Related Manuals for Siemens SCALANCE
Summary of Contents for Siemens SCALANCE
- Page 1 Checklist for setting up SCALANCE devices Siemens SCALANCE Industry Online https://support.industry.siemens.com/cs/ww/en/view/109745536 Support...
-
Page 2: Legal Information
The foregoing provisions do not imply any change in the burden of proof to your detriment. You shall indemnify Siemens against existing or future claims of third parties in this connection except where Siemens is mandatorily liable. -
Page 3: Table Of Contents
Loop detection ..................28 3.14.7 Port mirroring ..................28 3.14.8 VRRP....................29 3.14.9 Default gateway .................. 29 3.14.10 Brute Force Prevention ..............30 3.14.11 Turn off firewall with SCALANCE S/M ..........30 Appendix ......................31 Checklist Article ID: 109745536, V2.0, 05/2022... - Page 4 Table of contents Service and support ................31 Industry Mall ..................32 Links and literature ................32 Change documentation ..............32 Checklist Article ID: 109745536, V2.0, 05/2022...
-
Page 5: Introduction
The checklist in this overview document will support you when preparing SCALANCE devices. It guides you through the various functions of SCALANCE devices and gives you some general recommendations for parameter assignment. This checklist will help you prepare SCALANCE devices for operation without omitting any important settings. -
Page 6: The Scalance Devices
(CLI). There are essentially two variants of the configuration software platform for SCALANCE devices. The functions and the configuration of these functions are typically identical or very similar. With these variations in mind, the SCALANCE devices are classified as follows: • X-200 and X-300/X-400 •... -
Page 7: Abridged Checklist
• Create a configuration backup via WBM or C-Plug Note Not all of the features described above are available on all SCALANCE devices. The features available depend on the SCALANCE model and the firmware version you are using. Checklist Article ID: 109745536, V2.0,... -
Page 8: Detailed Checklist
PTP (Precision Time Protocol) • SIMATIC time Use the secure NTP variant if it is available. Some SCALANCE devices can also act as an NTP server if there is no other NTP server available on the network. Checklist Article ID: 109745536, V2.0,... -
Page 9: Disable Unencrypted Protocols
3 Detailed checklist Note Siemens Industry Online Support also contains an application example (see \3\ in chapter 4.3). This application example provides an SNTP server on the S7- 300/400/1200/1500 CPUs. With this SNTP server, it is possible to push a uniform CPU time to all components. -
Page 10: Use Secure Ftp
3 Detailed checklist • You can use "SNMPv1/v2c/v3" in the SNMP section. Ideally, you would completely disable SNMPv1/v2 and instead use the secure SNMPv3 variant. With SNMPv1/v2, data are transmitted over the wire in cleartext. With SNMPv3, the client can neither write nor read without a valid logon. Data are Note transmitted in encrypted form. -
Page 11: Change Default Passwords
3 Detailed checklist Change default passwords Menu path You can find this information in the following paths: • With MSPS: "Security > Users" • With X-200 and X-300: "System > System Passwords and Login Mode" Default setting The default accounts in older firmware versions are "admin" and "user" The respective passwords are "admin"... -
Page 12: Profinet
With X-200 and X-300 devices: Untick the "PROFINET IO-Device" box. Now the SCALANCE device will not accept configuration changes from a controller. If you disable PROFINET, the behavior of the SCALANCE device with regard to DCP requests will not change. •... -
Page 13: Https Certificates And Ssh Keys
3 Detailed checklist HTTPS certificates and SSH keys Menu path You can find this information in the following paths: • With MSPS: "System > Load & Save" • With X-200 and X-300: "System > Save & Load" Recommendation By default, the devices generate and use a self-signed certificate/key pair for HTTPS and SSH. -
Page 14: Dynamic Configuration Protocol
With this setting, it is not possible to assign parameters using engineering tools, not even if the device remains visible. Note If you run the SCALANCE device as a PROFINET device and enable DCP read access at the same time, the following settings must match the settings on the controller: •... -
Page 15: Dcp Forwarding
DCP is based on layer 2 and does not support routing. "DCP Discovery" starts a search locally from a SCALANCE device and allows you to supply new nodes with core parameters if the PC does not have a direct layer-2 connection with the network. -
Page 16: Quality Of Service - Traffic Shaping
Based on the VLAN tag "COS" (Ethernet) • Based on the VLAN tag "DSCP" (IP) If both tags occur simultaneously in one telegram, the SCALANCE device will decide which one has the higher priority. PROFINET devices send time-critical data with the following VLAN tag: •... -
Page 17: Redundancy
MRP is standardized for PROFINET, allowing compatible devices to be added to the ring directly. HRP is a proprietary protocol that is (almost) exclusively limited to SCALANCE X devices. Both protocols require a failover time in the event that the connection is interrupted. - Page 18 If the device is not being operated in a ring, disable ring redundancy. Note With the default "ARD" preset, a SCALANCE X device will itself become the MRP manager if there is no ring manager connected. This function sends test frames at both of the ring ports which monitor the state of the ring.
-
Page 19: Spanning Tree
With X-300: "Switch > Configuration" and "Switch > STP/RSTP" Recommendation • "Spanning Tree Protocol" ("STP") is enabled by default on some SCALANCE X devices. Disable "Spanning Tree" if it is not being used. • If you are using "Spanning Tree", you should prefer to use "RSTP" (Rapid Spanning Tree) thanks to its faster reconfiguration time. -
Page 20: Passive Listening
"Passive Listening" causes the SCALANCE device to forward BPDUs. An incoming topology change causes it to delete its MAC address table. The SCALANCE device deletes the MAC address table even if the device itself has not enabled STP or does not support STP at all. -
Page 21: Wireless Lan
If you use the "Layer 2 Tunnel" MAC mode, you can connect up to eight nodes or MAC addresses to the client. This function is proprietary on SCALANCE devices and cannot be used with Note access points from third-party vendors. -
Page 22: Wlan Ipcf
"Changes will be saved automatically in <xy> seconds. Press "Write Startup Config" to save immediately". The change you made on the SCALANCE device is active immediately and has been applied. There is no reason to use "Write Startup Config" after each change. This way of working runs contrary to the underlying idea, and is not necessary. -
Page 23: Configuration Backup
Create a backup of the configuration settings after commissioning and at regular intervals. Note With SCALANCE X-200/X-300 devices, the Config file holds all the settings. With MSPS devices, there is a distinction between Config and ConfigPack. Both contain the settings from the WBM. The ConfigPack also receives information about the users, passwords and certificates. -
Page 24: C-Plug/Key-Plug
Key-PLUGs function exclusively in the devices on which they are set up to unlock the feature in question. Note For example, a SINEMA RC Key-PLUG cannot be used in a SCALANCE SC-600 but only in a SCALANCE S615. Checklist Article ID: 109745536, V2.0,... -
Page 25: Scheduled Restart And Trial Mode
In the event of an error, wait until the specified time elapses and the device will discard the changes. 5. If the SCALANCE device supports the option for Config backups, you can select which backup will be activated after the time runs out. -
Page 26: Additional Settings
3 Detailed checklist 3.14 Additional settings 3.14.1 Port settings Menu path You can find this information in the following paths: • With MSPS: "System > Ports > Configuration" • With X-200 and X-300: "Switch > Ports / Port Status" Recommendation •... -
Page 27: Syslog
3 Detailed checklist 3.14.3 Syslog Menu path You can find this information in the following paths: • With MSPS: "System > Syslog Client" • With X-300: "Agent > Agent Syslog" Information If a Syslog server is present on the network, the device can send all log entries to the server. -
Page 28: Loop Detection
3 Detailed checklist 3.14.6 Loop detection Menu path You can find this information in the following paths: • With MSPS: "Layer 2 > Loop Detection" • With X-200 and X-300: "Switch > Loop Detection" Recommendation Enable "Loop Detection" if you often change or add to the network wiring. "Loop Detection"... -
Page 29: Vrrp
3 Detailed checklist 3.14.8 VRRP Menu path You can find this information in MSPS devices under "Layer 3 > VRRP / VRRPv3". Information "VRRP" lets routers provide a redundant gateway IP address for other routers or terminal devices. This address is shared by all routers with the same VRID in the local network. -
Page 30: Brute Force Prevention
You can find this information for MSPS devices under "Security > Firewall > General". Note With SCALANCE S/M devices, you can completely disable the firewall in the settings. Disabling the firewall has a side effect that is easy to miss. -
Page 31: Appendix
Industry Online Support Do you have any questions or need assistance? Siemens Industry Online Support offers round the clock access to our entire service and support know-how and portfolio. The Industry Online Support is the central address for information about our products, solutions and services. - Page 32 4 Appendix Industry Mall The Siemens Industry Mall is the platform on which the entire Siemens Industry product portfolio is accessible. From the selection of products to the order and the delivery tracking, the Industry Mall enables the complete purchasing processing –...