Applications & Tools Answers for industry. Cover Setup of a controller-based IWLAN with SCALANCE WLC711 and new generation access points SCALANCE WLC711 Application Description May 2013
Applications & Tools
Answers for industry.
Cover
Setup of a controller-based IWLAN with SCALANCE WLC711 and new generation access points
SCALANCE WLC711
Application Description May 2013
2 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Siemens Industry Online Support This entry is taken from Siemens Industry Online Support. The following link takes you directly to the download page of this document: http://support.automation.siemens.com/WW/view/en/72886773 Caution: The functions and solutions described in this entry are mainly limited to the realization of the automation task. In addition, please note that suitable security measures in compliance with the applicable industrial security standards must be taken, if your system is interconnected with other parts of the plant, the company’s network or the internet. For more information, please refer to Entry ID 50203404. http://support.automation.siemens.com/WW/view/en/50203404
IWLAN with WLC711 V10, Entry ID: 72886773 3
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
s
SIMATIC IWLAN with WLC711 Industrial Wireless LAN
Task 1
Solution 2
Product Description WLC711
3 IWLAN Controller as efficient Network Control Center
4 Access Points as Central Wireless Bridge
5
Installation 6
Configuration and Startup 7
Operating the Application 8
Appendix: Important Terms relating to IWLAN
9
Links & Literature 10
History 11
Warranty and Liability
4 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Warranty and Liability
Note The application examples are not binding and do not claim to be complete regarding configuration, equipment and any eventuality. The application examples do not represent customer-specific solutions. You are responsible for ensuring that the described products are used correctly. These application examples do not relieve you of your responsibility to use sound practices in application, installation, operation and maintenance. When using these application examples, you recognize that we will not be liable for any damage/claims beyond the liability clause described. We reserve the right to make changes to these application examples at any time and without prior notice. If there are any deviations between the recommendations provided in this application example and other Siemens publications – e.g. Catalogs – the contents of the other documents have priority.
We do not accept any liability for the information contained in this document. Any claims against us - based on whatever legal reason - resulting from the use of the examples, information, programs, engineering and performance data etc., described in this application example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or breach of a condition which goes to the root of the contract (“wesentliche Vertragspflichten”). The damages for a breach of a substantial contractual obligation are, however, limited to the foreseeable damage, typical for the type of contract, except in the event of intent or gross negligence or injury to life, body or health. The above provisions do not imply a change in the burden of proof to your disadvantage. It is not permissible to transfer or copy these application examples or excerpts thereof without express authorization from Siemens Industry Sector.
Table of Contents
IWLAN with WLC711 V10, Entry ID: 72886773 5
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Table of Contents Warranty and Liability .............................................................................................. 4 Table of Contents ..................................................................................................... 5 1 Task................................................................................................................. 7 2 Solution........................................................................................................... 9
2.1 Overview of the general solution ........................................................ 9 2.2 Description of the core functionality .................................................. 11 2.2.1 Central diagnostic overview of SCALANCE WLC711 ....................... 11 2.2.2 Virtual subnets ................................................................................. 12 2.2.3 Description of the user scenarios ..................................................... 13 2.3 Hardware and software components ................................................ 14
3 SCALANCE WLC711 Product Description .................................................. 15 3.1 Description and application .............................................................. 15 3.2 Operating the SCALANCE WLC711 ................................................ 18
4 IWLAN Controller as efficient Network Control Center............................... 20
4.1 Setting up a controller-based IWLAN ............................................... 20 4.1.1 Physical setup ................................................................................. 20 4.1.2 Logic network division ...................................................................... 20 4.2 Flexibility and dynamics through VNS .............................................. 21 4.2.1 Virtual Local Area Network (VLAN) .................................................. 21 4.2.2 What is a VNS? ............................................................................... 22 4.2.3 Data flow control in a VNS ............................................................... 22 4.2.4 Components of a VNS ..................................................................... 26
5 Access Points as Central Wireless Bridge .................................................. 34
5.1 Usable access points ....................................................................... 34 5.2 Registration options ......................................................................... 34 5.3 Configuration of the access points ................................................... 37
6 Installation .................................................................................................... 40
6.1 Hardware installation ....................................................................... 40 6.2 Software installation......................................................................... 41
7 Configuration and Startup ........................................................................... 42
7.1 Overview of the steps ...................................................................... 42 7.2 Basic configuration instructions ........................................................ 43 7.3 Setting up the PCs ........................................................................... 44 7.4 Application of the PST for IP address and WBM .............................. 49 7.5 Configuration of the VLAN in SCALANCE X310 ............................... 52 7.6 Basic configuration of the SCALANCE WLC711 .............................. 56 7.7 Registration of the access points ..................................................... 58 7.8 Configuration of the access points ................................................... 61 7.9 Configuration of the VNS ................................................................. 65 7.10 Assigning the VNS ........................................................................... 70 7.11 Configuration of the WLAN clients.................................................... 72 7.11.1 Configuration of the SCALANCE W clients ....................................... 72 7.11.2 Configuration of the PC with WLAN ................................................. 76 7.12 Setting up the policies in VNS 2 ....................................................... 76 7.13 Configuring the FTP scenarios ......................................................... 81
8 Operating the Application ............................................................................ 82 9 Appendix: Important Terms relating to IWLAN ........................................... 85
Table of Contents
6 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
9.1 IEEE 802.11 standard ...................................................................... 85 9.2 SSID................................................................................................ 86 9.3 Encryption ....................................................................................... 87 9.4 Bridging ........................................................................................... 87
10 Links & Literature ......................................................................................... 88 11 History .......................................................................................................... 88
1 Task
IWLAN with WLC711 V10, Entry ID: 72886773 7
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
1 Task Introduction
In industrial environments, a conventional wireless LAN is operated via coordinated access points. On the one hand, the access points establish the radio network. On the other hand, they work as a central wireless bridge and enable communication between the WLAN nodes. In order to provide this, a previous registration of all WLAN clients at the access points is required.
Problem A mere integration of a WLAN infrastructure does not yet enable a functioning WLAN. The real challenge is managing the wireless network. When managing the WLAN, the focus is generally placed on the individual components. The basic tasks for these devices are the following points, for example: Installation and update of firmware. Configuration and settings. Monitoring and control of various system resources.
Each device requires individual treatment and management. Since large WLAN installations comprise a number of access points at many sites and in many countries, this leads to an enormous configuration and management workload and in addition, also jeopardizes security due to configuration errors.
Task For larger installations with several access points in particular, implementing a central management is of advantage. This ensures the functionality of the WLAN and enables managing each module individually.
1 Task
8 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Overview of the automation task The figure below provides an overview of the automation task.
Figure 1-1
Central Management
Radio network 1
Radio network 1 Radio
network 2Radio network 2
Radio network n
Radio network n
ConfigurationRadio
network 1
ConfigurationRadio
network 2
ConfigurationRadio
network n
Description of the automation task The radio networks shall be managed via a central management: All necessary configurations are created centrally and automatically distributed
to all access points. A firmware update of all - or a group of - access points is triggered centrally. Diagnosis and reporting across the entire WLAN at a central location.
2 Solution
IWLAN with WLC711 V10, Entry ID: 72886773 9
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
2 Solution 2.1 Overview of the general solution
Schematic layout The following figure displays the most important components of the solution:
Figure 2-1
IWLAN Controller SCALANCE WLC711
PC
SCALANCE X310
Access Point SCALANCE W788C
Access Point SCALANCE W788C
Client SCALANCE W748
ClientSCALANCE W748
ClientPC
PC
FTP Client
TELNET ClientFTP ServerWebbrowser
Setup The application example integrates two different transmission media in the network: on the left side the cable version. on the right side the radio interface.
The transition between the cable-based and the wireless network is handled by the SCALANCE W788C access points.
2 Solution
10 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
The IWLAN clients SCALANCE W748 and the client PC connect with the respective access points via the integrated IWLAN interfaces. The PC with installed FTP client is integrated to the WLAN via the SCALANCE W748. Representatives of the cable-based network are a PC with installed FTP server, TELNET/ Web-client as well as the SCALANCE WLC711, which are connected to each other via the SCALANCE X310.
Note The focus of this application is not so much placed on realizing a large IWLAN installation, but on using the SCALANCE WLC711.
For clarity reasons, only two access points are used in this application example.
Advantages In larger WLAN installations it is viable to use a controller. Here, the WLAN functions are realized by the centrally positioned SCALANCE WLC711 and the task of the access points are reduced to a mere radio transmission. Therefore, access points are often also referred to as fit access points in a controller-based network. Central control and monitoring of the fit access points through the SCALANCE
WLC711. Wireless, non-reactive expansion of an Ethernet network is possible. Any scale of the WLAN network through simple addition of access points. Guest access with restricted usage time can be easily realized. Controlling the channels and transmission power between the access points
with SCALANCE WLC711 reduces the susceptibility of the network in the 2.4 GHz band.
Topics not covered by this application This application does not contain: basic information on Industrial Ethernet information on setting up a cable-based as well as a wireless network detailed information on IWLAN technology
Basic knowledge of these topics is required.
Note Further information is available in the manuals and application examples on the Service & Support page. A selection of references is available in chapter 10 (Links & Literature).
2 Solution
IWLAN with WLC711 V10, Entry ID: 72886773 11
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
2.2 Description of the core functionality
SCALANCE WLC711 The IWLAN controller SCALANCE WLC711 enables the central management of an industrial wireless LAN. It automatically detects the new access points, establishes the connection with them and manages and coordinates access points and clients.
2.2.1 Central diagnostic overview of SCALANCE WLC711
Apart from the central management and the configuration of the radio network, SCALANCE WLC711 also enables a clear error recording, monitoring of the radio network, and documentation of network statistics. Figure 2-2
2 Solution
12 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
2.2.2 Virtual subnets
SCALANCE WLC711 enables dividing the IWLAN radio infrastructure into logic, service-based networks (VNS; Virtual Network Services). Various services, safety requirements and access criteria can be reliably managed and assigned to different user groups, such as administrators, commissioners, or visitors. A VNS is therefore also always connected with a VLAN (see chapter 4.2.1). The following graphic shows the division of the network in this application example: Figure 2-3
VNS 1
VNS 2
2 Solution
IWLAN with WLC711 V10, Entry ID: 72886773 13
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
2.2.3 Description of the user scenarios
The table below shows the scenarios presented in this application. Dividing the network into two logic networks and respective access criteria makes the scenarios available for selected components only. Table 2-1
No. Application Description Enabled for ...
1.
ICMP The WLAN client (PC) can transmit a ping to SCALANCE W748.
VNS 1
2. FTP The FTP client can regularly exchange data with the FTP server.
VNS 2
3. TELNET A remote configuration of the WLAN clients is possible via the TELNET application.
VNS 2
4. HTTP The PC can connect to the web server of the WLAN client via a web browser.
VNS 2
Figure 2-4
FTP
PC 1
ClientSCALANCE W748
ClientPC
PC 2
FTP Client
HTTPTELNET
TELNET ClientFTP ServerWebbrowser
SCALANCE X310
ClientSCALANCE W748
ICM
P
2 Solution
14 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
2.3 Hardware and software components
This application was generated using the following components:
Hardware components Table 2-2
Component Qty. Order number Note SCALANCE WLC711 IWLAN controller
1 6GK5711-0XC00-1AA0 Country approval outside North America, Canada and Japan
Controller access point SCALANCE W788C-2 RJ45
2 6GK5788-2FC00-1AA0 With RJ45 port
WLAN client IEEE 802.11n SCALANCE W748-1 RJ45
2 6GK5748-1FC00-0AA0 For operation outside the USA
Antennae ANT795-4MA 17 6GK5795-4MA00-0AA3 SCALANCE X310 1 6GK5310-0FA00-2AA3 PC 1 With WLAN radio interface PC 3 A PC is used as configuration PC. IE FC TP STANDARD CABLE
6 6XV1840-2AH10 IE connecting cable
RJ45 plug connector 12 6GK1901-1BB10-2AA0 Can be integrally molded
Standard software components Table 2-3
Component Qty. Note
FTP client software 1 FTP server software 1 TELNET client 1 TELNET clients can be called up as a standard on all standard
operating systems under the name telnet. On a Windows 7 PC, the TELNET client must be explicitly activated first.
Web browser 2 A web browser exists on all standard operating systems. Primary Setup Tool 1 The addressing tool can be downloaded via the Service &
Support page (entry ID: 19440762) http://support.automation.siemens.com/WW/view/en/19440762
3 SCALANCE WLC711 Product Description
IWLAN with WLC711 V10, Entry ID: 72886773 15
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
3 SCALANCE WLC711 Product Description 3.1 Description and application
Application The demands on WLAN in industry, as well as the diversity of possible applications and uses have been continuously increasing within recent years. Today, aspects such as higher performance and data rates, as well as reduced management workload for the network pose new challenges. As a response, a further architecture has established itself in WLAN networks: The controller-based architecture. With this architecture, the access points are no longer operated as standalone units, but controlled by an IWLAN controller. Management data as well as the user data can be transferred to and from the individual access points via the controller. With SCALANCE WLC711, the SIMATIC NET portfolio provides the option of a controller-based IWLAN.
Description The IWLAN controller SCALANCE WLC711 is a network device for the central management of a wireless LAN in industrial environments. It provides support for commissioning, diagnosis, access control and the security settings of the wireless network, as well as for firmware updates for the access points. Figure 3-1
At the SCALANCE WLC711 only controller-based access points can be operated: SCALANCE W access points W78xC other devices (third-party devices) in 3rd party mode
3 SCALANCE WLC711 Product Description
16 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Basic hardware The basic hardware is a IPC427C (SIMATIC Microbox) without fan with two separate Gigabit Ethernet interfaces: Management port (interface “admin”): the configuration data is transferred at
this port with 10/100/1000 Mbps. Data port (interface “esa0”): the data is transferred at this port with
10/100/1000 Mbps. Additionally, the SCALANCE WLC711 also has the following interfaces: 4 USB 2.0 ports Serial interface RS232 for 9-pole D-Sub connectors (COM1)
Properties SCALANCE WLC711 is distinguished by the following characteristics: Central configuration and firmware upgrading of access points via a user
interface in the controller. “Wireless Assistant Home Screen” for monitoring the network on the screen in
real-time. Assigning properties to groups of users, devices, and services. Role-based security functions (authentication, intrusion detection, rogue AP
detection, firewalls, etc.). Quick Layer2 and Layer3 roaming (e.g. for logistic scanner and VoIP). Expanded QoS functions ensure IP prioritizing end-to-end for voice, video &
data. RF management (automatic setting of channels and transmission power). Reliable meshed WLAN trough redundant paths: in the case of a failed
connection or access point, the network and the package route are automatically reconfigured.
Internal and external captive portal (guest portal): the guest is automatically redirected to a login website where he needs to enter his login data.
Note Further detailed information on SCALANCE WLC711 is available on the Service & Support page (see \4\ in chapter 10 (Links & Literature))
3 SCALANCE WLC711 Product Description
IWLAN with WLC711 V10, Entry ID: 72886773 17
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Services For network control and organization, SCALANCE WLC711 supports a number of functions and mechanisms: Layer 2 switch and layer 3 router functionality VoIP routing Encryption methods
– WEP – WPA
Version 1 with TKIP encryption Version 2 with AES-CCMP encryption
Secure access to the guest portal via SSL protocol HTTP(s), TFTP, TELNET, ICMP and SNMP (v2, V3) Syslog for diagnostic purposes VLAN DHCP server RADIUS authentication Clock synchronization via NTP
3 SCALANCE WLC711 Product Description
18 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
3.2 Operating the SCALANCE WLC711
Configuration The configuration of SCALANCE WLC711 and the access points is performed web-based via the web-based management (WBM) user interface. The following requirements must be met for this: All components must have been connected and set up correctly. A PC must be connected with the management port of SCALANCE WLC711
via Ethernet cable. The Ethernet interface of the PC and the management port of SCALANCE
WLC711 must have the same subnet configuration. In the delivery state, the management port has the IP address 192.168.10.1. This preset IP address can be changed by the WBM.
The web interface of SCALANCE WLC711 can be accessed via the address https://192.168.10.1:5825.
The access to the WBM user interface requires a login at the controller. In the delivery state, the following login data is stored: – User name: admin – Password: abc123 It is recommended explicitly to change the default administrator password.
Note The access to the web interface of SCALANCE WLC711 is provided via a secure https connection and requires verification via certificates.
In the case of a security query being displayed in the web browser, acknowledge it to continue with downloading the website. The security query is caused by the preinstalled, self-signed certificate. There is the option of installing an own certificate.
Initial configuration of SCALANCE WLC711 After the initial registration at the controller, a wizard automatically appears for the basic configuration of the WLC. Amongst other things, the following points are set here: Time stamp and time zone. Configuration of the Ethernet interfaces (admin and esa0-port). Deactivation/activation of routing, SNMP, Syslog and RADIUS. Changing the login password.
For a modification afterwards, the wizard can be called up at any time via the menu command "Wireless Controller > Installation Wizard".
Creating a backup The configuration files are saved directly on the SCALANCE WLC711. However, there is the option of saving and securing this data as a backup and / or transferring it to other SCALANCE WLC711.
3 SCALANCE WLC711 Product Description
IWLAN with WLC711 V10, Entry ID: 72886773 19
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Shutting down and switching off In order to prevent data loss it is advised to shut down and switch off the SCALANCE WLC711 via the web interface. The following options are available: Reboot: the system is shut down and restarted. Shutdown power: the system is shut down safely. All services and applications
are stopped.
4 IWLAN Controller as efficient Network Control Center
20 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
4 IWLAN Controller as efficient Network Control Center
4.1 Setting up a controller-based IWLAN
4.1.1 Physical setup
A conventional WLAN is generally set up and managed by intelligent access points. All WLAN functions are centralized in the access points. With SCALANCE WLC711, the SIMATIC NET expands the product portfolio of wireless network devices by a solution for a scalable, flexible and future-proof WLAN environment. The access points of a classic WLAN are therefore separated into a central unit (IWLAN controller) and so-called fit access points. With a single SCALANCE WLC711 this setup enables controlling several access points and facilitates administration and management of a large network. Amongst others, the tasks of the controller include: Activating the access points. Handling the data traffic of the access points. Sending or forwarding the data to the network. Authentication of requests and application of access policies.
Additionally, further elements typical for a WLAN can be integrated into the network: RADIUS server (Remote Access Dial-In User Service) or other authentication
servers DHCP server (Dynamic Host Configuration Protocol) SLP (Service Location Protocol)
4.1.2 Logic network division
SCALANCE WLC711 enables dividing the network into logic, service-based networks (VNS). Various services, safety requirements and access criteria can be reliably managed and assigned to different user groups, such as administrators, commissioners or visitors. Furthermore, a network topology can be assigned to each VNS, in order to divide the processing functions between the controller and the access points. Depending on the network topology and the user-specific requirements, the data traffic is directed in an intelligent manner locally or back via the controller. The VNS architecture provides optimal performance and optimal traffic flow separately for each application and ensures the support for applications with high band-width.
4 IWLAN Controller as efficient Network Control Center
IWLAN with WLC711 V10, Entry ID: 72886773 21
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
4.2 Flexibility and dynamics through VNS
4.2.1 Virtual Local Area Network (VLAN)
Description VLANs are virtual network segments in a physical network which are assigned to the nodes per configuration. The SCALANCE of the X-300 and X-400 series as well as the SCALANCE W modules support the port-based VLAN. For the configuration of the VLANs a VLAN ID is assigned to the individual ports of a SCALANCE. Multicast and broadcast message frames are only possible within these boundaries, i.e. between ports with identical VLAN ID. This segmentation reduces the network load, since broadcasts are limited to a sensible number of end systems. VLANs also increase the network safety, since nodes can no longer hear the data traffic unless they are a member of this VLAN. For identifying which package is assigned to which VLAN, the Ethernet frame is expanded by 4 bytes (VLAN tagging). Apart from the VLAN ID, this expansion also contains priority information.
Port assignment for VLAN For the assignment of a port to a VLAN it must be determined whether the frame at the port shall be sent with tag (i.e. with the expanded Ethernet package by 4 bytes) or without. If the node behind it is an end station (PC, controller etc.), the frame must be sent without tag (“untagged”; for SCALANCE X: identifier “U”). If the port on the other hand is connected with a different switch, the frame is sent with tag (“tagged” or “Member”; for SCALANCE X: identifier “M”).
VLAN assignment of this application In this application example, two logic service-based networks (VNS) are set up, with a VNS being segmented by a VLAN. The following graphic (reduced to the involved components) shows the interaction of VNS and the port-based VLANs. Figure 4-1
VNS 1 / VLAN 1
VNS 2 / VLAN 10
4 IWLAN Controller as efficient Network Control Center
22 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
4.2.2 What is a VNS?
Introduction Using the Virtual Network Services enables grouping certain mobile users, devices and applications in order to provide them with their own service levels, access rights, encryption and device authorization. On each access point several VNS segments can work, which enables unique flexibility.
Properties A VNS is characterized by the following properties: A unique name is assigned to each VNS. An SSID is assigned to each VNS which needs not be unique. Each VNS is connected to a VLAN. All nodes of a VNS are in the same
network. A joint policy is used within a VNS. Additionally, specific filter methods can be
employed if the wireless node was authenticated by a RADIUS server. For each VNS the type of the data flow can be explicitly determined.
4.2.3 Data flow control in a VNS
Classic WLAN solutions require the network administrator to choose between a centralized and a distributed architecture.
Centralized architecture A centralized architecture is characterized by the entire data traffic being transmitted back to a central controller. Any processing and roaming functions are taken on by the controller. The decisive advantage is that the performance, especially for real-time applications, is increased, hence, guaranteeing short roaming times and reduced jitter. However, particularly for larger WLANs and additional IEEE 802.11n usage (with data rates up to 450 Mbit/s) this may cause considerable data jams and bottlenecks in the bandwidth.
Distributed architecture For the distributed architecture, there is no retransmission to SCALANCE WLC711, which extends the processing and roaming times of the data packages. Uninterrupted transmission – as demanded for VoIP applications, for example – is not guaranteed.
Implementation in SCALANCE WLC711 A significant advantage of SCALANCE WLC711 is the simultaneous support of these two models: It controls the data flow by demanding the retransmission of data to itself or enabling local forwarding directly to the access point. For local data processing, the data is not transmitted back to the controller; however, the access point is still managed centrally by the controller. For any VNS, the network administrators can select how the data traffic shall be handled so the WLAN infrastructure can be adapted to all applications (complex language, video and data applications) and their requirements.
4 IWLAN Controller as efficient Network Control Center
IWLAN with WLC711 V10, Entry ID: 72886773 23
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
The following variants can be connected with a VNS: Routed Bridge Traffic Locally at AP (Bridged@AP) Bridge Traffic Locally at WLC (Bridged@WLC).
Routed For this variant, the entire data traffic of the WLAN clients is forwarded to a router via the controller. Figure 4-2
IWLAN Controller SCALANCE WLC711
Access Point SCALANCE W788C Client
SCALANCE W748
PC
Company network
Data traffic
Router
4 IWLAN Controller as efficient Network Control Center
24 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Bridge Traffic Locally at WLC (Bridged@WLC) This variant reflects the centralized architecture. The data traffic of the clients and from the company network is forwarded to the data port of the SCALANCE WLC711 via a tunnel and processed there. If the data traffic is directed beyond subnet boundaries, the controller forwards the data packages to a router. All policy, VLAN and topology assignments are performed at the controller and not at the access point (see Bridge Traffic Locally at AP (Bridged@AP)) Figure 4-3
IWLAN Controller SCALANCE WLC711
SCALANCE X310
Access Point SCALANCE W788C Client
SCALANCE W748
PC
Company network
Data traffic
4 IWLAN Controller as efficient Network Control Center
IWLAN with WLC711 V10, Entry ID: 72886773 25
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Bridge Traffic Locally at AP (Bridged@AP) This variant reflects the distributed architecture. The data traffic of the clients is processed directly at the ports of the respective access point and forwarded on demand. Figure 4-4 IWLAN Controller SCALANCE WLC711
SCALANCE X310
Access Point SCALANCE W788C Client
SCALANCE W748
PC
Company network
Data traffic
4 IWLAN Controller as efficient Network Control Center
26 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
4.2.4 Components of a VNS
Structure A VNS can be divided into two main categories: WLAN services Policies
Both categories contain a number of components which enable the following settings: Assignment of the radio interfaces SSID information VLAN settings Radio frequency Security assignment Quality of service Topology Operating mode (infrastructure, meshed etc.) Data flow control
The following graphic shows the structure of the VNS concept: Figure 4-5
VNS
WLAN Service Policies
SSID
Radio attributes
Encryption
QoS Topology Filter rules
CoSOperating mode
The most important actuators of a VNS are: Topology Policy Class of Service WLAN service
These components can be configured separately and then be assigned to a VNS. Alternatively, they can also be configured during the process VNS generation.
Note The components are briefly described below. For more detailed information, please refer to the SCALANCE WLC 711 manual at \3\ in chapter 10 (Links & Literature).
4 IWLAN Controller as efficient Network Control Center
IWLAN with WLC711 V10, Entry ID: 72886773 27
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Topology A topology represents the network in which SCALANCE WLC711 and the respective access points communicate. The most important attributes here are: Definition of the topology name. Assignment of a VLAN ID and tagging options. Establishing an IP address for SCALANCE WLC711 in this VNS (optional). Determining the data flow control in this VNS:
– Physical – Routed – Bridge Traffic Locally at AP (Bridged@AP) – Bridge Traffic Locally at WLC (Bridged@WLC).
Specification of the permitted data traffic to SCALANCE WLC711. Integration of certificates.
Figure 4-6
4 IWLAN Controller as efficient Network Control Center
28 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Policy A policy is a collection of guidelines for controlling the network access via wireless and cable-based infrastructures. The configuration of the policy is always connected to a topology as well as a class of service. Depending on the selection of data flow control (adjustable in “Topology”) up to three policies can be assigned to a VNS: Non-authenticated default policy for the data traffic of all non-authenticated
clients. Authenticated default policy for the data traffic of all authenticated clients. Third-party access point policy for the data traffic of third-party access points.
By default, the policy corresponds to authenticated users of the policy for non-authenticated users. Figure 4-7
4 IWLAN Controller as efficient Network Control Center
IWLAN with WLC711 V10, Entry ID: 72886773 29
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
The Filter Rules of a policy can ensure that only authorized persons have access to the network or service defined in “Topology”. Figure 4-8
Several attributes can be set for filtering. The meaning is illustrated in the following table: Table 4-1
Attribute Description Rule Identifies the type of filtering:
D - Default rule I - Internal rule T - Rule for the internal interface U - User-defined rule
In Relates to the data-traffic into the cable-based network. The following options are available: Destination (dest) Source (src) None Both
Out Relates to the data-traffic coming from the cable-based network. The following options are available: Destination (dest) Source (src) None Both
IP : Port Identifies the target IP address and port to which this filter relates. Protocol Determination of the respective protocol. ToS / DSCP Determines the classification and prioritization of the IP data package. Access Determines whether the data package is allowed (Allow) or denied (Deny). CoS Determination of the Class of Service
4 IWLAN Controller as efficient Network Control Center
30 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Class of Service Class of Service defines a set of attributes for the classification of data packages. The classification is realized by the: QoS marking
– Layer 2 level: IEEE 802.1p. – Layer 3 level: ToS / DSCP marking.
Defining the coming / going data boundary. Determination of the transmission sequence.
Each service class has its own priority which defines how the data package is treated processed in comparison to other packages (e.g. when load peaks occur). For dividing the priorities, CoS has 8 stages; from 0 (no priority) to 7 (highest priority). Prioritizing is necessary to guarantee a low latency or a high data security for networks used to capacity. As opposed to the quality of service (QoS), CoS cannot assign band widths but transfers the data package as well as possible (best effort principle). Figure 4-9
4 IWLAN Controller as efficient Network Control Center
IWLAN with WLC711 V10, Entry ID: 72886773 31
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
WLAN service The WLAN service comprises all basic WLAN settings such as: Definition of the WLAN environment Security mechanisms (“Privacy”) Authentication Quality of Service
The configuration of the WLAN environment in the “WLAN Services” tab includes: Definition of a WLAN name (SSID). Operating mode of the WLAN
– Standard – WDS – Mesh – Third-party AP – Remote
The assignment of a topology and a class of service (unless already assigned by the policy).
Assigning the radio interfaces of the registered access points. Deactivation/activation of the WLAN environment.
Figure 4-10
4 IWLAN Controller as efficient Network Control Center
32 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
In the “Privacy” tab, the security mechanisms for the communication can be determined (see also chapter 9.3). Figure 4-11
If there is the requirement that the WLAN clients shall be explicitly authenticated, this can be defined in the “Auth & Acct” tab (Authentication & Accounting). The following options are available for authentication: 802.1X Captive portal with the options
– Internal – External – Guest Portal – Guest Splash
Figure 4-12
If the 802.1X authentication has been selected, the WLAN client must – before it is granted access to the network – successfully complete the authentication procedure via a RADIUS server. With the captive portal method, the WLAN clients are only granted access to the network if they previously log on to a website (captive portal) with ID and password. SCALANCE WLC711 verifies this logon data and approves or blocks the access to the network.
4 IWLAN Controller as efficient Network Control Center
IWLAN with WLC711 V10, Entry ID: 72886773 33
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
An integral part of the WLAN service is also the assignment of a “QoS” (service quality) for the WLAN environment. QoS is a method for influencing the data traffic to a network so a time-critical service (such as VoIP, online conferences) arrives at the receiver with a defined quality. This is technically realized by prioritizing the data packages, through band width reservation and through band width limitation. For the WLAN the following QoS modes can be selected: Legacy: here, the access point classifies and prioritizes the downlink data
traffic for all WLAN clients. WMM: if WMM has been activated, the access point accepts connections from
WMM clients. Classification and prioritizing of the downlink data traffic of the WMM clients is handled by the access point, of the uplink data traffic by the WMM clients.
802.11e: in this mode, the access point accepts connections from 802.11e clients. Classification and prioritizing of the downlink data traffic of the 802.11e clients is handled by the access point, of the uplink data traffic by the 802.11e clients.
Turbo Voice: Turbo Voice is only available if one of the above mentioned modes has been activated. If this mode is active, the downlink data traffic classified as Voice AC is treated separately from the access point.
Figure 4-13
5 Access Points as Central Wireless Bridge
34 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
5 Access Points as Central Wireless Bridge 5.1 Usable access points
To be able to use the advantages of a controller-based WLAN architecture, fit access points are used. The function of these modules is reduced to a mere radio transmission, since the SCALANCE WLC711 takes on the task of central control and monitoring. Physically, access points are connected with SCALANCE WLC711 by means of a joint, wire-based network which they use to exchange configuration, management or diagnosis data. The following access point can be used for the operation with SCALANCE WLC711: SCALANCE W786C-2 RJ45 SCALANCE W786C-2IA RJ45 SCALANCE W788C-2 RJ45 SCALANCE W788C-2 M12
5.2 Registration options
Only access points which register at the SCALANCE WLC711 with their serial number are also centrally managed and configured by it. The registration can be performed in two ways: Automatic logon Manual registration
Automatic logon As soon as an access point was switched on, it automatically searches the network for a SCALANCE WLC711 and its IP address. If the search for a suitable SCALANCE WLC711 was successful, the access point automatically registers at the device.
Note For more detailed information on the sequence of the search process, please refer to the SCALANCE WLC 711 manual at \3\ in chapter 10 (Links & Literature).
5 Access Points as Central Wireless Bridge
IWLAN with WLC711 V10, Entry ID: 72886773 35
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
To enable an automatic logon by the access points, the security mode and the maximal search time must be defined in the SCALANCE WLC711: Figure 5-1
In the safety mode, two options can be selected: Allow all Wireless APs to connect
– If the serial number of the access points is not known, a new registration entry is automatically created. The access point receives a default configuration.
– If the serial number of the access point is known, SCALANCE WLC711 authenticates the device by means of the existing registration entry and sends the already existing configuration to the access point.
Allow only approved Wireless APs to connect – If the serial number of the access points is not known, a new registration
entry is automatically created and assigned the "Pending" state. For the access point to be able to receive status changes, SCALANCE WLC711 only sends a minimal configuration to the device. This minimal configuration enables an already existing connection to be continued. Access points with the status "Pending" cannot be configured and do not receive a default configuration until they manually receive the status "Approved".
– If the WLC recognizes the serial number of the access point, it authenticates the device by means of the existing registration entry and sends the already existing configuration to the access point.
Note At the initial configuration of the network it is advised to activate the "Allow all Wireless APs to connect" option. This enables registering several access points at the same time.
After the network configuration has been completed, it is recommended to activate the "Allow all Wireless APs to connect" option. This setting prevents unauthorized login at the SCALANCE WLC711.
5 Access Points as Central Wireless Bridge
36 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Manual registration Apart from the automatic logon, there is also the option to register the access points by manually entering their serial number at the SCALANCE WLC711. A default configuration is initially assigned to these devices. Figure 5-2
Note It is recommended to first enter the serial number into the web-based management and only then physically connecting the access point to the network.
In this way, the serial number is known in advance to the controller and authenticates the access point accordingly.
5 Access Points as Central Wireless Bridge
IWLAN with WLC711 V10, Entry ID: 72886773 37
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
5.3 Configuration of the access points
Default configuration At the first registration, the access points receive default settings which can be changed. On the individual configuration pages the default values for using the WLAN (Common Configuration) as well as the parameters for various access point types (AP36xx, W786 and W78xC) can be set. Figure 5-3
5 Access Points as Central Wireless Bridge
38 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Bulk configuration If in the infrastructure the same access point type occurs several times, there is the option of multiple configurations (bulk configuration). Parameters and settings which apply to all devices can be used quicker and more efficiently on several access points. Examples are: the used antennae, deactivation/activation of the various services, country settings etc.
Figure 5-4
5 Access Points as Central Wireless Bridge
IWLAN with WLC711 V10, Entry ID: 72886773 39
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Single configuration Each access point can be configured and set individually via the single configuration. Figure 5-5
6 Installation
40 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
6 Installation This chapter describes the hardware and software components that need to be installed. The descriptions and manuals as well as delivery information included in the delivery of the respective products must be observed in any case.
6.1 Hardware installation
For description of the hardware components, please refer to chapter 2.3 (Hardware and software components).
Figure 6-1 IWLAN Controller SCALANCE WLC711
PC 1 X310
Access Point 1 W788C-2
Access Point 2 W788C-2
Client W748
Client W748
ClientPG
PC 2
FTP Client
TELNET clientFTP ServerWeb browser
Configuration PC
6 Installation
IWLAN with WLC711 V10, Entry ID: 72886773 41
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
To set up the hardware, please follow the instructions in the below table: Table 6-1
No. Action 1. Connect the following modules with the SCALANCE X310 via the integrated Ethernet interface:
Port 1: PC 1 Port 2: Access Point 2 Port 3: SCALANCE WLC711 (LAN1 interface) Port 4: Access Point 1
2. Connect PC 2 to the WLAN client SCALANCE W748.
Connect all components to a 24 V power supply. For this purpose, use either terminal strips or multiple power supply units.
Note Always follow the installation guidelines for the components.
6.2 Software installation
Installation of the software package on the configurations PC The Primary Setup Tool will be installed on this PC. Follow the instructions of the installation program.
Installing the software packages on PC 1 This configuration requires the following software packages: FTP server TELNET client
Follow the instructions of the installation programs.
Installing the software packages on PC 2 This configuration requires the FTP client software package: Follow the instructions of the installation program.
7 Configuration and Startup
42 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
7 Configuration and Startup 7.1 Overview of the steps
All necessary steps for setting up the configuration example are explained and illustrated in this chapter. In detail these are the following instructions: Table 7-1
Action Chapter
Initial configuration Setting up the PC 7.3 Changing the IP addresses by means of PST 7.4 Configuration of the SCALANCE X310 7.5 Basic configuration of the SCALANCE WLC711
7.6
Extended configuration Registration of the access points 7.7 Configuration of the access points 7.8 Configuration of the VNS 7.9 Connecting the access points to the VNS 7.10 Setting up the WLANs in the WLAN clients 7.11 Creating filter rules 7.12
Note To ensure a successful configuration, it is important to perform the steps according to instruction and in the right sequence.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 43
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
7.2 Basic configuration instructions
Requirement When configuring the devices, it is assumed, that all devices are in the delivery state and the default settings apply. If this is not the case, please reset your components to the factory settings. An instruction is available in the respective manual of the device (see chapter 10 (Links & Literature)).
Overview Prior to configuring this SCALANCE WLC711 example, all of the devices must be configured. The following overview picture shows which devices and necessary configurations these are:
Figure 7-1
WLC711
X310
W748
W748
ClientPC
Configuration PC
•Basic installation•Access points•VNS
VLAN
WLAN
WLAN
WLAN
192.168.10.1
192.168.22.101
172.168.2.1
192.16.100.28
172.168.2.2
192.168.10.100192.168.22.100172.168.2.100
192.16.100.100
W788C-2 (“AP_1”)
W788C-2 (“AP_2”)
PC 1
192.16.100.1
192.16.100.2
PC 2
Web-based management INC (Industrial Network Component) devices, as for example a SCALANCE X or SCALANCE W7xx, are configured via your web-based management. You reach the web-based management by entering the address http://<IP address of the device> in an internet browser. An exception is the SCALANCE WLC711: it requires a safe connection as well as entering a port number. Here, the address is https://<IP address of the admin ports>:5825.
7 Configuration and Startup
44 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Each web-based management requires a login. The stored default values are the following registration data: SCALANCE X / W: User name and password: admin SCALANCE WLC711: User Name: admin; Password: abc123
For the SCALANCE X and W devices (except for SCALANCE WLC711 and controller-based access points) the web-based management can also be opened directly via the Primary Setup Tool (PST).
Note The configuration of the devices is performed via the configuration PC.
An Ethernet connection between configuration PC and network component as wall as an identical network ID are a prerequisite.
7.3 Setting up the PCs
Configuration PC All configurations are performed using the configuration PC. This requires the PC to be located in a subnet with the respective network component. In order to prevent changing the PC IP address several times, there is the option to assign several IP addresses to the PC network card. The following IP addresses are used: Table 7-2
IP address Application
192.168.10.100 For configuring the SCALANCE WLC711 192.168.22.100 For configuring the SCALANCE X310 172.16.2.100 For configuring the SCALANCE W748 for AP_1 192.16.100.100 For configuring the SCALANCE W748 for AP_2
The subnet mask is always 255.255.255.0.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 45
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Table 7-3
No. Action Remarks 1. To change the network
address you open the internet protocol (TCP/IP) properties via “Start > Settings > Network Connection > Local Connections”. Enter the next required IP address according to Figure 7-1. To enter further IP addresses you click on Advanced….
2. Click on Add….
7 Configuration and Startup
46 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 3. Enter the next required IP
address and subnet mask. Adopt the IP address with Add.
4. Repeat step 2 and 3 for the next
two IP addresses. After all addresses have been assigned you successively close all dialogs with OK.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 47
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
PC 1 and PC 2 Change the IP address of PC 1 and PC 2 in the following way:
Table 7-4
No. Action Remarks 1. To change the network
address you open the internet protocol (TCP/IP) properties via “Start > Settings > Network Connection > Local Connections”. Enter the IP address according to Figure 7-1. Close all dialog boxes by clicking OK.
7 Configuration and Startup
48 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
PC with WLAN Change the IP address of the PCs in the following way:
Table 7-5
No. Action Remarks 1. To change the network
address you open the internet protocol (TCP/IP) properties via “Start > Settings > Network Connection > Wireless Network Connections”. Enter the IP address according to Figure 7-1. Close all dialog boxes by clicking OK.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 49
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
7.4 Application of the PST for IP address and WBM
All SCALANCE X and W devices (except for SCALANCE WLC711 and controller-based access points) can be conveniently addressed with the Primary Setup Tool and then be configured via the web-based management. The following instruction shows the principle of address assignment and the start of the web-based management at the SCALANCE X310.
Table 7-6
No. Action Remarks 1. Connect the configurations PC
with the network component via the integrated Ethernet interfaces (for this example with port 5 of SCALANCE X310).
2. Open the PST by clicking “Start > SIMATIC > Primary Setup Tool > Primary Setup Tool”.
3. If you have installed several
network cards in the PC, select the suitable network card via “Settings > Network Adapter”.
4. Press F5 to start the network search. The network component is displayed in the tree view. Detailed information on the device appears by marking the entry in the details view.
7 Configuration and Startup
50 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 5. The display of the interfaces
opens by clicking on the plus sign or on the device symbol. Click on the Industrial Ethernet interface.
6. Enter the IP address assigned to
the device (see Figure 7.1). In this example this is 192.168.22.101. The subnet mask is always 255.255.255.0.
7. Select the module in the tree
view to load the configuration data to the device. Start the download via “Modules > Download” or click on the marked icon in the toolbar. Note: As long as an interface is marked and the input mask for the configuration data is displayed, the configuration data cannot be downloaded.
8. To start the web-based management you select the device. Select the menu command “Modules > Start INC Browser” or click on the selected symbol in the toolbar Note: If the menu command and the module symbol are deactivated, there is no web-based management for the selected module.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 51
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 9. The web-based management
opens (in this example SCALANCE X310).
Note SCALANCE WLC711 and the controller-based access points cannot be detected or addressed via the PST.
7 Configuration and Startup
52 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
7.5 Configuration of the VLAN in SCALANCE X310
Overview In order for the components from VNS 2 and VNS 1 to be able to exchange data, the ports at the SCALANCE X310 for VLAN 10 and VLAN 1 must be configured accordingly. The following table illustrates the required port configuration: Table 7-7
Port Filter VLAN 1
Filter VLAN 10
Connected component
1 - U PC 1 (end device); coming data packages are forwarded to the PC for VLAN 10 WITHOUT VLAN tag. Providing the input filter has been configured accordingly, data packages from the PC are supplemented by VLAN-ID 10. Data packages with VLAN ID 1 are not forwarded.
2 U M Access Point AP_2; data packages are forwarded WITH VLAN tag for VLAN 10 and without for VLAN 1.
3 M - SCALANCE WLC711; data packages with VLAN ID 10 are not forwarded. Data packages for VLAN 1 are forwarded WITH VLAN tag.
4 U - Access Point AP_1; data packages with VLAN ID 10 are not forwarded. Data packages with VLAN ID 1 are forwarded WITHOUT VLAN tag.
Requirement Requirement for the configuration of SCALANCE X310 is a direct connection between the configuration PC and port 5 of SCALANCE
X310. a valid IP address of SCALANCE X310 the start of the web-based management.
Perform the steps described in Chapter 7.4 (Application of the PST for IP address and WBM).
Configuration For configuring the SCALANCE X310, proceed as follows:
Table 7-8
No. Action Remarks
1. Log on at the web-based management with the default login data. User: admin Password: admin
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 53
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 2. In the delivery state the ring
ports are activated. To switch them off, navigate to “X-300 > Ring Config”. Set the redundancy mode to Disabled. Accept the settings with Set Values.
3. Navigate to menu item Switch and select the sub-item VLAN. The current VLAN configuration is displayed. Create a further VLAN with New Entry.
4. Assign number 10 and a freely selectable Name as the VLAN ID. In this example VNS2. Keep clicking on the white square next to ports 1 and 2 until the desired filter attribute (U for Untagged, M for Member (tagged)) appears. For Port 1: U For Port 2: M Accept the settings with Set Values.
7 Configuration and Startup
54 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 5. Click on the plus sign for VLAN.
Select the submenu Ports for configuring the Input filter. Click on Port 1.
6. Assign number 10 as the Port VLAN ID. Accept the settings with Set Values.
7. Navigate to sub-item VLAN. Click on Default VLAN 1.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 55
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 8. Port 1 shall no longer be a
member of VLAN 1. At port 3 the data port of SCALANCE WLC711 is connected which must forward the tagged data packages. Keep clicking the white square next to ports 1 and 3 until the desired filter attribute appears. For Port 1: -. For Port 3: M For the remaining ports you keep setting “U”. Accept the settings with Set Values.
9. The configuration of the SCALANCE X310 has now been completed.
7 Configuration and Startup
56 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
7.6 Basic configuration of the SCALANCE WLC711
Overview After the initial registration at the controller, a wizard automatically appears for the basic configuration of the WLC. Here, all of the settings necessary for setting up a functioning SCALANCE WLC711 solution.
Note The wizard enables a quick setup of the SCALANCE WLC711. Only those settings are made which are necessary for the integration of SCALANCE WLC711 into the network.
After successfully completing the basic installation, you can go through configuration on more time and make changes if necessary.
Requirement A requirement for the configuration is the opened user interface (wireless assistant screen) of the SCALANCE WLC711. Connect the configuration PC to the admin port of the SCALANCE WLC711. On the configurations PC you open an internet browser and enter https://192.168.10.1:5825 into the address bar. The connection with SCALANCE WLC711 is made via an encrypted SSL connection. If necessary – rate the certificate as “trusted”.
Configuration For configuring the SCALANCE X310, proceed as follows:
Table 7-9
No. Action Remarks
1. The basic installation starts with the definition of place and time as well as the configuration of the data ports of the WLC. Enter all of the information on your time zone in the Time Settings section. In this example the Continent Europe, the Country Germany and the Time Zone Region Berlin. In the Topology Settings section, the physical interface of the WLC which is to work as data port is selected. Select the following settings: Topology: physical_1 VLAN ID: 1 Tagged Port: esa0 IP address:172.16.100.254 Netmask: 255.255.255.0
Click on Next.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 57
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 2. On the Management page you
configure the admin port of the WLC, via which the configuration data is transferred. Keep the default settings in the Management Port section. Deactivate SNMP, Syslog and OSPF. Click on Next.
3. On the Services page, functions
such as Authentication, Mobility and the default VNS can be activated. Deactivate all services. Close the basic installation with Finish.
4. The Success page appears.
SCALANCE WLC711 has now been configured and can be used. Click on the Close button. Note: Here you also have the option to change the registration data for the web-based management.
7 Configuration and Startup
58 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
7.7 Registration of the access points
Overview As soon as an access point was switched on, it automatically searches the network for a SCALANCE WLC711 and its IP address. If the search for a suitable SCALANCE WLC711 was successful, the access point automatically registers at the device.
Requirement After restoring the factory settings, access points have no valid IP address; the search for a SCALANCE WLC711 yields no result. The simplest method of IP address assignment is via DHCP. WLC has an internal DHCP server. With this option, the data port becomes a local DHCP server and assigns a temporary IP address to the access points. Connect the configuration PC to the admin port of the SCALANCE WLC711. On the configurations PC you open an internet browser and enter https://192.168.10.1:5825 into the address bar.
Table 7-10
No. Action Remarks 1. To activate the internal DHCP
server you go to the “VNS Configuration > Topologies > physical_1” menu In section Layer 3 - IPv4 you change the DHCP parameter to Local Server and click on Configure.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 59
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 2. Enter a gateway address. In this
example 172.16.100.253. Click on Apply.
3. Secure the changes with Save.
7 Configuration and Startup
60 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Registration The access points are displayed on the user interface of SCALANCE WLC711 at “Wireless APs > APs”. Figure 7-2
Since the safety mode in SCALANCE WLC711 is set to the “Allow all Wireless APs to connect” option (default setting), the access points are immediately set to the “Approval” state and receive a default configuration. Figure 7-3
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 61
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
7.8 Configuration of the access points
Overview The user interface (wireless assistant screen) of SCALANCE WLC711 only serves for the configuration of the access points. For this example configuration only the most important configurations are made. These include: Definition of the radio antennae Country settings Setting up the radio interface Name assignment for the access points Assignment of the VNS (see chapter 7.9)
Requirement A requirement for the configuration of the access points is a successful registration at the SCALANCE WLC711. For the configuration of the access points you connect the configuration PC to the admin port of the SCALANCE WLC711. On the configurations PC you open an internet browser and enter https://192.168.10.1:5825 into the address bar.
Bulk configuration If in the infrastructure the same access point type occurs several times, there is the option of bulk configuration.
Table 7-11
No. Action Remarks 1. Go to “Wireless APs > Bulk
Configuration > AP Multi-edit Settings”. Select SCALANCE W788C-2-RJ45 as the Hardware type. All access points in the Wireless APs list corresponding to this type are automatically marked.
7 Configuration and Startup
62 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 2. For five categories there is the
option of bulk configuration. For this application example, only the first two sections (AP Properties and Radio Settings) are used.
3. For AP Properties you define
the following parameters: Country: Germany Radio antennae: ANT795-
4MA-[3dBi;5dBi]. Secure the changes with Save. Note: Changes to these parameters may cause a reboot of the access points.
4. Select SCALANCE W788C-2-
RJ45 as the Hardware type again, if necessary. For Radio Settings you define the following parameters. Admin Mode:
– Radio 1&2 : On Radio Mode:
– Radio 1 : a/n – Radio 2 : b/g/n
Channel Width: – Radio 1&2 : 20MHz
Secure the changes with Save.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 63
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Single configuration Most of the parameters have already been set during the bulk configuration. Individual parameters can now be changed via the single configuration.
Table 7-12
No. Action Remarks 1. Go back to “Wireless APs > AP”.
First, the access point connected with Port 4 of SCALANCE X310 is configured. To detect this access point, compare the serial number at the access point casing with that listed in the All APs list. Click on the respective list item.
2. In the AP Properties tab you
change the name to AP_2. Secure the settings with Save.
3. Go back to “Wireless APs > AP”.
Next, the access point connected with Port 2 of SCALANCE X310 is configured. Click on the respective list item.
7 Configuration and Startup
64 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 4. In the AP Properties tab you
change the name to AP_2. Secure the settings with Save.
5. The access points are now ready
for use.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 65
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
7.9 Configuration of the VNS
Overview SCALANCE WLC711 enables dividing the network into logic, service-based networks (VNS). Various services, security requirements and access criteria can be reliably managed and be assigned to different access points. In this sample application, two VNS are created: VNS 1 with the components
– “AP_1” – SCALANCE W748 – PC with WLAN
VNS 2 with the components – “AP_2” – SCALANCE W748 – PC 1 – PC 2
Figure 7-4
VNS 1
VNS 2
W748
W748
PC with WLAN
W788C-2 (“AP_1”)
W788C-2 (“AP_2”)
PC 1
PC 2
7 Configuration and Startup
66 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Configuration For the configuration with the VNS installation wizard is used. The wizard supports you in creating a new VNS by prompting you to enter information during the configuration process which is required for configuring a VNS. After completing the configuration, the wizard creates a summary of the set parameters.
Configuration of VNS 1 For configuring the VNS 1 you proceed as follows:
Table 7-13
No. Action Remarks 1. Start the VNS wizard via “VNS
Configuration > New... > START VNS WIZARD”. The user interface of the installation wizard appears.
2. Assign VNS Wireless_AP1 as the Name for the VNS and select it as Category Data. Click on Next.
3. The Basic Settings user interface
appears. VNS has already been activated and a network name (SSID) been entered. Keep these settings. Since no authentication is required in this example application, you deactivate these in Authentication Mode by selecting Disabled. Select Bridge Traffic Locally at AP in Mode for selecting the data flow.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 67
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 4. When selecting the data flow,
further parameters become visible. Select Setting Tagged as VLAN Setting and enter 1 as the VLAN ID. Click on Next.
5. On the Privacy page, the
security mechanisms are defined. Select WPA-PSK. When selecting WPA-PSK, further parameters become visible. Activate WPA v.2 with the encoding method AES only. Assign a password (pre-shared key) for the WLAN as a string, e.g. "WLC711_AccessPoint1". Note: Memorize the password, since it must also be introduced to the WLAN clients. Click on Next.
6. In the Radio Assignment window the VNS can be connected to selected radio interfaces. Keep all settings on default values. The VNS can be assigned to one of both access points at a later point in time. Click on Next.
7 Configuration and Startup
68 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 7. On this page you can view and
verify all settings. If incorrect details have been entered, you can change the entry by pressing on Back to take you back to the desired configuration page. All other settings remain and need not be reconfigured. If the entries are correct, you click on Finish to get to the next page.
8. On the last page your settings
are confirmed. Click on the Close button to terminate the wizard. The VNS has now been configured.
9. The new VNS was accepted in
the list and the required actuators (WLAN Service, Policy, Topology) defined.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 69
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Configuration of VNS 2 The configuration of VNS 2 is performed analog to VNS 1. Repeat the steps of the VNS 1 configuration with the following parameters: VNS name: Wireless_AP2 VLAN settings: tagged with VLAN ID: 10
Figure 7-5
WPA-PSK (WPA v.2) with encryption method AES only Preshared key e.g. WLC711_AccessPoint2
7 Configuration and Startup
70 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
7.10 Assigning the VNS
Overview The logic networks configured in chapter 7.9 (Configuration of the VNS) can now be assigned to the radio interfaces of selected access points.
Requirement Up to eight VNS can be assigned to a radio interface. If the maximal number has been reached, all further interconnections are ignored.
Configuration Assigning a VNS to a radio interface is enabled by the following steps:
Table 7-14
No. Action Remarks
1. For connecting the access points to a VNS you go to “Wireless APs > APs”. Click on the first access point AP_1.
2. Go to the WLAN Assignment
tab. The just created WLAN networks are listed. Assign the WLAN Wireless_AP1WLAN to the radio interfaces of AP_1. Secure the settings with Save.
3. In the access point list you click
on AP_2.
4. Go to the WLAN Assignment
tab. The just created WLAN networks are listed. Assign the WLAN Wireless_AP2WLAN to the radio interfaces of AP_2. Secure the settings with Save.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 71
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 5. In the navigation bar you go to
Home to open the Overview user interface. Here, the network status is displayed, amongst other things. Both access points are displayed as active and the two VNS as released.
7 Configuration and Startup
72 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
7.11 Configuration of the WLAN clients
Overview With the configuration of the last chapter, the WLAN infrastructure is prepared so the last nodes can now also be integrated into the network: the WLAN clients. In this application, the access points are assigned to the WLAN clients as follows: Access Point “AP_1”:
– SCALANCE W748 – PC with WLAN radio interface
Access Point “AP_2” with SCALANCE W748
7.11.1 Configuration of the SCALANCE W clients
Requirement The requirement for the configuration of SCALANCE W clients is a valid IP address and the start of their web-based management. Follow chapter 7.4 (Application of the PST for IP address and WBM) accordingly.
Configuring the SCALANCE W748 for AP_1 SCALANCE W748 is connected to access point AP_1 as follows:
Table 7-15
No. Action Remarks 1. Log on at the web-based
management with the default login data: Name: admin Password: admin Note: After the first logon, the password must be changed.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 73
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 2. In the navigation area you click
on “Interfaces > WLAN” and in the content area on the Basic tab. From the drop-down menu Country Code you select the country - as also configured in the WLC; in this example: Germany. Accept the settings with Set Values. Note: The WLAN interface "WLAN 1" can only be activated after the antennae have been configured.
3. To configure the antennae you go to the Antennas tab. For the three connections you select antenna ANT795-4MA. Accept the settings with Set Values.
4. Now go to the Client tab. At
WLAN 1 you enter the network name Wireless_AP1 into the input field SSID. The entry corresponds to the SSID of the access point. Deactivate checkbox Any SSID. Activate this SSID via checkbox Enabled. Click on the Set Values button.
5. To activate the WLAN interface, click on the Basic tab in the content area. In the WLAN1 line you activate the Enabled checkbox. Accept the settings with Set Values.
7 Configuration and Startup
74 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 6. To configure the security settings
you click on “Security > WLAN” in the navigation area and on the Basic tab in the content area. From the Authentication Type drop-down list you select item WPA2-PSK. Enter the WPA2 key into the WPA(2) Pass Phrase input field (pre-shared key) for VNS 1 (“WLC711_AccessPoint1”). Confirm the WPA(2) key. The entries in both fields must be identical Click on the Set Values button.
7. Go the “Information > WLAN”. If all entries are correct, SCALANCE W748 will have connected to access point “AP1” via the “Wireless_AP1” VNS.
Configuring the SCALANCE W748 for AP_2 The configuration of SCALANCE W748 for AP_2 is performed analog to the WLAN client for AP_1. Repeat the steps of the configuration for SCALANCE W748 for AP_1 with the following parameters: SSID name: Wireless_AP2 WPA-PSK2 key: WLC711_AccessPoint2
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 75
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Result In the SCALANCE WLC711 overview interface both clients are displayed as active stations. Figure 7-6
A list of all clients and reports on the connection is available by clicking the key symbol or via the “Home > Clients > All Active Client” menu. Figure 7-7
7 Configuration and Startup
76 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
7.11.2 Configuration of the PC with WLAN
Requirement A requirement for the configuration of the PC is a valid IP address.
Configuration of the PC This section does not provide step-by-step instructions as the configuration screen masks differ for the numerous WLAN radio cards available on the market. The following section lists the settings you have to make in your PC to access the WLAN of VNS 1: The IP address of the radio card is 172.168.2.2. The SSID of the WLAN is Wireless_AP1. The encryption is WPA2-PSK with Cipher AES (respectively Auto). The Preshared Key used is WLC711_AccessPoint1.
7.12 Setting up the policies in VNS 2
Overview A policy is a collection of guidelines for controlling the network access via wireless and cable-based infrastructures. Per VNS two policy types are defined: Non-authenticated default policy for the data traffic of all non-authenticated
clients. Authenticated default policy for the data traffic of all authenticated clients.
Now, filter rules are defined using the example of the VNS 2 in order to only permit the data traffic required for the demonstration of the scenarios. Figure 7-8
It is important here to set the In filters and Out filters correctly: The In filter defines the data-traffic into the cable-based network. The Out filter defines the data-traffic from the cable-based network.
The selection options Source Destination Both
define how the given IP address must be interpreted. If the IP address is located in the WLAN network, it is the source from the point of view of the IN filter, but the destination for the OUT filter. If the IP address is located in the cable-based network, it is the destination from the point of view of the IN filter, but the source for the OUT filter. For “Both”, of the mentioned interpretation options of the IP address are combined.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 77
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Requirement A requirement for the configuration is the opened user interface (wireless assistant screen) of the SCALANCE WLC711. Connect the configuration PC to the admin port of the SCALANCE WLC711. On the configurations PC you open an internet browser and enter https://192.168.10.1:5825 into the address bar.
Configuration Table 7-16
No. Action Remarks 1. Open the security guidelines for
VNS 2 for “VNS Configuration > Policies > Wireless_AP2AuthPolicy”. Go to the Filter Rules tab.
2. You can create new filters via
Add.
7 Configuration and Startup
78 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 3. First, the http communication is
adjusted. The scenario includes http access to the web server of SCALANCE W748 (192.16.100.28) from PC 1. Select the respective direction, enter the IP address of SCALANCE W748 and select http as the Port. Enable this rule with Allow. Confirm this rule with OK.
4. Two rules are created: for Port
80 and Port 8080. You can create further filters via Add.
5. Next, the TELNET
communication is adjusted. The scenario includes a TELNET connection to the server of SCALANCE W748 (192.16.100.28) from PC 1. Select the respective direction, enter the IP address of SCALANCE W748 and select TELNET as the Port. Enable this rule with Allow. Confirm this rule with OK.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 79
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 6. The new rule was included in the
list. You can create further filters via Add.
7. As a further action, the FTP
communication is adjusted. The scenario includes an FTP connection to the FTP server (PC 1; 192.16.100.1). Select the respective direction, enter the IP address of PC 1 and select http as the Port. Enable this rule with Allow. Confirm this rule with OK.
8. As the last step any other data
traffic is blocked. Select the predefined filter rule dest <-> none 0.0.0.0/0 and click on Edit.
7 Configuration and Startup
80 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 9. Change the access right to
Deny. Confirm the change with OK.
10. Select the predefined filter rule
none <-> src 0.0.0.0/0 and click on Edit.
11. Change the access right to
Deny. Confirm the change with OK.
7 Configuration and Startup
IWLAN with WLC711 V10, Entry ID: 72886773 81
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
No. Action Remarks 12. Save the changes of the policy
with Save.
7.13 Configuring the FTP scenarios
To operate the FTP scenario, the following components are necessary: on the cable-based side: PC 1 as FTP server in WLAN: PC 2 as FTP client
This section does not provide step-by-step instructions as the configuration screen forms differ for the numerous FTP software tools available on the market.
Setting for the FTP server The following section lists the settings you have to make in your FTP server: Set up a user: define a login (user name and password) for the FTP client. Define a directory to which the FTP client gains access.
Setting for the FTP client The following section lists the settings you have to make in your FTP client to access the FTP servers: The IP address of the FTP server is 192.16.100.1. As login for the FTP server (user name and password) you use the data you
have defined in the FTP server.
8 Operating the Application
82 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
8 Operating the Application Overview
The table below shows the scenarios presented in this application. Dividing the network into two logic networks and respective access criteria makes the scenarios available for selected components only. Table 8-1
No. Application Description Enabled for ...
1.
ICMP The WLAN client (PC) can transmit a ping to SCALANCE W748.
VNS 1
2. FTP The FTP client can regularly exchange data with the FTP server.
VNS 2
3. TELNET A remote configuration of the WLAN clients is possible via the TELNET application.
VNS 2
4. HTTP The PC can connect to the web server of the WLAN client via a web browser.
VNS 2
Figure 8-1
FTP
PC 1
ClientSCALANCE W748
ClientPC
PC 2
FTP Client
HTTPTELNET
TELNETClientFTP ServerWeb browser
SCALANCE X310
ClientSCALANCE W748
ICMP
8 Operating the Application
IWLAN with WLC711 V10, Entry ID: 72886773 83
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
Scenario http Table 8-2
No. Action Remarks
1. On PC 1 you open an internet browser and enter the IP address of SCALANCE W748 (AP_2) (http://192.16.100.28) into the address bar.
2. The web-based management of SCALANCE W748 opens. Log on with the login data assigned by you at the first registration.
3. Here you have the option to read information,
diagnostic data and statistics of SCALANCE W748.
TELNET scenario Table 8-3
No. Action Remarks
1. On PC 1 you open the command window via “Start > Run”. Enter the TELNET 192.16.100.28 command into the input field and acknowledge with OK.
2. A TELNET connection with SCALANCE W748 is
established. Log on with the login data assigned by you at the first registration.
3. Using the TELNET connection enables configuring
the module via the command line interface. For more detailed information as well as a description of the commands, please refer to the manual at \8\ in chapter 10 (Links & Literature).
8 Operating the Application
84 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
FTP scenario Table 8-4
No. Action Remarks
1. Start the FTP server on PC 1. 2. On PC 2 you open the FTP client and connect with
the FTP server. Log on as the configured user.
3. You can now access the data system and load or
transfer data.
ICMP scenario Table 8-5
No. Action Remarks
1. On the WLAN client PC you open the command window via “Start > Run”. Enter the PING 172.168.2.1 command into the input field and acknowledge with OK.
2. The ping is confirmed by the other WLAN node.
9 Appendix: Important Terms relating to IWLAN
IWLAN with WLC711 V10, Entry ID: 72886773 85
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
9 Appendix: Important Terms relating to IWLAN
9.1 IEEE 802.11 standard
Task group “802.11” has now developed specifications for wireless LANs, which today are the defacto standard for radio networks. The following table gives an overview of the topics of some IEEE 802 standards regarding IWLANs. Table 9-1
Substandard Definition area
802.11a Communication 802.11b Communication 802.11e Quality of Service 802.11g Communication 802.11h Communication (reduce interference) 802.11i Data security 802.11n Communication 802.1Q Virtual LANs 802.1X Data security
IEEE 802.11b Standard IEEE 802.11b was laid down in 1999 and works in the 2.4 GHz frequency band. The modulation method used here is the Direct Sequence Spreading Spectrum (DSSS) in connection with the Single Input Single Output (SISO) technology. This enables a maximal data rate of 11 Mbit/s.
IEEE 802.11a Standard IEEE 802.1a was also laid down in 1999. It uses the 5 GHz band as well as the Orthogonal Frequency Division Multiplexing (OFDM) modulation method and the SISO technology. This enables achieving a maximal net data rate of 54 Mbit/s.
IEEE 28.29g This standard is the extension of IEEE 802.11b and also works in the 2.4 GHz frequency band. IEEE 802.11g works with the OFDM modulation method and the SISO technology and can achieve a maximal data rate of 54 Mbit/s. This standard is downward compatible with IEEE 802.11b. When both standards are used in a network, the DSSS modulation method with the respectively lower data transmission rate is used.
IEEE 802.11n IEEE 802.11n is the latest standard (version 04/2013) and can use the 2.4 GHz, as well as the 5 GHz band. In addition to the OFDM modulations method, the Multiple Input Multiple Output (MIMO) technology is used. This considerably increases the transmission speed in comparison to other a/b/g standards and can be up to 600 Mbit/s. WLANs according to 802.11n are compatible with 802.11b and 802.11g networks.
9 Appendix: Important Terms relating to IWLAN
86 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
IEEE 802.11e In the winter of 2005/2006, the IEEE adopted the 802.11e standard. This standard adds “Quality of Service” criteria to the existing network standards, i.e. a specific connection quality is guaranteed if this standard is complied with. The quality is not only measured at the mean achievable data rate but also upper limits for connection reliability, the duration of possible connection interruptions, etc. are defined. A convenient telephone connection, for example, not only requires to transmit an appropriate quality of sound but also to ensure that dropouts and voice delays are within narrow limits. While earlier 802.11 standards placed more emphasis on gross data rates than on “Quality of Service”, a standard explicitly including the concerns of QoS was created with the “e” variant.
WMM “WMM” (“Wireless Multimedia Extensions”) are a subset of the 802.11e standard, which was defined by the “WiFi Alliance” to explicitly integrate multimedia services into the networks.
IEEE 802.1X Standard IEEE802.1X does not define the encryption of the data traffic between access point and client, but the login procedure as well as the assignment of access rights for clients. The RADIUS protocol (“Remote Authentication Dial In User Service”) is used here. For RADIUS there is a central so-called RADIUS server, which contains a list with access authorizations of all nodes. If a client wishes to connect to the network, the access point forwards the request to the RADIUS server. It reacts by generating a “challenge”, i.e. a request for which the client can only send the appropriate “response” if he has the password saved on the RADIUS server. This method has two advantages: The password is never sent via the network in plain text, neither can it be
intercepted by somebody without authorization. Since the access authorizations are saved on a central server, the method is
particularly suitable when using roaming clients. Not all access points need to store the access data of the clients, but they can request them any time at the RADIUS computer.
9.2 SSID
SSID (“Service Set Identifier”) is a freely selectable name for the WLAN and identifies it. A WLAN access point sends this SSID out when a client searches for available wireless networks. For this reason, – considering from a security technology point of view – the SSID should not mention the company, application purpose of the network, or the site, since this may draw curiosity from hackers or other unauthorized persons. However, sending out the network name can also be suppressed. Since the clients now no longer “see” the radio network, the SSID must be entered correctly into the configuration of the clients in order for them to connect with the desired WLAN.
9 Appendix: Important Terms relating to IWLAN
IWLAN with WLC711 V10, Entry ID: 72886773 87
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
9.3 Encryption
To prevent unauthorized access and attacks on the company network it is mandatory to activate suitable security mechanisms (“Privacy”) in the WLAN components. Five “Privacy” options are available: No encryption Static WEP (Wired Equivalent Privacy) key Dynamic WEP key WPA (Wi-Fi protected access)
– Version 1 with TKIP encryption – Version 2 with AES-CCMP encryption
WPA-PSK (Wi-Fi protected access / pre-shared key)
Note Further information as well as a definition of terms is available in the IWLAN compendium at \3\ in chapter 10 (Links & Literature).
9.4 Bridging
If cable-based nodes shall also be integrated into a WLAN, the application of a central communication bridge becomes necessary. In network technology, a bridge refers to devices which interconnect two networks according to the OSI definition. In a WLAN in infrastructure mode the access points take on the task of the central radio bridge. In addition to the radio interface, they also have a LAN connection. Using the radio interface, the access point connects with the WLAN devices and the access point establishes the connection with the cable-based network via the LAN interface. This topology is referred to as “bridging”.
10 Links & Literature
88 IWLAN with WLC711
V10, Entry ID: 72886773
Cop
yrig
ht
Sie
men
s A
G 2
013
All
right
s re
serv
ed
10 Links & Literature This list is by no means complete and only presents a selection of related references.
Table 10-1
Topic Title \1\ Reference to this
entry http://support.automation.siemens.com/WW/view/en/72886773
\2\ Siemens Industry Online Support
http://support.automation.siemens.com
\3\ IWLAN compendium Basics on setting up an Industrial Wireless LAN http://support.automation.siemens.com/WW/view/en/9975764
\4\ Manual collection on SCALANCE WLC711
Industrial Wireless LAN Controller SCALANCE WLC711 http://support.automation.siemens.com/WW/view/en/58674679/133300
\5\ Manual SCALANCE W700
SIMATIC NET Industrial Wireless LAN SCALANCE W700 Web Based Management Configuration Manual http://support.automation.siemens.com/WW/view/de/62382125
\6\ Manual SCALANCE X-300
SIMATIC NET Industrial Ethernet Switches SCALANCE X-300 SCALANCE X-400 Configuration Manual http://support.automation.siemens.com/WW/view/en/25246488
\7\ Media module operating instruction
Operating instruction (compact) SCALANCEl MM900 http://support.automation.siemens.com/WW/view/en/41296941
\8\ Manual SCALANCE W700
SIMATIC NET Industrial Wireless LAN SCALANCE W700 Command Line Interface Configuration Manual http://support.automation.siemens.com/WW/view/en/62515451
11 History Table 11-1
Version Date Modifications
V1.0 04/2013 First version