages. The classification is realized by the: QoS marking

– Layer 2 level: IEEE 802.1p. – Layer 3 level: ToS / DSCP marking.

Defining the coming / going data boundary. Determination of the transmission sequence.

Each service class has its own priority which defines how the data package is treated processed in comparison to other packages (e.g. when load peaks occur). For dividing the priorities, CoS has 8 stages; from 0 (no priority) to 7 (highest priority). Prioritizing is necessary to guarantee a low latency or a high data security for networks used to capacity. As opposed to the quality of service (QoS), CoS cannot assign band widths but transfers the data package as well as possible (best effort principle). Figure 4-9



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

WLAN service The WLAN service comprises all basic WLAN settings such as: Definition of the WLAN environment Security mechanisms (“Privacy”) Authentication Quality of Service

The configuration of the WLAN environment in the “WLAN Services” tab includes: Definition of a WLAN name (SSID). Operating mode of the WLAN

– Standard – WDS – Mesh – Third-party AP – Remote

The assignment of a topology and a class of service (unless already assigned by the policy).

Assigning the radio interfaces of the registered access points. Deactivation/activation of the WLAN environment.

Figure 4-10



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

In the “Privacy” tab, the security mechanisms for the communication can be determined (see also chapter 9.3). Figure 4-11

If there is the requirement that the WLAN clients shall be explicitly authenticated, this can be defined in the “Auth & Acct” tab (Authentication & Accounting). The following options are available for authentication: 802.1X Captive portal with the options

– Internal – External – Guest Portal – Guest Splash

Figure 4-12

If the 802.1X authentication has been selected, the WLAN client must – before it is granted access to the network – successfully complete the authentication procedure via a RADIUS server. With the captive portal method, the WLAN clients are only granted access to the network if they previously log on to a website (captive portal) with ID and password. SCALANCE WLC711 verifies this logon data and approves or blocks the access to the network.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

An integral part of the WLAN service is also the assignment of a “QoS” (service quality) for the WLAN environment. QoS is a method for influencing the data traffic to a network so a time-critical service (such as VoIP, online conferences) arrives at the receiver with a defined quality. This is technically realized by prioritizing the data packages, through band width reservation and through band width limitation. For the WLAN the following QoS modes can be selected: Legacy: here, the access point classifies and prioritizes the downlink data

traffic for all WLAN clients. WMM: if WMM has been activated, the access point accepts connections from

WMM clients. Classification and prioritizing of the downlink data traffic of the WMM clients is handled by the access point, of the uplink data traffic by the WMM clients.

802.11e: in this mode, the access point accepts connections from 802.11e clients. Classification and prioritizing of the downlink data traffic of the 802.11e clients is handled by the access point, of the uplink data traffic by the 802.11e clients.

Turbo Voice: Turbo Voice is only available if one of the above mentioned modes has been activated. If this mode is active, the downlink data traffic classified as Voice AC is treated separately from the access point.

Figure 4-13



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

5 Access Points as Central Wireless Bridge 5.1 Usable access points

To be able to use the advantages of a controller-based WLAN architecture, fit access points are used. The function of these modules is reduced to a mere radio transmission, since the SCALANCE WLC711 takes on the task of central control and monitoring. Physically, access points are connected with SCALANCE WLC711 by means of a joint, wire-based network which they use to exchange configuration, management or diagnosis data. The following access point can be used for the operation with SCALANCE WLC711: SCALANCE W786C-2 RJ45 SCALANCE W786C-2IA RJ45 SCALANCE W788C-2 RJ45 SCALANCE W788C-2 M12

5.2 Registration options

Only access points which register at the SCALANCE WLC711 with their serial number are also centrally managed and configured by it. The registration can be performed in two ways: Automatic logon Manual registration

Automatic logon As soon as an access point was switched on, it automatically searches the network for a SCALANCE WLC711 and its IP address. If the search for a suitable SCALANCE WLC711 was successful, the access point automatically registers at the device.

Note For more detailed information on the sequence of the search process, please refer to the SCALANCE WLC 711 manual at \3\ in chapter 10 (Links & Literature).



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

To enable an automatic logon by the access points, the security mode and the maximal search time must be defined in the SCALANCE WLC711: Figure 5-1

In the safety mode, two options can be selected: Allow all Wireless APs to connect

– If the serial number of the access points is not known, a new registration entry is automatically created. The access point receives a default configuration.

– If the serial number of the access point is known, SCALANCE WLC711 authenticates the device by means of the existing registration entry and sends the already existing configuration to the access point.

Allow only approved Wireless APs to connect – If the serial number of the access points is not known, a new registration

entry is automatically created and assigned the "Pending" state. For the access point to be able to receive status changes, SCALANCE WLC711 only sends a minimal configuration to the device. This minimal configuration enables an already existing connection to be continued. Access points with the status "Pending" cannot be configured and do not receive a default configuration until they manually receive the status "Approved".

– If the WLC recognizes the serial number of the access point, it authenticates the device by means of the existing registration entry and sends the already existing configuration to the access point.

Note At the initial configuration of the network it is advised to activate the "Allow all Wireless APs to connect" option. This enables registering several access points at the same time.

After the network configuration has been completed, it is recommended to activate the "Allow all Wireless APs to connect" option. This setting prevents unauthorized login at the SCALANCE WLC711.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Manual registration Apart from the automatic logon, there is also the option to register the access points by manually entering their serial number at the SCALANCE WLC711. A default configuration is initially assigned to these devices. Figure 5-2

Note It is recommended to first enter the serial number into the web-based management and only then physically connecting the access point to the network.

In this way, the serial number is known in advance to the controller and authenticates the access point accordingly.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

5.3 Configuration of the access points

Default configuration At the first registration, the access points receive default settings which can be changed. On the individual configuration pages the default values for using the WLAN (Common Configuration) as well as the parameters for various access point types (AP36xx, W786 and W78xC) can be set. Figure 5-3



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Bulk configuration If in the infrastructure the same access point type occurs several times, there is the option of multiple configurations (bulk configuration). Parameters and settings which apply to all devices can be used quicker and more efficiently on several access points. Examples are: the used antennae, deactivation/activation of the various services, country settings etc.

Figure 5-4



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Single configuration Each access point can be configured and set individually via the single configuration. Figure 5-5

6 Installation


V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

6 Installation This chapter describes the hardware and software components that need to be installed. The descriptions and manuals as well as delivery information included in the delivery of the respective products must be observed in any case.

6.1 Hardware installation

For description of the hardware components, please refer to chapter 2.3 (Hardware and software components).

Figure 6-1 IWLAN Controller SCALANCE WLC711

PC 1 X310

Access Point 1 W788C-2

Access Point 2 W788C-2

Client W748

Client W748

ClientPG

PC 2

FTP Client

TELNET clientFTP ServerWeb browser

Configuration PC

6 Installation


Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

To set up the hardware, please follow the instructions in the below table: Table 6-1

No. Action 1. Connect the following modules with the SCALANCE X310 via the integrated Ethernet interface:

Port 1: PC 1 Port 2: Access Point 2 Port 3: SCALANCE WLC711 (LAN1 interface) Port 4: Access Point 1

2. Connect PC 2 to the WLAN client SCALANCE W748.

Connect all components to a 24 V power supply. For this purpose, use either terminal strips or multiple power supply units.

Note Always follow the installation guidelines for the components.

6.2 Software installation

Installation of the software package on the configurations PC The Primary Setup Tool will be installed on this PC. Follow the instructions of the installation program.

Installing the software packages on PC 1 This configuration requires the following software packages: FTP server TELNET client

Follow the instructions of the installation programs.

Installing the software packages on PC 2 This configuration requires the FTP client software package: Follow the instructions of the installation program.

7 Configuration and Startup


V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

7 Configuration and Startup 7.1 Overview of the steps

All necessary steps for setting up the configuration example are explained and illustrated in this chapter. In detail these are the following instructions: Table 7-1

Action Chapter

Initial configuration Setting up the PC 7.3 Changing the IP addresses by means of PST 7.4 Configuration of the SCALANCE X310 7.5 Basic configuration of the SCALANCE WLC711

7.6

Extended configuration Registration of the access points 7.7 Configuration of the access points 7.8 Configuration of the VNS 7.9 Connecting the access points to the VNS 7.10 Setting up the WLANs in the WLAN clients 7.11 Creating filter rules 7.12

Note To ensure a successful configuration, it is important to perform the steps according to instruction and in the right sequence.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

7.2 Basic configuration instructions

Requirement When configuring the devices, it is assumed, that all devices are in the delivery state and the default settings apply. If this is not the case, please reset your components to the factory settings. An instruction is available in the respective manual of the device (see chapter 10 (Links & Literature)).

Overview Prior to configuring this SCALANCE WLC711 example, all of the devices must be configured. The following overview picture shows which devices and necessary configurations these are:

Figure 7-1

WLC711

X310

W748

W748

ClientPC

Configuration PC

•Basic installation•Access points•VNS

VLAN

WLAN

WLAN

WLAN

192.168.10.1

192.168.22.101

172.168.2.1

192.16.100.28

172.168.2.2

192.168.10.100192.168.22.100172.168.2.100

192.16.100.100

W788C-2 (“AP_1”)

W788C-2 (“AP_2”)

PC 1

192.16.100.1

192.16.100.2

PC 2

Web-based management INC (Industrial Network Component) devices, as for example a SCALANCE X or SCALANCE W7xx, are configured via your web-based management. You reach the web-based management by entering the address http://<IP address of the device> in an internet browser. An exception is the SCALANCE WLC711: it requires a safe connection as well as entering a port number. Here, the address is https://<IP address of the admin ports>:5825.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Each web-based management requires a login. The stored default values are the following registration data: SCALANCE X / W: User name and password: admin SCALANCE WLC711: User Name: admin; Password: abc123

For the SCALANCE X and W devices (except for SCALANCE WLC711 and controller-based access points) the web-based management can also be opened directly via the Primary Setup Tool (PST).

Note The configuration of the devices is performed via the configuration PC.

An Ethernet connection between configuration PC and network component as wall as an identical network ID are a prerequisite.

7.3 Setting up the PCs

Configuration PC All configurations are performed using the configuration PC. This requires the PC to be located in a subnet with the respective network component. In order to prevent changing the PC IP address several times, there is the option to assign several IP addresses to the PC network card. The following IP addresses are used: Table 7-2

IP address Application

192.168.10.100 For configuring the SCALANCE WLC711 192.168.22.100 For configuring the SCALANCE X310 172.16.2.100 For configuring the SCALANCE W748 for AP_1 192.16.100.100 For configuring the SCALANCE W748 for AP_2

The subnet mask is always 255.255.255.0.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Table 7-3

No. Action Remarks 1. To change the network

address you open the internet protocol (TCP/IP) properties via “Start > Settings > Network Connection > Local Connections”. Enter the next required IP address according to Figure 7-1. To enter further IP addresses you click on Advanced….

2. Click on Add….



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 3. Enter the next required IP

address and subnet mask. Adopt the IP address with Add.

4. Repeat step 2 and 3 for the next

two IP addresses. After all addresses have been assigned you successively close all dialogs with OK.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

PC 1 and PC 2 Change the IP address of PC 1 and PC 2 in the following way:

Table 7-4


address you open the internet protocol (TCP/IP) properties via “Start > Settings > Network Connection > Local Connections”. Enter the IP address according to Figure 7-1. Close all dialog boxes by clicking OK.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

PC with WLAN Change the IP address of the PCs in the following way:

Table 7-5


address you open the internet protocol (TCP/IP) properties via “Start > Settings > Network Connection > Wireless Network Connections”. Enter the IP address according to Figure 7-1. Close all dialog boxes by clicking OK.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

7.4 Application of the PST for IP address and WBM

All SCALANCE X and W devices (except for SCALANCE WLC711 and controller-based access points) can be conveniently addressed with the Primary Setup Tool and then be configured via the web-based management. The following instruction shows the principle of address assignment and the start of the web-based management at the SCALANCE X310.

Table 7-6

No. Action Remarks 1. Connect the configurations PC

with the network component via the integrated Ethernet interfaces (for this example with port 5 of SCALANCE X310).

2. Open the PST by clicking “Start > SIMATIC > Primary Setup Tool > Primary Setup Tool”.

3. If you have installed several

network cards in the PC, select the suitable network card via “Settings > Network Adapter”.

4. Press F5 to start the network search. The network component is displayed in the tree view. Detailed information on the device appears by marking the entry in the details view.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 5. The display of the interfaces

opens by clicking on the plus sign or on the device symbol. Click on the Industrial Ethernet interface.

6. Enter the IP address assigned to

the device (see Figure 7.1). In this example this is 192.168.22.101. The subnet mask is always 255.255.255.0.

7. Select the module in the tree

view to load the configuration data to the device. Start the download via “Modules > Download” or click on the marked icon in the toolbar. Note: As long as an interface is marked and the input mask for the configuration data is displayed, the configuration data cannot be downloaded.

8. To start the web-based management you select the device. Select the menu command “Modules > Start INC Browser” or click on the selected symbol in the toolbar Note: If the menu command and the module symbol are deactivated, there is no web-based management for the selected module.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 9. The web-based management

opens (in this example SCALANCE X310).

Note SCALANCE WLC711 and the controller-based access points cannot be detected or addressed via the PST.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

7.5 Configuration of the VLAN in SCALANCE X310

Overview In order for the components from VNS 2 and VNS 1 to be able to exchange data, the ports at the SCALANCE X310 for VLAN 10 and VLAN 1 must be configured accordingly. The following table illustrates the required port configuration: Table 7-7

Port Filter VLAN 1

Filter VLAN 10

Connected component

1 - U PC 1 (end device); coming data packages are forwarded to the PC for VLAN 10 WITHOUT VLAN tag. Providing the input filter has been configured accordingly, data packages from the PC are supplemented by VLAN-ID 10. Data packages with VLAN ID 1 are not forwarded.

2 U M Access Point AP_2; data packages are forwarded WITH VLAN tag for VLAN 10 and without for VLAN 1.

3 M - SCALANCE WLC711; data packages with VLAN ID 10 are not forwarded. Data packages for VLAN 1 are forwarded WITH VLAN tag.

4 U - Access Point AP_1; data packages with VLAN ID 10 are not forwarded. Data packages with VLAN ID 1 are forwarded WITHOUT VLAN tag.

Requirement Requirement for the configuration of SCALANCE X310 is a direct connection between the configuration PC and port 5 of SCALANCE

X310. a valid IP address of SCALANCE X310 the start of the web-based management.

Perform the steps described in Chapter 7.4 (Application of the PST for IP address and WBM).

Configuration For configuring the SCALANCE X310, proceed as follows:

Table 7-8

No. Action Remarks

1. Log on at the web-based management with the default login data. User: admin Password: admin



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 2. In the delivery state the ring

ports are activated. To switch them off, navigate to “X-300 > Ring Config”. Set the redundancy mode to Disabled. Accept the settings with Set Values.

3. Navigate to menu item Switch and select the sub-item VLAN. The current VLAN configuration is displayed. Create a further VLAN with New Entry.

4. Assign number 10 and a freely selectable Name as the VLAN ID. In this example VNS2. Keep clicking on the white square next to ports 1 and 2 until the desired filter attribute (U for Untagged, M for Member (tagged)) appears. For Port 1: U For Port 2: M Accept the settings with Set Values.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 5. Click on the plus sign for VLAN.

Select the submenu Ports for configuring the Input filter. Click on Port 1.

6. Assign number 10 as the Port VLAN ID. Accept the settings with Set Values.

7. Navigate to sub-item VLAN. Click on Default VLAN 1.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 8. Port 1 shall no longer be a

member of VLAN 1. At port 3 the data port of SCALANCE WLC711 is connected which must forward the tagged data packages. Keep clicking the white square next to ports 1 and 3 until the desired filter attribute appears. For Port 1: -. For Port 3: M For the remaining ports you keep setting “U”. Accept the settings with Set Values.

9. The configuration of the SCALANCE X310 has now been completed.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

7.6 Basic configuration of the SCALANCE WLC711

Overview After the initial registration at the controller, a wizard automatically appears for the basic configuration of the WLC. Here, all of the settings necessary for setting up a functioning SCALANCE WLC711 solution.

Note The wizard enables a quick setup of the SCALANCE WLC711. Only those settings are made which are necessary for the integration of SCALANCE WLC711 into the network.

After successfully completing the basic installation, you can go through configuration on more time and make changes if necessary.

Requirement A requirement for the configuration is the opened user interface (wireless assistant screen) of the SCALANCE WLC711. Connect the configuration PC to the admin port of the SCALANCE WLC711. On the configurations PC you open an internet browser and enter https://192.168.10.1:5825 into the address bar. The connection with SCALANCE WLC711 is made via an encrypted SSL connection. If necessary – rate the certificate as “trusted”.

Configuration For configuring the SCALANCE X310, proceed as follows:

Table 7-9

No. Action Remarks

1. The basic installation starts with the definition of place and time as well as the configuration of the data ports of the WLC. Enter all of the information on your time zone in the Time Settings section. In this example the Continent Europe, the Country Germany and the Time Zone Region Berlin. In the Topology Settings section, the physical interface of the WLC which is to work as data port is selected. Select the following settings: Topology: physical_1 VLAN ID: 1 Tagged Port: esa0 IP address:172.16.100.254 Netmask: 255.255.255.0

Click on Next.

https://192.168.10.1:5825/



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 2. On the Management page you

configure the admin port of the WLC, via which the configuration data is transferred. Keep the default settings in the Management Port section. Deactivate SNMP, Syslog and OSPF. Click on Next.

3. On the Services page, functions

such as Authentication, Mobility and the default VNS can be activated. Deactivate all services. Close the basic installation with Finish.

4. The Success page appears.

SCALANCE WLC711 has now been configured and can be used. Click on the Close button. Note: Here you also have the option to change the registration data for the web-based management.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

7.7 Registration of the access points

Overview As soon as an access point was switched on, it automatically searches the network for a SCALANCE WLC711 and its IP address. If the search for a suitable SCALANCE WLC711 was successful, the access point automatically registers at the device.

Requirement After restoring the factory settings, access points have no valid IP address; the search for a SCALANCE WLC711 yields no result. The simplest method of IP address assignment is via DHCP. WLC has an internal DHCP server. With this option, the data port becomes a local DHCP server and assigns a temporary IP address to the access points. Connect the configuration PC to the admin port of the SCALANCE WLC711. On the configurations PC you open an internet browser and enter https://192.168.10.1:5825 into the address bar.

Table 7-10

No. Action Remarks 1. To activate the internal DHCP

server you go to the “VNS Configuration > Topologies > physical_1” menu In section Layer 3 - IPv4 you change the DHCP parameter to Local Server and click on Configure.

https://192.168.10.1:5825/



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 2. Enter a gateway address. In this

example 172.16.100.253. Click on Apply.

3. Secure the changes with Save.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Registration The access points are displayed on the user interface of SCALANCE WLC711 at “Wireless APs > APs”. Figure 7-2

Since the safety mode in SCALANCE WLC711 is set to the “Allow all Wireless APs to connect” option (default setting), the access points are immediately set to the “Approval” state and receive a default configuration. Figure 7-3



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

7.8 Configuration of the access points

Overview The user interface (wireless assistant screen) of SCALANCE WLC711 only serves for the configuration of the access points. For this example configuration only the most important configurations are made. These include: Definition of the radio antennae Country settings Setting up the radio interface Name assignment for the access points Assignment of the VNS (see chapter 7.9)

Requirement A requirement for the configuration of the access points is a successful registration at the SCALANCE WLC711. For the configuration of the access points you connect the configuration PC to the admin port of the SCALANCE WLC711. On the configurations PC you open an internet browser and enter https://192.168.10.1:5825 into the address bar.

Bulk configuration If in the infrastructure the same access point type occurs several times, there is the option of bulk configuration.

Table 7-11

No. Action Remarks 1. Go to “Wireless APs > Bulk

Configuration > AP Multi-edit Settings”. Select SCALANCE W788C-2-RJ45 as the Hardware type. All access points in the Wireless APs list corresponding to this type are automatically marked.

https://192.168.10.1:5825/



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 2. For five categories there is the

option of bulk configuration. For this application example, only the first two sections (AP Properties and Radio Settings) are used.

3. For AP Properties you define

the following parameters: Country: Germany Radio antennae: ANT795-

4MA-[3dBi;5dBi]. Secure the changes with Save. Note: Changes to these parameters may cause a reboot of the access points.

4. Select SCALANCE W788C-2-

RJ45 as the Hardware type again, if necessary. For Radio Settings you define the following parameters. Admin Mode:

– Radio 1&2 : On Radio Mode:

– Radio 1 : a/n – Radio 2 : b/g/n

Channel Width: – Radio 1&2 : 20MHz

Secure the changes with Save.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Single configuration Most of the parameters have already been set during the bulk configuration. Individual parameters can now be changed via the single configuration.

Table 7-12

No. Action Remarks 1. Go back to “Wireless APs > AP”.

First, the access point connected with Port 4 of SCALANCE X310 is configured. To detect this access point, compare the serial number at the access point casing with that listed in the All APs list. Click on the respective list item.

2. In the AP Properties tab you

change the name to AP_2. Secure the settings with Save.

3. Go back to “Wireless APs > AP”.

Next, the access point connected with Port 2 of SCALANCE X310 is configured. Click on the respective list item.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 4. In the AP Properties tab you

change the name to AP_2. Secure the settings with Save.

5. The access points are now ready

for use.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

7.9 Configuration of the VNS

Overview SCALANCE WLC711 enables dividing the network into logic, service-based networks (VNS). Various services, security requirements and access criteria can be reliably managed and be assigned to different access points. In this sample application, two VNS are created: VNS 1 with the components

– “AP_1” – SCALANCE W748 – PC with WLAN

VNS 2 with the components – “AP_2” – SCALANCE W748 – PC 1 – PC 2

Figure 7-4

VNS 1

VNS 2

W748

W748

PC with WLAN

W788C-2 (“AP_1”)

W788C-2 (“AP_2”)

PC 1

PC 2



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Configuration For the configuration with the VNS installation wizard is used. The wizard supports you in creating a new VNS by prompting you to enter information during the configuration process which is required for configuring a VNS. After completing the configuration, the wizard creates a summary of the set parameters.

Configuration of VNS 1 For configuring the VNS 1 you proceed as follows:

Table 7-13

No. Action Remarks 1. Start the VNS wizard via “VNS

Configuration > New... > START VNS WIZARD”. The user interface of the installation wizard appears.

2. Assign VNS Wireless_AP1 as the Name for the VNS and select it as Category Data. Click on Next.

3. The Basic Settings user interface

appears. VNS has already been activated and a network name (SSID) been entered. Keep these settings. Since no authentication is required in this example application, you deactivate these in Authentication Mode by selecting Disabled. Select Bridge Traffic Locally at AP in Mode for selecting the data flow.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 4. When selecting the data flow,

further parameters become visible. Select Setting Tagged as VLAN Setting and enter 1 as the VLAN ID. Click on Next.

5. On the Privacy page, the

security mechanisms are defined. Select WPA-PSK. When selecting WPA-PSK, further parameters become visible. Activate WPA v.2 with the encoding method AES only. Assign a password (pre-shared key) for the WLAN as a string, e.g. "WLC711_AccessPoint1". Note: Memorize the password, since it must also be introduced to the WLAN clients. Click on Next.

6. In the Radio Assignment window the VNS can be connected to selected radio interfaces. Keep all settings on default values. The VNS can be assigned to one of both access points at a later point in time. Click on Next.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 7. On this page you can view and

verify all settings. If incorrect details have been entered, you can change the entry by pressing on Back to take you back to the desired configuration page. All other settings remain and need not be reconfigured. If the entries are correct, you click on Finish to get to the next page.

8. On the last page your settings

are confirmed. Click on the Close button to terminate the wizard. The VNS has now been configured.

9. The new VNS was accepted in

the list and the required actuators (WLAN Service, Policy, Topology) defined.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Configuration of VNS 2 The configuration of VNS 2 is performed analog to VNS 1. Repeat the steps of the VNS 1 configuration with the following parameters: VNS name: Wireless_AP2 VLAN settings: tagged with VLAN ID: 10

Figure 7-5

WPA-PSK (WPA v.2) with encryption method AES only Preshared key e.g. WLC711_AccessPoint2



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

7.10 Assigning the VNS

Overview The logic networks configured in chapter 7.9 (Configuration of the VNS) can now be assigned to the radio interfaces of selected access points.

Requirement Up to eight VNS can be assigned to a radio interface. If the maximal number has been reached, all further interconnections are ignored.

Configuration Assigning a VNS to a radio interface is enabled by the following steps:

Table 7-14

No. Action Remarks

1. For connecting the access points to a VNS you go to “Wireless APs > APs”. Click on the first access point AP_1.

2. Go to the WLAN Assignment

tab. The just created WLAN networks are listed. Assign the WLAN Wireless_AP1WLAN to the radio interfaces of AP_1. Secure the settings with Save.

3. In the access point list you click

on AP_2.

4. Go to the WLAN Assignment

tab. The just created WLAN networks are listed. Assign the WLAN Wireless_AP2WLAN to the radio interfaces of AP_2. Secure the settings with Save.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 5. In the navigation bar you go to

Home to open the Overview user interface. Here, the network status is displayed, amongst other things. Both access points are displayed as active and the two VNS as released.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

7.11 Configuration of the WLAN clients

Overview With the configuration of the last chapter, the WLAN infrastructure is prepared so the last nodes can now also be integrated into the network: the WLAN clients. In this application, the access points are assigned to the WLAN clients as follows: Access Point “AP_1”:

– SCALANCE W748 – PC with WLAN radio interface

Access Point “AP_2” with SCALANCE W748

7.11.1 Configuration of the SCALANCE W clients

Requirement The requirement for the configuration of SCALANCE W clients is a valid IP address and the start of their web-based management. Follow chapter 7.4 (Application of the PST for IP address and WBM) accordingly.

Configuring the SCALANCE W748 for AP_1 SCALANCE W748 is connected to access point AP_1 as follows:

Table 7-15

No. Action Remarks 1. Log on at the web-based

management with the default login data: Name: admin Password: admin Note: After the first logon, the password must be changed.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 2. In the navigation area you click

on “Interfaces > WLAN” and in the content area on the Basic tab. From the drop-down menu Country Code you select the country - as also configured in the WLC; in this example: Germany. Accept the settings with Set Values. Note: The WLAN interface "WLAN 1" can only be activated after the antennae have been configured.

3. To configure the antennae you go to the Antennas tab. For the three connections you select antenna ANT795-4MA. Accept the settings with Set Values.

4. Now go to the Client tab. At

WLAN 1 you enter the network name Wireless_AP1 into the input field SSID. The entry corresponds to the SSID of the access point. Deactivate checkbox Any SSID. Activate this SSID via checkbox Enabled. Click on the Set Values button.

5. To activate the WLAN interface, click on the Basic tab in the content area. In the WLAN1 line you activate the Enabled checkbox. Accept the settings with Set Values.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 6. To configure the security settings

you click on “Security > WLAN” in the navigation area and on the Basic tab in the content area. From the Authentication Type drop-down list you select item WPA2-PSK. Enter the WPA2 key into the WPA(2) Pass Phrase input field (pre-shared key) for VNS 1 (“WLC711_AccessPoint1”). Confirm the WPA(2) key. The entries in both fields must be identical Click on the Set Values button.

7. Go the “Information > WLAN”. If all entries are correct, SCALANCE W748 will have connected to access point “AP1” via the “Wireless_AP1” VNS.

Configuring the SCALANCE W748 for AP_2 The configuration of SCALANCE W748 for AP_2 is performed analog to the WLAN client for AP_1. Repeat the steps of the configuration for SCALANCE W748 for AP_1 with the following parameters: SSID name: Wireless_AP2 WPA-PSK2 key: WLC711_AccessPoint2



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Result In the SCALANCE WLC711 overview interface both clients are displayed as active stations. Figure 7-6

A list of all clients and reports on the connection is available by clicking the key symbol or via the “Home > Clients > All Active Client” menu. Figure 7-7



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

7.11.2 Configuration of the PC with WLAN

Requirement A requirement for the configuration of the PC is a valid IP address.

Configuration of the PC This section does not provide step-by-step instructions as the configuration screen masks differ for the numerous WLAN radio cards available on the market. The following section lists the settings you have to make in your PC to access the WLAN of VNS 1: The IP address of the radio card is 172.168.2.2. The SSID of the WLAN is Wireless_AP1. The encryption is WPA2-PSK with Cipher AES (respectively Auto). The Preshared Key used is WLC711_AccessPoint1.

7.12 Setting up the policies in VNS 2

Overview A policy is a collection of guidelines for controlling the network access via wireless and cable-based infrastructures. Per VNS two policy types are defined: Non-authenticated default policy for the data traffic of all non-authenticated

clients. Authenticated default policy for the data traffic of all authenticated clients.

Now, filter rules are defined using the example of the VNS 2 in order to only permit the data traffic required for the demonstration of the scenarios. Figure 7-8

It is important here to set the In filters and Out filters correctly: The In filter defines the data-traffic into the cable-based network. The Out filter defines the data-traffic from the cable-based network.

The selection options Source Destination Both

define how the given IP address must be interpreted. If the IP address is located in the WLAN network, it is the source from the point of view of the IN filter, but the destination for the OUT filter. If the IP address is located in the cable-based network, it is the destination from the point of view of the IN filter, but the source for the OUT filter. For “Both”, of the mentioned interpretation options of the IP address are combined.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Requirement A requirement for the configuration is the opened user interface (wireless assistant screen) of the SCALANCE WLC711. Connect the configuration PC to the admin port of the SCALANCE WLC711. On the configurations PC you open an internet browser and enter https://192.168.10.1:5825 into the address bar.

Configuration Table 7-16

No. Action Remarks 1. Open the security guidelines for

VNS 2 for “VNS Configuration > Policies > Wireless_AP2AuthPolicy”. Go to the Filter Rules tab.

2. You can create new filters via

Add.

https://192.168.10.1:5825/



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 3. First, the http communication is

adjusted. The scenario includes http access to the web server of SCALANCE W748 (192.16.100.28) from PC 1. Select the respective direction, enter the IP address of SCALANCE W748 and select http as the Port. Enable this rule with Allow. Confirm this rule with OK.

4. Two rules are created: for Port

80 and Port 8080. You can create further filters via Add.

5. Next, the TELNET

communication is adjusted. The scenario includes a TELNET connection to the server of SCALANCE W748 (192.16.100.28) from PC 1. Select the respective direction, enter the IP address of SCALANCE W748 and select TELNET as the Port. Enable this rule with Allow. Confirm this rule with OK.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 6. The new rule was included in the

list. You can create further filters via Add.

7. As a further action, the FTP

communication is adjusted. The scenario includes an FTP connection to the FTP server (PC 1; 192.16.100.1). Select the respective direction, enter the IP address of PC 1 and select http as the Port. Enable this rule with Allow. Confirm this rule with OK.

8. As the last step any other data

traffic is blocked. Select the predefined filter rule dest <-> none 0.0.0.0/0 and click on Edit.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 9. Change the access right to

Deny. Confirm the change with OK.

10. Select the predefined filter rule

none <-> src 0.0.0.0/0 and click on Edit.

11. Change the access right to

Deny. Confirm the change with OK.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

No. Action Remarks 12. Save the changes of the policy

with Save.

7.13 Configuring the FTP scenarios

To operate the FTP scenario, the following components are necessary: on the cable-based side: PC 1 as FTP server in WLAN: PC 2 as FTP client

This section does not provide step-by-step instructions as the configuration screen forms differ for the numerous FTP software tools available on the market.

Setting for the FTP server The following section lists the settings you have to make in your FTP server: Set up a user: define a login (user name and password) for the FTP client. Define a directory to which the FTP client gains access.

Setting for the FTP client The following section lists the settings you have to make in your FTP client to access the FTP servers: The IP address of the FTP server is 192.16.100.1. As login for the FTP server (user name and password) you use the data you

have defined in the FTP server.

8 Operating the Application


V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

8 Operating the Application Overview

The table below shows the scenarios presented in this application. Dividing the network into two logic networks and respective access criteria makes the scenarios available for selected components only. Table 8-1

No. Application Description Enabled for ...

1.

ICMP The WLAN client (PC) can transmit a ping to SCALANCE W748.

VNS 1

2. FTP The FTP client can regularly exchange data with the FTP server.

VNS 2

3. TELNET A remote configuration of the WLAN clients is possible via the TELNET application.

VNS 2

4. HTTP The PC can connect to the web server of the WLAN client via a web browser.

VNS 2

Figure 8-1

FTP

PC 1

ClientSCALANCE W748

ClientPC

PC 2

FTP Client

HTTPTELNET

TELNETClientFTP ServerWeb browser

SCALANCE X310

ClientSCALANCE W748

ICMP



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

Scenario http Table 8-2

No. Action Remarks

1. On PC 1 you open an internet browser and enter the IP address of SCALANCE W748 (AP_2) (http://192.16.100.28) into the address bar.

2. The web-based management of SCALANCE W748 opens. Log on with the login data assigned by you at the first registration.

3. Here you have the option to read information,

diagnostic data and statistics of SCALANCE W748.

TELNET scenario Table 8-3

No. Action Remarks

1. On PC 1 you open the command window via “Start > Run”. Enter the TELNET 192.16.100.28 command into the input field and acknowledge with OK.

2. A TELNET connection with SCALANCE W748 is

established. Log on with the login data assigned by you at the first registration.

3. Using the TELNET connection enables configuring

the module via the command line interface. For more detailed information as well as a description of the commands, please refer to the manual at \8\ in chapter 10 (Links & Literature).

http://192.16.100.28/



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

FTP scenario Table 8-4

No. Action Remarks

1. Start the FTP server on PC 1. 2. On PC 2 you open the FTP client and connect with

the FTP server. Log on as the configured user.

3. You can now access the data system and load or

transfer data.

ICMP scenario Table 8-5

No. Action Remarks

1. On the WLAN client PC you open the command window via “Start > Run”. Enter the PING 172.168.2.1 command into the input field and acknowledge with OK.

2. The ping is confirmed by the other WLAN node.

9 Appendix: Important Terms relating to IWLAN


Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed


9.1 IEEE 802.11 standard

Task group “802.11” has now developed specifications for wireless LANs, which today are the defacto standard for radio networks. The following table gives an overview of the topics of some IEEE 802 standards regarding IWLANs. Table 9-1

Substandard Definition area

802.11a Communication 802.11b Communication 802.11e Quality of Service 802.11g Communication 802.11h Communication (reduce interference) 802.11i Data security 802.11n Communication 802.1Q Virtual LANs 802.1X Data security

IEEE 802.11b Standard IEEE 802.11b was laid down in 1999 and works in the 2.4 GHz frequency band. The modulation method used here is the Direct Sequence Spreading Spectrum (DSSS) in connection with the Single Input Single Output (SISO) technology. This enables a maximal data rate of 11 Mbit/s.

IEEE 802.11a Standard IEEE 802.1a was also laid down in 1999. It uses the 5 GHz band as well as the Orthogonal Frequency Division Multiplexing (OFDM) modulation method and the SISO technology. This enables achieving a maximal net data rate of 54 Mbit/s.

IEEE 28.29g This standard is the extension of IEEE 802.11b and also works in the 2.4 GHz frequency band. IEEE 802.11g works with the OFDM modulation method and the SISO technology and can achieve a maximal data rate of 54 Mbit/s. This standard is downward compatible with IEEE 802.11b. When both standards are used in a network, the DSSS modulation method with the respectively lower data transmission rate is used.

IEEE 802.11n IEEE 802.11n is the latest standard (version 04/2013) and can use the 2.4 GHz, as well as the 5 GHz band. In addition to the OFDM modulations method, the Multiple Input Multiple Output (MIMO) technology is used. This considerably increases the transmission speed in comparison to other a/b/g standards and can be up to 600 Mbit/s. WLANs according to 802.11n are compatible with 802.11b and 802.11g networks.



V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

IEEE 802.11e In the winter of 2005/2006, the IEEE adopted the 802.11e standard. This standard adds “Quality of Service” criteria to the existing network standards, i.e. a specific connection quality is guaranteed if this standard is complied with. The quality is not only measured at the mean achievable data rate but also upper limits for connection reliability, the duration of possible connection interruptions, etc. are defined. A convenient telephone connection, for example, not only requires to transmit an appropriate quality of sound but also to ensure that dropouts and voice delays are within narrow limits. While earlier 802.11 standards placed more emphasis on gross data rates than on “Quality of Service”, a standard explicitly including the concerns of QoS was created with the “e” variant.

WMM “WMM” (“Wireless Multimedia Extensions”) are a subset of the 802.11e standard, which was defined by the “WiFi Alliance” to explicitly integrate multimedia services into the networks.

IEEE 802.1X Standard IEEE802.1X does not define the encryption of the data traffic between access point and client, but the login procedure as well as the assignment of access rights for clients. The RADIUS protocol (“Remote Authentication Dial In User Service”) is used here. For RADIUS there is a central so-called RADIUS server, which contains a list with access authorizations of all nodes. If a client wishes to connect to the network, the access point forwards the request to the RADIUS server. It reacts by generating a “challenge”, i.e. a request for which the client can only send the appropriate “response” if he has the password saved on the RADIUS server. This method has two advantages: The password is never sent via the network in plain text, neither can it be

intercepted by somebody without authorization. Since the access authorizations are saved on a central server, the method is

particularly suitable when using roaming clients. Not all access points need to store the access data of the clients, but they can request them any time at the RADIUS computer.

9.2 SSID

SSID (“Service Set Identifier”) is a freely selectable name for the WLAN and identifies it. A WLAN access point sends this SSID out when a client searches for available wireless networks. For this reason, – considering from a security technology point of view – the SSID should not mention the company, application purpose of the network, or the site, since this may draw curiosity from hackers or other unauthorized persons. However, sending out the network name can also be suppressed. Since the clients now no longer “see” the radio network, the SSID must be entered correctly into the configuration of the clients in order for them to connect with the desired WLAN.



Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

9.3 Encryption

To prevent unauthorized access and attacks on the company network it is mandatory to activate suitable security mechanisms (“Privacy”) in the WLAN components. Five “Privacy” options are available: No encryption Static WEP (Wired Equivalent Privacy) key Dynamic WEP key WPA (Wi-Fi protected access)

– Version 1 with TKIP encryption – Version 2 with AES-CCMP encryption

WPA-PSK (Wi-Fi protected access / pre-shared key)

Note Further information as well as a definition of terms is available in the IWLAN compendium at \3\ in chapter 10 (Links & Literature).

9.4 Bridging

If cable-based nodes shall also be integrated into a WLAN, the application of a central communication bridge becomes necessary. In network technology, a bridge refers to devices which interconnect two networks according to the OSI definition. In a WLAN in infrastructure mode the access points take on the task of the central radio bridge. In addition to the radio interface, they also have a LAN connection. Using the radio interface, the access point connects with the WLAN devices and the access point establishes the connection with the cable-based network via the LAN interface. This topology is referred to as “bridging”.

10 Links & Literature


V10, Entry ID: 72886773

Cop

yrig

ht

Sie

men

s A

G 2

013

All

right

s re

serv

ed

10 Links & Literature This list is by no means complete and only presents a selection of related references.

Table 10-1

Topic Title \1\ Reference to this

entry http://support.automation.siemens.com/WW/view/en/72886773

\2\ Siemens Industry Online Support

http://support.automation.siemens.com

\3\ IWLAN compendium Basics on setting up an Industrial Wireless LAN http://support.automation.siemens.com/WW/view/en/9975764

\4\ Manual collection on SCALANCE WLC711

Industrial Wireless LAN Controller SCALANCE WLC711 http://support.automation.siemens.com/WW/view/en/58674679/133300

\5\ Manual SCALANCE W700

SIMATIC NET Industrial Wireless LAN SCALANCE W700 Web Based Management Configuration Manual http://support.automation.siemens.com/WW/view/de/62382125

\6\ Manual SCALANCE X-300

SIMATIC NET Industrial Ethernet Switches SCALANCE X-300 SCALANCE X-400 Configuration Manual http://support.automation.siemens.com/WW/view/en/25246488

\7\ Media module operating instruction

Operating instruction (compact) SCALANCEl MM900 http://support.automation.siemens.com/WW/view/en/41296941

\8\ Manual SCALANCE W700

SIMATIC NET Industrial Wireless LAN SCALANCE W700 Command Line Interface Configuration Manual http://support.automation.siemens.com/WW/view/en/62515451

11 History Table 11-1

Version Date Modifications

V1.0 04/2013 First version


http://support.automation.siemens.com/


http://support.automation.siemens.com/WW/view/en/58674679/133300

http://support.automation.siemens.com/WW/view/de/62382125




Application & Tools - Siemens

Documents