29217038 Scalance Office Doku v10 e

Application for Communication

Integration of SCALANCE X in Office Networks

Configuration 11

Application Description

Table of Contents

Configuration 11 Office Features Entry-ID: 29217038

V1.0 Page 2/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Note The Application Examples are not binding and do not claim to be

complete regarding the circuits shown, equipping and any eventuality. The Application Examples do not represent customer-specific solutions. They are only intended to provide support for typical applications. You are responsible for ensuring that the described products are correctly used. These application examples do not relieve you of the responsibility to use sound practices in application, installation, operation and maintenance. By using these application examples you accept that Siemens is not liable for any damages except for those specified in the above liability clause. We reserve the right to make changes to these Application Examples at any time without prior notice. If there are any deviations between the recommendations provided in these application examples and other Siemens publications – e.g. Catalogs – the contents of the other documents have priority.

Warranty, Liability and Support

We accept no liability for information contained in this document.

Any claims against us – based on whatever legal reason – resulting from the use of the examples, information, programs, engineering and performance data etc., described in this Application Example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or breach of a condition which goes to the root of the contract (“wesentliche Vertragspflichten”). However, claims arising from a breach of a condition which goes to the root of the contract shall be limited to the foreseeable damage which is intrinsic to the contract, unless caused by intent or gross negligence or based on mandatory liability for injury of life, body or health. The above provisions do not imply a change in the burden of proof to your detriment.

Copyright© 2008 Siemens A&D. It is not permissible to transfer or copy these Application Examples or excerpts of them without first having prior authorization from Siemens A&D in writing. If you have any questions about this document please e-mail us to the following address:

[email protected]

mailto:[email protected]�


Table of Contents


V1.0 Page 3/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Foreword

Objective of this application The application example on hand shows the integration and correct application of SCALANCE switches in Office networks or their respective interfaces. One focus is placed here on the new and expandable IT functions of these components.

Main contents of this application The following main points are discussed in this application:

• Integrating SCALANCE switches into an Office network

• Integrating a third-party switch

• Configuring different IT functions of the SCALANCE switches:

– Redundancy (RSTP)

– Access control (Access Control, RADIUS)

– Network structure (VLAN)

– Diagnosis (SMTP, Syslog, SNMP-Traps, Port Mirroring)

• Configuration of the SNMP OPC server and changes of the device profiles

• Visualizing the network components with WinCC flexible via the SIMATIC NET SNMP OPC server of SIMATIC NET.

Delimitation This application does not contain a description

• the WinCC flexible visualization software

• the configuration of the external switch and

• of Industrial Ethernet

Basic knowledge of these topics is required.


Table of Contents


V1.0 Page 4/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Structure of the document The documentation of this application is divided into the following main parts.

Part Description Application Description Provides a general overview of the contents. You

are informed on the used components (standard hardware and software components).

Function Principles and Program Structures

This part describes the detailed function processes of the involved hardware and software components, the solution structures and – where useful – the specific implementation of this application. It is only required to read this part if you want to familiarize with the interaction of the solution components to use these components e.g. as a basis for own developments.

Structure, Configuration and Operation of the Application

This part leads you step by step through the structure, important configuration steps, commissioning and operation of the application.

Appendix In this chapter you will find further information on e.g. literature, glossary etc.

Reference to Automation and Drives Service & Support This entry originates from the internet application portal of the A&D Service and Support. Clicking the link below directly displays the download page of this document.

http://support.automation.siemens.com/WW/view/en/29217038

http://support.automation.siemens.com/WW/view/en/29217038�


Table of Contents


V1.0 Page 5/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Table of Contents

Table of Contents ......................................................................................................... 5

Application Description ............................................................................................... 7

1 Automation Task............................................................................................. 7

2 Automation Solution ...................................................................................... 9 2.1 Overview of the overall solution........................................................................ 9 2.2 Description of the core functionality................................................................ 14 2.3 Visualization for the application ...................................................................... 16 2.4 Required hardware and software components ............................................... 20 2.5 Alternative solutions........................................................................................ 22 2.5.1 Further Office requirements............................................................................ 22 2.5.2 Alternative software for RADIUS .................................................................... 23 2.5.3 Linux operating system................................................................................... 23 2.5.4 Professional network management ................................................................ 23

Principles of Operation .............................................................................................. 24

3 General Function Mechanisms.................................................................... 24 3.1 SNMP OPC server.......................................................................................... 24 3.2 Basics of SNMP.............................................................................................. 25 3.3 WBM – Web-Based Management .................................................................. 28 3.4 Redundancy method....................................................................................... 29 3.5 Access mechanisms ....................................................................................... 33 3.5.1 Access Control List. ........................................................................................ 33 3.5.2 IEEE 802.1X (RADIUS) .................................................................................. 34 3.6 Network structuring method............................................................................ 37 3.6.1 Virtual Local Area Network (VLAN) ................................................................ 37 3.6.2 VLAN routing .................................................................................................. 39 3.7 Diagnostic & network management ................................................................ 41 3.7.1 Sending network results via e-mail ................................................................. 41 3.7.2 Syslog messages............................................................................................ 43 3.7.3 SNMP traps .................................................................................................... 44 3.7.4 Port mirroring .................................................................................................. 46 3.7.5 The SNMP network management station ....................................................... 47

Structure, Configuration and Operation of the Application ................................... 53

4 Installation and Commissioning ................................................................. 53 4.1 Installation of hardware and software ............................................................. 53 4.2 Installation of the application software............................................................ 56 4.2.1 Adjusting the IP addresses ............................................................................. 57 4.2.2 Configuration of the station component editor ................................................ 62 4.2.3 Start WinCC flexible Runtime ......................................................................... 65


Table of Contents


V1.0 Page 6/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5 Configuration Process ................................................................................. 66 5.1 Configuration of the SNMP OPC server ......................................................... 66 5.1.1 Configuring the SNMP OPC server ................................................................ 69 5.1.2 Changing the existing SCALANCE device profiles......................................... 73 5.2 Web-Based Management ............................................................................... 75 5.3 Configuration of the redundancy method RSTP ............................................. 77 5.4 Configuration of the access control ................................................................ 80 5.4.1 Access Control................................................................................................ 80 5.4.2 RADIUS function............................................................................................. 82 5.5 Network structure............................................................................................ 89 5.5.1 VLAN .............................................................................................................. 89 5.5.2 Setting up the VLAN routing ........................................................................... 95 5.6 Configuration of the diagnostic function.......................................................... 96 5.6.1 E-mail function ................................................................................................ 96 5.6.2 Syslog messages.......................................................................................... 105 5.6.3 SNMP traps .................................................................................................. 106 5.6.4 Port Mirroring ................................................................................................ 107

6 Operating Scenarios in the Example Network ......................................... 108 6.1 Scenario redundancy.................................................................................... 109 6.2 Scenario access control................................................................................ 111 6.3 Diagnosis scenario ....................................................................................... 115 6.4 Network diagnosis station............................................................................. 122

Appendix and List of Further Literature ................................................................. 126

7 Glossary ...................................................................................................... 126

8 Literature ..................................................................................................... 126

9 History ......................................................................................................... 127


Automation Task


V1.0 Page 7/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc


1 Automation Task

Introduction Following the extension of Industrial Ethernet into the field sector there is an increasing demand for the unification of data networks in office and industrial applications as well as the usage of identical network components.

The following table shows the differences of both networks: Table 1-1

Office networks Automation networks

• have a star-type and redundant structure

• must be protected from external and unauthorized access

• do not require special requirements regarding mechanics, temperature, etc.

• are diagnosed and monitored

• are designed for the special requirements of the respective industrial applications

• are subject to rough environmental conditions and temperatures

• must be highly available and secure.

The SCALANCE switches of SIMATIC NET can be easily and harmonically integrated into an existing office and automation network and take into account the requirements and mechanisms of both networks.


Automation Task


V1.0 Page 8/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Overview of the automation task The figure below provides an overview of the automation task.

Figure 1-1

End node

Security

Redundancy

End node

End node

NetworkManagement

Server

Description of the Automation Task The automation task consists of integrating the SCALANCE X switches into a limited, but typical office topology with its predominant functions:

• Office redundancy method

• Access control method

• Network structuring method

• Diagnostic method


Automation Solution


V1.0 Page 9/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

2 Automation Solution

2.1 Overview of the overall solution

General overview The following figure displays the most important components of the solution:

Figure 2-1

2.SCALANCE X310

1.SCALANCE X310

Network Diagnostic Station

Server

SCALANCE X414-3E

External Switch

PC/PG

PC/PG

P10.1

P10.2P11.1

P5P1

P2P9

P6

P10P1

P5

Structure

The depicted network is meshed, i.e. the components are interconnected via several routes.

The depicted Office data network consists of two SCALANCE X310 and one SCALANCE X414-3E. An external switch is also integrated into the network.

Two PG/PCs serve as a node. WinCC flexible runs on the network diagnostic station and visualizes the network. All of the Server programs required for the Office features run on the server PC.

Note The network diagnostic station is in this application also used for the engineering.


Automation Solution


V1.0 Page 10/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Overview “redundancy method” The following figure shows the components which participate in the “redundancy method (RSTP)”.

Figure 2-2

2.SCALANCE X310

1.SCALANCE X310

SCALANCE X414-3E

External Switch

RSTP Meshed Network

All switches are involved in the redundancy method.


Automation Solution


V1.0 Page 11/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Overview “access control method” The following figure shows the components which participate in the “access control method”.

Figure 2-3

2.SCALANCE X310

1.SCALANCE X310

Server

Access control

RADIUS Client

PG/PCAccess Control List

RADIUS

2.SCALANCE X310

Server

RADIUS Client

PG/PC

The access control is only configured at both SCALANCE X310 switches. One PG/PC respectively is connected with one SCALANCE X switch as a node.


Automation Solution


V1.0 Page 12/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Overview “network structuring method” The following figure shows the components which participate in the “virtual network (VLAN)”.

Figure 2-4

PG/PC

1.SCALANCE X310

2.SCALANCE X310

Server

RADIUS Client

VLAN 1

VLAN 3


External Switch

SCALANCE X414-3E

The meshed network of this application is divided into two separate areas. The server uses its own subnet. The SCALANCE X414-3E switches between these subnets as a router.


Automation Solution


V1.0 Page 13/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Overview “diagnostic method” The following figure shows the components which participate in “Syslog, SNMP, E-Mail and Port-Mirroring”.

Figure 2-5

E-MailSyslog

PG/PC

1.SCALANCE X310

2.SCALANCE X310

Server

RADIUS Client


External Switch

SCALANCE X414-3E

Port Mirroring

SNMP

The diagnostic method acts across the entire network, all components are included.

A network diagnostic station visualizes the components using SNMP variables.


Automation Solution


V1.0 Page 14/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Overview of methods The following table lists the various methods with its respective standard functions: Table 2-1

Procedure Function

Redundancy method In the redundancy method, the RSTP (Rapid Spanning Tree Protocol) is employed. (IEEE Standard 802.1w)

Access control The following functions are configured as access protection from unauthorized stations: • Access Control List • RADIUS (IEEE Standard 802.1X)

Network structuring method Here the VLAN (Virtual Networks) are set up. (IEEE Standard 802.1Q)

Diagnostic method The following standards are applied for the diagnosis of the network: • SNMP Traps (RFC 1157) • SNMP Variables (RFC 1157) • Syslog (RFC 3164/ RFC 3195) • Port Mirroring • E-Mail (RFC 2821)

2.2 Description of the core functionality

Apart from classic tasks of a switch, to inter-connect network components and forward data packages, the SCALANCE of the X-300 and X-400 series also provides IT functionalities which are particularly applied in Office networks:

• Redundancy method

• Access control

• Network structuring method

• Diagnostic method

IT functionality • The redundancy method is used for securing the communication in a

network. The network redundancy provides alternative paths which are used during the failure of a communication connection. Multi-paths are deactivated via the RSTP in order to avoid forbidden loops and doubled or overtaking telegrams. The alternative paths are only activated during the failure of a connection.


Automation Solution


V1.0 Page 15/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

• Access control is used to refuse unauthorized access to the network. This occurs by establishing permitted MAC addresses or a certain registration method.

• The network structuring method enables a flexible and cost-efficient dividing of the network into several logic subnets without additional wiring.

• If an event occurs in the network, a switch can react to this event via various standardized diagnostic methods such as e-mail, Syslog messages or SNMP-Traps.

The following table shows the assignment regarding which IT functionality runs on which SCALANCE: Table 2-2

No. Core function Description 1. Redundancy method (RSTP)

(IEEE Standard 802.1w) • Alle SCALANCE X310 • SCALANCE X414-3E • External switch

2. Access control (Access Control, RADIUS) (IEEE Standard 802.1X)

• All SCALANCE X310

3. Network structuring method (VLAN) (IEEE Standard 802.1Q)

• Alle SCALANCE X310 • SCALANCE X414-3E • External switch

4. Diagnostic method (SNMP/Traps/ E-Mail/ Syslog) (RFC 3164/ 3195/ 1157/ 2821)

• All SCALANCE X310 • SCALANCE X414-3E


Automation Solution


V1.0 Page 16/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

2.3 Visualization for the application

General overview of WinCC flexible The figure below shows the general overview of the network: Figure 2-6

Table 2-3

No. Element Description

1. Name and IP address of the network node

The IP address is determined from the SNMP information.

2. SCALANCE X310 modules A mouse-click opens a configuration window

3. Network nodes The display is controlled by SNMP information; in case of an error or communication trouble, the node is displayed in red.

4. “Network Statistic” button Pressing this button opens a new window with statistic and port monitoring.


Automation Solution


V1.0 Page 17/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

WinCC flexible network statistic The following window appears when pressing the “Network Statistic” button:

Figure 2-7

Table 2-4


1. Status of the SCALANCE modules:

The display of the ports is controlled by SNMP information; in case of an error, the display changes from GREEN to RED, blue fields are not used.

2. Telegram statistic of the SCALANCE modules

The statistic is generated and displayed through SNMP variables.


Automation Solution


V1.0 Page 18/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

WinCC flexible configuration SCALANCE X310_1 The configuration window for the first SCALANCE X310 appears after clicking the module:

Figure 2-8

Table 2-5


1. E-mail configuration The e-mail and IP address for the e-mail function can be changed here.

2. Deactivate/ activate the events

Clicking the “on“ or “off“ button activates or deactivates the result for the e-mail function.

3. Status display Display of the current status of the event


Automation Solution


V1.0 Page 19/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

WinCC flexible configuration SCALANCE X310_2 The configuration window for the second SCALANCE X310 appears after clicking the module:

Figure 2-9

Table 2-6


1. Syslog configuration The IP address for the Syslog function can be changed here.

2. Port Mirror configuration The Port Mirror function can here be (de)activated and the ports be specified.

3. Deactivate/ activate the events

Clicking the “on“ or “off“ button activates or deactivates the event for the Syslog function.

4. Status display Display of the current status of the event


Automation Solution


V1.0 Page 20/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

2.4 Required hardware and software components

Hardware components Table 2-7

Component No. MLFB / Order number Note SCALANCE X310 2 6GK5310-0FA00-2AA3 from V2.2 SCALANCE X414-3E 1 6GK5414-3FC00-2AA2 From V2.2; the

SCALANCE X414-3E is has a modular structure. The basic device is sufficient for this application.

Power Supply PS 307 5A

2 6ES7 307-1EA00-0AA0 Power supply with output voltage 24V

PC/ PG 3 Mit Microsoft Windows XP Professional SP2

Server 1 Standard Industrial PC With Microsoft Windows XP Professional SP2

Accessory Table 2-8

Component No. MLFB / Order number Note IE FC Standard Cable GP 2x2

1 6XV1 840-2AH10 minimum length 20m

IE FC RJ45 Plug 180 14 6GK1 901-1BB10-2AA0 IE Stripping Tool 6GK1 901-1GA00 Insulating tool for Ethernet

cables

SIMATIC Software components Table 2-9

Component No. MLFB / Order number Note SIMATIC STEP 7 V5.4 SP 2 1 6ES7810-5CC10-0YC5 Or higher SIMATIC NET SOFTNET S7 LEAN 2006

1 6GK1704-1LW64-3AA0 Maximum of 8 connections The SIMATIC NET software CD is included with the license.

SIMATIC NET IE SNMP OPC-SERVER BASIC/2006

1 6GK1706-1NW64-3AA0

SIMATIC WinCC flexible 2007 Advanced

1 6AV6613-0AA01-1CA5 V1.2

MICROSOFT SQL Server 2005

1 Database for the RADIUS server

https://mall.automation.siemens.com/DE/guest/bizLogic/bizGotoMLFB.asp?nodeID=10021502&mlfb=6GK5414%2D3FC00%2D2AA2&siteID=DE&lang=de�


Automation Solution


V1.0 Page 21/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Additional software The following software components are freeware and available free of charge via the internet:

Table 2-10

Component No. Note SMTP LAN Server Software 1 For the e-mail reception; e.g. Jana Server E-mail client program 1 For reading the e-mails, e.g. Mozilla Thunderbird RADIUS Server Software 1 As authentication server, e.g. TekRADIUS Manager Syslog Server Software 1 For receiving the Syslog messages; e.g. Kiwi

Syslog Daemon by Kiwi Enterprises SNMP Traps receiver 1 For receiving the SNMP Traps; e.g. SNMP Trap

Watcher by BTTSoftware Network sniffer 1 For monitoring the data traffic; e.g. Wireshark

Note The RADIUS Client is a component of Windows XP.

Example files and projects The following list contains all files and projects used in this example.

Table 2-11

Component Note 29217038_SCALANCE_OFFICE_CODE_v10.zip This zip-file contains the STEP 7

project, the WinCC flexible project, device profiles and standard MIBs

29217038_SCALANCE_OFFICE_DOKU_v10_d.pdf This document


Automation Solution


V1.0 Page 22/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

2.5 Alternative solutions

2.5.1 Further Office requirements

Apart from the already mentioned IT functionalities, the SCALANCE modules of the X-300 and X-400 series also support further features used in the Office environment:

• DHCP

• DHCP Relay (Option 82)

• Load restriction for a certain telegram type.

They are not displayed in this example.

Note The SCALANCE X switches support all Office Features mentioned so far.

DHCP DHCP stands for Dynamic Host Configuration Protocol and enables the assignment of the network configuration to devices through a DHCP server. The integration of new network components (so-called DHCP clients) into an existing network is not possible without their manual configuration. The following settings can be assigned to the client as a standard:

• IP address and network mask

• Default gateway

• Name server

• Proxy configuration

• Etc.

DHCP Relay option 82 The DHCP Relay function is an expansion of DHCP. With this method it is possible to assign an IP address to new network components (so-called DHCP clients) via a DHCP server, irrespective of their connection port at the switch. The request telegrams of the client are supplemented with the information at which port the DHCP client is connected, and are subsequently forwarded to the DHCP server. After evaluating the port information, the DHCP server sends the new IP address to the client.

Load restriction SCALANCE modules of the X-400 or X-300 series can be employed as load restriction. For each port the maximum transfer rate can be determined for a telegram category which is forwarded. If this value is exceeded, (e.g. during a broadcast storm), the packages are not forwarded to the nodes behind this port, but blocked instead


Automation Solution


V1.0 Page 23/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

2.5.2 Alternative software for RADIUS

Due to the integrated Internet Authentication Service (IAS), the RADIUS authentication is already contained in the Windows 2003 Server operating system. No additional software is required for the RADIUS server.

2.5.3 Linux operating system

The Server in this application runs under the Windows XP operating system.

An alternative here is Linux, a computer operating system which was developed as OpenSource project. Since Linux is considered stable and easy to maintain, it also fulfills the special requirements posed at a server operating system. Linux supports all known server architectures and can be adjusted randomly to the own requirements.

Note Especially for the server applications, a variety of software is offered for a Linux-based operating system.

Other software packages, on the other hand, do not always also exist for this operating system.

2.5.4 Professional network management

Network monitoring using SNMP variables and WinCC flexible is a simple and cost-efficient way of monitoring and diagnosing the network.

An alternative are professional network management systems, which can take on many tasks at once. These include, for example

• Documentation

• Analysis of the network

• Diagnosis

• Recording and

• Generating statistics of errors and telegram types.

The extensive statistics, recordings and information are quickly localized and pinpointed.

Principles of Operation

General Function Mechanisms


V1.0 Page 24/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc


Content This part describes the detailed function processes of the involved hardware and software components, the solution structures and – where useful – the specific implementation of this application.

Read this part if you want to know how the individual solution components interact.

3 General Function Mechanisms

3.1 SNMP OPC server

What is OPC? OPC is a software interface independent of the manufacturer which enables data exchange between hardware and software. The OPC interface is part of the software which runs on a PC as platform for operator control and monitoring systems or other applications.

Figure 3-1

OPC server Manufacturers of modules providing process data (communications systems, measuring instruments, etc.) provide an OPC server to their module which interfaces to the respective data source. Aside from these services, the OPC server provides information from any data source to the OPC client; these sources can be hardware-driven data sources or




V1.0 Page 25/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

software components. Each OPC server has a unique name for identification.

SNMP OPC server The SNMP OPC server enables the user to monitor SNMP-capable network components and IP devices such as the SCALANCE X310 switch also in plants. The SNMP OPC server is used as a compiler from SNMP to the OPC interface of the HMI system. Read and write access to the respective device information is possible. This enables diagnosis of individual devices up to a complete network infrastructure and a control (only possible during write access) of device properties, e.g. the activating and deactivating of individual ports.

3.2 Basics of SNMP

What is SNMP? SNMP – Simple Network Management Protocol – is a UDP-based protocol which was specified specially for the administration of data networks and in the meantime has established itself also as de facto standard for TCP/IP devices. The individual nodes in the network – network components or terminals – feature an SNMP agent that provides information in a structured form. This structure is referred to as MIB – Management Information Base. In the network node, the agent is usually realized as a firmware functionality.

The figure below shows the data flow for SNMP: Figure 3-2

Manager

Agent

Cyclic data communication controlled by manager

Event controlled by agent

MIB

MIBPolling

Trap




V1.0 Page 26/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

A network management solution based on SNMP operates according to the client-server model. The management station (SNMP client) can poll information from the agents to be checked which act as server.

The MIB information is cyclically called from the management station and visualized if required. In addition, the nodes are also capable of reporting specific statuses to the network management station via traps without explicit requests. With SNMP, not only monitoring the nodes but also instructions for controlling the devices are possible. These instructions include activating or deactivating a port at a network component.

The communication between agent and network management station is performed in the background and causes only a limited the network load.

Management Information Base – MIB An MIB (Management Information Base) is a standardized data structure consisting of different SNMP variables, which are described by a language independent of the target system.

The cross-vendor standardization of the MIBs and the access mechanisms also enable to monitor and control a heterogeneous network with components from different manufacturers.

If component-specific, non-standardized data are required for network monitoring, these data can be described by the manufacturers in so-called “private MIBs”. Figure 3-3

Standardized Data• System information network statistic, counter, table

Expanded Standardized Data• e.g. data for network load (TMON) for switches

Device-specific Data• e.g. status of redundant power supply

Bridge MIB• e.g. topological view using an "Office-Tool"

1

2

3

4




V1.0 Page 27/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

An MIB describes the entity of all SNMP objects (SNMP variables) located in the network. The structure of the MIB information is similar to the structure of the Windows Registry.

The figure below shows the standard MIB (MIB-2) structure: Figure 3-4

The OID (Object Identifier) describes the address of the MIB object. The address of standardized MIB objects is preset. Private MIB objects are always stored in the “Enterprise” directory. The manufacturer is responsible for the addresses in this structure. The only requirement is to register the manufacturer number.

Device profiles A device profile describes the scope of the variables of a device, e.g. the SCALANCE X310 switch, that are displayed on the OPC server. Only variables included in the device profile can be integrated into an application.

The SNMP OPC server additionally includes a so-called MIB compiler, which is used to adapt existing profiles or to create new profiles. This is




V1.0 Page 28/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

done by entering the required SNMP variables from the public and if necessary private MIBs in the profile.

SIMATIC devices featuring special SNMP agents, e.g. switches (SCALANCE X, SCALANCE W), the CP1616, CP443-1 Industrial Ethernet communications processors, etc., are already included in the STEP 7 directory with their device profiles. For IP-capable devices without individual SNMP agent, the SNMP manager can at least determine the IP address and the status of the connection to this network node using the common TCP/IP “ping” status check and make this information available to the SNMP OPC server.

Note The prepared device profiles are located in the following directory:

<STEP 7InstallationDirectory>/S7DATA/snmp/profile

3.3 WBM – Web-Based Management

Web-based Management enables the parameterization and monitoring of network nodes and network components such as the SCALANCE modules, or terminals via standard internet browsers such as Firefox or Internet Explorer. Figure 3-5

Office Home

WANWAN

RouterProcess

Via a browser, HTML pages containing the desired information are called in the nodes. The corresponding module dynamically supplies these HTML pages with information.




V1.0 Page 29/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

This requires only the IP address of the SCALANCE X module and a password to be able to perform a read and/or write access to the information as a user or administrator.

Note In Web-Based Management, no proxy sever must be set in the connection properties of the internet browser.

3.4 Redundancy method

Redundancy is a method for increasing the reliability of a network or a system. The components are interconnected across several routes via a meshed network as used in this application. If one component fails, or a connection is blocked, the network communication is still guaranteed and the downtimes are reduced. Otherwise, through the redundant connections, telegram packages are also transmitted twice, which leads to errors and increased network load.

To prevent this loop formation, the SCALANCE modules of SIMATIC NET support the Spanning Tree method STP/ RSTP.

The Spanning Tree method The Spanning Tree method has been specified for the MAC layer. It prevents the occurrence of double data packages in a switched Ethernet network. In this method not the end devices know the route from the sender or receiver, but the switches do.

The switches continuously exchange configuration telegrams, so-called BPDUs (Bridge Protocol Data Unit). Through the MAC addresses of the packages passing through, the switches independently learn the topology of the network. The network is considered as a tree.

Process sequence The suitable path through the network is selected as follows:

After initializing the switches, a Root-Bridge is initially determined. Each switch contains an ID of which he informs the group. The bridge ID is 8 bytes long (2 Bytes Bridge Priority and 6 Bytes MAC address). The switch with the lowest bridge ID becomes the root bridge. All other routes are determined from this root bridge.

The other switches select a root port from their ports in the direction of the root bridge. This selection also occurs through BPDUs, which the root bridge sends to the switches. The port of a switch which receives the telegram the quickest (i.e. the “route costs” are lower) is given the status of the root port.

The designate-ports are determined from the other ports which are connected with a different switch. This also occurs by sending BPDUs. This time the switches send telegrams to the connected partners. The port via which the telegram receives the recipient the quickest (i.e. the “route costs“ are lower) becomes the designate port. The other port is deactivated.




V1.0 Page 30/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

If something has changed at the topology of the network, or if a switch is no longer reached, the network must be reorganized. This recalculation of the tree takes up to 30 seconds at the worst. During this time, the spanning-tree-capable switches must not forward any packages in the network apart from the spanning tree information.

Note The bridge priority (a component of the bridge ID) can be changed in the web-based management of the SCALANCE in the menu Switch -> Spanning Tree.

The status of each port and information about the „route costs“ can be looked in Webbased Management under Switch -> Spanning Tree-> Ports.

The following section shows the STP Parameters of the SCALANCE X414-3E. Here you can see which Switch is Root Bridge and which port was chosen as root port.




V1.0 Page 31/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

The following section shows the STP Parameters of the 2.SCALANCE X310-3E. This SCALANCE is Root Bridge, so no root-port was chosen:

Rapid Spanning Tree The Rapid Spanning Tree method is based on the Spanning Tree method. It was optimized with regards to the reconfiguration time which at the Rapid Spanning Tree method lies in the seconds range.




V1.0 Page 32/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Principle display Figure 3-6

Root-Bridge ID: 1

Switch ID: 2 Switch ID: 4

Switch ID: 5

Switch ID: 3

RPRP

RP

RP DP

DP

DPDP DP

RP Root Bridge

DP Designated Port

6 Route Costs

DP

4

61

3

1

5




V1.0 Page 33/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

3.5 Access mechanisms

The access mechanisms are used to refuse unauthorized access to the network. In this application two methods are used.

• Access Control List.

• IEEE 802.1X (RADIUS)

3.5.1 Access Control List.

Description The Access Control List (ACL) is a method of blocking individual ports of the SCALANCE for unknown stations. To do this, a fixed MAC address is assigned to one or several ports. Unicast and Broadcast packages from this known station are accepted at this port, packages from unknown MAC addresses are rejected.

Apart from the manual input of static MAC addresses, there is the option of having all connected devices automatically entered into the Access Control List.

The following section shows the ACL of the first SCALANCE X310: Figure 3-7




V1.0 Page 34/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Principle display The following display shows the principle of the Access Control List:

Figure 3-8

1 5

2

3

4

6

7

8

9 10

11

SCALANCE X310

Access Control List

aa:ff:gg:ww:rr:uu1

bb:fd:rr:wd:gg:aa4

MAC-AdrPort

Node 1MAC-Adr.:

aa:ff:gg:ww:rr:uu1

2

3Node 2

MAC-Adr.:rr:ff:aa:xx:oo:pp

Table 3-1

No. Meaning

1 The Access Control List has been activated and respectively a certain MAC address assigned at port 1 and port 4.

2 Node 1 is granted access to the network via port 1, since its MAC address agrees with that configured for the port.

3 Data packages which node 2 wants to send/receive via port 4 are rejected. Its MAC address does not agree with that configured for the port. This node must connect with a different port.

3.5.2 IEEE 802.1X (RADIUS)

Description RADIUS stands for Remote Authentication Dial-In User Service and is a Client-Server protocol for

• Authentication

• Authorization and

• Accounting

of nodes in the network. This access control is based on an external authentication server.

If the RADIUS function has been activated at a port of the SCALANCE, the station which wants to connect to the network via this port, must first authenticate itself before being granted access to the network.




V1.0 Page 35/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Process sequence The SCALANCE switch (authenticator) requests the authentication information from the node (supplicant) and forwards it to the RADIUS server (authentication server). The authentication server checks the access authorization of the supplicant and informs the authenticator whether the supplicant will be granted access to the network. Depending on the response of the authentication server, the authenticator enables the port or disables it.

This network record shows the defining process between the SCALANCE switch and the RADIUS server: Figure 3-9

The RADIUS protocols have the following meaning: Table 3-2

Protocol Meaning

Access Challenge Is sent by a RADIUS server as a response to a Access Request message. This message is a request to the RADIUS client, which requires a response.

Access Request Is sent from an authenticator in order to request the authentication and authorization for a connection attempt.

Access accept Is sent by a RADIUS server as a response to a Access Request message. With this message the authenticator is informed, that the connection attempt is authenticated and authorized.

Note The end device as well as the authentication server must support the EAP protocol (Extensive Authentication Protocol).

A component of Windows XP is a RADIUS client. However, there are also a number of RADIUS client software packages available on the market.




V1.0 Page 36/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Principle display Figure 3-10

Supplicant

Authentication Server

Authenticator

EA

P P

roto

col

RA

DIU

S P

roto

col

1

2 3

4

5 6

7

Table 3-3

No. Description

1. The port to which the node (supplicant) has connected with SCALANCE, was activated for the RADIUS function.

2. The SCALANCE X (authenticator) sends a EAP request identity to the supplicant. 3. The supplicant responds with its Identity Response. 4. The authenticator transforms the EAP protocol into a RADIUS protocol. 5. The authenticator sends the telegram to the RADIUS server (authentication server). 6. The authentication server checks the authorization of the supplicant and sends the

result to the authenticator. 7. If the supplicant was accepted, the authenticator enables the port. Otherwise, the port

remains disabled.




V1.0 Page 37/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

3.6 Network structuring method

The larger and more meshed networks are, the more unreliable and unmanageable they become as well as producing performance disadvantages due to broadcast packages.

To counteract these disadvantages, it is sensible to structure the network. The SCALANCE modules of SIMATIC NET support

• the standard Virtual Local Area Network.

• VLAN routing

3.6.1 Virtual Local Area Network (VLAN)

Description VLANs are virtual network segments in a physical network which are assigned to the nodes per configuration.

SCALANCE of the X300 and X400 series support the port-based VLAN. For the configuration of the VLANs a VLAN ID is assigned to the individual ports of a SCALANCE. Multicast and broadcast telegrams are only possible within the boundaries of the logic network structure i.e. between ports with identical VLAN ID.

Through this segmentation not only the network load is reduced, since broadcasts are limited to a sensible number of end systems. VLANs also increase the network safety, since nodes can no longer hear the data traffic between each other unless they are a member of this VLAN.

For identifying which package is assigned to which VLAN, the Ethernet Frame is expanded by 4 bytes (VLAN Tagging). Apart from the VLAN ID this expansion also contains priority information.

Port assignment for VLAN For the assignment of the port to a VLAN it must now be determined whether the telegram at the port shall be sent with tag (i.e. with the expansion of the Ethernet package by 4 bytes) or without. If the node behind it is an end-station (PC, controller etc) the telegram is sent without tag (identifier “U”). If the port on the other hand is connected with a different switch, the telegram is sent with tag (identifier “M”).

Further identifiers are “R” (port is a member of the VLANs and was registered via a special GVRP protocol) and “F” (port is not a member of the VLANs nor can it be registered via the GVRP protocol).

The following section shows the VLAN configuration of the SCALANCE X414-3E. Port 10.1 and port 10.2 were selected as “M” since they are connected with further SCALANCE modules. Port 11.1 on the other hand has the identifier “U”, since the server PC is connected to it.




V1.0 Page 38/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Figure 3-11

Principle display The following graphic shows the principle layout diagram of VLANs. Only those components can communicate with each other whose ports are assigned to the same VLAN. Figure 3-12

VLAN 1

VLAN 3

Logi

cally

sep

arat

e ne

twor

ks

Physical View

Logical View




V1.0 Page 39/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

3.6.2 VLAN routing

Description SCALANCE X of the 400 series support the layer 3 switching (routing), i.e. the forwarding of packages between different subnets.

The entries of the routing table of SCALANCE X can be entered in two ways:

• Static: During static routing, the routs are manually entered into the routing table.

• Dynamic: The routing table is automatically generated using routing protocols. The following protocols are available here:

– RIPv2 (Routing Information Protocol) (RFC 2453)

– OSPF (Open Shortest Path First) (RFC 2328)

The following figure shows the routing table of the SCALANCE X414-3E for this application:

Figure 3-13

Process sequences The routing function in the SCALANCE X414-3E is mainly used for routing telegrams between different VLANs.

If a station wants to send an IP package to a different subnet, or VLAN, the IP address of a gateway is searched via a routing table and the package forwarded to the this address. At SCALANCE X414-3E the port, which is connected with the respective VLAN, takes on the function of the gateway of this VLANs. The SCALANCE X receives the telegram and also routes the package to the receiver or a further router via a routing table.




V1.0 Page 40/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Principle display The routing principle shall be illustrated by the following graphic: Figure 3-14

IP: 192.168.3.97SubNet: 255.255.255.0

IP: 192.168.2.103SubNet: 255.255.255.0

VLAN3 VLAN1

IP: 192.168.3.1 IP: 192.168.2.1

192.168.2.x -> VLAN 1192.168.3.x -> VLAN 3

192.168.2.x -> VLAN 1192.168.3.x -> VLAN 3

Routing Table

1

2

3

Table 3-4

No. Meaning

1. A component in VLAN 3 will send a telegram to VLAN 1. Since the receiver lies in a different IP band, it sends the datagram to its gateway. The gateway corresponds to the port to which the component is connected.

2. By means of the routing table, SCALANCE recognizes to which gateway, i.e. through which port, it must send the telegram for it to be received at the receiver.

3. The component in VLAN 1 receives this telegram.




V1.0 Page 41/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

3.7 Diagnostic & network management

Diagnostic methods are a must for every network. With these methods errors or failures in a network can be recognized and handled quickly.

3.7.1 Sending network results via e-mail

Description E-mails are digital messages, which are transmitted via the network.

Sending, forwarding and receiving of e-mails in networks is handled by two protocols:

• SMTP (Simple Mail Transfer Protocol) for exchanging and sending of e-mails.

• POP3 (Post Office Protocol) for fetching the mains from a server.

Process sequences If a configured event occurs, the SCALANCE X automatically generates an e-mail and sends it to a receiver. The e-mail contains the following information:

• Identification of the sending device

• A description of the alarm cause in plain text,

• Time stamp

Events to be reported The following events can be reported via an e-mail:

• Cold and warm start

• Link change (Link up/ Link down)

• Failed authentication

• Fault state change

• Change in the RSTP topology




V1.0 Page 42/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Figure 3-15

Prerequisites Some prerequisites apply for the e-mail function in the SCALANCE switch:

• The e-mail function must be activated in the switch.

• The e-mail function must be active for the respective event.

• The e-mail address of the receiver must be configured.

• A SMTP server must be present in the network.

• The IP address of the SMTP server must be made known to the switch.

The events as well as the required addresses can be configured via the web-based management.




V1.0 Page 43/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

3.7.2 Syslog messages

Description Syslog is an application which transfers simple plain text messages in the network via UD.

The components of a Syslog message are:

• The error message in plain text.

• Priority of the message. It is differentiated here between the following stages:

– Emerg: very severe error, failure

– Alert: severe error

– Crit: error, critical state

– Warning: warnings

– Notice: normal messages

– Info: Information

– Debug: mostly insignificant information

• Generating the Syslog message (facility).

• Header with time stamp and IP address of the sender.

Process sequence If a configured event occurs, the SCALANCE X switch automatically generates Syslog message and sends it to the Syslog server.

Events to be reported The following events are reported via a Syslog message:





• Change in the RSTP topology




V1.0 Page 44/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Figure 3-16

Prerequisites The following prerequisites apply for the Syslog function in SCALANCE:

• The Syslog function must be activated in the switch.

• The Syslog function must be active for the respective event.

• A Syslog server must be present in the network.

• The IP address of the Syslog server must be made known to the switch.

The events as well as the required address can be configured via the web-based management.

3.7.3 SNMP traps

Description SNMP traps are automatic messages of an agent to the manager, if an error or an event was recognized. They are transferred by means of the SNMP protocol.

An SNMP trap package consists of several parts:

• Package type (trap)

• Size of the PDU (“Protocol Data Unit”)

• OID (“Object Identifier”) of the device which has sent the trap

• IP address of the sender

• General TrapID: the TrapID gives the cause of sending the trap

– Cold start

– Warm start

– Link down

– Link up

– Authentication error

– EGP neighbor lost

– Company-specific




V1.0 Page 45/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

• Company-specific TrapID, if it is a company-specific trap.

• Time of the occurrence

Process sequences If a configured event occurs, the SCALANCE X switch automatically generates an SNMP trap and sends it to the trap receiver.

Events to be reported The following events are reported via a trap message:





• Change in the RSTP topology Figure 3-17

Precondition The following prerequisites apply in order for the SCALANCE to automatically send SNMP traps:

• The tap function must be activated.

• The trap function must be active for the respective event.

• An SNMP trap receiver must be present in the network.

• The IP address of the SNMP trap receiver must be made known to the switch.

The events as well as the required addresses can be configured via the web-based management.




V1.0 Page 46/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

3.7.4 Port mirroring

Description Switches of the X-300 and X-400 family also feature a port mirroring functionality. This means that the data traffic is mirrored from a mirror port to a monitor port. If a PC with network sniffer software is connected to the monitor port, the data traffic via the mirror port can be followed.

Precondition The port mirror function is activated in WBM of the SCALANCE. Mirror port and monitor port are also set here. Figure 3-18

In this example, port 1 (mirrored port) of the SCALANCE X310 switch is mirrored to port 4 (monitor port), i.e. the data traffic from and to port 1 is also simultaneously transmitted to port 4.




V1.0 Page 47/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

3.7.5 The SNMP network management station

A network management station manages the complete network and the nodes.

Description The visualization for the network management station of this application was generated in WinCC flexible. Apart from a general overview of the network, they also display individual information of the SCALANCE X310 modules.

All data and information are polled via SNMP at the components.

Process sequences When configuring the SNMP OPC server, all SNMP data from the MIBs of the SNMP-capable devices, which are to be mapped to OPC variables, are defined. This information is automatically polled by the SNMP OPC server by regular polling of the SNMP agents of the accessible devices.

The SNMP OPC server provides the data received in this way to the OPC client – in this case the HMI system (WinCC flexible RT) – via the OPC variables.

OPC variable If the connection to one or several devices is interrupted, e.g. by link down of the HMI port on the SCALANCE X310 switch, the OPC variables that are now no longer supplied are marked as invalid. However, the OPC server permanently provides variables on the status of the connection.




V1.0 Page 48/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

SNMP variables for the general overview The following figure shows the used variables for the general overview of the visualization:

Figure 3-19

These variables are used for the display of the status Table 3-5

No. Name Data Type OPC item ID

1. Server_State Byte SNMP:[Server]&statepathval() 2. SCALANCE X400_State Byte SNMP:[SCALANCE X400]&statepathval() 3. SCALANCE 300_1_State Byte SNMP:[SCALANCE X300]&statepathval() 4. Cisco_State Byte SNMP:[Cisco]&statepathval() 5. SCALANCE 300_2_State Byte SNMP:[SCALANCE

X300_2]&statepathval() 6. PC/PG_State Byte SNMP:[PG/PC]&statepathval() 7. DiagnosticPC_State Byte SNMP:[Network Diagnostic

PC]&statepathval()




V1.0 Page 49/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

These SNMP variables provide the IP addresses of the node: Table 3-6

No. Name Data Type OPC item ID

8. Server_IP String SNMP:[Server]&ipaddress() 9. SCALANCE X400_IP String SNMP:[SCALANCE X400]&ipaddress() 10. SCALANCE 300_1_IP String SNMP:[SCALANCE X300]&ipaddress() 11. Cisco_IP String SNMP:[Cisco]&ipaddress() 12. SCALANCE 300_2_IP String SNMP:[SCALANCE X300_2]&ipaddress() 13. PC/PG_IP String SNMP:[PC/PG]&ipaddress() 14. DiagnosticPC_IP String SNMP:[Network Diagnostic

PC]&ipaddress()

SNMP variables for the statistic The following figure illustrates where SNMP variables were used for the statistic display:

Figure 3-20




V1.0 Page 50/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

These variables are used for the statistic: Table 3-7

No. Name Data Type

OPC item ID

1. SCALANCE 300_1_IP_FragOK

DWord SNMP:[SCALANCE X300]ipFragOK

2. SCALANCE 300_2_IP_FragOK

DWord SNMP:[SCALANCE X300_2]ipFragOK

3. SCALANCE 400_IP_FragOK

DWord SNMP:[SCALANCE X400]ipFragOK

4. SCALANCE 300_1_UDP

DWord SNMP:[SCALANCE X300] udpInDatagrams

5. SCALANCE 300_2_UDP

DWord SNMP:[SCALANCE X300_2] udpInDatagrams

6. SCALANCE 400_UDP DWord SNMP:[SCALANCE X400]udpInDatagrams 7. SCALANCE 300_1_TCP DWord SNMP:[SCALANCE X300] ]tcpInSegs 8. SCALANCE 300_2_TCP DWord SNMP:[SCALANCE X300_2] ]tcpInSegs 9. SCALANCE 400_TCP DWord SNMP:[SCALANCE X400] ]tcpInSegs

For the display of the port status these variables are polled from the nodes Table 3-8

No. Name Data Type

OPC item ID

10. SCALANCE 300_1_Port1 Long SNMP:[SCALANCE X300]-ifOperStatus.51380225




14. SCALANCE 300_2_Port1 Long SNMP:[SCALANCE X300_2]-ifOperStatus.51380225

15. SCALANCE 300_2_Port5 Long SNMP:[SCALANCE X300_2]-ifOperStatus.51380229

16. SCALANCE 400_Port10.1 Long SNMP:[SCALANCE X400]-ifOperStatus.51380235






V1.0 Page 51/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

SNMP variables for the 1.SCALANCE X310 configuration The following figure illustrates where SNMP variables were used for the configuration of the first SCALANCE X310:

Figure 3-21

The variables are addressed as follows:

Table 3-9

No. Element Data Type

OPC item ID

1. SCALANCE 300_1_Evt_CWStart_Syslog

Long SNMP:[SCALANCE X300]- snX300X400ReportEventColdWarmStart.4

2. SCALANCE 300_1_Evt_LinkChg_Syslog

Long SNMP:[SCALANCE X300]- snX300X400ReportEventLinkChange.4

3. SCALANCE 300_1_Evt_PowerChg_Syslog

Long SNMP:[SCALANCE X300]-snX300X400ReportEventPowerChange.4

4. SCALANCE 300_1_Evt_FaultState_Syslog

Long SNMP:[SCALANCE X300]-snX300X400ReportEventFault.4

5. SCALANCE 300_1_Evt_RSTPChg_Syslog

Long SNMP:[SCALANCE X300]-snX300X400ReportEventRSTP.4

6. SCALANCE 300_1_Syslog_Server

String SNMP:[SCALANCE X300]-snX300X400SyslogIpAddress

7. SCALANCE 300_1_MirrorPort_enable

Long SNMP:[SCALANCE X300]-snX300X400SwitchSnifferEnable

8. SCALANCE 300_1_MirrorPort_Dest

Long SNMP:[SCALANCE X300]-snX300X400SwitchSnifferDest

9. SCALANCE 300_1_MirrorPort_Source

Long SNMP:[SCALANCE X300]-snX300X400SwitchSnifferSrc




V1.0 Page 52/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

SNMP variables for the 2.SCALANCE X310 configuration The following figure illustrates where SNMP variables were used for the configuration of the second SCALANCE X310:

Figure 3-22

The variables are addressed as follows:

Table 3-10

No. Element Data Type

OPC item ID

1. SCALANCE 300_2_Evt_CWStart_Email

Long SNMP:[SCALANCE X300_2]-snX300X400ReportEventColdWarmStart.1

2. SCALANCE 300_2_Evt_LinkChg_Email

Long SNMP:[SCALANCE X300_2]-snX300X400ReportEventLinkChange.1

3. SCALANCE 300_2_Evt_PowerChg_Email

Long SNMP:[SCALANCE X300_2]-snX300X400ReportEventPowerChange.1

4. SCALANCE 300_2_Evt_FaultState_Email

Long SNMP:[SCALANCE X300_2]-snX300X400ReportEventFault.1

5. SCALANCE 300_2_Evt_RSTPChg_Email

Long SNMP:[SCALANCE X300_2]-snX300X400ReportEventRSTP.1

6. SCALANCE 300_2_EmailAdr String SNMP:[SCALANCE X300_2]-snX300X400EmailAddress

7. SCALANCE 300_2_SMTPServer

Long SNMP:[SCALANCE X300_2]-snX300X400EmailSMTPIpAddress


Installation and Commissioning


V1.0 Page 53/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc


4 Installation and Commissioning

4.1 Installation of hardware and software

This chapter describes the hardware and software components to be installed. The descriptions and manuals as well as delivery information included in the delivery of the respective products should be observed in any case.

For details on the hardware components, please refer to chapter 2.4. For the hardware configuration, please follow the instructions listed in the table below:

WARNING Only switch on the power supply after the last step has been completed!

Preparing the necessary connecting cables Table 4-1

No. Action Remark 1. Prepare four Ethernet cables from the specified

accessories for the Ethernet connecting cables. Alternatively, you can also use pre-assembled Ethernet cables.

Installation of PC Table 4-2

No. Action Remark

1. Install one Ethernet card respectively into the PG/PCs.

When you are using a field PG, this card already exists.




V1.0 Page 54/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Installation of the Office network Table 4-3

No. Action Remark

1. Connect both SCALANCE X310 modules and the external switch to power supply 1.

2. Connect the SCALANCE X414-3E to power supply 2.

3. Supply a voltage of 230VAC for both power supplies.

4. Network the HMI station, the second SCALANCE X310, the SCALANCE X414-3E and the external switch with the first SCALANCE X310 using Ethernet cables.

Port 1: HMI Station Port 2: External switch Port 5: 2. SCALANCE X310 (Port 1) Port 6: -3. SCALANCE X414-3 (Port 10.1)

5. Optional: Connect a PG/PC with the first SCALANCE X310 for the Access Control List (ACL).

PG/PC at port 9 of the first SCALANCE X310.

6. Network the first SCALANCE X310 and the external switch with the second SCALANCE X310.

Port 1: 1. SCALANCE X310 (Port 5) Port 5: External switch

7. Optional: Connect a PG/PC with the second SCALANCE X310 for the RADIUS functionality.

PG/PC at port 10 of the second SCALANCE X310.

8. Network both SCALANCE X310 modules SCALANCE X414-3E with the external switch.

9. Network the first SCALANCE X310, the external switch and the server with the second SCALANCE X414-3E.

Port 10.1: 1. SCALANCE X310 (Port 6) Port 10.2: External switch Port 11.1: Server

Note In general, the installation guidelines for all components have to be observed.




V1.0 Page 55/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Installation of the standard software Install the following software on the network diagnostic station, which is also used as engineering station:

Table 4-4

No. Action Remark 1. Install STEP 7 V5.4 SP2. Follow the instructions of the

installation program. 2. Install SIMATIC NET Edition 2006. Follow the instructions of the

installation program. 3. Install WinCC flexible 2007 Follow the instructions of the

installation program. 4. Install the MICROSOFT SQL Server 2005 Follow the instructions of the

installation program. 5. Transfer all required licenses.

Installation of the freeware software Install the following software packages on the server.

Table 4-5

No. Action Remark 1. Install the SMTP LAN server software e.g. Jana Server 2. Install an e-mail program. e.g. Mozilla Thunderbird 3. Install a RADIUS server software. e.g. TekRADIUS Manager 4. Install a Syslog server software. e.g. Kiwi Syslog Daemon by

Kiwi Enterprises 5. Install an SNMP traps receiver. e.g. SNMP Trap Watcher by

BTTSoftware 6. Install a network sniffer e.g. Wireshark

Install the following software package on the PC, which is intended for the port mirroring. With this program the communication in a network can be recorded:

Table 4-6

No. Action Remark

1. Install a network sniffer e.g. Wireshark




V1.0 Page 56/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

4.2 Installation of the application software

General preparations Unzip the file 29217038_SCALANCE_OFFICE_CODE_v10.zip.

This folder contains

• the archived STEP 7 project Office.zip,

• the device profiles for the SCALANCE modules and

• a zip-file with standard MIBs.

Retrieving the STEP 7 project Table 4-7

No. Action Remark

1. Open the SIMATIC MANAGER a retrieve the STEP 7 project office.zip.

Under File -> Retrieve

Reset the SCALANCE modules to the factory settings prior to configuration. This ensures, that no other connections or settings are saved and the IP address of the SCALANCEs is set to 0.0.0.0.

An instruction for the reset to default values is available in the Manual (BID:19625108).





V1.0 Page 57/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

4.2.1 Adjusting the IP addresses

Overview over the used IP addresses The following table gives you an overview of the components and the IP addresses to be assigned. Table 4-8

Module IP address Router

Network diagnostic station 192.168.2.98 192.168.2.102 First SCALANCE X300 192.168.2.103 192.168.2.102 Second SCALANCE X300 192.168.2.104 192.168.2.102 External switch 192.168.2.105 192.168.2.102 PC/PG as RADIUS Client 192.168.2.106 192.168.2.102 PC/PG for Port Mirroring 192.168.2.107 192.168.2.102 VL

AN

rout

ing

SCALANCE X400 192.168.2.102 -

VLA

N 3

Server 192.168.3.97 192.168.3.1

IP address of the network diagnostic station The network diagnostic station is used for the engineering of the OPC server. The figure below shows the network setting to which you have to change the PG/PC:

Table 4-9

No. Action Remark 2. Open the Internet Protocol

(TCP/IP) Properties by selecting Start -> Settings -> Network Connection ->Local Connections Select the option field Use following IP-address and fill in the field according to the screenshot. Close the dialog boxes with “OK”.




V1.0 Page 58/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

IP address of the SCALANCE modules The network configuration of the SCALANCE modules can occur via the SIMATIC MANAGER.

Table 4-10

No. Action Remark

1. Set the S7 ONLINE interface to the network card connected with SCALANCE X310 in the SIMATIC MANAGER via Options -> Set PC/PG Interface. Click OK to close the dialog box.

2. In the SIMATIC MANAGER, select menu item PLC -> Edit Ethernet Node. Click the Browse… button to start the search for further nodes.




V1.0 Page 59/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

3. A new dialog with nodes found in the net appears. Select SCALANCE X400 and click OK.

4. Enter the IP address Table 4-8 and

the subnet mask. Click the Assign IP Configuration button to assign these settings to the device. Close the dialog with the Close button.




V1.0 Page 60/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

5. Perform steps 2 to 4 for both SCALANCE X300. Take the IP address and the router from Table 4-8. When performing step 3, please observe the specified mac address to distinguish between the SCALANCE modules!




V1.0 Page 61/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

IP address of the server The figure below shows the network setting to which you have to change the PG/PC for the server:

Table 4-11

No. Action Remark 6. Open the Internet Protocol

(TCP/IP) Properties by selecting Start -> Settings -> Network Connection ->Local Connections Select the option field Use following IP-address and fill in the field according to the screenshot. Close the dialog boxes with “OK”.

Note Change the IP addresses of both PCs/PGs according to Table 4-8 for the access control method.

IP address of the external switch Assign the IP address and the appropriate router to the switch according to Table 4-8. A Cisco Catalyst 2955 was used for this application.




V1.0 Page 62/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

4.2.2 Configuration of the station component editor

Table 4-12

No. Action Remark

7. Open the Station Configuration Editor by selecting Start -> Station Configuration Editor or by double-clicking the icon in the taskbar Press the Import Station… button.

8. Navigate to the directory of the

STEP 7 project and open the XDBs folder. Open the HmiS_2.xdb file and click Open after the station has been imported.




V1.0 Page 63/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

9. The following dialog indicates whether the XDB file can be imported. If no error is displayed, confirm with the OK button.

10. The PC station is configured with the data from the XDB file.




V1.0 Page 64/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

11. The configuration of the PC station is now complete. OPC Server and IE-General be in “Run” mode without error. Close dialog box with "OK”.




V1.0 Page 65/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

4.2.3 Start WinCC flexible Runtime

Table 4-13

No. Action Remark

12. In SIMATIC MANAGER you open WinCC flexible RT via Right Mouse-button -> Open. WinCC flexible is opened

13. Start the WinCC Runtime via Project -> Compiler -> Start Runtime or by pressing the respective icon in the toolbar.


Configuration Process


V1.0 Page 66/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5 Configuration Process

This chapter shows the necessary steps for the configuration of the SCALANCE modules and the software.

5.1 Configuration of the SNMP OPC server

Note The SNMP OPC server has already been configured in the provided code. This section only serves for providing information.

Configuring of the SNMP OPC server occurs on the network diagnostic station.

Figure 5-1


Preparation in STEP 7 To be able to configure the SNMP OPC server, create an HMI station in the Simatic Manager, select the WinCC flexible RT device type and activate S7RTM in the Configuration tab of the HMI station properties.

In the hardware configuration of the HMI Station you add the network card used by you.




V1.0 Page 67/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Private MIB of the SCALANCE-X3xx/4xx To be able to use all SNMP information provided by the SCALANCE X modules, you require the private MIB.

The private MIB is identical for the SCALANCE X310 and X414-3E. It is thus sufficient to load only one private MIB with one of the following options.

• Webbased Management (from FW V2.3): SCALANCE modules of the X300 series from V2.3 have a button in the web-based Management, in order to download the private MIB. Table 5-1

No. Action Remark

14. Open the Webbased Management of SCALANCE X310

http://192.168.2.103

15. Go to the menu item System-> Save&Load http. You can load the private MIB via the Save Private MIB.

16. Navigate to the directory in which you wish to save the MIB.

• Service&Support Portal: Here (BID: 22015045) you can load the private MIB as well as a device profile. Select an MIB and extract it into a folder of your choice.

• SCALANCE X module: The private MIB is available to you via Web-based Management by entering the following URL in a web browser (e.g. Internet Explorer):

For X300:

http://<IP-Adresse des IE Switch X-300>/snScalanceX300.mib

For X400:

http://<IP-Adresse des IE Switch X-400>/snScalanceX400.mib Display the source text of the received page (in the Internet Explorer in the menu View -> Source) and save this text, for example, as text file under the name “PrivateMIBX300.mib”.





V1.0 Page 68/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Note The standard MIBs are stored in the following directory:

<STEP7InstallationDirectory>\S7DATA\snmp\mib

Device profiles You can either create device profiles yourself or use already existing profiles.

Device profiles that have already been prepared for all modules are located in the STEP 7 installation directory. Prepared device profiles for the SCALANCE modules already include integration of the private MIB.

To ensure that only the SNMP variables that are actually required are loaded to the SNMP OPC server, it is useful to create a device profile.

Note The prepared device profiles are stored in the following directory:

<STEP7InstallationDirectory>\S7DATA\snmp\profile




V1.0 Page 69/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5.1.1 Configuring the SNMP OPC server

Preparation

Note These preparatory steps are only necessary if your SIMATIC NET software is lower than V7.0 SP1.

Unzip the folder with the standard MIBs and replace all files located in the MIB folder of STEP 7 <STEP7InstallationDirectory>\S7DATA\snmp\mib with these new Standard MIBs.

Configuration Table 5-2

No. Action Remark

1. To configure the SNMP OPC server, select the HMI station in STEP 7 and open the Configuration. Open the OPC Server Properties and in the SNMP tab select the Edit Plant Configuration… button.

2. In the plant configuration, import all configured network nodes with name and IP address using the Import… button. Alternatively, the devices to be monitored can also be manually entered with Add.




V1.0 Page 70/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

3. To assign a separate SNMP device profile to the devices to be monitored, select the device. Use the Create Profile… button to open the corresponding dialog box.

4. With Load you can load a

preprogrammed profile.

5. To create a profile for a

SCALANCE X module, load the MIB-II_V10.txt profile as a basis. This profile is located in the STEP 7 installation directory in the S7DATA/snmp/profile folder




V1.0 Page 71/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

6. As soon as the profile has been loaded, change to the MIB modules tab. To be able to use the SCALANCE module-specific SNMP variables, reload its private MIB. To do this, click the Load MIB… button.

7. Navigate to the directory in which you have stored the Private MIB of the SCALANCE, select the file and open it. The private MIB is loaded.

8. In the Variables tab you navigate to mib-2. In the tree you search the variables which you can use for the SNMP monitoring. With the arrows you can add or remove individual or several variables of your choice from the selection.




V1.0 Page 72/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

9. Store this newly created profile under any name in the STEP 7 installation directory in the S7DATA/snmp/user_profile folder and exit the Create Profile dialog box.

10. You can now select the newly created profile as a device profile for the SCALANCE module and use it. To do this, select and double-click the device. In the Edit node dialog box, you can select the created profile or already existing profiles.

11. After exiting the dialog boxes with “OK” and saving and compiling the station, the configuration of the SNMP OPC server is complete and the station can be loaded.




V1.0 Page 73/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5.1.2 Changing the existing SCALANCE device profiles

After generation as a text file the device profiles are only stored in the STEP 7 installation directory in the S7DATA/snmp/user_profile folder and not in the STEP 7 project directory. The XDB file generated after saving and compiling the HMI station contains the necessary information.

If you do not want to change the SNMP variables of this application, you need the text file used. The code folder included in the delivery contains the device profiles of the two SCALANCE modules as a text file.

Table 5-3

No. Action Remark

1. Save the device profiles in your STEP 7 installation directory in the S7DATA/snmp/user_profile folder.

2. To change the device profiles, select the HMI station in STEP 7 and open the Configuration. Open the OPC Server Properties and in the SNMP tab select the Edit Plant Configuration… button.

3. Select a SCALANCE. Use the Create Profile… button to open the dialog box required for the change.




V1.0 Page 74/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

4. Load the respective device profile from the S7DATA/snmp/user_profile folder.

5. Change the device profile as desired and save it. Exit the dialog box by clicking OK.

6. After saving and compiling the station, the SNMP OPC server has been configured and the station can be loaded.




V1.0 Page 75/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5.2 Web-Based Management

The configuration of the SCALANCE switches occurs via Web-based Management.

Table 5-4

No. Action Remark

1. Open an Internet Browser, for example Internet Explorer or Firefox, and enter the following address: http://<IP address of SCALANCE>.

2. Enter user name and

password. Click the Log On button in order to log on.

The default settings are: User: admin Password: admin




V1.0 Page 76/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

3. The Web-based Management opens.




V1.0 Page 77/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5.3 Configuration of the redundancy method RSTP

The Rapid Spanning Tree function is configured in all SCALANCE modules.

Figure 5-2

1.SCALANCE X310

2.SCALANCE X310

External Switch

SCALANCE X414-3E

RSTP in the SCALANCE X310 Table 5-5

No. Action Remark 1. Open the Web-based

Management for the first SCALANCE X310

http://192.168.2.103

2. For the Rapid Spanning Tree the Ring Redundancy in SCALANCE must be switched off. Navigate to X-300 -> Ring Config and switch off the ring redundancy. Confirm the action with Set Values.




V1.0 Page 78/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark 3. Click Switch in the navigation

bar. Activate the RSTP and confirm your selection with Set Values.

Note Configure the second SCALANCE X310 in the same way.

RSTP in the SCALANCE X414-3E Table 5-6

No. Action Remark 1. Set the DIP switch at

SCALANCE X414-3E to the position on the right.

RM Off STBY Off R1 On R2 On

2. After changing the DIP switch, the SCALANCE must be restarted. Quickly switch the voltage supply of the SCALANCE X414-3E off and back off.

3. Open the Web-based Management for the first SCALANCE X414-3E

http://192.168.2.102

4. For the Rapid Spanning Tree the Ring Redundancy in SCALANCE must be switched off. Navigate to X-400 -> Ring Config and switch off the ring redundancy. Confirm the action with Set Values.




V1.0 Page 79/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark 5. Under Switch->Spanning

Tree you can change the Bridge Priority. The switch with the lowest bridge ID becomes the root bridge. Under Root Port you see via which port it is communicated with the Root Bridge. Save the settings with Set Values.

6. Click Switch in the navigation bar. Activate the RSTP and confirm your selection with Set Values.




V1.0 Page 80/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5.4 Configuration of the access control

5.4.1 Access Control

The Access Control function is activated in the first SCALANCE X310 (IP:192.168.2.103). Port 9 will here only be made accessible for one PC for the Port Mirorring.

Figure 5-3

1.SCALANCE X310

PC/PG




V1.0 Page 81/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Table 5-7

No. Action Remark

1. Open the Web-based Management of SCALANCE X310

http://192.168.2.103

2. Navigate to Switch-> Unicast Filter (ACL). Insert a new static entry via the New Entry button.

3. The PC, which has been entered in the static list, is located in VLAN 1. Enter this and the MAC address of the PC into the respective field. Set port 9 to M by clicking the checkbox with the mouse button. M stands for member, i.e. the Unicast telegram is sent via this port Accept the entries with Set Values.

4. Change to Switch -> Unicast Filter -> Ports and activate port 9 for the filtering. Acknowledge your changes with Set Values.

5. The entry was adopted to the static list.




V1.0 Page 82/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5.4.2 RADIUS function

Figure 5-4

2.SCALANCE X310192.168.2.104

PC/PG192.168.2.106

Server192.168.3.97

Settings in the SCALANCE X310 The RADIUS function is configured on the second SCALANCE X310 for port 10.

Table 5-8

No. Action Remark

1. Open the Web-based Management of SCALANCE X310

http://192.168.2.104

2. Go to the menu item Switch -> 802.1x -> RADIUS Server. In Primary you enter the IP address of the server (192.168.3.97). In Shared Secret or Confirm Shared Secret you enter admin. Acknowledge the dialog with Set Values.




V1.0 Page 83/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

3. Go to Switch -> 802.1x -> Authenticator. Activate port 10 for the authentication via RADIUS. Acknowledge the dialog with Set Values.




V1.0 Page 84/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Settings in Supplicant The supplicant, i.e. the node who wishes to connect with the network via this port must support the EAP protocol.

The following table shows the settings at the example of a PC with Windows XP Installation:

Table 5-9

No. Action Remark

1. Open the Properties Dialog via Start -> Settings -> Control Panel -> System. Ensure that your network card is selected. Change to the Authentication tab.




V1.0 Page 85/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

2. Select Type EAP.

Settings in the RADIUS Software The RADIUS server runs on the server PC. The following table shows the configuration of the server software at the example of the freeware tool TekRADIUS:

Table 5-10

No. Action Remark

1. Open the SQL Server Management Studio via Start -> Programs -> Microsoft SQL Server 2005-> SQL Server Management Studio Connect with your server.




V1.0 Page 86/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

2. In the navigation bar you change to the folder Security -> Logins. Select user sa and open the Properties via the right mouse-button.

3. In the Properties dialog you change the Password to admin_ ! and acknowledge it in the bottom input field. As default you select Database tempdb. Close dialog box with OK.

4. Open TekRADIUS. Change to the Settings tab and select the first tab SQL Connection. Enter the Name of your server as SQL Server. The User name is sa and the respective Password is admin_!. Activate the checkbox according to the figure on the screenshot on the right. Save the setting with Save Settings and test your connection with the SQL Server by pressing the Test Connection button.




V1.0 Page 87/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

5. Change to the next Database Table tab. Via Create you create a Database with the suggested names or assign a new name. Subsequently you generate a table with Create Tables. Save your settings with Save Settings and if necessary you restart RADIUS server.

6. In the Service Parameter tab you select 192.168.3.97 from the dropdown menu in Listen IP Address. Activate the checkbox at Authentication only and deactivate the checkbox for Accounting. Save the changes with Save Settings.

7. Should the server not yet be running, start it via the respective button.




V1.0 Page 88/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

8. Change to the Clients tab. The second SCALANCE X310 works as NAS (Network Access Server). Enter NAS 192.168.2.104 in the input field and the Secret: admin. Add this entry of the list via the Add button. The server is restarted.

9. In the User tab you create a new user. Enter a User name and select default. Press Add to add a new user to the list.

10. Assign the following Attribute to the list: Check Authentification-Method and PEAP (Protected Extensive Authentication Protocol). The assigned attributes of the list are added to the list via the Add button.




V1.0 Page 89/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5.5 Network structure

5.5.1 VLAN

Two VLAN are configured for the Office network:

• VLAN 1 with the nodes:

– both SCALANCE X310

– SCALANCE X414-3E

– external switch

– network diagnostic station

– the PG/ PC for network recording

• VLAN 3 with the server as only the node Figure 5-5

Server

External Switch

PC/PG

PC/PG

2.SCALANCE X310

1.SCALANCE X310


SCALANCE X414-3E

VLAN 1VLAN 3

Note The SCALANCE X cannot send any e-mail, Syslog message, etc. via a

port which is assigned to a VLAN different to itself.




V1.0 Page 90/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Settings at the first SCALANCE X310 Table 5-11

No. Action Remark

1. Open the Web-based Management for the first SCALANCE X310

http://192.168.2.103

2. In Agent you check whether the SCALANCE itself is also located in VLAN 1.

3. Select the menu item Switch -> VLAN. Click on 1 Default VLAN 1.

4. The ports are assigned to the

VLAN 1 on the output side. By clicking the ports the identification can be changed. Change the identification of the ports according to the figure. Acknowledge your input with Set Values. • Port 1,8,9,10 contains nodes which receive the

data package without tag (i.e. without 4 bytes expansion in the Ethernet Frame). Identification “U“

• Further switches are connected at port 2,5,6. Data packages to them are sent with tag. Identification “M“.

• Port 3,4,7 are not nodes at the VLAN. Identification “-”




V1.0 Page 91/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

5. On the input side the assignment of the ports to a certain VLAN is not necessary here, since the ports are by default assigned to VLAN 1.

Settings at the second SCALANCE X310 Table 5-12

No. Action Remark

1. Open the Web-based Management for the second SCALANCE X310

http://192.168.2.104


3. Select the menu item

Switch -> VLAN. Click on 1 Default VLAN 1.




V1.0 Page 92/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

4. The ports are assigned to the VLAN 1 on the output side. By clicking the ports the identification can be changed. Change the identification of the ports according to the figure. Acknowledge your input with Set Values. • Port 8,9,10 contains nodes which receive the data

package without tag (i.e. without 4 bytes expansion in the Ethernet Frame). Identification “U“

• Further switches are connected at port 1,5. Data packages to them are sent with tag. Identification “M“.

• Port 2,3,4,6,7 are not nodes at the VLAN. Identification “-”

5. On the input side the assignment of the ports to a certain VLAN is not necessary here, since the ports are by default assigned to VLAN 1.




V1.0 Page 93/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Settings at the SCALANCE X414-3E Table 5-13

No. Action Remark


http://192.168.2.102


3. Select the menu item Switch -> VLAN. Click on 1 Default VLAN 1.

4. The ports are assigned to the VLAN 1 on the output side. By clicking the ports the identification can be changed. Change the identification of the ports according to the figure. Acknowledge your input with Set Values. Note: Ports 5.1 and 5.2 are not changed so they still have the option to connect to SCALANCE X414-3E via a PC.

• Further switches are connected at port 10.0, 10.2.

Data packages to them are sent with tag. Identification “M”.

• The other ports are not nodes at the VLAN. Identification “-”




V1.0 Page 94/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

5. Select the menu item Switch -> VLAN. Create a new VLAN by clicking New Entry.

6. The new VLAN ID is 3. Enter

any name and select port 11.1 as node for this VLAN. Since the server is connected with this port, the port is marked with Identification “U”. Accept the changes with Set Values.

7. Go one menu item further to Ports. Port 11.1 is no also connected with VLAN 3 on the output side. Click Port 11.1.

8. Assign VLAN ID 3 to this port on the input side as well and acknowledge with Set Values.

Note The external switch must now be configured for VLAN 1.




V1.0 Page 95/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5.5.2 Setting up the VLAN routing

Table 5-14

No. Action Remark


http://192.168.2.102

2. Select Router-> Subnets from the navigation tree. Create a new entry by pressing New Entry.

3. Enter “3” at VLAN ID. Any IP

address will do, however, it must be located in the same subnet as the server itself (here: 192.168.3.1). This address is assigned to port 11.1 and corresponds to a router for the server (see network settings for the server). Accept the settings with Set Values.

4. The entry was adopted to the current routing list. This enables a communication between different VLANs.




V1.0 Page 96/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5.6 Configuration of the diagnostic function

5.6.1 E-mail function

Setting at the SCALANCE The e-mail function is configured at the second SCALANCE X310 and at SCALANCE X414-3E. The following table shows the required steps at the SCALANCE X310. The configuration in SCALANCE X414-3E occurs analog.

Table 5-15

No. Action Remark 1. Open the Web-based

Management of the second SCALANCE X310.

http://192.168.2.104

2. Select the point Agent. Activate or deactivate the functions as depicted in the overleaf screen. Accept the changes with the Set Values button.

3. Change to the submenu

Event Config. Here you can assign the e-mail function to a certain event. Acknowledge this dialog with Set Values.

4. The configuration of SMTP server and e-mail address occurs in the section e-mail Config. Enter [email protected] as a receiver. The SMTP server runs on the server (192.168.3.97). Acknowledge the dialog also with Set Values. Note: The receiver e-mail address is configured later on.




V1.0 Page 97/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Note Configure the SCALANCE X414-3E in the same way.

Configuring the LAN SMTP server The SMTP server receives the e-mails from the SCALANCE modules and makes them available to an e-mail program. The configuration of a LAN SMTP server is displayed by means of a Jana server.

Table 5-16

No. Action Remark

1. Open the configuration page via Start –> Programs-> Jana Server 2-> Administration. Select Configuration (Administration) on the start page.

2. Select the Basic Settings

point from the Configuration box and then point IP addresses from the Basic Settings box.

3. Enter IP address

192.168.3.97 in addition to the local address. Both IP addresses are separated by a comma. Save the new entry with Submit.




V1.0 Page 98/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

4. Enable the Email Server for both addresses and accept the settings with by pressing Submit.

5. Restart the PC.

6. Select the E-Mail point from the Configuration box and then from the Modus Advanced box.

7. On the new page you click

the first General point in the E-Mail box. In General Email Parameters you enter an e-mail address for the administrator. ([email protected]) Scroll down the page a little bit and save these settings with Submit.




V1.0 Page 99/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

8. Scroll the page further down and activate the Authentication at Smtp Server - Parameters. Save these settings with Submit.

9. In the Email box you change to Smtp-Server and create a new server with New.

10. Enter the IP address of the

server (192.168.3.97) as Server Name and select Authentication Username/ Password. SMTP was selected as User ID and Password. Save these settings with Submit.

11. In the next step the point

Email users in the Email box is edited. Create a new user by clicking on New




V1.0 Page 100/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

12. Enter [email protected] as the e-mail address, and Scalance as account name and admin as password. As Smtp-Server you select the IP address 192.168.3.97/SMTP. Save these settings with Submit.

13. Restart the PC.




V1.0 Page 101/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Setting up the e-mail program The e-mail program calls up the messages which come in at the SMTP server and displays them in plain text. Mozilla Thunderbird was used as a freeware tool.

Table 5-17

No. Action Remark

1. Open Mozilla Thunderbird and generate a new e-mail account.

2. In the following dialog you

select Email account and change to the next step with Next.




V1.0 Page 102/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

3. Enter Admin as the name and the e-mail address [email protected]. Go to the next input with Next.

4. The LAN server is an SMTP as well as a POP3 server. Enter the IP address of the server in both entry fields. Activate the checkbox “Use Gobal Inbox”. Then press Next.




V1.0 Page 103/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

5. Enter the user name Scalance. Go to the next step with Next.

6. The e-mail address from step 3 is automatically used as account name. You can also change it at random. Then press Next.




V1.0 Page 104/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

7. Terminate the creating of a new e-mail account with Finish.

8. You can receive and read the e-mails of the SCALANCE switches.




V1.0 Page 105/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

5.6.2 Syslog messages

Setting at the SCALANCE X The Syslog messages are configured at the first SCALANCE X310 and at SCALANCE X414-3E. The following table shows the required configuration steps at SCALANCE X310. The configuration in SCALANCE X414-3E occurs analog.

Table 5-18

No. Action Remark

1. Open the Web-based Management for the SCALANCE X310

http://192.168.2.103

2. Navigate to Agent and deactivate or activate the function according to the figure on the right. Secure the input with Set Values.

3. Go to Agent -> Event Config and activate the functions which are to trigger a Syslog message. Accept the settings with Set Values.

4. Go to Agent -> Event Config and enter the Syslog Server (192.168.3.97). Accept the settings with Set Values.




V1.0 Page 106/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Note Configure the SCALANCE X414-3E in the same way.

Configuring the Syslog server Kiwi Syslog Daemon is used as Syslog server. This program can be started without special configuration. It listens for Syslog messages at port 514 and provides these as plain text message.

5.6.3 SNMP traps

Setting in SCALANCE The SNMP Traps function is configured in all SCALANCE modules. The following table shows the required steps at the SCALANCE X310. The configuration in SCALANCE X414-3E occurs analog.

Table 5-19

No. Action Remark

1. Open the Web-based Management for the SCALANCE X310

http://192.168.2.103

2. Go to Agent -> Event Config and activate the functions which are to trigger a SNMP Trap. Accept the settings with Set Values.

3. Navigate to Agent -> SNMP and activate Traps. Save the settings with Set Values.




V1.0 Page 107/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

4. In the submenu Trap Config you enter the SNMP Trap Receiver (192.168.3.97). Activate this IP address for Trap. Close the dialog with Set Values.

Note Configure the second SCALANCE X310 and SCALANCE X414-3E in the same way.

Setting up the SNMP Traps receiver As SNMP Trap receiver the Freeware program SNMP Trap Watcher is used. This program can be started without special configuration. It listens for new SNMP Traps at UDP port 162 and provides these as plain text message.

5.6.4 Port Mirroring

Setting at the SCALANCE The Port Mirroring is configured at the first SCALANCE X310. The data traffic via port 5 is mirrored to port 9 for monitoring.

Table 5-20

No. Action Remark

1. Open the Web-based Management for the first SCALANCE X310

http://192.168.2.103

2. Go to menu item Switch and activate the Port Mirroring. Select Port 5 as Mirrored Port and Port 9 as Monitor Port. Save the changes with Set Values.


Operating Scenarios in the Example Network


V1.0 Page 108/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

6 Operating Scenarios in the Example Network

Overview of the overall configuration Figure 6-1

2.SCALANCE X310->RADIUS->RSTP->Email->SNMP Traps

1.SCALANCE X310 ->Access Control->RSTP->Syslog->Port Mirroring->SNMP TrapsNetwork Diagnostic Station

->WinCC flexible->SNMP OPC Server

Server->Emailserver->Syslog-Server->SNMP trapreceiver

SCALANCE X414-3E>RSTP>VLAN-Router>Syslog>Email>SNMP Traps

External Switch->RSTP->Syslog->SNMP Traps

PC/PG-> Network recording

PC/PG

Preparation Start or open all programs which were installed for this application on the server.




V1.0 Page 109/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

6.1 Scenario redundancy

As soon as the topology of the network changes, the RSTP function is activated. This scenario shows the option of testing and reporting RSTP.

The following nodes are involved at the RSTP function: Figure 6-2

2.SCALANCE X310

1.SCALANCE X310

Server

SCALANCE X414-3E

External Switch




V1.0 Page 110/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Table 6-1

No. Action Remark 1. Pull the Ethernet cable from

port 10.1 of the SCALANCE X414-3E.

Due to the Link Down at the port the transmission path is deactivated and an alternative route must be searched.

2. You will be informed via e-mail that a topology change has taken place…

3. …and possibly the Root Bridge

has changed.

4. A short message about the

topology change is passed on to the Syslog server.




V1.0 Page 111/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

6.2 Scenario access control

Access Control The following nodes are involved in the Access Control function:

Figure 6-3

1.SCALANCE X310

PG/PC




V1.0 Page 112/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Table 6-2

No. Action Remark 1. Connect the network

management station with port 9 of the first SCALANCE and open the Web-based Management of SCALANCE.

http://192.168.2.103

2. The access to SCALANCE X310 will not be granted. Through ACL the MAC address of a different PG was assigned to port 9. A node with deviating MAC address will not be granted access.

3. If on the other hand you plug in

the PG for the port monitoring at port 9, the Web-based Management of this SCALANCE can be opened without problems.




V1.0 Page 113/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

RADIUS The following nodes are involved at the RADIUS function:

Figure 6-4

2.SCALANCE X310 RADIUS Client

Server




V1.0 Page 114/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Table 6-3

No. Action Remark

1. Activate the PEAP on a PC/ PG.

An instruction is available in chapter “RADIUS function”.

2. Connect this PC/PG with port 10 of the SCALANCE X310.

3. Using a network sniffer you can follow the communication between SCALANCE and RADIUS server.

4. Try and open the Web-based Management of SCALANCE. If the authentication is successful and hence the configuration at the network, the start page is displayed for you.

5. If the authentication fails, the configuration at the network is blocked.




V1.0 Page 115/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

6.3 Diagnosis scenario

This chapter illustrates how the individual IT functions in SCALANCE can be used for diagnosis.

E-Mail The following nodes are involved in the e-mail function:

Figure 6-5

2.SCALANCE X310

SCALANCE X414-3E

Server




V1.0 Page 116/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Table 6-4

No. Action Remark 1. Disconnect a port of

SCALANCE X310 or SCALANCE X414-3E.

2. You will be informed of this event via e-mail.

3. If the topology also changes you will receive an e-mail.




V1.0 Page 117/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark 4. If the root bridge had changed

you will receive a further e-mail.

5. Open the Web-based Management of a SCALANCE module and logon with a wrong password. SCALANCE will subsequently send an e-mail to the SMTP server.




V1.0 Page 118/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark 6. Restart SCALANCE by briefly

switching the power supply on and off. As soon as SCALANCE reboots, an e-mail is sent with information.




V1.0 Page 119/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Syslog The following nodes are involved at the Syslog function:

Figure 6-6

2.SCALANCE X310

1.SCALANCE X310

SCALANCE X414-3E

External Switch

Server

Table 6-5

No. Action Remark

1. Disconnect a port of SCALANCE X310 or SCALANCE X414-3E. The Link Down is transmitted as short message to the server.

2. If the topology is also changed by this, a Syslog message is sent to the server.




V1.0 Page 120/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

3. Should the root bridge also have changed, you will also be notified of this via a short message.

4. Restart the SCALANCE by briefly switching the power supply off and back on. As soon as SCALANCE reboots, an Syslog message is sent.

SNMP Traps The following nodes are involved at the SNMP traps function:

Figure 6-7

2.SCALANCE X310

1.SCALANCE X310

SCALANCE X414-3E

External Switch

Server




V1.0 Page 121/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Table 6-6

No. Action Remark

1. Disconnect a port of SCALANCE X310 or SCALANCE X414-3E. SCALANCE then sends a brief text message to the trap receiver.

2. Open the Web-based Management of a SCALANCE module and logon with a wrong password. SCALANCE then sends an SNMP trap.

3. Restart SCALANCE by briefly

switching the power supply on and off. As soon as SCALANCE reboots, an SNMP trap is sent.




V1.0 Page 122/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

6.4 Network diagnosis station

The following nodes are involved at the network diagnosis station: Figure 6-8

Network Diangostic Station

1.SCALANCE X310

2.SCALANCE X310 PG/PC

PG/PC

External Switch

Server

SCALANCE X414-3E




V1.0 Page 123/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

Table 6-7

No. Action Remark

1. The general overview shows the status of the network in WinCC flexible.

2. Disconnect port 10.1 from the SCALANCE X414-3E. Modules which cannot be accessed any longer are displayed in red.

3. Pressing the Network Statistic

button takes you to a detailed diagnostic screen. SCALANCE X414-3E is not accessible and hence displays no port status. The first SCALANCE X310 has a link down at port 2, since it is connected with the no longer accessible SCALANCE X414-3E.




V1.0 Page 124/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

4. Go back to the general overview and click on the first SCALANCE X310. A new window opens.

5. With the ON and OFF buttons individual events can be attached to or removed from Syslog messages.

6. If necessary, you can also

change the IP address of the Syslog server on this page. Select the IP address for this and write a new address into the input field. Close your input with the <Return> button.

7. You can also activate and

deactivate the port monitoring using the ON and OFF buttons as well as the ports. Select the port for this and write a change to the input field. Close your input with the <Return> button.




V1.0 Page 125/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

No. Action Remark

8. Go back to the general overview and click on the second SCALANCE X310. A new window opens.

9. Using the ON and OFF buttons individual events can be attached to or removed from e-mail messages.

10. If necessary, you can change the e-mail and IP address of the Syslog server on this page. Select the IP address for this and write your address into the input field. Close your input with the <Return> button.

Appendix and List of Further Literature

Glossary


V1.0 Page 126/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc


7 Glossary

Table 7-1

Term Meaning

SMTP Simple Mail Transfer Protocol; a protocol of the internet family for exchanging e-mails in a network.

MIB Management Information Base; a tree structure which for SNMP contains all relevant data for the network management.

SNMP Simple Network Management Protocol; standardized protocol for transporting network management information.

RADIUS Remote Authentication Dial-In User Service; protocol for authentication, authorization and accounting of users in a network.

RSTP Rapid Spanning Tree Protocol; protocol for switching off redundant paths in meshed networks.

Syslog Protocol; transmitting of messages in a network to a Syslog server.

VLAN Virtual Local Area Network; virtual local network within a physical network.

8 Literature

Internet links This list is by no means exhaustive and only gives a selection of appropriate sources. Table 8-1

Topic Title \1\ Reference to

this documentation

http://support.automation.siemens.com/WW/view/en/29217038

\2\ Siemens A&D Customer Support

http://www.ad.siemens.de/support

\3\ Manual SCALANCE

SIMATIC NET Industrial Ethernet Switches SCALANCE X-300 SCALANCE X-400 Configuration Manual (BID: 19625108)



http://www.ad.siemens.de/support�




History


V1.0 Page 127/127

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2921

7038

_SC

ALA

NC

E_O

FFIC

E_D

OK

U_v

10_e

.doc

9 History Table 9-1 History

Version Date Modification

V1.0 31.05.2008 First edition

Documents

29217038 Scalance Office Doku v10 e