Siemens SIMATIC NET SCALANCE W760 User manual
SCALANCE W760 / W720 (*** OUTDATED TRANSLATION! ***)
SIMATIC NET
Industrial Wireless LAN
SCALANCE W760 / W720
Operating Instructions
03/2022
C79000
-G8976-C322-13
Introduction
1
Safety notices
2
Security
recommendations
3
Description of the device
4
Installation and removal
5
Connection
6
Maintenance and cleaning
7
Troubleshooting
8
Technical data
9
Dimension drawings
10
Approvals
11
Siemens AG
Digital Industries
Postfach 48 48
90026 NÜRNBERG
GERMANY
C79000-G8976-C322-13
Ⓟ
05/2022 Subject to change
Copyright © Siemens AG 2014 -
2022.
All rights reserved
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to
prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a
safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices
shown below are graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger
will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning
relating to property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the
specific task in accordance with the relevant documentation, in particular its warning notices and safety
instructions. Qualified personnel are those who, based on their training and experience, are capable of
identifying risks and avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant
technical documentation. If products and components from other manufacturers are used, these must be
recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning,
operation and maintenance are required to ensure that the products operate safely and without any
problems. The permissible ambient conditions must be complied with. The information in the relevant
documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this
publication may be trademarks whose use by third parties for their own purposes could violate the rights of
the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in
subsequent editions.
SCALANCE W760 / W720
Operating Instructions, 03/2022, C79000-G8976-C322-13 3
Table of contents
1 Introduction .................................................................................................................................................5
2 Safety notices..............................................................................................................................................9
3 Security recommendations .................................................................................................................... 11
4 Description of the device........................................................................................................................ 19
4.1 Structure of the type designation ................................................................................................. 19
4.2 Device view ....................................................................................................................................... 20
4.3 Components of the product ........................................................................................................... 20
4.4 Accessories ....................................................................................................................................... 21
4.4.1 Industrial Ethernet ........................................................................................................................... 21
4.4.2 Flexible connecting cables and antennas................................................................................... 22
4.4.2.1 Flexible connecting cables............................................................................................................. 22
4.4.2.2 Lightning protection ........................................................................................................................ 23
4.4.2.3 Terminating resistor ........................................................................................................................ 23
4.4.2.4 Cabinet feedthrough........................................................................................................................ 23
4.4.2.5 Antennas............................................................................................................................................ 24
4.5 LED display........................................................................................................................................ 26
4.6 Reset button...................................................................................................................................... 29
5 Installation and removal ......................................................................................................................... 31
5.1 Safety notices for installation........................................................................................................ 31
5.2 Installing on a DIN rail / removing................................................................................................ 34
6 Connection................................................................................................................................................ 37
6.1 Safety when connecting up............................................................................................................ 37
6.2 Power supply..................................................................................................................................... 42
6.3 Ethernet.............................................................................................................................................. 43
6.4 Antenna connector........................................................................................................................... 43
6.5 Grounding .......................................................................................................................................... 45
7 Maintenance and cleaning ..................................................................................................................... 47
8 Troubleshooting....................................................................................................................................... 49
8.1 Restoring the factory settings ....................................................................................................... 49
8.2 Firmware update via WBM or CLI not possible ......................................................................... 50
9 Technical data.......................................................................................................................................... 53
Table of contents
SCALANCE W760 / W720
4Operating Instructions, 03/2022, C79000-G8976-C322-13
10 Dimension drawings................................................................................................................................ 55
11 Approvals .................................................................................................................................................. 57
Index .......................................................................................................................................................... 59
SCALANCE W760 / W720
Operating Instructions, 03/2022, C79000-G8976-C322-13 5
Introduction
1
Validity of the Operating Instructions
These operating instructions cover the following products:
Product
Article number
Article number
US version
Article number
Israel version
Access point
SCALANCE W761-1 RJ-45
6GK5761-1FC00-0AA0
6GK5761-1FC00-0AB0
-
Ethernet client modules
SCALANCE W722-1 RJ-45
(iFeatures)
6GK5722-1FC00-0AA0
6GK5722-1FC00-0AB0
6GK5722-1FC00-0AC0
SCALANCE W721-1 RJ-45
6GK5721-1FC00-0AA0
6GK5721-1FC00-0AB0
-
These operating instructions apply to the following software version:
•SCALANCE W760/W720 with firmware as of version 6.5
Purpose of the Operating Instructions
Using the Operating Instructions, you will be able to install and connect the SCALANCE
W760/W720 correctly. The configuration and the integration of the device in a WLAN are
not described in these instructions.
Documentation on the accompanying DVD
You can find detailed information about configuration in the SCALANCE W700
configuration manuals on the accompanying DVD under the file name:
PH_SCALANCE-W760-W720-WBM_76.pdf and PH_SCALANCE-W760-W720-
CLI_76.pdf
Note
Make sure that you read the explanations and instructions in the README.txt file
Documentation on the Internet
You can find the current version of the document on the Internet at
(https://support.industry.siemens.com/cs/de/en/ps/15859/man)
Enter the name or article number of the product in the search filter.
Introduction
SCALANCE W760 / W720
6Operating Instructions, 03/2022, C79000-G8976-C322-13
Documentation on configuration
You will find detailed information on configuring the devices in the following
configuration manuals:
•SCALANCE W760/W720 nach IEEE 802.11n Web Based Management
•SCALANCE W760/W720 nach IEEE 802.11n Command Line Interface
Note
Make sure that you read the explanations and instructions in the readme.htm file.
Training, Service & Support
You will find information on Training, Service & Support in the multi-language document
"DC_support_99.pdf" on the data medium supplied with the documentation.
Security information
Siemens provides products and solutions with industrial security functions that support
the secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement –and continuously maintain –a holistic, state-of-the-art
industrial security concept. Siemens’ products and solutions constitute one element of
such a concept.
Customers are responsible for preventing unauthorized access to their plants, systems,
machines and networks. Such systems, machines and components should only be
connected to an enterprise network or the internet if and to the extent such a connection
is necessary and only when appropriate security measures (e.g. firewalls and/or network
segmentation) are in place.
For additional information on industrial security measures that may be implemented,
please visit
https://www.siemens.com/industrialsecurity
(https://www.siemens.com/industrialsecurity).
Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends that product updates are applied as soon as they
are available and that the latest product versions are used. Use of product versions that
are no longer supported, and failure to apply the latest updates may increase customer’s
exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security
RSS Feed under
https://www.siemens.com/cert (https://www.siemens.com/cert).
Introduction
SCALANCE W760 / W720
Operating Instructions, 03/2022, C79000-G8976-C322-13 7
Firmware
The firmware is signed and encrypted. This ensures that only firmware created by
Siemens can be downloaded to the device.
The firmware is available on the Internet pages of the Siemens Industry Online Support:
(https://support.industry.siemens.com/cs/de/en/ps/15860/dl)
Note on firmware/software support
Check regularly for new firmware/software versions or security updates and apply them.
After the release of a new version, previous versions are no longer supported and are not
maintained.
Device defective
If a fault develops, send the device to your SIEMENS representative for repair. Repairs
on-site are not possible.
Decommissioning
Shut down the device properly to prevent unauthorized persons from accessing
confidential data in the device memory.
To do this, restore the factory settings on the device.
Also restore the factory settings on the storage medium.
Recycling and disposal
The products are low in pollutants, can be recycled and meet the requirements of the
WEEE directive 2012/19/EU for the disposal of electrical and electronic equipment.
Do not dispose of the products at public disposal sites.
For environmentally friendly recycling and the disposal of your old device contact a
certified disposal company for electronic scrap or your Siemens contact (Product return
(https://support.industry.siemens.com/cs/ww/en/view/109479891)).
Note the different national regulations.
Trademarks
The following and possibly other names not identified by the registered trademark sign ®
are registered trademarks of Siemens AG:
SCALANCE, C-PLUG, RCoax
Introduction
SCALANCE W760 / W720
8Operating Instructions, 03/2022, C79000-G8976-C322-13
SCALANCE W760 / W720
Operating Instructions, 03/2022, C79000-G8976-C322-13 9
Safety notices
2
CAUTION
To prevent injury and damage, read the manual before using the device.
Read the safety notices
Note the following safety notices. These relate to the entire working life of the device.
You should also read the safety notices relating to handling in the individual sections,
particularly in the sections "Installation" and "Connecting up".
WARNING
Hot surfaces
Electric devices have hot surfaces. Do not touch these surfaces. They could cause
severe burns.
•Allow the device to cool down before starting any work on it.
WARNING
EXPLOSION HAZARD
Do not open the device when the supply voltage is turned on.
Safety notices
SCALANCE W760 / W720
10 Operating Instructions, 03/2022, C79000-G8976-C322-13
SCALANCE W760 / W720
Operating Instructions, 03/2022, C79000-G8976-C322-13 11
Security recommendations
3
To prevent unauthorized access to the device and/or network, observe the following
security recommendations.
General
•Check the device regularly to ensure that these recommendations and/or other
internal security policies are complied with.
•Evaluate the security of your location and use a cell protection concept with suitable
products (https://www.siemens.com/industrialsecurity).
•When the internal and external network are disconnected, an attacker cannot access
internal data from the outside. Therefore operate the device only within a protected
network area.
•No product liability will be accepted for operation in a non-secure infrastructure.
•Use VPN to encrypt and authenticate communication from and to the devices.
•For data transmission via a non-secure network, use an encrypted VPN tunnel (IPsec,
OpenVPN).
•Separate connections correctly (WBM, SSH etc.).
•Check the user documentation of other Siemens products that are used together with
the device for additional security recommendations.
•Using remote logging, ensure that the system protocols are forwarded to a central
logging server. Make sure that the server is within the protected network and check
the protocols regularly for potential security violations or vulnerabilities.
WLAN
•We recommend that you ensure redundant coverage for WLAN clients.
•More information on data security and data encryption for SCALANCE W is available
in SCALANCE W: Setup of a Wireless LAN in the Industrial Environment
(https://support.industry.siemens.com/cs/ww/en/view/22681042)
Authentication
Note
Accessibility risk
- Risk of data loss
Do not lose the passwords for the device. Access to the device can only be restored by
resetting the
device to factory settings which completely removes all configuration data.
Security recommendations
SCALANCE W760 / W720
12 Operating Instructions, 03/2022, C79000-G8976-C322-13
•Replace the default passwords for all user accounts, access modes and applications
(if applicable) before you use the device.
•Define rules for the assignment of passwords.
•Use passwords with a high password strength. Avoid weak passwords, (e.g.
password1, 123456789, abcdefgh) or recurring characters (e.g. abcabc).
This recommendation also applies to symmetrical passwords/keys configured on the
device.
•Make sure that passwords are protected and only disclosed to authorized personnel.
•Do not use the same passwords for multiple user names and systems.
•Store the passwords in a safe location (not online) to have them available if they are
lost.
•Regularly change your passwords to increase security.
•A password must be changed if it is known or suspected to be known by unauthorized
persons.
•When user authentication is performed via RADIUS, make sure that all
communication takes place within the security environment or is protected by a
secure channel.
•Watch out for link layer protocols that do not offer their own authentication between
endpoints, such as ARP or IPv4. An attacker could use vulnerabilities in these
protocols to attack hosts, switches and routers connected to your layer 2 network, for
example, through manipulation (poisoning) of the ARP caches of systems in the
subnet and subsequent interception of the data traffic. Appropriate security measures
must be taken for non-secure layer 2 protocols to prevent unauthorized access to the
network. Physical access to the local network can be secured or secure, higher layer
protocols can be used, among other things.
Certificates and keys
•There is a preset SSL/TLS (RSA) certificate with 2048 bit key length in the device.
Replace this certificate with a user-generated, high-quality certificate with key. Use a
certificate signed by a reliable external or internal certification authority. You can
install the certificate via the WBM ("System > Load and Save").
•Use certificates with a key length of 4096 bits.
•Use the certification authority including key revocation and management to sign the
certificates.
•Make sure that user-defined private keys are protected and inaccessible to
unauthorized persons.
•If there is a suspected security violation, change all certificates and keys immediately.
•Use password-protected certificates in the format "PKCS #12".
Security recommendations
SCALANCE W760 / W720
Operating Instructions, 03/2022, C79000-G8976-C322-13 13
•Verify certificates based on the fingerprint on the server and client side to prevent
"man in the middle" attacks. Use a second, secure transmission path for this.
•Before sending the device to Siemens for repair, replace the current certificates and
keys with temporary disposable certificates and keys, which can be destroyed when
the device is returned.
Physical/remote access
•Operate the devices only within a protected network area. Attackers cannot access
internal data from the outside when the internal andthe external network are
separate from each other.
•Limit physical access to the device exclusively to trusted personnel.
The memory card or the PLUG (C-PLUG, KEY-PLUG, CLP) contains sensitive data
such as certificates and keys that can beread out and modified. An attacker with
control ofthe device's removable media could extract critical information such as
certificates, keys, etc. orreprogram the media.
•Lock unused physical ports on thedevice. Unused ports can be used to access the
system without authorization.
•For communication via non-secure networks, use additional devices with VPN
functionality to encrypt and authenticate communication.
•When you establish a secure connection to a server (for example for an upgrade),
make sure that strong encryption methods and protocols are configured for the
server.
•Terminate the management connections (e.g. HTTP, HTTPS, SSH) properly.
•Make sure that the device has been powered down completely before you
decommission it.For more information, refer to"Decommissioning (Page 7)".
•We recommend formatting a PLUG that is not being used.
Hardware / Software
•Use VLANs whenever possible as protection against denial-of-service (DoS) attacks
and unauthorized access.
•Restrict access to thedevice bysetting firewall rules or rules in anaccess control list
(ACL).
•Selected services are enabled bydefault inthe firmware. It isrecommended toenable
only the services that are absolutely necessary for your installation.
For more information onavailable services, see "List ofavailable services (Page 15)".
•Use the latest web browser version compatible with theproduct to ensure you are
using themost secure encryption methods available. Also, thelatest web browser
versions of Mozilla Firefox, Google Chrome, and Microsoft Edge have 1/n-1 record
splitting enabled, which reduces the risk ofattacks such as SSL/TLS Protocol
Initialization Vector Implementation Information Disclosure Vulnerability (for example,
BEAST).
Security recommendations
SCALANCE W760 / W720
14 Operating Instructions, 03/2022, C79000-G8976-C322-13
•Ensure that the latest firmware version isinstalled, including all security-related
patches.
You can find thelatest information onsecurity patches for Siemens products at the
Industrial Security (https://www.siemens.com/industrialsecurity)orProductCERT
Security Advisories (https://www.siemens.com/cert) website.
For updates on Siemens product security advisories, subscribe to the RSS feed onthe
ProductCERT Security Advisories website or follow @ProductCert on Twitter.
•Enable only those services that are used on the device, including physical ports. Free
physical ports can potentially be used togain access tothe network behind the device.
•For optimal security, use SNMPv3 authentication and encryption mechanisms
whenever possible, and use strong passwords.
•Configuration files can be downloaded from the device. Ensure that configuration files
are adequately protected. The options for achieving this include digitally signing and
encrypting the files, storing them in asecure location, ortransmitting configuration
files only through secure communication channels.
Configuration files can be password protected during download. You enter passwords
on the WBM page "System > Load & Save >Passwords".
•When using SNMP (Simple Network Management Protocol):
–Configure SNMP togenerate anotification when authentication errors occur. For
more information, seeWBM "System > SNMP > Notifications".
–Ensurethat the default community strings are changed to unique values.
–Use SNMPv3 whenever possible. SNMPv1 and SNMPv2c are considered non-
secure and should only be used when absolutely necessary.
–If possible, prevent write access above all.
•Use thesecurity functions suchas address translation with NAT (Network Address
Translation) orNAPT (Network Address Port Translation) toprotect receiving ports
from access by third parties.
•Use WPA2/ WPA2-PSK with AES to protect the WLAN. You can find additional
information inthe configuration manual Web Based Management "Security menu".
Secure/ non-secure protocols
•Use secure protocols if access to the device is not prevented by physical protection
measures.
•Disable or restrict the use of non-secure protocols. While some protocols are secure
(e.g. HTTPS, SSH, 802.1X, etc.), others were not designed for the purpose of securing
applications (e.g. SNMPv1/v2c, RSTP, etc.).
Therefore, take appropriate security measures against non-secure protocols to
prevent unauthorized access to the device/network. Use non-secure protocols on the
device using a secure connection (e.g. SINEMA RC).
Security recommendations
SCALANCE W760 / W720
Operating Instructions, 03/2022, C79000-G8976-C322-13 15
•If non-secure protocols and services are required, ensure that the device is operated
in a protected network area.
•Check whether use of the following protocols and services is necessary:
–Non-authenticated and unencrypted ports
–LLDP
–Syslog
–DHCP options 66/67
–TFTP
–Telnet
–HTTP
–SNMP v1/2c
–Syslog
–SNTP
•The following protocols provide secure alternatives:
–SNMPv1/v2c → SNMPv3
Check whether use of SNMPv1/v2c is necessary. SNMPv1/v2c is classified as
non-secure. Use the option of preventing write access. The product provides you
with suitable setting options.
If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.
Use SNMPv3 in conjunction with passwords.
–HTTP → HTTPS
–Telnet → SSH
–TFTP → SFTP
–Syslog Client → Syslog Client TLS
•Using a firewall, restrict the services and protocols available to the outside to a
minimum.
•For the DCP function, enable the "Read Only" mode after commissioning.
List of available services
The following is a list of all available services and their ports through which the device
can be accessed.
The table includes the following columns:
•Service
The services that the device supports
•Default port status
This is the status of the port in the delivery state (factory setting).
Security recommendations
SCALANCE W760 / W720
16 Operating Instructions, 03/2022, C79000-G8976-C322-13
•Configurable port/service
Indicates whether the port number or the service can be configured via WBM / CLI.
•Authentication
Specifies whether the communication partner is authenticated.
If optional, the authentication can be configured as required.
•Encryption
Specifies whether the transfer is encrypted.
If optional, the encryption can be configured as required.
Service Protocol / Port
number
Default port
status
Configurable
Authentication Encryption
Port
Service
DHCP Client IPv4
UDP/68
Outgoing only
--
✓
--
--
DHCP Client IPv6
UDP/546
Outgoing only
--
✓
--
--
DHCP Server
UDP/67
Closed
--
✓
--
--
DNS Client
TCP/53
UDP/53
Outgoing only
--
✓
--
--
EthernetIP
TCP/44818
UDP/2222
UDP/44818
Closed
--
✓
--
--
HTTP
TCP/80
Open
✓
✓
✓
--
HTTPS
TCP/443
Open
✓
✓
✓
✓
NTP Client
UDP/123
Outgoing only
✓
✓
--
--
PROFINET
UDP/34964
UDP/49154
UDP/49155
Open
--
✓
--
--
RADIUS Client
UDP/1812
Outgoing only
✓
✓
✓
--
Remote Capture
TCP/2002
Closed
--
✓
--
--
SFTP Client
TCP/22
Closed
✓
✓
✓
✓
SMTP Client
TCP/25
Closed
✓
✓
--
--
SMTP Client (secure)
1)
TCP/465
Closed
✓
✓
✓
✓
SNMPv1/v2c
UDP/161
Open
✓
✓
--
--
SNMPv3
UDP/161
Open
✓
✓
Optional
Optional
SNMP Traps
UDP/162
Outgoing only
--
✓
--
--
SNTP Client
UDP/123
Outgoing only
✓
✓
--
--
SSH
TCP/22
Open
✓
✓
✓
✓
Syslog Client
UDP/514
Closed
✓
✓
--
--
Syslog (secure) Client
TCP/6514
Closed
✓
✓
--
✓
Telnet
TCP/23
Closed 1) /
Open 2)
✓
✓
✓
--
TFTP Client
UDP/69
Outgoing only
✓
✓
--
--
1) Only for SCALANCE W1700ac
2) Only for SCALANCE W700n
Security recommendations
SCALANCE W760 / W720
Operating Instructions, 03/2022, C79000-G8976-C322-13 17
The following is a list of all available Layer 2 services through which the device can be
accessed.
The table includes the following columns:
•Layer 2 service
The Layer 2 services that the device supports.
•Default status
The default status of the service (open or closed).
•Service configurable
Indicates whether the service can be configured via WBM / CLI.
Layer 2 service Default
status
Service
configurable
DCP
Open
✓
LLDP
Open
✓
RSTP
Open
✓
iPRP
Open
✓
MSTP
Closed
✓
SIMATIC NET TIME
Closed
✓
Security recommendations
SCALANCE W760 / W720
18 Operating Instructions, 03/2022, C79000-G8976-C322-13
SCALANCE W760 / W720
Operating Instructions, 03/2022, C79000-G8976-C322-13 19
Description of the device
4
4.1 Structure of the type designation
The type designation of the device is made up of several parts that have the following
meaning:
Description of the device
4.2 Device view
SCALANCE W760 / W720
20 Operating Instructions, 03/2022, C79000-G8976-C322-13
4.2 Device view
①
LED display
②
Antenna connector
③
Reset button
④
Ethernet connector
⑤
Connector for power supply and grounding
4.3 Components of the product
The following components are supplied with the product:
•One SCALANCE device
•One protective cap for the antenna socket
•A 3-pin terminal block for the power supply
•One product DVD
Please check that the consignment you have received is complete. If the consignment is
incomplete, contact your supplier or your local Siemens office.
Other manuals for SIMATIC NET SCALANCE W760
1
This manual suits for next models
1
Table of contents
Other Siemens Industrial Equipment manuals
Siemens
Siemens 3VW9011-0AG15 User manual
Siemens
Siemens 3VL9400-3M.00 User manual
Siemens
Siemens 3VA9 1 0RL 0 Series User manual
Siemens
Siemens SIMATIC RTLS4040T User manual
Siemens
Siemens 3VA9978 - 0AB1 Series User manual
Siemens
Siemens 4MLKA1A User manual
Siemens
Siemens SIMATIC KP Series User manual
Siemens
Siemens SIMATIC NET SCALANCE M874 User manual
Siemens
Siemens VPM 120 User manual
Siemens
Siemens SIVACON 8PS BD01 User manual
Siemens
Siemens SIMATIC HMI OP37/Pro Technical Document
Siemens
Siemens 3VA911 0KPIO Series User manual
Siemens
Siemens FLENDER GHZP User manual
Siemens
Siemens SIMATIC RTLS User manual
Siemens
Siemens SIMOCODE pro User manual
Siemens
Siemens SIMATIC RF662A User manual
Siemens
Siemens SCALANCE XR124WG User manual
Siemens
Siemens 8US1903-3AB00 User manual
Siemens
Siemens SIMATIC PROFINET Parts list manual
Siemens
Siemens BD 2-AK 1 Series User manual
