SIMATIC NET
SCALANCE M873 - UMTS router
with HSDPA
Operating Instructions
Preface
Applications and functions
1
Installation, connecting up,
commissioning
2
Configuration
3
Local interface
4
External interface
5
Security functions
6
Remote access
7
Status, log and diagnostics
8
Further functions
9
Technical specifications
10
Additional Internal Routes
A
Applied standards and
approvals
B
Legal information Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken. WARNING
indicates that death or severe personal injury may result if proper precautions are not taken. CAUTION
with a safety alert symbol, indicates that minor personal injury can result if proper precautions are not taken. CAUTION
without a safety alert symbol, indicates that property damage can result if proper precautions are not taken. NOTICE
indicates that an unintended result or situation can occur if the corresponding information is not taken into account.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation for the specific task, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following: WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be adhered to. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of the Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.
Preface
Purpose of this documentation
This documentation will accompany you on your way to successful application of the UMTS router with HSDPA SCALANCE M873. It introduces you to the topic and provides you with an overview of the areas in which the hardware is used. It explains how to commission and configure the modem taking into account operating conditions. This documentation shows the technical specifications and the standards and approvals that are met by the UMTS router with HSDPA M873.
Validity of the documentation
This manual is valid for the following product versions: ● UMTS router with HSDPA SCALANCE M873
Order number: 6GK5 873-0AA10-1AA2 Hardware product version 2.x
Purpose: UMTS router with HSDPA for industrial applications
Wireless device
WARNING
Impairment of medical devices and data media
Never use the device in places where the operation of wireless devices is prohibited. The device contains a wireless transmitter that could, under certain circumstances, impair the functionality of electronic medical devices such as hearing aids or pacemakers. You can obtain advice from your physician or the manufacturer of such devices.
To prevent data media from being demagnetized, do not keep disks, credit cards or other magnetic data media near the device.
Connection costs with (E-) GPRS
NOTICE
Note that even establishing or re-establishing a connection, when unsuccessfully attempting to connect to a partner (for example server switched off, wrong destination address, etc.) and when keeping the connection alive, data packets are exchanged that are subject to charge.
Firmware with open source GPL/LGPL
The firmware of the SCALANCE M873 includes open source software under terms of GPL/LGPL. According to section 3b of GPL and section 6b of LGPL we offer you the source code. Please write to
s_opsource@gmx.net s_opsource@gmx.de
Please enter 'Open Source M873' as the subject of your e-mail, so that we can filter out your e-mail easier.
Firmware with OpenBSD
The firmware of SCALANCE M873 contains sections from the OpenBSD software. The use of OpenBSD software obligates the user to publish the following copyright notice:
* Copyright (c) 1982, 1986, 1990, 1991, 1993
* The Regents of the University of California. All rights reserved. *
* Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met:
* 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the * documentation and/or other materials * provided with the distribution.
* 3. All advertising materials mentioning features or use of this * software must display the following acknowledgement:
* This product includes software developed by the University of * California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. *
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
Where to find Siemens documentation
You will find the order numbers for Siemens documentation in the catalogs "SIMATIC NET Industrial Communication, catalog IK PI" and "SIMATIC Products for Totally Integrated Automation and Micro Automation, catalog ST 70".
You can request these catalogs and additional information from your Siemens representative.
Some of the documents listed here are also on the SIMATIC NET Manual Collection CD supplied with every device.
You will also find SIMATIC NET manuals on the Internet pages of Siemens Automation Customer Support:
SIMATIC NET manuals: (http://support.automation.siemens.com/WW/view/en/10805878) → Entry list → Entry type "Manuals / Operating Instructions"
Table of contents
Preface ... 3
1 Applications and functions ... 11
1.1 Introduction ...11
2 Installation, connecting up, commissioning... 15
2.1 Safety notices...15
2.2 Requirements for operation ...17
2.3 Step by step ...18
2.4 Device front...20
2.5 Service button (SET)...20
2.6 Operating displays ...21
2.7 Connectors...22
2.8 Inserting the SIM card...26
2.9 Installation on a DIN rail...27
3 Configuration ... 29
3.1 TCP/IP configuration of the network adapter in Windows XP ...29
3.2 Characters permitted for user names, passwords and other inputs...31
3.3 Establishing a configuration connection ...31
3.4 Start page of the Web user interface ...34
3.5 Language selection...36
3.6 Configuration procedure ...37
3.7 Configuration profiles ...38
3.8 Changing the password ...39
3.9 Reboot...39
3.10 Loading factory settings ...40
4 Local interface ... 43
4.1 IP addresses of the local interface...43
4.2 DHCP server to local network...45
4.3 DNS for local network ...47
4.4 Local host name...49
4.5 System Time/NTP...50
5 External interface... 53
5.1 Access parameters for UMTS/GPRS... 53
5.2 UMTS/GPRS connection monitoring ... 57
5.3 Hostname by DynDNS... 59
5.4 SRS - Siemens Remote Service... 61
5.5 NAT - Network Address Translation ... 62
6 Security functions ... 65
6.1 Packet filter ... 65
6.2 Port Forwarding... 69
6.3 Advanced security functions ... 71
6.4 Firewall Log... 72
7 Remote access... 73
7.1 HTTPS remote access... 73
7.2 SSH remote access ... 75
7.3 Remote access via dial-in connection... 77
8 Status, log and diagnostics... 79
8.1 System status display ... 79
8.2 Log ... 82 8.3 Remote logging ... 84 8.4 Snapshot ... 85 8.5 Hardware Info... 87 8.6 Software Info ... 88 9 Further functions... 89 9.1 Service Center ... 89 9.2 Alarm SMS ... 89
9.3 SMS - Messaging from the local network ... 91
9.4 Software update ... 94
10 Technical specifications... 97
A Additional Internal Routes... 99
B Applied standards and approvals... 101
Applications and functions
1
1.1
Introduction
The SCALANCE M873 provides a wireless connection to the Internet or to a private network. The SCALANCE M873 provides this connection at any location at which a UMTS network (Universal Mobile Telecommunication System = mobile wireless network of the 3rd generation) or GSM network (Global System for Mobile Communication = mobile wireless network) is available that offers IP-based data services. With UMTS, this is the HSDPA data service (High Speed Download Data Access) or the UMTS data service. With GSM, this is the EGPRS (Enhanced General Packet Radio Service = EDGE) or GPRS (General Packet Radio Service).
This requires a a SIM card of a UMTS/GSM mobile wireless provider with the appropriate services activated.
The SCALANCE M873 connects a locally connected application or entire networks to the Internet via wireless IP connections. It is also possible to connect directly to an intranet, to which the external partners are connected.
To achieve this, the device combines the following functions:
● Wireless modem for flexible data communication using HSDPA, UMTS, EGPRS or GPRS ● Firewall for protection against unauthorized access
The dynamic packet filter examines data packets based on their source and destination addresses (stateful inspection firewall) and blocks undesirable data traffic (anti-spoofing).
Remote access & telecontrol application example
/RFDOQHWZRUN ([WHUQDOQHWZRUN ([WHUQDOSDUWQHUV 5RXWHU ILUHZDOO +6'3$8076 (*356 $31 ,3PRELOHZLUHOHVVFRQQHFWLRQ XVLQJ+6'3$8076RU(*356 ,QWHUQHW /RFDODSSOLFDWLRQV HJ 6&$/$1&(6 0
1.1 Introduction
Configuration
The device can be configured using a Web user interface that can be displayed simply using a Web browser. It can be accessed in the following ways:
● The local interface
● HSDPA, UMTS, EGPRS/GPRS or
● CSD (Circuit Switched Data = dial-in data connections) of the GSM
&RQQHFWLRQYLH *60&6' 3&ZLWK:HE EURZVHU 3&ZLWK:HE EURZVHU 3&ZLWK:HEEURZVHU &RQQHFWLRQXVLQJ +6'3$8076 (*356 0
Figure 1-2 Configuration connections
Firewall functions
The SCALANCE M873 the following firewall functions to protect the local network and itself from external attacks:
● Stateful inspection firewall ● Anti-spoofing
● Port forwarding ● NAT
Further functions
The SCALANCE M873 also provides the following extra functions: ● DNS cache
● DHCP server ● NTP
● Remote logging ● In port
1.1 Introduction
● SSH console for configuration ● DynDNS client
Installation, connecting up, commissioning
2
2.1
Safety notices
Safety notices on the use of the device
The following safety notices must be adhered to when setting up and operating the device and during all associated work such as installation, connecting up, replacing devices or opening the device.
General notices
WARNING
Safety extra low voltage
The equipment is designed for operation with Safety Extra-Low Voltage (SELV) by a Limited Power Source (LPS).
This means that only SELV / LPS complying with IEC 60950-1 / EN 60950-1 / VDE 0805-1 must be connected to the power supply terminals. The power supply unit for the equipment power supply must comply with NEC Class 2, as described by the National Electrical Code (r) (ANSI / NFPA 70).
There is an additional requirement if devices are operated with a redundant power supply: If the equipment is connected to a redundant power supply (two separate power supplies), both must meet these requirements.
WARNING Opening the device
DO NOT OPEN WHEN ENERGIZED.
General notices on use in hazardous areas
WARNING
Risk of explosion when connecting or disconnecting the device EXPLOSION HAZARD
DO NOT CONNECT OR DISCONNECT EQUIPMENT WHEN A FLAMMABLE OR COMBUSTIBLE ATMOSPHERE IS PRESENT.
2.1 Safety notices
WARNING Replacing components EXPLOSION HAZARD
SUBSTITUTION OF COMPONENTS MAY IMPAIR SUITABILITY FOR CLASS I, DIVISION 2 OR ZONE 2.
Notices regarding use in hazardous areas according to ATEX
WARNING
Requirements for the cabinet/enclosure
When used in hazardous environments corresponding to Class I, Division 2 or Class I, Zone 2, the device must be installed in a cabinet or a suitable enclosure.
To comply with EU Directive 94/9 (ATEX95), this enclosure must meet the requirements of at least IP54 in compliance with EN 60529.
WARNING
Suitable cables for temperatures in excess of 70 °C
If the cable or conduit entry point exceeds 70°C or the branching point of conductors exceeds 80°C, special precautions must be taken.
If the equipment is operated in an air ambient in excess of 50 °C, only use cables with admitted maximum operating temperature of at least 80 °C.
WARNING
Protection against transient voltage surges
Provisions shall be made to prevent the rated voltage from being exceeded by transient voltage surges of more than 40%. This criterion is fulfilled, if supplies are derived from SELV (Safety Extra-Low Voltage) only.
2.2 Requirements for operation
External power supply
Use only an external power supply that also complies with EN60950. The output voltage of the external power supply must not exceed 30 VDC. The output of the external power supply must be short-circuit proof.
CAUTION
The power supply unit to supply the SCALANCE M873 must comply with the requirements for a limited power source according to IEC/EN 60950-1, section 2.5.
The external power supply for the SCALANCE M873-0 must meet the requirements for NEC class 2 circuits as specified in the National Electrical Code ® (ANSI/NFPA 70).
Refer to the section Connectors (Page 22) and the installation instructions and instructions for use of the manufacturer of the power supply, the battery or the accumulator.
SIM card
To install the SIM card the device must be opened. Before opening the device, disconnect it from the power supply. Static charges can damage the device when it is open. Discharge the static electricity from your body before opening the device. You can do this by touching an grounded surface, for example the metal casing of the cabinet. Refer to section Connectors (Page 22).
In ports / out ports
The in port and the out port are electrically isolated from the other connectors of the SCALANCE M873-0. If the installation connected to the SCALANCE M873-0 connects a signal of the in port or the out port electrically with the power supply, then between every signal of the in port or out port and every connector of the power supply of the SCALANCE M873-0, the voltage must not exceed 60 V.
Handling cables
Never pull a cable connector out of a socket by its cable, pull on the connector itself. Cable connectors with screw fasteners (D-sub) must always be screwed on tightly. Do not lay the cable over sharp corners and edges without edge protection. If necessary, provide sufficient strain relief for the cables.
For safety reasons, make sure that you keep to the bend radius of the cables. Exceeding bend radius of the antenna cable results in deterioration of the system's transmission and reception properties. The minimum static bend radius must not be less than 5 times the cable diameter and with dynamic bends 15 times the cable diameter.
2.2
Requirements for operation
To operate the SCALANCE M873, the following information must be on hand and the following requirements must be met:
2.3 Step by step
Antenna
An antenna, tuned to the frequency bands of the mobile wireless provider you have selected: 850 MHz, 900 MHz, 1800 MHz, 1900 MHz or 2100 MHz. Use only antennas from the
accessories for the SCALANCE M873. See section Connectors (Page 22).
Power supply
A power supply with a voltage between 12 VDC and 30 VDC that can provide sufficient current.
See section Connectors (Page 22).
SIM card
A SIM card from the chosen mobile wireless provider. PIN
The PIN (= Personal Identification Number) for the SIM card HSDPA / UMTS, EGPRS / GPRS activation
The SIM card must be activated for packet-oriented data services in the mobile wireless network (HSDPA, UMTS, EGPRS and GPRS) by your mobile wireless provider.
The access data must be known: ● Access point name (APN) ● User name
● Password
CSD 9600 bps activation
The SIM card must be activated by your mobile wireless provider for the CSD service if you wish to use remote configuration via dial-in data connections, see section Remote access via dial-in connection (Page 77).
2.3
Step by step
Requirements for commissioning
2.3 Step by step
See section Requirements for operation (Page 17)
2. Read the safety instructions and other instructions at the beginning of this document very carefully, and be sure to follow them.
See section Safety notices (Page 15)
3. Familiarize yourself with the control elements, connectors and operating state indicators of the SCALANCE M873.
See section Device front (Page 20) and the sections following
Procedure
Set up the SCALANCE M873 by following the steps below:
1. Connect a PC with a Web browser (Admin PC) to the local interface (10/100 BASE-T) of the SCALANCE M873.
See section TCP/IP configuration of the network adapter in Windows XP (Page 29) and Establishing a configuration connection (Page 31)
2. Using the Web user interface of the SCALANCE M873, enter the PIN (Personal Identification Number) of the SIM card.
See section Access parameters for UMTS/GPRS (Page 53) 3. Disconnect the SCALANCE M873 from the power supply.
See section Connectors (Page 22) 4. Insert the SIM card in the device.
See section Inserting the SIM card (Page 26) 5. Connect the antenna.
See section Connectors (Page 22)
6. Connect the SCALANCE M873 to the power supply. See section Connectors (Page 22)
7. Set up the SCALANCE M873 according to your requirements. See section Configuration (Page 29) and the sections following 8. Connect your local application.
2.4 Device front
2.4
Device front
①
Connection terminals for the power supply②
Service button (SET)③
Antenna socket type SMA④
Operating state indicators S, Q, C⑤
X1 (Service; USB) –no function⑥
Connection terminals for the in ports and out ports (not connected)⑦
X2 (10/100 Base-T - RJ-45 jack) for connecting the local network⑧
Operating state indicators DC5V, LINK, IN, OUT Figure 2-1 Front of the device2.5
Service button (SET)
On the front of the SCALANCE M873, there is a small hole (see B) which is labeled SET and has a button behind it. Use a thin object, for example a straightened-out paperclip, to press this button.
2.6 Operating displays
2.6
Operating displays
The SCALANCE M873 has 7 indicator lamps (LEDs) to indicate the operating state. The 3 indicator lamps on the left-hand side of the device indicate the state of the wireless modem:
LED Status Meaning Flashing slowly PIN transfer Flashing quickly PIN error/ SIM error S (Status)
ON PIN transfer successful OFF Not logged into GSM network Flashing briefly Poor signal strength (CSQ < 6) Flashing slowly Medium signal strength (CSQ= 6 to 10) ON, with brief interruptions Good signal strength (CSQ=11 to 18) Q (Quality)
ON Very good signal strength (CSQ > 18) OFF No connection
Flashing quickly Service call via CSD active Flashing slowly EGPRS/GPRS connection active C (Connect)
ON HSDPA/UMTS connection active S, Q, C together Flash on and off in sequence
(fast)
Flash on and off in sequence (slow)
Flash fast (in sync)
Booting Update Errors
The 4 signaling lamps on the right-hand side of the device indicate the state of other device functions:
LED Status Meaning
ON Device turned on, power supply present 5 VDC
OFF Device turned off, no power supply
ON Ethernet connection established to the local application or the local network
OFF No Ethernet connection to the local application or the local network
LINK
ON with brief interruptions Data transfer via the Ethernet connection ON In port active
IN
OFF In port not active
ON Reserved for future applications OUT
2.7 Connectors
2.7
Connectors
The connectors of the M873 are on the front of the device.
X2 (10/100-Base-T)
The local network is connected to the local applications at the 10/100 Base-T connector, for example a programmable controller, a machine with an Ethernet interface for remote monitoring, a notebook or desktop PC.
Here, connect the Admin PC with its Web browser to set up the SCALANCE M873.
The interface supports autonegotiation. This means that the transmission speed 10 Mbps or 100 Mbps used on the Ethernet network is detected automatically.
A connecting cable with a RJ-45 plug must be used. It can be a cross-over cable or a patch cable.
X1 (Service; USB)
In the SCALANCE M873, this interface has no function and is reserved for later applications. Do not connect any devices here. Otherwise operation of the SCALANCE M873 could be impaired.
SMA antenna socket
The SCALANCE M873 has an antenna socket of the type SMA for connecting the antenna. The antenna used should have an impedance of about 50 ohms. It must be suitable for GSM 900 MHz and DCS 1800 MHz or GSM 850 MHz and PCS 1900 MHz and for UMTS 2100 MHz, depending on which frequency bands your GSM network provider uses. In Europe and China, GSM 900 MHz, DCS 1800MHz and UMTS 2100 MHz are used. In the USA, GSM 850 MHz and PCS 1900 MHz (also for UMTS) are used. Check with your network provider. The tuning (VSWR) of the antenna must be 1:2.5 or better.
NOTICE
Use only antennas from the accessories for the SCALANCE M873. Other antennas could interfere with product characteristics or even lead to defects.
When installing the antenna, a sufficiently good signal quality must be ensured (CSQ > 11). Use the signaling lamps of the SCALANCE M873 that show the signal quality. Make sure that there are no large metal objects (for example reinforced concrete) close to the antenna.
2.7 Connectors
Keep to the installation and user instructions for the antenna you are using.
WARNING
If the antenna is installed outdoors, it must be grounded for lightning protection. This work must only be carried out by qualified personnel.
Read the warning notice regarding installation and outdoor installation of antennas at the beginning of this document.
Screw terminals for power supply
Figure 2-2 Power supply screw terminals (24 V 0 V)
The SCALANCE M873 operates with a voltage of 12 - 60 VDC, nominally 24 VDC. This power supply is connected to the screw terminals on the left half of the device.
The current consumption is approx. 450 mA at 12 V and 100 mA at 60 V.
WARNING
The power supply unit of the SCALANCE M873 is not electrically isolated. Refer to the safety notices at the beginning of this manual.
2.7 Connectors
Installation instructions
Use copper wires only.
Wire: 0.5...3 mm2 (20 to 18 AWG)
Stranded wire: 0.5 to 2.5 mm2
Tightening torque for screw terminals: 0.6 to 0.8 Nm
In port / out port
Figure 2-3 In ports / out ports
In port I1+/I1-
The SCALANCE M873 has an in port. The screw terminals are the connectors for the in port on the right-hand half of the device. The terminals are labeled I1+/I1-
In port I1+/I1-
UIn = 5 to 30 V On: UIn ≥5 V Off: UIn ≤1.2 V
2.7 Connectors
WARNING
The in port is electrically isolated from the other connectors of the SCALANCE M873. If the installation connected to the SCALANCE M873 connects a signal of the in port electrically with the power supply, then between every signal of the in port and every connector of the power supply of the SCALANCE M873, the voltage must not exceed 60 V.
WARNING Out port O1a/O1b
The SCALANCE M873 has an out port. The screw terminals are the connectors for the out port on the right-hand half of the device. The terminals are labeled O1a/O1b.
Out port O1a/O1b
UMax = 30 V IMax = 20 A
The out port is reserved for later applications.
WARNING
The out port is electrically isolated from the other connectors of the SCALANCE M873. If the installation connected to the SCALANCE M873 connects a signal of the out port electrically with the power supply, then between every signal of the out port and every connector of the power supply of the SCALANCE M873, the voltage must not exceed 60 V.
2.8 Inserting the SIM card
2.8
Inserting the SIM card
NOTICE
Before inserting the SIM card, enter the PIN of the SIM card in the SCALANCE M873 via the Web user interface. See section Access parameters for UMTS/GPRS (Page 53).
Figure 2-4 SIM card compartment
1. After you have entered the PIN of the SIM card, disconnect the SCALANCE M873 completely from the power supply.
2. The compartment for the SIM card is located on the back of the device. Directly beside to the compartment for the SIM card in the opening in the housing, there is a small yellow button. Press on this button with a pointed object, for example a pencil.
When the button is pressed the SIM card drawer comes out of the housing. 3. Place the SIM card in the drawer so that its gold-plated contacts remain visible. 4. Then push the drawer with the SIM card completely into the housing.
NOTICE
Do not, under any circumstances, insert or remove the SIM card during operation. This could damage the SIM card and the SCALANCE M873.
2.9 Installation on a DIN rail
2.9
Installation on a DIN rail
The SCALANCE M873 is suitable for rail mounting on DIN EN 50022 rails. There is a clamp on the rear of the device for this purpose.
Configuration
3
Configuration of the router and firewall functions is carried out locally or remotely via the Web-based administration interface of the SCALANCE M873.Remote configuration
Remote configuration using HTTPS or CSD access is only possible if the SCALANCE M873 is configured for remote access. If you want to use the remote configuration option, follow the steps describde in Chapter 7.
Configuration via the local interface
The requirements for configuration via the local interface are as follows:
● The computer (Admin PC) on which you create the configuration must either ... – ... be connected directly to the Ethernet socket of the SCALANCE M873 with a
network cable or
– ... have direct access to the SCALANCE M873 via the local network.
● The network adapter of the computer (Admin PC) on which you create the configuration must have the following TCP/IP configuration:
IP address: 192.168.1.2 Subnet mask: 255.255.255.0
Instead of IP address 192.168.1.2, you can also use other IP addresses from the range 192.169.1.x.
● If you also want to use the Admin PC to access the external network via the SCALANCE M873, the following additional settings are necessary:
Default gateway: 192.168.1.1
● Preferred DNS server: Address of the domain name server
3.1
TCP/IP configuration of the network adapter in Windows XP
Configuring the LAN connection
1. Click on "Start", "Connect To ...", "Show All Connections…". 2. Then click on "LAN Connection".
3.1 TCP/IP configuration of the network adapter in Windows XP
3. In the dialog box "Properties of LAN Connection", click on the "General" tab and select the entry "Internet Protocol (TCP/IP)".
4. Open properties by clicking the button.
The "Properties of Internet Protocol (TCP/IP)" window appears (see Figure 3-1). Note
The path to the "Properties of LAN Connection" dialog box depends on your Windows settings. If you cannot find this dialog box, search in the Windows Help function for "LAN Connection" or "Internet Protocol (TCP/IP) Properties".
Figure 3-1 "Internet Protocol (TCP/IP) Properties"
Enter the following values to access the Web user interface of the SCALANCE M873: ● IP address: 192.168.1.2
● Subnet mask: 255.255.255.0
Enter the following values as well if you want to use the Admin PC to access the external network via the SCALANCE M873:
● Default gateway: 192.168.1.1 ● Preferred DNS server: 192.168.1.1
3.2 Characters permitted for user names, passwords and other inputs
Preferred DNS server
If you call up addresses via a domain name (for example www.siemens.com), then the domain name server (DNS) is required to find out what IP address is behind the name. You can specify the following as the domain name server:
● The DNS address of the network provider,or
● The local IP address of the SCALANCE M873, as long as it is configured to resolve host names into IP addresses (see section DNS for local network (Page 47)). This is the factory setting.
To specify the domain name server in the TCP/IP configuration of your network adapter, follow the steps outlined above.
3.2
Characters permitted for user names, passwords and other inputs
For user names, passwords, host names, APN and PIN, the following ASCII characters may be used:
User names, passwords and PIN
a b c d e f g h I j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 ! $ % & ' ( ) * + , . / : ; < = > ? @ [ \ ] ^ _ ` { | }
Host names and APN
a b c d e f g h I j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 . -
3.3
Establishing a configuration connection
Setting up a Web browser
Follow the steps outlined below: 1. Launch a Web browser.
(for example MS Internet Explorer Version 7 or later or Mozilla Firefox Version 2 or later; the Web browser must support SSL (i.e. HTTPS).)
2. Make sure that the browser does not automatically dial a connection when it is launched. Make this setting in the MS Internet Explorer as follows: "Tools", "Internet Options..." menu, "Connections" tab: Under "Dial Up and VPN Settings", "Never dial a connection" must be enabled.
3.3 Establishing a configuration connection
Calling up the start page of the SCALANCE M873
1. In the address line of the browser, enter the IP address of the SCALANCE M873 in full. According to the factory setting, this is:
https://192.168.1.1
Result: A security alert appears.
Figure 3-2 Confirm the security alert
2. Acknowledge the security alarm and continue loading this page. Note
Because the device can only be administered using encrypted access, it is delivered with a self-signed certificate. If certificates with signatures that the operating system does not know are used, a security message is generated. You can display the certificate.
It must be clear from the certificate that it was issued for Siemens AG. The Web user interface is opened when the device is accessed using an IP address and not a name, which is why the name specified in the security certificate, is not the same as the one in the certificate.
Entering the user name and password
3.3 Establishing a configuration connection
Figure 3-3 Entering the user name and password
The factory setting is: User name: admin Password: scalance Note
Remember to change the password. The factory setting is public knowledge and does not provide adequate protection. Section Changing the password (Page 39) describes how to change the password.
The start page is displayed
After you have entered the user name and password, the start page of the SCALANCE M873 appears in the Web browser with an overview of the operating state, see section Start page of the Web user interface (Page 34).
The start page is not displayed
If, after several attempts, the browser still reports that the page cannot be displayed, try the following:
● Check the hardware connection. On a Windows computer, go to the DOS prompt (Menu Start, Programs, Accessories, Command Prompt) and enter the following command: ping 192.168.1.1
If a return message indicating receipt of the 4 packets that were sent does not appear within the specified time period, check the cable, the connections and the network adapter.
● Make sure that the browser does not use a proxy server. Make this setting in the MS Internet Explorer (version 7.0) as follows: "Tools", "Internet Options..." menu,
"Connections" tab: Under "LAN settings", click the "Settings..." button, in the dialog for the "Local Area Network (LAN) Settings", make sure that under "Proxy server", the "Use a proxy server for your LAN" entry is not selected.
3.4 Start page of the Web user interface
● If other LAN connections are active on the computer, disable them while you are setting the configuration.
In the Windows Start menu, "Settings", "Network Connections". All LAN connections are shown. Select the relevant connection "Deactivate" in the shortcut menu (right mouse button).
● Enter the address of the SCALANCE M873 with slashes: https://192.168.1.1/
3.4
Start page of the Web user interface
After the Web user interface of the SCALANCE M873 is called up and the user name and password have been entered, an overview of the current operating state of the SCALANCE M873 appears.
Figure 3-4 tart page / overview
Note
Use the "Refresh" function of the Web browser to update the displayed values to their current status.
Current system time
Shows the current system time of the SCALANCE M873 in the format: Year – month – day, hours – minutes
3.4 Start page of the Web user interface
Connection
Shows whether a wireless connection exists, and which one: ● UMTS connection (IP connection using HSDPA, UMTS)
● GPRS/EDGE connection (IP connection using GPRS or GPRS) ● CSD connection (service connection using CSD)
External hostname
Shows the host name (for example m873.mydns.org) of the SCALANCE M873 if a DynDNS service is used.
Signal (CSQ level)
Indicates the strength of the GSM signal as a CSQ value. ● CSQ < 6: Signal strength poor
● CSQ = 6..10: Signal strength medium ● CSQ =11-18: Field strength good ● CSQ > 18: Field strength very good
● CSQ = 99: No connection to the GSM network
Assigned IP address
Shows the IP address at which the SCALANCE M873 can be reached in the wireless network. This IP address is assigned to the SCALANCE M873 by the wireless network. Note
It may occur that an IP data connection and an assigned IP address are both shown, but the connection quality is not good enough to transmit data. For this reason we recommend that you use the active connection monitoring (see section UMTS/GPRS connection monitoring (Page 57)).
Remote HTTPS
Shows whether remote access to the Web user interface of the SCALANCE M873 via the wireless network is permitted (see section HTTPS remote access (Page 73)).
● White check mark with green dot: Access is permitted. ● White check mark with red dot: Access is not permitted.
3.5 Language selection
Remote SSH
Shows whether remote access to the SSH console of the SCALANCE M873 via the wireless network is permitted (see section SSH remote access (Page 75)).
● White check mark with green dot: Access is permitted. ● White check mark with red dot: Access is not permitted
CSD Dial-In
Shows whether remote CSD service calls are permitted (see section Remote access via dial-in connection (Page 77)).
● White check mark with green dot: Access is permitted. ● White check mark with red dot: Access is not permitted.
3.5
Language selection
The SCALANCE M873 supports the Web-based administration user interface in English and German.
Figure 3-5 Language selection
Automatic
The SCALANCE M873 selects the same language for the administration user interface as the language set for the Web browser:
● German, if the Web browser is set to German, ● English in all other cases.
German
The SCALANCE M873 uses German, regardless of the Web browser setting. English
The SCALANCE M873 uses English, regardless of the Web browser setting.
3.6 Configuration procedure
3.6
Configuration procedure
The procedure for configuring the SCALANCE M873 is as follows:
Setting the configuration
1. Use the menu to call up the group of settings you require.
2. Make the required entries on the page or use Reset to delete the current entries that have not been saved.
3. Use Save to confirm the entries so that they are adopted by the device.
Figure 3-6 Menu bar
Note
Depending on how you configure the SCALANCE M873, you may then have to adapt the network interface of the locally connected computer or network.
When entering IP addresses, always enter the IP address subnumbers without leading zeros, for example: 192.168.0.8.
Invalid entries
The SCALANCE M873 checks your entries. Errors are detected when you save and the input box in question is marked.
3.7 Configuration profiles
3.7
Configuration profiles
The settings of the SCALANCE M873 can be saved in configuration profiles (files) and re-loaded at any time.
Figure 3-8 Menu command "Maintenance" > "Configuration Profiles"
Upload Profile
A configuration profile that was created previously and saved on the Admin PC is uploaded to the SCALANCE M873. Files with configuration profiles have the file extension *.tgz. With "Browse", you can search the admin PC for configuration profiles. With "Submit". you upload the configuration profile to the SCALANCE M873.
The profile will then be shown in the table of saved configuration profiles.
Create profile
Saves the current settings of the SCALANCE M873 in a configuration profile.
First enter a name for the profile in the input box. "Create" saves the settings in a profile with this name and then displays it in the table of saved configuration profiles.
Saved Configuration Profiles
Download
Downloads the profile to the admin PC. Activate
The SCALANCE M873 adopts the settings from the selected configuration profile and continues to work using them.
Delete
3.8 Changing the password
3.8
Changing the password
Access to the SCALANCE M873 is protected by an access password. This access password protects access both via the
● local interface to the Web user interface, and ● via the local interface to the SSH console, and also access via
● UMTS/GPRS by https to the Web user interface, and ● UMTS/GPRS to the SSH console,
Access password (factory setting)
The factory setting for the SCALANCE M873 is: ● Password: scalance
● User name: admin (cannot be modified) Note
Change the password immediately after commissioning. The factory setting is public knowledge and does not provide adequate protection.
Note
The user name for SSH access is different from the user name for the Web-based administration user interface.
User name: root (cannot be modified)
The password is the same as the access password for the SCALANCE M873 as specified above.
New access password (with confirmation)
To change the password, enter the new password you have selected in "New access password" and confirm the entry in "Retype new access password".
With "Reset", you can discard any entries that have not yet been saved. "Save" enters the new password.
3.9
Reboot
Although the SCALANCE M873 is designed for continuous operation, in such a complex system disruptions may occur, often triggered by external influences. A reboot can rectify these problems.
The reboot resets the functions of the SCALANCE M873. Current settings from the configuration profile do not change. The SCALANCE M873 continues to work using these settings after the reboot.
3.10 Loading factory settings
Figure 3-9 Menu command "Maintenance" > "Reboot"
Reboot now
The device will reboot immediately, if you click the "Reboot" button.
Enable daily reboot
The device reboots automatically once a day if you activate the function with Yes.
Specify the "Reboot time" of the daily reboot. The device will reboot at the specified system time. Existing connections will be interrupted.
Factory settings
Enable daily reboot: No
Reboot time: 01:00
3.10
Loading factory settings
The factory settings of the SCALANCE M873 can be restored in different ways.
Figure 3-10 Menu command "Maintenance" > "Factory Reset"
3.10 Loading factory settings
Service button (SET)
Resetting to factory settings can also be triggered by pressing the service button (SET) (see section Service button (SET) (Page 20)).
Default configuration
If you only want the factory settings to be loaded without deleting the configuration profiles to be archived logs, activate only the default configuration as described in section Configuration profiles (Page 38).
Local interface
4
The local interface is the interface of the SCALANCE M873 for connecting the local network. The interface is labeled X2 on the device. This is an Ethernet interface with 10 Mbps or 100 Mbps data rate.The local network is the network connected to the local interface of the SCALANCE M873. The local area network contains at least one local application.
Local applications are network components in the local network, for example a
programmable controller, a machine with an Ethernet interface for remote monitoring, a notebook or PC or the admin PC.
Configure the local interface and the associated functions according to your requirements as described in this section.
4.1
IP addresses of the local interface
Here, you set the IP addresses and the netmasks with which the SCALANCE M873 can be reached by local applications.
Figure 4-1 Menu command "Local Network > Basic Settings > Local IPs"
These factory-set IP addresses and netmasks can be changed freely, but should be in keeping with the valid recommendations (RFC 1918).
4.1 IP addresses of the local interface
/RFDODSSOLFDWLRQV
$GPLQ3& /RFDO,3DQGQHWPDVN 0
Figure 4-2 Display of the local network
You can specify additional addresses at which the SCALANCE M873 can be reached by local applications. This is useful, for example, when the local network is divided into subnets. Several local applications from different subnets can then reach the SCALANCE M873 using different addresses.
New
Adds additional IP addresses and netmasks that you can then modify. Delete
4.2 DHCP server to local network
4.2
DHCP server to local network
The SCALANCE M873 contains a DHCP server (DHCP = Dynamic Host Configuration Protocol). If the DHCP server is switched on, it automatically assigns the IP addresses, netmasks, the gateway and the DNS server to the applications that are connected to the local interface of the SCALANCE M873. To do this, the setting for obtaining the IP address automatically and the configuration parameters using DHCP must be activated in the local applications.
/RFDODSSOLFDWLRQV
$GPLQ3&
,3DGGUHVVHVDQGRWKHUGDWD 0
Figure 4-3 DHCP server function
4.2 DHCP server to local network
Start DHCP server
With "Start DHCP server" - "Yes", you turn on the DHCP server of the SCALANCE M873, with "No" it is turned off.
Local netmask
Here, enter the local netmask to be assigned to the local applications.
Default gateway
Here, enter the default gateway to be assigned to the local applications.
DNS server
Here, enter the DNS server to be assigned to the local applications.
Enable dynamic IP address pool
With "Yes", the IP addresses assigned by the DHCP server of the SCALANCE M873 are taken from a dynamic address pool.
With "No", the IP addresses must be assigned to the MAC addresses of the local applications under "Static Leases".
DHCP range start
Specifies the first address of the dynamic address pool.
DHCP range end
Specifies the last address of the dynamic address pool.
Static Leases
In Static Leases of the IP addresses, you can assign corresponding IP addresses to the MAC addresses of local applications.
If a local application requests assignment of an IP address using DHCP, the application transfers its MAC address with the DHCP request. If a static IP address is assigned to this MAC address, the SCALANCE M873 assigns the corresponding IP address to the
application.
MAC address of the client – MAC address of the requesting local application IP address of the client – assigned IP address
4.3 DNS for local network
Factory settings
The factory settings of the SCALANCE M873 are as follows:
Start DHCP server No
Local netmask 255.255.255.0
Default gateway 192.168.1.1
DNS server 192.168.1.1
Enable dynamic IP address pool No
DHCP range start 192.168.1.100
DHCP range end 192.168.1.199
4.3
DNS for local network
The SCALANCE M873 provides the local network with a domain name server (DNS). If you enter the IP address of the SCALANCE M873 in your local application as the domain name server (DNS), then the SCALANCE M873 answers the DNS requests from its cache. If it does not know the IP address corresponding to a domain address, the SCALANCE M873 forwards the request to an external domain name server (DNS).
The time period for which the SCALANCE M873 keeps a domain address in the cache depends on the host being addressed. In addition to the IP address, a DNS request to an external domain name server also supplies the life span of this information.
5HPRWHQHWZRUN 5RXWHU ILUHZDOO +6'3$8076 (*356 $31 '16UHTXHVWWR0 ,QWHUQHW /RFDODSSOLFDWLRQ '16RIWKHQHWZRUNSURYLGHU '16LQWKH,QWHUQHW '16UHTXHVWE\0 0 Figure 4-5 DNS function
The external domain name server (DNS) used can be a server of the network provider, a server on the Internet, or a server in the private external network.
4.3 DNS for local network
Figure 4-6 Menu command "Local Network" > "Basic Settings" > "DNS"
Selected nameserver
Select the domain name server (DNS) to which the SCALANCE M873 should send a request.
Provider Defined
When a connection is established to UMTS/GPRS, the network provider automatically sends one or more DNS addresses. These are then used.
User Defined
As the user, you select your preferred DNS. The dynamic name servers can be connected to the Internet, or can be a private DNS in your network.
User defined name server
If you have selected the option "User Defined", enter the IP address of the selected DNS as the "Server IP address".
With "New", you can add further dynamic name servers.
Factory settings
The factory settings of the SCALANCE M873 are as follows:
Selected nameserver Provider Defined
User defined name server -
4.4 Local host name
4.4
Local host name
The SCALANCE M873 can also be addressed from the local network using a host name. To do this, specify a host name, e.g. M873.
The SCALANCE M873 can then be called up, for example from a Web browser as M873.
Figure 4-7 Menu command "Local Network" > "Basic Settings" > "DNS"
Note
The security concept of the SCALANCE M873 requires an outgoing firewall rule for each local application that uses this host name function. See section Packet filter (Page 65).
If you do not use DHCP (see section DHCP server to local network (Page 45)), identical search paths have to be entered manually in the SCALANCE M873 and in the local applications. If you do use DHCP, the local applications receive the search path entered in the SCALANCE M873 via DHCP.
Factory settings
The factory settings of the SCALANCE M873 are as follows:
Search path example.local
4.5 System Time/NTP
4.5
System Time/NTP
The system time of the SCALANCE M873 can be set manually or can be synchronized automatically with a time server.
Figure 4-8 Menu command "System" > "System Time"
Setting the system time manually
Here. you set the system time for the SCALANCE M873. This system time is: ● used as a time stamp for all log entries, and
● serves as a time base for all time-controlled functions. Select the year, month, day, hour and minute.
Activate NTP synchronization
The SCALANCE M873 can also obtain the system time from a time server via NTP (= Network Time Protocol). There are a number of time servers on the Internet that can be used to obtain the current time very precisely via NTP.
4.5 System Time/NTP
NTP server
Click "New" to add an NTP server, and enter the IP address of such an NTP server, or use the factory default NTP server. You can specify several NTP servers at the same time. It is not possible to enter the NTP address as a host name (for example timeserver.org).
Poll interval
Time synchronization is carried out cyclically. The interval at which synchronization takes place is decided automatically by the SCALANCE M873. The system time will be
resynchronized at least once every 36 hours. The poll interval defines the minimum period that the SCALANCE M873 waits until the next synchronization.
NOTICE
Synchronization of the system time via NTP creates additional data traffic on the UMTS/GPRS connection. This may result in additional costs, depending on your user agreement with the mobile wireless provider.
Serve system time to local network
The SCALANCE M873 can itself function as an NTP time server for the applications connected to its local network interface. To activate this function select "Yes".
The NTP time server in the SCALANCE M873 can be reached via the local IP address set for the SCALANCE M873, see section IP addresses of the local interface (Page 43).
Factory settings
The factory settings of the SCALANCE M873 are as follows:
Local timezone UTC
Activate NTP synchronization No
NTP server 192.53.103.108
Poll interval 1.1 hours
4.6 Additional Internal Routes
4.6
Additional Internal Routes
If the local network is divided into subnet, you can define additional routes.
Figure 4-9 Menu command "Local Network" > "Additional Internal Routes"
With "New", you specify an additional route to a subnet. Specify the following:
● the IP address of the subnet (network), and also
● the IP address of the gateway via which the subnet is connected.
You can define any number of internal routes. With "Delete", you remove an internal route. You will find an example in appendix Additional Internal Routes (Page 99).
Factory settings
The factory settings of the SCALANCE M873 are as follows:
Additional Internal Routes -
Default for new routes: No
Network:: 192.168.2.0/24
External interface
5
The external interface of the SCALANCE M873 connects the SCALANCE M873 to an external network. HSDPA, UMTS, EGPRS or GPRS are used for communication on this interface.External networks are the Internet or a private intranet.
External remote stations are network components in an external network, for example Web servers on the Internet, routers on an intranet, a central company server, an Admin PC. Configure the external interface and the related functions to suit your requirements as described in this section.
5.1
Access parameters for UMTS/GPRS
For access to the services HSDPA, UMTS, EGPRS or GPRS and to the basic GSM wireless network, access parameters are necessary that you will receive from your GSM mobile wireless provider. +6'3$8076 (*356 $31 SXEOLF ,QWHUQHW /RFDODSSOLFDWLRQ 3,1 6,0FDUG 8VHUQDPHDQGSDVVZRUG 0
Figure 5-1 Access parameters
The PIN protects the SIM card against unauthorized use of the modem. The user name and password protect access to the UMTS/GPRS network.
The APN (Access Point Name) defines the changeover from the UMTS/GPRS network to other connected IP networks, for example the changeover from a public APN to the Internet.
5.1 Access parameters for UMTS/GPRS
Provider selection mode - manual
Figure 5-2 Menu command "External Network" > UMTS/EDGE - Provider selection mode - manual
If you select "Manual" as the provider selection mode, enter the user name, password and APN for the UMTS or GPRS service manually.
Provider selection mode - Automatic
Figure 5-3 Menu command "External Network" > "UMTS/EDGE" - Provider selection mode - Manual
5.1 Access parameters for UMTS/GPRS
PIN
Enter the PIN for your SIM card here. You will receive the PIN from your network provider. The SCALANCE M873 also works with SIM cards that have no PIN; in this case, enter NONE. In this case, the input box is left empty.
Note
If no entry is made, the input box for the PIN is shown with a red margin after saving.
Network selection
Select the type of mobile wireless network to be used: ● UMTS (with the services UMTS data and HSDPA) ● GSM (with the services EGPRS, GPRS and CSD)
Provider (only for the provider selection "Automatic")
Here, you can enter any text of your choice to name the UMTS or GPRS service, such as the name of the provider (for example Vodafone, Eplus, my GPRS access).
Net_ID (only for the provider selection "Automatic")
Here, you enter the identification number (Net-ID) of the network provider to which the UMTS or GPRS access data relates in the same row of the list of providers.
Each UMTS or GSM/GPRS network provider has an assigned identification number that is unique worldwide known as the Public Land Mobile Network (PLMN). PLMN is made up of (MCC) and (MNC). You will find the Net-ID in the documentation provided by your UMTS or GSM/GPRS network provider or on the provider's Internet pages.
The Net-ID is stored on the SIM card. The SCALANCE M873 reads the Net-ID from the SIM card and selects the corresponding UMTS or GPRS access data from the list of providers.
User name
Enter the user name for UMTS/GPRS here. Some mobile wireless providers do not use access control with user names and/or passwords. In this case, enter "guest" in the corresponding box.
Password
Enter the password for UMTS/GPRS here. Some mobile wireless providers do not use access control with user names and/or passwords. In this case, enter "guest" in the corresponding box.
5.1 Access parameters for UMTS/GPRS
APN
Enter the name of the connection between UMTS/GPRS and other networks here. You will find the APN in the documentation of your mobile wireless provider, on your provider's Web site, or ask your provider's hotline.
Factory settings
The factory settings of the SCALANCE M873 are as follows:
Provider selection mode Manual
Table 5- 1 Provider selection mode - manual
PIN NONE
User name guest
Password guest
APN NONE
Table 5- 2 Provider selection mode - Automatic
1st Provider T-Mobile
Net-ID 26201
User name guest
Password guest
APN internet.t-mobile
2nd Provider Vodafone
Net-ID 26202
User name guest
Password guest
APN web.vodafone.de
3rdProvider Eplus
Net-ID 26203
User name guest
Password guest
APN internet.eplus.de
4th Provider O2
5.2 UMTS/GPRS connection monitoring
Net-ID NONE
User name NONE
Password NONE
APN NONE
5.2
UMTS/GPRS connection monitoring
With the "Connection Check" function, the SCALANCE M873 checks its connection to UMTS/GPRS and to the connected external networks, such as the Internet or an intranet. To do this, the SCALANCE M873 sends ping packets (ICMPs) to up to four partners (target hosts) at regular intervals. This takes place independently of the user data connections. If after such a ping, the SCALANCE M873 receives a response from at least one of the partners addressed, then the SCALANCE M873 is still connected to the IP mobile wireless service and is ready for operation.
Some "network providers" interrupt connections when they are inactive. This is also prevented by the "Connection Check" function.
+6'3$8076 (*356 $31 8VHUGDWDFRQQHFWLRQ ,QWHUQHW /RFDODSSOLFDWLRQ 3LQJIRUFRQQHFWLRQPRQLWRULQJ 3LQWWDUJHWRQWKH,QWHUQHW 0
Figure 5-4 Connection monitoring
NOTICE
Sending ping packets (ICMPs) increases the amount of data sent and received via UMTS/GPRS. This can lead to increased costs.
5.2 UMTS/GPRS connection monitoring
Figure 5-5 Menu command "External Network" > "Advanced Settings" > "Check the Connection"
Checking the connection
"Yes" enables the function. "No" disables the function.
Ping Targets – Hostname
Select up to four partners that the SCALANCE M873 can ping. The partners must be available continuously and must answer pings.
Note
Make sure that the selected partners will not be disrupted.
Connection check interval (Minutes)
Specifies the interval at which the connection check ping packets are sent by the SCALANCE M873. Enter the value in minutes.
Allowable number of failures
5.3 Hostname by DynDNS
Activity on faulty connection
Renew Connection
The SCALANCE M873 re-establishes the connection to UMTS/GPRS if the ping packets sent were not answered.
M873 reboot
The SCALANCE M873 reboots if the ping packets sent were not answered.
Factory settings
The factory settings of the SCALANCE M873 are as follows:
Checking the connection No (turned off)
Hostname -
Connection check interval 5 (minutes)
Allowable number of failures 3 (failed attempts)
Activity on faulty connection Renew Connection
5.3
Hostname by DynDNS
Dynamic domain name servers (DynDNS) make it possible for applications to be accessible on the Internet under a hostname (e.g. myHost.org), even if these applications do not have a fixed IP address and the hostname is not registered. If you log the SCALANCE M873 on to a DynDNS service, you can also reach the SCALANCE M873 from the external network under a hostname, for example myName.dyndns.org.
([WHUQDOQHWZRUN 5RXWHU ILUHZDOO +6'3$8076 (*356 $31 ,QWHUQHW /RFDODSSOLFDWLRQ 8VHUGDWDFRQQHFWLRQ 5HVSRQVH ,3 4XHU\ ,3IRUKRVWQDPH ,1)2 ,3DGGUHVVKRVWQDPH 0
Figure 5-6 DynDNS connection
5.3 Hostname by DynDNS
Figure 5-7 Menu command "External Network" > "Advanced Settings" >"DynDNS"
Log on (M873) to DynDNS server
Select "Yes" if you want to use a DynDNS service.
DynDNS provider
The SCALANCE M873 is compatible with dyndns.org.
DynDNS username / password
Enter here the user name and the password that authorize you to use the DynDNS service. Your DynDNS provider will give you this information.
DynDNS hostname
Here enter the hostname that you have agreed with your DynDNS provider for the SCALANCE M873, e.g. myName.dyndns.org.
Factory settings
The factory settings of the SCALANCE M873 are as follows:
Log on (M873) to DynDNS server No (turned off)
DynDNS username guest
DynDNS password guest
5.4 SRS - Siemens Remote Service
5.4
SRS - Siemens Remote Service
Note
Using the services provided by the "SIMATIC Remote Support Services", remote access to machines and plants is available.
To use the services, additional service agreements are necessary and certain constraints must be kept to. If you are interested in the Siemens Remote Service, speak to your local Siemens contact.
If the Siemens Remote Service is activated, the SCALANCE M873 transfers its external IP address assigned by the EDGE/GPRS service to a selectable destination server. This transfer is made using the secure HTTPS protocol.
The procedure is comparable with the DynDNS service and requires suitable access to the server.
Figure 5-8 Menu command "External Network" > "Advanced Settings" >"SRS"
With "New", you add a new destination server. With "Delete", you remove the existing entries.
Use Siemens Remote Service
Select "Yes" if you want to use Siemens Remote Service.
If you do not want to use the Siemens Remote Service, select "No".
Refresh interval
Enter the interval in seconds at which the assigned IP address of the SCALANCE M873 is transferred to the selected destination server.
Siemens Remote Service Accounts
5.5 NAT - Network Address Translation
Destination address
Enter the IP address of the destination server. Group
Enter the group name. User name
Enter the user name for access to the destination server. Password
Enter the password for access to the destination server.
Factory settings
The factory settings of the SCALANCE M873 are as follows:
Use Siemens Remote Service No (turned off)
Refresh interval 900 seconds
Destination address 0.0.0.0
Group group
User name user
Password pass
5.5
NAT - Network Address Translation
Lists the rules for NAT (Network Address Translation) and allows rules to be set or deleted. With outgoing data packets, the device can rewrite the specified sender IP addresses from its local network to its own external address, a technique known as NAT (Network Address Translation).
This method is used if the internal addresses cannot or should not be routed externally, for example because a private address range such as 192.168.x.x is used or because the local network structure should remain hidden.
This method is also known as IP masquerading.
Use NAT in the external network
Select "Yes" to activate the NAT function of the external network.
5.5 NAT - Network Address Translation
Factory settings
The factory settings of the SCALANCE M873 are as follows:
Use NAT in the external network No (turned off)
Security functions
6
6.1
Packet filter
The SCALANCE M873 has a stateful inspection firewall.
A stateful inspection firewall is a method of packet filtering. Packet filters only let IP packets through if they comply with previously defined firewall rules. The following is defined in the firewall rule:
● which protocol (TCP, UDP, ICMP) can pass through, ● the permitted source of the IP packets (from IP / from port) ● the permitted destination of the IP packets (to IP / to port)
The rules also define what will be done with IP packets that are not allowed through (discarded or rejected).
With a simple packet filter, it is always necessary to create two firewall rules for a connection:
● One rule for the query direction from the source to the destination, and ● a second rule for the response direction from the destination to the source.
It is different for a SCALANCE M873 with a stateful inspection firewall. Here a firewall rule is only created for the query direction from the source to the destination. The firewall rule for the response direction from the destination to the source results from analysis of the data previously sent. The firewall rule for the responses is closed again after the responses are received or after a short period of time has elapsed. This means that responses can only pass through if there was a previous query. This means that the response rule cannot be used for unauthorized access. What is more, special procedures make it possible for UDP and ICMP data to pass through as well, even though this data was not requested before.