DANGER indicates that death or severe personal injury will result if proper precautions are not taken.

(1)

SIMATIC NET

SCALANCE M873 - UMTS router

with HSDPA

Operating Instructions

Preface

Applications and functions

1 Installation, connecting up,

commissioning

2 Configuration

3 Local interface

4 External interface

5 Security functions

6 Remote access

7 Status, log and diagnostics

8 Further functions

9 Technical specifications

10 Additional Internal Routes

A

Applied standards and

approvals

B

(2)

Legal information Warning notice system

This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.

DANGER

indicates that death or severe personal injury will result if proper precautions are not taken. WARNING

indicates that death or severe personal injury may result if proper precautions are not taken. CAUTION

with a safety alert symbol, indicates that minor personal injury can result if proper precautions are not taken. CAUTION

without a safety alert symbol, indicates that property damage can result if proper precautions are not taken. NOTICE

indicates that an unintended result or situation can occur if the corresponding information is not taken into account.

If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.

Qualified Personnel

The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation for the specific task, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.

Proper use of Siemens products

Note the following: WARNING

Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be adhered to. The information in the relevant documentation must be observed.

Trademarks

All names identified by ® are registered trademarks of the Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of Liability

We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.

(3)

Preface

Purpose of this documentation

This documentation will accompany you on your way to successful application of the UMTS router with HSDPA SCALANCE M873. It introduces you to the topic and provides you with an overview of the areas in which the hardware is used. It explains how to commission and configure the modem taking into account operating conditions. This documentation shows the technical specifications and the standards and approvals that are met by the UMTS router with HSDPA M873.

Validity of the documentation

This manual is valid for the following product versions: ● UMTS router with HSDPA SCALANCE M873

Order number: 6GK5 873-0AA10-1AA2 Hardware product version 2.x

Purpose: UMTS router with HSDPA for industrial applications

Wireless device

WARNING

Impairment of medical devices and data media

Never use the device in places where the operation of wireless devices is prohibited. The device contains a wireless transmitter that could, under certain circumstances, impair the functionality of electronic medical devices such as hearing aids or pacemakers. You can obtain advice from your physician or the manufacturer of such devices.

To prevent data media from being demagnetized, do not keep disks, credit cards or other magnetic data media near the device.

Connection costs with (E-) GPRS

NOTICE

Note that even establishing or re-establishing a connection, when unsuccessfully attempting to connect to a partner (for example server switched off, wrong destination address, etc.) and when keeping the connection alive, data packets are exchanged that are subject to charge.

(4)

Firmware with open source GPL/LGPL

The firmware of the SCALANCE M873 includes open source software under terms of GPL/LGPL. According to section 3b of GPL and section 6b of LGPL we offer you the source code. Please write to

s_opsource@gmx.net s_opsource@gmx.de

Please enter 'Open Source M873' as the subject of your e-mail, so that we can filter out your e-mail easier.

Firmware with OpenBSD

The firmware of SCALANCE M873 contains sections from the OpenBSD software. The use of OpenBSD software obligates the user to publish the following copyright notice:

* Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met:

* 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the * documentation and/or other materials * provided with the distribution.

* 3. All advertising materials mentioning features or use of this * software must display the following acknowledgement:

* This product includes software developed by the University of * California, Berkeley and its contributors.

* 4. Neither the name of the University nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. *

* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A

* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE

(5)

Where to find Siemens documentation

You will find the order numbers for Siemens documentation in the catalogs "SIMATIC NET Industrial Communication, catalog IK PI" and "SIMATIC Products for Totally Integrated Automation and Micro Automation, catalog ST 70".

You can request these catalogs and additional information from your Siemens representative.

Some of the documents listed here are also on the SIMATIC NET Manual Collection CD supplied with every device.

You will also find SIMATIC NET manuals on the Internet pages of Siemens Automation Customer Support:

SIMATIC NET manuals: (http://support.automation.siemens.com/WW/view/en/10805878) → Entry list → Entry type "Manuals / Operating Instructions"

(6)

(7)

Applications and functions

1

1.1 Introduction

The SCALANCE M873 provides a wireless connection to the Internet or to a private network. The SCALANCE M873 provides this connection at any location at which a UMTS network (Universal Mobile Telecommunication System = mobile wireless network of the 3rd generation) or GSM network (Global System for Mobile Communication = mobile wireless network) is available that offers IP-based data services. With UMTS, this is the HSDPA data service (High Speed Download Data Access) or the UMTS data service. With GSM, this is the EGPRS (Enhanced General Packet Radio Service = EDGE) or GPRS (General Packet Radio Service).

This requires a a SIM card of a UMTS/GSM mobile wireless provider with the appropriate services activated.

The SCALANCE M873 connects a locally connected application or entire networks to the Internet via wireless IP connections. It is also possible to connect directly to an intranet, to which the external partners are connected.

To achieve this, the device combines the following functions:

● Wireless modem for flexible data communication using HSDPA, UMTS, EGPRS or GPRS ● Firewall for protection against unauthorized access

The dynamic packet filter examines data packets based on their source and destination addresses (stateful inspection firewall) and blocks undesirable data traffic (anti-spoofing).

Remote access & telecontrol application example

/RFDOQHWZRUN ([WHUQDOQHWZRUN ([WHUQDOSDUWQHUV 5RXWHU ILUHZDOO +6'3$8076 (*356 $31 ,3PRELOHZLUHOHVVFRQQHFWLRQ XVLQJ+6'3$8076RU(*356 ,QWHUQHW /RFDODSSOLFDWLRQV HJ 6&$/$1&(6 0

(12)

1.1 Introduction

Configuration

The device can be configured using a Web user interface that can be displayed simply using a Web browser. It can be accessed in the following ways:

● The local interface

● HSDPA, UMTS, EGPRS/GPRS or

● CSD (Circuit Switched Data = dial-in data connections) of the GSM

&RQQHFWLRQYLH *60&6' 3&ZLWK:HE EURZVHU 3&ZLWK:HE EURZVHU 3&ZLWK:HEEURZVHU &RQQHFWLRQXVLQJ +6'3$8076 (*356 0

Figure 1-2 Configuration connections

Firewall functions

The SCALANCE M873 the following firewall functions to protect the local network and itself from external attacks:

● Stateful inspection firewall ● Anti-spoofing

● Port forwarding ● NAT

Further functions

The SCALANCE M873 also provides the following extra functions: ● DNS cache

● DHCP server ● NTP

● Remote logging ● In port

(13)

1.1 Introduction

● SSH console for configuration ● DynDNS client

(14)

(15)

Installation, connecting up, commissioning

2

2.1 Safety notices

Safety notices on the use of the device

The following safety notices must be adhered to when setting up and operating the device and during all associated work such as installation, connecting up, replacing devices or opening the device.

General notices

WARNING

Safety extra low voltage

The equipment is designed for operation with Safety Extra-Low Voltage (SELV) by a Limited Power Source (LPS).

This means that only SELV / LPS complying with IEC 60950-1 / EN 60950-1 / VDE 0805-1 must be connected to the power supply terminals. The power supply unit for the equipment power supply must comply with NEC Class 2, as described by the National Electrical Code (r) (ANSI / NFPA 70).

There is an additional requirement if devices are operated with a redundant power supply: If the equipment is connected to a redundant power supply (two separate power supplies), both must meet these requirements.

WARNING Opening the device

DO NOT OPEN WHEN ENERGIZED.

General notices on use in hazardous areas

WARNING

Risk of explosion when connecting or disconnecting the device EXPLOSION HAZARD

DO NOT CONNECT OR DISCONNECT EQUIPMENT WHEN A FLAMMABLE OR COMBUSTIBLE ATMOSPHERE IS PRESENT.

(16)

2.1 Safety notices

WARNING Replacing components EXPLOSION HAZARD

SUBSTITUTION OF COMPONENTS MAY IMPAIR SUITABILITY FOR CLASS I, DIVISION 2 OR ZONE 2.

Notices regarding use in hazardous areas according to ATEX

WARNING

Requirements for the cabinet/enclosure

When used in hazardous environments corresponding to Class I, Division 2 or Class I, Zone 2, the device must be installed in a cabinet or a suitable enclosure.

To comply with EU Directive 94/9 (ATEX95), this enclosure must meet the requirements of at least IP54 in compliance with EN 60529.

WARNING

Suitable cables for temperatures in excess of 70 °C

If the cable or conduit entry point exceeds 70°C or the branching point of conductors exceeds 80°C, special precautions must be taken.

If the equipment is operated in an air ambient in excess of 50 °C, only use cables with admitted maximum operating temperature of at least 80 °C.

WARNING

Protection against transient voltage surges

Provisions shall be made to prevent the rated voltage from being exceeded by transient voltage surges of more than 40%. This criterion is fulfilled, if supplies are derived from SELV (Safety Extra-Low Voltage) only.

(17)

2.2 Requirements for operation

External power supply

Use only an external power supply that also complies with EN60950. The output voltage of the external power supply must not exceed 30 VDC. The output of the external power supply must be short-circuit proof.

CAUTION

The power supply unit to supply the SCALANCE M873 must comply with the requirements for a limited power source according to IEC/EN 60950-1, section 2.5.

The external power supply for the SCALANCE M873-0 must meet the requirements for NEC class 2 circuits as specified in the National Electrical Code ® (ANSI/NFPA 70).

Refer to the section Connectors (Page 22) and the installation instructions and instructions for use of the manufacturer of the power supply, the battery or the accumulator.

SIM card

To install the SIM card the device must be opened. Before opening the device, disconnect it from the power supply. Static charges can damage the device when it is open. Discharge the static electricity from your body before opening the device. You can do this by touching an grounded surface, for example the metal casing of the cabinet. Refer to section Connectors (Page 22).

In ports / out ports

The in port and the out port are electrically isolated from the other connectors of the SCALANCE M873-0. If the installation connected to the SCALANCE M873-0 connects a signal of the in port or the out port electrically with the power supply, then between every signal of the in port or out port and every connector of the power supply of the SCALANCE M873-0, the voltage must not exceed 60 V.

Handling cables

Never pull a cable connector out of a socket by its cable, pull on the connector itself. Cable connectors with screw fasteners (D-sub) must always be screwed on tightly. Do not lay the cable over sharp corners and edges without edge protection. If necessary, provide sufficient strain relief for the cables.

For safety reasons, make sure that you keep to the bend radius of the cables. Exceeding bend radius of the antenna cable results in deterioration of the system's transmission and reception properties. The minimum static bend radius must not be less than 5 times the cable diameter and with dynamic bends 15 times the cable diameter.

2.2 Requirements for operation

To operate the SCALANCE M873, the following information must be on hand and the following requirements must be met:

(18)

2.3 Step by step

Antenna

An antenna, tuned to the frequency bands of the mobile wireless provider you have selected: 850 MHz, 900 MHz, 1800 MHz, 1900 MHz or 2100 MHz. Use only antennas from the

accessories for the SCALANCE M873. See section Connectors (Page 22).

Power supply

A power supply with a voltage between 12 VDC and 30 VDC that can provide sufficient current.

See section Connectors (Page 22).

SIM card

A SIM card from the chosen mobile wireless provider. PIN

The PIN (= Personal Identification Number) for the SIM card HSDPA / UMTS, EGPRS / GPRS activation

The SIM card must be activated for packet-oriented data services in the mobile wireless network (HSDPA, UMTS, EGPRS and GPRS) by your mobile wireless provider.

The access data must be known: ● Access point name (APN) ● User name

● Password

CSD 9600 bps activation

The SIM card must be activated by your mobile wireless provider for the CSD service if you wish to use remote configuration via dial-in data connections, see section Remote access via dial-in connection (Page 77).

2.3 Step by step

Requirements for commissioning

(19)

2.3 Step by step

See section Requirements for operation (Page 17)

2. Read the safety instructions and other instructions at the beginning of this document very carefully, and be sure to follow them.

See section Safety notices (Page 15)

3. Familiarize yourself with the control elements, connectors and operating state indicators of the SCALANCE M873.

See section Device front (Page 20) and the sections following

Procedure

Set up the SCALANCE M873 by following the steps below:

1. Connect a PC with a Web browser (Admin PC) to the local interface (10/100 BASE-T) of the SCALANCE M873.

See section TCP/IP configuration of the network adapter in Windows XP (Page 29) and Establishing a configuration connection (Page 31)

2. Using the Web user interface of the SCALANCE M873, enter the PIN (Personal Identification Number) of the SIM card.

See section Access parameters for UMTS/GPRS (Page 53) 3. Disconnect the SCALANCE M873 from the power supply.

See section Connectors (Page 22) 4. Insert the SIM card in the device.

See section Inserting the SIM card (Page 26) 5. Connect the antenna.

See section Connectors (Page 22)

6. Connect the SCALANCE M873 to the power supply. See section Connectors (Page 22)

7. Set up the SCALANCE M873 according to your requirements. See section Configuration (Page 29) and the sections following 8. Connect your local application.

(20)

2.4 Device front

①

Connection terminals for the power supply

②

Service button (SET)

③

Antenna socket type SMA

④

Operating state indicators S, Q, C

⑤

X1 (Service; USB) –no function

⑥

Connection terminals for the in ports and out ports (not connected)

⑦

X2 (10/100 Base-T - RJ-45 jack) for connecting the local network

⑧

Operating state indicators DC5V, LINK, IN, OUT Figure 2-1 Front of the device

2.5 Service button (SET)

On the front of the SCALANCE M873, there is a small hole (see B) which is labeled SET and has a button behind it. Use a thin object, for example a straightened-out paperclip, to press this button.

(21)

2.6 Operating displays

The SCALANCE M873 has 7 indicator lamps (LEDs) to indicate the operating state. The 3 indicator lamps on the left-hand side of the device indicate the state of the wireless modem:

LED Status Meaning Flashing slowly PIN transfer Flashing quickly PIN error/ SIM error S (Status)

ON PIN transfer successful OFF Not logged into GSM network Flashing briefly Poor signal strength (CSQ < 6) Flashing slowly Medium signal strength (CSQ= 6 to 10) ON, with brief interruptions Good signal strength (CSQ=11 to 18) Q (Quality)

ON Very good signal strength (CSQ > 18) OFF No connection

Flashing quickly Service call via CSD active Flashing slowly EGPRS/GPRS connection active C (Connect)

ON HSDPA/UMTS connection active S, Q, C together Flash on and off in sequence

(fast)

Flash on and off in sequence (slow)

Flash fast (in sync)

Booting Update Errors

The 4 signaling lamps on the right-hand side of the device indicate the state of other device functions:

LED Status Meaning

ON Device turned on, power supply present 5 VDC

OFF Device turned off, no power supply

ON Ethernet connection established to the local application or the local network

OFF No Ethernet connection to the local application or the local network

LINK

ON with brief interruptions Data transfer via the Ethernet connection ON In port active

IN

OFF In port not active

ON Reserved for future applications OUT

(22)

2.7 Connectors

The connectors of the M873 are on the front of the device.

X2 (10/100-Base-T)

The local network is connected to the local applications at the 10/100 Base-T connector, for example a programmable controller, a machine with an Ethernet interface for remote monitoring, a notebook or desktop PC.

Here, connect the Admin PC with its Web browser to set up the SCALANCE M873.

The interface supports autonegotiation. This means that the transmission speed 10 Mbps or 100 Mbps used on the Ethernet network is detected automatically.

A connecting cable with a RJ-45 plug must be used. It can be a cross-over cable or a patch cable.

X1 (Service; USB)

In the SCALANCE M873, this interface has no function and is reserved for later applications. Do not connect any devices here. Otherwise operation of the SCALANCE M873 could be impaired.

SMA antenna socket

The SCALANCE M873 has an antenna socket of the type SMA for connecting the antenna. The antenna used should have an impedance of about 50 ohms. It must be suitable for GSM 900 MHz and DCS 1800 MHz or GSM 850 MHz and PCS 1900 MHz and for UMTS 2100 MHz, depending on which frequency bands your GSM network provider uses. In Europe and China, GSM 900 MHz, DCS 1800MHz and UMTS 2100 MHz are used. In the USA, GSM 850 MHz and PCS 1900 MHz (also for UMTS) are used. Check with your network provider. The tuning (VSWR) of the antenna must be 1:2.5 or better.

NOTICE

Use only antennas from the accessories for the SCALANCE M873. Other antennas could interfere with product characteristics or even lead to defects.

When installing the antenna, a sufficiently good signal quality must be ensured (CSQ > 11). Use the signaling lamps of the SCALANCE M873 that show the signal quality. Make sure that there are no large metal objects (for example reinforced concrete) close to the antenna.

(23)

2.7 Connectors

Keep to the installation and user instructions for the antenna you are using.

WARNING

If the antenna is installed outdoors, it must be grounded for lightning protection. This work must only be carried out by qualified personnel.

Read the warning notice regarding installation and outdoor installation of antennas at the beginning of this document.

Screw terminals for power supply

Figure 2-2 Power supply screw terminals (24 V 0 V)

The SCALANCE M873 operates with a voltage of 12 - 60 VDC, nominally 24 VDC. This power supply is connected to the screw terminals on the left half of the device.

The current consumption is approx. 450 mA at 12 V and 100 mA at 60 V.

WARNING

The power supply unit of the SCALANCE M873 is not electrically isolated. Refer to the safety notices at the beginning of this manual.

(24)

2.7 Connectors

Installation instructions

Use copper wires only.

Wire: 0.5...3 mm2 (20 to 18 AWG)

Stranded wire: 0.5 to 2.5 mm2

Tightening torque for screw terminals: 0.6 to 0.8 Nm

In port / out port

Figure 2-3 In ports / out ports

In port I1+/I1-

The SCALANCE M873 has an in port. The screw terminals are the connectors for the in port on the right-hand half of the device. The terminals are labeled I1+/I1-

In port I1+/I1-

UIn = 5 to 30 V On: UIn ≥5 V Off: UIn ≤1.2 V

(25)

2.7 Connectors

WARNING

The in port is electrically isolated from the other connectors of the SCALANCE M873. If the installation connected to the SCALANCE M873 connects a signal of the in port electrically with the power supply, then between every signal of the in port and every connector of the power supply of the SCALANCE M873, the voltage must not exceed 60 V.

WARNING Out port O1a/O1b

The SCALANCE M873 has an out port. The screw terminals are the connectors for the out port on the right-hand half of the device. The terminals are labeled O1a/O1b.

Out port O1a/O1b

UMax = 30 V IMax = 20 A

The out port is reserved for later applications.

WARNING

The out port is electrically isolated from the other connectors of the SCALANCE M873. If the installation connected to the SCALANCE M873 connects a signal of the out port electrically with the power supply, then between every signal of the out port and every connector of the power supply of the SCALANCE M873, the voltage must not exceed 60 V.

(26)

2.8 Inserting the SIM card

NOTICE

Before inserting the SIM card, enter the PIN of the SIM card in the SCALANCE M873 via the Web user interface. See section Access parameters for UMTS/GPRS (Page 53).

Figure 2-4 SIM card compartment

1. After you have entered the PIN of the SIM card, disconnect the SCALANCE M873 completely from the power supply.

2. The compartment for the SIM card is located on the back of the device. Directly beside to the compartment for the SIM card in the opening in the housing, there is a small yellow button. Press on this button with a pointed object, for example a pencil.

When the button is pressed the SIM card drawer comes out of the housing. 3. Place the SIM card in the drawer so that its gold-plated contacts remain visible. 4. Then push the drawer with the SIM card completely into the housing.

NOTICE

Do not, under any circumstances, insert or remove the SIM card during operation. This could damage the SIM card and the SCALANCE M873.

(27)

2.9 Installation on a DIN rail

The SCALANCE M873 is suitable for rail mounting on DIN EN 50022 rails. There is a clamp on the rear of the device for this purpose.

(28)

(29)

Configuration

3

Configuration of the router and firewall functions is carried out locally or remotely via the Web-based administration interface of the SCALANCE M873.

Remote configuration

Remote configuration using HTTPS or CSD access is only possible if the SCALANCE M873 is configured for remote access. If you want to use the remote configuration option, follow the steps describde in Chapter 7.

Configuration via the local interface

The requirements for configuration via the local interface are as follows:

● The computer (Admin PC) on which you create the configuration must either ... – ... be connected directly to the Ethernet socket of the SCALANCE M873 with a

network cable or

– ... have direct access to the SCALANCE M873 via the local network.

● The network adapter of the computer (Admin PC) on which you create the configuration must have the following TCP/IP configuration:

IP address: 192.168.1.2 Subnet mask: 255.255.255.0

Instead of IP address 192.168.1.2, you can also use other IP addresses from the range 192.169.1.x.

● If you also want to use the Admin PC to access the external network via the SCALANCE M873, the following additional settings are necessary:

Default gateway: 192.168.1.1

● Preferred DNS server: Address of the domain name server

3.1 TCP/IP configuration of the network adapter in Windows XP

Configuring the LAN connection

1. Click on "Start", "Connect To ...", "Show All Connections…". 2. Then click on "LAN Connection".

(30)

3.1 TCP/IP configuration of the network adapter in Windows XP

3. In the dialog box "Properties of LAN Connection", click on the "General" tab and select the entry "Internet Protocol (TCP/IP)".

4. Open properties by clicking the button.

The "Properties of Internet Protocol (TCP/IP)" window appears (see Figure 3-1). Note

The path to the "Properties of LAN Connection" dialog box depends on your Windows settings. If you cannot find this dialog box, search in the Windows Help function for "LAN Connection" or "Internet Protocol (TCP/IP) Properties".

Figure 3-1 "Internet Protocol (TCP/IP) Properties"

Enter the following values to access the Web user interface of the SCALANCE M873: ● IP address: 192.168.1.2

● Subnet mask: 255.255.255.0

Enter the following values as well if you want to use the Admin PC to access the external network via the SCALANCE M873:

● Default gateway: 192.168.1.1 ● Preferred DNS server: 192.168.1.1

(31)

3.2 Characters permitted for user names, passwords and other inputs

Preferred DNS server

If you call up addresses via a domain name (for example www.siemens.com), then the domain name server (DNS) is required to find out what IP address is behind the name. You can specify the following as the domain name server:

● The DNS address of the network provider,or

● The local IP address of the SCALANCE M873, as long as it is configured to resolve host names into IP addresses (see section DNS for local network (Page 47)). This is the factory setting.

To specify the domain name server in the TCP/IP configuration of your network adapter, follow the steps outlined above.

3.2 Characters permitted for user names, passwords and other inputs

For user names, passwords, host names, APN and PIN, the following ASCII characters may be used:

User names, passwords and PIN

a b c d e f g h I j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 ! $ % & ' ( ) * + , . / : ; < = > ? @ [ \ ] ^ _ ` { | }

Host names and APN

a b c d e f g h I j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 . -

3.3 Establishing a configuration connection

Setting up a Web browser

Follow the steps outlined below: 1. Launch a Web browser.

(for example MS Internet Explorer Version 7 or later or Mozilla Firefox Version 2 or later; the Web browser must support SSL (i.e. HTTPS).)

2. Make sure that the browser does not automatically dial a connection when it is launched. Make this setting in the MS Internet Explorer as follows: "Tools", "Internet Options..." menu, "Connections" tab: Under "Dial Up and VPN Settings", "Never dial a connection" must be enabled.

(32)

3.3 Establishing a configuration connection

Calling up the start page of the SCALANCE M873

1. In the address line of the browser, enter the IP address of the SCALANCE M873 in full. According to the factory setting, this is:

https://192.168.1.1

Result: A security alert appears.

Figure 3-2 Confirm the security alert

2. Acknowledge the security alarm and continue loading this page. Note

Because the device can only be administered using encrypted access, it is delivered with a self-signed certificate. If certificates with signatures that the operating system does not know are used, a security message is generated. You can display the certificate.

It must be clear from the certificate that it was issued for Siemens AG. The Web user interface is opened when the device is accessed using an IP address and not a name, which is why the name specified in the security certificate, is not the same as the one in the certificate.

Entering the user name and password

(33)

3.3 Establishing a configuration connection

Figure 3-3 Entering the user name and password

The factory setting is: User name: admin Password: scalance Note

Remember to change the password. The factory setting is public knowledge and does not provide adequate protection. Section Changing the password (Page 39) describes how to change the password.

The start page is displayed

After you have entered the user name and password, the start page of the SCALANCE M873 appears in the Web browser with an overview of the operating state, see section Start page of the Web user interface (Page 34).

The start page is not displayed

If, after several attempts, the browser still reports that the page cannot be displayed, try the following:

● Check the hardware connection. On a Windows computer, go to the DOS prompt (Menu Start, Programs, Accessories, Command Prompt) and enter the following command: ping 192.168.1.1

If a return message indicating receipt of the 4 packets that were sent does not appear within the specified time period, check the cable, the connections and the network adapter.

● Make sure that the browser does not use a proxy server. Make this setting in the MS Internet Explorer (version 7.0) as follows: "Tools", "Internet Options..." menu,

"Connections" tab: Under "LAN settings", click the "Settings..." button, in the dialog for the "Local Area Network (LAN) Settings", make sure that under "Proxy server", the "Use a proxy server for your LAN" entry is not selected.

(34)

3.4 Start page of the Web user interface

● If other LAN connections are active on the computer, disable them while you are setting the configuration.

In the Windows Start menu, "Settings", "Network Connections". All LAN connections are shown. Select the relevant connection "Deactivate" in the shortcut menu (right mouse button).

● Enter the address of the SCALANCE M873 with slashes: https://192.168.1.1/

3.4 Start page of the Web user interface

After the Web user interface of the SCALANCE M873 is called up and the user name and password have been entered, an overview of the current operating state of the SCALANCE M873 appears.

Figure 3-4 tart page / overview

Note

Use the "Refresh" function of the Web browser to update the displayed values to their current status.

Current system time

Shows the current system time of the SCALANCE M873 in the format: Year – month – day, hours – minutes

(35)

3.4 Start page of the Web user interface

Connection

Shows whether a wireless connection exists, and which one: ● UMTS connection (IP connection using HSDPA, UMTS)

● GPRS/EDGE connection (IP connection using GPRS or GPRS) ● CSD connection (service connection using CSD)

External hostname

Shows the host name (for example m873.mydns.org) of the SCALANCE M873 if a DynDNS service is used.

Signal (CSQ level)

Indicates the strength of the GSM signal as a CSQ value. ● CSQ < 6: Signal strength poor

● CSQ = 6..10: Signal strength medium ● CSQ =11-18: Field strength good ● CSQ > 18: Field strength very good

● CSQ = 99: No connection to the GSM network

Assigned IP address

Shows the IP address at which the SCALANCE M873 can be reached in the wireless network. This IP address is assigned to the SCALANCE M873 by the wireless network. Note

It may occur that an IP data connection and an assigned IP address are both shown, but the connection quality is not good enough to transmit data. For this reason we recommend that you use the active connection monitoring (see section UMTS/GPRS connection monitoring (Page 57)).

Remote HTTPS

Shows whether remote access to the Web user interface of the SCALANCE M873 via the wireless network is permitted (see section HTTPS remote access (Page 73)).

● White check mark with green dot: Access is permitted. ● White check mark with red dot: Access is not permitted.

(36)

3.5 Language selection

Remote SSH

Shows whether remote access to the SSH console of the SCALANCE M873 via the wireless network is permitted (see section SSH remote access (Page 75)).

● White check mark with green dot: Access is permitted. ● White check mark with red dot: Access is not permitted

CSD Dial-In

Shows whether remote CSD service calls are permitted (see section Remote access via dial-in connection (Page 77)).

● White check mark with green dot: Access is permitted. ● White check mark with red dot: Access is not permitted.

3.5 Language selection

The SCALANCE M873 supports the Web-based administration user interface in English and German.

Figure 3-5 Language selection

Automatic

The SCALANCE M873 selects the same language for the administration user interface as the language set for the Web browser:

● German, if the Web browser is set to German, ● English in all other cases.

German

The SCALANCE M873 uses German, regardless of the Web browser setting. English

The SCALANCE M873 uses English, regardless of the Web browser setting.

(37)

3.6 Configuration procedure

The procedure for configuring the SCALANCE M873 is as follows:

Setting the configuration

1. Use the menu to call up the group of settings you require.

2. Make the required entries on the page or use Reset to delete the current entries that have not been saved.

3. Use Save to confirm the entries so that they are adopted by the device.

Figure 3-6 Menu bar

Note

Depending on how you configure the SCALANCE M873, you may then have to adapt the network interface of the locally connected computer or network.

When entering IP addresses, always enter the IP address subnumbers without leading zeros, for example: 192.168.0.8.

Invalid entries

The SCALANCE M873 checks your entries. Errors are detected when you save and the input box in question is marked.

(38)

3.7 Configuration profiles

The settings of the SCALANCE M873 can be saved in configuration profiles (files) and re-loaded at any time.

Figure 3-8 Menu command "Maintenance" > "Configuration Profiles"

Upload Profile

A configuration profile that was created previously and saved on the Admin PC is uploaded to the SCALANCE M873. Files with configuration profiles have the file extension *.tgz. With "Browse", you can search the admin PC for configuration profiles. With "Submit". you upload the configuration profile to the SCALANCE M873.

The profile will then be shown in the table of saved configuration profiles.

Create profile

Saves the current settings of the SCALANCE M873 in a configuration profile.

First enter a name for the profile in the input box. "Create" saves the settings in a profile with this name and then displays it in the table of saved configuration profiles.

Saved Configuration Profiles

Download

Downloads the profile to the admin PC. Activate

The SCALANCE M873 adopts the settings from the selected configuration profile and continues to work using them.

Delete

(39)

3.8 Changing the password

Access to the SCALANCE M873 is protected by an access password. This access password protects access both via the

● local interface to the Web user interface, and ● via the local interface to the SSH console, and also access via

● UMTS/GPRS by https to the Web user interface, and ● UMTS/GPRS to the SSH console,

Access password (factory setting)

The factory setting for the SCALANCE M873 is: ● Password: scalance

● User name: admin (cannot be modified) Note

Change the password immediately after commissioning. The factory setting is public knowledge and does not provide adequate protection.

Note

The user name for SSH access is different from the user name for the Web-based administration user interface.

User name: root (cannot be modified)

The password is the same as the access password for the SCALANCE M873 as specified above.

New access password (with confirmation)

To change the password, enter the new password you have selected in "New access password" and confirm the entry in "Retype new access password".

With "Reset", you can discard any entries that have not yet been saved. "Save" enters the new password.

3.9 Reboot

Although the SCALANCE M873 is designed for continuous operation, in such a complex system disruptions may occur, often triggered by external influences. A reboot can rectify these problems.

The reboot resets the functions of the SCALANCE M873. Current settings from the configuration profile do not change. The SCALANCE M873 continues to work using these settings after the reboot.

(40)

3.10 Loading factory settings

Figure 3-9 Menu command "Maintenance" > "Reboot"

Reboot now

The device will reboot immediately, if you click the "Reboot" button.

Enable daily reboot

The device reboots automatically once a day if you activate the function with Yes.

Specify the "Reboot time" of the daily reboot. The device will reboot at the specified system time. Existing connections will be interrupted.

Factory settings

Enable daily reboot: No

Reboot time: 01:00

3.10 Loading factory settings

The factory settings of the SCALANCE M873 can be restored in different ways.

Figure 3-10 Menu command "Maintenance" > "Factory Reset"

(41)

3.10 Loading factory settings

Service button (SET)

Resetting to factory settings can also be triggered by pressing the service button (SET) (see section Service button (SET) (Page 20)).

Default configuration

If you only want the factory settings to be loaded without deleting the configuration profiles to be archived logs, activate only the default configuration as described in section Configuration profiles (Page 38).

(42)

(43)

Local interface

4

The local interface is the interface of the SCALANCE M873 for connecting the local network. The interface is labeled X2 on the device. This is an Ethernet interface with 10 Mbps or 100 Mbps data rate.

The local network is the network connected to the local interface of the SCALANCE M873. The local area network contains at least one local application.

Local applications are network components in the local network, for example a

programmable controller, a machine with an Ethernet interface for remote monitoring, a notebook or PC or the admin PC.

Configure the local interface and the associated functions according to your requirements as described in this section.

4.1 IP addresses of the local interface

Here, you set the IP addresses and the netmasks with which the SCALANCE M873 can be reached by local applications.

Figure 4-1 Menu command "Local Network > Basic Settings > Local IPs"

These factory-set IP addresses and netmasks can be changed freely, but should be in keeping with the valid recommendations (RFC 1918).

(44)

4.1 IP addresses of the local interface

/RFDODSSOLFDWLRQV

$GPLQ3& _{/RFDO,3DQGQHWPDVN} 0

Figure 4-2 Display of the local network

You can specify additional addresses at which the SCALANCE M873 can be reached by local applications. This is useful, for example, when the local network is divided into subnets. Several local applications from different subnets can then reach the SCALANCE M873 using different addresses.

New

Adds additional IP addresses and netmasks that you can then modify. Delete

(45)

4.2 DHCP server to local network

The SCALANCE M873 contains a DHCP server (DHCP = Dynamic Host Configuration Protocol). If the DHCP server is switched on, it automatically assigns the IP addresses, netmasks, the gateway and the DNS server to the applications that are connected to the local interface of the SCALANCE M873. To do this, the setting for obtaining the IP address automatically and the configuration parameters using DHCP must be activated in the local applications.

/RFDODSSOLFDWLRQV

$GPLQ3&

,3DGGUHVVHVDQGRWKHUGDWD 0

Figure 4-3 DHCP server function

(46)

4.2 DHCP server to local network

Start DHCP server

With "Start DHCP server" - "Yes", you turn on the DHCP server of the SCALANCE M873, with "No" it is turned off.

Local netmask

Here, enter the local netmask to be assigned to the local applications.

Default gateway

Here, enter the default gateway to be assigned to the local applications.

DNS server

Here, enter the DNS server to be assigned to the local applications.

Enable dynamic IP address pool

With "Yes", the IP addresses assigned by the DHCP server of the SCALANCE M873 are taken from a dynamic address pool.

With "No", the IP addresses must be assigned to the MAC addresses of the local applications under "Static Leases".

DHCP range start

Specifies the first address of the dynamic address pool.

DHCP range end

Specifies the last address of the dynamic address pool.

Static Leases

In Static Leases of the IP addresses, you can assign corresponding IP addresses to the MAC addresses of local applications.

If a local application requests assignment of an IP address using DHCP, the application transfers its MAC address with the DHCP request. If a static IP address is assigned to this MAC address, the SCALANCE M873 assigns the corresponding IP address to the

application.

MAC address of the client – MAC address of the requesting local application IP address of the client – assigned IP address

(47)

4.3 DNS for local network

Factory settings

The factory settings of the SCALANCE M873 are as follows:

Start DHCP server No

Local netmask 255.255.255.0

Default gateway 192.168.1.1

DNS server 192.168.1.1

Enable dynamic IP address pool No

DHCP range start 192.168.1.100

DHCP range end 192.168.1.199

4.3 DNS for local network

The SCALANCE M873 provides the local network with a domain name server (DNS). If you enter the IP address of the SCALANCE M873 in your local application as the domain name server (DNS), then the SCALANCE M873 answers the DNS requests from its cache. If it does not know the IP address corresponding to a domain address, the SCALANCE M873 forwards the request to an external domain name server (DNS).

The time period for which the SCALANCE M873 keeps a domain address in the cache depends on the host being addressed. In addition to the IP address, a DNS request to an external domain name server also supplies the life span of this information.

5HPRWHQHWZRUN 5RXWHU ILUHZDOO +6'3$8076 (*356 $31 '16UHTXHVWWR0 ,QWHUQHW /RFDODSSOLFDWLRQ '16RIWKHQHWZRUNSURYLGHU '16LQWKH,QWHUQHW '16UHTXHVWE\0 0 Figure 4-5 DNS function

The external domain name server (DNS) used can be a server of the network provider, a server on the Internet, or a server in the private external network.

(48)

4.3 DNS for local network

Figure 4-6 Menu command "Local Network" > "Basic Settings" > "DNS"

Selected nameserver

Select the domain name server (DNS) to which the SCALANCE M873 should send a request.

Provider Defined

When a connection is established to UMTS/GPRS, the network provider automatically sends one or more DNS addresses. These are then used.

User Defined

As the user, you select your preferred DNS. The dynamic name servers can be connected to the Internet, or can be a private DNS in your network.

User defined name server

If you have selected the option "User Defined", enter the IP address of the selected DNS as the "Server IP address".

With "New", you can add further dynamic name servers.

Factory settings

Selected nameserver Provider Defined

User defined name server -

(49)

4.4 Local host name

The SCALANCE M873 can also be addressed from the local network using a host name. To do this, specify a host name, e.g. M873.

The SCALANCE M873 can then be called up, for example from a Web browser as M873.

Figure 4-7 Menu command "Local Network" > "Basic Settings" > "DNS"

Note

The security concept of the SCALANCE M873 requires an outgoing firewall rule for each local application that uses this host name function. See section Packet filter (Page 65).

If you do not use DHCP (see section DHCP server to local network (Page 45)), identical search paths have to be entered manually in the SCALANCE M873 and in the local applications. If you do use DHCP, the local applications receive the search path entered in the SCALANCE M873 via DHCP.

Factory settings

Search path example.local

(50)

4.5 System Time/NTP

The system time of the SCALANCE M873 can be set manually or can be synchronized automatically with a time server.

Figure 4-8 Menu command "System" > "System Time"

Setting the system time manually

Here. you set the system time for the SCALANCE M873. This system time is: ● used as a time stamp for all log entries, and

● serves as a time base for all time-controlled functions. Select the year, month, day, hour and minute.

Activate NTP synchronization

The SCALANCE M873 can also obtain the system time from a time server via NTP (= Network Time Protocol). There are a number of time servers on the Internet that can be used to obtain the current time very precisely via NTP.

(51)

4.5 System Time/NTP

NTP server

Click "New" to add an NTP server, and enter the IP address of such an NTP server, or use the factory default NTP server. You can specify several NTP servers at the same time. It is not possible to enter the NTP address as a host name (for example timeserver.org).

Poll interval

Time synchronization is carried out cyclically. The interval at which synchronization takes place is decided automatically by the SCALANCE M873. The system time will be

resynchronized at least once every 36 hours. The poll interval defines the minimum period that the SCALANCE M873 waits until the next synchronization.

NOTICE

Synchronization of the system time via NTP creates additional data traffic on the UMTS/GPRS connection. This may result in additional costs, depending on your user agreement with the mobile wireless provider.

Serve system time to local network

The SCALANCE M873 can itself function as an NTP time server for the applications connected to its local network interface. To activate this function select "Yes".

The NTP time server in the SCALANCE M873 can be reached via the local IP address set for the SCALANCE M873, see section IP addresses of the local interface (Page 43).

Factory settings

Local timezone UTC

Activate NTP synchronization No

NTP server 192.53.103.108

Poll interval 1.1 hours

(52)

4.6 Additional Internal Routes

If the local network is divided into subnet, you can define additional routes.

Figure 4-9 Menu command "Local Network" > "Additional Internal Routes"

With "New", you specify an additional route to a subnet. Specify the following:

● the IP address of the subnet (network), and also

● the IP address of the gateway via which the subnet is connected.

You can define any number of internal routes. With "Delete", you remove an internal route. You will find an example in appendix Additional Internal Routes (Page 99).

Factory settings

Additional Internal Routes -

Default for new routes: No

Network:: 192.168.2.0/24

(53)

External interface

5

The external interface of the SCALANCE M873 connects the SCALANCE M873 to an external network. HSDPA, UMTS, EGPRS or GPRS are used for communication on this interface.

External networks are the Internet or a private intranet.

External remote stations are network components in an external network, for example Web servers on the Internet, routers on an intranet, a central company server, an Admin PC. Configure the external interface and the related functions to suit your requirements as described in this section.

5.1 Access parameters for UMTS/GPRS

For access to the services HSDPA, UMTS, EGPRS or GPRS and to the basic GSM wireless network, access parameters are necessary that you will receive from your GSM mobile wireless provider. +6'3$8076 (*356 $31 SXEOLF ,QWHUQHW /RFDODSSOLFDWLRQ 3,1 6,0FDUG 8VHUQDPHDQGSDVVZRUG 0

Figure 5-1 Access parameters

The PIN protects the SIM card against unauthorized use of the modem. The user name and password protect access to the UMTS/GPRS network.

The APN (Access Point Name) defines the changeover from the UMTS/GPRS network to other connected IP networks, for example the changeover from a public APN to the Internet.

(54)

5.1 Access parameters for UMTS/GPRS

Provider selection mode - manual

Figure 5-2 Menu command "External Network" > UMTS/EDGE - Provider selection mode - manual

If you select "Manual" as the provider selection mode, enter the user name, password and APN for the UMTS or GPRS service manually.

Provider selection mode - Automatic

Figure 5-3 Menu command "External Network" > "UMTS/EDGE" - Provider selection mode - Manual

(55)

Enter the PIN for your SIM card here. You will receive the PIN from your network provider. The SCALANCE M873 also works with SIM cards that have no PIN; in this case, enter NONE. In this case, the input box is left empty.

Note

If no entry is made, the input box for the PIN is shown with a red margin after saving.

Network selection

Select the type of mobile wireless network to be used: ● UMTS (with the services UMTS data and HSDPA) ● GSM (with the services EGPRS, GPRS and CSD)

Provider (only for the provider selection "Automatic")

Here, you can enter any text of your choice to name the UMTS or GPRS service, such as the name of the provider (for example Vodafone, Eplus, my GPRS access).

Net_ID (only for the provider selection "Automatic")

Here, you enter the identification number (Net-ID) of the network provider to which the UMTS or GPRS access data relates in the same row of the list of providers.

Each UMTS or GSM/GPRS network provider has an assigned identification number that is unique worldwide known as the Public Land Mobile Network (PLMN). PLMN is made up of (MCC) and (MNC). You will find the Net-ID in the documentation provided by your UMTS or GSM/GPRS network provider or on the provider's Internet pages.

The Net-ID is stored on the SIM card. The SCALANCE M873 reads the Net-ID from the SIM card and selects the corresponding UMTS or GPRS access data from the list of providers.

User name

Enter the user name for UMTS/GPRS here. Some mobile wireless providers do not use access control with user names and/or passwords. In this case, enter "guest" in the corresponding box.

Password

Enter the password for UMTS/GPRS here. Some mobile wireless providers do not use access control with user names and/or passwords. In this case, enter "guest" in the corresponding box.

(56)

APN

Enter the name of the connection between UMTS/GPRS and other networks here. You will find the APN in the documentation of your mobile wireless provider, on your provider's Web site, or ask your provider's hotline.

Factory settings

Provider selection mode Manual

Table 5- 1 Provider selection mode - manual

PIN NONE

User name guest

Password guest

APN NONE

Table 5- 2 Provider selection mode - Automatic

1st Provider T-Mobile

Net-ID 26201

User name guest

Password guest

APN internet.t-mobile

2nd Provider Vodafone

Net-ID 26202

User name guest

Password guest

APN web.vodafone.de

3rdProvider Eplus

Net-ID 26203

User name guest

Password guest

APN internet.eplus.de

4th Provider O2

(57)

5.2 UMTS/GPRS connection monitoring

Net-ID NONE

User name NONE

Password NONE

APN NONE

5.2 UMTS/GPRS connection monitoring

With the "Connection Check" function, the SCALANCE M873 checks its connection to UMTS/GPRS and to the connected external networks, such as the Internet or an intranet. To do this, the SCALANCE M873 sends ping packets (ICMPs) to up to four partners (target hosts) at regular intervals. This takes place independently of the user data connections. If after such a ping, the SCALANCE M873 receives a response from at least one of the partners addressed, then the SCALANCE M873 is still connected to the IP mobile wireless service and is ready for operation.

Some "network providers" interrupt connections when they are inactive. This is also prevented by the "Connection Check" function.

+6'3$8076 (*356 $31 8VHUGDWDFRQQHFWLRQ ,QWHUQHW /RFDODSSOLFDWLRQ 3LQJIRUFRQQHFWLRQPRQLWRULQJ 3LQWWDUJHWRQWKH,QWHUQHW 0

Figure 5-4 Connection monitoring

NOTICE

Sending ping packets (ICMPs) increases the amount of data sent and received via UMTS/GPRS. This can lead to increased costs.

(58)

5.2 UMTS/GPRS connection monitoring

Figure 5-5 Menu command "External Network" > "Advanced Settings" > "Check the Connection"

Checking the connection

"Yes" enables the function. "No" disables the function.

Ping Targets – Hostname

Select up to four partners that the SCALANCE M873 can ping. The partners must be available continuously and must answer pings.

Note

Make sure that the selected partners will not be disrupted.

Connection check interval (Minutes)

Specifies the interval at which the connection check ping packets are sent by the SCALANCE M873. Enter the value in minutes.

Allowable number of failures

(59)

5.3 Hostname by DynDNS

Activity on faulty connection

Renew Connection

The SCALANCE M873 re-establishes the connection to UMTS/GPRS if the ping packets sent were not answered.

M873 reboot

The SCALANCE M873 reboots if the ping packets sent were not answered.

Factory settings

Checking the connection No (turned off)

Hostname -

Connection check interval 5 (minutes)

Allowable number of failures 3 (failed attempts)

Activity on faulty connection Renew Connection

5.3 Hostname by DynDNS

Dynamic domain name servers (DynDNS) make it possible for applications to be accessible on the Internet under a hostname (e.g. myHost.org), even if these applications do not have a fixed IP address and the hostname is not registered. If you log the SCALANCE M873 on to a DynDNS service, you can also reach the SCALANCE M873 from the external network under a hostname, for example myName.dyndns.org.

([WHUQDOQHWZRUN 5RXWHU ILUHZDOO +6'3$8076 (*356 $31 ,QWHUQHW /RFDODSSOLFDWLRQ 8VHUGDWDFRQQHFWLRQ 5HVSRQVH ,3 4XHU\ ,3IRUKRVWQDPH ,1)2 ,3DGGUHVVKRVWQDPH 0

Figure 5-6 DynDNS connection

(60)

5.3 Hostname by DynDNS

Figure 5-7 Menu command "External Network" > "Advanced Settings" >"DynDNS"

Log on (M873) to DynDNS server

Select "Yes" if you want to use a DynDNS service.

DynDNS provider

The SCALANCE M873 is compatible with dyndns.org.

DynDNS username / password

Enter here the user name and the password that authorize you to use the DynDNS service. Your DynDNS provider will give you this information.

DynDNS hostname

Here enter the hostname that you have agreed with your DynDNS provider for the SCALANCE M873, e.g. myName.dyndns.org.

Factory settings

Log on (M873) to DynDNS server No (turned off)

DynDNS username guest

DynDNS password guest

(61)

5.4 SRS - Siemens Remote Service

Note

Using the services provided by the "SIMATIC Remote Support Services", remote access to machines and plants is available.

To use the services, additional service agreements are necessary and certain constraints must be kept to. If you are interested in the Siemens Remote Service, speak to your local Siemens contact.

If the Siemens Remote Service is activated, the SCALANCE M873 transfers its external IP address assigned by the EDGE/GPRS service to a selectable destination server. This transfer is made using the secure HTTPS protocol.

The procedure is comparable with the DynDNS service and requires suitable access to the server.

Figure 5-8 Menu command "External Network" > "Advanced Settings" >"SRS"

With "New", you add a new destination server. With "Delete", you remove the existing entries.

Use Siemens Remote Service

Select "Yes" if you want to use Siemens Remote Service.

If you do not want to use the Siemens Remote Service, select "No".

Refresh interval

Enter the interval in seconds at which the assigned IP address of the SCALANCE M873 is transferred to the selected destination server.

Siemens Remote Service Accounts

(62)

5.5 NAT - Network Address Translation

Destination address

Enter the IP address of the destination server. Group

Enter the group name. User name

Enter the user name for access to the destination server. Password

Enter the password for access to the destination server.

Factory settings

Use Siemens Remote Service No (turned off)

Refresh interval 900 seconds

Destination address 0.0.0.0

Group group

User name user

Password pass

5.5 NAT - Network Address Translation

Lists the rules for NAT (Network Address Translation) and allows rules to be set or deleted. With outgoing data packets, the device can rewrite the specified sender IP addresses from its local network to its own external address, a technique known as NAT (Network Address Translation).

This method is used if the internal addresses cannot or should not be routed externally, for example because a private address range such as 192.168.x.x is used or because the local network structure should remain hidden.

This method is also known as IP masquerading.

Use NAT in the external network

Select "Yes" to activate the NAT function of the external network.

(63)

5.5 NAT - Network Address Translation

Factory settings

Use NAT in the external network No (turned off)

(64)

(65)

Security functions

6

6.1 Packet filter

The SCALANCE M873 has a stateful inspection firewall.

A stateful inspection firewall is a method of packet filtering. Packet filters only let IP packets through if they comply with previously defined firewall rules. The following is defined in the firewall rule:

● which protocol (TCP, UDP, ICMP) can pass through, ● the permitted source of the IP packets (from IP / from port) ● the permitted destination of the IP packets (to IP / to port)

The rules also define what will be done with IP packets that are not allowed through (discarded or rejected).

With a simple packet filter, it is always necessary to create two firewall rules for a connection:

● One rule for the query direction from the source to the destination, and ● a second rule for the response direction from the destination to the source.

It is different for a SCALANCE M873 with a stateful inspection firewall. Here a firewall rule is only created for the query direction from the source to the destination. The firewall rule for the response direction from the destination to the source results from analysis of the data previously sent. The firewall rule for the responses is closed again after the responses are received or after a short period of time has elapsed. This means that responses can only pass through if there was a previous query. This means that the response rule cannot be used for unauthorized access. What is more, special procedures make it possible for UDP and ICMP data to pass through as well, even though this data was not requested before.

DANGER indicates that death or severe personal injury will result if proper precautions are not taken.

SIMATIC NET

SCALANCE M873 - UMTS router

with HSDPA

Operating Instructions

Preface

Applications and functions

1

Installation, connecting up,

commissioning

2

Configuration

3

Local interface

4

External interface

5

Security functions

6

Remote access

7

Status, log and diagnostics

8

Further functions

9

Technical specifications

10

Additional Internal Routes

A

Applied standards and

approvals

B

Preface

Table of contents

Applications and functions

1

1.1

Introduction

Installation, connecting up, commissioning

2

2.1

Safety notices

2.2

Requirements for operation

2.3

Step by step

2.4

Device front

①

②

③

④

⑤

⑥

⑦

⑧

2.5

Service button (SET)

2.6

Operating displays

2.7

Connectors

2.8

Inserting the SIM card

2.9

Installation on a DIN rail

Configuration

3

3.1

TCP/IP configuration of the network adapter in Windows XP

3.2

Characters permitted for user names, passwords and other inputs

3.3

Establishing a configuration connection

3.4

Start page of the Web user interface

3.5

Language selection

3.6

Configuration procedure